Volume 40, Number 3, June 2022
|Page(s)||530 - 537|
|Published online||19 September 2022|
Secure communication technology between network domains based on virtualization avionics platform
Northwestern Polytechnical University, Xi’an 710072, China
2 Xi’an Aeronautical Computing Technique Research Institute, Xi’an 710068, China
In the information interconnection scenario of the new generation wide-body aircraft, there is a large amount of real-time bi-directional data exchange between aircraft control domain and airline information services domain in civil aircraft avionics system, and its security isolation and information flow protection are facing increasingly serious information security threats. Therefore, a bi-directional secure communication architecture based on virtualization avionics platform is proposed in this study. The attribute-based access control for multiple avionics domain is modeling and the designs of protection for contract security critical data and real-time monitoring for security critical component effectiveness are given. Physical implementation and verification results based on the domestic ACoreOS operating system and avionics hardware platform show that the bi-directional secure communication method based on virtualization avionics platform achieves the spatial isolation of security critical components, the data transmit and receive time of ACD network is less than 50 ms, and the message transmit and receive rate of ACD network is greater than 70 Mb/s. These results can meet the performance requirements of secure communication between avionics network domains of wide-body aircraft, which have high practical value.
新一代宽体飞机的信息化互联应用场景中, 航电系统高安全的飞机控制域和低安全的航空公司信息服务域之间存在大量的实时数据双向交换, 其安全隔离与信息流向保护等面临着日益严重的信息安全威胁。为此, 建立基于虚拟化的航电双向安全通信架构, 构建基于属性的多航电域访问控制模型, 提出了合约安全关键数据保护和安全关键组件有效性实时监控设计。基于国产天脉操作系统和航电硬件平台的物理实现与验证结果表明: 基于虚拟化的航电双向安全通信方法实现了安全关键组件的空间隔离, ACD网络数据收发时间均小于50 ms, ACD网络的消息收发速率均大于70 Mb/s, 满足宽体飞机在航电平台虚拟化下网络域间安全通信性能需求, 具有很好的实用价值。
Key words: wide-body aircraft / virtualization avionics platform / secure communication between network domains / information flow access control
关键字 : 宽体飞机 / 虚拟化航电平台 / 网络域间安全通信 / 信息流访问控制
© 2022 Journal of Northwestern Polytechnical University. All rights reserved.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.