城市轨道交通车辆智能运维系统信息安全技术方案
皮魏
Technical Solution to Information Security of Intelligent Operation and Maintenance System for Urban Rail Transit Vehicles
PI Wei
-
作者信息:株洲中车时代电气股份有限公司,412001,株洲
-
Affiliation:Zhuzhou CRRC Times Electric Co., Ltd., 412001, Zhuzhou, China
-
关键词:
-
Key words:
-
DOI:10.16037/j.1007-869x.2024.06.051
-
中图分类号/CLCN:TP393.08∶U231.94
-
栏目/Col:应用技术
摘要:
[目的]随着城市轨道交通规模迅猛增长,车辆运维信息化和智能化应用日趋广泛,城市轨道交通车辆智能运维系统的信息安全问题逐渐凸显和亟待解决。[方法]基于城市轨道交通车辆智能运维系统可能面临的软件漏洞、系统性防护缺失、网络传输安全等诸多信息安全风险和问题,参考多项国家和行业的信息安全标准,体系化地提出了安全分区、边界隔离、纵向认证、集中监管的信息安全防护技术方案。通过软件加固、访问控制、安全审计、入侵防范保护设备主机的安全;通过车载、车地、地面各通信网络之间的安全分区、边界隔离、安全传输、鲁棒网络保护网络传输的安全;通过管控保护业务数据的存储、传输、应用、销毁各环节提高其安全性;通过身份认证、会话管理、访问控制、安全审计、入侵防范保护应用平台的安全;通过分权管理和集中管控实现全系统的安全管理中心。[结果及结论]构筑的信息安全防护技术体系具备系统性、统一性、全面性,避免车辆智能运维系统遭受恶意攻击和非法入侵,保护系统安全性,从而实现安全、高效、可靠的城市轨道交通车辆运维。
Abstracts:
[Objective]With the rapid growth of urban rail transit scale, the application of information-based intelligent vehicle operation and maintenance system becomes increasingly extensive, and the information security problem of the intelligent vehicle operation and maintenance system for urban rail transit becomes prominent gradually and needs to be solved urgently. [Method] Based on the information security risks and problems that the intelligent operation and maintenance system for urban rail transit vehicles may face, such as software vulnerabilities, systematic protection missing, network transmission security, etc., and with reference to a number of national and industrial information security standards, the technical solutions to information security protection are systematically proposed, including security zoning, boundary isolation, vertical authentication, and centralized supervision. The device host security is safeguarded by software hardening, access control, security audit and intrusion prevention.The network transmission security is safeguarded by secure partition, boundary isolation, secure transmission and robust network of the communication networks between vehicle-mounted, vehicle-ground and ground communication networks.The business data security is improved by controlling and protecting the processing steps including storage, transmission, application and destruction.The security of application platform is safeguarded by identity authentication, session management, access control, security audit and intrusion prevention. The security of the whole system management center is implemented through decentralized management and centralized control. [Result & Conclusion] A systematic, unified and comprehensive information security protection technology system is constructed to prevent the vehicle intelligent operation and maintenance system from malicious attacks and illegal intrusions, and protect the system, so as to achieve safe, efficient and reliable vehicle operation and maintenance in urban rail transit.
过刊浏览
资料下载
友情链接