摘要
通过分析城市轨道交通云平台网络安全常见风险及应用实施需求,首先论述访问控制技术的适用性,提出以资源隔离为主,结合安全策略实施的解决方案;其次采取业务系统分区分域的策略对城轨云平台进行边界划分,形成保障系统安全的基础架构,并遵循风险检测与控制的安全标准体系,实现基于主动防御技术的城轨云安全态势感控平台;最后按照等级保护规范的要求,提出一套基于安全标记的强制访问控制技术模型,从安全级别和安全范畴2个维度进行安全标记设计,按照数据敏感度和完整性设定安全级别,按照业务类型和业务区域进行安全范畴的抽象和定义,从而有效支持城轨云平台达到所设计的网络安全标记等级。
Through the analysis of the common risks of network security and requirements for application implementation of the cloud platform in urban rail transit,this paper first discussed the applicability of access control technology.It proposed a solution based on resource isolation and conbined with security policies implementation.Secondly,a strategy of partitioning and zoning the business systems was introduced to establish a boundary division for the cloud platform in the urban rail transit,creating an infrastructure to ensure system security.Based on the security standards system of risk detection and control,an active defense-based platform for security situation sensing and controlling of urban rail cloud was established.Finally,according to the requirements of the level protection specifications,a set of models showcasing the mandatory access control technology was established based on security labels that were designed from two dimensions of security level and security category.Security levels were set based on data sensitivity and integrity,while security categories were abstracted and defined based on business types and business regions.This approach will provide effective support for the urban rail cloud platform in achieving designed network security label levels.
出处
《铁道通信信号》
2024年第3期69-74,共6页
Railway Signalling & Communication
基金
中铁第四勘察设计院集团有限公司科研项目(2020K071)。
关键词
城市轨道交通
云平台
网络安全
访问控制
主动防御
安全标记
Urban rail transit
Cloud platform
Network security
Access control
Active defense
Security label
