首页 | 本学科首页   官方微博 | 高级检索  
     

高速铁路信号系统网络安全与统一管控
引用本文:李赛飞,闫连山,郭伟,郭进,陈建译,潘炜,方旭明. 高速铁路信号系统网络安全与统一管控[J]. 西南交通大学学报, 2015, 28(3): 478-484,503. DOI: 10.3969/j.issn.0258-2724.2015.03.015
作者姓名:李赛飞  闫连山  郭伟  郭进  陈建译  潘炜  方旭明
基金项目:国家自然科学基金资助项目(61401377)铁道部重大项目(2012X004-A)教育部重大项目(313049)
摘    要:为了保障我国高速铁路信号系统的网络安全,从高速铁路信号系统的整体架构出发,对系统所面临的网络安全问题进行了全面的分析,涵盖了分散自律调度集中系统、列车运行控制系统、集中监测系统和GSM-R无线通信系统等.在此基础上,提出了基于软件定义网络(SDN)的高速铁路信号系统网络安全统一管控方案,把分散自律调度集中网络、信号安全数据网和集中监测网络通过软件定义的方式进行管控和隔离,实现了对网络流量的精细控制和统一管理,利用逻辑上统一的控制器实现全局的设备注册管理、安全通信访问控制和网络数据的追踪溯源,从而提高了网络的安全性,减小了网络管理的复杂性.通过分析可知,本文所提出的架构具有逻辑集中管控、统一安全策略、网络可编程等特点,相对于分散管理的网络更适用于高铁信号系统专网的网络安全管理,可以解决我国高速铁路信号系统不同安全等级网络互联和复杂网络安全管控的问题. 

关 键 词:高速铁路   信号系统   网络安全   软件定义网络   下一代铁路信号系统网络   CTCS-3
收稿时间:2014-08-05

Analysis of Network Security for Chinese High-Speed Railway Signal Systems and Proposal of Unified Security Control
LI Saifei,YAN Lianshan,GUO Wei,GUO Jin,CHEN Jianyi,PAN Wei,FANG Xuming. Analysis of Network Security for Chinese High-Speed Railway Signal Systems and Proposal of Unified Security Control[J]. Journal of Southwest Jiaotong University, 2015, 28(3): 478-484,503. DOI: 10.3969/j.issn.0258-2724.2015.03.015
Authors:LI Saifei  YAN Lianshan  GUO Wei  GUO Jin  CHEN Jianyi  PAN Wei  FANG Xuming
Abstract:In order to ensure the network security of China's high-speed railway signal system, the network security issues including the central traffic control (CTC) system, train control system, centralized signal monitoring system and the GSM-R system were analyzed generally. Subsequently a unified network security control and management strategy was proposed based on the software-defined networking (SDN) architecture. The centralized management and unified security policies are achieved in one physical network, and the original control logics between sub-networks including CTC network, train control network and centralized signal monitoring network are all software-defined in the control plane, which enables the finer and unified control of the whole network. Using the logically centralized controller, the unified device register control, communication control and packet traceability are all achieved, thus improving the network security and reducing the management complexity. According to the analysis, the proposed architecture is centrally managed, network programmable and unified of the security policy. The proposed strategy is better than the distributed control network for the management of China's high-speed railway signal system network security and can solve the complex management of networks' interconnection of different security levels. 
Keywords:
点击此处可从《西南交通大学学报》浏览原始摘要信息
点击此处可从《西南交通大学学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号