铁路云CAD系统数据安全防护机制研究  

作　　者：王焕松 乔立贤 于胜利 卢文龙 李达塽 高静贤 WANG Huansong;QIAO Lixian;YU Shengli;LU Wenlong;LI Dashuang;GAO Jingxian(Institute of Computing Technology,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China;Key Laboratory of Railway Industry for BIM Software,National Railway Administration,Beijing 100081,China;Beijing Jingwei Information Technology Co.,Ltd.,Beijing 100081,China)

机构地区：[1]中国铁道科学研究院集团有限公司电子计算技术研究所,北京100081 [2]国家铁路局BIM软件铁路行业重点实验室,北京100081 [3]北京经纬信息技术有限公司,北京100081

出　　处：《铁路技术创新》2024年第2期78-84,共7页Railway Technical Innovation

基　　金：中国铁道科学研究院集团有限公司科研开发基金项目(2022YJ078)。

摘　　要：结合铁路工程业务需求,针对云架构CAD与传统CAD在存储方式、数据传输、协同设计等方面不一致的问题,搭建以安全计算环境为基础,以区域边界安全、通信网络安全为保障,以安全管理中心为核心的铁路云CAD系统数据安全保障体系,并引入审计跟踪、基于角色的访问控制、数据加密传输、流量探针等技术和多副本集群策略。数据完整性采用“用户-第三方审计-云服务”为主体的证明模型,以及密钥生成、签名算法、挑战生成、证据生成、证据验证等算法验证机制。该方案在西十高铁示范验证,可有效保证数据的安全性与完整性,能够支撑用户在任意地点进行安全协同设计、数据加密传输。Considering the business requirements of railway engineering,and in view of the inconsistency between cloud architecture CAD and traditional CAD in storage mode,data transmission,collaborative design,etc.,a data security guarantee system for railway cloud CAD system is established based on a secure computing environment,guaranteed by regional boundary security and communication network security,and centered on a security management center.Moreover,such technologies as audit tracking,role-based access control,encrypted data transmission and traffic probe,as well as multi-copy cluster strategy are introduced.For data integrity,a proof model with "user-third party audit-cloud service" as the main body,and algorithm verification mechanisms such as key generation,signature algorithm,challenge generation,evidence generation and evidence verification are adopted.The scheme has been demonstrated and verified on Xi'an – Shiyan High Speed Railway,effectively ensuring the security and integrity of data and supporting users to carry out safe collaborative design and encrypted data transmission at any place.

关 键 词：铁路工程 云CAD 数据安全性 数据完整性 安全防护机制 

分 类 号：TP39[自动化与计算机技术—计算机应用技术]