美国民航信息安全保障计划研究

信息安全研究 ›› 2016, Vol. 2 ›› Issue (6): 562-567.

美国民航信息安全保障计划研究

吴志军

中国民航大学电子信息工程学院

收稿日期:2016-06-15 出版日期:2016-06-15 发布日期:2016-06-15
通讯作者: 吴志军
作者简介:博士研究生，教授，主要研究方向为网络与信息安全.

The Information Security Assurance of Civil Aviation Information System in the United States

Wu Zhijun

Department of Electronics & Information Engineering, Civil Aviation University of China

Received:2016-06-15 Online:2016-06-15 Published:2016-06-15
Contact: Wu Zhijun

摘要/Abstract

摘要： 民航信息系统作为国家重要信息系统之一，正面临严峻的安全威胁，为了保障航空交通运输的安全运行，美国联邦航空局(Federal Aviation Administration, FAA)制定了民航信息系统安全 (information system security, ISS)计划.针对目前民航信息系统面临的安全威胁，研究了FAA的ISS计划，介绍了ISS的分层模型和核心内容，并对每个层次的要求进行了解释，给出了其信息安全保障措施的建议.

关键词: 民航, 信息系统安全, 网络授权, 访问控制, 信息安全保障

Abstract: Nowadays, the information security of civil aviation information system is facing a serious threat. In order to protect the safe operation of air transportion, the US Federal Aviation Administration (FAA) developed the civil aviation information system (Information System Security, ISS) program. In this paper, the ISS program of FAA is studied, the hierarchical model and core content of ISS are introduced, and the requirements of each level are explained. Then, the suggestions of information security assurance for civil aviation information system are given.

Key words: civil aviation, information system security, network authority, access control, information assurance

吴志军. 美国民航信息安全保障计划研究[J]. 信息安全研究, 2016, 2(6): 562-567.

Wu Zhijun. The Information Security Assurance of Civil Aviation Information System in the United States[J]. Journal of Information Security Research, 2016, 2(6): 562-567.

参考文献

［1］José M C, Juan B P, José M M, et al. Advances in Air Navigation Services［M］. Croatia: Mirna Cvijic Press, 2012［2］马兰, 吴志军. 空中交通管理信息安全评估［M］. 北京: 科学出版社, 2015［3］环球网. 波兰民航被“黑”启示录: 越来越多黑客指向航空［EBOL］. ［20150622］. http:world.huanqiu.comarticle2015066741616.html［4］光明网. 欧洲13架飞机从雷达上消失25分钟疑遭黑客攻击［EBOL］. ［20140616］. http:world.gmw.cn20140616content_11623851.htm［5］International Civil Aviation Organization. Web service security standards［COL］ Aeronautical Telecommunication Network (ATN) Implementation Coordination Group—Eighth Working Group Meeting. 2010 ［20160218］. http:www.icao.intAPACMeetings2010atnicg_wg8wp12.pdf［6］Marshall A. Overall security concept［C］ Proc of the ICAO ATNP Security Working Group—ATN Panel Working Group 1. Piscataway, NJ: IEEE, 1996［7］Arthur Pyster. A systems approach to protecting the US air traffic control system against cyberterrorism［EBOL］. ［20140415］. http:docplayer.net5184797Asystemsapproachtoprotectingtheusairtrafficcontrolsystemagainstcyberterrorism.html［8］Daniel J Mehan. Information systems security［R］. Washington: Federal Aviation Administrations Layered Approach, 2000［9］Kauffman D C. Data link security for airline operational communications and air traffic services—An opportunity for synergistic efforts［C］ Proc of Int Conf on Integrated Communication Navigation Surveillance. Washington: NASA Glenn Research Center Space Communications Program, 2003［10］Federal Aviation Administration. System Wide Information Management (SWIM) eXtensible Markup Language (XML) Gateway Requirements, Version 2.0 ［S］. Washington: Federal Aviation Administration (FAA), 2009［11］Standley J, Brown V, Comitz P, et al. SWIM segment 2 deployment and utlitization in NextGen R&D programs［C］ Proc of Integrated Communications, Navigation and Surveillance Conf (ICNS 2012). Piscataway, NJ: IEEE, 2012: G81G85［12］Federal Aviation Administration. FAA Cloud Computing Strategy, FinalVersion 1.0［S］. Washington: Federal Aviation Administration (FAA), 2012［13］Bob Stephens. Security architecture for system wide information management［C］ Proc of the 24th Digital Avionics Systems Conf (DASC 2005). Piscataway, NJ: IEEE, 2005［14］Bob Stephens. Systemwide information management (SWIM) demonstration security architecture［C］ Proc of the 25th IEEEAIAA Digital Avionics Systems Conf. Piscataway, NJ: IEEE, 2006: 112［15］Ramakrishnan V, Wargo C, John S. GMPLS network security: Gap analysis［C］ Proc of Integrated Communications, Navigation and Surveillance Conf (ICNS 2008). Piscataway, NJ: IEEE, 2008: 17［16］Luckenbaugh G, Landriau S, Dehn J, et al. Service oriented architecture for the next generation air transportation system［C］ Proc of Integrated Communications, Navigation and Surveillance Conf (ICNS07). Piscataway, NJ: IEEE, 2007: 19［17］Lai Junzuo, Deng R H, Guan Chaowen, et al. Attributebased encryption with verifiable outsourced decryption［J］. IEEE Trans on Information Forensics and Security, 2013, 8(8): 13431354

[1]	单庆元南峰. 虚拟机网络接口实体化在私有云安全防护中的应用[J]. 信息安全研究, 2021, 7(3): 275-280.
[2]	胡星高郑荣锋周安民刘亮. 基于特征分析的访问控制混合模型设计与实现[J]. 信息安全研究, 2021, 7(1): 4-14.
[3]	王斯梁冯暄陈翼蔡友保. 北斗导航系统信息安全研究[J]. 信息安全研究, 2020, 6(12): 1068-1073.
[4]	王斯梁冯暄蔡友保陈翼. 零信任安全模型解析及应用研究[J]. 信息安全研究, 2020, 6(11): 0-0.
[5]	赵川徐雁飞. 一种越权漏洞攻击方法实例研究[J]. 信息安全研究, 2019, 5(3): 248-252.
[6]	杨莹李威吴荻. 移动Web操作系统安全综述[J]. 信息安全研究, 2018, 4(8): 689-697.
[7]	高亚楠刘丰陈永刚. 信息安全风险管理标准体系研究[J]. 信息安全研究, 2018, 4(10): 928-933.
[8]	李明. 基于可信身份认证的企业信任服务体系研究[J]. 信息安全研究, 2017, 3(9): 832-840.
[9]	张锐卿. 大数据环境下细粒度的访问控制与审计管理[J]. 信息安全研究, 2017, 3(6): 509-516.
[10]	崔聪聪. 网络平台漏洞侵权责任的承担[J]. 信息安全研究, 2016, 2(9): 802-808.
[11]	李勇. 密文访问控制及其应用研究[J]. 信息安全研究, 2016, 2(8): 721-728.
[12]	申石. 基于行为主动权限识别的安全身份认证技术[J]. 信息安全研究, 2016, 2(6): 553-557.
[13]	吕欣. 大数据安全保障框架与评价体系研究[J]. 信息安全研究, 2016, 2(10): 913-919.
[14]	陆艳军. 大数据平台访问控制方法的设计与实现[J]. 信息安全研究, 2016, 2(10): 926-930.
[15]	张敏. 我国关键基础设施保护立法定位与内容的思考[J]. 信息安全研究, 2015, 1(2): 163-169.