Secure communication technology between network domains based on virtualization avionics platform

Abstract

In the information interconnection scenario of the new generation wide-body aircraft, there is a large amount of real-time bi-directional data exchange between aircraft control domain and airline information services domain in civil aircraft avionics system, and its security isolation and information flow protection are facing increasingly serious information security threats. Therefore, a bi-directional secure communication architecture based on virtualization avionics platform is proposed in this study. The attribute-based access control for multiple avionics domain is modeling and the designs of protection for contract security critical data and real-time monitoring for security critical component effectiveness are given. Physical implementation and verification results based on the domestic ACoreOS operating system and avionics hardware platform show that the bi-directional secure communication method based on virtualization avionics platform achieves the spatial isolation of security critical components, the data transmit and receive time of ACD network is less than 50 ms, and the message transmit and receive rate of ACD network is greater than 70 Mb/s. These results can meet the performance requirements of secure communication between avionics network domains of wide-body aircraft, which have high practical value.