LI Mingyang.A Zero-Trust Security Architecture for Removable Media Exchange in Air Traffic Control Automation Systems[J].Journal of Chengdu University of Information Technology,2025,40(06):772-779.[doi:10.16836/j.cnki.jcuit.2025.06.005]
面向空管自动化系统的移动介质零信任安全交换体系研究
- Title:
- A Zero-Trust Security Architecture for Removable Media Exchange in Air Traffic Control Automation Systems
- 文章编号:
- 2096-1618(2025)06-0772-08
- Keywords:
- zero trust architecture; removable media security; sandbox isolation; context-aware policy; ATC
- 分类号:
- TP309
- 文献标志码:
- A
- 摘要:
- 针对U盘等移动介质给空管自动化系统带来的严重安全威胁,提出并实现了一套面向空管业务的移动介质零信任安全交换体系。体系以“永不信任,始终验证”为核心原则,构建一个集设备准入、文件校验、病毒扫描与动态行为分析于一体的多层次纵深防御架构。实验结果表明,体系能够有效拦截包括非法设备、已知病毒、策略违规文件及高级恶意脚本在内的复合型威胁,威胁检测率与约束成功率显著优于传统方案。研究为保障空管自动化系统的数据交换安全提供了一套有效、智能的解决方案。
- Abstract:
- In view of the serious security threats posed by removable media such as USB flash drives to air traffic control automation systems, this research proposes and implements a removable media zero-trust security exchange system for air traffic control services. The system adopts “never trust, always verify” as its core principle and constructs a multi-layered defense-in-depth architecture integrating device access control, file verification,virus scanning, and dynamic behavior analysis. Experimental results demonstrate that the system can effectively intercept complex threats including unauthorized devices, known viruses, policy-violating files,and advanced malicious scripts, achieving significantly superior performance compared to traditional schemes in both threat detection rate and policy enforcement success rate. This research provides an effective and intelligent solution for ensuring secure data exchange in Air Traffic Control Automation Systems.
参考文献/References:
[1] Elochukwu Ukwandu,Mohamed Amine Ben Farah,Hanan Hindy,et al.Cyber-Security Challenges in Aviation Industry:A Review of Current and Future Trends[J].arXiv:2107.04910,2022.
[2] Espen Nystad,John Eidar Simensen,Christian Raspotnig.Investigating operative cybersecurity awareness in air traffic control[C].2021 14th International Conference on Security of Information and Networks(SIN),2021.
[3] Tang A C.A Review on Cybersecurity Vulnerabilities for Urban Air Mobility[C/OL].AIAA Scitech 2021 Forum.American Institute of Aeronautics and Astronautics,2021.
[4] Raheman F.From Standard Policy-Based Zero Trust to Absolute Zero Trust(AZT):A Quantum Leap to Q-Day Security[J/OL].Journal of Computer and Communications,2024,12(3):252-282.
[5] Rose S,Borchert O,Mitchell S,et al.Zero Trust Architecture[A/OL].National Institute of Standards and Technology,2020.
[6] 王布宏,罗鹏,阳勇,等.空中交通管理系统网络安全研究综述与展望[J].电子与信息学报,2025,47(5):1230-1265.
[7] Strohmeier M,Schafer M,Lenders V,et al.Realities and challenges of nextgen air traffic management:the case of ADS-B[J/OL].IEEE Communications Magazine,2014,52(5):111-118.
[8] Pejovic T,Netjasov F,Crnogorac D.Relationship between Air Traffic Demand,Safety and Complexity in High-Density Airspace in Europe[M/OL].Risk Assessment in Air Traffic Management.Intech Open,2020.
[9] ICAO.Global air traffic management operational concept[R].
[10] 左英男.零信任架构在关键信息基础设施安全保护中的应用研究[J].保密科学技术,2019(11):6.
[11] Jiang Y,Dou Y,Hu A.Identification of IoT Devices Based on Hardware and Software Fingerprint Features[J/OL].Symmetry,2024,16(7):846.
[12] Chaudhary A.Formal Models and Convergence Analysis for Context-Aware Security Verification[A/OL].arXiv preprint.arXiv,2025.
[13] Rodriguez Rodriguez L,Bustamante Orellana C E,Chiou E K,et al.A review of mathematical models of human trust in automation[J/OL].Frontiers in Neuroergonomics,2023,4.
[14] Harang R,Rudd E M.SOREL-20M:A Large Scale Benchmark Dataset for Malicious PE Detection[A/OL].arXiv preprint.arXiv,2020.
[15] F Alshmarni A,A Alliheedi M.Enhancing Malware Detection by Integrating Machine Learning with Cuckoo Sandbox[J/OL].Journal of Information Security and Cybercrimes Research,2024,7(1):85-92.
备注/Memo
收稿日期:2025-06-30
通信作者:李明洋.E-mail:leehack165@gmail.com