Design And Implementation Of Railway Network Security System Based On Access Control

The Railway Information System has been constructed come into being to a certain extend since several years ago, of which the railway computer network is at the core. The railway computer network is a comprehensive -covering, large-scale and complicatedly-structured network with the main application in the Railway Transportation Information Management System (TMIS). All sorts of application systems are taking an increasingly important role in the manufacture and management of railway transports on the basis of this network. It’ s an urgent problem that how to construct a railway information security architecture to ensure the railway information system secure, intact and serviceable.The railway system is a wide-scale service system which is closely interrelated to the national economy and the people’ s livelihood. The security of this system based on only one or two technologies is impossible and has to fall back on the rationale of information security structure to construct the systematic technology framework, work out a global strategy and arrange to bring all parts into effect in order to form a deep defensive security system. On the basis of the experience and achievement on construction the security architecture of the railway information system, we analyzed the current situation, summarized the security requirement and the goal and provided a solution scheme, which has the access control as its hard core, to the railway computer network security system on IATF deep defense.The main ideas of this article are following:1. Analyzing the information system security architecture, access control, public key infrastructure (PKI), LDAP directory service and sorts them out as the preparation for the system design and implement from theoretical principle and technologies.2. Providing a solution scheme to the railway computer network security system on IATF deep defense concentrating on access control on the basis of requirement analysis of the railway information network and IATF information security model. This scheme has PKI and LDAP directory service as its base and access control as its core, carrying out many security technologies such as comprehensive firewall, physical gap, agent service, united authentication and etc. and establishing deep defense network architecture of the railway system.3. Providing the centralized application authentication and authorization and the strong authentication for the railway security architecture to make the users uniformly authenticated and authorized. In the railway system, most of all sorts of application subsystems have their respective user management, authentication and authorization systems, which not only cause resource-waiting and low-efficiency but also bring the potential safety hazard.4. Researching into the single sign-on of the railway application system and giving the proposal for the intranet web single sign-on based on cookies as well as the internet which is rooted in SAML over the business boundary, making the programs and sources safer than before and improving the efficiencyA new thought and method to constructing and implementing the railway security architecture is shown in this article. The scheme made a right trial and brought much experience and lessons for promoting the security architecture more widespread. The project on the scheme has gone through with good safety effectiveness in the Railway System.