The Security Model Of Data Sharing Platform In Railway Information System

With the development of information technology and the constant improvement of the railway transport demand, the pressure on the railway information system and infrastructure is raising. The railway information system needs to transform its overall structure and turn itself into the intelligent railway. By integrating the existing data resources of the various sub-systems and applications, the information system can realize the connectivity and information exchange between the sub-systems. The data sharing platform of railway information system is the foundation to realize the system connectivity, data sharing and exchange. However, the construction of the data sharing platform will bring a series of new security issues, and these security problems are the key to the application and development of the data sharing platform. This paper mainly studies two security problems of railway data sharing platform which are data security management problem and secondary illegal authorization of the data.For security management problems, there are data management scheme based on the certificate, the data management scheme based on multiple encryption and one time decryption and data management scheme based on data security level. For the problem of secondary illegal authorization of the data, there are some relative technologies and systems which are trusted computing technology, digital rights management system and transparent encryption technology. But the existing schemes and technologies can only solve single problem and is not suitable for the data sharing platform.According to the two security problems and in combination with the practical situation of railway information system, the secondary management model to solve the problem of security management and the model of preventing secondary illegal authorization to solve the problem of illegal authorization are proposed in this paper. The two models can work at the same time and they can be fully combined with the data sharing platform.In the secondary management model, the sharing platform owns the shared data, but a two-layer management structure is used in the management style. And the managers of the sharing platform would relegate the data management to professional managers who understand the semantics and the security range of the shared data. In the model of preventing secondary illegal authorization, shared data is combined with the feature of sub-systems and applications using data sealing. If the bound shared data is authorized to the appropriate system, the data can only be used by this system, and even if the data has been illegally copied, transmitted to other systems, due to the different characteristics of the system, the data cannot be used.The main tasks of this paper are as follows:(1) This paper puts forward the secondary management model and the model of preventing secondary illegal authorization.(2) Prototype system is designed for these two security models. Prototype system is used to verify the feasibility of the security model. The prototype system consists of security management system and security agent system. The security management system functions on the data sharing platform to manage the data. The security agent system functions on the sub-systems to prevent secondary illegal authorization of the data working with the management system.(3) To implement the prototype system, this paper comprehensively applies various techniques such as metadata management, symmetric encryption algorithm, data transceiver, characteristic information extraction, filter driver and so on, with fully considering scalability and portability of the prototype system.