Research and Application of Endogenous Security Active Defense Technology for Domestic Nuclear Safety-Level Gateway Equipment

Gateway is a protective equipment at the boundary of the nuclear safety-level I&C system. Aiming at the unknown threat across the boundary of information physical space, this paper studies several key technologies of active defense, and constructs the gateway deep secure architecture that can resist multilevel and multi-dimensional complex attacks. Firstly, the systematic control mechanism of the gateway is constructed, which mechanism includes access control for data flow, IP whitelist at network layer, function code whitelist at application layer, IP/MAC binding and the isolation mechanism of chip’s external ports. Secondly, based on the domestic trust root, the trusted chain from bootloader to the upper-layer application is built to guarantee the secure startup of the embedded system, and the key application processes are measured periodically and verified dynamically during the running process. Based on the above, from building equipment embedded trusted system environment to its security functions, a set of active security defense mechanisms of the gateway equipment sare formed, which enhances the security of the system and improves the information security protection n capability of the equipment.