电力信息系统云安全风险分析与评估技术
|
摘要
结合电力行业对云计算技术的应用,针对电力云安全分析与评估方法展开了系统研究,对电力信息系统云环境下的功能实体和业务流程进行全面梳理,通过静态STRIDE威胁建模与动态攻击链算法相结合的方式对云平台面临的主要风险进行了分类识别和量化评估,并有针对性地提出了适用于电力云系统的安全防护架构,以促进云计算在电力行业的推广和应用,并为电力信息系统安全可控提供有力的支撑。
Combining the power industry with cloud computing technology, a systematic study on safety analysis and evaluation methods of the power cloud was carried out. A comprehensive combing on functional entities and business processes of the power information system under the cloud environment was conducted. Through the combination of static STRIDE threat modeling and dynamic attack chain algorithm, the main risks of cloud platform were classified and quantified. A security protection architecture of power cloud system was put forward to promote the popularization and application of cloud computing in the power industry, and to provide a strong support for the safety and control of power information system.
Combining the power industry with cloud computing technology, a systematic study on safety analysis and evaluation methods of the power cloud was carried out. A comprehensive combing on functional entities and business processes of the power information system under the cloud environment was conducted. Through the combination of static STRIDE threat modeling and dynamic attack chain algorithm, the main risks of cloud platform were classified and quantified. A security protection architecture of power cloud system was put forward to promote the popularization and application of cloud computing in the power industry, and to provide a strong support for the safety and control of power information system.
引文
[1]杨宁,罗华永,李兴,等.电力资源池基础架构的设计和实施[J].电信科学,2016,33(3):142-147.YANG N,LUO H Y,LI X,et al.Design and implementation of electric cloud’s resource pool[J].Telecommunications Science,2016,33(3):142-147.
[2]刘俊文,玄佳兴.数据中心仿真云平台的功能需求与设计[J].电信科学,2017,33(5):176-182.LIU J W,XUAN J X.Functional requirements and design of simulation cloud platform for data center[J].Telecommunications Science,2017,33(5):176-182.
[3]LUO F,ZHAO J,DONG Z Y,et al.Cloud-based information infrastructure for next-generation power grid:conception,architecture,and applications[J].IEEE Transactions on Smart Grid,2016,7(4):1896-1912.
[4]马军伟,罗红波,栗秀琴.电力云计算信息安全问题研究[C]//中国电机工程学会,2013年10月12日,长沙,中国:[S.l:s.n.],2013.MA J W,LUO H B,SU X Q.The research on information security issues of power cloud computing[C]//China Society of Electrical Engineering,October 12,2013,Changsha,China:[S.l:s.n.],2013.
[5]KOTOWSKI J,OKO J,OCHLA M.Deployment models and optimization procedures in cloud computing[C]//International Conference on Computer Aided Systems Theory,July 18-24,2015,San Francisco,USA.Berlin:Springer,2015:805-812.
[6]KAVIS M.Architecting the cloud:design decisions for cloud computing service models(Saa S,Paa S,and Iaa S)[M].New Delhi:Wiley India Private Limited,2014.
[7]陈永卫,张中华,吉晓佳.基于云计算的电力调度软交换系统研究[J].电力系统通信,2012,33(11):88-92.CHEN Y W,ZHANG Z H,JI X J.Research on soft dispatch system of power dispatching based on cloud computing[J].Power System Communication,2012,33(11):88-92.
[8]任梦吟.智能电网下的云计算隐私保护与安全存储研究[D].成都:电子科技大学,2015.REN M Y.Research on privacy protection and security storage of cloud computing under smart grid[D].Chengdu:University of Electronic Science and Technology,2015.
[9]WEI L,ZHU H,CAO Z,et al.Security and privacy for storage and computation in cloud computing[J].Information Sciences,2014,258(3):371-386.
[10]习姚鹏.云技术在电力系统不良数据处理中的研究与应用[D].南京:东南大学,2015.XI Y P.Research and application of cloud technology in defect data processing of power system[D].Nanjing:Southeast University,2015.
[11]WANG H.Proxy provable data possession in public clouds[J].IEEE Transactions on Services Computing,2013,6(4):551-559.
[12]RUJ S,STOJMENOVIC M,NAYAK A.Decentralized access control with anonymous authentication of data stored in clouds[J].IEEE Transactions on Parallel&Distributed Systems,2013,25(2):384-394.
[13]周延.改进的STRIDE威胁模型研究[D].武汉:华中科技大学,2015.ZHOU Y.The research of improved stride threat model[D].Wuhan:Huazhong University of Science and Technology,2015.
[14]HO S M,FU H,TIMMARAJUS S S,et al.Insider threat:language-action cues in group dynamics[C]//Hawaii International Conference on System Sciences,June 4-6,2015,California,USA.Piscataway:IEEE Press,2015:2729-2738.
[15]BURGER E W,GOODMAN M D,KAMPANAKIS P,et al.Taxonomy model for cyber threat intelligence information exchange technologies[C]//ACM Workshop on Information Sharing&Collaborative Security,November 3,Scoltsdale,Arizona,USA.New York:ACM Press,2014:51-60.
[16]杨泽明,李强,刘俊荣,等.面向攻击溯源的威胁情报共享利用研究[J].信息安全研究,2015,1(1):31-36.YANG Z M,LI Q,LIU J R,et al.Research on the use of threat information sharing for attack-oriented tracing[J].Information Security Research,2015,1(1):31-36.
[17]孙建坡.基于攻击链的威胁感知系统[J].邮电设计技术,2016(1):74-77.SUN J P.The threat perception system based on attack chain[J].Designing Techniques of Posts and Telecommunications,2016(1):74-77.
[18]庄刘,魏中许.基于情报信息的空防安全威胁评估回归模型研究[J].四川师范大学学报(自然科学版),2015,38(3):460-465.ZHUANG L,WEI Z X.Research on regression model of air defense security threat assessment based on intelligence information[J].Journal of Sichuan Normal University(Natural Science Edition),2015,38(3):460-465.
[19]LO C C,CHEN W J.A hybrid information security risk assessment procedure considering interdependences between controls[J].Expert Systems with Applications,2012,39(1):247-257.
[20]王笑帝,张云勇,刘镝,等.云计算虚拟化安全技术研究[J].电信科学,2015,31(6):1-5.WANG X D,ZHANG Y Y,LIU D,et al.Research on security of virtualization on cloud computing[J].Telecommunications Science,2015,31(6):1-5.
[21]SHAMIR ADI.Identity-based cryptosystems and signature schemes[J].Lecture Notes in Computer Science,1984,21(12):47-53.
[22]GE W J,HU X H,DENG Y.Research of IBC model and application in web-security system[J].Omr Mlaon,2010,27(9):120-124.
[2]刘俊文,玄佳兴.数据中心仿真云平台的功能需求与设计[J].电信科学,2017,33(5):176-182.LIU J W,XUAN J X.Functional requirements and design of simulation cloud platform for data center[J].Telecommunications Science,2017,33(5):176-182.
[3]LUO F,ZHAO J,DONG Z Y,et al.Cloud-based information infrastructure for next-generation power grid:conception,architecture,and applications[J].IEEE Transactions on Smart Grid,2016,7(4):1896-1912.
[4]马军伟,罗红波,栗秀琴.电力云计算信息安全问题研究[C]//中国电机工程学会,2013年10月12日,长沙,中国:[S.l:s.n.],2013.MA J W,LUO H B,SU X Q.The research on information security issues of power cloud computing[C]//China Society of Electrical Engineering,October 12,2013,Changsha,China:[S.l:s.n.],2013.
[5]KOTOWSKI J,OKO J,OCHLA M.Deployment models and optimization procedures in cloud computing[C]//International Conference on Computer Aided Systems Theory,July 18-24,2015,San Francisco,USA.Berlin:Springer,2015:805-812.
[6]KAVIS M.Architecting the cloud:design decisions for cloud computing service models(Saa S,Paa S,and Iaa S)[M].New Delhi:Wiley India Private Limited,2014.
[7]陈永卫,张中华,吉晓佳.基于云计算的电力调度软交换系统研究[J].电力系统通信,2012,33(11):88-92.CHEN Y W,ZHANG Z H,JI X J.Research on soft dispatch system of power dispatching based on cloud computing[J].Power System Communication,2012,33(11):88-92.
[8]任梦吟.智能电网下的云计算隐私保护与安全存储研究[D].成都:电子科技大学,2015.REN M Y.Research on privacy protection and security storage of cloud computing under smart grid[D].Chengdu:University of Electronic Science and Technology,2015.
[9]WEI L,ZHU H,CAO Z,et al.Security and privacy for storage and computation in cloud computing[J].Information Sciences,2014,258(3):371-386.
[10]习姚鹏.云技术在电力系统不良数据处理中的研究与应用[D].南京:东南大学,2015.XI Y P.Research and application of cloud technology in defect data processing of power system[D].Nanjing:Southeast University,2015.
[11]WANG H.Proxy provable data possession in public clouds[J].IEEE Transactions on Services Computing,2013,6(4):551-559.
[12]RUJ S,STOJMENOVIC M,NAYAK A.Decentralized access control with anonymous authentication of data stored in clouds[J].IEEE Transactions on Parallel&Distributed Systems,2013,25(2):384-394.
[13]周延.改进的STRIDE威胁模型研究[D].武汉:华中科技大学,2015.ZHOU Y.The research of improved stride threat model[D].Wuhan:Huazhong University of Science and Technology,2015.
[14]HO S M,FU H,TIMMARAJUS S S,et al.Insider threat:language-action cues in group dynamics[C]//Hawaii International Conference on System Sciences,June 4-6,2015,California,USA.Piscataway:IEEE Press,2015:2729-2738.
[15]BURGER E W,GOODMAN M D,KAMPANAKIS P,et al.Taxonomy model for cyber threat intelligence information exchange technologies[C]//ACM Workshop on Information Sharing&Collaborative Security,November 3,Scoltsdale,Arizona,USA.New York:ACM Press,2014:51-60.
[16]杨泽明,李强,刘俊荣,等.面向攻击溯源的威胁情报共享利用研究[J].信息安全研究,2015,1(1):31-36.YANG Z M,LI Q,LIU J R,et al.Research on the use of threat information sharing for attack-oriented tracing[J].Information Security Research,2015,1(1):31-36.
[17]孙建坡.基于攻击链的威胁感知系统[J].邮电设计技术,2016(1):74-77.SUN J P.The threat perception system based on attack chain[J].Designing Techniques of Posts and Telecommunications,2016(1):74-77.
[18]庄刘,魏中许.基于情报信息的空防安全威胁评估回归模型研究[J].四川师范大学学报(自然科学版),2015,38(3):460-465.ZHUANG L,WEI Z X.Research on regression model of air defense security threat assessment based on intelligence information[J].Journal of Sichuan Normal University(Natural Science Edition),2015,38(3):460-465.
[19]LO C C,CHEN W J.A hybrid information security risk assessment procedure considering interdependences between controls[J].Expert Systems with Applications,2012,39(1):247-257.
[20]王笑帝,张云勇,刘镝,等.云计算虚拟化安全技术研究[J].电信科学,2015,31(6):1-5.WANG X D,ZHANG Y Y,LIU D,et al.Research on security of virtualization on cloud computing[J].Telecommunications Science,2015,31(6):1-5.
[21]SHAMIR ADI.Identity-based cryptosystems and signature schemes[J].Lecture Notes in Computer Science,1984,21(12):47-53.
[22]GE W J,HU X H,DENG Y.Research of IBC model and application in web-security system[J].Omr Mlaon,2010,27(9):120-124.