电厂工控信息安全半实物仿真模型研究
|
摘要
依据物理隔离与专网防护的传统思路,工业控制系统(ICS)亟需解决"内在"的功能安全和"外在"的信息安全问题,以及构建"可信、可管、可控"环境下的ICS典型信息安全验证场景。为了适应ICS信息安全问题的研究与验证,基于ICS五层结构模型,建立工控信息模型并利用MATLAB来模拟电厂现场实际物理过程,利用Lab VIEW软件构造监控系统操作界面,通过OPC协议及共享变量引擎SVE实现Lab VIEW与MATLAB之间的实时数据交换,同时通过PLC来对现场数据进行采集,构建了ICS半实物仿真模型,对ICS信息安全防护提供了一种新思路。
According to the traditional idea of physical isolation and private network protection,industrial control system( ICS) urgently needs to address the inherent functional security and external information security issues,as well as the construction of trusted,manageable,controllable ICS typical information security verification scenes. In order to adapt to the research and verification of ICS information security problem,this research is conducted based on the ICS five-layer structure model. Industrial information model is adopted to establish and use the MATLAB to simulate the actual physical process of power plant. Lab VIEW software is used to construct the monitoring system operation interface. Real time data exchange between Lab VIEW and MATLAB is realized by OPC protocol and shared variable engine( SVE). The collection of the field data is realized by PLC,and the data constructs the ICS semi-physical simulation model. A new idea for ICS information security protection is provided.
According to the traditional idea of physical isolation and private network protection,industrial control system( ICS) urgently needs to address the inherent functional security and external information security issues,as well as the construction of trusted,manageable,controllable ICS typical information security verification scenes. In order to adapt to the research and verification of ICS information security problem,this research is conducted based on the ICS five-layer structure model. Industrial information model is adopted to establish and use the MATLAB to simulate the actual physical process of power plant. Lab VIEW software is used to construct the monitoring system operation interface. Real time data exchange between Lab VIEW and MATLAB is realized by OPC protocol and shared variable engine( SVE). The collection of the field data is realized by PLC,and the data constructs the ICS semi-physical simulation model. A new idea for ICS information security protection is provided.
引文
[1]彭勇,江常青,谢丰,等.工业控制系统信息安全研究进展[J].清华大学学报(自然科学版),2012(10):1396-1408.
[2]向继东,黄天戍,孙东.电力企业信息网络安全管理系统设计与实现[J].电力系统自动化,2003,27(15):71-74.
[3]吴欢.工业控制环境计算节点安全防护技术研究[D].北京:北京工业大学,2016.
[4]徐金伟.工业领域基础设施SCADA系统简介[J].计算机安全,2012(1):4-9.
[5]邹春明,郑志千,刘智勇,等.电力二次安全防护技术在工业控制系统中的应用[J].电网技术,2013,37(11):3227-3232.
[6]左高,方金国,向驰,等.配电自动化终端设备中信息安全加密模块设计[J].电力系统自动化,2016,40(19):134-138.
[7]林云威,陈冬青,彭勇,等.基于D-S证据理论的电厂工业控制系统信息安全风险评估[J].华东理工大学学报(自然科学版),2014,40(4):500-505.
[8]周晓敏.工业控制系统信息安全半实物仿真实验平台设计与实现[D].武汉:华中科技大学,2015.
[9]颜毅辉,曹谢东.油气SCADA主机攻防仿真靶场的设计与实现[J].自动化与仪器仪表,2015(11):232-234.
[10]肖力墉,苏宏业,褚健.基于IEC/ISO62264标准的制造运行管理系统[J].计算机集成制造系统,2011,17(7):1420-1429.
[11]秦宇飞,白焰,王潇,等.电厂数据通信接口的设计与实现[J].电力自动化设备,2010,30(6):127-130.
[12]NI-PSP Networking Technology.Lab VIEW 2010 Help[EB/OL].[2018-08-13].http://zone.ni.com/reference/en-XX/help/371361G-01/lvconcepts/ni_psp/.
[13]苏畅,龚钢军,罗安琴,等.发电系统动态仿真监控平台研究[J].电子技术应用,2017,43(12):65-68.
[14]CIOC I B,OPREA S,VISAN D A,et al.Remote measurements in educational laboratories using Lab VIEW and DAQ cards[C].International Spring Seminar on Electronics Technology.IEEE,2016:486-489.
[15]苏盛,吴长江,马钧,等.基于攻击方视角的电力CPS网络攻击模式分析[J].电网技术,2014,38(11):3115-3120.
[2]向继东,黄天戍,孙东.电力企业信息网络安全管理系统设计与实现[J].电力系统自动化,2003,27(15):71-74.
[3]吴欢.工业控制环境计算节点安全防护技术研究[D].北京:北京工业大学,2016.
[4]徐金伟.工业领域基础设施SCADA系统简介[J].计算机安全,2012(1):4-9.
[5]邹春明,郑志千,刘智勇,等.电力二次安全防护技术在工业控制系统中的应用[J].电网技术,2013,37(11):3227-3232.
[6]左高,方金国,向驰,等.配电自动化终端设备中信息安全加密模块设计[J].电力系统自动化,2016,40(19):134-138.
[7]林云威,陈冬青,彭勇,等.基于D-S证据理论的电厂工业控制系统信息安全风险评估[J].华东理工大学学报(自然科学版),2014,40(4):500-505.
[8]周晓敏.工业控制系统信息安全半实物仿真实验平台设计与实现[D].武汉:华中科技大学,2015.
[9]颜毅辉,曹谢东.油气SCADA主机攻防仿真靶场的设计与实现[J].自动化与仪器仪表,2015(11):232-234.
[10]肖力墉,苏宏业,褚健.基于IEC/ISO62264标准的制造运行管理系统[J].计算机集成制造系统,2011,17(7):1420-1429.
[11]秦宇飞,白焰,王潇,等.电厂数据通信接口的设计与实现[J].电力自动化设备,2010,30(6):127-130.
[12]NI-PSP Networking Technology.Lab VIEW 2010 Help[EB/OL].[2018-08-13].http://zone.ni.com/reference/en-XX/help/371361G-01/lvconcepts/ni_psp/.
[13]苏畅,龚钢军,罗安琴,等.发电系统动态仿真监控平台研究[J].电子技术应用,2017,43(12):65-68.
[14]CIOC I B,OPREA S,VISAN D A,et al.Remote measurements in educational laboratories using Lab VIEW and DAQ cards[C].International Spring Seminar on Electronics Technology.IEEE,2016:486-489.
[15]苏盛,吴长江,马钧,等.基于攻击方视角的电力CPS网络攻击模式分析[J].电网技术,2014,38(11):3115-3120.