关键基础设施网络安全技术研究进展
|
摘要
通过对关键基础设施的网络安全现状进行总结,对关键基础设施的安全威胁进行了分类,着重对信息物理融合系统在受到网络攻击时采用的数据词典、证据理论、博弈论等方法进行网络安全防护深入分析,着重分析了基于信任理论的信息物理融合系统的防御方案,阐述了关键基础设施的相关性与脆弱性之间的关系,总结了现有主要的关键基础设施网络安全的模拟技术,对比分析了现有的仿真技术的特点。最后提出了关键基础设施网络安全技术值得深入研究的发展方向。
This paper summarized the network security situation on critical infrastructure,it classified security threats to critical infrastructure. By focusing on the CPS in the network attack,it introduced the data dictionary,evidence theory,game theory analysis,the network security protection. It emphasized the analysis of the defense scheme cyber physical system based on the theory of trust,and studied the relation between the correlation and vulnerability of critical infrastructure. It summarized the network security simulation technologies of critical infrastructure present,and compared the simulation technologies. It put forward the future direction of development of critical infrastructure network security technology.
This paper summarized the network security situation on critical infrastructure,it classified security threats to critical infrastructure. By focusing on the CPS in the network attack,it introduced the data dictionary,evidence theory,game theory analysis,the network security protection. It emphasized the analysis of the defense scheme cyber physical system based on the theory of trust,and studied the relation between the correlation and vulnerability of critical infrastructure. It summarized the network security simulation technologies of critical infrastructure present,and compared the simulation technologies. It put forward the future direction of development of critical infrastructure network security technology.
引文
[1]DAS S K,KANT K,ZHANG Nan.Handbook on securing cyber-physical critical infrastructure[M].[S.l.]:Morgan Kaufmann,2012.
[2]AMIN S,SCHWARTZ G A,HUSSAIN A.In quest of benchmark security risks to cyber-physical systems[J].IEEE Network,2013,27(1):19-24.
[3]HUSSAIN A,HEIDEMANN J,PAPADOPOULOS C.A framework for classifying denial of service attacks[C]//Proc of ACM Conference Applications,Technologies,Architectures,and Protocols for Computer Communications.2003:99-110.
[4]AMIN S,LITRICO X,SASTRY S S,et al.Cyber security of water SCADA systems—partⅡ:attack detection using enhanced hydrodynamic models[J].IEEE Trans on Control Systems Technology,2012,21(5):1679-1693.
[5]BULDYREV S V,PARSHANI R,PAUL G,et al.Catastrophic cascade of failures in interdependent networks[J].Nature,2010,464(7291):1025-1028.
[6]YAMPOLSKIY M,HORVATH P,KOUTSOUKOS X D,et al.Systematic analysis of cyber-attacks on cps-evaluating applicability of DFDbased approach[C]//Proc of the 5th International Symposium on Resilient Control Systems.2012:55-62.
[7]WHEELER D A,LARSON G.Techniques for cyber attack attribution,IDA Paper P-3792[R].Alexandria,Virginia:Institute for Defense Analyses,2003.
[8]HUNKER J,UTCHINSON R,MARGULIES J.Attribution of cyber attacks on process control systems[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:87-99.
[9]DYNES S.Emergent risks in critical infrastructures[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:1-16.
[10]STELTE B,RODOSEK G D.Assuring trustworthiness of sensor data for cyber-physical systems[C]//Proc of IFIP/IEEE International Symposium on Integrated Network Management.2013:395-402.
[11]AAKASH S,ADRIAN P,BRUNO S.Mechanisms to provide integrity in SCADA and PCS devices[C]//Proc of International Workshop on Cyber-Physical Systems Challenges and Applications.2008.
[12]FOGLIETTA C,GASPARRI A,PANZIERI S.A networked evidence theory framework for critical infrastructure modeling[J].Critical Infrastructure ProtectionⅥ,IFIP Advances in Information and Communication Technology,2012,390:205-215.
[13]GASPARRI A,FIORINI F,DiROCCO M,et al.A networked transferable belief model approach for distributed data aggregation[J].IEEE Trans on Systems,Man and Cybernetics:Part B,2012,42(2):391-405.
[14]OKHRAVI H,NICOL D.Applying trusted network technology to process control systems[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:57-70.
[15]BAINA A,El KALAM A A,DESWARTE Y,et al.Collaborative access control for critical infrastructures[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:189-201.
[16]MIEGE A.Definition of a formal framework for specifying security policies:the Or BAC model and extensions[D].Paris:Ecole Nationale Superieure des Telecommunications,2005.
[17]El KALAM A A,BENFERHAT S,MIEGE A,et al.Organization based access control[C]//Proc of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks.2003:120-134.
[18]TOTEL E,BLANQUART J,DESWARTE Y,et al.Supporting multiple levels of criticality[C]//Proc of the 28th Annual Symposium on Fault Tolerant Computing.1998:70-79.
[19]CASALICCHIO E,GALLI E.Metrics for quantifying interdependencies[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:215-227.
[20]MENDONCA D,LEE E,WALLACE W.Impact of the 2001 World Trade Center attack on critical interdependent infrastructures[C]//Proc of IEEE International Conference on Systems,Man and Cybernetics.2004:4053-4058.
[21]MIN H,BEYELER W,BROWN T,et al.Toward modeling and simulation of critical national infrastructure interdependencies[J].IIE Transactions,2007,39(1):57-71.
[22]RINALDI S,PEERENBOOM J,KELLY T.Identifying,understanding and analyzing critical infrastructure interdependencies[J].IEEE Control Systems,2001,21(6):11-25.
[23]SVENDSEN N K,WOLTHUSEN S D.Connectivity models of interdepen-dency in mixed-type critical infrastructure networks[J].Information Security Technical Report,2007,12(1):44-55.
[24]NIEUWENHUIJS A,LUIIJF E,KLAVER M.Modeling dependencies in critical infrastructures[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:205-213.
[25]SETOLA R,BOLOGNA S,CASALICCHIO E,et al.An integrated approach for simulating interdependencies[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:229-239.
[26]IRRIIS Consortium,The IRRIIS European Integrated Project.Fraunhofer institute for intelligent analysis and information systems[EB/OL].http://www.irriis.org.
[27]DIESIS Consortium.The DIESIS project[EB/OL].http://www.diesis-eu.org.
[28]刘健,刘晓,吴之立.网络化关键基础设施依存关系建模与仿真方法研究[J].中国安全科学学报,2011,21(10):29-35.
[29]周军学,易立新.网络重要基础设施脆弱性评价模型及其应用[J].中国安全科学学报,2010,20(11):72-80.
[30]SIATERLIS C,GENGE B,HOHENADEL M,et al.Enabling the exploration of operating procedures in critical infrastructures[J].Critical Infrastructure ProtectionⅥ,IFIP Advances in Information and Communication Technology,2012,390:217-233.
[31]CRAVEN P,OMAN P.Simulation of advanced train control systems[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:243-256.
[32]TOLONE W,LEE S W,XIANG Wei-ning,et al.An integrated methodology for critical infrastructure modeling and simulation[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:257-268.
[2]AMIN S,SCHWARTZ G A,HUSSAIN A.In quest of benchmark security risks to cyber-physical systems[J].IEEE Network,2013,27(1):19-24.
[3]HUSSAIN A,HEIDEMANN J,PAPADOPOULOS C.A framework for classifying denial of service attacks[C]//Proc of ACM Conference Applications,Technologies,Architectures,and Protocols for Computer Communications.2003:99-110.
[4]AMIN S,LITRICO X,SASTRY S S,et al.Cyber security of water SCADA systems—partⅡ:attack detection using enhanced hydrodynamic models[J].IEEE Trans on Control Systems Technology,2012,21(5):1679-1693.
[5]BULDYREV S V,PARSHANI R,PAUL G,et al.Catastrophic cascade of failures in interdependent networks[J].Nature,2010,464(7291):1025-1028.
[6]YAMPOLSKIY M,HORVATH P,KOUTSOUKOS X D,et al.Systematic analysis of cyber-attacks on cps-evaluating applicability of DFDbased approach[C]//Proc of the 5th International Symposium on Resilient Control Systems.2012:55-62.
[7]WHEELER D A,LARSON G.Techniques for cyber attack attribution,IDA Paper P-3792[R].Alexandria,Virginia:Institute for Defense Analyses,2003.
[8]HUNKER J,UTCHINSON R,MARGULIES J.Attribution of cyber attacks on process control systems[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:87-99.
[9]DYNES S.Emergent risks in critical infrastructures[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:1-16.
[10]STELTE B,RODOSEK G D.Assuring trustworthiness of sensor data for cyber-physical systems[C]//Proc of IFIP/IEEE International Symposium on Integrated Network Management.2013:395-402.
[11]AAKASH S,ADRIAN P,BRUNO S.Mechanisms to provide integrity in SCADA and PCS devices[C]//Proc of International Workshop on Cyber-Physical Systems Challenges and Applications.2008.
[12]FOGLIETTA C,GASPARRI A,PANZIERI S.A networked evidence theory framework for critical infrastructure modeling[J].Critical Infrastructure ProtectionⅥ,IFIP Advances in Information and Communication Technology,2012,390:205-215.
[13]GASPARRI A,FIORINI F,DiROCCO M,et al.A networked transferable belief model approach for distributed data aggregation[J].IEEE Trans on Systems,Man and Cybernetics:Part B,2012,42(2):391-405.
[14]OKHRAVI H,NICOL D.Applying trusted network technology to process control systems[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:57-70.
[15]BAINA A,El KALAM A A,DESWARTE Y,et al.Collaborative access control for critical infrastructures[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:189-201.
[16]MIEGE A.Definition of a formal framework for specifying security policies:the Or BAC model and extensions[D].Paris:Ecole Nationale Superieure des Telecommunications,2005.
[17]El KALAM A A,BENFERHAT S,MIEGE A,et al.Organization based access control[C]//Proc of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks.2003:120-134.
[18]TOTEL E,BLANQUART J,DESWARTE Y,et al.Supporting multiple levels of criticality[C]//Proc of the 28th Annual Symposium on Fault Tolerant Computing.1998:70-79.
[19]CASALICCHIO E,GALLI E.Metrics for quantifying interdependencies[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:215-227.
[20]MENDONCA D,LEE E,WALLACE W.Impact of the 2001 World Trade Center attack on critical interdependent infrastructures[C]//Proc of IEEE International Conference on Systems,Man and Cybernetics.2004:4053-4058.
[21]MIN H,BEYELER W,BROWN T,et al.Toward modeling and simulation of critical national infrastructure interdependencies[J].IIE Transactions,2007,39(1):57-71.
[22]RINALDI S,PEERENBOOM J,KELLY T.Identifying,understanding and analyzing critical infrastructure interdependencies[J].IEEE Control Systems,2001,21(6):11-25.
[23]SVENDSEN N K,WOLTHUSEN S D.Connectivity models of interdepen-dency in mixed-type critical infrastructure networks[J].Information Security Technical Report,2007,12(1):44-55.
[24]NIEUWENHUIJS A,LUIIJF E,KLAVER M.Modeling dependencies in critical infrastructures[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:205-213.
[25]SETOLA R,BOLOGNA S,CASALICCHIO E,et al.An integrated approach for simulating interdependencies[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:229-239.
[26]IRRIIS Consortium,The IRRIIS European Integrated Project.Fraunhofer institute for intelligent analysis and information systems[EB/OL].http://www.irriis.org.
[27]DIESIS Consortium.The DIESIS project[EB/OL].http://www.diesis-eu.org.
[28]刘健,刘晓,吴之立.网络化关键基础设施依存关系建模与仿真方法研究[J].中国安全科学学报,2011,21(10):29-35.
[29]周军学,易立新.网络重要基础设施脆弱性评价模型及其应用[J].中国安全科学学报,2010,20(11):72-80.
[30]SIATERLIS C,GENGE B,HOHENADEL M,et al.Enabling the exploration of operating procedures in critical infrastructures[J].Critical Infrastructure ProtectionⅥ,IFIP Advances in Information and Communication Technology,2012,390:217-233.
[31]CRAVEN P,OMAN P.Simulation of advanced train control systems[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:243-256.
[32]TOLONE W,LEE S W,XIANG Wei-ning,et al.An integrated methodology for critical infrastructure modeling and simulation[J].Critical Infrastructure ProtectionⅡ,The International Federation for Information Processing,2009,290:257-268.