信息网络安全 ›› 2019, Vol. 19 ›› Issue (4): 1-10.doi: 10.3969/j.issn.1671-1122.2019.04.001

• 等级保护 •    下一篇

工控网络局域可信计算环境构建方法与验证

尚文利1,3,4,5(), 张修乐1,2,3,4, 刘贤达1,3,4,5, 尹隆1,3,4,5   

  1. 1. 中国科学院沈阳自动化研究所,辽宁沈阳 110016
    2. 沈阳理工大学自动化与电气工程学院,辽宁沈阳 110159
    3. 中国科学院机器人与智能制造创新研究院,辽宁沈阳 110016
    4. 中国科学院网络化控制系统重点实验室,辽宁沈阳 110016
    5. 中国科学院大学,北京 100049
  • 收稿日期:2019-01-07 出版日期:2019-04-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:尚文利(1974—),男,黑龙江,研究员,博士,主要研究方向为工业控制系统信息安全、计算智能与机器学习;张修乐(1992—),男,山东,硕士研究生,主要研究方向为工业控制系统信息安全、可信计算;刘贤达(1985—),男,辽宁,助理研究员,硕士,主要研究方向为工业控制网络安全;尹隆(1991—),男,吉林,助理研究员,硕士,主要研究方向为工业控制网络安全。

  • 基金资助:
    国家自然科学基金面上项目[61773368];国家电网公司科技项目[52110118001H];中国科学院战略性先导科技专项[XDC02000000]

Construction Method and Verification of Local Trusted Computing Environment in Industrial Control Network

Wenli SHANG1,3,4,5(), Xiule ZHANG1,2,3,4, Xianda LIU1,3,4,5, Long YIN1,3,4,5   

  1. 1. Shenyang Institute of Automation, Chinese Academy of Sciences, Shenyang Liaoning 110016, China
    2. Faculty of Automation and Electrical Engineering, Shenyang Ligong University, Shenyang Liaoning 110159, China
    3. Institutes for Robotics and Intelligent Manufacturing, Chinese Academy of Sciences, Shenyang Liaoning 110016, China
    4. Key Laboratory of Networked Control Systems, Chinese Academy of Sciences, Shenyang Liaoning 110016, China
    5. University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2019-01-07 Online:2019-04-10 Published:2020-05-11

摘要:

工业控制系统终端设备层信息安全防护能力相对薄弱,构建工控设备层局域可信计算环境对于大幅度提高工业控制系统信息安全防护能力具有重要意义。文章提出基于可信PLC的工控网络安全应用设计,从终端控制设备的安全问题入手,完成对设备自身及其所在网络的安全防护,构建高安全、高可信的工控网络运行环境。仿真实验结合可信PLC和工控系统专用安全产品等,搭建工控网络局域可信计算架构,验证可信PLC可信启动过程,引导可信PLC进行安全功能数据交换。使用基于深度信念网络的异常检测模型,对可信计算环境下的正常通信数据和遭受模拟攻击的数据进行检测。对比实验结果验证了工控网络局域可信计算环境的安全性和可信性。

关键词: 工业控制系统, 可信PLC, 可信计算环境, 深度信念网络

Abstract:

The information security protection capability of terminal system layer of industrial control system is relatively weak. Constructing the trusted computing environment of the local industrial control equipment layer is of great significance for greatly improving the information security protection capability of industrial control system. This paper proposes the design of industrial control network security application based on trusted PLC. Starting from the security problem of terminal control equipment, the application design completes the security protection of the equipment itself and its network, and constructs high-security and high-trusted industrial control network operating environment. The simulation experiment combines the trusted PLC and the special safety products of industrial control system to build the local trusted computing architecture of industrial control network, verify the trusted start-up process of trusted PLC, and guide the trusted PLC to exchange the security function data. The anomaly detection model based on deep belief network is used to detect the normal communication data and the data subjected to the simulated attack in the trusted computing environment. The experimental results verify the security and credibility of the local trusted computing environment of industrial control network.

Key words: industrial control system, trusted PLC, trusted computing environment, deep belief network

中图分类号: