一种基于任务和可信等级的数控网络跨域互操作方法

doi:10.3969/j.issn.1671-1122.2024.08.001

信息网络安全 ›› 2024, Vol. 24 ›› Issue (8): 1143-1151.doi: 10.3969/j.issn.1671-1122.2024.08.001

一种基于任务和可信等级的数控网络跨域互操作方法

秦元庆¹^,²(), 董泽阳¹^,², 韩汶君¹^,²

1.华中科技大学人工智能与自动化学院，武汉 430074
2.华中科技大学图像信息处理与智能控制教育部重点实验室，武汉 430074

收稿日期:2024-06-04 出版日期:2024-08-10 发布日期:2024-08-22
通讯作者: 秦元庆 qinyuanqing@hust.edu.cn
作者简介:秦元庆（1976—），男，山东，副教授，博士，主要研究方向为工业互联网信息安全、网络化控制系统|董泽阳（1998—），男，湖北，硕士研究生，主要研究方向为数控系统信息安全|韩汶君（1998—），男，湖北，硕士研究生，主要研究方向为数控系统信息安全
基金资助:
国家重点研发计划(2021YFB2012201)

A Cross-Domain Interoperability Method of Distributed Numerical Control Network Based on Task and Trust Level

QIN Yuanqing¹^,²(), DONG Zeyang¹^,², HAN Wenjun¹^,²

1. School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan 430074, China
2. Image Processing and Intelligent Control, Ministry of Education, Huazhong University of Science and Technology, Wuhan 430074, China

Received:2024-06-04 Online:2024-08-10 Published:2024-08-22

摘要/Abstract

摘要：

随着工业4.0不断深化，数控网络不断开放导致网络攻击的可达性，使其面临巨大的安全风险。传统跨域互操作方法存在对访问主体认证客观性不足、任务执行效率低及身份权限分配粒度不够精确的问题。针对这些问题，文章提出一种基于任务和可信等级的数控网络跨域互操作方法，该方法通过可信计算3.0技术对访问主体进行可信评估，实现对访问主体的客观评价，提高跨域请求的安全性。文章同时提出一种互操作方法，以任务为互操作基础，在保障互操作细粒度安全性的同时，提高任务执行效率。仿真实验验证了该跨域互操作方法的有效性和适用性。

关键词: 可信计算, 跨域访问, 互操作, 任务, 可信等级

Abstract:

With the continuous deepening of industry 4.0, the openness of distributed numerical control network has led to increased vulnerability to cyber-attacks. Traditional cross-domain interoperability models face issues such as insufficient objectivity in access subject authentication, low execution efficiency of tasks, and insufficient precision in identity and permission allocation. To address these challenges, this paper proposed a cross-domain interoperability method of distributed numerical control network based on task and trust level. The method utilized trusted computing 3.0 technology to conduct a trustworthiness assessment of access subjects, objectively evaluated their trustworthiness and enhanced the security of cross-domain requests. Furthermore, this paper proposed a novel interoperability method, which was based on tasks to ensure fine-grained security during interoperation while also enhancing task execution efficiency. Simulation experiments validated the effectiveness and applicability of the proposed cross-domain interoperability method.

Key words: trusted computing, cross-domain access, interoperability, task, trust levels

中图分类号:

TP309

秦元庆, 董泽阳, 韩汶君. 一种基于任务和可信等级的数控网络跨域互操作方法[J]. 信息网络安全, 2024, 24(8): 1143-1151.

QIN Yuanqing, DONG Zeyang, HAN Wenjun. A Cross-Domain Interoperability Method of Distributed Numerical Control Network Based on Task and Trust Level[J]. Netinfo Security, 2024, 24(8): 1143-1151.

图/表 10

图1

图2

图3

图4

表1

表2

图5

图6

图7

图8

参考文献 16

[1]	DONG Yue, WANG Ji, LI Yi. Network Security Threats and Protection of CNC Machine in the Industrial Internet[J]. Automation Panorama, 2022, 39(9): 32-35.
	董悦, 王吉, 李艺. 工业互联网场景下数控机床网络安全威胁与防护[J]. 自动化博览, 2022, 39(9): 32-35.
[2]	XIA Xiaofeng, XIANG Hong, XIAO Zhenyu, et al. Research and Security Evaluation of AUTH-VRF Model for NCS Network Based on Domestic Cryptographic Algorithms[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1846-1852.
	夏晓峰, 向宏, 肖震宇, 等. 基于国产密码算法的数控网络的认证与验证方法研究及安全评估[J]. 电子与信息学报, 2020, 42(8): 1846-1852.
[3]	ISO/IEC 18028-3 Information Technology Security Techniques. IT Network Security Part 3: Securing Communications Between Networks Using Security Gateways[S]. Switzerland: ISO/IEC, 2005.
[4]	SHAHRAKI A S, RUDOLPH C, GROBLER M. A Dynamic Access Control Policy Model for Sharing of Healthcare Data in Multiple Domains[C]// IEEE. 2019 18th IEEE International Conference on Trust, Security And Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. New York: IEEE, 2019: 618-625.
[5]	BAI Wei, PAN Zhisong, GUO Shize, et al. RMMDI: A Novel Framework for Role Mining Based on the Multi-Domain Information[J]. Security and Communication Networks, 2019(1): 1-15.
[6]	FENG Chaosheng, LIU Bin, GUO Zhen, et al. Blockchain-Based Cross-Domain Authentication for Intelligent 5G-Enabled Internet of Drones[J]. IEEE Internet of Things Journal, 2022, 9(8): 6224-6238.
[7]	WANG Miaomiao, RUI Lanlan, YANG Yang, et al. A Blockchain-Based Multi-CA Cross-Domain Authentication Scheme in Decentralized Autonomous Network[J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2664-2676.
[8]	SHEN Meng, LIU Huisen, ZHU Liehuang, et al. Blockchain-Assisted Secure Device Authentication for Cross-Domain Industrial IoT[J]. IEEE Journal on Selected Areas in Communications, 2020, 38(5): 942-954.
[9]	RAO K R, NAYAK A, RAY I G, et al. Role Recommender-RBAC: Optimizing User-Role Assignments in RBAC[J]. Computer Communications, 2021, 166: 140-153.
[10]	CHEN H C. Collaboration IoT-Based RBAC with Trust Evaluation Algorithm Model for Massive IoT Integrated Application[J]. Mobile Networks and Applications, 2019, 24(3): 839-852.
[11]	YANG Yuhan, WEI Lijun, WU Jing, et al. A Blockchain-Based Multidomain Authentication Scheme for Conditional Privacy Preserving in Vehicular Ad-Hoc Network[J]. IEEE Internet of Things Journal, 2022, 9(11): 8078-8090.
[12]	GUPTA M, SANDHU R, MAWLA T, et al. Reachability Analysis for Attributes in ABAC with Group Hierarchy[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 20(1): 841-858.
[13]	KIM H, KIM D K, ALAERJAN A. ABAC-Based Security Model for DDS[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19: 3113-3124.
[14]	SHIH D H, WU Tingwei, SHILH M H, et al. Hyperledger Fabric Access Control for Industrial Internet of Things[EB/OL]. (2022-01-30)[2024-04-12]. https://www.mdpi.com/2076-3417/12/6/3125.
[15]	ZHANG Yuanyu, YUTAKA M, SASABE M, et al. Attribute-Based Access Control for Smart Cities: A Smart-Contract-Driven Framework[J]. IEEE Internet of Things Journal, 2021, 8(8): 6372-6384.
[16]	SHEN Changxiang, TIAN Nan. According to “DJCP 2.0”, the Network Security Defense Line of “New Infrastructure” is Built with Active Immunity and Trusted Computing[J]. Information Security and Communication Confidentiality, 2020(10): 2-9.
	沈昌祥, 田楠. 按“等保2.0”用主动免疫可信计算筑牢“新基建”网络安全防线[J]. 信息安全与通信保密, 2020(10): 2-9.

IP地址	配置	操作系统	实验环境
10.14.84.154	Intel Core i5-8265U	Windows10	Ubuntu 18.04
10.14.84.138	Intel Core i5-8250U	Windows10	Ubuntu 18.04
10.14.84.176	AMD Ryzen 5 3500U	Windows10	Ubuntu 18.04

参数	描述	取值
Role_number	角色数量	2~30
Task_number	任务数量	20~300
D_number	安全域数量	2
F_factor	交互失败惩罚因子	0.9

一种基于任务和可信等级的数控网络跨域互操作方法

A Cross-Domain Interoperability Method of Distributed Numerical Control Network Based on Task and Trust Level

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 16

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王巍, 胡永涛, 刘清涛, 王凯崙. 铁路运行环境下ERT可信根实体的软件化技术研究[J]. 信息网络安全, 2024, 24(5): 794-801.
[2]	姚昌华, 程田圆, 屈毓锛, 苏婷. 面向异构复合任务的无人集群动态重叠联盟任务分配方法[J]. 信息网络安全, 2024, 24(2): 217-228.
[3]	苑文昕, 陈兴蜀, 朱毅, 曾雪梅. 基于深度学习的HTTP负载隐蔽信道检测方法[J]. 信息网络安全, 2023, 23(7): 53-63.
[4]	秦中元, 戈臻伟, 潘经纬, 陈立全. 基于虚拟可信平台模块的完整性度量方案研究[J]. 信息网络安全, 2023, 23(2): 11-18.
[5]	刘高扬, 吴伟玲, 张锦升, 王琛. 多模态对比学习中的靶向投毒攻击[J]. 信息网络安全, 2023, 23(11): 69-83.
[6]	仝鑫, 金波, 王斌君, 翟晗名. 融合对抗增强和多任务优化的恶意短信检测方法[J]. 信息网络安全, 2023, 23(10): 21-30.
[7]	刘芹, 郭凯圆, 涂航. 基于SM2和SM4的TEE下任务数据迁移方案[J]. 信息网络安全, 2023, 23(1): 9-17.
[8]	张学旺, 刘宇帆. 可追踪身份的物联网感知层节点匿名认证方案[J]. 信息网络安全, 2022, 22(9): 55-62.
[9]	仝鑫, 金波, 王靖亚, 杨莹. 一种面向Android恶意软件的多视角多任务学习检测方法[J]. 信息网络安全, 2022, 22(10): 1-7.
[10]	陈璐, 孙亚杰, 张立强, 陈云. 物联网环境下基于DICE的设备度量方案[J]. 信息网络安全, 2020, 20(4): 21-30.
[11]	王晓, 赵军, 张建标. 基于可信软件基的虚拟机动态监控机制研究[J]. 信息网络安全, 2020, 20(2): 7-13.
[12]	范博, 龚钢军, 孙淑娴. 基于等保2.0的配电物联网动态安全体系研究[J]. 信息网络安全, 2020, 20(11): 10-14.
[13]	吴宏胜. 基于可信计算和UEBA的智慧政务系统[J]. 信息网络安全, 2020, 20(1): 89-93.
[14]	路爱同, 赵阔, 杨晶莹, 王峰. 区块链跨链技术研究[J]. 信息网络安全, 2019, 19(8): 83-90.
[15]	尚文利, 尹隆, 刘贤达, 赵剑明. 工业控制系统安全可信环境构建技术及应用[J]. 信息网络安全, 2019, 19(6): 1-10.