引用本文
  • 魏帅,于洪,顾泽宇,张兴明.面向工控领域的拟态安全处理机架构[J].信息安全学报,2017,2(1):54-73    [点击复制]
  • WEI Shuai,YU Hong,GU Zeyu,ZHANG Xingming.Architecture of Mimic Security Processor for Industry Control System[J].Journal of Cyber Security,2017,2(1):54-73   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 3692次   下载 4571 本文二维码信息
码上扫一扫!
面向工控领域的拟态安全处理机架构
魏帅, 于洪, 顾泽宇, 张兴明
0
(国家数字交换系统工程技术研究中心 郑州 中国 450002)
摘要:
近年来,针对工控系统的攻击越来越多,工业控制系统应用大多涉及国计民生,其安全问题不容忽视。我国工控系统中现场PLC、终端、RTU等控制设备大部分使用国外的控制组件,对于未知的逻辑炸弹和后门基本没有安全防护能力。为此,本文以拟态技术为基础,提出了一种通用的拟态安全处理机架构,采用基于状态保存的两步清洗技术和高可靠判决策略,使得符合该架构规范的应用程序均能借助拟态处理架构防护操作系统、处理机和外围器件可能出现已知或未知的后门/漏洞,最后的仿真验证结果验证了该系统可以有效地抵御多种类型的攻击。
关键词:  拟态安全  工业控制  处理机  清洗和判决方法
DOI:10.19363/j.cnki.cn10-1380/tn.2017.01.005
投稿时间:2016-09-04修订日期:2016-09-25
基金项目:本课题得到上海市科研计划项目工业控制拟态安全处理器原型验证(14DZ1104800);5G大规模协作无线传输关键技术研发(2014AA01A704);网络空间拟态安全异构冗余机制研究(No.61572520);网络空间拟态防御基础理论研究(No.61521003);国家自然科学基金面上项目(61572520)资助。
Architecture of Mimic Security Processor for Industry Control System
WEI Shuai, YU Hong, GU Zeyu, ZHANG Xingming
(National Digital Switching System Engineering & Technological R & D Center, Zhengzhou 450002, China)
Abstract:
Over the last years, attacks targeting ICSs, most of which largely concern national welfare and the people's livelihood, are prevailing and should not be neglected. In our country, the vital pieces in ICSs such as PLCs, terminals, RTUs and so on mostly come from abroad. Without independency or control over these pieces, we cannot achieve protection against unknown logic bombs or backdoors. Based on Mimic Technology, this paper presents a new general architecture of mimic security processor. This processor uses status-based two-step cleanout method and high-reliable arbitration method. APPs that conform to this architecture can protect the operating system, the processor and other modules from known or unknown backdoors/vulnerabilities. The simulations at the end prove mimic security processor can defend multi types of attacks.
Key words:  Mimic security  industry control  processor  cleanout and arbitration method