| 引用本文: |
-
马叶桐,潘志文,刘凯祥,吕世超,孙利民.工业控制系统中功能安全与信息安全的关系分析和安全措施选取方法[J].信息安全学报,已采用 [点击复制]
- mayetong,panzhiwen,liukaixiang,lvshichao,sunlimin.Method of Relationship Analysis and Measure Selection between Functional Safety and Security in Industrial Control Systems[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 工业控制系统(Industrial Control System, ICS)作为支撑国家关键基础设施的关键信息物理系统,必须同时满足功能安全与信息安全(以下简称两安)的严格要求,既确保安全功能的可靠执行,又可以有效抵御日益复杂的网络物理融合威胁。然而在当前工业控制系统的设计阶段实践中,两安措施往往通过独立流程分别进行选取。这种割裂的设计方法缺乏系统性视角,未能充分考虑两安之间复杂的耦合关系。两安措施与两安要求之间的相互关系主要包括三种:相互独立、相互冲突和相互助益。忽视此类两安关系可能导致严重后果:如无法兼顾满足两安要求,再如因两安措施重复部署而产生资源浪费,或引发两安措施间的作用抵消。为建立两安关系分析的坚实理论基础,本文首先提出了一种功能安全与信息安全关系模型,通过形式化描述安全功能、两安要求、两安措施之间的三元关系,实现了对两安关系的机理建模。以此关系模型为基础,并结合功能安全生命周期框架,本文进一步提出了一种功能安全与信息安全的关系分析和安全措施选取方法,用于系统分析两安关系以及得出可兼顾满足两安要求的两安措施最优选取方案。该方法的实施包含四个迭代进行的核心阶段:(1)两安风险分析,使得两安要求确定等后续阶段建立在系统性风险分析的基础上;(2)两安要求确定与分配,包括安全功能以及相应两安要求的确定与分配;(3)定量分析两安之间的相互作用关系,包括以下三种:相互独立、相互冲突和相互助益;(4)参照分析出的两安关系,以满足两安要求为首要目标,进行两安措施选取,并通过比较评估确定最优选取方案。我们在燃气管网半实物测试系统中详细验证了所提出方法的可行性。 |
| 关键词: 功能安全 信息安全 功能安全与信息安全融合 安全措施选取 风险分析 工业控制系统 |
| DOI: |
| 投稿时间:2025-06-10修订日期:2025-11-19 |
| 基金项目: |
|
| Method of Relationship Analysis and Measure Selection between Functional Safety and Security in Industrial Control Systems |
|
mayetong1, panzhiwen1, liukaixiang2, lvshichao1, sunlimin1
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.Central South University) |
| Abstract: |
| Industrial Control Systems (ICS), as critical cyber-physical systems that form the backbone of modern national infrastructure, must rigorously satisfy both functional safety and security requirements to ensure the reliable execution of safety functions and defense against escalating cyber-physical threats. Nevertheless, in current ICS design practices, safety & security measures are often selected through separate independent processes. This fragmented design approach lacks a systematic perspective and fails to adequately consider the complex coupling relationships between safety & security. The relationships between safety & security measures and safety & security requirements primarily encompasses three types: independence, conflict, and reinforcement. Neglecting such relationships may result in serious consequences: for instance, failing to adequately address safety & security requirements, or causing resource wastage due to redundant safety & security measures deployments, or even inadvertently under-mine safety & security measures' effectiveness. To establish a robust theoretical foundation for analyzing safety & security relationships, this paper first proposes safety & security relationship model, achieving a mechanism-based modeling of safety & security relationships by formally describing the ternary relationship among safety functions, safety & security requirements, and implementable safety & security measures. Building upon this foundational safety & security relationship model and combining it with safety lifecycle framework, this paper further proposes a method for analyzing safety & security relationships and selecting safety & security measures. The proposed approach is designed to systematically analyze safety & security relationships and derive optimal selection schemes for safety & security measures that simultaneously meet all safety & security requirements, which including four key iterative phases: (1) safety & security risk analysis, including the identification of functional safety risks and security risks, (2) safety & security requirements determination and allocation, including identification of safety functions and allocation of corresponding safety & security requirements, (3) quantitative analysis of relationships between safety & security, including three types: independence, conflict, and reinforcement, (4) selection of safety & security measures based on the analyzed safety & security relationships, prioritizing the fulfillment of safety & security requirements, and determining the optimal selection through comparative evaluation. We demonstrate the method's effectiveness through comprehensive verification using a gas network semi-physical testbed. |
| Key words: functional safety security safety & security functional safety and security measure selection risk analysis industrial control system |
