摘要
核反应堆数字化控制系统(DCS)在提高了控制系统便利性的同时也引入了更多的威胁因子,系统中的工程师站采用了应用范围较广的工控机,其预留接口和Windows操作系统使得工程师站具有传统IT系统在信息安全方面的脆弱性,对数字化控制系统的安全留下隐患.提出一种基于攻击树模型的数字化控制系统信息安全分析方法,结合DCS的软硬件特点及其在系统中所处的位置,建立攻击树模型,提出对应的数字化控制系统信息安全资产评估量化方法,应用通用漏洞评分体系(CVSS)计算出叶节点、根节点及攻击路径发生概率.通过对工程师站的信息安全量化评估实例,得出攻击者最有可能采取的攻击路径,对开发者以及验证与确认(V&V)活动提供技术参考.
The nuclear reactor digital control system(DCS)has introduced more threat factors while improving the convenience of the control system.The engineering station has the vulnerability of the traditional IT system in information security because of using a wide range of interface and Windows system,leaving hidden dangers to the security of the digital control system.An information security analysis method based on attack tree model for digital control system is proposed.The attack tree model with combining the hardware and software characteristics of DCS and its location in the system is established.The DCS information security asset assessment quantitative method is proposed.The common vulnerability scoring system(CVSS)to calculate the probability of attack tree nodes and attack paths is used.Through the quantitative evaluation of the engineering station,the attack path that the attacker is most likely to take is obtained,providing technical reference for the developer and the verification and validation(V&V)activities.
作者
孙卓
刘东
肖安洪
明平洲
郭文
周俊燚
陈俊杰
SUN Zhuo;LIU Dong;XIAO Anhong;MING PingzhouGUO Wen;ZHOU Junyi;CHEN Junjie(Science and Technology on Reactor System Design Technology Laboratory,Nuclear Power Institute of China,Chengdu 610213,China)
出处
《上海交通大学学报》
EI
CAS
CSCD
北大核心
2019年第S01期68-73,共6页
Journal of Shanghai Jiaotong University
关键词
核能科学与工程
数字化控制系统
信息安全
攻击树
工程师站
nuclear science and engineering
digital control system(DCS)
information security
attack tree model
engineering station
