基于攻击树模型的数字化控制系统信息安全分析

doi:10.16183/j.cnki.jsjtu.2019.S1.012

上海交通大学学报 ›› 2019, Vol. 53 ›› Issue (Sup.1): 68-73.doi: 10.16183/j.cnki.jsjtu.2019.S1.012

基于攻击树模型的数字化控制系统信息安全分析

孙卓，刘东，肖安洪，明平洲，郭文，周俊燚，陈俊杰

中国核动力研究设计院核反应堆系统设计技术重点实验室, 成都 610213

发布日期:2020-04-08
通讯作者: 孙卓（1994-），男，甘肃省平凉市人，硕士生，从事核电信息安全研究. 通信作者：刘东，男，研究员级高级工程师，电话（Tel.）：18512896609；E-mail：1074922454@qq.com.

Information Security Analysis of Digital Control System Based on Attack Tree Model

SUN Zhuo,LIU Dong,XIAO Anhong,MING Pingzhou,GUO Wen,ZHOU Junyi,CHEN Junjie

Science and Technology on Reactor System Design Technology Laboratory, Nuclear Power Institute of China, Chengdu 610213, China

Published:2020-04-08

摘要/Abstract

摘要： 核反应堆数字化控制系统(DCS)在提高了控制系统便利性的同时也引入了更多的威胁因子，系统中的工程师站采用了应用范围较广的工控机，其预留接口和Windows操作系统使得工程师站具有传统IT系统在信息安全方面的脆弱性，对数字化控制系统的安全留下隐患.提出一种基于攻击树模型的数字化控制系统信息安全分析方法，结合DCS的软硬件特点及其在系统中所处的位置，建立攻击树模型，提出对应的数字化控制系统信息安全资产评估量化方法，应用通用漏洞评分体系(CVSS)计算出叶节点、根节点及攻击路径发生概率.通过对工程师站的信息安全量化评估实例，得出攻击者最有可能采取的攻击路径，对开发者以及验证与确认(V&V)活动提供技术参考.

关键词: 核能科学与工程；数字化控制系统；信息安全；攻击树；工程师站

Abstract: The nuclear reactor digital control system(DCS)has introduced more threat factors while improving the convenience of the control system. The engineering station has the vulnerability of the traditional IT system in information security because of using a wide range of interface and Windows system, leaving hidden dangers to the security of the digital control system. An information security analysis method based on attack tree model for digital control system is proposed. The attack tree model with combining the hardware and software characteristics of DCS and its location in the system is established. The DCS information security asset assessment quantitative method is proposed. The common vulnerability scoring system (CVSS) to calculate the probability of attack tree nodes and attack paths is used. Through the quantitative evaluation of the engineering station,the attack path that the attacker is most likely to take is obtained,providing technical reference for the developer and the verification and validation (V&V) activities.

Key words: nuclear science and engineering; digital control system (DCS); information security; attack tree model; engineering station

中图分类号:

TL 48

孙卓，刘东，肖安洪，明平洲，郭文，周俊燚，陈俊杰. 基于攻击树模型的数字化控制系统信息安全分析[J]. 上海交通大学学报, 2019, 53(Sup.1): 68-73.

SUN Zhuo,LIU Dong,XIAO Anhong,MING Pingzhou,GUO Wen,ZHOU Junyi,CHEN Junjie. Information Security Analysis of Digital Control System Based on Attack Tree Model[J]. Journal of Shanghai Jiaotong University, 2019, 53(Sup.1): 68-73.

参考文献

［1］ERIC J B, MATTHEW F, DARRIN M. The use of attack trees in assessing vulnerabilities in SCADA systems［C］//International infrastructure survivability workshop. Lisbon (Portugal): IEEE, 2004: 5-6. ［2］MARLON F, MARGARET F, OLGA G, et al. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study［C］//IFIP International Federation for Information Processing 2016. Switzerland: Springer International Publishing, 2016: 326-334. ［3］黄慧萍, 肖世德, 孟祥印. 基于攻击树的工业控制系统信息安全风险评估［J］. 计算机应用研究, 2015, 32(10): 3022-3025. HUANG Huiping, XIAO Shide, MENG Xiangyin. Attack tree-based method for assessing cyber security risk of industrial control system［J］. Application Research of Computers, 2015, 32(10): 3022-3025. ［4］赵庆, 刘朝晖, 陈智. 基于攻击树的核电厂DCS系统信息安全脆弱性分析［J］. 南华大学学报(自然科学版), 2018, 32(3): 54-59. ZHAO Qing, LIU Zhaohui, CHEN Zhi. Information security vulnerability analysis of DCS system in nuclear power plant based on attack tree［J］. Journal of University of South China (Science and Technology), 2018, 32(3): 54-59. ［5］SCHNEIER B. Attack trees: Modeling security threats［J］. Dr Dobb’s Journal, 1999, 24(12): 21-29. ［6］国家标准委. 信息安全技术-信息安全风险评估规范: GB/T 20984—2007［S］.北京: 中国标准出版社, 2007. National Standards Committee. Information security technology-risk assessment specification for information security: GB/T 20984—2007［S］. Beijing: Standards Press of China, 2007. ［7］李慧, 张茹, 刘建毅, 等. 基于攻击树模型的数传电台传输安全性评估［J］. 信息网络安全, 2014(8): 71-76. LI Hui, ZHANG Ru, LIU Jianyi, et al. Safety assessment on digital radio transmission based on attack tree model［J］. Netinfo Security, 2014(8): 71-76.

基于攻击树模型的数字化控制系统信息安全分析

Information Security Analysis of Digital Control System Based on Attack Tree Model

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价