上海交通大学学报 ›› 2019, Vol. 53 ›› Issue (Sup.1): 68-73.doi: 10.16183/j.cnki.jsjtu.2019.S1.012

• 学报(中文) • 上一篇    下一篇

基于攻击树模型的数字化控制系统信息安全分析

孙卓,刘东,肖安洪,明平洲,郭文,周俊燚,陈俊杰   

  1. 中国核动力研究设计院 核反应堆系统设计技术重点实验室, 成都 610213
  • 发布日期:2020-04-08
  • 通讯作者: 孙卓(1994-),男,甘肃省平凉市人,硕士生,从事核电信息安全研究. 通信作者:刘东,男,研究员级高级工程师,电话(Tel.):18512896609;E-mail:1074922454@qq.com.

Information Security Analysis of Digital Control System Based on Attack Tree Model

SUN Zhuo,LIU Dong,XIAO Anhong,MING Pingzhou,GUO Wen,ZHOU Junyi,CHEN Junjie   

  1. Science and Technology on Reactor System Design Technology Laboratory, Nuclear Power Institute of China, Chengdu 610213, China
  • Published:2020-04-08

摘要: 核反应堆数字化控制系统(DCS)在提高了控制系统便利性的同时也引入了更多的威胁因子,系统中的工程师站采用了应用范围较广的工控机,其预留接口和Windows操作系统使得工程师站具有传统IT系统在信息安全方面的脆弱性,对数字化控制系统的安全留下隐患.提出一种基于攻击树模型的数字化控制系统信息安全分析方法,结合DCS的软硬件特点及其在系统中所处的位置,建立攻击树模型,提出对应的数字化控制系统信息安全资产评估量化方法,应用通用漏洞评分体系(CVSS)计算出叶节点、根节点及攻击路径发生概率.通过对工程师站的信息安全量化评估实例,得出攻击者最有可能采取的攻击路径,对开发者以及验证与确认(V&V)活动提供技术参考.

关键词: 核能科学与工程; 数字化控制系统; 信息安全; 攻击树; 工程师站

Abstract: The nuclear reactor digital control system(DCS)has introduced more threat factors while improving the convenience of the control system. The engineering station has the vulnerability of the traditional IT system in information security because of using a wide range of interface and Windows system, leaving hidden dangers to the security of the digital control system. An information security analysis method based on attack tree model for digital control system is proposed. The attack tree model with combining the hardware and software characteristics of DCS and its location in the system is established. The DCS information security asset assessment quantitative method is proposed. The common vulnerability scoring system (CVSS) to calculate the probability of attack tree nodes and attack paths is used. Through the quantitative evaluation of the engineering station,the attack path that the attacker is most likely to take is obtained,providing technical reference for the developer and the verification and validation (V&V) activities.

Key words: nuclear science and engineering; digital control system (DCS); information security; attack tree model; engineering station

中图分类号: