核反应堆数字化控制系统(DCS)在提高了控制系统便利性的同时也引入了更多的威胁因子,系统中的工程师站采用了应用范围较广的工控机,其预留接口和Windows操作系统使得工程师站具有传统IT系统在信息安全方面的脆弱性,对数字化控制系统的安全留下隐患.提出一种基于攻击树模型的数字化控制系统信息安全分析方法,结合DCS的软硬件特点及其在系统中所处的位置,建立攻击树模型,提出对应的数字化控制系统信息安全资产评估量化方法,应用通用漏洞评分体系(CVSS)计算出叶节点、根节点及攻击路径发生概率.通过对工程师站的信息安全量化评估实例,得出攻击者最有可能采取的攻击路径,对开发者以及验证与确认(V&V)活动提供技术参考.
The nuclear reactor digital control system(DCS)has introduced more threat factors while improving the convenience of the control system. The engineering station has the vulnerability of the traditional IT system in information security because of using a wide range of interface and Windows system, leaving hidden dangers to the security of the digital control system. An information security analysis method based on attack tree model for digital control system is proposed. The attack tree model with combining the hardware and software characteristics of DCS and its location in the system is established. The DCS information security asset assessment quantitative method is proposed. The common vulnerability scoring system (CVSS) to calculate the probability of attack tree nodes and attack paths is used. Through the quantitative evaluation of the engineering station,the attack path that the attacker is most likely to take is obtained,providing technical reference for the developer and the verification and validation (V&V) activities.
[1]ERIC J B, MATTHEW F, DARRIN M. The use of attack trees in assessing vulnerabilities in SCADA systems[C]//International infrastructure survivability workshop. Lisbon (Portugal): IEEE, 2004: 5-6.
[2]MARLON F, MARGARET F, OLGA G, et al. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study[C]//IFIP International Federation for Information Processing 2016. Switzerland: Springer International Publishing, 2016: 326-334.
[3]黄慧萍, 肖世德, 孟祥印. 基于攻击树的工业控制系统信息安全风险评估[J]. 计算机应用研究, 2015, 32(10): 3022-3025.
HUANG Huiping, XIAO Shide, MENG Xiangyin. Attack tree-based method for assessing cyber security risk of industrial control system[J]. Application Research of Computers, 2015, 32(10): 3022-3025.
[4]赵庆, 刘朝晖, 陈智. 基于攻击树的核电厂DCS系统信息安全脆弱性分析[J]. 南华大学学报(自然科学版), 2018, 32(3): 54-59.
ZHAO Qing, LIU Zhaohui, CHEN Zhi. Information security vulnerability analysis of DCS system in nuclear power plant based on attack tree[J]. Journal of University of South China (Science and Technology), 2018, 32(3): 54-59.
[5]SCHNEIER B. Attack trees: Modeling security threats[J]. Dr Dobb’s Journal, 1999, 24(12): 21-29.
[6]国家标准委. 信息安全技术-信息安全风险评估规范: GB/T 20984—2007[S].北京: 中国标准出版社, 2007.
National Standards Committee. Information security technology-risk assessment specification for information security: GB/T 20984—2007[S]. Beijing: Standards Press of China, 2007.
[7]李慧, 张茹, 刘建毅, 等. 基于攻击树模型的数传电台传输安全性评估[J]. 信息网络安全, 2014(8): 71-76.
LI Hui, ZHANG Ru, LIU Jianyi, et al. Safety assessment on digital radio transmission based on attack tree model[J]. Netinfo Security, 2014(8): 71-76.
