智能电网ICS系统信息安全研究简

智能电网的应用改变了原有电网的网络通信结构和应用模式,如何全面的保障新形式下电网ICS系统的信息安全是一个必须深入探讨和研究并亟待解决的关键问题之一。本文首先剖析了智能电网中ICS系统与传统IT的区别,在分析ICS系统所面临的信息安全漏洞后提出了针对以上信息安全威胁的安全防护建议。     

工业控制系统的信息安全问题研究

分析了工业控制系统的安全要求、典型的威胁与攻击形式,阐释了工业控制系统信息安全与传统IT信息安全的区别;分析了现有的控制系统信息安全的解决思路,结合SP800-82工业控制系统（ICS）安全指南,介绍了控制系统网络防护的主要措施;总结了热点研究趋势,包括安全通讯协议和安全控制器的设计.     

Strategic roles of IT modernization and cloud migration in reducing cybersecurity risks of organizations: The case of U.S. federal government

Many organizations run their core business operations on decades-old legacy IT systems. Some security professionals argue that legacy IT systems significantly increase security risks because they are not designed to address contemporary cybersecurity risks. Others counter that the legacy systems might be “secure by antiquity” and argue that due to lack of adequate documentation on the systems, it is very difficult for potential attackers to discover and exploit security vulnerabilities. There is a shortage of empirical evidence on either argument. Routine activity theory (RAT) argues that an organization’s guardianship is critical for reducing security incidents. However, RAT does not well explain how organizations might guard against security risks of legacy IT systems. We theorize that organizations can enhance their guardianship by either modernizing their legacy IT systems in-house or by outsourcing them to cloud vendors. With datasets from the U.S. federal agencies, we find that agencies that have more legacy IT systems experience more frequent security incidents than others with more modern IT systems. A 1%-point increase in the proportion of IT budgets spent on IT modernization is associated with a 5.6% decrease in the number of security incidents. Furthermore, migration of the legacy systems to the cloud is negatively associated with the number of security incidents. The findings advance the literature on strategic information systems by extending RAT to explain why the “security by antiquity” argument is not valid and how organizations can reduce the security risks of legacy IT systems through modernization and migration to the cloud.     

A logic-based framework for the security analysis of Industrial Control Systems

Industrial Control Systems (ICS) are used for monitoring and controlling critical infrastructures such as power stations, waste water treatment facilities, traffic lights, and many more. Lately, these systems have become a popular target for cyber-attacks. Security is often an afterthought, leaving them vulnerable to all sorts of attacks. This article presents a formal approach for analysing the security of Industrial Control Systems, both during their design phase and while operational. A knowledge- based system is used to analyse a model of the control system and extract system vulnerabilities. The approach has been validated on an ICS in the design phase.     

工业控制系统安全综述

工业控制系统（ICS）作为国家基础设施的核心控制设备,其安全关系国计民生。震网（Stuxnet）病毒爆发以后,工控安全逐渐引起国家、企业、战略安全人士的高度重视。总结分析了工控系统的结构资产、脆弱性、存在的威胁、安全措施与风险评估等内容;提出了四层功能的仿免疫系统的安全管理模型,并重点分析其中的关键防御技术,例如深度防御、防火墙、异常检查、Conpot（Control Systems Honeypot）、安全远程访问以及管理策略;指出工控系统安全将会是智慧城市、智慧制造与工业4.0等新兴技术的发展契机与最大挑战;最后结合国内工控安全布局规划,给出工控安全建议,并展望未来的发展前景。     

Managing vulnerabilities in networked systems

Most organizations recognize the importance of cyber security and are implementing various forms of protection. However, many are failing to find and fix known security problems in the software packages they use as the building blocks of their networks and systems, a vulnerability that a hacker can exploit to bypass all other efforts to secure the enterprise. The Common Vulnerabilities and Exposures (CVE) initiative seeks to avoid such disasters and transform this area from a liability to a key asset in the fight to build and maintain secure systems. Coordinating international, community-based efforts from industry, government and academia, CVE strives to find and fix software product vulnerabilities more rapidly, predictably, and efficiently. The initiative seeks the adoption of a common naming practice for describing software vulnerabilities. Once adopted, these names will be included within security tools and services and on the fix sites of commercial and open source software package providers. As vendors respond to more users requests for CVE-compatible fix sites, securing the enterprise will gradually include the complete cycle of finding, analyzing, and fixing vulnerabilities     

PLC攻防关键技术研究进展

震网病毒爆发之后,工控系统开始逐渐成为攻击者的主要攻击目标之一。随着对工业控制系统不断的不断了解,攻击者的攻击手段日益复杂化,攻击手段更加复杂,应用技术更加先进,攻击手法更加多样。PLC作为工业控制系统中重要的基础性控制设备,其面临的信息安全问题值得重视。论文从攻防的角度,首先对PLC的基本结构和工作原理进行了深入剖析,分析其脆弱性;然后对PLC攻击技术进行了分类,并详细分析了各类攻击技术的攻击原理;对国内外PLC安全防护技术领域的研究进行了概括性的总结和归纳;最后给出了PLC信息安全的未来研究趋势及展望。     

代码的安全性保护技术研究

代码的安全问题由于直接关系到软件能否在多个领域可靠应用,并且影响到系统的安全,所以显得尤为重要.随着网络攻击与防护技术的深入发展,对软件安全提出了更高的要求,代码的缺陷使应用软件、Web系统及数据库系统面临巨大安全挑战.通过分析代码在溢出、跨站脚本、SQL攻击、加密代码、代码失效及软件模拟方式等方面存在的安全性问题,提出使用托管代码迁移、内存探测、正则表达式检测、签名等多种技术方法以实现代码的安全性需求,确保软件的可靠性,最后给出了一些能够提高安全性的编码原则.     

石化企业工业控制系统非网联接

石化企业工业控制系统在与接入因特网的其他信息系统联网时有可能受到来自外部网络的攻击。为了实现石化企业工业控制系统与其他网络之间安全的数据交换,本文提出一种利用非网结构进行单向传输的设计方案;论述单向数据传输的原理和采用的安全策略,并对非网联接进行安全性测试。测试结果显示,该非网联接方案能够有效地防止来自外部网络的黑客、木马、病毒等对工业控制系统的攻击,保护石化企业工业控制系统安全运行。     

Security band-aids: more cost-effective than "secure" coding

Patching systems against the latest virus is a full-time job, and most corporations have heavier near-term problems facing them. The war between hackers and software is being fought on the front lines-in the users' trenches. But hunting down the "engineers" who write bad software won't win this war, at least not in the short run. With the best of intentions, development shops are trying to address bad software by learning secure coding practices. Application security tools are the most effective way your organization can protect itself today. Building more secure software is a goal, but it won't stop the virus that gets released tomorrow. It comes down to this: secure coding practices are not going to produce 100 percent bug-free software. Thus, application security tools should always play a part In your risk mitigation plan.     

A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routing

The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol in the Internet, thus it plays a crucial role in current communications. Unfortunately, it was conceived without any internal security mechanism, and hence is prone to a number of vulnerabilities and attacks that can result in large scale outages in the Internet. In light of this, securing BGP has been an active research area since its adoption. Several security strategies, ranging from a complete replacement of the protocol up to the addition of new features in it were proposed, but only minor tweaks have found the pathway to be adopted. More recently, the IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) has put forward several recommendations to secure BGP. In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol. We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDR’s proposals. Furthermore, we shed light on future research directions in managing the broader security issues in inter-domain routing. The paper is targeted to readers from the academic and industrial communities that are not only interested in an updated article accounting for the recent developments made by the Internet standardization body toward securing BGP (i.e., by the IETF), but also for an analytical discussion about their pros and cons, including promising research lines as well.     

工业控制系统信息安全研究新动态

随着信息技术在工业控制系统(IndustrialControlSystem,ICS)的广泛应用,工业控制系统从封闭系统逐步转化为开放互联系统,进而使工业控制系统面临信息技术带来的网络安全挑战.首先,本文借用ICS安全事件详细阐述了工业控制系统信息安全的现状;其次,重点介绍了工业控制系统架构和ICS信息安全与传统信息安全...     

试谈IT安全运维管理的应用

利用IT安全运维系统能够全面、正确、及时地反映被管系统的运行状态,提高运维的质量和效率,确保信息部门的技术支持服务,以及信息化管理工作更为畅通、透明、完整和有效.提出了将信息安全运维管理应用到工业控制中,应对安全攻击,切实保障工控网络信息安全.     

Secure network coding for wireless mesh networks: Threats, challenges, and directions

In recent years, network coding has emerged as a new communication paradigm that can significantly improve the efficiency of network protocols by requiring intermediate nodes to mix packets before forwarding them. Recently, several real-world systems have been proposed to leverage network coding in wireless networks. Although the theoretical foundations of network coding are well understood, a real-world system needs to solve a plethora of practical aspects before network coding can meet its promised potential. These practical design choices expose network coding systems to a wide range of attacks.We identify two general frameworks (inter-flow and intra-flow) that encompass several network coding-based systems proposed in wireless networks. Our systematic analysis of the components of these frameworks reveals vulnerabilities to a wide range of attacks, which may severely degrade system performance. Then, we identify security goals and design challenges in achieving security for network coding systems. Adequate understanding of both the threats and challenges is essential to effectively design secure practical network coding systems. Our paper should be viewed as a cautionary note pointing out the frailty of current network coding-based wireless systems and a general guideline in the effort of achieving security for network coding systems.     

安全Web Services体系结构的研究

目前已有的Web Services安全规范只是制定了要实现某一安全需求应该遵循的规范协议,尚没有一个被广泛接受的安全体系结构.有很多学者和组织对安全Web Services体系结构做了有益的探索,并提出了一些方案与产品,各自有不同的特点并依据不同的安全规范.基于业界主导公司所推出的WS-*规范提出了一个基于安全令牌服务器的安全Web Services体系结构,并对它的工作机制做了研究.     

Safeguarding Cloud Computing Infrastructure: A Security Analysis

Cloud computing is the provision of hosted resources, comprising software, hardware and processing over the World Wide Web. The advantages of rapid deployment, versatility, low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes, mostly as a component of the combination/multi-cloud infrastructure structure. While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion, new opportunities and challenges in the context of security vulnerabilities are emerging in this domain. Cloud security, also recognized as cloud computing security, refers to a collection of policies, regulations, systematic processes that function together to secure cloud infrastructure systems. These security procedures are designed to safeguard cloud data, to facilitate regulatory enforcement and to preserve the confidentiality of consumers, as well as to lay down encryption rules for specific devices and applications. This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure. In this league, the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.     

TARP: Ticket-based address resolution protocol

IP networks fundamentally rely on the Address Resolution Protocol (ARP) for proper operation. Unfortunately, vulnerabilities in ARP enable a raft of Internet Protocol (IP)-based impersonation, man-in-the-middle, or Denial of Service (DoS) attacks. Proposed countermeasures to these vulnerabilities have yet to simultaneously address backward compatibility and cost requirements. This paper introduces the Ticket-based Address Resolution Protocol (TARP). TARP implements security by distributing centrally issued secure IP/Medium Access Control (MAC) address mapping attestations through existing ARP messages. We detail TARP and its implementation within the Linux operating system. We also detail the integration of TARP with the Dynamic Host Configuration Protocol (DHCP) for dynamic ticket distribution. Our experimental analysis shows that TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols. We conclude by exploring a range of operational issues associated with deploying and administering ARP security.     

工业控制系统网络入侵检测方法综述

随着工业控制系统(industrial control systems,ICS)的网络化,其原有的封闭性被打破, 各种病毒、木马等随着正常的信息流进入ICS,已严重威胁ICS的安全性,如何做好ICS安全防护已迫在眉睫.入侵检测方法作为一种主动的信息安全防护技术可以有效弥补防火墙等传统安全防护技术的不足,被认为是ICS的第二道安全防线,可以实现对ICS外部和内部入侵的实时检测.当前工控系统入侵检测的研究非常活跃,来自计算机、自动化以及通信等不同领域的研究人员从不同角度提出一系列ICS入侵检测方法,已成为ICS安全领域一个热点研究方向.鉴于此,综述了ICS入侵检测的研究现状、存在的问题以及有待进一步解决的问题.     

工业控制系统安全态势感知技术研究

工业控制系统(简称工控)是国家关键基础设施的核心,越来越多的工作开始关注工控系统安全。然而,这些工作的实际应用场景并不统一,因此他们取得的成果无法相互借鉴。为了解决这个问题,在深入研究这些安全技术的基础上,我们提出了工控系统安全态势感知(Situational Awareness for Industrial Control Systems Security, SA-ICSS)框架,该框架由态势觉察、态势理解和态势投射三个阶段构成。在态势觉察阶段,我们首先利用网络测绘和脆弱性发现技术获取完善的目标系统环境要素,如网络拓扑和漏洞信息;其次,我们将入侵检测和入侵诱捕等5种设备部署在目标系统中,以便从控制系统中捕获所有的可疑活动。在态势理解阶段,我们首先基于结构化威胁信息表达(Structured Threat Information Expression,STIX)标准对目标系统进行本体建模,构建了控制任务间的依赖关系以及控制任务与运行设备的映射关系;其次,自动化推理引擎通过学习分析师推理技术,从可疑活动中识别出攻击意图以及目标系统可能受到的影响。在态势投射阶段,我们首先利用攻击图、贝叶斯...     

Design and implementation of the secure compiler and virtual machine for developing secure IoT services

Recent years have seen the development of computing environments for IoT (Internet of Things) services, which exchange large amounts of information using various heterogeneous devices that are always connected to networks. Since the data communication and services occur on a variety of devices, which not only include traditional computing environments and mobile devices such as smartphones, but also household appliances, embedded devices, and sensor nodes, the security requirements are becoming increasingly important at this point in time. Already, in the case of mobile applications, security has emerged as a new issue, as the dissemination and use of mobile applications have been rapidly expanding. This software, including IoT services and mobile applications, is continuously exposed to malicious attacks by hackers, because it exchanges data in the open Internet environment. The security weaknesses of this software are the direct cause of software breaches causing serious economic loss. In recent years, the awareness that developing secure software is intrinsically the most effective way to eliminate the software vulnerability, rather than strengthening the security system of the external environment, has increased. Therefore, methodology based on the use of secure coding rules and checking tools is attracting attention to prevent software breaches in the coding stage to eliminate the above vulnerabilities. This paper proposes a compiler and a virtual machine with secure software concepts for developing secure and trustworthy services for IoT environments. By using a compiler and virtual machine, we approach the problem in two stages: a prevention stage, in which the secure compiler removes the security weaknesses from the source code during the application development phase, and a monitoring stage, in which the secure virtual machine monitors abnormal behavior such as buffer overflow attacks or untrusted input data handling while applications are running.