工业控制系统安全综述

工业控制系统（ICS）作为国家基础设施的核心控制设备,其安全关系国计民生。震网（Stuxnet）病毒爆发以后,工控安全逐渐引起国家、企业、战略安全人士的高度重视。总结分析了工控系统的结构资产、脆弱性、存在的威胁、安全措施与风险评估等内容;提出了四层功能的仿免疫系统的安全管理模型,并重点分析其中的关键防御技术,例如深度防御、防火墙、异常检查、Conpot（Control Systems Honeypot）、安全远程访问以及管理策略;指出工控系统安全将会是智慧城市、智慧制造与工业4.0等新兴技术的发展契机与最大挑战;最后结合国内工控安全布局规划,给出工控安全建议,并展望未来的发展前景。     

工业控制系统中的安全隐患分析

随着工业控制系统自动化水平的不断提高,工业自动化与信息化的融合程度也日益加深,在给企业带来巨大效益的同时,工业控制系统的安全面临严重威胁。通过分析工业控制系统中安全的主要特征以及存在的安全隐患,寻找切实可行的安全治理方法。借鉴国内外的技术和经验,应从加强对工业控制系统的安全性研究、采用安全的通信协议、建立完善的安全监督和保障体系、加强针对新型APT攻击技术的防范研究等方面着手,切实保障工业控制系统的安全平稳运行。     

工业控制系统信息安全管理措施研究

由于当前工业控制系统正面临着严峻的信息安全风险,作为国家经济命脉的重要基础设施,工业控制系统必须要进行系统信息安全防护建设。本文在对工业控制系统信息安全和信息安全风险来源分析的基础上,从管理的角度提出了相关的建议措施。     

User requirements for security in wireless mobile systems

Security of wireless mobile systems continues to be a hot topic; now generating its own conferences and platforms, such as the recent 2nd IEE Secure Mobile Communications held by the IEE on 23 September 2004. The general discussion on security in wireless systems takes place in technical fora, and while this is a totally valid discussion, it sometimes seems to be taking place in isolation. From the user perspective the wireless system usually forms part of a larger, interconnected system. This paper raises the question, “What about the user?” and offers some views on the user requirements on this most important part of system design where people are one end of the chain which involves wireless and other systems.     

Holistic security requirements analysis for socio-technical systems

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical” a mix of people, processes, technology, and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, we propose a three-layer security analysis framework consisting of a social layer (business processes, social actors), a software layer (software applications that support the social layer), and an infrastructure layer (physical and technological infrastructure). In our proposal, global security requirements lead to local security requirements, cutting across conceptual layers, and upper-layer security analysis influences analysis at lower layers. Moreover, we propose a set of analytical methods and a systematic process that together drive security requirements analysis across the three layers. To support analysis, we have defined corresponding inference rules that (semi-)automate the analysis, helping to deal with system complexity. A prototype tool has been implemented to support analysts throughout the analysis process. Moreover, we have performed a case study on a real-world smart grid scenario to validate our approach.     

Privacy security in control systems

Science China Information Sciences -     

A cyber-physical experimentation environment for the security analysis of networked industrial control systems

Although many studies address the security of Networked Industrial Control Systems (NICSs), today we still lack an efficient way to conduct scientific experiments that measure the impact of attacks against both the physical and the cyber parts of these systems. This paper presents an innovative framework for an experimentation environment that can reproduce concurrently physical and cyber systems. The proposed approach uses an emulation testbed based on Emulab to recreate cyber components and a real-time simulator, based on Simulink, to recreate physical processes. The main novelty of the proposed framework is that it provides a set of experimental capabilities that are missing from other approaches, e.g. safe experimentation with real malware, flexibility to use different physical processes. The feasibility of the approach is confirmed by the development of a fully functional prototype, while its applicability is proven through two case studies of industrial systems from the electrical and chemical domain.     

Trends in process control systems security

The protection of critical infrastructure systems is a hotly debated topic. The very label "critical infrastructure" implies that these systems are important, and they are: they support our everyday lives, from the water and food in our homes to our physical and financial welfare. This article explores the recent evolution of programmable logic controllers (PCSs) and their environments, explains the need for improved security in these systems, and describes some of the emerging research areas that offer promise in PCS security.     

一种基于知识图谱的工业互联网安全漏洞研究方法

工业互联网安全问题日益突出,对工业互联网安全漏洞知识库的深入研究是解决问题的关键。为解决漏洞数据利用价值低、关联分析手段欠缺、可视化程度不足等问题,以工业互联网安全漏洞库为基础,提出了构建工业互联网安全漏洞知识图谱的方法,通过原始数据信息提取、关联关系分析、数据存储等手段,将知识图谱导入到Neo4j图数据库,以实现高效存储、查询。从时间维度、空间维度、关联关系维度进行知识图谱的分析,将查询结果进行了可视化展现。结果表明:提出的方法可以有效、直观地展现工业互联网安全漏洞数据的自身属性与关联关系,实现漏洞数据内在价值的深度挖掘。     

Spatio-temporal querying recurrent multimedia databases using a semantic sequence state graph

We present an indexing method for spatiotemporal data: semantic sequence state graph (S³G). S³G maintains objects with their locations as states and events as transitions. The spatial information is maintained in states while the semantic events result in temporal ordering between the states. If the objects visit the same locations repeatedly, we call such databases as recurrent databases. Our querying interface supports queries based on spatio-temporal logic that includes operators such as ??next?? and ??eventually??. The interactive querying interface enables the user to build the query interactively and see the intermediate results of the query.     

Integrating security and real-time requirements using covertchannel capacity

Database systems for real-time applications must satisfy timing constraints associated with transactions in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multi-level security requirements introduce a new dimension to transaction processing in real-time database systems. In this paper, we argue that, due to the conflicting goals of each requirement, tradeoffs need to be made between security and timeliness. We first define mutual information, a measure of the degree to which security is being satisfied by a system. A secure two-phase locking protocol is then described and a scheme is proposed to allow partial violations of security for improved timeliness. Analytical expressions for the mutual information of the resultant covert channel are derived, and a feedback control scheme is proposed that does not allow the mutual information to exceed a specified upper bound. Results showing the efficacy of the scheme obtained through simulation experiments are also discussed     

Answering pattern match queries in large graph databases via graph embedding

The growing popularity of graph databases has generated interesting data management problems, such as subgraph search, shortest path query, reachability verification, and pattern matching. Among these, a pattern match query is more flexible compared with a subgraph search and more informative compared with a shortest path or a reachability query. In this paper, we address distance-based pattern match queries over a large data graph G. Due to the huge search space, we adopt a filter-and-refine framework to answer a pattern match query over a large graph. We first find a set of candidate matches by a graph embedding technique and then evaluate these to find the exact matches. Extensive experiments confirm the superiority of our method.     

Parallel processing of graph reachability in databases

In this paper we consider parallel processing of a graph represented by a database relation, and we achieved two objectives. First, we propose a methodology for analyzing the speedup of a parallel processing strategy with the purpose of selecting at runtime one of several candidate strategies, depending on the hardware architecture and the input graph. Second, we study the single-source reachability problem, namely the problem of computing the set of nodes reachable from a given node in a directed graph. We propose several parallel strategies for solving this problem, and we analyze their performance using our new methodology. The analysis is confirmed experimentally in a UNIX-Ethernet environment. We also extend the results to the transitive closure problem.A preliminary shortened version of this paper has appeared inPDIS. See Ref. 1.This author's work was supported in part by NSF Grant 90-03341.This author's work was supported in part by the Natural Sciences and Engineering Research Council of Canada.This author's work was supported in part by NSF Grant 90-03341.     

Optimal-tuning PID control for industrial systems

Three optimal-tuning PID controller design schemes are presented for industrial control systems in this paper. They are time-domain optimal-tuning PID control, frequency-domain optimal-tuning PID control and multiobjective optimal-tuning PID control. These schemes can provide optimal PID parameters so that the desired system specifications are satisfied even in case where the system dynamics are time variant or the system operating points change. They are applied to three industrial systems, a hydraulic position control system, a rotary hydraulic speed control system and a gasifier, respectively.     

工业控制系统网络安全分析与研究

随着自动化系统与信息化系统融合的不断加深,原本相对安全和封闭的工业控制系统网络在新形势下的安全问题日益突出。文章根据工业控制系统网络安全领域的发展状况,对工业控制系统网络的安全问题进行了分析和探讨,提出了相关建议。     

工业控制系统关键组件安全风险综述

随着现代信息技术与通信技术的快速发展,工业控制（简称“工控”）系统已经成为国家关键基础设施的重要组成部分,其安全性关系到国家的战略安全和社会稳定。现代工控系统与互联网越来越紧密的联系,一方面促进了工控技术的快速进步,另一方面为其带来了巨大安全问题。自“震网”病毒事件之后,针对工控系统的攻击事件频发,给全球生产企业造成了巨大经济损失,甚至对很多国家和地区的社会稳定与安全造成重大影响,引起人们对工控系统安全的极大关注。现代工控系统中自动化设备品类和专有协议种类繁多、数据流复杂且发展迅速等,导致对工控关键组件安全的综述难度很大,现有与此相关的综述性文献较少,且大多较为陈旧、论述不全面。针对上述问题,介绍了当前工控系统的主流体系结构和相关组件。阐述并分析了关键工控组件中存在的安全漏洞及潜在的威胁,并重点针对数据采集与监视控制（SCADA）中的控制中心、可编程逻辑控制器、现场设备的攻击方法进行归纳、总结,对近几年文献中实施攻击的前提条件、攻击的对象、攻击的实施步骤及其危害性进行了归纳与分析,并从可用性、完整性和机密性的角度对针对工控网络的攻击进行了分类。给出了针对工控系统攻击的可能发展趋势。     

Computer-access security systems using keystroke dynamics

An approach to securing access to computer systems is described. By performing real-time measurements of the time durations between the keystrokes when a password is entered and using pattern-recognition algorithms, three online recognition systems were devised and tested. Two types of passwords were considered: phrases and individual names. A fixed phrase was used in the identification system. Individual names were used as a password in the verification system and in the overall recognition system. All three systems were tested and evaluated. The identification system used 10 volunteers and gave an indecision error of 1.2%. The verification system used 26 volunteers and gave an error of 8.1% in rejecting valid users and an error of 2.8% in accepting invalid users. The overall recognition system used 32 volunteers and gave an error of 3.1% in rejecting valid users and an error of 0.5% in accepting invalid users     

Formal testing of timed graph transformation systems using metric temporal graph logic

Embedded real-time systems generate state sequences where time elapses between state changes. Ensuring that such systems adhere to a provided specification of admissible or desired behavior is essential. Formal model-based testing is often a suitable cost-effective approach. We introduce an extended version of the formalism of symbolic graphs, which encompasses types as well as attributes, for representing states of dynamic systems. Relying on this extension of symbolic graphs, we present a novel formalism of timed graph transformation systems (TGTSs) that supports the model-based development of dynamic real-time systems at an abstract level where possible state changes and delays are specified by graph transformation rules. We then introduce an extended form of the metric temporal graph logic (MTGL) with increased expressiveness to improve the applicability of MTGL for the specification of timed graph sequences generated by a TGTS. Based on the metric temporal operators of MTGL and its built-in graph binding mechanics, we express properties on the structure and attributes of graphs as well as on the occurrence of graphs over time that are related by their inner structure. We provide formal support for checking whether a single generated timed graph sequence adheres to a provided MTGL specification. Relying on this logical foundation, we develop a testing framework for TGTSs that are specified using MTGL. Lastly, we apply this testing framework to a running example by using our prototypical implementation in the tool AutoGraph.

     

Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems

Software systems are becoming more and more critical in every domain of human society. These systems are used not only by corporates and governments, but also by individuals and across networks of organizations. The wide use of software systems has resulted in the need to contain a large amount of critical information and processes, which certainly need to remain secure. As a consequence, it is important to ensure that the systems are secure by considering security requirements at the early phases of software development life cycle. In this paper, we propose to consider security requirements as functional requirements and apply model-oriented security requirements engineering framework as a systematic solution to elicit security requirements for e-governance software systems. As the result, high level of security can be achieved by more coverage of assets and threats, and identifying more traces of vulnerabilities in the early stages of requirements engineering. This in turn will help to elicit effective security requirements as countermeasures with business requirements.