电力可信网络体系及关键技术的研究
|
摘要
近年来,以“震网”、“火焰”病毒为代表的,有组织、有目的的针对工业控制系统的安全攻击时有发生,工业控制系统的安全威胁日益严重。工业控制系统的专业性,以及系统运行高可靠性的要求,使得工业控制系统网络安全保护具有特殊性,传统的信息安全理论和方法难以满足工业控制系统网络安全保护的要求。电力工业控制系统作为一类典型的工业控制系统,其安全性问题因电力工业在国民经济和社会生活中的特殊地位而受到特别重视。如何构建一个安全、可信、可控的电力工业控制系统网络是电力企业信息安全建设的重要问题,对于确保电力工业的安全稳定运行具有重要的现实意义。
本文以电力工业控制系统现状及安全需求为主线,在对电力工业控制系统网络分析研究的基础上,对现有信息安全理论进行完善,将可信计算的理论应用到对工业控制系统的安全保护中去,提出了“电力可信网络”的概念,研究并建立“电力可信网络”的理论模型,并且针对“电力可信网络”模型实现的关键技术进行了研究与开发。论文的研究工作及取得的主要成果体现在以下五个方面:
(1)将可信的概念引入到电力工业控制系统网络的安全保护中,提出了“电力可信网络”的概念。在传统可信网络理论的基础上,针对电力工业控制系统的特点及安全保护的需求,研究构建一个边界清晰可控、系统硬件及软件清晰可控、网络及用户行为可信的可靠工业控制系统网络。电力可信网络概念的提出,对于电力工业控制系统安全保护提供了理论依据,是对电力信息安全理论的完善。
(2)针对电力可信网络的安全需求,提出了电力可信网络的层次化模型。从网络系统静态环境可信和动态环境可信两个层面,将电力可信网络的可信性化分为三个层次,即硬件设备及系统的可靠性、系统运行的可信性和网络行为的规范性。硬件设备及系统的可靠性确保网络静态环境的可信性,系统运行的可信性和网络行为的规范性确保网络动态环境的可信性。
(3)针对系统运行的可信性保证要求,提出基于严格监控系统执行权限授权过程的安全保护策略,研究基于可信计算的强制运行控制技术。强制运行控制技术基于可信计算的理论,通过构建系统的“安全初始态”形成“可信根”,在“可信根”的保证下,通过对系统进程的实时监控来实现系统状态“可信链”的传递。强制运行控制技术主要对进程获取系统运行权限进行监控,防止非法进程获取系统运行权限而对系统造成危害,弥补了传统访问控制技术重点防范对系统资源非法写操作的不足,确保系统中运行的进程均为可信进程,构造一个可信的系统环境。
(4)针对网络行为的可信性保证要求,提出网络行为可信性审计策略,研究网络行为可信性审计理论及技术。从用户身份可信、行为可信和操作流程合规三个层面,研究网络行为可信性审计理论,对网络行为进行实时监控,实时判断行为的可信性和业务操作流程的合规性,防范内部人员的恶意操作或误操作。
(5)根据电力SCADA系统安全保护的特点和特殊要求,应用电力可信网络体系理论及关键技术的研究成果,设计并构建电力SCADA系统可信网络体系,对电力可信网络体系理论及关键技术的研究提供应用示例。
In recent years, purposive and organized network threat which aim at the Industry Control System, such as "Stunex" and "Flame" virus, has been more and more serious. The professional characteristic and high reliability requirements make the security requirements of Industry Control System different from the information system. As a result, the traditional security theory and technologies can not meet the special security requirements of Industry Control System. As a typical Industrial Control System, Electric Power Industrial Control System has special role in national economy and social life, so its security problem must be well considered. How to construct a secure, reliable, controllable Electric Power Industrial Control System is an important issue for electric enterprise, which is meaningful for ensuring electric industry secure and reliable.
Based on the analysis and research of electrical industrial control system, this dissertation improves the existing information security theory, applys Trusted Computing theory to protecting the safety of the Industry Control System, proposes the concept of Electric Power Trusted Network, constructs the theoretical model of Electric Power Trusted Network. The main contributions of this dissertation are summarized as follows:
(1) The Trusted concept has been introduced into Electric Power Industrial Control Systems, and then the concept of Electric Power trusted network has been proposed. Based on the traditional Trusted Network theory, according to the special security defense requirements of electric power industry control system, in order to realize the function of a system which has clear and controlled boundary, trusted hardware and software, trusted network and users'behavior, electric power trusted network theory has been proposed and studied. The electric power trusted network theory is a theoretical basis for power industrial control system security protection and can complete the electricity information security theory.
(2) According to the security requirements of the electric power trusted network layering model has been proposed. From the two aspects of static and dynamic trusted environment, the trusted attributes of electric power trusted network has been divided into three layers, that is the dependable of hardware and network system, the trustworthy of system running and the normative of network behavior. The dependable of hardware and network system is the static trusted attribute, the trustworthy of system running and the normative of network behavior are the dynamic trusted attribute.
(3) According to the requirement of ensuring the trusted running state of system, the security protection strategy has been proposed, which is based on accessing to system execute permissions by strictly process controling. Furthermore, the Mandatory Running Control technology which is based on Trusted Computing has been researched. The trusted root is constructed by "initial safety state". System processes are real-timely monitored by delivering the trusted chain. The Mandatory Running Control technology mainly monitors processes which require to obain system running permissions. And it can prevent damage from illegal processes by strictly monitoring the obain of system permissions. This technology can make up for traditional one which only forbade illegal writting permission, and ensured all processes in the system trusted.
(4) According to the requirements of ensuring network behavior trusted, the strategy of network behavior credibility auditing has been proposed, and the theory and technology of the network behavior credibility auditing has been researched. Network behavior credibility auditing theory has been researched from three aspects, that are user identity trusted, network behavior credible, and operation processes compliant, the compliance of business processes studied the theory of trusted audit for the network behavior, By real-timely monitoring network behavior, the technology can real-timely judg the credibility of network behavior and operation processes, preventing malicious operation or wrong operation from the internal staff.
(5) According to the security defense characteristics and specific requirements of electric power SCADA system, by applying the theory and key technologies of Electric Power Trusted Network system, the trusted nework system for electric power SCADA system has been designed and proposed, which can provide an application example for the theory and key technologies of Electric Power Trusted Network.
本文以电力工业控制系统现状及安全需求为主线,在对电力工业控制系统网络分析研究的基础上,对现有信息安全理论进行完善,将可信计算的理论应用到对工业控制系统的安全保护中去,提出了“电力可信网络”的概念,研究并建立“电力可信网络”的理论模型,并且针对“电力可信网络”模型实现的关键技术进行了研究与开发。论文的研究工作及取得的主要成果体现在以下五个方面:
(1)将可信的概念引入到电力工业控制系统网络的安全保护中,提出了“电力可信网络”的概念。在传统可信网络理论的基础上,针对电力工业控制系统的特点及安全保护的需求,研究构建一个边界清晰可控、系统硬件及软件清晰可控、网络及用户行为可信的可靠工业控制系统网络。电力可信网络概念的提出,对于电力工业控制系统安全保护提供了理论依据,是对电力信息安全理论的完善。
(2)针对电力可信网络的安全需求,提出了电力可信网络的层次化模型。从网络系统静态环境可信和动态环境可信两个层面,将电力可信网络的可信性化分为三个层次,即硬件设备及系统的可靠性、系统运行的可信性和网络行为的规范性。硬件设备及系统的可靠性确保网络静态环境的可信性,系统运行的可信性和网络行为的规范性确保网络动态环境的可信性。
(3)针对系统运行的可信性保证要求,提出基于严格监控系统执行权限授权过程的安全保护策略,研究基于可信计算的强制运行控制技术。强制运行控制技术基于可信计算的理论,通过构建系统的“安全初始态”形成“可信根”,在“可信根”的保证下,通过对系统进程的实时监控来实现系统状态“可信链”的传递。强制运行控制技术主要对进程获取系统运行权限进行监控,防止非法进程获取系统运行权限而对系统造成危害,弥补了传统访问控制技术重点防范对系统资源非法写操作的不足,确保系统中运行的进程均为可信进程,构造一个可信的系统环境。
(4)针对网络行为的可信性保证要求,提出网络行为可信性审计策略,研究网络行为可信性审计理论及技术。从用户身份可信、行为可信和操作流程合规三个层面,研究网络行为可信性审计理论,对网络行为进行实时监控,实时判断行为的可信性和业务操作流程的合规性,防范内部人员的恶意操作或误操作。
(5)根据电力SCADA系统安全保护的特点和特殊要求,应用电力可信网络体系理论及关键技术的研究成果,设计并构建电力SCADA系统可信网络体系,对电力可信网络体系理论及关键技术的研究提供应用示例。
In recent years, purposive and organized network threat which aim at the Industry Control System, such as "Stunex" and "Flame" virus, has been more and more serious. The professional characteristic and high reliability requirements make the security requirements of Industry Control System different from the information system. As a result, the traditional security theory and technologies can not meet the special security requirements of Industry Control System. As a typical Industrial Control System, Electric Power Industrial Control System has special role in national economy and social life, so its security problem must be well considered. How to construct a secure, reliable, controllable Electric Power Industrial Control System is an important issue for electric enterprise, which is meaningful for ensuring electric industry secure and reliable.
Based on the analysis and research of electrical industrial control system, this dissertation improves the existing information security theory, applys Trusted Computing theory to protecting the safety of the Industry Control System, proposes the concept of Electric Power Trusted Network, constructs the theoretical model of Electric Power Trusted Network. The main contributions of this dissertation are summarized as follows:
(1) The Trusted concept has been introduced into Electric Power Industrial Control Systems, and then the concept of Electric Power trusted network has been proposed. Based on the traditional Trusted Network theory, according to the special security defense requirements of electric power industry control system, in order to realize the function of a system which has clear and controlled boundary, trusted hardware and software, trusted network and users'behavior, electric power trusted network theory has been proposed and studied. The electric power trusted network theory is a theoretical basis for power industrial control system security protection and can complete the electricity information security theory.
(2) According to the security requirements of the electric power trusted network layering model has been proposed. From the two aspects of static and dynamic trusted environment, the trusted attributes of electric power trusted network has been divided into three layers, that is the dependable of hardware and network system, the trustworthy of system running and the normative of network behavior. The dependable of hardware and network system is the static trusted attribute, the trustworthy of system running and the normative of network behavior are the dynamic trusted attribute.
(3) According to the requirement of ensuring the trusted running state of system, the security protection strategy has been proposed, which is based on accessing to system execute permissions by strictly process controling. Furthermore, the Mandatory Running Control technology which is based on Trusted Computing has been researched. The trusted root is constructed by "initial safety state". System processes are real-timely monitored by delivering the trusted chain. The Mandatory Running Control technology mainly monitors processes which require to obain system running permissions. And it can prevent damage from illegal processes by strictly monitoring the obain of system permissions. This technology can make up for traditional one which only forbade illegal writting permission, and ensured all processes in the system trusted.
(4) According to the requirements of ensuring network behavior trusted, the strategy of network behavior credibility auditing has been proposed, and the theory and technology of the network behavior credibility auditing has been researched. Network behavior credibility auditing theory has been researched from three aspects, that are user identity trusted, network behavior credible, and operation processes compliant, the compliance of business processes studied the theory of trusted audit for the network behavior, By real-timely monitoring network behavior, the technology can real-timely judg the credibility of network behavior and operation processes, preventing malicious operation or wrong operation from the internal staff.
(5) According to the security defense characteristics and specific requirements of electric power SCADA system, by applying the theory and key technologies of Electric Power Trusted Network system, the trusted nework system for electric power SCADA system has been designed and proposed, which can provide an application example for the theory and key technologies of Electric Power Trusted Network.
引文
[1]王浩,吴中福,王平.工业控制网络安全模型研究[J].计算机科学,2007,34(5):96-99
[2]胡炎,董名垂,韩英铎.电力工业信息安全的思考[J].电力系统自动化,2002,26(7):1-4
[3]吴克河.电力信息系统安全防御体系及关键技术的研究[D].北京:华北电力大学,2008
[4]李文武,游文霞,王先培.电力系统信息安全研究综述[J].电力系统保护与控制,2001,39(10):140-147
[5]Department of Energy (DOE).21 Steps to Improve Cyber Security of SCADA Networks[R/OL].2002. http://www.esisac.com/publicdocs/21StepsBooklet.-pdf
[6]NIST. Recommended Security Controls for Federal Information Systems, NIST Special Publication SP-800-53[R/OL].2007.http://niap.nist.gov/
[7]NIST. Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security, NIST Special Publication 800-82[R/OL]. 2007.http://www.nist.gov
[8]NIST. ICS Security Project-Website [EB/OL].2012. http://csrc.nist.gov /sec-cert/ics/index.html
[9]NIST.Computer Security Division [EB/OL].2013.http: //csrc.nist.gov/publications
[10]Goran N. Ericsson.Information Security for Electric Power Utilities (EPUs)-CIGRE Developments on Frameworks, Risk Assessment, and Technology[J]. IEEE TRANSACTIONS ON POWER DELIVERY,2009, 24(3):1174-1181
[11]Ericsson G. Managing Information Security in an Electric Utility[J]. Electra Magazine-Cigre,2004 (216)
[12]P. Roche. Cyber security considerations in power system operations[J]. Electra Magazine-Cigre,2005(218)
[13]G. Dondossola and O. Lamquet. Cyber risk assessment in the electric power industry[J]. Electra Magazine-Cigre,2006(224)
[14]A. Torkilseng and G. Ericsson. Some guidelines for developing a framework for managing cybersecurity for an electric power utility[J]. Electra Magazine-Cigre,2006(208)
[15]T. Jansen. Technical considerations for building secure substation automation systems[J]. Electra Magazine-Cigre,2006(229)
[16]G. Ericsson, A. Torkilseng, G. Dondossola, T. Jansen, P. Roche, J.Smith, D. Holstein, A. Vidrascu, J. Weiss. Security for information systems and intranets in electric power systems[R]. CIGRE,2007
[17]ISO/IEC 10181, Information technology-open systems interconnection-security frameworks for open systems[S]. USA:ISO/IEC,1996
[18]ISO/IEC 17799, Information technology-code of practice for information security management[S]. USA:ISO/IEC,2000.
[19]BS 7799, Information security management, Part 2:specification for management systems[S]. British:British Standards Inst.,1999
[20]BS 7799-2, Information security management systems-specifications with guidance for use BS 7799-2[S]. British:British Standards Inst.,2002
[21]CIGRE WG D2.22. Treatment of Information Security for Electric Power Utilities (EPUs)TB[R], CIGRE,2009
[22]韩祯祥,曹一家.电力系统的安全性及防治措施[J].电网技术,2004,28(9):1-6
[23]Gyorgy Dan, Henrik Sandberg, Mathias Ekstedt, Gunnar Bjorkman. Challenges in Power System Information Security [J]. IEEE Security and Privacy,2011:62-70
[24]NIST. Guidelines for Smart Grid Cyber Security(vols.l-3) [R]. USA: National Institute of Standards and Technology,2010
[25]Schneier B. Attack trees[J]. Dr. Dobb's journal,1999,24(12):21-29
[26]S. Bistarelli, F. Fioravanti, and P. Peretti. Defense trees for economic evaluation of security investments[C]. Proceedings in:ARES(Availability, Reliability and Security)2006, the First International Conference on IEEE, 2006:416-423
[27]Pietre-Cambacedes L, Bouissou M. Beyond attack trees:dynamic security modeling with Boolean logic Driven Markov Processes (BDMP)[C]. Proceedings in:Dependable Computing Conference (EDCC), 2010:199-208
[28]Sommestad T, Ekstedt M, Holm H.The Cyber Security Modeling Language:A Tool for Assessing the Vulnerability of Enterprise System Architectures[J]. IEEE SYSTEMS JOURNAL,2012:1-11
[29]国家经济贸易委员会.电网与电厂计算机监控系统及调度数据网络安全防护规定[Z].2002
[30]国家电力监管委员会.电力二次系统安全防护规定[Z].2005.
[31]廖建容,段斌,谭步学等.基于口令的变电站数据与通信安全认证[J].电力系统自动化,2007,31(10):1-5
[32]刘念,张建华,段斌等.网络环境下变电站自动化通信系统脆弱性评估[J].电力系统自动化,2008,32(8):28-33
[33]庞春江,庞会静.RBAC模犁的改进及其在电力ERP权限管理中的应用[J].电力系统自动化,2008,32(13):94-97
[34]王宁波,王先培.容侵技术在电力系统数据网络安全中的应用[J].电力自动化设备,2004,24(10):35-38
[35]孙夫胸,汪阳,余智欣等.基于容侵技术的电力企业网络安全体系模型[J].电力自动化设备,2004,24(10):31-34
[36]冯小安,祁兵.电力信息系统安全体系的构建[J].电网技术,2008,32(1A):77-80
[37]吴克河,刘吉臻,张彤,李为.电力信息系统安全防御体系及关键技术[M].北京:科学出版社,2011:20-25
[38]林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758
[39]Fadul J, Hopkinson K, Sheffield C, et al.. Trust Management and Security in the Future Communication-Based[C]. Proceedings in:System Sciences (HICSS),2011 44th Hawaii International Conference on IEEE, 2011:1-10
[40]童晓阳.基于可信计算的广域保护与变电站通信安全防御策略[J].电力系统自动化,2011,35(20):53-58
[41]曾荣,张涛,陈亚东,等.基于可信计算的电力可信云终端设计[J].电力信息化,2012,10(9):19-22
[42]刘威,李冬,孙波.工业控制系统安全分析[J].信息网络安全,2012,8(13):41-43
[43]SP 800-82, Guide to Industry Control System (ICS) Security[S]. USA: NIST,2011
[44]Wang Jianliang, Xia Zhiwei, Yanan D. A Method for Soundess Verification of Workflow Model Based on Petri-net[A]. Proceedings of the 4th International Conference on Computer Science and Education[C],2009:880-883
[45]杨晓晖.软件行为动态可信理论模型研究[D].北京:中国科学技术大学,2010
[46]黄强,沈昌祥,陈幼雷,等.基于可信计算的保密和完整性统一安全策略[J].计算机工程与应用,2006,42(10):15-18
[47]周明天,谭良.可信计算及其进展[J].电子科技大学学报,2006,35(4):686-697
[48]Trusted Computing Group(TCG). TCG Specification Architecture Overview Specification Revision 1.4[EB/OL]. (2007-8-2). [2007-8-2]. http: //www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version 14
[49]Algridas A., Laprie J. C., Brian R., et al.. Basic concepts and taxonomy of dependable and secure computing[J]. IEEE Transactions on Dependable and Secure Computing,2004,1(1):11-33
[50]ITU-T Rec.X.519|ISO/IEC 9594-8(5thed), Information technology-Open Systems Interconnection-The Directory:Public-key and attribute certificate frameworks[S]. Switzerland:International Standard Organization,2005
[51]DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria[S]. Washington, DC:Department of Defense,1985
[52]周明辉,梅宏.可信计算研究的初步探疑[J].计算机科学,2004,31(7):5-8
[53]屈延文.软件行为学[M].北京:电子工业出版社,2005:96-97.
[54]张焕国,罗捷,金刚,等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518
[55]肖政,韩英,叶蓬,等.基于可信计算平台的体系结构研究与应用[J].计算机应用,2006,26(8):1807-1809
[56]刘昌平.可信计算环境安全技术研究[D].四川:电子科技大学,2011
[57]D.Ferraiolo, R.Sandhu, S.Gavrila. A Proposed Standard for Role Based Access Control[J]. ACM Transactions on Information and System Security, 2001,4(3):224-274
[58]S.L.Gavrila, J.F.Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management [A]. In Proceedings of Third ACM Workshop on Role-Based Access Control [C].1998:81-90
[59]崔硕.工作流模型结构验证及运行仿真的研究与实现[D].华北电力大学,2012
[60]Ma Gang, Wu Kehe, Zhang Tong, Li Wei. A Flexible Policy-Based Access Control Model for Workflow [J]. PRZEGLAD ELEKTROTECHNICZNY, 2012,88(3b):67-71
[61]Gang Ma, Kehe Wu, Tong Zhang, Cui Shuo. A Method of Workflow Model Structure Verification Based on Graph Theory[J]. Journal of Convergence Information Technology,2012,7(17):350-356
[62]Ling Z, Shuo C, Dong Y, et al. A workflow structure verification method based on Warshall algorithm[A]. Natural Computation (ICNC) 2011 Seventh International Conference on IEEE[C].2011:1946-1949
[63]MfMC TC00-1003, The Workflow Reference Model[S]. USA:Workflow Management Coalition,1994
[64]姚崎.高性能可信区域边界防护体系结构及关键技术[D].北京:北京交通大学,2011
[65]D. Ferraiolo, R. Sandhu, S. Gavrila. A Proposed Standard for Role Based Access Control[J]. ACM Transactions on Information and System Security, 2001,4(3):224-274
[66]S. L. Gavrila, J. F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management [C]. Proceedings in:Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia,1998:81-90
[67]梁彬.可信进程机制及相关问题研究[D].北京:中国科学院研究生院(软件研究所).2004
[68]Wu Kehe, Ji Hongjiang, Chen Long, et al. A trusted process security model for the access to power enterprise data center[A]. Advanced Materials Research, Material and Manufacturing Technology II[C].2011, V341-342: 472-477
[69]Wu Kehe, Ge Yueguang, Chen Wei, et al. The research and implementation of the linux process real-time monitoring technology[A].2012 Fourth International Conference on Computational and Information Sciences[C].2012:1046-1049
[70]Zhang Tong, Wu Kehe, Ma Gang, Li Wei. A Network Business Security Model Based on Developed BLP Model in Electric Power Enterprise[J]. PRZEGLAD ELEKTROTECHNICZNY,2012,88(3b): 63-66
[71]Zhang Tong, Wu Kehe, Ma Gang, etc.. A model of trusted network for electric power information network[J]. Journal of Convergence Information Technology,2012,7(23):9-17
[72]李勇.基于可信计算的应用环境研究[D].北京:解放军信息工程大学,2011
[73]Ke-He Wu, Tong Zhang and Fei Chen. The Design and Implementation of Security Defense Technology Based on Mandatory Running Control[J]. Jounal of Information Assurance and Security,2010,5:218-223
[74]Jizhen Liu, Kehe Wu, Tong Zhang, Gang Ma. The design and implementation of security defense technology based on Mandatory Running Control[A].5th International Conference on Information Assurance and Security[C].2009:770-773
[75]吴克河,马刚,张彤.进程强制运行控制方法的设计与实现[J].通信学报,2009,30(10A):150-153
[76]Xing Xu-Jia, Ling Chuang, Jiang Yi-Xin. A Survey of Computer Vulnerability Assessment [J]. Chinese Journal of Computers,2004, 27(1):1-11.
[77]余彦峰,刘毅,张书杰,等.一种专用可信网络[J].北京工业大学学报,2006,32(11):1032-1036
[78]李道丰,杨义先,谷利泽,等.状态行为关联的可信网络动态信任计算研究[J].通信学报,2010,31(12):12-19
[79]KAGAL L, FININ T, ANUPAM J. Trust-based security in pervasive computing environments[J]. IEEE Computer,2001,34(12):154-157
[80]徐兰芳,张大圣,徐凤鸣.基于灰色系统理论的主观信任模型[J].小型微型计算机系统,2007,28(5):801-804
[81]Lin Chuang, Wang Yuanzhuo, Tian Liqin. Development of trusted network and challenges it faces[J]. ZTE Communications,2008,6(1): 13-17
[82]郭永基.电力系统可靠性分析[M].北京:清华大学出版社,2003
[83]林闯,田立勤,王元卓.可信网络中用户行为可信的研究[J].计算机研究与发展,2008,45(12):2033-2043
[84]田立勤,林闯.可信网络中一种基于用户行为信任预测的博弈控制分析[J].计算机学报,2007,30(11):1930-1938
[85]张润莲,武小年,周胜源,董小社.一种基于实体行为风险评估的信任模型[J].计算机学报,2009,4(32):688-698
[86]马建峰.计算机系统安全(第二版)[M].西安:西安电子科技大学出版社,2007
[87]张宗杰,王兵.一种实时多任务操作系统的进程调度分析[J].微计算机信息,2008,(2):61-62
[88]赵洁.入侵容忍的分布式Web服务器模型研究[D].南京:南京师范大学,2005
[89]周孝信.大型互联网运行可靠性基础研究[M].北京:中国电力出版社,2008
[90]Carolina M A, Luiz C P. Potential benefits of implementing load management to improve power system security[J]. International Journal of Electrical Power & Energy Systems,2010,6(32):704-710
[91]SW Cheng, D Garlan, Stitch. A language for architecture-based self-adaptation[J]. Journal of systems and software,2012,85(12): 2860-2875
[92]张冬蕾,韩旭,史忠植.基于主体的软件故障诊断系统eHealer[J].高技术通讯,2010,20(4):379-385
[93]郭晨,梁家荣,夏洁武,等.基于危险理论的人工免疫原理与应用[J].计算机应用研究,2007,24(6):19-21
[94]EM Dashofy, AVD Hoek, RN Taylor. Towards architecture-based self-healing systems[C]. Proceedings in:the First ACM SIGSOFT Workshop on Self-Healing Systems,2002:21-26
[95]G Valetto, G Kaiser. A case study in software adaptation[C]. In: Proceedings of the First ACM SIGSOFT Workshop on Self-Healing Systems, 2002:73-78
[96]李伟伟,张涛,林为民,等.基于动态网络行为可信度量的安全审计[J].计算机技术与发展,2012,22(5):250-253
[97]杨明华,陶灵姣,杨斌,等.高可信容错计算机系统设计与应用研究[J].计算机工程,2012,38(15):237-243
[98]仉俊峰,陈德运,洪炳镕,等.基于遗传算法的重定位容错方法的研究[J].宇航学报,2012,33(2):249-253
[99]由育阳.数据流容错挖掘算法研究[D].黑龙江:哈尔滨工程大学,2011
[100]杨政.电力系统容侵技术及算法研究[J].沈阳工程学院学报(自然科学版),2010,6(2):147-153
[101]周睿鹏,郭渊博,刘伟.面向容忍入侵的自治愈应用服务器设计与实现 [J].计算机工程与设计,2010,32(1):5-10
[102]王宁波,王先培.容侵技术在电力系统数据网络安全中的应用[J].电力自动化设备,2004,24(10):35-38
[103]王慧.危险理论的容侵系统框架的研究[J].沈阳工程学院学报(自然科学版),2010,6(3):261-263
[104]周彦伟,吴振强,叶建财,等.新的可信网络框架研究[J].计算机应用,2009,29(9):2355-2360
[105]王功明,关永,赵春江,等.可信网络框架及研究[J].计算机工程与设计,2007,28(5):1017-1019
[106]高铁杠,顾巧论,陈增强.可信网络的可信模型与算法设计研究[J].计算机应用研究,2007,24(6):142-144
[107]Bjorkman G. The VIKING Project-Towards more Secure SCADA Systems[A]. Proc. HSCC 1st Workshop Secure Control Systems[C], 2010:1-13
[108]Berg M, Stamp J. A reference model for control and automation systems in electric power[R]. Sandia National Laboratories report SAND2005-1000C, 2005
[109]Ralston P A S, Graham J H, Hieb J L. Cyber security risk assessment for SCADA and DCS networks[J]. ISA transactions,2007,46(4):583-594
[110]Fadul J, Hopkinson K, Sheffield C, et al. Trust Management and Security in the Future Communication-Based[A]. System Sciences (HICSS) 201144th Hawaii International Conference on IEEE[C],2011:1-10
[111]Davis C M, Tate J E, Okhravi H, et al. SCADA cyber security testbed development A]. Power Symposium,2006. NAPS 2006.38th North American. IEEE[C],2006:483-488
[112]Miyachi T, Narita H, Yamada H, et al. Myth and reality on control system security revealed by Stuxnet[A]. SICE Annual Conference (SICE),2011 Proceedings of IEEE[C],2011:1537-1540
[113]徐淑珍,朱子述,张君,等.变电站操作票仿真系统的面向对象设计和实现[J].高电压技术,2000,26(1):39-41
[114]蒲石,陈周国,祝世雄.震网病毒分析与防范[J].信息网络安全,2012,2(1):40-43
[2]胡炎,董名垂,韩英铎.电力工业信息安全的思考[J].电力系统自动化,2002,26(7):1-4
[3]吴克河.电力信息系统安全防御体系及关键技术的研究[D].北京:华北电力大学,2008
[4]李文武,游文霞,王先培.电力系统信息安全研究综述[J].电力系统保护与控制,2001,39(10):140-147
[5]Department of Energy (DOE).21 Steps to Improve Cyber Security of SCADA Networks[R/OL].2002. http://www.esisac.com/publicdocs/21StepsBooklet.-pdf
[6]NIST. Recommended Security Controls for Federal Information Systems, NIST Special Publication SP-800-53[R/OL].2007.http://niap.nist.gov/
[7]NIST. Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security, NIST Special Publication 800-82[R/OL]. 2007.http://www.nist.gov
[8]NIST. ICS Security Project-Website [EB/OL].2012. http://csrc.nist.gov /sec-cert/ics/index.html
[9]NIST.Computer Security Division [EB/OL].2013.http: //csrc.nist.gov/publications
[10]Goran N. Ericsson.Information Security for Electric Power Utilities (EPUs)-CIGRE Developments on Frameworks, Risk Assessment, and Technology[J]. IEEE TRANSACTIONS ON POWER DELIVERY,2009, 24(3):1174-1181
[11]Ericsson G. Managing Information Security in an Electric Utility[J]. Electra Magazine-Cigre,2004 (216)
[12]P. Roche. Cyber security considerations in power system operations[J]. Electra Magazine-Cigre,2005(218)
[13]G. Dondossola and O. Lamquet. Cyber risk assessment in the electric power industry[J]. Electra Magazine-Cigre,2006(224)
[14]A. Torkilseng and G. Ericsson. Some guidelines for developing a framework for managing cybersecurity for an electric power utility[J]. Electra Magazine-Cigre,2006(208)
[15]T. Jansen. Technical considerations for building secure substation automation systems[J]. Electra Magazine-Cigre,2006(229)
[16]G. Ericsson, A. Torkilseng, G. Dondossola, T. Jansen, P. Roche, J.Smith, D. Holstein, A. Vidrascu, J. Weiss. Security for information systems and intranets in electric power systems[R]. CIGRE,2007
[17]ISO/IEC 10181, Information technology-open systems interconnection-security frameworks for open systems[S]. USA:ISO/IEC,1996
[18]ISO/IEC 17799, Information technology-code of practice for information security management[S]. USA:ISO/IEC,2000.
[19]BS 7799, Information security management, Part 2:specification for management systems[S]. British:British Standards Inst.,1999
[20]BS 7799-2, Information security management systems-specifications with guidance for use BS 7799-2[S]. British:British Standards Inst.,2002
[21]CIGRE WG D2.22. Treatment of Information Security for Electric Power Utilities (EPUs)TB[R], CIGRE,2009
[22]韩祯祥,曹一家.电力系统的安全性及防治措施[J].电网技术,2004,28(9):1-6
[23]Gyorgy Dan, Henrik Sandberg, Mathias Ekstedt, Gunnar Bjorkman. Challenges in Power System Information Security [J]. IEEE Security and Privacy,2011:62-70
[24]NIST. Guidelines for Smart Grid Cyber Security(vols.l-3) [R]. USA: National Institute of Standards and Technology,2010
[25]Schneier B. Attack trees[J]. Dr. Dobb's journal,1999,24(12):21-29
[26]S. Bistarelli, F. Fioravanti, and P. Peretti. Defense trees for economic evaluation of security investments[C]. Proceedings in:ARES(Availability, Reliability and Security)2006, the First International Conference on IEEE, 2006:416-423
[27]Pietre-Cambacedes L, Bouissou M. Beyond attack trees:dynamic security modeling with Boolean logic Driven Markov Processes (BDMP)[C]. Proceedings in:Dependable Computing Conference (EDCC), 2010:199-208
[28]Sommestad T, Ekstedt M, Holm H.The Cyber Security Modeling Language:A Tool for Assessing the Vulnerability of Enterprise System Architectures[J]. IEEE SYSTEMS JOURNAL,2012:1-11
[29]国家经济贸易委员会.电网与电厂计算机监控系统及调度数据网络安全防护规定[Z].2002
[30]国家电力监管委员会.电力二次系统安全防护规定[Z].2005.
[31]廖建容,段斌,谭步学等.基于口令的变电站数据与通信安全认证[J].电力系统自动化,2007,31(10):1-5
[32]刘念,张建华,段斌等.网络环境下变电站自动化通信系统脆弱性评估[J].电力系统自动化,2008,32(8):28-33
[33]庞春江,庞会静.RBAC模犁的改进及其在电力ERP权限管理中的应用[J].电力系统自动化,2008,32(13):94-97
[34]王宁波,王先培.容侵技术在电力系统数据网络安全中的应用[J].电力自动化设备,2004,24(10):35-38
[35]孙夫胸,汪阳,余智欣等.基于容侵技术的电力企业网络安全体系模型[J].电力自动化设备,2004,24(10):31-34
[36]冯小安,祁兵.电力信息系统安全体系的构建[J].电网技术,2008,32(1A):77-80
[37]吴克河,刘吉臻,张彤,李为.电力信息系统安全防御体系及关键技术[M].北京:科学出版社,2011:20-25
[38]林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758
[39]Fadul J, Hopkinson K, Sheffield C, et al.. Trust Management and Security in the Future Communication-Based[C]. Proceedings in:System Sciences (HICSS),2011 44th Hawaii International Conference on IEEE, 2011:1-10
[40]童晓阳.基于可信计算的广域保护与变电站通信安全防御策略[J].电力系统自动化,2011,35(20):53-58
[41]曾荣,张涛,陈亚东,等.基于可信计算的电力可信云终端设计[J].电力信息化,2012,10(9):19-22
[42]刘威,李冬,孙波.工业控制系统安全分析[J].信息网络安全,2012,8(13):41-43
[43]SP 800-82, Guide to Industry Control System (ICS) Security[S]. USA: NIST,2011
[44]Wang Jianliang, Xia Zhiwei, Yanan D. A Method for Soundess Verification of Workflow Model Based on Petri-net[A]. Proceedings of the 4th International Conference on Computer Science and Education[C],2009:880-883
[45]杨晓晖.软件行为动态可信理论模型研究[D].北京:中国科学技术大学,2010
[46]黄强,沈昌祥,陈幼雷,等.基于可信计算的保密和完整性统一安全策略[J].计算机工程与应用,2006,42(10):15-18
[47]周明天,谭良.可信计算及其进展[J].电子科技大学学报,2006,35(4):686-697
[48]Trusted Computing Group(TCG). TCG Specification Architecture Overview Specification Revision 1.4[EB/OL]. (2007-8-2). [2007-8-2]. http: //www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version 14
[49]Algridas A., Laprie J. C., Brian R., et al.. Basic concepts and taxonomy of dependable and secure computing[J]. IEEE Transactions on Dependable and Secure Computing,2004,1(1):11-33
[50]ITU-T Rec.X.519|ISO/IEC 9594-8(5thed), Information technology-Open Systems Interconnection-The Directory:Public-key and attribute certificate frameworks[S]. Switzerland:International Standard Organization,2005
[51]DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria[S]. Washington, DC:Department of Defense,1985
[52]周明辉,梅宏.可信计算研究的初步探疑[J].计算机科学,2004,31(7):5-8
[53]屈延文.软件行为学[M].北京:电子工业出版社,2005:96-97.
[54]张焕国,罗捷,金刚,等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518
[55]肖政,韩英,叶蓬,等.基于可信计算平台的体系结构研究与应用[J].计算机应用,2006,26(8):1807-1809
[56]刘昌平.可信计算环境安全技术研究[D].四川:电子科技大学,2011
[57]D.Ferraiolo, R.Sandhu, S.Gavrila. A Proposed Standard for Role Based Access Control[J]. ACM Transactions on Information and System Security, 2001,4(3):224-274
[58]S.L.Gavrila, J.F.Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management [A]. In Proceedings of Third ACM Workshop on Role-Based Access Control [C].1998:81-90
[59]崔硕.工作流模型结构验证及运行仿真的研究与实现[D].华北电力大学,2012
[60]Ma Gang, Wu Kehe, Zhang Tong, Li Wei. A Flexible Policy-Based Access Control Model for Workflow [J]. PRZEGLAD ELEKTROTECHNICZNY, 2012,88(3b):67-71
[61]Gang Ma, Kehe Wu, Tong Zhang, Cui Shuo. A Method of Workflow Model Structure Verification Based on Graph Theory[J]. Journal of Convergence Information Technology,2012,7(17):350-356
[62]Ling Z, Shuo C, Dong Y, et al. A workflow structure verification method based on Warshall algorithm[A]. Natural Computation (ICNC) 2011 Seventh International Conference on IEEE[C].2011:1946-1949
[63]MfMC TC00-1003, The Workflow Reference Model[S]. USA:Workflow Management Coalition,1994
[64]姚崎.高性能可信区域边界防护体系结构及关键技术[D].北京:北京交通大学,2011
[65]D. Ferraiolo, R. Sandhu, S. Gavrila. A Proposed Standard for Role Based Access Control[J]. ACM Transactions on Information and System Security, 2001,4(3):224-274
[66]S. L. Gavrila, J. F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management [C]. Proceedings in:Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia,1998:81-90
[67]梁彬.可信进程机制及相关问题研究[D].北京:中国科学院研究生院(软件研究所).2004
[68]Wu Kehe, Ji Hongjiang, Chen Long, et al. A trusted process security model for the access to power enterprise data center[A]. Advanced Materials Research, Material and Manufacturing Technology II[C].2011, V341-342: 472-477
[69]Wu Kehe, Ge Yueguang, Chen Wei, et al. The research and implementation of the linux process real-time monitoring technology[A].2012 Fourth International Conference on Computational and Information Sciences[C].2012:1046-1049
[70]Zhang Tong, Wu Kehe, Ma Gang, Li Wei. A Network Business Security Model Based on Developed BLP Model in Electric Power Enterprise[J]. PRZEGLAD ELEKTROTECHNICZNY,2012,88(3b): 63-66
[71]Zhang Tong, Wu Kehe, Ma Gang, etc.. A model of trusted network for electric power information network[J]. Journal of Convergence Information Technology,2012,7(23):9-17
[72]李勇.基于可信计算的应用环境研究[D].北京:解放军信息工程大学,2011
[73]Ke-He Wu, Tong Zhang and Fei Chen. The Design and Implementation of Security Defense Technology Based on Mandatory Running Control[J]. Jounal of Information Assurance and Security,2010,5:218-223
[74]Jizhen Liu, Kehe Wu, Tong Zhang, Gang Ma. The design and implementation of security defense technology based on Mandatory Running Control[A].5th International Conference on Information Assurance and Security[C].2009:770-773
[75]吴克河,马刚,张彤.进程强制运行控制方法的设计与实现[J].通信学报,2009,30(10A):150-153
[76]Xing Xu-Jia, Ling Chuang, Jiang Yi-Xin. A Survey of Computer Vulnerability Assessment [J]. Chinese Journal of Computers,2004, 27(1):1-11.
[77]余彦峰,刘毅,张书杰,等.一种专用可信网络[J].北京工业大学学报,2006,32(11):1032-1036
[78]李道丰,杨义先,谷利泽,等.状态行为关联的可信网络动态信任计算研究[J].通信学报,2010,31(12):12-19
[79]KAGAL L, FININ T, ANUPAM J. Trust-based security in pervasive computing environments[J]. IEEE Computer,2001,34(12):154-157
[80]徐兰芳,张大圣,徐凤鸣.基于灰色系统理论的主观信任模型[J].小型微型计算机系统,2007,28(5):801-804
[81]Lin Chuang, Wang Yuanzhuo, Tian Liqin. Development of trusted network and challenges it faces[J]. ZTE Communications,2008,6(1): 13-17
[82]郭永基.电力系统可靠性分析[M].北京:清华大学出版社,2003
[83]林闯,田立勤,王元卓.可信网络中用户行为可信的研究[J].计算机研究与发展,2008,45(12):2033-2043
[84]田立勤,林闯.可信网络中一种基于用户行为信任预测的博弈控制分析[J].计算机学报,2007,30(11):1930-1938
[85]张润莲,武小年,周胜源,董小社.一种基于实体行为风险评估的信任模型[J].计算机学报,2009,4(32):688-698
[86]马建峰.计算机系统安全(第二版)[M].西安:西安电子科技大学出版社,2007
[87]张宗杰,王兵.一种实时多任务操作系统的进程调度分析[J].微计算机信息,2008,(2):61-62
[88]赵洁.入侵容忍的分布式Web服务器模型研究[D].南京:南京师范大学,2005
[89]周孝信.大型互联网运行可靠性基础研究[M].北京:中国电力出版社,2008
[90]Carolina M A, Luiz C P. Potential benefits of implementing load management to improve power system security[J]. International Journal of Electrical Power & Energy Systems,2010,6(32):704-710
[91]SW Cheng, D Garlan, Stitch. A language for architecture-based self-adaptation[J]. Journal of systems and software,2012,85(12): 2860-2875
[92]张冬蕾,韩旭,史忠植.基于主体的软件故障诊断系统eHealer[J].高技术通讯,2010,20(4):379-385
[93]郭晨,梁家荣,夏洁武,等.基于危险理论的人工免疫原理与应用[J].计算机应用研究,2007,24(6):19-21
[94]EM Dashofy, AVD Hoek, RN Taylor. Towards architecture-based self-healing systems[C]. Proceedings in:the First ACM SIGSOFT Workshop on Self-Healing Systems,2002:21-26
[95]G Valetto, G Kaiser. A case study in software adaptation[C]. In: Proceedings of the First ACM SIGSOFT Workshop on Self-Healing Systems, 2002:73-78
[96]李伟伟,张涛,林为民,等.基于动态网络行为可信度量的安全审计[J].计算机技术与发展,2012,22(5):250-253
[97]杨明华,陶灵姣,杨斌,等.高可信容错计算机系统设计与应用研究[J].计算机工程,2012,38(15):237-243
[98]仉俊峰,陈德运,洪炳镕,等.基于遗传算法的重定位容错方法的研究[J].宇航学报,2012,33(2):249-253
[99]由育阳.数据流容错挖掘算法研究[D].黑龙江:哈尔滨工程大学,2011
[100]杨政.电力系统容侵技术及算法研究[J].沈阳工程学院学报(自然科学版),2010,6(2):147-153
[101]周睿鹏,郭渊博,刘伟.面向容忍入侵的自治愈应用服务器设计与实现 [J].计算机工程与设计,2010,32(1):5-10
[102]王宁波,王先培.容侵技术在电力系统数据网络安全中的应用[J].电力自动化设备,2004,24(10):35-38
[103]王慧.危险理论的容侵系统框架的研究[J].沈阳工程学院学报(自然科学版),2010,6(3):261-263
[104]周彦伟,吴振强,叶建财,等.新的可信网络框架研究[J].计算机应用,2009,29(9):2355-2360
[105]王功明,关永,赵春江,等.可信网络框架及研究[J].计算机工程与设计,2007,28(5):1017-1019
[106]高铁杠,顾巧论,陈增强.可信网络的可信模型与算法设计研究[J].计算机应用研究,2007,24(6):142-144
[107]Bjorkman G. The VIKING Project-Towards more Secure SCADA Systems[A]. Proc. HSCC 1st Workshop Secure Control Systems[C], 2010:1-13
[108]Berg M, Stamp J. A reference model for control and automation systems in electric power[R]. Sandia National Laboratories report SAND2005-1000C, 2005
[109]Ralston P A S, Graham J H, Hieb J L. Cyber security risk assessment for SCADA and DCS networks[J]. ISA transactions,2007,46(4):583-594
[110]Fadul J, Hopkinson K, Sheffield C, et al. Trust Management and Security in the Future Communication-Based[A]. System Sciences (HICSS) 201144th Hawaii International Conference on IEEE[C],2011:1-10
[111]Davis C M, Tate J E, Okhravi H, et al. SCADA cyber security testbed development A]. Power Symposium,2006. NAPS 2006.38th North American. IEEE[C],2006:483-488
[112]Miyachi T, Narita H, Yamada H, et al. Myth and reality on control system security revealed by Stuxnet[A]. SICE Annual Conference (SICE),2011 Proceedings of IEEE[C],2011:1537-1540
[113]徐淑珍,朱子述,张君,等.变电站操作票仿真系统的面向对象设计和实现[J].高电压技术,2000,26(1):39-41
[114]蒲石,陈周国,祝世雄.震网病毒分析与防范[J].信息网络安全,2012,2(1):40-43