《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 通信與網(wǎng)絡(luò) > 設(shè)計(jì)應(yīng)用 > 基于TPCM可信根的主動(dòng)免疫控制系統(tǒng)防護(hù)設(shè)計(jì)
基于TPCM可信根的主動(dòng)免疫控制系統(tǒng)防護(hù)設(shè)計(jì)
信息技術(shù)與網(wǎng)絡(luò)安全
孫 瑜,洪 宇,王炎玲
(北京可信華泰信息技術(shù)有限公司,北京100195)
摘要: 目前針對(duì)工業(yè)控制系統(tǒng)的安全風(fēng)險(xiǎn)與日俱增,傳統(tǒng)“封堵查殺”的防護(hù)技術(shù)難以有效應(yīng)對(duì)當(dāng)前所面臨的安全威脅,急需一套更適合工控系統(tǒng)環(huán)境的安全解決方案。結(jié)合我國(guó)自主創(chuàng)新的可信計(jì)算3.0關(guān)鍵技術(shù),提出一種基于TPCM可信根的適用于工業(yè)控制系統(tǒng)的主動(dòng)免疫防護(hù)方案,通過(guò)對(duì)關(guān)鍵節(jié)點(diǎn)的可信構(gòu)建使工業(yè)控制系統(tǒng)防護(hù)更加透徹,安全處理融洽一致,為工業(yè)控制系統(tǒng)構(gòu)建主動(dòng)免疫防御能力,使之能夠有效識(shí)別和防御未知威脅。
中圖分類號(hào): TP393.08
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.03.003
引用格式: 孫瑜,洪宇,王炎玲. 基于TPCM可信根的主動(dòng)免疫控制系統(tǒng)防護(hù)設(shè)計(jì)[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,
40(3):14-18.
An active immune protection design for industrial control system based on trust root of TPCM
Sun Yu,Hong Yu,Wang Yanling
(Beijing Huatech Trusted Computing Information Technology Co.,Ltd.,Beijing 100195,China)
Abstract: With the rapid development and application of industrial information, cybersecurity risks are increasing. The traditional "blocking and killing" protection technology is difficult to deal with the current security threats. There is an urgent need for a more suitable industrial control system environmental security solution. This paper combined with our country′s independent innovation of trusted computing 3.0 key technology, and proposed an active immune protection scheme based on the root of trust of Trusted Platform Control Module(TPCM) for industrial control systems. By constructing key trust nodes, it enhances the protection capabilities of industrial control systems, and handles security incidents in a harmonious and consistent manner, which builds active immune defense capabilities for industrial control systems, and can effectively identify and defend against unknown threats.
Key words : trusted computing 3.0;trusted platform control module;PLC;industrial control system;active immune defense

0 引言

目前,隨著網(wǎng)絡(luò)空間成為繼陸、海、空、天之后的第五維空間,我國(guó)網(wǎng)絡(luò)安全形勢(shì)面臨著嚴(yán)峻的挑戰(zhàn)。網(wǎng)絡(luò)安全的首要問(wèn)題是解決核心技術(shù)受制于人的問(wèn)題,亟需建立創(chuàng)新發(fā)展的主動(dòng)免疫可信防護(hù)體系[1]。我國(guó)的國(guó)家關(guān)鍵基礎(chǔ)設(shè)施運(yùn)行往往是由工業(yè)控制系統(tǒng)的生產(chǎn)系統(tǒng)來(lái)實(shí)現(xiàn)的,數(shù)字化控制系統(tǒng)已成為工業(yè)控制系統(tǒng)的普遍趨勢(shì)。數(shù)字化控制系統(tǒng)是國(guó)家關(guān)鍵信息基礎(chǔ)設(shè)施的重要組成部分,一旦遭到破壞、喪失功能或者數(shù)據(jù)泄露,將會(huì)給國(guó)家安全、國(guó)計(jì)民生、公共利益帶來(lái)嚴(yán)重危害。因此數(shù)字化控制系統(tǒng)往往成為網(wǎng)絡(luò)戰(zhàn)的第一目標(biāo),針對(duì)工業(yè)控制系統(tǒng)的攻擊通常具有極強(qiáng)的針對(duì)性和隱蔽性,能夠突破以隔離為主的安全防護(hù)體系,使現(xiàn)有安全防護(hù)失效。





本文詳細(xì)內(nèi)容請(qǐng)下載:http://ihrv.cn/resource/share/2000003422




作者信息:

孫  瑜,洪  宇,王炎玲

(北京可信華泰信息技術(shù)有限公司,北京100195)


此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。