本文選題：PROFIBUS-DP + Internet��； 參考：《吉林大學(xué)》2014年碩士論文

【摘要】：PROFIBUS現(xiàn)場(chǎng)總線是當(dāng)前業(yè)界應(yīng)用最成功、最廣泛的現(xiàn)場(chǎng)總線技術(shù)，它將企業(yè)現(xiàn)場(chǎng)控制系統(tǒng)與底層設(shè)備相連，構(gòu)成企業(yè)的控制層網(wǎng)絡(luò)。傳統(tǒng)的企業(yè)控制層網(wǎng)絡(luò)和企業(yè)信息網(wǎng)絡(luò)相對(duì)孤立封閉，企業(yè)的管理層和技術(shù)人員只有親臨現(xiàn)場(chǎng)或者通過(guò)定期的上報(bào)文件來(lái)了解現(xiàn)場(chǎng)生產(chǎn)狀況。在信息瞬息萬(wàn)變的時(shí)代，企業(yè)的生存與發(fā)展很大程度上依賴于對(duì)現(xiàn)場(chǎng)設(shè)備運(yùn)行狀況的了解并且做出正確、及時(shí)的決策。如何將現(xiàn)場(chǎng)總線網(wǎng)絡(luò)接入Internet網(wǎng)絡(luò)實(shí)現(xiàn)對(duì)設(shè)備的遠(yuǎn)程實(shí)時(shí)監(jiān)控是工業(yè)自動(dòng)化的熱點(diǎn)研究問題之一，同時(shí)安全問題也是現(xiàn)場(chǎng)總線網(wǎng)絡(luò)接入Internet網(wǎng)絡(luò)不容忽視的重要問題。本文針對(duì)兩種異構(gòu)網(wǎng)絡(luò)的互聯(lián)接入問題和接入時(shí)的安全問題，提出了采用嵌入式安全Web網(wǎng)關(guān)的方法實(shí)現(xiàn)通過(guò)Internet網(wǎng)對(duì)PROFIBUS-DP總線上設(shè)備的實(shí)時(shí)、快捷直觀、安全的監(jiān)控。 本項(xiàng)研究在對(duì)PROFIBUS-DP現(xiàn)場(chǎng)總線網(wǎng)絡(luò)和Internet網(wǎng)絡(luò)兩種異構(gòu)網(wǎng)絡(luò)網(wǎng)絡(luò)結(jié)構(gòu)和網(wǎng)絡(luò)協(xié)議深入研究和分析的基礎(chǔ)上，，提出了采用嵌入式網(wǎng)關(guān)的方法使兩種異構(gòu)網(wǎng)絡(luò)互聯(lián)通信，并設(shè)計(jì)了具體的協(xié)議轉(zhuǎn)換模型和協(xié)議轉(zhuǎn)換方法，進(jìn)而達(dá)到通過(guò)Internet對(duì)PROFIBUS-DP現(xiàn)場(chǎng)總線上設(shè)備遠(yuǎn)程監(jiān)控的目的。 根據(jù)兩種異構(gòu)網(wǎng)絡(luò)的通信模型，設(shè)計(jì)了網(wǎng)關(guān)軟、硬件系統(tǒng)架構(gòu)。在硬件系統(tǒng)架構(gòu)上，該網(wǎng)關(guān)采用了高性能的S3C2440微處理器、高速以太網(wǎng)控制器DM9000、以及大容量的SDRAM和FLASH存儲(chǔ)器，同時(shí)具備PROFIBUS和Internet接口。在軟件系統(tǒng)架構(gòu)上，采用了網(wǎng)絡(luò)性能優(yōu)良的嵌入式Linux操作系統(tǒng)，并引入了具有優(yōu)秀網(wǎng)絡(luò)友好交互能力的嵌入式Web技術(shù)和對(duì)數(shù)據(jù)信息進(jìn)行管理的嵌入式數(shù)據(jù)庫(kù)技術(shù)。 在系統(tǒng)安全方面，本項(xiàng)研究詳細(xì)分析了PROFIBUS-DP工控網(wǎng)絡(luò)通過(guò)嵌入式Web網(wǎng)關(guān)接入Internet互聯(lián)網(wǎng)的安全威脅，在研究現(xiàn)有通用的安全方法的基礎(chǔ)上，提出了適合本項(xiàng)研究應(yīng)用場(chǎng)景的安全機(jī)制。在本嵌入式Web網(wǎng)關(guān)上同時(shí)采用強(qiáng)制訪問控制思想進(jìn)行用戶身份訪問控制、SSL套接層協(xié)議對(duì)數(shù)據(jù)進(jìn)行加密安全傳輸、分類系統(tǒng)日志對(duì)系統(tǒng)提供不可抵賴性服務(wù)這三種措施來(lái)對(duì)系統(tǒng)進(jìn)行安全保護(hù)。 利用動(dòng)態(tài)網(wǎng)頁(yè)技術(shù)-CGI編程實(shí)現(xiàn)用戶與設(shè)備交互、用戶強(qiáng)制訪問控制、分類系統(tǒng)日志記錄，并對(duì)設(shè)計(jì)的嵌入式安全Web網(wǎng)關(guān)進(jìn)行了模擬驗(yàn)證與測(cè)試。測(cè)試結(jié)果表明：本項(xiàng)研究設(shè)計(jì)的嵌入式安全Web網(wǎng)關(guān)方案能實(shí)現(xiàn)通過(guò)Internet網(wǎng)對(duì)PROFIBUS-DP總線上的設(shè)備進(jìn)行方便快捷、實(shí)時(shí)地遠(yuǎn)程監(jiān)控，同時(shí)設(shè)計(jì)的安全機(jī)制能對(duì)系統(tǒng)提供較高的安全性保障。
[Abstract]:PROFIBUS field bus is the most successful and widely used field bus technology in the industry at present. It connects the enterprise field control system with the underlying equipment and constitutes the control layer network of the enterprise. The traditional enterprise control layer network and enterprise information network are relatively isolated and closed. The management and technical personnel of the enterprise only come to the scene in person or through regular reporting documents to understand the production situation on the spot. In the era of rapid change of information, the survival and development of enterprises depend largely on the understanding of the operation status of field equipment and making correct and timely decisions. How to connect the fieldbus network to the Internet network to realize the remote real-time monitoring of the equipment is one of the hot research issues in industrial automation. At the same time, the security problem is also an important issue that can not be ignored when the fieldbus network is connected to the Internet network. In this paper, aiming at the problem of interconnection and security of two heterogeneous networks, an embedded secure Web gateway is proposed to monitor the devices on PROFIBUS-DP bus in real time, fast, and safely through the Internet. Based on the deep research and analysis of two kinds of heterogeneous network structures and protocols of PROFIBUS-DP fieldbus network and Internet network, an embedded gateway method is proposed to make the two heterogeneous networks communicate with each other. The specific protocol conversion model and protocol conversion method are designed to achieve the purpose of remote monitoring of PROFIBUS-DP devices through the Internet. According to the communication model of two heterogeneous networks, the software and hardware architecture of gateway is designed. In the hardware system architecture, the gateway adopts high performance S3C2440 microprocessor, high speed Ethernet controller DM9000, large capacity SDRAM and flash memory, and also has PROFIBUS and Internet interface. In the software system architecture, the embedded Linux operating system with excellent network performance is adopted, and the embedded Web technology with excellent network friendly interaction ability and the embedded database technology which manages the data information are introduced. In the aspect of system security, the security threat of PROFIBUS-DP industrial control network accessing Internet through embedded Web gateway is analyzed in detail. A security mechanism suitable for the application scenario of this study is proposed. In the embedded Web gateway, the mandatory access control idea is also adopted to encrypt the data through SSL socket layer protocol. Classification system logs provide nonrepudiation services to the system to protect the system. Dynamic web page technology -CGI programming is used to realize user / device interaction, user mandatory access control, classification system logging, and the embedded secure Web gateway is simulated and tested. The test results show that the embedded secure Web gateway scheme can be used to monitor the PROFIBUS-DP bus conveniently and remotely in real time. At the same time, the designed security mechanism can provide a high level of security for the system.
【學(xué)位授予單位】：吉林大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.05

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 馮朔;;基于SPC3的嵌入式PROFIBUS-DP智能從站接口的設(shè)計(jì)及測(cè)試[J];電腦知識(shí)與技術(shù);2010年10期

2 趙曉焱;謝自梅;祁艷;;面向遠(yuǎn)程監(jiān)控系統(tǒng)的嵌入式web服務(wù)器研究與實(shí)現(xiàn)[J];河南師范大學(xué)學(xué)報(bào)(自然科學(xué)版);2008年06期

3 周若谷;丁峰;魯力;;視頻監(jiān)控系統(tǒng)中嵌入式Web服務(wù)器的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)科學(xué);2011年05期

4 趙躍華,杜云海,包明國(guó);基于身份認(rèn)證的嵌入式Web網(wǎng)關(guān)安全機(jī)制的實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2004年23期

5 沈勇;朱超;;基于SSL的嵌入式Web服務(wù)器安全設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)與現(xiàn)代化;2012年07期

6 郭孟;錢江;;一種工業(yè)以太網(wǎng)的控制網(wǎng)絡(luò)安全模型設(shè)計(jì)[J];微計(jì)算機(jī)信息;2008年33期

本文編號(hào)：2061905