本文選題：電力信息安全　切入點(diǎn)：運(yùn)維審計(jì)模型　出處：《華北電力大學(xué)(北京)》2014年博士論文

【摘要】：智能電網(wǎng)的建設(shè)極大促進(jìn)了電力行業(yè)信息化的發(fā)展,在信息化與電力工業(yè)的深度融合過(guò)程中,來(lái)自企業(yè)內(nèi)部的威脅正成為電力信息安全亟待解決的問(wèn)題。目前電力二次系統(tǒng)采用分區(qū)分域的防護(hù)策略,實(shí)現(xiàn)了工業(yè)控制系統(tǒng)和管理信息系統(tǒng)的隔離,側(cè)重于防范外部攻擊,但對(duì)于來(lái)自內(nèi)部的安全風(fēng)險(xiǎn)防范保護(hù)存在嚴(yán)重不足。本論文基于電力行業(yè)信息安全現(xiàn)狀,研究?jī)?nèi)部安全威脅的防范策略和安全保護(hù)手段,重點(diǎn)針對(duì)信息系統(tǒng)的運(yùn)行維護(hù)操作安全防護(hù),研究了一種基于審計(jì)的行為管控模型,防范內(nèi)部用戶的不合規(guī)操作帶來(lái)的安全風(fēng)險(xiǎn)。論文的研究工作及取得的主要成果體現(xiàn)在以下幾個(gè)方面：(1)分析了電力行業(yè)業(yè)務(wù)系統(tǒng)和信息安全的研究現(xiàn)狀,研究了電力信息系統(tǒng)業(yè)務(wù)安全面臨的威脅和電力信息系統(tǒng)運(yùn)維審計(jì)的安全需求,在此基礎(chǔ)上,提出了運(yùn)維審計(jì)模型,設(shè)計(jì)了旁路監(jiān)聽(tīng)審計(jì)網(wǎng)絡(luò)模型和基于代理的運(yùn)維審計(jì)網(wǎng)絡(luò)模型。結(jié)合基于角色的訪問(wèn)控制(RBAC)模型和通用訪問(wèn)控制框架(GFAC),對(duì)信息安全運(yùn)維審計(jì)模型的訪問(wèn)控制機(jī)制進(jìn)行了形式化描述和分析。(2)研究了運(yùn)維安全審計(jì)的關(guān)鍵技術(shù),重點(diǎn)研究了高效的網(wǎng)絡(luò)數(shù)據(jù)包捕獲和數(shù)據(jù)流重組技術(shù),主要內(nèi)容有：①傳統(tǒng)網(wǎng)絡(luò)數(shù)據(jù)包抓取方式需要進(jìn)行多次數(shù)據(jù)復(fù)制和上下文切換,效率較低,本文研究了網(wǎng)絡(luò)數(shù)據(jù)包“零拷貝”技術(shù),采用“無(wú)鎖化”數(shù)據(jù)同步機(jī)制,顯著減少了數(shù)據(jù)復(fù)制和上下文切換開(kāi)銷。②研究了基于共享內(nèi)存的數(shù)據(jù)流快速重組技術(shù),根據(jù)運(yùn)維審計(jì)系統(tǒng)的特性,簡(jiǎn)化了對(duì)TCP協(xié)議的處理流程,設(shè)計(jì)了高效的TCP流狀態(tài)機(jī),實(shí)現(xiàn)數(shù)據(jù)的高效轉(zhuǎn)發(fā)。③提出了自適應(yīng)雙協(xié)議棧技術(shù),使發(fā)給本機(jī)和需要轉(zhuǎn)發(fā)的數(shù)據(jù)都能夠得到有效處理。④提出了局域網(wǎng)自適應(yīng)哈希(LAAH)算法,對(duì)TCP數(shù)據(jù)包進(jìn)行快速查找和定位處理,根據(jù)網(wǎng)絡(luò)數(shù)據(jù)流的局部性特征,采用移至最前法對(duì)沖突結(jié)點(diǎn)進(jìn)行處理,有效減少了哈希沖突的查找時(shí)間。電力行業(yè)運(yùn)維審計(jì)應(yīng)用場(chǎng)景的模擬測(cè)試表明LAAH算法具有很好的效率。(3)研究了基于字符命令和圖形的運(yùn)維協(xié)議的解析和回放技術(shù)。研究了網(wǎng)絡(luò)虛擬終端(NVT)和XTERM終端控制命令序列。研究了遠(yuǎn)程桌面協(xié)議(RDP)的原理和解析方法。設(shè)計(jì)并實(shí)現(xiàn)了RDP運(yùn)維會(huì)話的回放程序,包括回放文件和支持時(shí)間控制、播放控制的播放器。(4)針對(duì)常見(jiàn)運(yùn)維協(xié)議,分析了協(xié)議的認(rèn)證過(guò)程中的安全風(fēng)險(xiǎn),研究了增強(qiáng)認(rèn)證安全的方法。提出動(dòng)態(tài)隨機(jī)用戶密碼(DRUP)模型,通過(guò)可信網(wǎng)絡(luò)通道傳輸一次性動(dòng)態(tài)隨機(jī)用戶名密碼,然后在不可信或存在安全風(fēng)險(xiǎn)的網(wǎng)絡(luò)通道中將其用于登錄驗(yàn)證,從而解決了運(yùn)維認(rèn)證過(guò)程中泄露用戶憑證的問(wèn)題。(5)針對(duì)某省電力公司的信息系統(tǒng)運(yùn)維的安全需求,根據(jù)研究的審計(jì)模型和關(guān)鍵技術(shù),采用構(gòu)件架構(gòu)技術(shù),設(shè)計(jì)并實(shí)現(xiàn)了一套運(yùn)維審計(jì)系統(tǒng)軟件,并進(jìn)行了安裝部署和運(yùn)行測(cè)試。
[Abstract]:The construction of the smart grid has greatly contributed to the development of electric power industry informatization, in the integration of information technology and the depth of the electric power industry process, from the internal threat is becoming the power information security problems to be solved. The power system adopts two protection strategy partitions the domain, realizes the isolation of industrial control system and management information system focus on prevention, external attacks, but for internal security risk protection is inadequate. The present situation of information security in electric power industry based on the study of the internal security threat prevention strategy and safety protection methods, key operation for the information system maintenance operation safety protection, studies a kind of behavior control model based on audit, prevention an internal user security risk operation brings. The main achievements of the research work of this paper and has been reflected in the following aspects Surface: (1) analyzed the research status of electric power industry, business systems and information security, the security of power information system business and the threat of power information system operation and maintenance of the audit security requirement, on this basis, put forward the operation and maintenance of the audit model, audit design bypass monitoring network model and network operation and maintenance of the audit model based on agent. Combining the role based access control (RBAC) model and general access control framework (GFAC), the model of the operation and maintenance of information security audit access control mechanism was described and analyzed. (2) research on key technology of operation and maintenance of safety audit, focus on efficient network packet capture and data flow recombination technology. The main contents are as follows: firstly, the traditional network packet capture methods require multiple data copying and context switching, low efficiency, this paper studies the network packet "zero copy". Operation, using "lock free" data synchronization mechanism, significantly reduces the data copying and context switching overhead. Study on shared memory data stream technology based on rapid reorganization, according to the characteristics of operation and maintenance of the audit system, simplifies the process of the TCP protocol, the design of efficient TCP flow state machine, efficient implementation of data forwarding the proposed adaptive. The dual stack technology, to make the machine and the need to retransmit the data can be treated effectively. The proposed adaptive LAN Hashi (LAAH) algorithm, the TCP packet fast search and positioning, according to the local characteristics of network data flow, to deal with the conflict node adopts to the method effectively reduces the lookup time. Hashi conflict simulation test of power industry operation audit application scenarios show that LAAH algorithm has good efficiency. (3) research based on the character and command Parsing and playback technology maintenance agreement. Graphics on the network virtual terminal (NVT) and XTERM terminal control command sequence. On the remote desktop protocol (RDP) principle and analytic method. The design and implementation of RDP operation and maintenance session playback procedures, including file playback and support time control, the player (playing control. 4) for common maintenance agreement, analyses the risk of security authentication protocol in the research methods of enhancing authentication security. The dynamic random user password (DRUP) model, through the trusted network channel transmission time dynamic random username and password, and then in the network channel will not trusted or there are security risks for login authentication thus, to solve the operation and maintenance of the certification process leaked user credentials. (5) the security requirements for the maintenance of the information system of electric power company, according to the audit model research and Key technology, using component architecture technology, designed and implemented a set of operation and maintenance audit system software, and carried out the installation and operation test.

【學(xué)位授予單位】：華北電力大學(xué)(北京)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2014
【分類號(hào)】：TM76;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 ;業(yè)內(nèi)人士談信息安全發(fā)展的兩大趨勢(shì)[J];機(jī)械工業(yè)信息與網(wǎng)絡(luò);2005年04期

2 ;信息安全:戰(zhàn)略為先細(xì)節(jié)制勝 創(chuàng)新是關(guān)鍵[J];中國(guó)勘察設(shè)計(jì);2006年06期

3 陸e，

本文編號(hào)：1697452