本文選題：PROFIBUS-DP + Internet　； 參考：《吉林大學》2014年碩士論文

【摘要】：PROFIBUS現(xiàn)場總線是當前業(yè)界應用最成功、最廣泛的現(xiàn)場總線技術(shù)，它將企業(yè)現(xiàn)場控制系統(tǒng)與底層設備相連，構(gòu)成企業(yè)的控制層網(wǎng)絡。傳統(tǒng)的企業(yè)控制層網(wǎng)絡和企業(yè)信息網(wǎng)絡相對孤立封閉，企業(yè)的管理層和技術(shù)人員只有親臨現(xiàn)場或者通過定期的上報文件來了解現(xiàn)場生產(chǎn)狀況。在信息瞬息萬變的時代，企業(yè)的生存與發(fā)展很大程度上依賴于對現(xiàn)場設備運行狀況的了解并且做出正確、及時的決策。如何將現(xiàn)場總線網(wǎng)絡接入Internet網(wǎng)絡實現(xiàn)對設備的遠程實時監(jiān)控是工業(yè)自動化的熱點研究問題之一，同時安全問題也是現(xiàn)場總線網(wǎng)絡接入Internet網(wǎng)絡不容忽視的重要問題。本文針對兩種異構(gòu)網(wǎng)絡的互聯(lián)接入問題和接入時的安全問題，提出了采用嵌入式安全Web網(wǎng)關的方法實現(xiàn)通過Internet網(wǎng)對PROFIBUS-DP總線上設備的實時、快捷直觀、安全的監(jiān)控。 本項研究在對PROFIBUS-DP現(xiàn)場總線網(wǎng)絡和Internet網(wǎng)絡兩種異構(gòu)網(wǎng)絡網(wǎng)絡結(jié)構(gòu)和網(wǎng)絡協(xié)議深入研究和分析的基礎上，，提出了采用嵌入式網(wǎng)關的方法使兩種異構(gòu)網(wǎng)絡互聯(lián)通信，并設計了具體的協(xié)議轉(zhuǎn)換模型和協(xié)議轉(zhuǎn)換方法，進而達到通過Internet對PROFIBUS-DP現(xiàn)場總線上設備遠程監(jiān)控的目的。 根據(jù)兩種異構(gòu)網(wǎng)絡的通信模型，設計了網(wǎng)關軟、硬件系統(tǒng)架構(gòu)。在硬件系統(tǒng)架構(gòu)上，該網(wǎng)關采用了高性能的S3C2440微處理器、高速以太網(wǎng)控制器DM9000、以及大容量的SDRAM和FLASH存儲器，同時具備PROFIBUS和Internet接口。在軟件系統(tǒng)架構(gòu)上，采用了網(wǎng)絡性能優(yōu)良的嵌入式Linux操作系統(tǒng)，并引入了具有優(yōu)秀網(wǎng)絡友好交互能力的嵌入式Web技術(shù)和對數(shù)據(jù)信息進行管理的嵌入式數(shù)據(jù)庫技術(shù)。 在系統(tǒng)安全方面，本項研究詳細分析了PROFIBUS-DP工控網(wǎng)絡通過嵌入式Web網(wǎng)關接入Internet互聯(lián)網(wǎng)的安全威脅，在研究現(xiàn)有通用的安全方法的基礎上，提出了適合本項研究應用場景的安全機制。在本嵌入式Web網(wǎng)關上同時采用強制訪問控制思想進行用戶身份訪問控制、SSL套接層協(xié)議對數(shù)據(jù)進行加密安全傳輸、分類系統(tǒng)日志對系統(tǒng)提供不可抵賴性服務這三種措施來對系統(tǒng)進行安全保護。 利用動態(tài)網(wǎng)頁技術(shù)-CGI編程實現(xiàn)用戶與設備交互、用戶強制訪問控制、分類系統(tǒng)日志記錄，并對設計的嵌入式安全Web網(wǎng)關進行了模擬驗證與測試。測試結(jié)果表明：本項研究設計的嵌入式安全Web網(wǎng)關方案能實現(xiàn)通過Internet網(wǎng)對PROFIBUS-DP總線上的設備進行方便快捷、實時地遠程監(jiān)控，同時設計的安全機制能對系統(tǒng)提供較高的安全性保障。
[Abstract]:PROFIBUS field bus is the most successful and widely used field bus technology in the industry at present. It connects the enterprise field control system with the underlying equipment and constitutes the control layer network of the enterprise. The traditional enterprise control layer network and enterprise information network are relatively isolated and closed. The management and technical personnel of the enterprise only come to the scene in person or through regular reporting documents to understand the production situation on the spot. In the era of rapid change of information, the survival and development of enterprises depend largely on the understanding of the operation status of field equipment and making correct and timely decisions. How to connect the fieldbus network to the Internet network to realize the remote real-time monitoring of the equipment is one of the hot research issues in industrial automation. At the same time, the security problem is also an important issue that can not be ignored when the fieldbus network is connected to the Internet network. In this paper, aiming at the problem of interconnection and security of two heterogeneous networks, an embedded secure Web gateway is proposed to monitor the devices on PROFIBUS-DP bus in real time, fast, and safely through the Internet. Based on the deep research and analysis of two kinds of heterogeneous network structures and protocols of PROFIBUS-DP fieldbus network and Internet network, an embedded gateway method is proposed to make the two heterogeneous networks communicate with each other. The specific protocol conversion model and protocol conversion method are designed to achieve the purpose of remote monitoring of PROFIBUS-DP devices through the Internet. According to the communication model of two heterogeneous networks, the software and hardware architecture of gateway is designed. In the hardware system architecture, the gateway adopts high performance S3C2440 microprocessor, high speed Ethernet controller DM9000, large capacity SDRAM and flash memory, and also has PROFIBUS and Internet interface. In the software system architecture, the embedded Linux operating system with excellent network performance is adopted, and the embedded Web technology with excellent network friendly interaction ability and the embedded database technology which manages the data information are introduced. In the aspect of system security, the security threat of PROFIBUS-DP industrial control network accessing Internet through embedded Web gateway is analyzed in detail. A security mechanism suitable for the application scenario of this study is proposed. In the embedded Web gateway, the mandatory access control idea is also adopted to encrypt the data through SSL socket layer protocol. Classification system logs provide nonrepudiation services to the system to protect the system. Dynamic web page technology -CGI programming is used to realize user / device interaction, user mandatory access control, classification system logging, and the embedded secure Web gateway is simulated and tested. The test results show that the embedded secure Web gateway scheme can be used to monitor the PROFIBUS-DP bus conveniently and remotely in real time. At the same time, the designed security mechanism can provide a high level of security for the system.
【學位授予單位】：吉林大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.05

【參考文獻】

相關期刊論文 前6條

1 馮朔;;基于SPC3的嵌入式PROFIBUS-DP智能從站接口的設計及測試[J];電腦知識與技術(shù);2010年10期

2 趙曉焱;謝自梅;祁艷;;面向遠程監(jiān)控系統(tǒng)的嵌入式web服務器研究與實現(xiàn)[J];河南師范大學學報(自然科學版);2008年06期

3 周若谷;丁峰;魯力;;視頻監(jiān)控系統(tǒng)中嵌入式Web服務器的設計與實現(xiàn)[J];計算機科學;2011年05期

4 趙躍華,杜云海,包明國;基于身份認證的嵌入式Web網(wǎng)關安全機制的實現(xiàn)[J];計算機工程;2004年23期

5 沈勇;朱超;;基于SSL的嵌入式Web服務器安全設計與實現(xiàn)[J];計算機與現(xiàn)代化;2012年07期

6 郭孟;錢江;;一種工業(yè)以太網(wǎng)的控制網(wǎng)絡安全模型設計[J];微計算機信息;2008年33期

本文編號：2061905