本文選題：電力信息安全　切入點：運維審計模型　出處：《華北電力大學(北京)》2014年博士論文

【摘要】：智能電網(wǎng)的建設(shè)極大促進了電力行業(yè)信息化的發(fā)展,在信息化與電力工業(yè)的深度融合過程中,來自企業(yè)內(nèi)部的威脅正成為電力信息安全亟待解決的問題。目前電力二次系統(tǒng)采用分區(qū)分域的防護策略,實現(xiàn)了工業(yè)控制系統(tǒng)和管理信息系統(tǒng)的隔離,側(cè)重于防范外部攻擊,但對于來自內(nèi)部的安全風險防范保護存在嚴重不足。本論文基于電力行業(yè)信息安全現(xiàn)狀,研究內(nèi)部安全威脅的防范策略和安全保護手段,重點針對信息系統(tǒng)的運行維護操作安全防護,研究了一種基于審計的行為管控模型,防范內(nèi)部用戶的不合規(guī)操作帶來的安全風險。論文的研究工作及取得的主要成果體現(xiàn)在以下幾個方面：(1)分析了電力行業(yè)業(yè)務(wù)系統(tǒng)和信息安全的研究現(xiàn)狀,研究了電力信息系統(tǒng)業(yè)務(wù)安全面臨的威脅和電力信息系統(tǒng)運維審計的安全需求,在此基礎(chǔ)上,提出了運維審計模型,設(shè)計了旁路監(jiān)聽審計網(wǎng)絡(luò)模型和基于代理的運維審計網(wǎng)絡(luò)模型。結(jié)合基于角色的訪問控制(RBAC)模型和通用訪問控制框架(GFAC),對信息安全運維審計模型的訪問控制機制進行了形式化描述和分析。(2)研究了運維安全審計的關(guān)鍵技術(shù),重點研究了高效的網(wǎng)絡(luò)數(shù)據(jù)包捕獲和數(shù)據(jù)流重組技術(shù),主要內(nèi)容有：①傳統(tǒng)網(wǎng)絡(luò)數(shù)據(jù)包抓取方式需要進行多次數(shù)據(jù)復制和上下文切換,效率較低,本文研究了網(wǎng)絡(luò)數(shù)據(jù)包“零拷貝”技術(shù),采用“無鎖化”數(shù)據(jù)同步機制,顯著減少了數(shù)據(jù)復制和上下文切換開銷。②研究了基于共享內(nèi)存的數(shù)據(jù)流快速重組技術(shù),根據(jù)運維審計系統(tǒng)的特性,簡化了對TCP協(xié)議的處理流程,設(shè)計了高效的TCP流狀態(tài)機,實現(xiàn)數(shù)據(jù)的高效轉(zhuǎn)發(fā)。③提出了自適應雙協(xié)議棧技術(shù),使發(fā)給本機和需要轉(zhuǎn)發(fā)的數(shù)據(jù)都能夠得到有效處理。④提出了局域網(wǎng)自適應哈希(LAAH)算法,對TCP數(shù)據(jù)包進行快速查找和定位處理,根據(jù)網(wǎng)絡(luò)數(shù)據(jù)流的局部性特征,采用移至最前法對沖突結(jié)點進行處理,有效減少了哈希沖突的查找時間。電力行業(yè)運維審計應用場景的模擬測試表明LAAH算法具有很好的效率。(3)研究了基于字符命令和圖形的運維協(xié)議的解析和回放技術(shù)。研究了網(wǎng)絡(luò)虛擬終端(NVT)和XTERM終端控制命令序列。研究了遠程桌面協(xié)議(RDP)的原理和解析方法。設(shè)計并實現(xiàn)了RDP運維會話的回放程序,包括回放文件和支持時間控制、播放控制的播放器。(4)針對常見運維協(xié)議,分析了協(xié)議的認證過程中的安全風險,研究了增強認證安全的方法。提出動態(tài)隨機用戶密碼(DRUP)模型,通過可信網(wǎng)絡(luò)通道傳輸一次性動態(tài)隨機用戶名密碼,然后在不可信或存在安全風險的網(wǎng)絡(luò)通道中將其用于登錄驗證,從而解決了運維認證過程中泄露用戶憑證的問題。(5)針對某省電力公司的信息系統(tǒng)運維的安全需求,根據(jù)研究的審計模型和關(guān)鍵技術(shù),采用構(gòu)件架構(gòu)技術(shù),設(shè)計并實現(xiàn)了一套運維審計系統(tǒng)軟件,并進行了安裝部署和運行測試。
[Abstract]:The construction of the smart grid has greatly contributed to the development of electric power industry informatization, in the integration of information technology and the depth of the electric power industry process, from the internal threat is becoming the power information security problems to be solved. The power system adopts two protection strategy partitions the domain, realizes the isolation of industrial control system and management information system focus on prevention, external attacks, but for internal security risk protection is inadequate. The present situation of information security in electric power industry based on the study of the internal security threat prevention strategy and safety protection methods, key operation for the information system maintenance operation safety protection, studies a kind of behavior control model based on audit, prevention an internal user security risk operation brings. The main achievements of the research work of this paper and has been reflected in the following aspects Surface: (1) analyzed the research status of electric power industry, business systems and information security, the security of power information system business and the threat of power information system operation and maintenance of the audit security requirement, on this basis, put forward the operation and maintenance of the audit model, audit design bypass monitoring network model and network operation and maintenance of the audit model based on agent. Combining the role based access control (RBAC) model and general access control framework (GFAC), the model of the operation and maintenance of information security audit access control mechanism was described and analyzed. (2) research on key technology of operation and maintenance of safety audit, focus on efficient network packet capture and data flow recombination technology. The main contents are as follows: firstly, the traditional network packet capture methods require multiple data copying and context switching, low efficiency, this paper studies the network packet "zero copy". Operation, using "lock free" data synchronization mechanism, significantly reduces the data copying and context switching overhead. Study on shared memory data stream technology based on rapid reorganization, according to the characteristics of operation and maintenance of the audit system, simplifies the process of the TCP protocol, the design of efficient TCP flow state machine, efficient implementation of data forwarding the proposed adaptive. The dual stack technology, to make the machine and the need to retransmit the data can be treated effectively. The proposed adaptive LAN Hashi (LAAH) algorithm, the TCP packet fast search and positioning, according to the local characteristics of network data flow, to deal with the conflict node adopts to the method effectively reduces the lookup time. Hashi conflict simulation test of power industry operation audit application scenarios show that LAAH algorithm has good efficiency. (3) research based on the character and command Parsing and playback technology maintenance agreement. Graphics on the network virtual terminal (NVT) and XTERM terminal control command sequence. On the remote desktop protocol (RDP) principle and analytic method. The design and implementation of RDP operation and maintenance session playback procedures, including file playback and support time control, the player (playing control. 4) for common maintenance agreement, analyses the risk of security authentication protocol in the research methods of enhancing authentication security. The dynamic random user password (DRUP) model, through the trusted network channel transmission time dynamic random username and password, and then in the network channel will not trusted or there are security risks for login authentication thus, to solve the operation and maintenance of the certification process leaked user credentials. (5) the security requirements for the maintenance of the information system of electric power company, according to the audit model research and Key technology, using component architecture technology, designed and implemented a set of operation and maintenance audit system software, and carried out the installation and operation test.

【學位授予單位】：華北電力大學(北京)
【學位級別】：博士
【學位授予年份】：2014
【分類號】：TM76;TP309

【相似文獻】

相關(guān)期刊論文 前10條

1 ;業(yè)內(nèi)人士談信息安全發(fā)展的兩大趨勢[J];機械工業(yè)信息與網(wǎng)絡(luò);2005年04期

2 ;信息安全:戰(zhàn)略為先細節(jié)制勝 創(chuàng)新是關(guān)鍵[J];中國勘察設(shè)計;2006年06期

3 陸e，

本文編號：1697452