| In recent years, purposive and organized network threat which aim at the Industry Control System, such as "Stunex" and "Flame" virus, has been more and more serious. The professional characteristic and high reliability requirements make the security requirements of Industry Control System different from the information system. As a result, the traditional security theory and technologies can not meet the special security requirements of Industry Control System. As a typical Industrial Control System, Electric Power Industrial Control System has special role in national economy and social life, so its security problem must be well considered. How to construct a secure, reliable, controllable Electric Power Industrial Control System is an important issue for electric enterprise, which is meaningful for ensuring electric industry secure and reliable.Based on the analysis and research of electrical industrial control system, this dissertation improves the existing information security theory, applys Trusted Computing theory to protecting the safety of the Industry Control System, proposes the concept of Electric Power Trusted Network, constructs the theoretical model of Electric Power Trusted Network. The main contributions of this dissertation are summarized as follows:(1) The Trusted concept has been introduced into Electric Power Industrial Control Systems, and then the concept of Electric Power trusted network has been proposed. Based on the traditional Trusted Network theory, according to the special security defense requirements of electric power industry control system, in order to realize the function of a system which has clear and controlled boundary, trusted hardware and software, trusted network and users’behavior, electric power trusted network theory has been proposed and studied. The electric power trusted network theory is a theoretical basis for power industrial control system security protection and can complete the electricity information security theory.(2) According to the security requirements of the electric power trusted network layering model has been proposed. From the two aspects of static and dynamic trusted environment, the trusted attributes of electric power trusted network has been divided into three layers, that is the dependable of hardware and network system, the trustworthy of system running and the normative of network behavior. The dependable of hardware and network system is the static trusted attribute, the trustworthy of system running and the normative of network behavior are the dynamic trusted attribute.(3) According to the requirement of ensuring the trusted running state of system, the security protection strategy has been proposed, which is based on accessing to system execute permissions by strictly process controling. Furthermore, the Mandatory Running Control technology which is based on Trusted Computing has been researched. The trusted root is constructed by "initial safety state". System processes are real-timely monitored by delivering the trusted chain. The Mandatory Running Control technology mainly monitors processes which require to obain system running permissions. And it can prevent damage from illegal processes by strictly monitoring the obain of system permissions. This technology can make up for traditional one which only forbade illegal writting permission, and ensured all processes in the system trusted.(4) According to the requirements of ensuring network behavior trusted, the strategy of network behavior credibility auditing has been proposed, and the theory and technology of the network behavior credibility auditing has been researched. Network behavior credibility auditing theory has been researched from three aspects, that are user identity trusted, network behavior credible, and operation processes compliant, the compliance of business processes studied the theory of trusted audit for the network behavior, By real-timely monitoring network behavior, the technology can real-timely judg the credibility of network behavior and operation processes, preventing malicious operation or wrong operation from the internal staff.(5) According to the security defense characteristics and specific requirements of electric power SCADA system, by applying the theory and key technologies of Electric Power Trusted Network system, the trusted nework system for electric power SCADA system has been designed and proposed, which can provide an application example for the theory and key technologies of Electric Power Trusted Network. |
PDF Full Text Request