Study On Security Supporting Platform Of Power Systems Integrated Service And Its Application

With the rapid development of electric power systems informationization, more and more application systems are accessing to power enterprise information network. The data exchange and collaboration between systems are becoming increasingly frequent. All of those things constitute a typical heterogeneous multi-domain environment. How to resolve heterogeneous systems security integration in the power enterprise under premise of open, interconnected, standardization, and realize the safe operation of legitimate users across multiple security domains, has become a reality problem that impacts the power system security, stability operation.Thereby, starting from the security requirement of power system integration services, the paper makes a study of how to introduce kinds of open security technologies and standards to the security information construction of power system. Then a solution of integration service security supporting platform of web services-based is putted forward. The paper focuses on secure communications, accounts management and identity synchronization, access control, unified authentication, etc, and gives all of the solutions and programming of key issues. The work can be summarized in following points:(1) The safety communication mechanism is discussed in power system integration services environment. Web Services security communication process is designed with the client/server mode. Then an effective function model of security communication system with WS-Security is established. Security logic nodes in the function model are designed and implemented, such as signature node, encryption node, decryption node, signature validation node, etc. It effectively guarantees end-to-end communication security of heterogeneous environment by cooperating of those nodes.(2) Aiming at unified management of user identities and account synchronization between heterogeneous systems, the paper analyses the existing user account management methods, and designs a user identity management model with SPML (Service Provisioning Markup Language). It discusses how to create the user identity in multi-application system, when a new user joins the power enterprise. Then the identity synchronous security mode is studied. Password synchronizer classes are designed. The identity of synchronization process is analyzed in the normal and non-normal circumstances. At last, the implementation of core classes is taken on.(3) The paper analyzes the traditional access control technologies and the basic principles of XACML access control; designs an access control system accord with power enterprise's demand. Then the paper gives more attention to static reference model, dynamic process model, and access control policy. Finally, the core implementation and a soft demo of access control model are taken on.(4) In order to realization uniform authentication, the paper analyzes the basic idea of that, and describes the model of uniform authentication service. Then, the paper focuses on the generation and validation mechanism of SAML token. Finally, through the analysis of an instance and programming demo, this model is demonstrated to meet the requirements of future power systems on integration and reuse.