面向TSN工控系统的安全策略冲突消解方法

doi:10.12305/j.issn.1001-506X.2024.12.21

摘要/Abstract

摘要：

时间敏感网络(time sensitive networking, TSN)工控系统中安全策略的执行可能影响业务流的正常运行, 使系统的信息安全和功能安全之间发生冲突。因此, TSN工控系统中信息安全策略和功能安全策略需要进行一体化部署, 并解决两种不同安全策略之间的冲突问题。针对该问题, 提出双粒度融合的冲突识别与消解多步方法。第一步, 基于策略决策进行粗粒度的冲突识别与消解, 以获得无冲突的安全策略集合。第二步, 基于任务调度进行细粒度的冲突识别与消解, 通过策略解析和时延预估模型的优化闭环, 满足业务流传输安全一体化的需求。最后, 通过实验验证所提冲突消解方法的有效性和可行性, 证明所提方法可生成同时满足TSN工控系统安全性与实时性的安全策略及其对应的安全任务。

关键词: 时间敏感网络工控系统, 信息安全, 功能安全, 冲突消解

Abstract:

In the area of time sensitive networking (TSN) industrial control system, the execution of security strategies may affect the normal operation of the business flow, leading to conflicts between system information security and function safety. Therefore, information safety and function security strategies in TSN industrial control system need to be deployed together and resolve conflicts between the two different safety strategies. To address the problem, a multi-step method for conflict identification and resolution with dual granularity fusion is proposed. The first step is to perform coarse-grained conflict identification and resolution based on strategy decision-making to obtain a set of conflict-free security strategies. The second step is to perform fine-grained conflict identification and resolution based on task scheduling, meeting the integrated requirements of business flow transmission security through strategy analysis and optimized closed-loop of delay prediction models. Finally, the effectiveness and feasibility of the proposed conflict resolution method are validated through experiments, which demonstrate that the proposed method can generate security strategies and corresponding security tasks that simultaneously meet the safety and real-time requirements of TSN industrial control systems.

Key words: time sensitive networking (TSN) industrial control system, information safety, function security, conflict resolution

中图分类号:

TP393.08

王志通, 胡晓娅. 面向TSN工控系统的安全策略冲突消解方法[J]. 系统工程与电子技术, 2024, 46(12): 4128-4139.

Zhitong WANG, Xiaoya HU. Conflict resolution method for security strategies for TSN industrial control system[J]. Systems Engineering and Electronics, 2024, 46(12): 4128-4139.

图/表 17

表1

表2

表3

表4

图1

图2

图3

表5

图4

表6

表7

表8

表9

表10

图5

表11

图6

参考文献 31

1	IEC 61508-2010. International electro technical commission. Functional safety of electrical electronic programmable electronic safety-related systems[S]. Geneva: International Electro Technical Commission, 2010.
2	IEC62443-3-3. International electro technical commission. Industrial communication networks-network and system security[S]. Geneva: International Electrotechnical Commission, 2013.
3	KRIAA S , PIETRE-CAMBACEDES L , BOUISSOU M , et al. A survey of approaches combining safety and security for industrial control systems[J]. Reliability Engineering & System Safety, 2015, 139, 156- 178.
4	STONEBURNER G . Toward a unified security-safety model[J]. Computer, 2006, 39 (8): 96- 97.
5	EAMES D P, MOFFETT J. The integration of safety and security requirements[C]//Proc. of the 18th International Conference on Computer Safety, Reliability and Security, 1999: 468-480.
6	XIONG W Z, JIN J H. Summary of integrated application of functional safety and information security in industry[C]//Proc. of the 12th International Conference on Reliability, Maintain-ability, and Safety, 2018: 463-469.
7	HOLLERER S, KASTNER W, SAUTER T. Towards a comprehensive ontology considering safety, security, and operation requirements in OT[C]//Proc. of the 28th International Conference on Emerging Technologies and Factory Automation, 2023.
8	MENON C, VIDALIS S. Towards the resolution of safety and security conflicts[C]//Proc. of the International Carnahan Conference on Security Technology, 2021.
9	ZHOU C J , LI X , YANG S H , et al. Risk-based scheduling of security tasks in industrial control systems with consideration of safety[J]. IEEE Trans.on Industrial Informatics, 2019, 16 (5): 3112- 3123.
10	胡博文, 周纯杰, 刘璐. 基于模糊多目标决策的智能仪表功能安全与信息安全融合方法[J]. 信息网络安全, 2021, 21 (7): 10- 16.
	HU B W , ZHOU C J , LIU L . Coordination of functional safety and information security for intelligent instrument based on fuzzy multi-objective decision[J]. Netinfo Security, 2021, 21 (7): 10- 16.
11	靳江红, 莫昌瑜, 李刚. 工业控制系统功能安全与信息安全一体化防护措施研究[J]. 工业安全与环保, 2020, 46 (1): 53- 60.
	JIN J H , MO C Y , LI G . Integration technology of functional safety and cyber security for industrial control system[J]. Industrial Safety and Environmental Protection, 2020, 46 (1): 53- 60.
12	LEIVADEAS A , FALKNER M , LAMBADARIS I , et al. Optimal virtualized network function allocation for an SDN enabled cloud[J]. Computer Standards & Interfaces, 2017, 54, 266- 278.
13	PAXSON V , FLOYD S . Wide area traffic: the failure of Poi-sson modeling[J]. IEEE/ACM Trans.on Networking,, 1995, 3 (3): 226- 244. doi: 10.1109/90.392383
14	刘艺. 面向SDN网络的安全服务链映射与调整方法研究[D]. 郑州: 中国人民解放军战略支援部队信息工程大学, 2019.
	LIU Y. Research on security service chain embedding and adjusting methods oriented to SDN network[D]. Zhengzhou: Information Engineering University, 2019.
15	黄睿, 张红旗. 安全服务链中虚拟网络功能分配与调度算法研究[J]. 计算机应用研究, 2019, 36 (3): 257- 262.
	HUANG R , ZHANG H Q . Research on algorithm of VNF allocation and scheduling problems in security service chain[J]. Application Research of Computers, 2019, 36 (3): 257- 262.
16	张奇. 基于SDN/NFV的安全服务链自动编排部署框架[J]. 计算机系统应用, 2018, 27 (3): 198- 204.
	ZHANG Q . Automatic scheduling deployment framework for security service chain based on SDN/NFV[J]. Computer Systems & Applications, 2018, 27 (3): 198- 204.
17	王泽南, 李佳浩, 檀朝红, 等. 面向网络安全资源池的智能服务链系统设计与分析[J]. 网络与信息安全学报, 2022, 8 (4): 175- 181.
	WANG Z N , LI J H , TAN C H , et al. Design and analysis of intelligent service chain system for network security resource pool[J]. Chinese Journal of Network and Information Security, 2022, 8 (4): 175- 181.
18	刘璐, 朱越, 郭伟杰, 等. 工业互联网环境下智能仪表安全任务一体化调度方法研究[J]. 信息安全研究, 2023, 9 (4): 321- 330.
	LIU L , ZHU Y , GUO W J , et al. Research on integrated scheduling method of safety and security tasks for intelligent instruments in industrial internet[J]. Journal of Information Security Research, 2023, 9 (4): 321- 330.
19	IEEE 802.1 Working Group . IEEE standard for local and metropolitan area networks-timing and synchronization for time-sensitive applications[J]. IEEE Std 802.1 AS-2020 (Revision of IEEE Std 802.1 AS-2011), 2020, 1- 421.
20	IEEE 802.1 Working Group. . IEEE standard for local and met-ropolitan area networks-bridges and bridged networks-amendment 25: Enhancements for Scheduled Traffic[J]. IEEE Std, 2016, 802, 1- 57.
21	KONTRON S&T GROUP. Time-sensitive networking(TSN)[EB/OL]. [2024-02-26]. https://www.kontron.com/resources/collateral/white_papers/kontron_wp_tsn_en_2022.pdf?product=151637.
22	工业互联网产业联盟. 工业互联网时间敏感网络(TSN)产业白皮书[EB/OL]. [2024-02-26]. https://www.aii-alliance.org/upload/202009/0901_165010_961.pdf.
	Industrial Internet Industry Alliance. Industrial internet time-sensitive networking (TSN) industry white paper[EB/OL]. [2024-02-26]. https://www.aii-alliance.org/upload/202009/0901_165010_961.pdf.
23	卜天宇, 严锦立, 黄金锋, 等. 面向OPC UA/TSN架构的工业控制网络安全防护研究[J]. 网络空间安全, 2019, 10 (10): 93- 100.
	BU T Y , YAN J L , HUANG J F , et al. Research on industrial control network security protection based on OPC UA/TSN architecture[J]. Cyberspace Security, 2019, 10 (10): 93- 100.
24	WANG H W, LI X G, HU X Y. A vulnerability mining method for IEEE 802.1QBV in TSN system based on timed automata[C]// Proc. of the China Automation Congress, 2022: 6644-6649.
25	PEÑA R A, PASCUAL M, ASTARLOA A, et al. Impact of MACsec security on TSN traffic[C]//Proc. of the 37th Conference on Design of Circuits and Integrated Circuits, 2022.
26	DIK D, LARSEN I, BERGER M S. MACsec and AES-GCM hardware architecture with frame preemption support for transport security in time sensitive networking[C]//Proc. of the International Conference on Computer, Information and Telecommunication Systems, 2023.
27	SETHI R , KADAM A , PRABHU K , et al. Security considerations to enable time-sensitive networking over 5G[J]. IEEE Open Journal of Vehicular Technology, 2022, 3, 399- 407. doi: 10.1109/OJVT.2022.3205014
28	LI H X , LI D K , ZHANG X D , et al. A security management architecture for time synchronization towards high precision networks[J]. IEEE Access, 2021, 9, 117542- 117553. doi: 10.1109/ACCESS.2021.3107203
29	ZHANG Y J, XU Q M, CHEN C L, et al. SvTI: SFC-driven queue injection in virtual time-sensitive network via augmented topology[C]//Proc. of the Globecom IEEE Global Communications Conference, 2022: 4916-4921.
30	张吉军. 模糊层次分析法(FAHP)[J]. 模糊系统与数学, 2000, 14 (2): 80- 88.
	ZHANG J J . Fuzzy analytic hierarchy process (FAHP)[J]. Fuzzy Systems and Mathematics, 2000, 14 (2): 80- 88.
31	何明, 郑翔, 赖海光, 等. 蒙特卡罗方法在网络性能仿真中的应用[J]. 系统仿真学报, 2009, 21 (24): 7770- 7772.
	HE M , ZHENG X , LAI H G , et al. Application in network performance simulation with Monte Carlo method[J]. Journal of System Simulation, 2009, 21 (24): 7770- 7772.

SL评价维度	说明
IAC	设备及其信息查询未授权的访问保护
UC	设备未授权的操作保护
SI	篡改数据保护
DC	数据泄露保护
RDF	未授权信息的泄露保护
TRE	将对信息安全的侵害通知权威部门，并报告相关的证据
RA	保护网络资源，使其免遭拒绝服务攻击

SL	说明
1	防止随机或巧合的违规
2	防止使用少量资源、通用技能、低等级的简单手段进行蓄意破坏
3	防止使用一般资源、工业自动化和控制系统专业技能、一般等级的复杂手段进行蓄意破坏
4	防止使用扩展资源、工业自动化和控制系统特殊技能、高动机的复杂手段进行蓄意破坏

SIL	低需求模式PFD_avg
1	[10^-5, 10^-4)
2	[10^-4, 10^-3)
3	[10^-3, 10^-2)
4	[10^-2, 10^-1)

SIL	持续需求模式h
1	[10^-9, 10^-8)
2	[10^-8, 10^-7)
3	[10^-7, 10^-6)
4	[10^-6, 10^-5)

符号	形式/计算方法	说明
list_task_i	[tasks₁, tasks₂, …, tasks_n]	第i种数据流的任务组合集合
Policy_i·Le_T	-	安全策略Policy_i的SL
tasks_ij·Le_C	-	安全任务tasks_ij的SL
Le_i	$\operatorname{avg}\left(\frac{\text { tasks } \cdot \text { Le }_C}{\text { Policy } \cdot \text { Le }_T}\right)$	每种数据流的安全指标
Le	minLe_i	系统总体安全指标, 其中m为系统数据流种类数量
t_i		第i种数据流的平均端到端时延
timelimit_i	-	时延限值
rate_i		第i种数据流的超时率
α_i		超时率容忍度
time_i	$\frac{t_i}{\text { timelimit }_i}$	数据流i的相对时延
time	maxtime_i	时间敏感数据流总体时延指标, 数据i为时间敏感(time-triggered, TT)流
C	{c_ij}	安全任务的选择矩阵
ω_s	-	系统总体安全指标权重
ω_t		时间敏感数据流总体时延指标权重