期刊文献+

基于访问验证的工业控制系统安全保障方法 被引量:4

Industry Control System Security Assurance Method Based on Access Verification
下载PDF
导出
摘要 为了实时监控系统状态转换过程、及时感知异常执行轨迹和越权功能调用等非法行为,从系统行为和权限控制角度出发,提出一种基于访问验证的安全保障方法,通过明确系统状态转换规则,确保系统在工作过程中状态可信,并通过理论证明和攻击实例分析表明该方法的现实可行性. When industrial control systems with a high security level were in poor working conditions or encounter vicious attacks, safety problems such as behavior tracks abnormity and privilege-exceeding call would come out to affect the safety of production. In order to solve the problem, a safety method based on access verification was proposed from the perspective of system action and privilege control. To ensure the state security during working conditions, system state transition rules were defined and the system state could be monitored in real time. Illegal behaviors such as abnormal execute traces and privilege- exceeding function calls would be detected in time. The feasibility of the method was further illustrated by theoretical identification and analysis of attack instances.
出处 《北京工业大学学报》 CAS CSCD 北大核心 2013年第12期1861-1867,共7页 Journal of Beijing University of Technology
基金 国家科技重大专项资助项目(2012ZX03002003) 核高基重大专项资助项目(2010ZX01037-001-001)
关键词 工业控制系统安全 访问验证 可信计算 安全模型 security of industry control system access verification trusted computing security model
  • 相关文献

参考文献8

  • 1LANGNER R. Stuxnet: dissecting a cyberwarfare weapon [J]. Security& Privacy, 2011, 9(3): 49-51.
  • 2赵波,张焕国,李晶,陈璐,文松.可信PDA计算平台系统结构与安全机制[J].计算机学报,2010,33(1):82-92. 被引量:49
  • 3SESHADRI A, LUK M, QU N, et al. A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes [C] //Proceedings of the ACM Symposium on Operating Systems Principles (SOSP). New York: ACM Press, 2007 : 335-350.
  • 4RILEY R, JIANG Xu-xian, XU Dong-yan. Guest- transparent prevention of kernel rootkits with VMM-based memory shadowing [ C ] // Proceedings of the l lth International Symposium on Recent Advances in Intrusion Detection. Berlin: Springer, 2008, 5230: 1-20.
  • 5PETRONI N L, FRASER T, MOLINA J, et al. Copilot--a coprocessor-based kernel runtime integrity monitor [ C ] // Proceedings of the 13th Conference on USENIX Security Symposium. Berkeley: USENIX, 2004, 13: 179-194.
  • 6刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879. 被引量:47
  • 7LOSCOCCO P A, WILSON P W, PENDERGRASS J A. Linux kernel integrity measurement using contextual inspection[ C ] // Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing. New York: ACM Press, 2007 : 21-29.
  • 8SESHADRI A, PERRIG A, DOORM L V, et al. SWATT: software-based attestation for embedded devices [ C ] // Proceedings of 2004 IEEE Symposium on Security and Privacy, Oakland: IEEE Security and Privacy Press, 2004 : 272-282.

二级参考文献25

共引文献93

同被引文献40

引证文献4

二级引证文献30

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部