摘要
目前现役和在售的嵌入式电子设备大多处于不设防状态,系统安全面临威胁。针对工业嵌入式设备自身防护能力较弱的特点,以PLC为例说明嵌入式设备存在的漏洞风险。设计了石化液位控制系统,演示了工业病毒利用漏洞进行攻击的方法与途径。设计了漏洞分析系统,包括工业协议状态模型、未知漏洞挖掘、已知漏洞扫描、漏洞识别模型、安全评估分析和监测与控制等六个部分,为工业控制系统漏洞分析系统开发提供了理论方法。
At present,most of the embedded electronic devices,active duty or commercial available,are in undefended state,the system security is facing threats. In accordance with the feature of industrial embedded devices,i. e.,the self-protection capability is weak,the vulnerability risks exist in embedded devices are described with PLC as example. The level control system for petrochemical industry is designed,and the attack method and path of industrial viruses through loopholes are demonstrated. The vulnerability analysis system is designed,including six parts: industrial protocol state model,unknown vulnerability mining,known vulnerability scanning,vulnerability identification model,security evaluation analysis and monitoring and control; it provides theoretical method for developing vulnerability analysis system of industrial control systems.
出处
《自动化仪表》
CAS
2015年第10期63-67,71,共6页
Process Automation Instrumentation
基金
国家863高技术研究发展计划基金资助项目(编号:2015AA043901-01)
关键词
工业嵌入式设备
漏洞分析
PLC
工业病毒
安全测试
Industrial embedded device Vulnerability analysis PLC Industrial virus Security test