信息网络安全
信息網絡安全
신식망락안전
NETINFO SECURITY
2014年
8期
71-76
,共6页
李慧%张茹%刘建毅%赵静
李慧%張茹%劉建毅%趙靜
리혜%장여%류건의%조정
攻击树%数据采集与监视控制系统%数传电台传输%安全性评估%攻击图景
攻擊樹%數據採集與鑑視控製繫統%數傳電檯傳輸%安全性評估%攻擊圖景
공격수%수거채집여감시공제계통%수전전태전수%안전성평고%공격도경
attack tree%data acquisition and supervisory control system%digital radio transmission%safety assessment%attack picture
数传电台在数据采集与监视控制系统中广泛应用,其传输安全也受到越来越大的挑战。文章为了系统分析评估数据采集与监视控制系统中数传电台传输的安全性,针对数传电台传输阶段可能存在的风险,采用攻击树建模方法,对传统攻击树进行改进,重新定义了攻击节点,量化了叶子节点的攻击风险,建立了以威胁数据采集与监视控制系统安全为攻击目标的攻击树模型,在攻击树的基础上可以直观地反映各种可能的攻击图景。并根据攻击树计算出了各攻击图景发生的概率,根据多攻击图景考虑系统总的安全性。最后利用安全性灵敏度,定量分析各攻击方式发生概率变化对系统安全性的影响,找出对系统安全性影响较大的关键方式,提出提高系统安全水平的措施。文中攻击树模型可以用于评估系统风险,区分不同攻击方式对系统的不同安全威胁程度,由此为决策者采取相应的数传电台传输保护措施提供依据。
數傳電檯在數據採集與鑑視控製繫統中廣汎應用,其傳輸安全也受到越來越大的挑戰。文章為瞭繫統分析評估數據採集與鑑視控製繫統中數傳電檯傳輸的安全性,針對數傳電檯傳輸階段可能存在的風險,採用攻擊樹建模方法,對傳統攻擊樹進行改進,重新定義瞭攻擊節點,量化瞭葉子節點的攻擊風險,建立瞭以威脅數據採集與鑑視控製繫統安全為攻擊目標的攻擊樹模型,在攻擊樹的基礎上可以直觀地反映各種可能的攻擊圖景。併根據攻擊樹計算齣瞭各攻擊圖景髮生的概率,根據多攻擊圖景攷慮繫統總的安全性。最後利用安全性靈敏度,定量分析各攻擊方式髮生概率變化對繫統安全性的影響,找齣對繫統安全性影響較大的關鍵方式,提齣提高繫統安全水平的措施。文中攻擊樹模型可以用于評估繫統風險,區分不同攻擊方式對繫統的不同安全威脅程度,由此為決策者採取相應的數傳電檯傳輸保護措施提供依據。
수전전태재수거채집여감시공제계통중엄범응용,기전수안전야수도월래월대적도전。문장위료계통분석평고수거채집여감시공제계통중수전전태전수적안전성,침대수전전태전수계단가능존재적풍험,채용공격수건모방법,대전통공격수진행개진,중신정의료공격절점,양화료협자절점적공격풍험,건립료이위협수거채집여감시공제계통안전위공격목표적공격수모형,재공격수적기출상가이직관지반영각충가능적공격도경。병근거공격수계산출료각공격도경발생적개솔,근거다공격도경고필계통총적안전성。최후이용안전성령민도,정량분석각공격방식발생개솔변화대계통안전성적영향,조출대계통안전성영향교대적관건방식,제출제고계통안전수평적조시。문중공격수모형가이용우평고계통풍험,구분불동공격방식대계통적불동안전위협정도,유차위결책자채취상응적수전전태전수보호조시제공의거。
Digital radio is widely used in supervisory control and data acquisition system, and the transmission security is increasingly challenged. In order to systematically analyze and assess the digital radio transmission security in supervisory control and data acquisition system, this paper uses attack tree modeling method for the existing risk in the digital radio transmission stage, improves the traditional attack tree, refines attack nodes, quantifies the attack risk of leaf nodes, and establishes an attack tree model in which threats to the supervisory control and data acquisition system is the target. And it directly relfects the various possible attack picture based on the attack tree. This paper calculates the probability of the occurrence of each attack picture based on attack tree, and considers the overall safety of the system under various attack pictures. Finally, it analyzes quantitatively the impact of each change in the probability of attacks on the system security based on security sensitivity. And it identiifes the key way which has a greater impact on system security, and proposes measures to improve the system security level. This attack tree model can be used to assess systemic risk and to distinguish different security threat levels of different attacks to the system, thus to provide a basis for decision-makers to take appropriate protective measures for the digital radio transmission.
