CN117784743A - Trusted DCS control system and method - Google Patents
Trusted DCS control system and method Download PDFInfo
- Publication number
- CN117784743A CN117784743A CN202410220787.6A CN202410220787A CN117784743A CN 117784743 A CN117784743 A CN 117784743A CN 202410220787 A CN202410220787 A CN 202410220787A CN 117784743 A CN117784743 A CN 117784743A
- Authority
- CN
- China
- Prior art keywords
- trusted
- module
- storage unit
- bus interface
- measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000003860 storage Methods 0.000 claims abstract description 25
- 238000005259 measurement Methods 0.000 claims description 26
- 230000002093 peripheral effect Effects 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000001514 detection method Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010924 continuous production Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses a trusted DCS control system and a method, comprising an upper computer, a switch and a lower computer, wherein the upper computer comprises a trusted operation station, and the lower computer comprises a trusted controller, a clock module, a system bus interface, an external bus interface, a firmware storage unit and a power module for providing electric energy; the trusted controller comprises a trusted CPU, an FPGA, a program storage unit, a configuration storage unit and a trusted module; the system and the method can ensure that the safety of an intranet is improved, and the protection capability is excellent.
Description
Technical Field
The invention belongs to the field of automatic control, relates to a control system and method, and in particular relates to a trusted DCS control system and method.
Background
Currently, a thermal power DCS control system, which is a core device of an electric infrastructure, faces serious safety risks. In order to meet the requirement of industrial real-time performance, most of DCS control systems are not designed to consider the intrinsic safety characteristics of the systems, so that the systems are in an unprotected state during operation, and the safety protection capability is weak. Based on the continuous production requirement of an industrial control system, the system is difficult to update in real time, and the traditional patching type virus prevention and detection means are difficult to ensure the long-term safety and stability of the system. The traditional boundary protection means of the full-domestic DCS control system can only realize the safety isolation of the internal network and the external network, transversely ensure the safety of the system, cannot ensure the safety of the internal network, cannot achieve the deep protection effect, and once the boundaries of a firewall and the like are broken, the whole set of control system loses a series of problems such as protection capability and the like. The existing protection means can not fundamentally solve the endogenous safety problem of a DCS control system, and can not timely cope with newly-appearing virus attacks, so that the system can not be effectively protected, and great hidden danger is brought to power safety production.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a trusted DCS control system and a trusted DCS control method.
In order to achieve the above purpose, the trusted DCS control system of the present invention comprises an upper computer, a switch and a lower computer, wherein the upper computer comprises a trusted operation station, and the lower computer comprises a trusted controller, a clock module, a system bus interface, an external bus interface, a firmware storage unit and a power module for providing electric energy; the trusted controller comprises a trusted CPU, an FPGA, a program storage unit, a configuration storage unit and a trusted module;
the trusted operation station is connected with the switch, the switch is connected with the FPGA through an external bus interface, the trusted CPU is connected with the FPGA, the trusted module, the clock module, the program storage unit, the configuration storage unit and the firmware storage unit, and the FPGA is connected with the system bus interface.
The trusted module adopts a TPM chip.
The upper computer also comprises a trusted server, and the trusted server is connected with the switch.
The configuration storage unit is a nonvolatile random access memory.
The trusted DCS control method provided by the invention comprises the following steps:
after the power module supplies power, the trusted module utilizes the trusted CPU to perform trusted measurement on the system firmware in the firmware storage unit, when the trusted measurement of the system firmware passes, the system performs normal starting loading, and if the trusted measurement of the system firmware does not pass, the power supply of the peripheral interface chip is cut off, so that wrong instructions are prevented from being issued, and misoperation of equipment is caused;
after the system is normally started and loaded, the trusted module utilizes the trusted CPU to measure the reliability of the application program in the program storage unit, when the application program reliability measure is passed, the trusted controller is normally started, otherwise, the trusted controller cannot be normally started, and meanwhile, the power supply module cuts off the power supply of an interface chip in communication with the outside.
The trusted controller further comprises after normal start-up:
and loading the program of the FPGA and configuring the register through a data bus.
After the FPGA program is loaded normally, initializing a system bus interface, communicating with an IO module for external measurement through the system bus interface, collecting measurement data sent by the IO module, and issuing an analysis result of the data and parameters of equipment.
After the FPGA program is loaded normally, an external bus interface is initialized, and the external bus interface is respectively connected with a trusted operation station and a trusted server through a switch.
After the trusted operation station is normally started, an operator performs parameter configuration and issuing of trusted control in real time through the trusted operation station, so that communication between the trusted operation station and a lower computer is realized.
The invention has the following beneficial effects:
the trusted DCS control system and the method of the invention do not adopt the traditional software security means when in specific operation, but adopt the trusted CPU, the trusted module and the trusted operation station to realize the trusted hardware from the whole link of the system, thereby avoiding the traditional patching type antivirus and detection means.
Drawings
Fig. 1 is a schematic structural view of the present invention.
The system comprises a trusted operating station 1, a trusted server 2, a switch 3, a trusted CPU4, an FPGA5, a system bus interface 6, an external bus interface 7, a clock module 8, a trusted module 9, a power module 10, a firmware storage unit 11, a configuration storage unit 12 and a program storage unit 13.
Detailed Description
In order to make the present invention better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments, but not intended to limit the scope of the present disclosure. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
In the accompanying drawings, there is shown a schematic structural diagram in accordance with a disclosed embodiment of the invention. The figures are not drawn to scale, wherein certain details are exaggerated for clarity of presentation and may have been omitted. The shapes of the various regions, layers and their relative sizes, positional relationships shown in the drawings are merely exemplary, may in practice deviate due to manufacturing tolerances or technical limitations, and one skilled in the art may additionally design regions/layers having different shapes, sizes, relative positions as actually required.
Referring to fig. 1, the trusted DCS control system of the present invention includes an upper computer, a switch 3 and a lower computer;
the upper computer comprises a trusted operation station 1 and a trusted server 2, and the lower computer comprises a trusted controller, a clock module 8, a system bus interface 6, an external bus interface 7, a firmware storage unit 11 and a power module 10 for providing electric energy; the trusted controller comprises a trusted CPU4, an FPGA5, a program storage unit 13, a configuration storage unit 12 and a trusted module 9;
the trusted operation station 1 is connected with the switch 3, the switch 3 is connected with the FPGA5 through the external bus interface 7, the trusted CPU4 is connected with the FPGA5, the trusted module 9, the clock module 8, the program storage unit 13, the configuration storage unit 12 and the firmware storage unit 11, and the FPGA5 is connected with the system bus interface 6.
In this embodiment, the trusted module 9 employs a TPM chip.
Based on the trusted DCS control system, the method of the trusted DCS control system comprises the following steps:
1) After the power module 10 supplies power, the trusted module 9 utilizes the trusted CPU4 to perform trusted measurement on the system firmware in the firmware storage unit 11, when the trusted measurement of the system firmware passes, the system performs normal starting loading, and when the trusted measurement of the system firmware does not pass, the power module 10 cuts off the power supply.
2) After the system is normally started and loaded, the trusted module 9 measures the application program in the program storage unit 13 by using the trusted CPU4, when the application program trusted measurement is correct, the trusted controller is normally started, otherwise, the trusted controller cannot be normally started, and meanwhile, the power supply module 10 cuts off the power supply.
3) After the trusted controller is normally started, program loading and register configuration of the FPGA5 are carried out through data buses (PCIE, LPC and network ports).
4) After the FPGA5 program is loaded normally, initializing a system bus interface 6, communicating with an IO module for external measurement through the system bus interface 6, collecting measurement data sent by the IO module, and analyzing the data and issuing parameters of equipment.
After the FPGA5 program is loaded normally, an external bus interface 7 is initialized, the external bus interface 7 is respectively connected with the trusted operation station 1 and the trusted server 2 through the switch 3, and after the trusted operation station 1 is started normally, an operator performs parameter configuration and issuing of trusted control in real time through the trusted operation station 1, so that communication between the trusted operation station 1 and a lower computer is realized.
5) The trusted controller transmits the collected lower computer data to the trusted server 2 through the switch 3 for data storage.
6) The operator accesses the history data stored in the trusted server 2 through the trusted operator station 1 by using the exchange 3.
The configuration storage unit 12 is a nonvolatile random access memory NVRAM, and is used for storing configuration files issued by the trusted operator station 1 for automatic real-time calling inside the trusted CPU 4.
The power module 10 supplies power to the lower computer, and when the power is initially powered on, the trusted measurement of the trusted CPU4 and the trusted module 9 cannot pass, and the power supply is cut off.
The clock module 8 is configured to provide clocks for the trusted CPU4, the FPGA5 and the data bus.
The invention has the following characteristics:
the invention does not adopt the traditional software security means, but adopts the trusted CPU4, the trusted module 9, the trusted operation station 1 and the trusted server 2 to realize the hardware trust from the whole link of the system, avoids the traditional patching type anti-virus and detection means, realizes the security functions of ensuring 2.0 'trust verification' and the like, meets the requirement of secret evaluation on trusted computing, increases the endogenous active defense capacity of the system, improves the integral security and the credibility of the system, and has convenient later maintenance and convenient large-scale popularization and application.
And the internal storage of the trusted controller is reasonably distributed, the reasonability of the trusted measurement is realized, and the state of the trusted controller is adjusted in real time through the policy schemes of different memory storage.
When the trusted controller measures, the trusted controller strictly complements with the power module 10, so that the hard logic automatically cut off by the power supply system of the power module 10 is realized, and the complete credibility of the trusted controller is effectively ensured.
The trusted controller comprises a trusted CPU4, an FPGA5, a program storage unit 13, a configuration storage unit 12 and a trusted module 9, when the system detects that the trusted module 9 is arranged on the board card, the trusted module 9 measures the safety of firmware in the firmware storage unit 11 during power-on, detection and loading during starting of the trusted program are realized, when the measurement is measured correctly through a TPM chip, the trusted controller is normally started, otherwise, the program in the trusted controller is considered to be illegally tampered, at the moment, the trusted controller cannot be normally started, and an operator can be reminded to check and replace. Meanwhile, when the DCS trusted controller is normally operated in the national production, dynamic measurement is carried out on key program modules, real-time program measurement can be realized by adopting the TPM security measurement chip, when the real-time measurement is problematic in signature checking, the trusted controller can report measurement results to a trusted management platform for decision making, and the trusted controller can execute different strategies according to different working conditions stored in flash, so that the protection of an operation unit is realized, the traditional patching upgrading mode is avoided, and the popularization and maintenance of products are facilitated.
The invention carries out dynamic credibility verification in the key execution link of the application program, alarms after detecting that the credibility is destroyed, forms an audit record and sends the audit record to the credibility safety management platform.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (9)
1. The trusted DCS control system is characterized by comprising an upper computer, a switch (3) and a lower computer, wherein the upper computer comprises a trusted operation station (1), and the lower computer comprises a trusted controller, a clock module (8), a system bus interface (6), an external bus interface (7), a firmware storage unit (11) and a power module (10) for providing electric energy; the trusted controller comprises a trusted CPU (4), an FPGA (5), a program storage unit (13), a configuration storage unit (12) and a trusted module (9);
the trusted operation station (1) is connected with the switch (3), the switch (3) is connected with the FPGA (5) through an external bus interface (7), the trusted CPU (4) is connected with the FPGA (5), the trusted module (9), the clock module (8), the program storage unit (13), the configuration storage unit (12) and the firmware storage unit (11), and the FPGA (5) is connected with the system bus interface (6).
2. The trusted DCS control system of claim 1, wherein the trusted module (9) employs a TPM chip.
3. The trusted DCS control system of claim 1, wherein the host computer further comprises a trusted server (2), the trusted server (2) being connected to the switch (3).
4. The trusted DCS control system of claim 1, wherein the configuration storage unit (12) is a non-volatile random access memory.
5. A trusted DCS control method, based on the trusted DCS control system of claim 1, comprising the steps of:
after the power module (10) supplies power, the trusted module (9) utilizes the trusted CPU (4) to perform trusted measurement on system firmware in the firmware storage unit (11), when the trusted measurement of the system firmware passes, the system is normally started and loaded, and when the trusted measurement of the system firmware does not pass, the power module (10) cuts off the power supply to the peripheral interface chip;
after the system is normally started and loaded, the trusted module (9) utilizes the trusted CPU (4) to perform trusted measurement on the application program in the program storage unit (13), when the trusted measurement of the application program is passed, the trusted controller is normally started, otherwise, the trusted controller cannot be normally started, and meanwhile, the power supply to the peripheral interface chip is cut off.
6. The trusted DCS control method of claim 5, wherein said trusted controller further comprises, after normal start-up:
and loading programs and configuring registers of the FPGA (5) through a data bus.
7. The method for controlling the trusted DCS according to claim 6, wherein after the FPGA (5) program is loaded normally, a system bus interface (6) is initialized, the system bus interface (6) is communicated with an IO module for external measurement, measurement data sent by the IO module are collected, and analysis results of the measurement data and parameters of equipment are issued.
8. The method for controlling the trusted DCS according to claim 6, wherein after the FPGA (5) is normally loaded, an external bus interface (7) is initialized, and the external bus interface is respectively connected with the trusted operating station (1) and the trusted server (2) through the switch (3).
9. The trusted DCS control method of claim 6, wherein after the trusted operator station (1) is normally started, the operator performs the parameter configuration and issuing of the trusted control in real time through the trusted operator station (1).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410220787.6A CN117784743B (en) | 2024-02-28 | 2024-02-28 | Trusted DCS control system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410220787.6A CN117784743B (en) | 2024-02-28 | 2024-02-28 | Trusted DCS control system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117784743A true CN117784743A (en) | 2024-03-29 |
| CN117784743B CN117784743B (en) | 2024-05-17 |
Family
ID=90402002
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410220787.6A Active CN117784743B (en) | 2024-02-28 | 2024-02-28 | Trusted DCS control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117784743B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104778141A (en) * | 2015-02-10 | 2015-07-15 | 浙江大学 | Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology |
| CN105205401A (en) * | 2015-09-30 | 2015-12-30 | 中国人民解放军信息工程大学 | Trusted computer system based on safe password chip and trusted guiding method thereof |
| CN107612731A (en) * | 2017-09-19 | 2018-01-19 | 北京工业大学 | One kind is based on the believable network section generation of software definition and credible recovery system |
| CN112948086A (en) * | 2021-03-04 | 2021-06-11 | 浙江中控研究院有限公司 | Credible PLC control system |
| GB202112858D0 (en) * | 2020-09-10 | 2021-10-27 | Fisher Rosemount Systems Inc | Network resource management in a communication network for control and automation systems |
| CN114896640A (en) * | 2022-04-30 | 2022-08-12 | 苏州浪潮智能科技有限公司 | Secure boot method, device, equipment and readable medium based on trusted root |
| US20220408262A1 (en) * | 2021-06-22 | 2022-12-22 | Microsoft Technology Licensing, Llc | Trusted 5g network slices |
| CN116991487A (en) * | 2023-08-21 | 2023-11-03 | 中国电子科技集团公司第三十研究所 | Trusted platform control system based on data compression and trusted firmware recovery method |
| CN117032831A (en) * | 2023-08-25 | 2023-11-10 | 西安热工研究院有限公司 | Trusted DCS upper computer system, starting method thereof and software starting method thereof |
| CN117112474A (en) * | 2023-10-23 | 2023-11-24 | 湖南博匠信息科技有限公司 | Universal trusted substrate management method and system |
| CN117195231A (en) * | 2023-09-14 | 2023-12-08 | 华能威海发电有限责任公司 | Security protection method, system and medium for real-time operation system of trusted DCS controller |
| CN117221073A (en) * | 2023-09-06 | 2023-12-12 | 西安热工研究院有限公司 | Alarm processing system and method of trusted industrial control system |
-
2024
- 2024-02-28 CN CN202410220787.6A patent/CN117784743B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104778141A (en) * | 2015-02-10 | 2015-07-15 | 浙江大学 | Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology |
| CN105205401A (en) * | 2015-09-30 | 2015-12-30 | 中国人民解放军信息工程大学 | Trusted computer system based on safe password chip and trusted guiding method thereof |
| CN107612731A (en) * | 2017-09-19 | 2018-01-19 | 北京工业大学 | One kind is based on the believable network section generation of software definition and credible recovery system |
| GB202112858D0 (en) * | 2020-09-10 | 2021-10-27 | Fisher Rosemount Systems Inc | Network resource management in a communication network for control and automation systems |
| CN112948086A (en) * | 2021-03-04 | 2021-06-11 | 浙江中控研究院有限公司 | Credible PLC control system |
| US20220408262A1 (en) * | 2021-06-22 | 2022-12-22 | Microsoft Technology Licensing, Llc | Trusted 5g network slices |
| CN114896640A (en) * | 2022-04-30 | 2022-08-12 | 苏州浪潮智能科技有限公司 | Secure boot method, device, equipment and readable medium based on trusted root |
| CN116991487A (en) * | 2023-08-21 | 2023-11-03 | 中国电子科技集团公司第三十研究所 | Trusted platform control system based on data compression and trusted firmware recovery method |
| CN117032831A (en) * | 2023-08-25 | 2023-11-10 | 西安热工研究院有限公司 | Trusted DCS upper computer system, starting method thereof and software starting method thereof |
| CN117221073A (en) * | 2023-09-06 | 2023-12-12 | 西安热工研究院有限公司 | Alarm processing system and method of trusted industrial control system |
| CN117195231A (en) * | 2023-09-14 | 2023-12-08 | 华能威海发电有限责任公司 | Security protection method, system and medium for real-time operation system of trusted DCS controller |
| CN117112474A (en) * | 2023-10-23 | 2023-11-24 | 湖南博匠信息科技有限公司 | Universal trusted substrate management method and system |
Non-Patent Citations (1)
| Title |
|---|
| 孙亮;陈小春;钟阳;林志鹏;任彤;: "基于可信BMC的服务器安全启动机制", 山东大学学报(理学版), no. 01, 22 December 2017 (2017-12-22) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117784743B (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2754085B1 (en) | Verifying firmware integrity of a device | |
| CN101989242B (en) | Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof | |
| JP5164285B2 (en) | Computer system with anti-malware | |
| CN101281577A (en) | Dependable computing system capable of protecting BIOS and method of use thereof | |
| WO2018174990A1 (en) | Automatic detection of software that performs unauthorized privilege escalation | |
| CN102004876B (en) | Security terminal reinforcing model and reinforcing method of tolerable non-trusted component | |
| US20220067165A1 (en) | Security measurement method and security measurement device for startup of server system, and server | |
| US9367327B2 (en) | Method to ensure platform silicon configuration integrity | |
| CN102063591A (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| CN112988508B (en) | Credible PLC embedded system based on memory isolation | |
| WO2023193351A1 (en) | Server starting method and apparatus, device, and storage medium | |
| CN112199323A (en) | Power system relay protection SoC chip | |
| CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
| CN101303716B (en) | Embedded system recuperation mechanism based on TPM | |
| CN112948086A (en) | Credible PLC control system | |
| CN117784743B (en) | Trusted DCS control system and method | |
| CN209692807U (en) | A kind of credible platform measurement guard system of data cell | |
| CN103795905A (en) | Trusted starting method of web camera | |
| CN206649517U (en) | Server credible platform measures control system and the server including the system | |
| CN108629185B (en) | Server trusted platform measurement control system and operation method thereof | |
| CN112115483B (en) | Trusted computing application method for protecting nuclear power DCS engineer station | |
| CN115220755A (en) | Router online upgrading system based on credibility measurement | |
| CN201203867Y (en) | Credible computing system | |
| TW202143033A (en) | Monitor system booting security device and method thereof | |
| CN201247468Y (en) | Credible calculating system for protecting BIOS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |