RU2646388C1 - Method of automated systems safety monitoring - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: parameters are set and grouped, the reference values, the importance factors, the maximum and minimum time intervals, the report generation time, the array for storing the incompleteness sign, and the monitoring program status (SSP) at the time of the measurement interruption are specified. The values are measured and compared with the reference values. In case of their coincidence and in the absence of the sign of incompleteness, measurement and comparison of values are repeated, and if they do not coincide, they are remembered, and the availability of the automated systems (AS) elements is checked. If the AS elements are available, the value of the time interval is adjusted, the adjusted value is compared with the minimum value. When it is reached, an alarm is generated, and the operation of the AS elements is blocked. When the AS elements are inaccessible, a sign of incompleteness is established and the SSP value is memorized. Further, the stored value of the SSP is read, the value of the parameters from the moment of interruption is measured and compared with the reference values. A report is generated and a decision is made on the safety of the AS.

EFFECT: increased reliability of the automated systems state analysis and monitoring of dynamic objects.

5 dwg, 3 tbl

Description

The invention relates to the field of computer technology and can be used to analyze the state of security and monitor the security of automated systems (AS), which are elements of communication and automation systems.

A known method for monitoring the safety of nuclear power plants according to the patent of the Russian Federation No. 2134897 "Method for the operational dynamic analysis of the states of a multi-parameter object", class G06F 17/40, decl. 08/20/1999. In the known method, the results of the tolerance assessment of heterogeneous dynamic parameters are converted into corresponding information signals with a generalization over the entire set of parameters in a given time interval and the relative value, as well as the nature of the change in the integral state of the multiparameter object, is determined.

The disadvantage of this method is its relatively low economic efficiency when analyzing the security status and monitoring the safety of nuclear power plants, which are elements of communication and automation systems, since the use of this method for the analysis of such relatively complex multi-parameter objects requires a dedicated monitoring system.

A known method of monitoring the safety of nuclear power plants according to the patent of Russian Federation No. 2179738 "Method for the detection of remote attacks in a computer network", class G06F 12/14, decl. 04.24.2000. The known method includes the following sequence of actions. Watch the traffic addressed to the subscriber data packets arriving in succession one after another at intervals of no more than a given. Count the number of packets within the series. Check the incoming data packets for compliance with the given rules every time the size of the next observed series reaches a critical number of packets.

The disadvantage of this method is the relatively low reliability of assessing the security status of the AU, since it uses a limited set of attribute space — monitoring only the traffic of data packets addressed to the subscriber — and does not take into account the local state of protection of the corresponding entities that are elements of the AU.

A known method of monitoring the safety of nuclear power plants according to the patent of the Russian Federation No. 22010112 "Unified Chernyakov / Petrushin method for evaluating the effectiveness of large systems", class G06F 17/00, decl. 06/07/2001. The known method consists in the fact that pre-set a lot of controlled parameters characterizing the safety of the speakers, the reference values of the controlled parameters and their importance coefficients, and then perform an analysis cycle, for which the values of the controlled parameters are measured, compared with the reference ones, and a report is generated from the results of comparison and on the generated report make a decision on the safety of nuclear power plants.

The disadvantage of this method is the relatively low reliability of assessing the protection state of speakers, characterized by a large number of parameters and requiring a significant amount of resources of these speakers to monitor the security (for example, the bandwidth of communication channels), which cannot be allocated without compromising the functioning of the speakers for their intended purpose. An increase in the total resource and / or deployment of a dedicated monitoring system with a significant number of AC elements and / or the number of monitored parameters leads to a decrease in the economic efficiency of the AC in which this monitoring method is used.

Closest in its technical essence to the claimed one is a method for monitoring the safety of nuclear power plants according to RF patent No. 2355024 "Method for monitoring the safety of an automated system", class G06F 15/00, declared 02/12/2007 (publ. 05/10/2009 Bull. No. 13). The prototype method includes the following sequence of actions. Preliminarily, a set of N≥2 monitored parameters characterizing the safety AC, M≥N of the reference values of the monitored parameters and their importance factors K ^{B is set} , and then an analysis cycle is performed, for which the values of the monitored parameters are measured, compared with the reference ones, and according to the results of comparison form a report and, based on the generated report, make a decision on the safety of the nuclear power plants; in addition, G≥2 groups of monitored parameters are formed from the number of predefined controlled parameters. Each gth group of controlled parameters, where g = 1, 2, ..., G, characterizes the safety of the gth structural element and / or the AS functional process. The importance factors K _g ^{B are} set for each gth group. Additionally, for each group g-th controllable parameters define the maximum ΔT _g ^max and the minimum ΔT _g ^min measurement time intervals the monitored parameters values and the time point T _g ^TSS formation on plant safety report. The value of the time interval for measuring the values of the controlled parameters of the gth group is set to the maximum ΔT _g ^max . After comparing the measured values of the parameters with the reference in case of their coincidence, the safety analysis cycle of the nuclear ^{power plants is} repeated until the time T _g ^report generation of the safety report of the nuclear ^{power plants} . If the measured parameter values do not coincide with the reference values, they are stored. Correct the value of the measurement time interval by the formula ΔT _g ^кop = ΔT _g / K _g ^B. Comparing the adjusted value ΔT _g ^{crusts of} the minimum ΔT _g ^min. At ΔT _g ^cor > ΔT _g ^min , the AS safety analysis cycle is repeated, and at ΔT _g ^kop ≤ΔT _g ^{min an} alarm is generated about the output of the monitored parameters in the gth group beyond the permissible values. They block the operation of AC elements whose parameters are outside the acceptable range. Moreover, the report on the state of the speaker includes information about the blocked elements of the speaker.

Compared with analogs, the prototype method can be used in a wider area and provides greater reliability in assessing the state of the speaker parameters with minimizing its resources used for this purpose and without supplementing the speaker with an auxiliary monitoring system, which is achieved by grouping controlled parameters characterizing the corresponding speaker functions, and adaptive control of the characteristics of the process of monitoring the state of the speakers.

The disadvantage of the prototype is the narrow scope of the method for monitoring the safety of the speakers, as well as the low reliability of the results of the analysis of the state of protection of the speakers operating in unstable network interactions with the monitoring tool.

The narrow scope is due to the fact that the prototype method is applicable for stationary objects of analysis, the functioning time of which is not less than the time required to measure the values of the controlled parameters by the monitoring tool.

The low reliability of the results of the analysis of the protection state of the speakers is due to the fact that during unstable network interactions of the monitoring tool with the monitoring object, the measurement cycle of the monitored parameters is interrupted, and the restoration of the interrupted analysis cycle by the prototype method is impossible, and therefore the analysis cycle starts from the beginning, which leads to excessive time and resource costs for analyzing the security status of the speakers and even the inability to complete the analysis cycle and decide on the status of the speakers.

The purpose of the claimed technical solution is to develop a method for monitoring the safety of nuclear power plants, providing increased reliability of the results of analyzing the state of protection of nuclear power plants functioning during unstable network interactions with the monitoring tool, and expanding the scope by providing the ability to monitor non-stationary (dynamic) objects of analysis, which are characterized by a relatively short interval operating time.

This goal is achieved by the fact that in the known method of monitoring the safety of speakers, which consists in pre-setting a set of N≥2 monitored parameters characterizing the safety AC, M≥N of the reference values of the monitored parameters. Formed from the number of predefined controlled parameters G≥2 groups of controlled parameters. Each gth group of controlled parameters, where g = 1, 2, ..., G, characterizes the safety of the gth structural element and / or the AS functional process. For each group g-th controllable parameters define the importance of the coefficients K _g ^B, the maximum ΔT _g ^max and the minimum ΔT _g ^min measurement time intervals the monitored parameters values and the time point T _g ^TSS formation on plant safety report. Choose a g group of monitored parameters. The value of the time interval ΔT _{g of} measuring the values of the controlled parameters of the gth group is set to the maximum ΔT _g ^max . The values of the monitored parameters in each of the G groups are measured. Compare the measured values of the monitored parameters with the reference ones, if they coincide, compare the time T _{g of} measuring the values of the monitored parameters with a given point in time T _g ^report generation and, at T _g <T _g ^report, switch to measuring the values of the controlled parameters in each of the G groups. At T _g ≥T _g , a report is generated and, based on the generated report, a decision is made on the safety of the nuclear ^{power plants} . If the measured values of the controlled parameters do not coincide with the reference values, they are stored. Correct the value of the time interval of measurements by the formula

ΔT _g ^cor = ΔT _g / K _g ^B. Comparing the corrected value ΔT _g ^armature with minimal ΔT _g ^min and ΔT _g ^armature> ΔT _g ^min proceeds to compare the time measurement T _g values of monitored parameters to specify the time point

T _g ^report generation report. When ΔT _g ^kop ≤ΔT _g ^min , an alarm is generated about the output of the monitored parameters in the g-th group beyond the permissible values. They block the operation of AC elements whose parameters are outside the acceptable range. Include in the report on the state of the speaker information about its blocked elements. Additionally, an array {D} is set for storing the sign of incomplete measurement of the values of the monitored parameters of the gth group and the value of the status word of the monitoring program (MSP) at the time of interrupting the measurement of the values of the monitored parameters. After comparing the time T _{g of} measuring the values of the controlled parameters with a given point in time T _g ^report generation and for T _g <T _g ^report, there is a sign of incomplete measurement of the values of the controlled parameters of the gth group in the array {D}. If there is no sign of incompleteness, the measurement of the values of the controlled parameters of the gth group in the array {D} proceeds to the measurement of the values of the controlled parameters in each of the G groups. After storing the mismatched measured values of the controlled parameters with the reference, check the availability of the g-th structural element of the AC for measuring the values of the controlled parameters. When the gth structural element of the AC is available, they proceed to adjust the value of the time interval for measuring the values of the controlled parameters according to the formula ΔT _g ^kop = ΔT _g / K _g ^B inaccessibility of the gth structural element of the AC set a sign of incomplete measurement of the values of the controlled parameters of the gth group in the array {D}. The value of the SSP is stored in the array {D} at the moment of interruption in the measurement of the values of the monitored parameters. If there is a sign of incompleteness in the array {D}, the measurements of the values of the controlled parameters of the gth group are deleted from the array {D}. Read the stored value of the SSP from the array {D}. The values of the monitored parameters are measured from the moment they are interrupted. Go to the comparison of the measured values of the controlled parameters with the reference.

Thanks to the new set of essential features in the claimed method, it is possible to increase the reliability of the results of analyzing the state of protection of the speakers operating during unstable network interactions with the monitoring tool, and expanding the scope by providing the ability to monitor non-stationary (dynamic) objects of analysis, which are characterized by a relatively short time interval of operation.

The claimed method is illustrated by drawings, which show:

FIG. 1 is a drawing explaining the structure of a speaker system including an unsteady (dynamic) object;

FIG. 2 is a drawing explaining the grouping of controlled parameters of the structural elements of the AC;

FIG. 3 is a drawing explaining the grouping of controlled parameters of the AS functional processes;

FIG. 4 is a flowchart illustrating a method for monitoring the safety of nuclear power plants;

FIG. 5 is a drawing explaining a principle of processing an interrupt of a monitoring program.

In order to ensure the safety of nuclear power plants, it is necessary to timely and with high reliability analyze the parameters that determine the security status of nuclear power plants and provide the analysis results in a timely manner to a higher hierarchy system (for example, information security event processing systems). Monitoring of the controlled parameters that determine the security status of the speakers is carried out by local and / or remote (through network interaction) reading of the parameter values and comparing them with the reference ones. Technical solutions that determine the security status of speakers include, for example, Max Patrol, XSpider security analysis tools (see functionality, for example, on the Positive Technologies official website [Electronic resource]. - Access mode. - URL: http: // www.ptsecurity.ru).

Modern speakers include wireless data transmission networks (see wireless data transmission technologies, for example, in the book by Olifer V.G. and Olifer N.A. “Computer Networks. Principles, Technologies, Protocols”: study for Universities. - 4 -th ed. - St. Petersburg: Peter, 2010. - S. 284-310), IP Multimedia Subsystem (IMS) intelligent networks (see the architecture, principles of operation, advantages and prospects of IMS networks, for example, in B. Goldstein’s book . and Kucheryavyi AE “Post-NGN communication networks.” - SPb .: BHV-Petersburg, 2014. - P. 42-75). The use of these technical solutions helps to increase the mobility of speakers or to ensure the dynamic allocation of network resources. Along with the advantages, the use of such networks leads to the emergence of unstable network interactions with a monitoring tool for the safety of nuclear power plants and a decrease in the time intervals for the availability of dynamic objects to monitoring tools. The unstable network interaction of the monitoring tool with a dynamic object is due to the need to move it within and / or beyond the availability of wireless access points, which is determined depending on the applied wireless data transfer technologies (for example, short-range technologies - Bluetooth, WirelessUSB; medium-range technologies - Wi-Fi , WiMAX, Mobile Broadband Wireless Access; long-range technologies based on radio-relay, cellular and satellite technologies). Deterioration in the operational characteristics of wireless communication lines occurs due to obstacles in the form of metal tiles, reinforced concrete walls or columns, and others that absorb, refract, reflect, scatter the power of the emitted signal and / or lead to short-term connection breaks.

Thus, a contradiction arises between the need to provide a reliable assessment of the security status of the speakers and the lack of technical solutions to monitor the security of dynamic objects that function during unstable network interactions with the monitoring tool.

The implementation of the claimed method is explained as follows. In general, an AS is a combination of structural elements and communication equipment connected by wired and wireless communication lines, as shown in FIG. 1, including a stationary personal computer (PC) 1 and a dynamic personal computer (PC) 2, server 3, switch 4, workstation security monitoring 5, on which the monitoring program is installed, wireless access points Wi-Fi 6 and 7. Unstable network the interaction of the workstation security monitoring 5 with a dynamic object (PC 2) occurs when it is moved, resulting in a loss of communication with the wireless access point 6 (Fig. 1A). After moving the dynamic object (PC 2) is connected to the wireless access point 7 (Fig. 1B). During the move, the dynamic object (PC 2) is beyond the reach of the wireless access points 6 and 7. The structural elements of the AC are determined by monitoring by identifiers, which are network addresses (IP addresses) in the most common TCP / IP protocol family. Structural elements perform functional processes such as file sharing processes, email message transfer processes, and network interaction processes. Functional processes of speakers are defined by logical ports, which are understood as “entry points” into programs that implement user application processes. Each structural element and the functional process of the AS are characterized by many parameters that determine the state of information security of the structural element and / or process of the AS, and subject to control.

The preset parameters characterizing the safety of the AC elements are presented in FIG. 2, which adopted the following notation:

Adr - IP address;

AD - activity of the remote access connection manager;

ALP - a list of active logical ports;

ACPO - activity of the exchange folder service;

PKSFO - local settings of the user file sharing service client;

PASEP - local settings of the user agent of the e-mail service;

SSFO - local file server service settings;

SSEP - local email server settings.

AC elements are characterized by the following parameters common to them (see Fig. 2):

IP address

Remote Access Connection Manager activity

list of active logical ports;

Exchange folder service activity

In addition, the structural elements of the speakers are additionally characterized (see Fig. 2):

1 - PC 1 - local settings of the user file sharing service client;

2 - PC 2 - local settings of the user agent of the e-mail service;

3 - server - by the local settings of the file sharing service and email service servers.

The given parameters form three groups characterizing the state of the structural elements of the PC 1, PC 2 and server 3. Among the AC elements shown in FIG. 2, the file exchange service covers 1 - PC 1 and 3 - the server, the email service covers 2 - PC 2 and 3 - the server, and the network interaction processes and the exchange folder service - all three structural elements of the AU. The interrelation of the parameters of structural elements and functional processes leads to the necessity of grouping the monitored parameters into four additional groups, presented in FIG. 3:

4th group — file sharing services (Fig. 3a);

5th group - e-mail services (Fig. 3b);

6th group — exchange folder services (FIG. 3c);

7th group - network interaction (Fig. 3d).

The functional processes of AS are characterized by the following parameters common to them (see Fig. 3):

IP address

Remote Access Connection Manager activity

list of active logical ports.

In addition, the functional processes of the speakers are additionally characterized (see Fig. 3):

4th group - local settings of the user client and file sharing service server;

5th group - by the local settings of the user agent and the e-mail service server;

6th group - the activity of the folder exchange service.

For each group of controlled parameters thus formed, their importance coefficients K _g ^B , where g = 1, 2, ..., G, and reference values of the parameters are set. The values of the importance coefficients and the reference values of the monitored parameters are determined from considerations of the importance of the information being processed and the potential vulnerability of the structural element (process) by methods using, for example, informal, expert methods, and set in the form of a matrix (table) or database (expert assessment methods are known and described, for example, in the book by S. Petrenko, S. Simonov, “Information Risk Management. Economically Justified Security.” - M.: IT Co., DMK Press, 2004. - 384 p.).

Table 1 shows: a list of monitored parameters and their reference values, the names of the groups of monitored parameters and the importance factors of the groups.

The “+” sign means that the parameter belongs to the indicated group, its value can be logical “1”, which corresponds to the “On” state, or logical “0”, which corresponds to the “Off” state. The reference value for all parameters except the IP address is logical “1”. The absence of the “+” sign means that during the control of the group the parameter value is not read. The line " Adr " presents the corresponding identifiers of the structural elements of the AU. An IP address having a length of 4 bytes (32 bits) is displayed in the table. 1 in the most used form of representing IP addresses - in decimal form (the format for representing IP addresses in decimal is known and described, for example, in the book by Olifer V.G. and Olifer N.A. “Computer Networks. Principles, Technologies, Protocols” : studies for universities. - 2nd ed. - St. Petersburg: Peter, 2003. - S. 497).

Maximum ΔT _g ^max and the minimum value ΔT _g ^min time intervals measured values of monitored parameters and the time point T _g ^TSS formation on plant safety report set directive for reasons of importance of the information being processed and the potential vulnerability of the structural element (functional process). In addition, the minimum ΔT _g ^min value of time intervals for measuring the values of controlled parameters for each gth group is determined such that below which the monitoring process will be either incomplete or will damage the functioning of the speakers for their intended purpose. An example of setting the temporal characteristics of monitoring is given in table 2.

In addition, an array {D} is additionally set, which is intended to store the sign of incomplete measurement of the values of the monitored parameters of the gth group and the value of the status word of the monitoring program installed on the workstation of security monitoring 5 at the time of interruption in the measurement of the values of the monitored parameters.

A flowchart implementing the inventive method for monitoring the safety of speakers is shown in FIG. 4. Select the gth group of monitored parameters (block 2 in Fig. 4) and set the value of the time interval ΔT _{g of} measuring the values of the controlled parameters of each gth group to the maximum ΔT _g ^max (block 3 in Fig. 4). That is, the first measurement of the parameter values will be made: for groups of parameters with an importance factor

K _g ^B = 3 after 25 minutes; for K _g ^B = 2 after 50 minutes, etc., as shown in table 3.

After that, the values of the monitored parameters are measured in each of the G groups (bl. 4 in Fig. 4) and the measured values of the parameters are compared with the preset reference values (bl. 5 in Fig. 4). If the measured values of the controlled parameters coincide with their reference values, the time T _{g of} measuring the values of the controlled parameters with a given point in time T _g ^report generation ₍ ^block 14 in Fig. 4) is ^compared and, at T _g <T _g ^{report, the} presence of a sign of measurement incompleteness is checked values of the controlled parameters of the gth group in the array {D} (bl. 15 in Fig. 4). If there is no sign of incompleteness, the measurement of the values of the controlled parameters of the gth group in the array {D} proceeds to the measurement of the values of the controlled parameters in each of the G groups. For example, in table. 3 during the first four monitoring steps, the measured values of the monitored parameters coincided with the reference values given in table. 1, and in the array {D} there was no sign of incomplete measurement of the values of the controlled parameters of the gth group, as a result of which the measurement of the values of the parameters was carried out in each of the G groups.

If the measured values of the monitored parameters do not coincide with the reference values (see Table 3, starting from monitoring step No. 5), they are stored (bl. 6 in Fig. 4) and the availability of the gth structural element of the AC for measuring the values of the monitored parameters is checked (bl. 7 in Fig. 4). Information on the accessibility of AC elements can be obtained by simple ping using the ping software utility (see the ping utility, for example, in the book by Olifer V.G. and Olifer N.A. “Computer Networks. Principles, Technologies, Protocols”: study. for universities. - 4th ed. - St. Petersburg: Peter, 2010 .-- S. 596-597). If the elements of the AC responds to echo requests, then they are considered available, otherwise inaccessible.

In case of availability of g-th AU structural element for measuring values of the controlled parameters is corrected value of the time span according to the formula ^armature ΔT _g = ΔT _g / K _g ^B (bl. 10 in FIG. 4). For example (see Table 3), at the monitoring step No. 5, as a result of comparing the values of the controlled parameters with the reference ones, their mismatch was revealed in the 6th and 7th groups of controlled parameters. The value of the measurement time interval is adjusted:

ΔТ ₆ ^core = ΔТ ₆ / К ₆ ^В = 25 / 3≈8; ΔТ ₇ ^cor = ΔТ ₇ / К ₇ ^В = 25 / 3≈8

and write to the table. 3 in the line of monitoring step No. 5. Changing the current measurement time interval to 8 minutes leads to the fact that monitoring of the 6th and 7th groups of parameters will be performed more often, as can be seen from the table. 3, where, starting from monitoring step No. 6, the monitoring interval was reduced (ceased to be a multiple of 25 minutes). Thereafter comparing the corrected value ΔT _g ^armature with minimal ΔT _g ^min (bl. 11 in FIG. 4) and, as ΔT _g ^cor > ΔT _g ^min (8> 5), they go over to comparing the time T _{g of} measuring the values of the controlled parameters with a given moment T _{g of} ^report generation, under the conditions of T _g <T _{g of} ^report and the absence of a sign of incomplete measurement of the values of the controlled parameters 6- of the 7th and 7th groups in the array {D} go to the monitoring step No. 6 (see table. 3). If at the monitoring step No. 6, subject to the availability of AC elements, the values of the monitored parameters in the 6th and 7th groups again did not coincide with the reference values, then for them the value of the measurement time interval is again adjusted:

ΔТ ₆ ^core = ΔТ ₆ / К ₆ ^В = 8 / 3≈3; ΔТ ₇ ^cor = ΔТ ₇ / К ₇ ^В = 8 / 3≈3.

Since the condition ΔT _g ^cor ≤ΔT _g ^min for the 6th and 7th groups (3 <5) is fulfilled, an alarm is generated that the monitored parameters in the 6th and 7th groups go beyond the permissible values (bl. 12 in Fig. 4). Then they block the operation of the AC elements whose parameters are outside the permissible values (block 13 in Fig. 4) and include information on the blocked elements in the AC status report, and monitoring of the remaining groups of controlled parameters continues until the condition T _g ≥T _g ^sd , as shown in the table. 3 at the monitoring steps No. 7-20.

If the gth structural element of the AC is unavailable for measuring the values of the monitored parameters (see Table 3, starting from monitoring step No. 16), an interruption of the monitoring program installed on the automated workstation of safety monitoring is caused 5. The principle of processing the interruption of the monitoring program is shown in FIG. . 5, which adopted the following notation:

N is the address in the main memory of the workstation of security monitoring 5, at which the interruption occurred;

Y is the start address of the interrupt processing in the main memory of the workstation of security monitoring 5;

L is the size of the interrupt handler in the main memory of the workstation security monitoring 5;

T is the last address in front of the array {D} in the main memory of the workstation for security monitoring 5;

M - the size of the array {D} in the main memory of the workstation security monitoring 5;

RON - general purpose registers of the processor of the workstation of security monitoring 5.

In FIG. 5 shows only those elements of the main memory and processor of the workstation of security monitoring 5 that are used to explain the principle of processing the interruption of the monitoring program.

In FIG. 5a shows the interrupt processing of the monitoring program after receiving information about the inaccessibility of the gth structural element of the AC. In addition (see Fig. 5a), a logical “1” (TRUE) is set in one of the RONs, indicating a sign of incomplete measurement of the values of the monitored parameters (N _i ), and is written to the array {D} (block 8 in Fig. 4 ), located in the main memory of the workstation for security monitoring 5. After that, the value of the SSP, which includes the value N + 1 of the program counter, is stored in the array {D} (bloc 9 in Fig. 4) (the general organization of the interrupt system is described, for example, in the book of V. A. Tikhonov and A. V. Baranov “Organization of computers and systems”: a textbook. - M.: Ge Lios, 2008 .-- S. 57-95). Then proceed to adjust the value of the measurement time interval according to the formula ΔT _g ^кop = ΔT _g / K _g ^B. For example (see Table 3), at the monitoring step No. 16 due to the inaccessibility of the dynamic object (PC 2), the measured values of the controlled parameters did not coincide with the specified reference values for the 2nd and 5th groups of controlled parameters. The value of the measurement time interval is adjusted:

ΔT ₂ ^core = ΔT ₂ / K ₂ ^B = 100/1 = 100; ΔТ ₅ ^cor = ΔТ ₅ / К ₅ ^В = 50/2 = 25

and write to the table. 3 in the line of monitoring step No. 17. Changing the current measurement time interval to 25 minutes leads to the fact that monitoring of the 5th group of monitored parameters will be performed more often, and the measurement interval of the 2nd group of monitored parameters characterizing the security state of a dynamic object (PC 2) remains unchanged. After that, they go on to compare the corrected value ΔT _g ^core with the minimum ΔT _g ^min and, since ΔT _g ^kop > ΔT _g ^min (100> 10, 25> 10), they go on to compare the time T _{g of} measuring the values of the controlled parameters with a given time moment T _{g of} ^report generation. At T _g <T _{g, the} ^{test proceeds} to check for the presence in the array {D} of a sign of incomplete measurement of the values of the controlled parameters of the gth group and, since if the incompleteness indicator in the array {D} is set, the process of returning to the main monitoring program after processing the interrupt is carried out, the principle of which is shown in FIG. 5 B. In addition (see Fig. 5b), first, the sign of incomplete measurement of the values of the monitored parameters (N _i ) is removed from the array {D} (bl. 16 in Fig. 4) by replacing TRUE with FALSE (logical "0"), and then read the value of the SSP from the array {D} (bl. 17 in Fig. 4) by overwriting the value of the program counter from Y + L to N + 1. After processing the interruption of the monitoring program, the values of the monitored parameters (N _i ) are measured from the moment the main monitoring program is interrupted (bl. 18 in Fig. 4) (see table 3, monitoring step No. 17) and the comparison of the measured values of the monitored parameters with the reference .

Upon the occurrence of conditions of T _g ≥T _g ^TSS form status report AC (bl. 19, FIG. 4), which includes information about its locked elements, and based on it decide on plant safety status (bl. 20, FIG. 4) .

Based on the calculations, it can be seen that in the process of monitoring the safety of nuclear power plants operating during unstable network interactions with the monitoring tool, the reliability of the results of the analysis of the state of protection of nuclear power plants is increased. This is achieved by storing and restoring the SSP value at the time of interruption in the measurement of the values of the monitored parameters. The expansion of the scope is ensured by the ability to monitor non-stationary (dynamic) objects of analysis, which are characterized by a relatively short interval of time of operation.

Claims (1)

A method for monitoring the security of an automated system, which consists in pre-setting a plurality of N≥2 monitored parameters characterizing the security of the automated system, M≥N reference values of the monitored parameters, is formed from a number of predefined monitored parameters G≥2 groups of monitored parameters, each the gth group of controlled parameters, where g = 1, 2, ..., G, characterizes the safety of the gth structural element and / or functional process automated with Stem for each g-th group of controllable parameters set coefficients importance K _g ^B, the maximum ΔT _g ^max and the minimum ΔT _g ^min measurement time slots values of values of monitored parameters and the time point T _g ^TSS forming the safety of the automated system of the report, and then choose g a group of the monitored parameters, set value of the measuring time interval ΔT _g values of monitored parameters g-th group to the maximum ΔT _g ^max, measured values of the controlled parameters in each of G groups, avnivayut measured values of monitored parameters with the reference, in case of coincidence of compared time T _g measurement values of monitored parameters to specify the time point T _g ^TSS report generation and T _g <T _g ^TSS proceeds to the measurement of the monitored parameters values in each of G groups, and at T _g ≥T _g ^TSS generates a report and generate a report take a decision on the safety of the automated system, and a mismatch of the measured values of monitored parameters with reference to memorize them, correct values s time measurement interval according to the formula ΔT _g ^cor = ΔT _g / K _g ^B, comparing the corrected value ΔT _g ^armature with minimal ΔT _g ^min and ΔT _g ^armature> ΔT _g ^min proceeds to compare the time T _g measurement values of monitored parameters to specify the point time T _g ^report generation report, and at ΔT _g ^cor ≤ΔT _g ^{min an} alarm is generated about the output of the controlled parameters in the gth group beyond the permissible values, block the operation of the elements of the automated system, the parameters of which are outside the acceptable values, are included in the report about comp According to the automated system, information about its blocked elements, characterized in that they additionally specify an array {D} to store the sign of incomplete measurement of the values of the controlled parameters of the gth group and the value of the status word of the monitoring program at the time of interruption in the measurement of the values of the controlled parameters, and after comparing the time T _{g of} measuring the values of the monitored parameters with a given point in time T _g ^report generation and for T _g <T _g ^report check the presence of a sign of incompleteness of measurement values of the controlled parameters of the gth group in the array {D}, in the absence of a sign of incomplete measurement of the values of the controlled parameters of the gth group in the array {D} go on to measure the values of the controlled parameters in each of the G groups, and after storing the mismatched measured values controlled parameters with the reference check the availability of the g-th structural element of the automated system for measuring the values of the controlled parameters, if available, proceed to adjust the value of the temporary ntervala measurement values of controlled parameters by the formula ΔT _g ^cor = ΔT _g / K _g ^B, and if unavailable, g-th structural element of the automated system set attribute incomplete measurement of controllable parameter values g-th group in the array {D}, is stored in the array {D } the value of the status word of the monitoring program at the moment of interruption in the measurement of the values of the monitored parameters, and if there is a sign of incomplete measurement in the array {D} of the values of the monitored parameters of the gth group, delete it from the array {D}, The memorized value of the status word of the monitoring program from the array {D} is read, the values of the monitored parameters are measured from the moment of interruption of their measurement, and they go on to compare the measured values of the monitored parameters with the reference ones.

Images