CN106959685B - A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology - Google Patents
A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology Download PDFInfo
- Publication number
- CN106959685B CN106959685B CN201710208513.5A CN201710208513A CN106959685B CN 106959685 B CN106959685 B CN 106959685B CN 201710208513 A CN201710208513 A CN 201710208513A CN 106959685 B CN106959685 B CN 106959685B
- Authority
- CN
- China
- Prior art keywords
- steam turbine
- control system
- loophole
- lab
- deh control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0208—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
- G05B23/0213—Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24065—Real time diagnostics
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The system and method for the steam turbine DEH control system loophole test based on RT-LAB technology that the invention discloses a kind of, system includes RT-LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, the RT-LAB semi-matter simulating system is connected with physical object information display system data, it is connected between RT-LAB semi-matter simulating system and tested steam turbine DEH control system by hardwire mode, the loophole testing tool is connected with tested steam turbine DEH control system;Method includes abstract simulation model design, graphical model design, tested steam turbine DEH control system deployment and loophole testing procedure, the system and method for this system vulnerability test may influence steam turbine DEH control system loophole to carry out Simulation Evaluation and test caused by physics controlled device, solve the problems, such as that Industry Control scene is difficult to simulate and attack control system using information security loophole.
Description
Technical field
The present invention relates to system vulnerability testing fields, and in particular to a kind of steam turbine DEH control based on RT-LAB technology
The system and method for system vulnerability test.
Background technique
Along with being greatly improved for the level of informatization, digital electro-hydraulic (DEH) control system of power plant steam turbine increasingly according to
Rely and be based on computer technology and network communication technology, the various information security issues that conventional information technical field is faced are also to work
Industry control system forms serious threat.
Foreign countries expand a large amount of research to universal industrial control system information security emulation testing and vulnerability assessment at present.
In terms of simulation test platform, U.S. Department of Energy has formulated national SCADA test envelope plan (NSTB) for power grid security, and builds
Critical infrastructures test target range (CITR) has been stood, has attacked the influence to infrastructure to test network.American-European more universities
Simulation test platform is established for electric system, chemical production process etc. respectively.It is external in vulnerability assessment and context of detection
Main direction of studying is to carry out the risk assessment of quantification to industrial control system information security level using probability risk model,
Such as Attack Tree analysis (ATA), fault tree analysis (FTA), failure mode and impact analysis (FMEA), Bayesian network (BN)
Deng.Domestic correlative study is still in the elementary step, and such as Publication No. CN105652692A, the time of disclosure is on June 8th, 2016,
The Chinese invention patent document of entitled " semi-physical emulation platform and control method of power plant's I&C system based on heat power generation ",
Disclose the semi-physical emulation platform and control method of a kind of power plant's I&C system based on heat power generation, the HWIL simulation
Platform includes heater, heat exchanger, air pump, steam turbine and controller, and the outlet of heater is entered by pipeline and heat exchanger
Mouth connection, and the pipeline between it is equipped with temperature sensor, and the outlet of heat exchanger passes through the entrance of pipeline and steam turbine company
It connects, the outlet of air pump is connected by the outlet of pipeline and heat exchanger, the pipe between the outlet of heat exchanger and the entrance of steam turbine
Road is equipped with flowmeter and solenoid valve, and controller is connect with temperature sensor, flowmeter and solenoid valve respectively by I/0 board,
Controller automatically adjusts the flow of the air of supply steam turbine, and forms feedback, more really to simulate hot power generation industries mistake
Journey;And the Steam Turbine information security test platform based on HWIL simulation still belongs to blank, the prior art still only from
The mathematical modeling angle of steam turbine control has studied the HWIL simulation problem of steam turbine control.Not yet discovery is directed to steamer at present
Research in terms of the information security of machine deh control system.
The prior art has the following problems:
On the one hand, the existing semi-true object emulation technology research for steam turbine DEH control system is primarily upon steam turbine
Control method and strategy establish Dynamic turbine model, not to the information security issue expansion half during steam turbine operation
The information security loophole of research in terms of matter emulation, especially deh control system is studied.And current industrial control system information
The research of safety is mainly directed towards general industrial control system, and shortage asks the information security of power plant steam turbine deh control system
The research of topic, the especially research to the information security loophole of deh control system.
On the other hand, existing industrial control system Method of Information Security Evaluation and means, especially information security loophole
Test method, it is difficult to apply in actual steam turbine DEH control system.Due to that whether can not judge loophole test method at present
Which kind of influence can be caused on the actual motion of steam turbine control system, therefore, in order to avoid existing vulnerability scanning or loophole are dug
Loophole test macro may not be linked into reality to adverse effect caused by steam turbine actual motion, existing method by pick test
In the power plant steam turbine deh control system of operation, rested on so as to cause the information security research for steam turbine control system
Theory stage.
In conclusion existing information security vulnerability testing method can not detect the information security of steam turbine DEH control system
Loophole may be to harm caused by steam turbine actual motion.
Summary of the invention
The object of the present invention is to provide a set of, and the steam turbine DEH control system loophole test based on RT-LAB technology is flat
Platform.The semi-true object emulation technology based on RT-LAB is utilized in the system, in conjunction with the special system structure of steam turbine DEH control system
And its hardware environment is ground using the common loophole test method of information security field and means by Simulation Evaluation and test
Study carefully the influence caused by steam turbine operation of deh control system loophole, solves and information security loophole mould is currently difficult to be utilized
The problem of quasi- attack actual control system, provides platform branch for further research industrial control system protecting information safety method
Support and design considerations.
The purpose of the present invention is what is be achieved through the following technical solutions:
A kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, it is characterised in that: including
RT-LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system
System, the RT-LAB semi-matter simulating system are connected with physical object information display system data, RT-LAB HWIL simulation system
It is connected between system and tested steam turbine DEH control system by hardwire mode, the loophole testing tool and tested vapour
Turbine deh control system is connected.
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, described hard
Part emulator includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal
Input/output module is converted for digit pulse capture and signal, communicates phase between main processing block and signal input/output module
Even.
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool,
To find known to steam turbine DEH control system or unknown loophole function.
The known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration
Module.
The unknown bug excavation tool include bug excavation module, test case management module, consultative management module and
Configuration module.
The loophole confirmation tool loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating mould
Block and configuration module.
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition
The state of simulation model is acquired by module by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module root
Graphic plotting and display are carried out according to the acquisition data of data acquisition module.
A method of based on RT-LAB technology steam turbine DEH control system loophole test, which is characterized in that including with
Lower step:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, abnormal mould
Model is downloaded to the control of the steam turbine DEH based on RT-LAB technology by the abstract simulation model of type, fault model and disaster model
In the RT-LAB semi-matter simulating system of system vulnerability test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system
The operating parameter of type shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire
With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired
The control signal of quasi- executing agency, design or the engineering for importing actual industrial production or technical process;Analog sensor refers to RT-
The signal output module of LAB system simulates the sensor being mounted on steam turbine.Deh control system acquires the analog sensor
Signal, with obtain by the RT-LAB steam turbine simulated parameters.Simulation executes the signal that structure refers to RT-LAB system
Input module simulates the executing agency of control steam turbine operation.Deh control system is output to the control letter of simulation executing agency
Number, refer to that deh control system is actually controlling the steam turbine simulated by RT-LAB.
Loophole testing procedure: connection loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain
The essential information of steam turbine DEH control system is taken, the known bugs in tested steam turbine DEH control system are scanned;It executes not
Know bug excavation tool, finds potential steam turbine DEH control system loophole, assess the extent of injury of loophole;It is true to execute loophole
Recognize tool, judge feasibility, complexity that loophole is utilized, designs attack option.
In the abstract simulation model design step, with analogue system based on MATLAB Simulink software
The tool box Simpowersystems carries out abstract simulation model modeling, and carries out model by the Artemis software of RT-LAB and turn
It changes, to generate the abstract simulation model for being used for RT-LAB.
It designs or imports in the tested steam turbine DEH control system deploying step, in steam turbine DEH control system
Engineered source is in actual industrial production process and typical process flow, signal type and the RT-LAB HWIL simulation of input and output
The I/O signal type of system matches, and switching signal, temperature signal, position signal etc. are uniformly converted into voltage mode signals.Because
Practical Project is applied, so, complete control logic, such as the control logic of steam turbine items test are contained in engineering, this
A little control logics and corresponding signaling point will not impact the practical normal operating condition of physical object, therefore, these points
It can be simulated by modifying the configuration logic of engineering to be shielded, or with the analogue value.
In the graphical model design procedure, the operating parameter of the abstract simulation model is primarily referred to as steam turbine emulation
Parameter in model, including turbine speed, rotation acceleration, vapor (steam) temperature, charge flow rate and output power.
In the tested steam turbine DEH control system deploying step, the signal of the analog sensor is by RT-LAB
The signal input/output module of semi-matter simulating system simulates signal measured by the sensor being mounted on steam turbine;It is described
The control signal of output simulation executing agency refers to be simulated by the signal input/output module of RT-LAB semi-matter simulating system
Control signal measured by the executing agency of steam turbine operation.
The engineering of actual industrial production or technical process is designed or imports by engineer station, and engineer station is
The computer workstation of configuration, programming, modification etc. is carried out to deh control system.Engineer station is power plant steam turbine DEH control system
Peculiar concept in system, refers in steam turbine process control, carries out configuration to deh control system used in engineer, compiles
The computer workstation of journey, modification etc..
Beneficial effects of the present invention are as follows:
One, the system of a kind of steam turbine DEH control system loophole test based on RT-LAB technology provided by the invention,
RT-LAB semi-matter simulating system is connected with physical object information display system data, RT-LAB semi-matter simulating system and tested
It is connected between examination steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine DEH control
System processed is connected, and application has the RT-LAB technology of hard real-time for the first time, aobvious in conjunction with loophole testing tool and physical object information
Show that system devises simulation test platform to harm caused by practical steam turbine operation for deh control system loophole.
Two, the system of a kind of steam turbine DEH control system loophole test based on RT-LAB technology provided by the invention, leads to
Known bugs scanning tools, unknown bug excavation tool and loophole confirmation tool are crossed to search all system vulnerabilities, object comprehensively
The data acquisition module for managing object information display system uses the data of practical deh control system and Practical Project, and test is flat
The conclusion that platform obtains not is theoretical conclusion but practical corresponding conclusion, and such test result helps to improve engineering design side
Case.
Three, the method for a kind of steam turbine DEH control system loophole test based on RT-LAB technology provided by the invention, leads to
Cross abstract simulation model design step, graphical model design procedure, tested steam turbine DEH control system deploying step and leakage
Hole testing procedure carries out Hole Detection to tested steam turbine DEH control system, uses analog signal and Practical Project in detection
Test signal scanning is known, unknown loophole, practical corresponding scanning conclusion is obtained, convenient for judging that loophole is utilized feasible
Property, complexity, design attack option and improve system.
Detailed description of the invention
Fig. 1 is a kind of system structure diagram of preferred embodiment of the present invention.
Specific embodiment
The technical solution that purpose to realize the present invention is further illustrated below by way of several specific embodiments needs to illustrate
, claimed technical solution of the invention includes but is not limited to following embodiment.
Embodiment 1
Such as Fig. 1, a kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, including RT-LAB
Semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, institute
It states RT-LAB semi-matter simulating system to be connected with physical object information display system data, RT-LAB semi-matter simulating system and quilt
It is connected between test steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine DEH
Control system is connected.
This is a kind of most basic embodiment of the invention.RT-LAB semi-matter simulating system and physical object information are shown
System data is connected, and passes through hardwire mode between RT-LAB semi-matter simulating system and tested steam turbine DEH control system
Connection, the loophole testing tool are connected with tested steam turbine DEH control system, and application has the RT- of hard real-time for the first time
LAB technology, in conjunction with loophole testing tool and physical object information display system for deh control system loophole to practical steam turbine
Harm caused by operation devises simulation test platform.
Embodiment 2
Such as Fig. 1, a kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, including RT-LAB
Semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, institute
It states RT-LAB semi-matter simulating system to be connected with physical object information display system data, RT-LAB semi-matter simulating system and quilt
It is connected between test steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine DEH
Control system is connected.
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, described hard
Part emulator includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal
Input/output module is converted for digit pulse capture and signal, communicates phase between main processing block and signal input/output module
Even.
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool,
To find known to steam turbine DEH control system or unknown loophole function.
The known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration
Module.
The unknown bug excavation tool include bug excavation module, test case management module, consultative management module and
Configuration module.
The loophole confirmation tool loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating mould
Block and configuration module.
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition
The state of simulation model is acquired by module by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module root
Graphic plotting and display are carried out according to the acquisition data of data acquisition module.
This is a kind of preferred embodiment of the invention.RT-LAB semi-matter simulating system and physical object information are shown
System data is connected, and passes through hardwire mode between RT-LAB semi-matter simulating system and tested steam turbine DEH control system
Connection, the loophole testing tool are connected with tested steam turbine DEH control system, and application has the RT- of hard real-time for the first time
LAB technology, in conjunction with loophole testing tool and physical object information display system for deh control system loophole to practical steam turbine
Harm caused by operation devises simulation test platform;Pass through known bugs scanning tools, unknown bug excavation tool and leakage
Hole confirms tool to search all system vulnerabilities comprehensively, and the data acquisition module of physical object information display system uses real
The data of border deh control system and Practical Project, the conclusion that test platform obtains not are theoretical conclusion but practical corresponding knot
By such test result helps to improve engineering design plan (EDP).
Embodiment 3
Such as Fig. 1, a method of the steam turbine DEH control system loophole test based on RT-LAB technology, including following step
It is rapid:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, abnormal mould
Model is downloaded to the control of the steam turbine DEH based on RT-LAB technology by the abstract simulation model of type, fault model and disaster model
In the RT-LAB semi-matter simulating system of system vulnerability test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system
The operating parameter of type shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire
With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired
The control signal of quasi- executing agency, design or the engineering for importing actual industrial production or technical process;Loophole testing procedure: connection
Loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain the basic of steam turbine DEH control system
Information scans the known bugs in tested steam turbine DEH control system;Unknown bug excavation tool is executed, discovery is potential
Steam turbine DEH control system loophole, assesses the extent of injury of loophole;It executes loophole and confirms tool, judge that loophole is utilized can
Row, complexity design attack option.
This is the most basic embodiment party of the method for this steam turbine DEH control system loophole test based on RT-LAB technology
Case.Pass through abstract simulation model design step, graphical model design procedure, tested steam turbine DEH control system deployment step
Rapid and loophole testing procedure carries out Hole Detection to tested steam turbine DEH control system, uses analog signal and reality in detection
The test signal scanning of border engineering is known, unknown loophole, practical corresponding scanning conclusion is obtained, convenient for judging that loophole is utilized
Feasibility, complexity, design attack option and improve system.
Embodiment 4
Such as Fig. 1, a method of the steam turbine DEH control system loophole test based on RT-LAB technology, including following step
It is rapid:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, abnormal mould
Model is downloaded to the control of the steam turbine DEH based on RT-LAB technology by the abstract simulation model of type, fault model and disaster model
In the RT-LAB semi-matter simulating system of system vulnerability test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system
The operating parameter of type shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire
With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired
The control signal of quasi- executing agency, design or the engineering for importing actual industrial production or technical process;Loophole testing procedure: connection
Loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain the basic of steam turbine DEH control system
Information scans the known bugs in tested steam turbine DEH control system;Unknown bug excavation tool is executed, discovery is potential
Steam turbine DEH control system loophole, assesses the extent of injury of loophole;It executes loophole and confirms tool, judge that loophole is utilized can
Row, complexity design attack option.
In the abstract simulation model design step, with analogue system based on MATLAB Simulink software
The tool box Simpowersystems carries out abstract simulation model modeling, and carries out model by the Artemis software of RT-LAB and turn
It changes, to generate the abstract simulation model for being used for RT-LAB.
It designs or imports in the tested steam turbine DEH control system deploying step, in steam turbine DEH control system
Engineered source is in actual industrial production process and typical process flow, signal type and the RT-LAB HWIL simulation of input and output
The I/O signal type of system matches, and switching signal, temperature signal, position signal etc. are uniformly converted into voltage mode signals.
In the graphical model design procedure, the operating parameter of the abstract simulation model is primarily referred to as steam turbine emulation
Parameter in model, including turbine speed, rotation acceleration, vapor (steam) temperature, charge flow rate and output power.
In the tested steam turbine DEH control system deploying step, the signal of the analog sensor is by RT-LAB
The signal input/output module of semi-matter simulating system simulates signal measured by the sensor being mounted on steam turbine;It is described
The control signal of output simulation executing agency refers to be simulated by the signal input/output module of RT-LAB semi-matter simulating system
Control signal measured by the executing agency of steam turbine operation.
The engineering of actual industrial production or technical process is designed or imports by engineer station, and engineer station is
The computer workstation of configuration, programming, modification etc. is carried out to deh control system.
This is the preferred embodiment party of method of this steam turbine DEH control system loophole test based on RT-LAB technology
Case.Pass through abstract simulation model design step, graphical model design procedure, tested steam turbine DEH control system deployment step
Rapid and loophole testing procedure carries out Hole Detection to tested steam turbine DEH control system, uses analog signal and reality in detection
The test signal scanning of border engineering is known, unknown loophole, practical corresponding scanning conclusion is obtained, convenient for judging that loophole is utilized
Feasibility, complexity, design attack option and improve system.
Embodiment 5
A kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, it is characterised in that: including
RT-LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system
System, the RT-LAB semi-matter simulating system are connected with physical object information display system data, RT-LAB HWIL simulation system
It is connected between system and tested steam turbine DEH control system by hardwire mode, the loophole testing tool and tested vapour
Turbine deh control system is connected.
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, described hard
Part emulator includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal
Input/output module is converted for digit pulse capture and signal, communicates phase between main processing block and signal input/output module
Even.Preferably, main processing block is based on Intel/AMD framework, has multiple CPU, between each CPU by IEEE1394 bus into
Row data high-speed communication, signal input/output module use the I/O board of the FPGA based on Xilinx, realize the number of 10ns precision
Word pulse capture, the D/A conversion of 1us precision and the A/D of 2us are converted, and can simulate the executing agency of control steam turbine operation, main
Data communication is carried out using PCI-E technology between processing module and signal input/output module;Hardware emulator mainly realizes reality
When physical object copying, simulation software is for writing and design physical object simulation model, graphics debugging software realization
The function of partial parameters in online modification simulation model;The RT-LAB semi-matter simulating system simulates practical quilt in the present invention
Control object or actual physics process, realize hardware-in-loop simulation function, for example, the steam turbine in power plant, chemical plant rectifying column,
Catalytic cracking process, water treatment procedure, the production of petroleum and petrochemical industry manufacture pipelined process etc..
The steam turbine DEH control system uses the control system of existing domestic and foreign manufacturers, has both included all kinds of large-scale controls
System, as Distributed Control System DCS, network control system NCS, field bus control system FCS, data acquisition are controlled with monitoring
SCADA system etc. also includes back yard industry controller, such as programmable logic controller (PLC) PLC, servo controller, governor, remote
Journey terminal unit RTU and other low profile edge control systems etc..
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool,
To find known to steam turbine DEH control system or unknown loophole function.Known bugs scanning tools, which are mainly used for realizing, to be based on
The vulnerability scanning business in known bugs library;Unknown bug excavation tool mainly utilizes the fuzz testing technology based on agreement, passes through
It simulates each corresponding communication protocol of equipment in steam turbine DEH control system and sends mechanism, be sent to it variation or comprising mistake
Test packet, monitor the response message of measurand to find mistake, and then find security risk;Loophole confirms that tool is main
Realize the function of loophole confirmation and loophole attack test.
The known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration
Module.Vulnerability scanning module mainly realizes that sweep object includes operating system, data based on the known bugs scanning function of strategy
Library, application service, embedded software, industry control special-purpose software, network protocol, industrial field bus etc., scanning strategy include difference
The scanning of strength type, the scanning of Windows or class Unix equipment or embedded OS, network service scan, database
Scanning, attack scanning, virtual platform scanning etc..Port scan module mainly realizes the scanning to open port is devices under
Function, scanning mode include TCP scanning and UDP Scan.Password cracking module is mainly realized may in steam turbine DEH control system
Existing weak passwurd scans and cracks function, and password-type includes SMB agreement, snmp protocol, ORACLE database, MS SQL number
According to library, MySQL database, File Transfer Protocol, Telnet agreement, POP3 agreement, IMAP protocol, Rlogin agreement, SSH agreement, DB2
Database etc..Configuration module mainly realizes the function such as parameter configuration, tactical management, the scan task setting of known bugs scanning tools
Energy.
The unknown bug excavation tool include bug excavation module, test case management module, consultative management module and
Configuration module.Bug excavation module mainly realizes engine to function such as the message transmission of equipment under test and monitoring, analysis on monitoring result
Energy.Test case management module mainly realizes the management and script function of test use cases.Consultative management module is mainly real
The now management of tested network or industry control agreement, including TCP/IP class standard Ethernet protocol, Ethernet/IP, Profinet,
The Common Fieldbus agreement such as the industrial ethernet protocols such as EtherCAT and Modbus, CAN, Profibus, DeviceNet.
Configuration module mainly realize the parameter configuration of unknown bug excavation tool, test case rule configuration, fuzzy message quantity control,
Make a variation the functions such as library scope control.
The loophole confirmation tool loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating mould
Block and configuration module.Loophole recurrent modules mainly realize the functions such as the confirmation of loophole feature, tested RQ use-case.Vulnerability exploit module
It is main to realize to the writing function that vulnerability exploit method rule is manually entered, it is mainly used for oneself of attack simulating module using method
Dynamic attack.Attack simulating module mainly realizes the function of automation attack, simulation real network attack.Configuration module is mainly realized
Loophole confirms the parameter configuration of tool, rule configuration, the functions such as attack strategies setting.
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition
The state of simulation model is acquired by module by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module root
Graphic plotting and display are carried out according to the acquisition data of data acquisition module.Physical object information display system graphical representation RT-
The actual state for the physical object model that LAB is emulated, demonstrates the operation animation of physical object, and display physical object occurs abnormal
Demonstration picture afterwards provides foundation for the harmfulness judge of steam turbine DEH control system loophole.Physical object information display system
It is made of graphical representation module and data acquisition module.Graphical representation module is using technologies such as Unity 3D, DirectX.
A method of based on RT-LAB technology steam turbine DEH control system loophole test, which is characterized in that including with
Lower step:
Abstract simulation model design step: establishing to controlled physical object includes moving model, Exception Model, failure mould
Type, disaster model abstract simulation model model is downloaded in RT-LAB semi-matter simulating system and is run, operating parameter and
Operating status is monitored by RT-LAB active station;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system
Type operating parameter shows plant model by being controlled the graphics workstation of physical object information display system;Controlled object
Reason object information display system can effectively show model running in RT-LAB semi-matter simulating system, exception, failure, calamity occur
Difficult 4 kinds of scenes;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire
With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired
The control signal of quasi- executing agency is designed or is imported by engineer station the engineering of actual industrial production or technical process, passes through
Operator station supervisory control system running state;
Loophole testing procedure: connection loophole testing tool and steam turbine DEH control system execute hole scanner, obtain
Take the essential information of steam turbine DEH control system, such as operating system version, open port, open service.Scan tested vapour
Turbine deh control system whether there is known loophole, and vulnerability database derives from CVE vulnerability database and CNNVD vulnerability database;In conjunction with physics
Object information display system, the loophole for assessing discovery will cause which kind of damage of actual physics object, judge whether to occur event
Hinder, lead to disaster;Unknown bug excavation tool is executed, in conjunction with physics object information display system, finds potential steam turbine DEH
Control system loophole assesses the extent of injury of loophole;It executes loophole and confirms tool, judge feasibility, difficulty or ease that loophole is utilized
Degree designs attack option.
In the abstract simulation model design step, with analogue system based on MATLAB Simulink software
The tool box Simpowersystems carries out abstract simulation model modeling, and carries out model by the Artemis software of RT-LAB and turn
It changes, to generate the abstract simulation model for being used for RT-LAB.By simulation model on the basis of controlled device common mathematical model
Upper increase Catastrophe Process emulates link, such as steam turbine driving process, reacting furnace explosion link etc., to simulate controlled device entrance
Lead to the physical process of disaster after abnormality.
In the tested steam turbine DEH control system deploying step, the engineering run in steam turbine DEH control system is come
Derived from actual industrial production process and typical process flow, signal type and the RT-LAB semi-matter simulating system of input and output
I/O signal type matches, that is, switching signal, temperature signal, position signal etc. are uniformly converted into voltage mode signals.Meanwhile
In the engineering run, the signaling point for not influencing controlled physical object state is simulated using the analogue value.
Embodiment 7
Two modules of physical object information display system are mounted on graphics workstation and signal pickup assembly respectively.Figure
Graphical representation module, signal pickup assembly operation data acquisition module are run in shape work station.Signal pickup assembly can lead to
It crosses to be customized the IO of existing manufacturer acquisition equipment and melts hair and obtain.Graphics workstation is filled by Ethernet and signal acquisition
Set connected, signal pickup assembly is connected by hardwire form with the analogue system cabinet of RT-LAB semi-matter simulating system.
The main body of RT-LAB semi-matter simulating system is analogue system cabinet, including power supply, hardware emulator, network
Equipment etc..Simulation software operates in hardware emulator.Hardware emulator is programmed by RT-LAB active station, configured and adjusted
Examination.Portable computer realization can be used in RT-LAB active station, the interior graphical debugging software of installation of standing.RT-LAB active station passes through
Ethernet is connected with analogue system cabinet.Analogue system cabinet passes through the control system of hardwire and steam turbine DEH control system
Cabinet is connected.
Steam turbine DEH control system should include at least control system cabinet, engineer station, operator station, the network switch.
Wherein, the technological process of production and field control and signal acquisition etc. of Industry Control are realized as the control system cabinet of core
Function, including power supply, controller CPU/DPU unit, input and output I/O module, fieldbus communications module and other electric devices
Such as relay, breaker.Engineer station realizes programming in logic, the configuration feature to controller CPU/DPU unit, operator station
It realizes to functions such as real time monitoring, the emergency operations of control system.For large-scale control system, signal points are more, therefore, control
System cabinet quantity is more.For size control system, engineer station and operator station can be combined into one, with single computer reality
It is existing.For the single system that the medium and small controller such as PLC is constituted, engineer station and operator station can be saved.The network switch according to
Field network agreement is configured, and Ethernet switch is not limited to, and can also be serial ports interchanger, industrial ethernet switch etc.
Deng.
Steam turbine DEH control system loophole testing tool mainly exists in the form of software, is deployed in loophole testing station.
Loophole testing station use dedicated customization high-performance computer, configuration known bugs scanning tools, unknown bug excavation tool and
Loophole confirms three software tools of tool.Loophole testing station has industrial field bus communication plate, and the CAN such as PCIe interface is logical
News card, is connected by Ethernet or industrial field bus with steam turbine DEH control system.
The step of steam turbine DEH control system Hole Detection, is as follows:
Design the abstract simulation model of controlled physical object, including moving model, Exception Model, fault model, disaster mould
Type.Model is downloaded in RT-LAB semi-matter simulating system and is run.Operating parameter and operating status are operated by RT-LAB
Station is monitored.
The graphical model for designing controlled physical object, is opened up by the graphics workstation of physical object information display system
Show plant model.The parameter of graphical model is abstracted from signal pickup assembly in RT-LAB semi-matter simulating system
The data of simulation model operating parameter acquire.
Confirmation physical object information display system can effectively show model running in RT-LAB semi-matter simulating system, different
Often, failure, generation 4 kinds of scenes of disaster.
The tested steam turbine DEH control system of deployment, connects RT-LAB semi-matter simulating system in a manner of hardwire
The signal of analog sensor and the control signal of output simulation executing agency are acquired, practical work is designed or imported by engineer station
The engineering of industry production or technical process, passes through operator station supervisory control system running state.
Confirm physical object information display system, RT-LAB semi-matter simulating system and steam turbine DEH control system three
Stable signal transmission is reliable, excludes abnormal caused by non-test reason.
Loophole testing station and steam turbine DEH control system are connected, known bugs scanning tools are executed, obtains steam turbine DEH
The essential information of control system, such as operating system version, open port, open service.Scan tested steam turbine DEH control
System whether there is known loophole.Known bugs library derives from CVE vulnerability database and CNNVD vulnerability database.Believe in conjunction with physical object
Display system is ceased, the loophole for assessing discovery will cause which kind of damage of actual physics object, judges whether to break down, cause
Disaster.
Unknown bug excavation tool is executed, in conjunction with physics object information display system, finds potential steam turbine DEH control
System vulnerability assesses the extent of injury of loophole.
It executes loophole and confirms tool, judge feasibility, complexity that loophole is utilized, design attack option.
Claims (10)
1. a kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, it is characterised in that: including RT-
LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system,
The RT-LAB semi-matter simulating system is connected with physical object information display system data, RT-LAB semi-matter simulating system with
It is connected between tested steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine
Deh control system is connected;
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, and the hardware is imitative
True device includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal input
Output module is converted for digit pulse capture and signal, and communication is connected between main processing block and signal input/output module;
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool, to
It was found that steam turbine DEH control system is known or unknown loophole;
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition module
The state of simulation model is acquired by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module is according to number
Graphic plotting and display are carried out according to the acquisition data of acquisition module.
2. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1,
Be characterized in that: the known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration
Module.
3. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1,
Be characterized in that: the unknown bug excavation tool include bug excavation module, test case management module, consultative management module and
Configuration module.
4. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1,
Be characterized in that: the loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating module and configuration mould
Block.
5. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1
Test method, which comprises the following steps:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, Exception Model, event
The abstract simulation model for hindering model and disaster model, is downloaded to the steam turbine DEH control system based on RT-LAB technology for model
In the RT-LAB semi-matter simulating system of loophole test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted simulation model in RT-LAB semi-matter simulating system
Operating parameter shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system and quilt are connected in a manner of hardwire
Steam turbine DEH control system is tested, the signal and output simulation for acquiring tested steam turbine DEH Control system simulation sensor are held
The control signal of row mechanism, design or the engineering for importing actual industrial production or technical process;
Loophole testing procedure: connection loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain vapour
The essential information of turbine deh control system scans the known bugs in tested steam turbine DEH control system;Execute unknown leakage
Hole digging tool finds potential steam turbine DEH control system loophole, assesses the extent of injury of loophole;It executes loophole and confirms work
Tool judges feasibility, complexity that loophole is utilized, designs attack option.
6. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5
Test method, it is characterised in that: in the abstract simulation model design step, be based on MATLAB Simulink with analogue system
The tool box Simpowersystems of software carries out abstract simulation model modeling, and is carried out by the Artemis software of RT-LAB
Model conversion, to generate the abstract simulation model for being used for RT-LAB.
7. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5
Test method, it is characterised in that: in the tested steam turbine DEH control system deploying step, in steam turbine DEH control system
Design or the engineered source imported are in actual industrial production process and typical process flow, the signal type and RT- of input and output
The I/O signal type of LAB semi-matter simulating system matches, and switching signal, temperature signal, position signal are uniformly converted into voltage
Type signal.
8. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5
Test method, it is characterised in that: in the graphical model design procedure, the operating parameter of the abstract simulation model refers to vapour
Parameter in Marine Simulation model, including turbine speed, rotation acceleration, vapor (steam) temperature, charge flow rate and output power.
9. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5
Test method, it is characterised in that: in the tested steam turbine DEH control system deploying step, the letter of the analog sensor
It number is to simulate the sensor being mounted on steam turbine by the signal input/output module of RT-LAB semi-matter simulating system to be surveyed
The signal obtained;The control signal of output simulation executing agency refers to defeated by the signal input of RT-LAB semi-matter simulating system
Module simulates signal measured by the executing agency of control steam turbine operation out.
10. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5
Test method, it is characterised in that: the engineering of actual industrial production or technical process is designed or imports by engineer station
, engineer station is the computer workstation that configuration, programming, modification are carried out to deh control system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710208513.5A CN106959685B (en) | 2017-03-31 | 2017-03-31 | A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710208513.5A CN106959685B (en) | 2017-03-31 | 2017-03-31 | A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106959685A CN106959685A (en) | 2017-07-18 |
CN106959685B true CN106959685B (en) | 2019-10-08 |
Family
ID=59470552
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710208513.5A Active CN106959685B (en) | 2017-03-31 | 2017-03-31 | A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106959685B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107608844B (en) * | 2017-09-25 | 2021-02-12 | 苏州浪潮智能科技有限公司 | Method, system and device for testing hardware and computer readable storage medium |
CN109870927A (en) * | 2019-03-22 | 2019-06-11 | 哈尔滨汽轮机厂有限责任公司 | Million capacitance grade steam turbine island control logic verification platforms |
CN111125236B (en) * | 2019-12-18 | 2023-09-08 | 中国东方电气集团有限公司 | Three-dimensional dynamic information physical system based on GIS |
CN113882908B (en) * | 2020-07-03 | 2023-07-25 | 东方电气股份有限公司 | Steam turbine network safety off-line monitoring system and method based on passive monitoring algorithm |
CN113958377B (en) * | 2020-07-03 | 2023-04-07 | 东方电气股份有限公司 | Real-time online monitoring system and method for network security of steam turbine |
CN111818071A (en) * | 2020-07-15 | 2020-10-23 | 国家计算机网络与信息安全管理中心 | Vehicle stain analysis method and device |
CN113515059B (en) * | 2021-06-27 | 2023-06-30 | 陕西航空电气有限责任公司 | Multi-motor aircraft motor controller time-sharing multiplexing semi-physical test system based on RT-LAB |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105404207A (en) * | 2015-12-14 | 2016-03-16 | 中国电子信息产业集团有限公司第六研究所 | Industrial environment vulnerability discovering device and method |
CN106155042A (en) * | 2016-07-20 | 2016-11-23 | 北京新能源汽车股份有限公司 | Test method and device for fault processing of vehicle control unit |
-
2017
- 2017-03-31 CN CN201710208513.5A patent/CN106959685B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105404207A (en) * | 2015-12-14 | 2016-03-16 | 中国电子信息产业集团有限公司第六研究所 | Industrial environment vulnerability discovering device and method |
CN106155042A (en) * | 2016-07-20 | 2016-11-23 | 北京新能源汽车股份有限公司 | Test method and device for fault processing of vehicle control unit |
Also Published As
Publication number | Publication date |
---|---|
CN106959685A (en) | 2017-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106959685B (en) | A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology | |
Eckhart et al. | Towards security-aware virtual environments for digital twins | |
Conti et al. | A survey on industrial control system testbeds and datasets for security research | |
CN108769022B (en) | Industrial control system safety experiment system for penetration test | |
Qassim et al. | A survey of scada testbed implementation approaches | |
Wang et al. | A simulation environment for SCADA security analysis and assessment | |
CN105404207B (en) | A kind of industrial environment bug excavation apparatus and method for | |
US20160300001A1 (en) | Planning and Engineering Method, Software Tool and Simulation Tool for an Automation Solution | |
Ghaleb et al. | Scada-sst: a scada security testbed | |
Narayan et al. | Towards future SCADA systems for ICT-reliant energy systems | |
Xu et al. | MSICST: Multiple-Scenario Industrial Control System Testbed for Security Research. | |
CN110262420A (en) | A kind of distributed industrial control network security detection system | |
Hahn et al. | Automated Cyber Security Testing Platform for Industrial Control Systems. | |
Siddavatam et al. | Testing and validation of Modbus/TCP protocol for secure SCADA communication in CPS using formal methods | |
Mocanu et al. | An open-source hardware-in-the-loop virtualization system for cybersecurity studies of scada systems | |
CN106789275A (en) | Transmission Network of Power System security test system and method | |
CN115987621A (en) | Shore power network target range system based on block chain | |
Ashok et al. | A multi-level fidelity microgrid testbed model for cybersecurity experimentation | |
Rodríguez et al. | MOSTO: A toolkit to facilitate security auditing of ICS devices using Modbus/TCP | |
Lu et al. | A Survey of the Offensive and defensive in Industrial Control System | |
Blazek et al. | Development of cyber-physical security testbed based on IEC 61850 architecture | |
Barinov et al. | Virtual environment for researching information security of a distributed ICS | |
Masset et al. | Simulating industrial control systems using mininet | |
Wang et al. | Intrusion detection model of SCADA using graphical features | |
Zhao et al. | Hardware-in-the-loop simulation system for process control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |