CN106959685B - A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology - Google Patents

A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology Download PDF

Info

Publication number
CN106959685B
CN106959685B CN201710208513.5A CN201710208513A CN106959685B CN 106959685 B CN106959685 B CN 106959685B CN 201710208513 A CN201710208513 A CN 201710208513A CN 106959685 B CN106959685 B CN 106959685B
Authority
CN
China
Prior art keywords
steam turbine
control system
loophole
lab
deh control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710208513.5A
Other languages
Chinese (zh)
Other versions
CN106959685A (en
Inventor
桑梓
袁晓舒
吴小田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Eastern Electric Group Co Ltd
Original Assignee
China Eastern Electric Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Eastern Electric Group Co Ltd filed Critical China Eastern Electric Group Co Ltd
Priority to CN201710208513.5A priority Critical patent/CN106959685B/en
Publication of CN106959685A publication Critical patent/CN106959685A/en
Application granted granted Critical
Publication of CN106959685B publication Critical patent/CN106959685B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0208Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
    • G05B23/0213Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24065Real time diagnostics

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The system and method for the steam turbine DEH control system loophole test based on RT-LAB technology that the invention discloses a kind of, system includes RT-LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, the RT-LAB semi-matter simulating system is connected with physical object information display system data, it is connected between RT-LAB semi-matter simulating system and tested steam turbine DEH control system by hardwire mode, the loophole testing tool is connected with tested steam turbine DEH control system;Method includes abstract simulation model design, graphical model design, tested steam turbine DEH control system deployment and loophole testing procedure, the system and method for this system vulnerability test may influence steam turbine DEH control system loophole to carry out Simulation Evaluation and test caused by physics controlled device, solve the problems, such as that Industry Control scene is difficult to simulate and attack control system using information security loophole.

Description

A kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology And method
Technical field
The present invention relates to system vulnerability testing fields, and in particular to a kind of steam turbine DEH control based on RT-LAB technology The system and method for system vulnerability test.
Background technique
Along with being greatly improved for the level of informatization, digital electro-hydraulic (DEH) control system of power plant steam turbine increasingly according to Rely and be based on computer technology and network communication technology, the various information security issues that conventional information technical field is faced are also to work Industry control system forms serious threat.
Foreign countries expand a large amount of research to universal industrial control system information security emulation testing and vulnerability assessment at present. In terms of simulation test platform, U.S. Department of Energy has formulated national SCADA test envelope plan (NSTB) for power grid security, and builds Critical infrastructures test target range (CITR) has been stood, has attacked the influence to infrastructure to test network.American-European more universities Simulation test platform is established for electric system, chemical production process etc. respectively.It is external in vulnerability assessment and context of detection Main direction of studying is to carry out the risk assessment of quantification to industrial control system information security level using probability risk model, Such as Attack Tree analysis (ATA), fault tree analysis (FTA), failure mode and impact analysis (FMEA), Bayesian network (BN) Deng.Domestic correlative study is still in the elementary step, and such as Publication No. CN105652692A, the time of disclosure is on June 8th, 2016, The Chinese invention patent document of entitled " semi-physical emulation platform and control method of power plant's I&C system based on heat power generation ", Disclose the semi-physical emulation platform and control method of a kind of power plant's I&C system based on heat power generation, the HWIL simulation Platform includes heater, heat exchanger, air pump, steam turbine and controller, and the outlet of heater is entered by pipeline and heat exchanger Mouth connection, and the pipeline between it is equipped with temperature sensor, and the outlet of heat exchanger passes through the entrance of pipeline and steam turbine company It connects, the outlet of air pump is connected by the outlet of pipeline and heat exchanger, the pipe between the outlet of heat exchanger and the entrance of steam turbine Road is equipped with flowmeter and solenoid valve, and controller is connect with temperature sensor, flowmeter and solenoid valve respectively by I/0 board, Controller automatically adjusts the flow of the air of supply steam turbine, and forms feedback, more really to simulate hot power generation industries mistake Journey;And the Steam Turbine information security test platform based on HWIL simulation still belongs to blank, the prior art still only from The mathematical modeling angle of steam turbine control has studied the HWIL simulation problem of steam turbine control.Not yet discovery is directed to steamer at present Research in terms of the information security of machine deh control system.
The prior art has the following problems:
On the one hand, the existing semi-true object emulation technology research for steam turbine DEH control system is primarily upon steam turbine Control method and strategy establish Dynamic turbine model, not to the information security issue expansion half during steam turbine operation The information security loophole of research in terms of matter emulation, especially deh control system is studied.And current industrial control system information The research of safety is mainly directed towards general industrial control system, and shortage asks the information security of power plant steam turbine deh control system The research of topic, the especially research to the information security loophole of deh control system.
On the other hand, existing industrial control system Method of Information Security Evaluation and means, especially information security loophole Test method, it is difficult to apply in actual steam turbine DEH control system.Due to that whether can not judge loophole test method at present Which kind of influence can be caused on the actual motion of steam turbine control system, therefore, in order to avoid existing vulnerability scanning or loophole are dug Loophole test macro may not be linked into reality to adverse effect caused by steam turbine actual motion, existing method by pick test In the power plant steam turbine deh control system of operation, rested on so as to cause the information security research for steam turbine control system Theory stage.
In conclusion existing information security vulnerability testing method can not detect the information security of steam turbine DEH control system Loophole may be to harm caused by steam turbine actual motion.
Summary of the invention
The object of the present invention is to provide a set of, and the steam turbine DEH control system loophole test based on RT-LAB technology is flat Platform.The semi-true object emulation technology based on RT-LAB is utilized in the system, in conjunction with the special system structure of steam turbine DEH control system And its hardware environment is ground using the common loophole test method of information security field and means by Simulation Evaluation and test Study carefully the influence caused by steam turbine operation of deh control system loophole, solves and information security loophole mould is currently difficult to be utilized The problem of quasi- attack actual control system, provides platform branch for further research industrial control system protecting information safety method Support and design considerations.
The purpose of the present invention is what is be achieved through the following technical solutions:
A kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, it is characterised in that: including RT-LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system System, the RT-LAB semi-matter simulating system are connected with physical object information display system data, RT-LAB HWIL simulation system It is connected between system and tested steam turbine DEH control system by hardwire mode, the loophole testing tool and tested vapour Turbine deh control system is connected.
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, described hard Part emulator includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal Input/output module is converted for digit pulse capture and signal, communicates phase between main processing block and signal input/output module Even.
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool, To find known to steam turbine DEH control system or unknown loophole function.
The known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration Module.
The unknown bug excavation tool include bug excavation module, test case management module, consultative management module and Configuration module.
The loophole confirmation tool loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating mould Block and configuration module.
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition The state of simulation model is acquired by module by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module root Graphic plotting and display are carried out according to the acquisition data of data acquisition module.
A method of based on RT-LAB technology steam turbine DEH control system loophole test, which is characterized in that including with Lower step:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, abnormal mould Model is downloaded to the control of the steam turbine DEH based on RT-LAB technology by the abstract simulation model of type, fault model and disaster model In the RT-LAB semi-matter simulating system of system vulnerability test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system The operating parameter of type shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired The control signal of quasi- executing agency, design or the engineering for importing actual industrial production or technical process;Analog sensor refers to RT- The signal output module of LAB system simulates the sensor being mounted on steam turbine.Deh control system acquires the analog sensor Signal, with obtain by the RT-LAB steam turbine simulated parameters.Simulation executes the signal that structure refers to RT-LAB system Input module simulates the executing agency of control steam turbine operation.Deh control system is output to the control letter of simulation executing agency Number, refer to that deh control system is actually controlling the steam turbine simulated by RT-LAB.
Loophole testing procedure: connection loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain The essential information of steam turbine DEH control system is taken, the known bugs in tested steam turbine DEH control system are scanned;It executes not Know bug excavation tool, finds potential steam turbine DEH control system loophole, assess the extent of injury of loophole;It is true to execute loophole Recognize tool, judge feasibility, complexity that loophole is utilized, designs attack option.
In the abstract simulation model design step, with analogue system based on MATLAB Simulink software The tool box Simpowersystems carries out abstract simulation model modeling, and carries out model by the Artemis software of RT-LAB and turn It changes, to generate the abstract simulation model for being used for RT-LAB.
It designs or imports in the tested steam turbine DEH control system deploying step, in steam turbine DEH control system Engineered source is in actual industrial production process and typical process flow, signal type and the RT-LAB HWIL simulation of input and output The I/O signal type of system matches, and switching signal, temperature signal, position signal etc. are uniformly converted into voltage mode signals.Because Practical Project is applied, so, complete control logic, such as the control logic of steam turbine items test are contained in engineering, this A little control logics and corresponding signaling point will not impact the practical normal operating condition of physical object, therefore, these points It can be simulated by modifying the configuration logic of engineering to be shielded, or with the analogue value.
In the graphical model design procedure, the operating parameter of the abstract simulation model is primarily referred to as steam turbine emulation Parameter in model, including turbine speed, rotation acceleration, vapor (steam) temperature, charge flow rate and output power.
In the tested steam turbine DEH control system deploying step, the signal of the analog sensor is by RT-LAB The signal input/output module of semi-matter simulating system simulates signal measured by the sensor being mounted on steam turbine;It is described The control signal of output simulation executing agency refers to be simulated by the signal input/output module of RT-LAB semi-matter simulating system Control signal measured by the executing agency of steam turbine operation.
The engineering of actual industrial production or technical process is designed or imports by engineer station, and engineer station is The computer workstation of configuration, programming, modification etc. is carried out to deh control system.Engineer station is power plant steam turbine DEH control system Peculiar concept in system, refers in steam turbine process control, carries out configuration to deh control system used in engineer, compiles The computer workstation of journey, modification etc..
Beneficial effects of the present invention are as follows:
One, the system of a kind of steam turbine DEH control system loophole test based on RT-LAB technology provided by the invention, RT-LAB semi-matter simulating system is connected with physical object information display system data, RT-LAB semi-matter simulating system and tested It is connected between examination steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine DEH control System processed is connected, and application has the RT-LAB technology of hard real-time for the first time, aobvious in conjunction with loophole testing tool and physical object information Show that system devises simulation test platform to harm caused by practical steam turbine operation for deh control system loophole.
Two, the system of a kind of steam turbine DEH control system loophole test based on RT-LAB technology provided by the invention, leads to Known bugs scanning tools, unknown bug excavation tool and loophole confirmation tool are crossed to search all system vulnerabilities, object comprehensively The data acquisition module for managing object information display system uses the data of practical deh control system and Practical Project, and test is flat The conclusion that platform obtains not is theoretical conclusion but practical corresponding conclusion, and such test result helps to improve engineering design side Case.
Three, the method for a kind of steam turbine DEH control system loophole test based on RT-LAB technology provided by the invention, leads to Cross abstract simulation model design step, graphical model design procedure, tested steam turbine DEH control system deploying step and leakage Hole testing procedure carries out Hole Detection to tested steam turbine DEH control system, uses analog signal and Practical Project in detection Test signal scanning is known, unknown loophole, practical corresponding scanning conclusion is obtained, convenient for judging that loophole is utilized feasible Property, complexity, design attack option and improve system.
Detailed description of the invention
Fig. 1 is a kind of system structure diagram of preferred embodiment of the present invention.
Specific embodiment
The technical solution that purpose to realize the present invention is further illustrated below by way of several specific embodiments needs to illustrate , claimed technical solution of the invention includes but is not limited to following embodiment.
Embodiment 1
Such as Fig. 1, a kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, including RT-LAB Semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, institute It states RT-LAB semi-matter simulating system to be connected with physical object information display system data, RT-LAB semi-matter simulating system and quilt It is connected between test steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine DEH Control system is connected.
This is a kind of most basic embodiment of the invention.RT-LAB semi-matter simulating system and physical object information are shown System data is connected, and passes through hardwire mode between RT-LAB semi-matter simulating system and tested steam turbine DEH control system Connection, the loophole testing tool are connected with tested steam turbine DEH control system, and application has the RT- of hard real-time for the first time LAB technology, in conjunction with loophole testing tool and physical object information display system for deh control system loophole to practical steam turbine Harm caused by operation devises simulation test platform.
Embodiment 2
Such as Fig. 1, a kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, including RT-LAB Semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, institute It states RT-LAB semi-matter simulating system to be connected with physical object information display system data, RT-LAB semi-matter simulating system and quilt It is connected between test steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine DEH Control system is connected.
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, described hard Part emulator includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal Input/output module is converted for digit pulse capture and signal, communicates phase between main processing block and signal input/output module Even.
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool, To find known to steam turbine DEH control system or unknown loophole function.
The known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration Module.
The unknown bug excavation tool include bug excavation module, test case management module, consultative management module and Configuration module.
The loophole confirmation tool loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating mould Block and configuration module.
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition The state of simulation model is acquired by module by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module root Graphic plotting and display are carried out according to the acquisition data of data acquisition module.
This is a kind of preferred embodiment of the invention.RT-LAB semi-matter simulating system and physical object information are shown System data is connected, and passes through hardwire mode between RT-LAB semi-matter simulating system and tested steam turbine DEH control system Connection, the loophole testing tool are connected with tested steam turbine DEH control system, and application has the RT- of hard real-time for the first time LAB technology, in conjunction with loophole testing tool and physical object information display system for deh control system loophole to practical steam turbine Harm caused by operation devises simulation test platform;Pass through known bugs scanning tools, unknown bug excavation tool and leakage Hole confirms tool to search all system vulnerabilities comprehensively, and the data acquisition module of physical object information display system uses real The data of border deh control system and Practical Project, the conclusion that test platform obtains not are theoretical conclusion but practical corresponding knot By such test result helps to improve engineering design plan (EDP).
Embodiment 3
Such as Fig. 1, a method of the steam turbine DEH control system loophole test based on RT-LAB technology, including following step It is rapid:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, abnormal mould Model is downloaded to the control of the steam turbine DEH based on RT-LAB technology by the abstract simulation model of type, fault model and disaster model In the RT-LAB semi-matter simulating system of system vulnerability test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system The operating parameter of type shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired The control signal of quasi- executing agency, design or the engineering for importing actual industrial production or technical process;Loophole testing procedure: connection Loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain the basic of steam turbine DEH control system Information scans the known bugs in tested steam turbine DEH control system;Unknown bug excavation tool is executed, discovery is potential Steam turbine DEH control system loophole, assesses the extent of injury of loophole;It executes loophole and confirms tool, judge that loophole is utilized can Row, complexity design attack option.
This is the most basic embodiment party of the method for this steam turbine DEH control system loophole test based on RT-LAB technology Case.Pass through abstract simulation model design step, graphical model design procedure, tested steam turbine DEH control system deployment step Rapid and loophole testing procedure carries out Hole Detection to tested steam turbine DEH control system, uses analog signal and reality in detection The test signal scanning of border engineering is known, unknown loophole, practical corresponding scanning conclusion is obtained, convenient for judging that loophole is utilized Feasibility, complexity, design attack option and improve system.
Embodiment 4
Such as Fig. 1, a method of the steam turbine DEH control system loophole test based on RT-LAB technology, including following step It is rapid:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, abnormal mould Model is downloaded to the control of the steam turbine DEH based on RT-LAB technology by the abstract simulation model of type, fault model and disaster model In the RT-LAB semi-matter simulating system of system vulnerability test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system The operating parameter of type shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired The control signal of quasi- executing agency, design or the engineering for importing actual industrial production or technical process;Loophole testing procedure: connection Loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain the basic of steam turbine DEH control system Information scans the known bugs in tested steam turbine DEH control system;Unknown bug excavation tool is executed, discovery is potential Steam turbine DEH control system loophole, assesses the extent of injury of loophole;It executes loophole and confirms tool, judge that loophole is utilized can Row, complexity design attack option.
In the abstract simulation model design step, with analogue system based on MATLAB Simulink software The tool box Simpowersystems carries out abstract simulation model modeling, and carries out model by the Artemis software of RT-LAB and turn It changes, to generate the abstract simulation model for being used for RT-LAB.
It designs or imports in the tested steam turbine DEH control system deploying step, in steam turbine DEH control system Engineered source is in actual industrial production process and typical process flow, signal type and the RT-LAB HWIL simulation of input and output The I/O signal type of system matches, and switching signal, temperature signal, position signal etc. are uniformly converted into voltage mode signals.
In the graphical model design procedure, the operating parameter of the abstract simulation model is primarily referred to as steam turbine emulation Parameter in model, including turbine speed, rotation acceleration, vapor (steam) temperature, charge flow rate and output power.
In the tested steam turbine DEH control system deploying step, the signal of the analog sensor is by RT-LAB The signal input/output module of semi-matter simulating system simulates signal measured by the sensor being mounted on steam turbine;It is described The control signal of output simulation executing agency refers to be simulated by the signal input/output module of RT-LAB semi-matter simulating system Control signal measured by the executing agency of steam turbine operation.
The engineering of actual industrial production or technical process is designed or imports by engineer station, and engineer station is The computer workstation of configuration, programming, modification etc. is carried out to deh control system.
This is the preferred embodiment party of method of this steam turbine DEH control system loophole test based on RT-LAB technology Case.Pass through abstract simulation model design step, graphical model design procedure, tested steam turbine DEH control system deployment step Rapid and loophole testing procedure carries out Hole Detection to tested steam turbine DEH control system, uses analog signal and reality in detection The test signal scanning of border engineering is known, unknown loophole, practical corresponding scanning conclusion is obtained, convenient for judging that loophole is utilized Feasibility, complexity, design attack option and improve system.
Embodiment 5
A kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, it is characterised in that: including RT-LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system System, the RT-LAB semi-matter simulating system are connected with physical object information display system data, RT-LAB HWIL simulation system It is connected between system and tested steam turbine DEH control system by hardwire mode, the loophole testing tool and tested vapour Turbine deh control system is connected.
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, described hard Part emulator includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal Input/output module is converted for digit pulse capture and signal, communicates phase between main processing block and signal input/output module Even.Preferably, main processing block is based on Intel/AMD framework, has multiple CPU, between each CPU by IEEE1394 bus into Row data high-speed communication, signal input/output module use the I/O board of the FPGA based on Xilinx, realize the number of 10ns precision Word pulse capture, the D/A conversion of 1us precision and the A/D of 2us are converted, and can simulate the executing agency of control steam turbine operation, main Data communication is carried out using PCI-E technology between processing module and signal input/output module;Hardware emulator mainly realizes reality When physical object copying, simulation software is for writing and design physical object simulation model, graphics debugging software realization The function of partial parameters in online modification simulation model;The RT-LAB semi-matter simulating system simulates practical quilt in the present invention Control object or actual physics process, realize hardware-in-loop simulation function, for example, the steam turbine in power plant, chemical plant rectifying column, Catalytic cracking process, water treatment procedure, the production of petroleum and petrochemical industry manufacture pipelined process etc..
The steam turbine DEH control system uses the control system of existing domestic and foreign manufacturers, has both included all kinds of large-scale controls System, as Distributed Control System DCS, network control system NCS, field bus control system FCS, data acquisition are controlled with monitoring SCADA system etc. also includes back yard industry controller, such as programmable logic controller (PLC) PLC, servo controller, governor, remote Journey terminal unit RTU and other low profile edge control systems etc..
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool, To find known to steam turbine DEH control system or unknown loophole function.Known bugs scanning tools, which are mainly used for realizing, to be based on The vulnerability scanning business in known bugs library;Unknown bug excavation tool mainly utilizes the fuzz testing technology based on agreement, passes through It simulates each corresponding communication protocol of equipment in steam turbine DEH control system and sends mechanism, be sent to it variation or comprising mistake Test packet, monitor the response message of measurand to find mistake, and then find security risk;Loophole confirms that tool is main Realize the function of loophole confirmation and loophole attack test.
The known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration Module.Vulnerability scanning module mainly realizes that sweep object includes operating system, data based on the known bugs scanning function of strategy Library, application service, embedded software, industry control special-purpose software, network protocol, industrial field bus etc., scanning strategy include difference The scanning of strength type, the scanning of Windows or class Unix equipment or embedded OS, network service scan, database Scanning, attack scanning, virtual platform scanning etc..Port scan module mainly realizes the scanning to open port is devices under Function, scanning mode include TCP scanning and UDP Scan.Password cracking module is mainly realized may in steam turbine DEH control system Existing weak passwurd scans and cracks function, and password-type includes SMB agreement, snmp protocol, ORACLE database, MS SQL number According to library, MySQL database, File Transfer Protocol, Telnet agreement, POP3 agreement, IMAP protocol, Rlogin agreement, SSH agreement, DB2 Database etc..Configuration module mainly realizes the function such as parameter configuration, tactical management, the scan task setting of known bugs scanning tools Energy.
The unknown bug excavation tool include bug excavation module, test case management module, consultative management module and Configuration module.Bug excavation module mainly realizes engine to function such as the message transmission of equipment under test and monitoring, analysis on monitoring result Energy.Test case management module mainly realizes the management and script function of test use cases.Consultative management module is mainly real The now management of tested network or industry control agreement, including TCP/IP class standard Ethernet protocol, Ethernet/IP, Profinet, The Common Fieldbus agreement such as the industrial ethernet protocols such as EtherCAT and Modbus, CAN, Profibus, DeviceNet. Configuration module mainly realize the parameter configuration of unknown bug excavation tool, test case rule configuration, fuzzy message quantity control, Make a variation the functions such as library scope control.
The loophole confirmation tool loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating mould Block and configuration module.Loophole recurrent modules mainly realize the functions such as the confirmation of loophole feature, tested RQ use-case.Vulnerability exploit module It is main to realize to the writing function that vulnerability exploit method rule is manually entered, it is mainly used for oneself of attack simulating module using method Dynamic attack.Attack simulating module mainly realizes the function of automation attack, simulation real network attack.Configuration module is mainly realized Loophole confirms the parameter configuration of tool, rule configuration, the functions such as attack strategies setting.
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition The state of simulation model is acquired by module by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module root Graphic plotting and display are carried out according to the acquisition data of data acquisition module.Physical object information display system graphical representation RT- The actual state for the physical object model that LAB is emulated, demonstrates the operation animation of physical object, and display physical object occurs abnormal Demonstration picture afterwards provides foundation for the harmfulness judge of steam turbine DEH control system loophole.Physical object information display system It is made of graphical representation module and data acquisition module.Graphical representation module is using technologies such as Unity 3D, DirectX.
A method of based on RT-LAB technology steam turbine DEH control system loophole test, which is characterized in that including with Lower step:
Abstract simulation model design step: establishing to controlled physical object includes moving model, Exception Model, failure mould Type, disaster model abstract simulation model model is downloaded in RT-LAB semi-matter simulating system and is run, operating parameter and Operating status is monitored by RT-LAB active station;
Graphical model design procedure: it acquires controlled physical object and is abstracted emulation mould in RT-LAB semi-matter simulating system Type operating parameter shows plant model by being controlled the graphics workstation of physical object information display system;Controlled object Reason object information display system can effectively show model running in RT-LAB semi-matter simulating system, exception, failure, calamity occur Difficult 4 kinds of scenes;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system is connected in a manner of hardwire With tested steam turbine DEH control system, the signal and output mould of tested steam turbine DEH Control system simulation sensor are acquired The control signal of quasi- executing agency is designed or is imported by engineer station the engineering of actual industrial production or technical process, passes through Operator station supervisory control system running state;
Loophole testing procedure: connection loophole testing tool and steam turbine DEH control system execute hole scanner, obtain Take the essential information of steam turbine DEH control system, such as operating system version, open port, open service.Scan tested vapour Turbine deh control system whether there is known loophole, and vulnerability database derives from CVE vulnerability database and CNNVD vulnerability database;In conjunction with physics Object information display system, the loophole for assessing discovery will cause which kind of damage of actual physics object, judge whether to occur event Hinder, lead to disaster;Unknown bug excavation tool is executed, in conjunction with physics object information display system, finds potential steam turbine DEH Control system loophole assesses the extent of injury of loophole;It executes loophole and confirms tool, judge feasibility, difficulty or ease that loophole is utilized Degree designs attack option.
In the abstract simulation model design step, with analogue system based on MATLAB Simulink software The tool box Simpowersystems carries out abstract simulation model modeling, and carries out model by the Artemis software of RT-LAB and turn It changes, to generate the abstract simulation model for being used for RT-LAB.By simulation model on the basis of controlled device common mathematical model Upper increase Catastrophe Process emulates link, such as steam turbine driving process, reacting furnace explosion link etc., to simulate controlled device entrance Lead to the physical process of disaster after abnormality.
In the tested steam turbine DEH control system deploying step, the engineering run in steam turbine DEH control system is come Derived from actual industrial production process and typical process flow, signal type and the RT-LAB semi-matter simulating system of input and output I/O signal type matches, that is, switching signal, temperature signal, position signal etc. are uniformly converted into voltage mode signals.Meanwhile In the engineering run, the signaling point for not influencing controlled physical object state is simulated using the analogue value.
Embodiment 7
Two modules of physical object information display system are mounted on graphics workstation and signal pickup assembly respectively.Figure Graphical representation module, signal pickup assembly operation data acquisition module are run in shape work station.Signal pickup assembly can lead to It crosses to be customized the IO of existing manufacturer acquisition equipment and melts hair and obtain.Graphics workstation is filled by Ethernet and signal acquisition Set connected, signal pickup assembly is connected by hardwire form with the analogue system cabinet of RT-LAB semi-matter simulating system.
The main body of RT-LAB semi-matter simulating system is analogue system cabinet, including power supply, hardware emulator, network Equipment etc..Simulation software operates in hardware emulator.Hardware emulator is programmed by RT-LAB active station, configured and adjusted Examination.Portable computer realization can be used in RT-LAB active station, the interior graphical debugging software of installation of standing.RT-LAB active station passes through Ethernet is connected with analogue system cabinet.Analogue system cabinet passes through the control system of hardwire and steam turbine DEH control system Cabinet is connected.
Steam turbine DEH control system should include at least control system cabinet, engineer station, operator station, the network switch. Wherein, the technological process of production and field control and signal acquisition etc. of Industry Control are realized as the control system cabinet of core Function, including power supply, controller CPU/DPU unit, input and output I/O module, fieldbus communications module and other electric devices Such as relay, breaker.Engineer station realizes programming in logic, the configuration feature to controller CPU/DPU unit, operator station It realizes to functions such as real time monitoring, the emergency operations of control system.For large-scale control system, signal points are more, therefore, control System cabinet quantity is more.For size control system, engineer station and operator station can be combined into one, with single computer reality It is existing.For the single system that the medium and small controller such as PLC is constituted, engineer station and operator station can be saved.The network switch according to Field network agreement is configured, and Ethernet switch is not limited to, and can also be serial ports interchanger, industrial ethernet switch etc. Deng.
Steam turbine DEH control system loophole testing tool mainly exists in the form of software, is deployed in loophole testing station. Loophole testing station use dedicated customization high-performance computer, configuration known bugs scanning tools, unknown bug excavation tool and Loophole confirms three software tools of tool.Loophole testing station has industrial field bus communication plate, and the CAN such as PCIe interface is logical News card, is connected by Ethernet or industrial field bus with steam turbine DEH control system.
The step of steam turbine DEH control system Hole Detection, is as follows:
Design the abstract simulation model of controlled physical object, including moving model, Exception Model, fault model, disaster mould Type.Model is downloaded in RT-LAB semi-matter simulating system and is run.Operating parameter and operating status are operated by RT-LAB Station is monitored.
The graphical model for designing controlled physical object, is opened up by the graphics workstation of physical object information display system Show plant model.The parameter of graphical model is abstracted from signal pickup assembly in RT-LAB semi-matter simulating system The data of simulation model operating parameter acquire.
Confirmation physical object information display system can effectively show model running in RT-LAB semi-matter simulating system, different Often, failure, generation 4 kinds of scenes of disaster.
The tested steam turbine DEH control system of deployment, connects RT-LAB semi-matter simulating system in a manner of hardwire The signal of analog sensor and the control signal of output simulation executing agency are acquired, practical work is designed or imported by engineer station The engineering of industry production or technical process, passes through operator station supervisory control system running state.
Confirm physical object information display system, RT-LAB semi-matter simulating system and steam turbine DEH control system three Stable signal transmission is reliable, excludes abnormal caused by non-test reason.
Loophole testing station and steam turbine DEH control system are connected, known bugs scanning tools are executed, obtains steam turbine DEH The essential information of control system, such as operating system version, open port, open service.Scan tested steam turbine DEH control System whether there is known loophole.Known bugs library derives from CVE vulnerability database and CNNVD vulnerability database.Believe in conjunction with physical object Display system is ceased, the loophole for assessing discovery will cause which kind of damage of actual physics object, judges whether to break down, cause Disaster.
Unknown bug excavation tool is executed, in conjunction with physics object information display system, finds potential steam turbine DEH control System vulnerability assesses the extent of injury of loophole.
It executes loophole and confirms tool, judge feasibility, complexity that loophole is utilized, design attack option.

Claims (10)

1. a kind of system of the steam turbine DEH control system loophole test based on RT-LAB technology, it is characterised in that: including RT- LAB semi-matter simulating system, tested steam turbine DEH control system, loophole testing tool and physical object information display system, The RT-LAB semi-matter simulating system is connected with physical object information display system data, RT-LAB semi-matter simulating system with It is connected between tested steam turbine DEH control system by hardwire mode, the loophole testing tool and tested steam turbine Deh control system is connected;
The RT-LAB semi-matter simulating system includes hardware emulator, simulation software and graphics debugging software, and the hardware is imitative True device includes main processing block and signal input/output module, the CPU that main processing block has multiple communications connected, signal input Output module is converted for digit pulse capture and signal, and communication is connected between main processing block and signal input/output module;
The loophole testing tool includes that known bugs scanning tools, unknown bug excavation tool and loophole confirm tool, to It was found that steam turbine DEH control system is known or unknown loophole;
The physical object information display system includes graphical representation module and data acquisition module, the data acquisition module The state of simulation model is acquired by the debugging mouth of RT-LAB semi-matter simulating system, graphical representation module is according to number Graphic plotting and display are carried out according to the acquisition data of acquisition module.
2. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1, Be characterized in that: the known bugs scanning tools include vulnerability scanning module, port scan module, password cracking module and configuration Module.
3. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1, Be characterized in that: the unknown bug excavation tool include bug excavation module, test case management module, consultative management module and Configuration module.
4. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1, Be characterized in that: the loophole confirmation tool includes loophole recurrent modules, vulnerability exploit module, attack simulating module and configuration mould Block.
5. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as described in claim 1 Test method, which comprises the following steps:
Abstract simulation model design step: being established with simulation software to controlled physical object includes moving model, Exception Model, event The abstract simulation model for hindering model and disaster model, is downloaded to the steam turbine DEH control system based on RT-LAB technology for model In the RT-LAB semi-matter simulating system of loophole test macro and run;
Graphical model design procedure: it acquires controlled physical object and is abstracted simulation model in RT-LAB semi-matter simulating system Operating parameter shows plant model by being controlled the graphics workstation of physical object information display system;
Tested steam turbine DEH control system deploying step: RT-LAB semi-matter simulating system and quilt are connected in a manner of hardwire Steam turbine DEH control system is tested, the signal and output simulation for acquiring tested steam turbine DEH Control system simulation sensor are held The control signal of row mechanism, design or the engineering for importing actual industrial production or technical process;
Loophole testing procedure: connection loophole testing tool and steam turbine DEH control system execute loophole testing tool, obtain vapour The essential information of turbine deh control system scans the known bugs in tested steam turbine DEH control system;Execute unknown leakage Hole digging tool finds potential steam turbine DEH control system loophole, assesses the extent of injury of loophole;It executes loophole and confirms work Tool judges feasibility, complexity that loophole is utilized, designs attack option.
6. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5 Test method, it is characterised in that: in the abstract simulation model design step, be based on MATLAB Simulink with analogue system The tool box Simpowersystems of software carries out abstract simulation model modeling, and is carried out by the Artemis software of RT-LAB Model conversion, to generate the abstract simulation model for being used for RT-LAB.
7. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5 Test method, it is characterised in that: in the tested steam turbine DEH control system deploying step, in steam turbine DEH control system Design or the engineered source imported are in actual industrial production process and typical process flow, the signal type and RT- of input and output The I/O signal type of LAB semi-matter simulating system matches, and switching signal, temperature signal, position signal are uniformly converted into voltage Type signal.
8. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5 Test method, it is characterised in that: in the graphical model design procedure, the operating parameter of the abstract simulation model refers to vapour Parameter in Marine Simulation model, including turbine speed, rotation acceleration, vapor (steam) temperature, charge flow rate and output power.
9. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5 Test method, it is characterised in that: in the tested steam turbine DEH control system deploying step, the letter of the analog sensor It number is to simulate the sensor being mounted on steam turbine by the signal input/output module of RT-LAB semi-matter simulating system to be surveyed The signal obtained;The control signal of output simulation executing agency refers to defeated by the signal input of RT-LAB semi-matter simulating system Module simulates signal measured by the executing agency of control steam turbine operation out.
10. a kind of system of steam turbine DEH control system loophole test based on RT-LAB technology as claimed in claim 5 Test method, it is characterised in that: the engineering of actual industrial production or technical process is designed or imports by engineer station , engineer station is the computer workstation that configuration, programming, modification are carried out to deh control system.
CN201710208513.5A 2017-03-31 2017-03-31 A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology Active CN106959685B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710208513.5A CN106959685B (en) 2017-03-31 2017-03-31 A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710208513.5A CN106959685B (en) 2017-03-31 2017-03-31 A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology

Publications (2)

Publication Number Publication Date
CN106959685A CN106959685A (en) 2017-07-18
CN106959685B true CN106959685B (en) 2019-10-08

Family

ID=59470552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710208513.5A Active CN106959685B (en) 2017-03-31 2017-03-31 A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology

Country Status (1)

Country Link
CN (1) CN106959685B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107608844B (en) * 2017-09-25 2021-02-12 苏州浪潮智能科技有限公司 Method, system and device for testing hardware and computer readable storage medium
CN109870927A (en) * 2019-03-22 2019-06-11 哈尔滨汽轮机厂有限责任公司 Million capacitance grade steam turbine island control logic verification platforms
CN111125236B (en) * 2019-12-18 2023-09-08 中国东方电气集团有限公司 Three-dimensional dynamic information physical system based on GIS
CN113882908B (en) * 2020-07-03 2023-07-25 东方电气股份有限公司 Steam turbine network safety off-line monitoring system and method based on passive monitoring algorithm
CN113958377B (en) * 2020-07-03 2023-04-07 东方电气股份有限公司 Real-time online monitoring system and method for network security of steam turbine
CN111818071A (en) * 2020-07-15 2020-10-23 国家计算机网络与信息安全管理中心 Vehicle stain analysis method and device
CN113515059B (en) * 2021-06-27 2023-06-30 陕西航空电气有限责任公司 Multi-motor aircraft motor controller time-sharing multiplexing semi-physical test system based on RT-LAB

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105404207A (en) * 2015-12-14 2016-03-16 中国电子信息产业集团有限公司第六研究所 Industrial environment vulnerability discovering device and method
CN106155042A (en) * 2016-07-20 2016-11-23 北京新能源汽车股份有限公司 Test method and device for fault processing of vehicle control unit

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105404207A (en) * 2015-12-14 2016-03-16 中国电子信息产业集团有限公司第六研究所 Industrial environment vulnerability discovering device and method
CN106155042A (en) * 2016-07-20 2016-11-23 北京新能源汽车股份有限公司 Test method and device for fault processing of vehicle control unit

Also Published As

Publication number Publication date
CN106959685A (en) 2017-07-18

Similar Documents

Publication Publication Date Title
CN106959685B (en) A kind of system and method for the steam turbine DEH control system loophole test based on RT-LAB technology
Eckhart et al. Towards security-aware virtual environments for digital twins
Conti et al. A survey on industrial control system testbeds and datasets for security research
CN108769022B (en) Industrial control system safety experiment system for penetration test
Qassim et al. A survey of scada testbed implementation approaches
Wang et al. A simulation environment for SCADA security analysis and assessment
CN105404207B (en) A kind of industrial environment bug excavation apparatus and method for
US20160300001A1 (en) Planning and Engineering Method, Software Tool and Simulation Tool for an Automation Solution
Ghaleb et al. Scada-sst: a scada security testbed
Narayan et al. Towards future SCADA systems for ICT-reliant energy systems
Xu et al. MSICST: Multiple-Scenario Industrial Control System Testbed for Security Research.
CN110262420A (en) A kind of distributed industrial control network security detection system
Hahn et al. Automated Cyber Security Testing Platform for Industrial Control Systems.
Siddavatam et al. Testing and validation of Modbus/TCP protocol for secure SCADA communication in CPS using formal methods
Mocanu et al. An open-source hardware-in-the-loop virtualization system for cybersecurity studies of scada systems
CN106789275A (en) Transmission Network of Power System security test system and method
CN115987621A (en) Shore power network target range system based on block chain
Ashok et al. A multi-level fidelity microgrid testbed model for cybersecurity experimentation
Rodríguez et al. MOSTO: A toolkit to facilitate security auditing of ICS devices using Modbus/TCP
Lu et al. A Survey of the Offensive and defensive in Industrial Control System
Blazek et al. Development of cyber-physical security testbed based on IEC 61850 architecture
Barinov et al. Virtual environment for researching information security of a distributed ICS
Masset et al. Simulating industrial control systems using mininet
Wang et al. Intrusion detection model of SCADA using graphical features
Zhao et al. Hardware-in-the-loop simulation system for process control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant