CN110276203B - Encryption method, device and storage medium of power system control protection program - Google Patents
Encryption method, device and storage medium of power system control protection program Download PDFInfo
- Publication number
- CN110276203B CN110276203B CN201910407965.5A CN201910407965A CN110276203B CN 110276203 B CN110276203 B CN 110276203B CN 201910407965 A CN201910407965 A CN 201910407965A CN 110276203 B CN110276203 B CN 110276203B
- Authority
- CN
- China
- Prior art keywords
- module
- program
- control protection
- protection program
- power system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000006870 function Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 10
- 238000004422 calculation algorithm Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 abstract description 3
- 230000005540 biological transmission Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 101100443439 Trichormus variabilis (strain ATCC 29413 / PCC 7937) dnaA gene Proteins 0.000 description 7
- 230000004048 modification Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Programmable Controllers (AREA)
Abstract
The invention relates to an encryption method, device and storage medium of a power system control protection program. The method of the invention analyzes all module, variable and connecting line information in the program according to the content of the control protection program, collects and forms a data chain with logic operation function, adds the attribute setting information of the module and the variable, finally combines and forms a character string containing specific data information, and finally carries out encryption calculation. The method can ensure that the control protection program downloaded to the device in the engineering field is accurate.
Description
Technical Field
The invention belongs to the field of encryption methods, and particularly relates to an encryption method, an encryption device and a storage medium for a control protection program of a power system.
Background
Currently, a control protection program with a very intuitive structure and operation is often used in an electric power system. The control protection program is very convenient to program, debug and modify.
But with the application depth, some new problems are faced: due to the reasons of program design change, user requirements, misoperation and the like, key data of a program is lost, maliciously modified or even infected with viruses in transmission, so that errors of a control protection program actually downloaded to a device in an engineering field are caused, and the safety and stability of the operation of a power system are influenced. Therefore, encryption calculation is needed, and whether the program running on the engineering site is changed or not is determined by performing encryption calculation on the target program, so that the data is ensured to be safer and more accurate in the transmission process.
However, other fields of encryption are not suitable for power system control protection procedures. For example, in other fields, a program modification may be judged by comparing stored files. However, in the power system control protection program, it is very critical to control the protection logic. But the storage file cannot analyze the difference between the data stream connection relations; in the control protection program, no matter the change of the control protection logic, the adjustment of the module position or the adjustment of the front and back sequence of the variable can cause the change of the stored content; that is, the comparison performed by storing files cannot accurately determine whether there is a difference in logicality. Therefore, the existing method cannot guarantee the accuracy of the control protection program.
Therefore, in order to encrypt the power system control protection program, it must be appropriately processed to meet the requirements of the power system.
Disclosure of Invention
The invention aims to provide an encryption method, an encryption device and a storage medium which are suitable for a power system control protection program and are used for solving the problem that the accuracy of the power system control protection program cannot be ensured in the prior art.
In order to solve the technical problems, the technical scheme of the invention is as follows:
the encryption method of the power system control protection program comprises the following steps:
reading a program file for controlling the protection program, analyzing, and obtaining information of all modules, all variables and all connecting lines;
for all modules of a program page, according to input/output variables corresponding to the modules: determining each termination module, wherein the termination module is a module of which the output variable is a global variable, and traversing each termination module to obtain each branch path reaching the termination module through a connecting line; or determining each initial module, wherein the initial module is a module with an input variable being a global variable, and traversing each initial module to obtain each branch path reaching the initial module through a connecting line;
arranging all the branch paths according to a set sequence to obtain a data chain;
adding necessary attribute configuration information of a relevant module and an input/output variable at least for the data chain to obtain a data information character string of a program page; the necessary attribute configuration information is attribute configuration information related to the logic operation information of the program page;
and after obtaining corresponding data information character strings for all program pages of the control protection program, carrying out encryption processing through an encryption algorithm.
The method of the invention has the following beneficial effects: in each program page, traversal is started from the starting module or the ending module, so that the data flow connection relation can be analyzed, whether the program running on the engineering site is changed or not is determined, and the data is safer and more accurate in the transmission process, so that the data is safer and more accurate in the transmission process. By selecting the necessary attribute configuration information, the difference of irrelevant logic operation information such as module position change, annotation information, external connection sequence and the like in the program can be effectively filtered, so that the implementation reliability of the control protection project is improved, and the effectiveness and consistency of the program in the transmission process are ensured. The invention can finally ensure the safe and stable operation of the device, reduce the workload of debugging and acceptance personnel, avoid omission and errors and improve the accuracy and efficiency of related work.
Further, reading a program file for controlling the protection program, and analyzing the program file includes: and importing the CFC file of the control protection program, wherein the CFC file comprises input variables, output variables, function modules and connecting line data, and converting the corresponding data into an XML format. The XML format is easier to process later.
Furthermore, all the branch paths are arranged in a descending order according to the letter sequence of the first variable in each branch path to obtain a data chain.
Furthermore, backtracking each termination module by a breadth-first traversal method.
Further, the necessary attribute configuration information only includes names and functions of modules, input/output variable types, and input/output variable initial values; or only the name and function of the module, the input/output variable type, the input/output variable initial value, the parameter setting name, and the parameter setting value.
The invention also provides an encryption device for the control protection program of the power system, which comprises the following components: a processor and a memory; the processor executes a program stored in the memory to implement the method as described above.
The invention also provides a computer storage medium storing a computer program implementing the method as described above.
Drawings
FIG. 1 is a flowchart of a process of an embodiment of the present invention;
FIG. 2 is a program page diagram of an embodiment of the invention.
Detailed Description
In the encryption method, the encrypted object is a control protection program of the power system, which is a control protection program which is common in the power system and has a very intuitive structure and operation. The control protection program is very convenient to program, debug and modify.
In order to clearly illustrate the encryption method of the control protection program of the power system, the HCM3000 platform for the extra-high voltage dc transmission project is taken as an example to illustrate the encryption process of the control protection program of the platform. The HCM3000 platform is an embedded high-end industrial control system software and hardware platform. The platform is widely applied to the field of high-voltage and extra-high-voltage direct-current transmission and other power systems. The control protection program of the platform adopts a programming mode with relatively intuitive structure and operation, and is very convenient for debugging and modifying the program.
In order to ensure that the control protection program is accurately downloaded to the device, the specific implementation steps are as follows, as shown in fig. 1 and fig. 2:
1) the CFC file of the control protection program is imported (the CFC file is in a program file format used by the HCM3000 platform, as another embodiment, for a non-HCM 3000 platform, a program file in a corresponding format should be imported), and includes data such as input variables, output variables, function modules, connection lines, and the like, and converts the corresponding data into an XML format. The conversion into the XML format is for convenience of subsequent processing, and may be converted into other formats for convenience of processing as other embodiments.
The control protection program includes a plurality of program pages, and one program page is described below.
2) And acquiring the information of the modules, the variables and the connecting lines, and preparing for determining a termination module and a backtracking path subsequently.
One way is as follows: firstly, determining a start end variable name and a stop end variable name of each connecting line, and further determining a data pointer of an initial end variable and a data pointer of a stop end variable; then, for each module, it is determined that it has a corresponding number of data pointers, i.e. input/output variables, depending on the connection lines to which it is connected.
The module ADD8F _0001 in fig. 2 has 5 data pointers, i.e. 5 input/output variables, and the other modules each have 2 data pointers, i.e. two input/output variables. For example, a module ADD8F _0001 with 5 input/output variables can be represented as ADD8F _0001.X1, ADD8F _0001.X2, ADD8F _0001.X3, ADD8F _0001.X4, ADD8F _0001. Y. The 2 input/output variables of module AVA _0001 can be denoted AVA _0001.X, AVA _0001. Y.
3) Determining a termination module for all modules in the program page; the output variable of the termination module serves as the termination end of a data chain.
The specific mode comprises the following steps: and traversing the data pointers of all the modules, and if the data pointer of a certain module corresponds to an output variable and is a global variable, taking the module as a termination module. For 6 modules in fig. 2, traversing all their data pointers, it can be known that only one data pointer AVA _0001.Y of module AVA _0001 points to an external output variable, while the data pointers of other modules point to an external input variable or point to an internal local variable. Therefore, the module AVA _0001 is determined as the termination module.
If more than two termination modules exist, each termination module is used for traversing respectively.
A termination module is traversed (preferably breadth-preferred traversal), and branch paths that reach the termination module through connecting lines are traced back, each branch path having a corresponding module thereon, which are all referred to as input modules. The breadth-first traversal algorithm is to obtain an initial end variable and a termination end variable of a connecting line through connecting line information connected with the modules, wherein the hierarchy of a first-level input module is 1, and the hierarchy of an Mth-level input module is M. For the modules of the same hierarchy, the input modules are traversed from top to bottom according to the positions of the input modules in the interface, and the sequence from ADD2_0001 to ADD2_0004 is from top to bottom as shown in FIG. 2.
Tracing back from the module AVA _0001 to obtain four branch paths, wherein in the embodiment, the branch paths are represented according to input variables and output variables of each module:
EPU10A_1\CP1CFC(2)\ADD2_0005\Y——ADD2_0001.X1——ADD2_0001.Y——ADD8F_0001.X1——ADD8F_0001.Y——AVA_0001.X——AVA_0001.Y——EPU10A_1\CP1CFC(2)\OPR\X;
EPU10A_1\CP1CFC(2)\ADD2_0006\Y——ADD2_0002.X1——ADD2_0002.Y——ADD8F_0001.X2——ADD8F_0001.Y——AVA_0001.X——AVA_0001.Y——EPU10A_1\CP1CFC(2)\OPR\X;
EPU10A_1\CP1CFC(2)\ADD2_0007\Y——ADD2_0003.X1——ADD2_0003.Y——ADD8F_0001.X3——ADD8F_0001.Y——AVA_0001.X——AVA_0001.Y——EPU10A_1\CP1CFC(2)\OPR\X;
EPU10A_1\CP1CFC(2)\ADD2_0008\Y——ADD2_0004.X1——ADD2_0004.Y——ADD8F_0001.X4——ADD8F_0001.Y——AVA_0001.X——AVA_0001.Y——EPU10A_1\CP1CFC(2)\OPR\X;
other embodiments may be shown in other forms.
4) All branch paths of the same termination module are arranged according to a set sequence (for example, the branch paths are arranged in descending order according to the alphabetical sequence of the first variable in each branch path) to obtain a data chain.
It can be seen that a complete data chain, the contents of which should include the input link of the start module (input module of the first level) and the output link of the end module, i.e.: for each branch path, from the input variables of the input module of the first stage to the output variables of the termination module.
The sorting may also be done in a similar way for the case where there are multiple termination modules.
The above-mentioned process of traversing from the termination module is opposite to traversing a multi-way tree. Similarly, as another embodiment, the starting module may be found first, and then the traversal is performed from the starting module to obtain the branch path, where the starting module is a module whose input variable is a global variable.
5) The data information character string of the program page can be obtained by relating the data chain with the data chain (namely the related module) and the necessary attribute configuration information of the input/output variable. The necessary attribute configuration information includes only the name and function of the module, the input/output variable type, and the input/output variable initial value. As another embodiment, if some input variables are input as parameters (for example, ADD2_0001.X1 may also be input as parameters), the necessary attribute configuration information includes only names and functions of modules, input/output variable types, input/output variable initial values, parameter setting names, and parameter setting values. The information is closely related to the logic operation information of the control protection program, and the position coordinate information, remark information, creation and modification time, page number information and the like which are not related to the logic operation information are removed. The more information irrelevant to the logical operation information is removed, the more the data chain is simplified.
6) And finally, traversing CFC files of all program pages in the control protection program to obtain a plurality of data information character strings of a plurality of data chains, carrying out a hash algorithm on the data information character strings (as other implementation modes, other existing encryption algorithms can also be adopted), fully mixing input elements by using shift and XOR, and finally converting the input elements into output with fixed length so as to finish encryption.
The method can analyze the data flow connection relation and determine whether the program running on the engineering site is changed, thereby ensuring that the data is safer and more accurate in the transmission process; meanwhile, the difference of irrelevant logic operation information such as module position change, annotation information, external connection sequence and the like in the program can be effectively filtered, so that the implementation reliability of the control protection project is improved, and the effectiveness and consistency of the program in the transmission process are ensured. The safe and stable operation of the device is guaranteed, the workload of debugging and acceptance personnel is reduced, omission and errors are avoided, and the accuracy and efficiency of related work are improved.
The above-described method is implemented in the form of a computer program, which is stored and executed by a storage medium in a corresponding computer device, the computer device having at least a processor and a memory (any storage medium of the related art may be used). Such a computer device may be the HCM3000 platform itself described above, i.e. the HCM3000 platform itself as an encryption device; such a computer device may also be an external access device, i.e. a dedicated encryption device, of the HCM3000 platform. As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (7)
1. The encryption method of the power system control protection program is characterized by comprising the following steps:
reading a program file for controlling the protection program, analyzing, and obtaining information of all modules, all variables and all connecting lines;
for all modules of a program page, according to input/output variables corresponding to the modules:
determining each termination module, wherein the termination module is a module of which the output variable is a global variable, and traversing each termination module to obtain each branch path reaching the termination module through a connecting line; or determining each initial module, wherein the initial module is a module with an input variable being a global variable, and traversing each initial module to obtain each branch path reaching the initial module through a connecting line;
arranging all the branch paths according to a set sequence to obtain a data chain;
adding necessary attribute configuration information of a relevant module and an input/output variable at least for the data chain to obtain a data information character string of a program page; the necessary attribute configuration information is attribute configuration information related to the logic operation information of the program page;
and after obtaining corresponding data information character strings for all program pages of the control protection program, carrying out encryption processing through an encryption algorithm.
2. The method for encrypting the control protection program of the power system according to claim 1, wherein reading and analyzing the program file of the control protection program includes: and importing the CFC file of the control protection program, wherein the CFC file comprises input variables, output variables, function modules and connecting line data, and converting the corresponding data into an XML format.
3. The encryption method of the power system control protection program according to claim 1, wherein all the branch paths are arranged in descending order according to the alphabetical order of the first variable in each branch path to obtain a data chain.
4. The encryption method of the power system control protection program according to claim 1, wherein the backtracking of each termination module is performed by a breadth-first traversal method.
5. The encryption method of the power system control protection program according to claim 1, wherein the necessary attribute configuration information includes only a name and a function of a module, an input/output variable type, and an input/output variable initial value; or only the name and function of the module, the input/output variable type, the input/output variable initial value, the parameter setting name, and the parameter setting value.
6. An encryption device for a power system control protection program, comprising:
a processor and a memory; the processor executes a program stored in the memory to implement the encryption method of the power system control protection program according to any one of claims 1 to 5.
7. A computer storage medium characterized by storing a computer program that realizes the encryption method of the power system control protection program according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910407965.5A CN110276203B (en) | 2019-05-15 | 2019-05-15 | Encryption method, device and storage medium of power system control protection program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910407965.5A CN110276203B (en) | 2019-05-15 | 2019-05-15 | Encryption method, device and storage medium of power system control protection program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110276203A CN110276203A (en) | 2019-09-24 |
| CN110276203B true CN110276203B (en) | 2020-12-29 |
Family
ID=67959428
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910407965.5A Active CN110276203B (en) | 2019-05-15 | 2019-05-15 | Encryption method, device and storage medium of power system control protection program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110276203B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105449637A (en) * | 2015-12-01 | 2016-03-30 | 许继电气股份有限公司 | HCM3000 platform-based centralized alternating-current filter protection method |
| CN105869385A (en) * | 2016-05-17 | 2016-08-17 | 华南理工大学 | Electrical power system data acquisition and transmission on-chip system supporting IEC61850 |
| CN105868043A (en) * | 2016-03-25 | 2016-08-17 | 南京南瑞继保电气有限公司 | Visualization page program modification consistency verification method |
| CN105930174A (en) * | 2016-05-22 | 2016-09-07 | 南京南瑞继保电气有限公司 | Difference comparison method and system for graphical page programs |
| CN106547218A (en) * | 2016-11-23 | 2017-03-29 | 许继集团有限公司 | Direct current transportation field layer Real-time Simulation System, analogue system and closed loop test system |
-
2019
- 2019-05-15 CN CN201910407965.5A patent/CN110276203B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105449637A (en) * | 2015-12-01 | 2016-03-30 | 许继电气股份有限公司 | HCM3000 platform-based centralized alternating-current filter protection method |
| CN105868043A (en) * | 2016-03-25 | 2016-08-17 | 南京南瑞继保电气有限公司 | Visualization page program modification consistency verification method |
| CN105869385A (en) * | 2016-05-17 | 2016-08-17 | 华南理工大学 | Electrical power system data acquisition and transmission on-chip system supporting IEC61850 |
| CN105930174A (en) * | 2016-05-22 | 2016-09-07 | 南京南瑞继保电气有限公司 | Difference comparison method and system for graphical page programs |
| CN106547218A (en) * | 2016-11-23 | 2017-03-29 | 许继集团有限公司 | Direct current transportation field layer Real-time Simulation System, analogue system and closed loop test system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110276203A (en) | 2019-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109408102B (en) | Version comparison method and device, household electrical appliance and network equipment | |
| CN102890735B (en) | Modeling method of strategy table and strategy table searching match of stable control device | |
| JP2015043198A (en) | Analysis system, analysis method and analysis program | |
| CN108763064B (en) | Code test generation method and device based on black box function and machine learning | |
| CN111367786B (en) | Symbol execution method, electronic equipment and storage medium | |
| CN107367686A (en) | A kind of generation method of RTL hardware Trojan horses test vector | |
| Aronson et al. | Towards an engineering approach to file carver construction | |
| US11899788B2 (en) | Attack tree generation device, attack tree generation method, and computer readable medium | |
| Ermis et al. | Splitting via interpolants | |
| Shanthi et al. | A novel approach for automated test path generation using TABU search algorithm | |
| CN106649344B (en) | Weblog compression method and device | |
| CN111222141B (en) | Automobile electronic control unit code vulnerability analysis method and system | |
| Solanki et al. | Comparative study of software clone detection techniques | |
| Su et al. | Code synthesis for dataflow-based embedded software design | |
| CN110276203B (en) | Encryption method, device and storage medium of power system control protection program | |
| CN115097807A (en) | Memory attack detection method and system for programmable logic controller | |
| CN107193249A (en) | Program development servicing unit and program development householder method | |
| CN109002723B (en) | Sectional type symbol execution method | |
| CN110147289A (en) | Unexpected message screening technique and device and computer readable storage medium | |
| CN113076548A (en) | Robot automation process account information processing method and device | |
| CN113688403A (en) | Intelligent contract vulnerability detection method and device based on symbolic execution verification | |
| CN113900706A (en) | Interface document generation method and device | |
| Biallas et al. | Range and value-set analysis for programmable logic controllers | |
| Ghosh et al. | An empirical study of a hybrid code clone detection approach on java byte code | |
| Buga et al. | A conceptual model for systems engineering and its formal foundation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |