CN111381546B - Safety control system and method of industrial control system - Google Patents
Safety control system and method of industrial control system Download PDFInfo
- Publication number
- CN111381546B CN111381546B CN201811608387.3A CN201811608387A CN111381546B CN 111381546 B CN111381546 B CN 111381546B CN 201811608387 A CN201811608387 A CN 201811608387A CN 111381546 B CN111381546 B CN 111381546B
- Authority
- CN
- China
- Prior art keywords
- item
- industrial control
- safety
- rule
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/048—Monitoring; Safety
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Stored Programmes (AREA)
- Programmable Controllers (AREA)
Abstract
The application provides a safety control method and system for an industrial control system, comprising the following steps: the system comprises an information acquisition module, a safety control module and a safety rule configuration module, wherein the information acquisition module comprises a data acquisition device which is used for acquiring industrial control item data in an industrial control system; the safety control module is used for obtaining a final result item of the industrial control item and executing an action corresponding to the result; and the safety rule configuration module is used for receiving rule information set by a user. The invention can be used for self-defining the safety rule base by a user and also can use the unified safety rule base, thereby greatly reducing the cost of developing the system by each unit.
Description
Technical Field
The invention relates to the field of industrial control, in particular to a safety control system and a safety control method of an industrial control system.
Background
The industrial control system is a basic component of the automated production of important infrastructure in China, the importance of safety is visible, however, the industrial control system is influenced by a plurality of factors such as the limitation of core technology, the complex structure of the system, the lack of safety and management standards and the like, and data and operation instructions running in an ICS (industrial control system) system can be damaged by the outside at any time. Conventional IT information security is generally intended to achieve three goals, namely confidentiality, integrity and availability, which are usually placed first and are accompanied by necessary access control to protect the security of user information and prevent information theft. Integrity is placed second and availability is placed last.
For industrial automation control systems, the order of the target priorities is reversed. The primary consideration for information security of industrial control systems is the availability of all system components. Integrity is then second place and confidentiality is usually last considered. Because the industrial data is in a raw format, the industrial data needs to be analyzed in cooperation with the relevant use environment to obtain the value of the industrial data. The availability of the system directly affects the production of enterprises, and the shutdown or misoperation of the production line can cause huge economic loss, even the life danger of personnel and the damage of the environment.
Generally speaking, the traditional information security technology can solve the security problems of information loss/leakage, spyware, worm virus and the like, but the technology is incapable of solving the security problems of software design defects, misoperation, malicious use and the like, and the development of the danger prevention technology related to the industrial control security system is to make up for the deficiency of the information security technology in the safety of the industrial control system.
The industrial control system is widely applied to a plurality of industries, application scenes and environments are different, original signal quantities acquired by various systems are different, and data quantities used as system judgment bases are unlikely to be consistent. For the current situation, if each application scene, even each industry, develops a set of targeted industrial control safety system independently, the tasks cannot be completed in a short time, and huge manpower, material resources and financial resources are required to be invested in any situation.
Disclosure of Invention
To overcome the above-mentioned drawbacks of the prior art, according to the present invention, a safety control system for an industrial control system is proposed, comprising: the system comprises an information acquisition module, a safety control module and a safety rule configuration module, wherein the information acquisition module comprises a data acquisition device for acquiring industrial control item data in an industrial control system; the safety control module is used for obtaining the final result of the industrial control item and executing corresponding action; and the safety rule configuration module is used for receiving rule information set by a user.
Furthermore, the safety control module comprises a safety rule base establishing unit, a safety rule base, a rule tree, a work control item list generating unit in a result item and a safety judgment executing unit; the safety rule base contains safety rules, the safety rules comprise condition items and result items, and the condition items and the result items are composed of elements; the rule tree and result item work control item list generating unit is used for generating a rule tree and result item work control item list according to the safety rule base; and the safety judgment execution unit is used for receiving the information data of the industrial control items sent by the information acquisition module, and then obtaining and executing the final result according to the rule tree and the industrial control item list in the result item.
Further, the elements are classified into a judgment class, a result item preset class and a result item action class.
Furthermore, in the generation unit of the industrial control item list in the rule tree and the result item, the root node of the rule tree is the code of the industrial control item, the leaf nodes of the rule tree are the elements in the condition item, and the leaf node at the bottom layer of the rule tree is the result item; the list of the industrial control items in the result item comprises codes of the industrial control items, and leaf nodes of the leaf nodes in the rule tree contain the codes.
Furthermore, the safety judgment execution unit sequences the received industrial control item data, queries the rule tree and the industrial control item list in the result item, and obtains and executes the final result of the industrial control item.
Further, the safety rule base comprises a general safety rule base, an industry safety rule base or a user-defined safety rule base.
Further, the safety rule configuration module is used for displaying a configuration interface to a user, receiving rule information set by the user and sending the rule information to the safety control module to generate a safety rule base.
According to another aspect of the present invention, there is provided a safety control method for an industrial control system, including: step 1, receiving a rule input by a user; step 2, generating a rule tree and a work control item list in the result item; step 3, receiving information data of industrial control items in an industrial control system; and 4, acquiring and executing a control result item of the industrial control item according to the rule tree and the list.
Further, step 2 comprises:
step 21, using the industrial control entry codes as root nodes of the tree, using the elements in the condition items as leaf nodes of the tree in sequence, and using the result items as leaf nodes of the lowest layer of the tree, thereby generating a regular tree;
and step 22, generating an industrial control item list in the result item according to the codes of the industrial control items and the leaf nodes containing the codes in the rule tree.
Further, step 4 comprises: and sequencing the received industrial control item data, inquiring an industrial control item list in the rule tree and the result item, and obtaining and executing a final result of the industrial control item.
The invention has the beneficial effects that: the universal safety rule base universal for each industry is formed, the industrial control safety rule base in the industry can be formed by combining specific industry standards, the safety rules of different industry scenes can be customized, the universal-industry-customized safety rule base is formed, different requirements of different users can be used, and universality is achieved. On the safety system platform provided by the invention, the independent development cost of each industry or each unit is reduced, the development time is shortened, and the development of industrial control safety business is greatly promoted.
Drawings
FIG. 1 is a schematic diagram of a safety control system according to one embodiment of the present invention;
FIG. 2 is a diagram illustrating a reverse-insertion ordering result item of the safety control system according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a safety control method according to an embodiment of the present invention.
To clearly illustrate the structure of embodiments of the present invention, certain dimensions, structures and devices are shown in the drawings, which are for illustrative purposes only and are not intended to limit the invention to the particular dimensions, structures, devices and environments, which may be adjusted or modified by one of ordinary skill in the art according to particular needs and are still included in the scope of the appended claims.
Detailed Description
The following describes a safety control system and method for an industrial control system according to the present invention in detail with reference to the accompanying drawings and specific embodiments.
In the following description, various aspects of the invention will be described, however, it will be apparent to those skilled in the art that the invention may be practiced with only some or all of the structures or processes of the present invention. Specific numbers, configurations and sequences are set forth in order to provide clarity of explanation, but it will be apparent that the invention may be practiced without these specific details. In other instances, well-known features have not been set forth in detail in order not to obscure the invention.
According to the present invention, there is provided a safety control system for an industrial control system, as shown in fig. 1, comprising: the system comprises an information acquisition module, a safety control module and a safety rule configuration module, wherein the information acquisition module comprises a data acquisition device for acquiring industrial control item data in an industrial control system and is used for acquiring information data of industrial control items; the safety control module is used for obtaining the final result of the industrial control item and executing corresponding action; and the safety rule configuration module is used for receiving rule information set by a user.
In an industrial control system, rules are used for describing constraint relations which need to be complied with among all industrial control items in the operation process of the industrial control system, so that the whole industrial control system can be ensured to run safely. The rule generally refers to the rule followed by the operation and operation rules, and the more common form is: condition item-result item (condition-action C-a rule for short), i.e. an instruction consisting of a condition item and a result item (action).
Since the execution of the rule is finally embodied and implemented on a specific single industrial control item or a unit body consisting of a plurality of industrial control items, the unit consisting of the single equipment or a plurality of equipments which are mutually associated with the rule generation is collectively called an industrial control item (item). For example, oil tanks, directional throttles, oil pumps, and oil lines in industrial control systems are all industrial control items.
The information acquisition module comprises a data acquisition device, such as a temperature data acquisition device, a liquid level data acquisition device, a pressure data acquisition device and the like, and is used for acquiring corresponding information of the industrial control items. The information acquisition module can also encode the industrial control items, for example, each industrial control item is endowed with a unique digital code, and the items can be conveniently sequenced and retrieved by the encoding. For example: an oil delivery pipe: 01; directional throttle valve: 02; an oil tank: 03; an oil pump: 04. in this way, we can sort all the entries according to the entry encoding for subsequent rule positioning.
The safety control module comprises a safety rule base, a safety rule base establishing unit, a rule tree and result item industrial control item list generating unit and a safety judgment executing unit, wherein the safety rule base comprises standard types (such as general types, industrial types or specific documents and the like), condition items and result items which are met by industrial control items; the rule tree and result item work control item list generating unit is used for generating a rule tree and result item work control item list according to the safety rule base; and the safety judgment execution unit is used for receiving the information data of the industrial control items sent by the information acquisition module, then obtaining result items according to the rule tree and the industrial control item list in the result items, and executing results.
The rule information comprises condition items and result items of the industrial control items. The safety rule base comprises a plurality of industrial control safety rules, each rule comprises a condition item and a result item, and the rules have the following functions: the IF condition term holds the THEN execution result term. The condition items and result items of the rule are composed of elements, and are logical combinations "and/or (or)" between the elements. The elements (atom) share the following three classes.
(1) Judgment classes for condition items: judging whether the current value of a certain industrial control item reaches a preset condition item value or not, wherein the format is as follows: condition term value as work control item
The resulting term for this element is true (T) or false (F).
(2) Result item preset class: modifying the numerical value of a certain industrial control entry, which is mainly to set the numerical value of the entry according to the operation definition of an industrial control system, wherein the format is as follows:
preset value of industrial control item
(3) Result item action class: perform an action, such as an alarm, in the format:
action is a preset Action
This element is primarily to perform the preset operation.
For example: the directional throttle valve and the oil delivery rate are 100or 100, wherein the directional throttle valve is referred to as "off" and the oil delivery rate is referred to as "100", so that the above condition term includes 3 elements.
The condition item is mainly a logic combination of judgment class elements so as to finish the judgment of the safety condition item. The result item of the rule is the 'AND' combination of the preset element and the action element, and the setting of other associated industrial control item values and the execution of a certain preset action are completed. For example: the tank storage capacity is 100and Action is the storage alarm.
Specific security rules are as follows:
IF directional throttle valve is closed and output of oil delivery pipe is 10or directional throttle valve is opened and output of oil pump is 8
THEN tank storage 8and Action alarm
IF oil tank storage capacity is 5and oil delivery pipe output is 10THEN oil pumping capacity is 8
And the safety rule configuration module comprises a module for displaying a configuration interface to a user, receiving rule information set by the user, such as the condition items, the result items and the like, and sending the rule information to the safety control module to generate a safety rule base. In the configuration interface, a user can enter, select and call corresponding rules, condition items, result items, elements and the like, and can define and modify partial states, condition items, result items and the like.
And the safety rule base creating unit is used for receiving the safety rule information sent by the safety rule configuration module, analyzing the safety rule information and storing the corresponding information into the safety rule base.
Specifically, after receiving the rule information, the security rule base creation unit decomposes the condition items according to an or relationship, so as to perform logical check of the rule condition items. The relationship reading and decomposition here can be performed using common word segmentation software. For example, for the above rule, the first rule may be decomposed into two rules, so as to form three rules, which are:
IF directional throttle valve is closed and output of oil delivery pipe is 10THEN oil tank storage volume is 8and Action is alarm
IF directional throttle valve is opened and oil pumping quantity is 8THEN oil tank storage quantity is 8and Action is alarm
IF oil tank storage capacity is 5and oil delivery pipe output is 10THEN oil pumping capacity is 8
Then, preferably, the safety rule base creating unit replaces the condition item in the rule and the industrial control item in the result item obtained after the decomposition with codes according to the codes of the industrial control items, to obtain:
IF '02' and '01' 10THEN '03' 8and Action alarm
IF '02' and '04' 8THEN '03' 8and Action alarm
IF‘03’==5and‘01’==10and THEN‘04’=8
In one embodiment, in order to quickly locate the industrial control entries in the condition items, the safety rule base creation unit further sorts the industrial control entries in the condition items of each rule according to the codes thereof, so as to obtain new rules (the rules are new in form, but substantially the same). For example, the two rules above sequence the industrial control entry codes in the condition items, and the obtained rule is:
IF '01 ═ 10 and' 02 ═ off 'THEN' 03 ═ 8and Action ═ alarm
IF '02' and '04' 8THEN '03' 8and Action alarm
IF‘01’==10and‘03’==5THEN‘04’=8
And then, storing the new rule in a safety rule base, so that the safety rule base is created according to the condition items, result items (actions or assignments) and the like input by the user, and the safety rule base can be added, deleted and changed at any time.
The rule tree and result item industrial control item list generation unit is used for creating a tree taking an industrial control item (or a code thereof) as a root, a first layer of leaf nodes are first elements in a condition item and contain elements of the industrial control item, and lower layer leaf nodes sequentially contain elements in the condition item, for example, if the industrial control item 1 is the root, an element "01 ═ 10" is a first layer of leaf nodes, and in the first and third condition items, the element "02 ═ off" and the element "03 ═ 5" are leaf nodes of a second layer respectively; the result item serves as the last leaf node, as shown on the right side of FIG. 2.
Specifically, for the condition item of each rule, the industrial control entry code in the first element of the item is firstly obtained and positioned to the list as the subscript of the list. If the pointer of the list is null, the root node is not established, the root node is used as a working node, and the content is the industrial control entry code. If there is a second element a, all children of the existing working node are checked. If the content of a child node contains a, the working node is set as the child node, if the word node does not contain a, a new child node is generated for the working node, a is set as the content of the child node, and meanwhile, the working node is set as the newly generated child node. And repeating the steps until all elements in the condition item are traversed, and then taking the result item as a leaf node of the last working node.
After traversing all the condition items of the rule once, a rule tree as shown in fig. 2 can be formed.
And the rule tree and result item industrial control item list generating unit establishes a result item industrial control item list according to industrial control items (or codes) in preset elements in the result item, and is used for accelerating the discovery of the trigger rule. In an industrial control system, a result item in an industrial control rule can correct some industrial control entries, so that more rules can be triggered, and further, the industrial control entries are updated. The resulting list of work control entries can therefore be used to continue to discover changes that may have resulted and actions that were performed.
The rule tree and result item work control item list generating unit constructs a result item work control item list according to codes of work control items contained in preset class elements in a result item, and as shown in fig. 2, the list is composed of: the industrial control entry codes (such as the number of an oil conveying pipe is 01) and all leaf nodes (except the root and the bottommost leaf node) containing the industrial control entry in the regular tree.
In one embodiment, the rule tree and list may be stored in memory or on a hard disk.
The stable forming process of the industrial control system comprises the following steps: each industrial control item (industrial control item) in the industrial control system has an influence relationship, so after the value of part of industrial control items changes and triggers some rules, the execution of the rules can cause the value of other industrial control items to change, thereby possibly triggering other rules. Such a process may be performed until no rule is triggered, at which point the entire industrial control system reaches a steady state.
By utilizing the rule tree and the list, the relation and the condition items among all industrial control items of the industrial control system are straightened, and the result items corresponding to the condition items can be clearly found without considering the change of other items caused by other rules.
And the safety judgment execution unit generates condition items for the industrial control items with the changed numerical values according to the received industrial control item data sent by the information acquisition module, sequences all elements in the condition items according to industrial control item codes, and then finds trees corresponding to the items in the rule tree according to the item codes. Judging whether a root node corresponding to the entry code is empty, if so, stopping the judgment process if the description element (namely the condition item) is not true; otherwise, comparing the elements of the leaf node under the root node with the elements in the condition item in sequence, namely, checking each branch of the root node, and judging whether the leaf node of the branch can meet the condition item. If there is a branch that can reach the lowest leaf node, the content in the lowest leaf node, i.e., the result item of the rule, is obtained. For example, in fig. 2, the value of each entry is collected as ' 01 ' ═ 10, ' 03 ' ═ 5, ' 02 ' ═ on ', we first find the root nodes of the 01 and 02 trees, examine each branch, and we find that the condition term of the rule corresponding to one child node of the 01 tree is satisfied, and then we can obtain the result term of ' 04 ' ═ 8.
For the execution class in the result item, directly executing; and splitting a preset class in the result item into a plurality of elements, then respectively searching an industrial control item list in the result item, judging whether the branch is established or not according to the found leaf node, the branch below the node and the acquired data, if not, stopping searching, if so, obtaining the result item, and repeating the process.
For example, assuming that the value of an entry is ' 01 ' ═ 10, ' 03 ' ═ 5, ' 02 ' ═ on ', after the rule is executed, we get the result item ' 04 ' ═ 8, and after looking up the device list in the result item, we can find that it can trigger a rule, then get the result item again: the '03' -8 and Action ═ alarm is performed, the result item is split to obtain a preset class and an execution class, the execution class is notified, the device alarm is notified, then the device list 03 in the result item is searched continuously to see whether a branch meeting 03 '-8 exists, because the result item of 03 does not meet the judgment condition item, the process is ended, so that the acquired data' 01 '-10,' 03 '-5,' 02 '-on' notify the device alarm after passing through the safety judgment execution module.
In one embodiment, the safety rule base includes a general safety rule base, which is a safety rule base (which may also be referred to as an expert rule base) formed by a national standard of the industrial control system for a specification of the general industrial control system, and is used as a general safety rule of the industrial control system. The general rule base can be formed according to the following industrial control system standards published by the state:
GB/T33007-2016 Industrial communication network and System Security creation Industrial Automation and control System Security procedure GB/T33008.1-2016 Industrial Automation and control System network Security programmable controller (PLC) GB/T33009.1-2016 Industrial Automation and control System network Security Distributed Control System (DCS) part 1: protection requirements GB/T33009.2-2016 Industrial Automation and control System network Security Distributed Control System (DCS) part 2: administrative requirements GB/T33009.3-2016 part 3 of the industrial automation and control system network security Distributed Control System (DCS): evaluation guidelines GB/T33009.4-2016 part 4 of the industrial automation and control system network security Distributed Control System (DCS): risk and vulnerability detection requirements.
In one embodiment, the security rule base comprises an industry security rule base for forming the specification of the safety production in the application field into the security rule base for the field according to different application scenarios, such as: the national standard GBT 22384 and 2008 electric power system safety and stability control system inspection standard, petrochemical safety management standard and the like.
In one embodiment, the system also has an API interface that can be called by other applications.
According to another aspect of the present invention, there is provided a safety control method for an industrial control system, as shown in fig. 3, including: step 1, receiving a rule input by a user; step 2, generating a rule tree and a work control item list in the result item; step 3, receiving information data of industrial control items in an industrial control system; and 4, acquiring and executing a control result item of the industrial control item according to the rule tree and the list.
In step 1, condition items and result items input by a user are received, and a safety rule base is generated. Preferably, the condition item disassembles the relation of "or", and retains the elements of the relation of "and".
In step 2, a rule tree and a device list in a result item are generated according to a safety rule base, and the specific steps are as follows:
step 21, using the industrial control entry codes as root nodes of the tree, using the elements in the condition items as leaf nodes of the tree in sequence, and using the result items as leaf nodes of the lowest layer of the tree, thereby generating a regular tree;
specifically, for the condition item of each rule, the industrial control entry code in the first element of the item is firstly obtained and positioned to the list as the subscript of the list. If the pointer of the list is null, the root node is not established, the root node is used as a working node, and the content is the industrial control entry code. If there is a second element a, all children of the existing working node are checked. If the content of a child node contains a, the working node is set as the child node, if the word node does not contain a, a new child node is generated for the working node, a is set as the content of the child node, and meanwhile, the working node is set as the newly generated child node. And repeating the steps until all elements in the condition item are traversed, and then taking the result item as a leaf node of the last working node.
After traversing all the condition items of the rule once, a rule tree as shown in fig. 2 can be formed.
And step 22, generating an industrial control item list in the result item according to the codes of the industrial control items and the leaf nodes containing the codes in the rule tree.
Specifically, a work control item list in the result item is established according to work control items (or codes) in preset class elements in the result item, and the work control item list is used for accelerating the discovery of the trigger rule. According to the codes of the industrial control items contained in the preset class elements in the result item, a list of the industrial control items in the result item is constructed, as shown in fig. 2, the list is composed of: the industrial control entry codes (such as the number of an oil conveying pipe is 01) and all leaf nodes (except the root and the bottommost leaf node) containing the industrial control entry in the regular tree.
In step 4, the received industrial control item data are sequenced, the rule tree and the industrial control item list in the result item are inquired, and the final result of the industrial control items is obtained and executed. Specifically, according to the received industrial control item data sent by the information acquisition module, the industrial control items with changed numerical values generate condition items, all elements in the condition items are sorted according to industrial control item codes, and then trees corresponding to the items in the rule tree are found according to the item codes. Judging whether a root node corresponding to the entry code is empty, if so, stopping the judgment process if the description element (namely the condition item) is not true; otherwise, comparing the elements of the leaf node under the root node with the elements in the condition item in sequence, namely, checking each branch of the root node, and judging whether the leaf node of the branch can meet the condition item. If there is a branch that can reach the lowest leaf node, the content in the lowest leaf node, i.e., the result item of the rule, is obtained. For example, in fig. 2, the value of each entry is collected as ' 01 ' ═ 10, ' 03 ' ═ 5, ' 02 ' ═ on ', we first find the root nodes of the 01 and 02 trees, examine each branch, and we find that the condition term of the rule corresponding to one child node of the 01 tree is satisfied, and then we can obtain the result term of ' 04 ' ═ 8.
For the execution class in the result item, directly executing; and splitting a preset class in the result item into a plurality of elements, then respectively searching an industrial control item list in the result item, judging whether the branch is established or not according to the found leaf node, the branch below the node and the acquired data, if not, stopping searching, if so, obtaining the result item, and repeating the process.
The modules in the foregoing figures may each be a process or thread running on one or more processors in one or more computing devices executing computer program instructions and interacting with other system components to perform the various functions described herein. The computer program instructions are stored in a memory, which in a computing device may be implemented using standard memory devices, such as Random Access Memory (RAM). The computer program instructions may also be stored in other non-transitory computer readable media, such as a CD-ROM, flash drive, or the like. Those skilled in the art will also appreciate that the functionality of the various computing devices may be combined or integrated in a single computing device or the functionality of a particular computing device may be distributed across one or more other computing devices without departing from the scope of exemplary embodiments of the present invention. The server and the upper computer can be software modules, and the system can comprise the server, the upper computer and other modules or devices.
Finally, it should be noted that the above examples are only intended to describe the technical solutions of the present invention and not to limit the technical methods, the present invention can be extended in application to other modifications, variations, applications and embodiments, and therefore all such modifications, variations, applications, embodiments are considered to be within the spirit and teaching scope of the present invention.
Claims (9)
1. A safety control system for an industrial control system, comprising: an information acquisition module, a safety control module and a safety rule configuration module, wherein,
the information acquisition module comprises a data acquisition device for acquiring industrial control item data in the industrial control system;
the safety control module is used for obtaining the final result of the industrial control item and executing corresponding action; the safety control module comprises a rule tree, a work control item list generating unit in a result item and a safety judgment executing unit;
the root node of the rule tree is the code of the industrial control entry, the leaf nodes of the rule tree are elements in the condition item, and the leaf node at the lowest layer of the rule tree is a result item;
the result item industrial control item list comprises codes of industrial control items, and leaf nodes in the rule tree contain the leaf nodes of the codes;
the safety judgment execution unit generates condition items for the industrial control items with changed numerical values according to the received industrial control item data sent by the information acquisition module, sorts all elements in the condition items according to industrial control item codes, and then finds the trees corresponding to the industrial control items in the rule trees according to the item codes; judging whether a root node corresponding to the entry code is empty, if so, stopping the judging process if the description condition item is not true; otherwise, each branch of the root node is checked in sequence, and whether the leaf node of the branch can meet the condition item is judged; if the branch which can reach the bottommost leaf node exists, obtaining a result item in the bottommost leaf node; and the safety rule configuration module is used for receiving rule information set by a user.
2. The safety control system according to claim 1, wherein the safety control module includes a safety rule base creation unit, a safety rule base, a rule tree, and a safety judgment execution unit; the security rule base contains security rules, the security rules comprise condition items and result items, and the condition items and the result items are composed of elements; the rule tree and result item work control item list generating unit is used for generating a rule tree and result item work control item list according to the safety rule base; and the safety judgment execution unit is used for receiving the industrial control item data sent by the information acquisition module, and then obtaining and executing a final result according to the rule tree and the industrial control item list in the result item.
3. The safety control system according to claim 2, wherein the elements are classified into a judgment class, a result item preset class, and a result item action class.
4. The safety control system according to claim 1, wherein in the safety judgment execution unit, as to the execution class in the result item, direct execution is performed; and splitting a preset class in the result item into a plurality of elements, then respectively searching an industrial control item list in the result item, judging whether the branch is established or not according to the found leaf node, the branch below the node and the acquired data, if not, stopping searching, and if so, obtaining the result item.
5. The safety control system of claim 2, wherein the safety rule base comprises a generic safety rule base, an industry safety rule base, or a user-customized safety rule base.
6. The security control system of claim 1, wherein the security rule configuration module comprises a display interface for displaying a configuration interface to a user, and receives rule information set by the user, and transmits the rule information to the security control module to generate a security rule base.
7. A safety control method for an industrial control system, comprising:
step 1, receiving a rule input by a user;
step 2, generating a rule tree and a work control item list in the result item;
step 3, receiving information data of industrial control items in the industrial control system;
step 4, obtaining and executing a control result item of the industrial control item according to the rule tree and the list, wherein the control result item specifically comprises the following steps: generating condition items for the industrial control items with changed values according to the received industrial control item data sent by the information acquisition module, sequencing all elements in the condition items according to industrial control item codes, and finding trees corresponding to the industrial control items in the rule tree according to the item codes; judging whether a root node corresponding to the entry code is empty, if so, stopping the judging process if the description condition item is not true; otherwise, each branch of the root node is checked in sequence, and whether the leaf node of the branch can meet the condition item is judged; if there are branches that can reach the lowest leaf node, the result entry in that lowest leaf node is obtained.
8. The safety control method according to claim 7, wherein the step 2 includes:
step 21, using the industrial control entry codes as root nodes of the tree, using the elements in the condition items as leaf nodes of the tree in sequence, and using the result items as leaf nodes of the lowest layer of the tree, thereby generating the regular tree;
and step 22, generating an industrial control item list in the result item according to the codes of the industrial control items and the leaf nodes containing the codes in the rule tree.
9. The safety control method according to claim 7, wherein the step 4 further comprises: for the execution class in the result item, directly executing; and splitting a preset class in the result item into a plurality of elements, then respectively searching an industrial control item list in the result item, judging whether the branch is established or not according to the found leaf node, the branch below the node and the acquired data, if not, stopping searching, and if so, obtaining the result item.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811608387.3A CN111381546B (en) | 2018-12-27 | 2018-12-27 | Safety control system and method of industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811608387.3A CN111381546B (en) | 2018-12-27 | 2018-12-27 | Safety control system and method of industrial control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111381546A CN111381546A (en) | 2020-07-07 |
| CN111381546B true CN111381546B (en) | 2021-10-08 |
Family
ID=71219214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811608387.3A Active CN111381546B (en) | 2018-12-27 | 2018-12-27 | Safety control system and method of industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111381546B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104155957A (en) * | 2014-08-20 | 2014-11-19 | 成都联星微电子有限公司 | Industrial control acquisition system based on multiple nodes |
| CN104412247A (en) * | 2012-07-24 | 2015-03-11 | 通用电气公司 | Systems and methods for improving control system reliability |
| CN206178452U (en) * | 2016-09-25 | 2017-05-17 | 东莞市罗数基础工业科技有限公司 | Real -time productivity collection system of production line |
| CN108390851A (en) * | 2018-01-05 | 2018-08-10 | 郑州信大捷安信息技术股份有限公司 | A kind of secure remote control system and method for industrial equipment |
-
2018
- 2018-12-27 CN CN201811608387.3A patent/CN111381546B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104412247A (en) * | 2012-07-24 | 2015-03-11 | 通用电气公司 | Systems and methods for improving control system reliability |
| CN104155957A (en) * | 2014-08-20 | 2014-11-19 | 成都联星微电子有限公司 | Industrial control acquisition system based on multiple nodes |
| CN206178452U (en) * | 2016-09-25 | 2017-05-17 | 东莞市罗数基础工业科技有限公司 | Real -time productivity collection system of production line |
| CN108390851A (en) * | 2018-01-05 | 2018-08-10 | 郑州信大捷安信息技术股份有限公司 | A kind of secure remote control system and method for industrial equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111381546A (en) | 2020-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100326745B1 (en) | Integrated Automation Development System and Integration Method | |
| CN107111722B (en) | Database security | |
| US20180011700A1 (en) | Prioritization of software patches | |
| CN109032825B (en) | Fault injection method, device and equipment | |
| CN111472754B (en) | Fault processing method and device for oil pumping well, storage medium and electronic equipment | |
| CN110162344B (en) | Isolation current limiting method and device, computer equipment and readable storage medium | |
| CN113296786A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112181430A (en) | Code change statistical method and device, electronic equipment and storage medium | |
| CN109144871B (en) | Automatic test element identification method and device | |
| CN114661423A (en) | Cluster configuration detection method and device, computer equipment and storage medium | |
| CN112069052A (en) | Abnormal object detection method, device, equipment and storage medium | |
| CN111381546B (en) | Safety control system and method of industrial control system | |
| CN108446232A (en) | Introducing method, device, computing device and the storage medium of self-defined detected rule | |
| CN105426544A (en) | Method and device for monitoring state of database | |
| CN110866007A (en) | Information management method, system and computer equipment for big data application and table | |
| CN116361153A (en) | Method and device for testing firmware codes, electronic equipment and storage medium | |
| CN115495508A (en) | Generating method and device of SQL (structured query language) statement for report and electronic equipment | |
| CN114579466A (en) | Method, device, equipment and medium for constructing test case and code test | |
| CN115168358A (en) | Database access method and device, electronic equipment and storage medium | |
| CN111143203B (en) | Machine learning method, privacy code determination method, device and electronic equipment | |
| CN113868138A (en) | Method, system, equipment and storage medium for acquiring test data | |
| US20200201815A1 (en) | Object creation from hierarchical metadata stored on a storage device | |
| CN108074074B (en) | Integration device and integration method thereof | |
| US20240152661A1 (en) | Systems, methods, and media for automatically transforming textual data, representing an image, into p&id components | |
| CN117077148B (en) | Program security analysis method, system, computer device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 644000 Building 9, Jinrun Industrial Park, Xuzhou District, Yibin City, Sichuan Province Patentee after: Sichuan Security Control Technology Co.,Ltd. Address before: 100095 building 6, yard 9, Dijin Road, Haidian District, Beijing Patentee before: BEIJING ECHO TECHNOLOGIES Co.,Ltd. |
|
| CP03 | Change of name, title or address |