CN111726353A - Sensitive data grading protection method and grading protection system based on numerical control system - Google Patents
Sensitive data grading protection method and grading protection system based on numerical control system Download PDFInfo
- Publication number
- CN111726353A CN111726353A CN202010554733.5A CN202010554733A CN111726353A CN 111726353 A CN111726353 A CN 111726353A CN 202010554733 A CN202010554733 A CN 202010554733A CN 111726353 A CN111726353 A CN 111726353A
- Authority
- CN
- China
- Prior art keywords
- data
- security
- control system
- numerical control
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention belongs to the technical field of computer network security, and discloses a sensitive data grading protection method and a grading protection system based on a numerical control system, which classify and grade sensitive data in the numerical control system, sort and identify the sensitive data by adopting an intelligent means, and design data structures for storing different data; dividing a security domain for the intelligent numerical control system; controlling the information flow direction of the intelligent numerical control system by utilizing a BLP model according to the grading of the terminal and the division of a security domain; designing a data sensitivity level label generation algorithm to realize a network flow management and control system based on the data message sensitivity level label; and designing a network boundary access control technology based on the sensitivity level label. The method can protect the confidentiality of the sensitive data of the intelligent numerical control system, control the network flow direction of the sensitive data, prevent the data from illegally flowing into a low-security area due to routing errors and the like, and meet the industrial information safety requirement of the intelligent numerical control system.
Description
Technical Field
The invention belongs to the technical field of computer network security, and particularly relates to a sensitive data grading protection method and a grading protection system based on a numerical control system.
Background
At present, military industry is used as an important component of manufacturing industry and plays a vital role in the field of national defense industry. At present, industrial control systems such as DCS, PCS, PLC, IED, numerical control machine tools, flexible manufacturing units and the like are applied to military manufacturing enterprises in a large quantity, and the military manufacturing enterprises have a large quantity of national secrets, so that the military manufacturing enterprises need to pay more attention to the network security problem of the industrial control systems.
The national defense industry has high requirements on data confidentiality, and data transmitted after the numerical control system is networked contains a large number of part processing parameters. Some data are sensitive, such as G codes, and details of the machined part can be even reversely restored through analyzing the G codes, which belong to sensitive data.
The core of the sensitive data grading protection is to reasonably grade, standardize construction and supervise and manage the safety of an information system. A security secret-related system is required to grade the information confidentiality degree and the terminal authority. For a long time, many units typically move to two extremes in implementing hierarchical management: one is that there is no necessary hierarchical management of the application system, or simple access control is performed by using a firewall device; and the other method adopts complete physical isolation, and is very inconvenient for the use in the office by single machine isolation or establishment of a special secret-related network.
For access control technology, it is a common practice in the field of information security to partition security domains in a homogeneous manner. The method can be realized by adopting a Virtual Local Area Network (VLAN) technology, can also be realized by adopting an Access Control List (ACL) technology, can be realized by an instruction list applied to a router interface, and can also be realized by using a network firewall.
The sensitive data grading protection is used for carrying out technical protection on key information related to an intelligent numerical control system, controlling the flow direction of the information between different safety effectively, controlling confidential information and distributing and managing the confidential levels of system elements, and becomes a key point and a difficult point in grading protection work.
Through the above analysis, the problems and defects of the prior art are as follows:
(1) sensitive data classification of a numerical control system in the prior art is not clear enough, confidentiality protection cannot be well carried out, and industrial information safety cannot meet practical requirements.
(2) The network boundary expansion leads to more attacks, the originally independent closed numerical control production network is connected with an enterprise management network and the internet, meanwhile, the acceleration of the networking process of the numerical control system processing equipment leads to various hacker attacks, malicious codes and other security threats of the traditional information network to rapidly enter the numerical control network, and the industrial information security cannot be guaranteed.
(3) Most numerical control machine tool control systems transmit and manage machining codes in a plaintext mode, so that unencrypted machining codes are easily obtained illegally, and manufactured data are leaked due to the fact that machined articles are restored through special software.
The difficulty in solving the above problems and defects is:
because the sensitive data types, system characteristics and safety requirements of the intelligent numerical control system and the traditional information system are greatly different, the determination of the sensitive data classification is a premise and a basis for realizing all network operations such as security domain division, information access control and the like, and the division result directly influences the operation efficiency and performance of the whole system. In addition, the existing security protection means (firewall, gatekeeper, isolation device) cannot effectively defend the intelligent numerical control system, the intelligent manufacturing system, especially the numerical control network security protection technology, needs to be developed urgently, and the product needs to be realized and verified urgently.
The significance of solving the problems and the defects is as follows:
the numerical control network is one of the core parts of the intelligent numerical control system, is the basis for producing high-precision components and equipment, and the production data of the numerical control network is used as the core secret of an enterprise and even is related to national security. By grading the sensitive data and protecting the intelligent numerical control system, the data leakage problem and the unknown security intrusion problem of the urgent need ending in the industry of using high-end numerical control machines and precision measurement instruments for related production can be effectively solved. The processing production flow of an enterprise is not influenced in the process, and the production efficiency of the enterprise is greatly ensured and improved due to the fact that related operation systems and provided safety protection measures are standardized.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a sensitive data grading protection method and a grading protection system based on a numerical control system.
The invention is realized in this way, a sensitive data grading protection method based on numerical control system, including:
classifying, grading, combing and identifying sensitive data in a numerical control system, and constructing data structures for storing different data;
step two, dividing security domains for the data structures which construct different data storages;
step three, controlling the information flow direction by utilizing a BLP model according to the divided security domains;
fourthly, managing and controlling network circulation based on the data message sensitivity level label according to a data sensitivity level label generating algorithm;
and fifthly, accessing the network boundary based on the sensitive grade label by the network flow control based on the sensitive grade label of the data message.
Further, in step one, the sensitive data includes:
processing parameters, running data and log information of the equipment;
parameters of the mobile device operation, and data generated during the operation;
interactive information of the man-machine interaction unit comprises identity information, account number passwords and position information;
cloud multimedia information, business process data and equipment state information of the networked platform;
further, in step one, the sensitive data identification process includes:
the method comprises the steps of preliminarily judging whether the data is classified as sensitive data or not by using key field definitions and related identification detection in data retrieval specific files or data acquired under the environment of an application agent and a service server, simulating and processing set natural language rules by using computer software by using artificial intelligence theories and technologies, expressing various types of sensitive data according to classification and classification requirements, and generating and binding sensitive data grade labels.
Further, in the second step, the security domains are different logic regions partitioned according to the property of data information, a used main body, a security target and policy elements in the same system, and the logic regions are internally provided with the same security protection requirements and editing control policies and the same security access control policies for information isolation;
storing a domain table in a database in the security domain; and performing domain management and maintenance through the database, and updating a domain scheme and a domain table through a management interface of the proxy gateway.
Further, in the third step, the method for controlling information flow by using the BLP model includes:
carrying out security identification on a subject and an object and carrying out security classification, wherein the security classification is 0 level, 1 level and 2 levels, and the weight is defined to be higher or lower for each security classification; when the security level of the host is not lower than that of the object, the host reads the object; when the security level of the host is not higher than that of the object, the host writes the object; by reading down the access rule of writing down, the control information flows to the single direction of the high security level without allowing the downward flow;
the access rule for wanting to read up and write down includes:
(1) the data is used as an object, is created by the subject and inherits the security identification of the subject, and the security level of the data is the same as that of the subject;
(2) when the message security level is lower than or equal to the security level of the receiver, allowing the message to be sent;
(3) when the recipient's privacy level is greater than or equal to the message's privacy level, the message is allowed to be accepted.
Further, in the fourth step, the method for managing and controlling the network flow based on the data packet sensitivity level label according to the data sensitivity level label generation algorithm includes:
forcibly binding a sensitive grade grading label to the communication data of the numerical control processing system; the communication data comprises: the sensitive data message is encrypted to show that the identifier associates the protected sensitive data messages, and the identifier is a static identifier Cpsec, the message type; a sensitive data level, an expiration date of the level; relevant attached information of the data message; a protected data message;
then, forwarding is carried out through a high-performance network IO platform; before forwarding, carrying out sensitivity level access control on the message; the method comprises the steps of analyzing a network communication protocol, and extracting a sensitive grade label after the analysis is finished;
decoding and integrity checking the level label, performing access control according to the sensitivity level of the message, and making a safe strategy route;
and finally, recombining and forwarding the message.
Further, in step five, the method for accessing the network boundary based on the sensitivity level label includes:
before sending communication data, adding a self-defined sensitive grade label containing a secret grade attribute field to each message, and assigning that the secret grades of senders in an attribute value range are the same;
then the high-performance network IO supporting platform receives the message and sends the message to the proxy gateway, the proxy gateway decodes the sensitive grade label, integrity check is carried out, an access control matrix is input, and write access control is carried out according to an output result; if the message is allowed to be sent, the message is recombined and then forwarded through the proxy server, otherwise, the message is refused to be sent; besides realizing the access control function, the proxy gateway also converts the submitted access request and the management of system security level and other variables into the operation of a server database.
The invention also aims to provide a sensitive data grading protection system based on a numerical control system, which comprises:
the sensitive data classification and grading carding identification module is used for classifying, grading, carding and identifying the sensitive data in the numerical control system and constructing data structures for storing different data;
the security domain division module is used for dividing security domains for the data structures which construct different data storages;
the information flow direction control module is used for controlling the information flow direction by utilizing the BLP model according to the divided security domains;
the network flow control module is used for controlling the network flow based on the data message sensitivity level label according to the data sensitivity level label generating algorithm;
and the network boundary access module is used for accessing the network boundary based on the sensitive level label by the network flow management and control based on the sensitive level label of the data message.
Another object of the present invention is to provide a program storage medium for receiving user input, the stored computer program enabling an electronic device to execute the method for hierarchically protecting sensitive data based on a numerical control system, including:
the method comprises the steps of classifying and grading sensitive data of the numerical control system, identifying and storing the sensitive data, dividing security domains of the intelligent numerical control system, controlling information flow direction of the intelligent numerical control system, designing a sensitive grade label to guarantee data security and designing an access control algorithm of a security gateway, so that the sensitive data of the intelligent numerical control system is protected in confidentiality, the network flow direction of the sensitive data is controlled, and routing errors are prevented from causing the data to flow into a low-security level area in a violation mode.
Another object of the present invention is to provide a computer program product stored on a computer readable medium, which includes a computer readable program for providing a user input interface to implement the method for hierarchical protection of sensitive data based on a numerical control system when the computer program product is executed on an electronic device.
By combining all the technical schemes, the invention has the advantages and positive effects that: according to the sensitive data grading protection method based on the numerical control system, the sensitive data of the numerical control system can be classified and graded, the sensitive data is identified and stored, the intelligent numerical control system divides security domains, the information flow direction of the intelligent numerical control system is controlled, the sensitive grade label is designed to guarantee the data security, and the access control algorithm of a security gateway is designed, so that the sensitive data of the intelligent numerical control system can be protected in a confidentiality mode, the network flow direction of the sensitive data is controlled, the phenomenon that the data illegally flows into a low-security-level area due to routing errors and the like is avoided, and the industrial information security requirement of the intelligent numerical control system is met. The invention is based on the BLP security model of multilevel security access control, and enforces to bind the sensitive grade label for each message, and further realizes the management of the inter-domain information flow direction on the basis of carrying out the secret grade definition and dividing the security domain for the terminal and the message in the secret-related system. The control message intelligently flows from the low-security level security domain to the high-security level security domain, and the safety of an intranet related to sensitive data is guaranteed.
For an intelligent numerical control system, the invention firstly divides the security domain according to the actual application condition, for example, determines the domain dividing method according to the obligation department and the terminal distribution. The security domain is the same as the security level of the terminal which is classified into the security domain, and a domain division table is stored in the database. The design and maintenance of the domain-division management are carried out through the database, the domain-division scheme and the domain-division table can be updated through the management interface of the proxy gateway, and the interactivity is strong.
The BLP model provided by the invention controls information to flow in a single direction of a high security level without allowing downward flow through an access rule of 'downward reading and downward writing', thereby ensuring the information security in an information system. By comparing the security levels of the subject and the object, the subject is constrained from accessing the object, and the subject can only access the object with the authority so as to control information not to flow downwards.
For the security gateway, the security level of the message and the security level of the receiver are obtained according to the rules of the access control matrix and are input into the matrix for query, if the output value is Y, the message can be forwarded, otherwise, the operation is rejected if the operation does not conform to the access control strategy, so that the operation efficiency and robustness of the intelligent numerical control system can be improved, and the system environment and the access control rules are ensured to be updated synchronously. Because the security domain has the same grade as the terminal therein, the inter-domain information of different grades can judge the result through the rule defined by the access control matrix, and for different sub-domains of the same grade, if finer-grained access control needs to be implemented, the judgment can be carried out according to the sent identifier of the domain to which the access control belongs.
The effects and advantages obtained by combining experimental or experimental data with the prior art are:
(1) the classification of the sensitive data of the intelligent numerical control system is more definite and reasonable, and the protection of the information system is more facilitated.
(2) The method can protect the confidentiality of the sensitive data of the intelligent numerical control system, control the network flow direction of the sensitive data, prevent the data from illegally flowing into a low-security area due to routing errors and the like, and meet the industrial information safety requirement of the intelligent numerical control system.
(3) Compared with the prior art, the sensitive level labels are added, the sending and receiving of the messages are subjected to identity authentication and verification, the security level identification, the identity identification and the domain identification of the messages are managed in a centralized and unified mode, the identity identification problem is solved, and the security system is prevented from being invaded illegally, data is prevented from being leaked and tampered.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of a method for hierarchically protecting sensitive data based on a numerical control system according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a sensitive data hierarchical protection method based on a numerical control system according to an embodiment of the present invention.
FIG. 3 is a diagram illustrating a classification hierarchy of sensitive data of a numerical control system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Sensitive data of a numerical control system in the prior art cannot be protected by confidentiality, and industrial information safety cannot meet actual requirements. And the intranet relating to the sensitive data cannot be secured.
Aiming at the problems in the prior art, the invention provides a sensitive data grading protection method based on a numerical control system, and the invention is described in detail below with reference to the accompanying drawings.
The invention aims to realize a grading rule of sensitive data based on a numerical control system and a protection technology thereof. The method is divided into two parts:
and classifying and grading the sensitive data in the numerical control system, and designing data structures for storing different data.
Designing a data sensitivity level label generation algorithm and designing a network boundary access control technology based on the sensitivity level label. On the basis of the results, the sensitive data of the intelligent numerical control system can be protected in confidentiality, the network flow direction of the sensitive data is controlled, the phenomenon that the data illegally flows into a low-security area due to routing errors and the like is avoided, and the industrial information safety requirement of the intelligent numerical control system is met.
As shown in fig. 1, the method for hierarchically protecting sensitive data based on a numerical control system according to an embodiment of the present invention includes the following steps:
s101, classifying and grading the sensitive data in the numerical control system, combing and identifying the sensitive data by adopting an intelligent means, and designing data structures for storing different data.
And S102, dividing a security domain for the intelligent numerical control system according to the actual application condition.
And S103, controlling the information flow direction of the intelligent numerical control system by utilizing the BLP model according to the grading of the terminal and the division of the security domain.
And S104, designing a data sensitivity level label generation algorithm, and realizing a network flow control system based on the data message sensitivity level label.
And S105, designing a network boundary access control technology based on the sensitivity level label.
Fig. 2 is a schematic diagram of a sensitive data hierarchical protection method based on a numerical control system according to an embodiment of the present invention.
The invention provides a sensitive data grading protection system based on a numerical control system, which comprises:
and the sensitive data classifying, grading, combing and identifying module is used for classifying, grading, combing and identifying the sensitive data in the numerical control system and constructing data structures for storing different data.
And the security domain division module is used for dividing security domains for the data structures which construct different data storages.
And the information flow direction control module is used for controlling the information flow direction by utilizing the BLP model according to the divided security domains.
And the network flow control module is used for controlling the network flow based on the data message sensitivity level label according to the data sensitivity level label generating algorithm.
And the network boundary access module is used for accessing the network boundary based on the sensitive level label by the network flow management and control based on the sensitive level label of the data message.
The present invention will be further described with reference to the following examples.
1. Numerical control system sensitive data classification grading (as shown in figure 3)
Due to the existence of key areas and key information in the intelligent numerical control system, different data have different values, and the value is objectively reflected by the sensitivity level. And the more sensitive and important the data, the more vulnerable the intrusion and attack, the greater the resulting loss and cost, and the higher the level of protection required. The sensitive data of the intelligent numerical control system refers to all data information influencing the normal operation of the numerical control system. The data of the intelligent numerical control system is mainly divided into 4 parts, wherein the first part is process parameters, operation data, log information and the like of various processing devices (including numerical control machines, robots, PLC and the like) of the whole workshop or factory, the second part is parameters for operation of various mobile devices (such as material trolleys, mobile devices for work and the like) and data generated in operation, the third part is interaction information of a man-machine interaction unit of the intelligent numerical control system, the interaction information comprises identity information, account passwords, position information and the like, and the fourth part is cloud multimedia information of a networked platform, service flow data and equipment state information. The intelligent numerical control systems have the advantages of various sensitive data types, dynamic change, complex structure, storage dispersion and large data volume.
According to a general data classification standard, the sensitivity level of data can be classified into 3 types: level 0 (secret), level 1 (secret), level 2 (highly secret). The design also follows the classification method, and the important data can be classified into highly sensitive data, more sensitive data and common sensitive data according to the industrial information security level requirement and the correlation of the operation management of the numerical control system. The highly sensitive data refers to key data which have great influence on the construction of an intelligent numerical control system, process parameter data and product quality guarantee. Once the data such as the related system architecture information of the numerical control system, the parameter information of the core unit of the numerical control system and the backup data are leaked, the intelligent numerical control system is illegally controlled, the confidential data are leaked, and the whole numerical control system is damaged in a way of being incapable of being repaired, so that high-level omnibearing risk control and safety protection are required. The more sensitive data refers to data which is slightly less important than the highly sensitive data and still can have a larger influence on the numerical control system, such as a running log of the numerical control system, user identity information and the like.
Although such data leakage does not result in irreparable damage, it still has serious consequences and must be safeguarded. The common sensitive data is data which is closely related to each function of the numerical control system and a user, the data mainly comprises a networked platform browsing use record, man-machine interaction data and the like, and an authorized party can research the operation rule of the numerical control system through the operations of collection, mining, analysis, fusion and the like of the common data. The sensitive data has high openness, and if the sensitive data is illegally invaded and tampered, the service and the user experience of the intelligent numerical control system can be adversely affected, but the normal operation of the numerical control system and the quality guarantee of products cannot be damaged.
2. Identification and storage of sensitive data
In an intelligent numerical control system, a multi-layer architecture model is adopted and is divided into a data application layer, a data agent layer and a data adaptation layer. Implementing a depth defense strategy between an application end and a lower-layer numerical control system, implementing network control layer by layer, realizing interlayer logic isolation, and not allowing cross-layer direct communication; data stream between layers does not provide direct forwarding of network routing, and an application agent or a service server is required to take charge of the data stream, and an end-to-end communication safety guarantee is provided between the agents or the servers by adopting a numerical control system safety communication protocol. Therefore, under the condition, sensitive data are combed and identified intelligently by adopting an intelligent means, and the common sensitive data identification process comprises three steps of data acquisition, format analysis and content classification. Firstly, the data acquired under the environment of an application agent, a business server and the like is searched for specific files or key field definitions and related identification detection in the data to preliminarily judge whether the data is classified as sensitive data, a set natural language rule is subjected to simulation processing by computer software by applying the theory and the technology of artificial intelligence, and various types of sensitive data are accurately expressed according to the requirements of classification and classification, so that a sensitive data grade label is generated and bound.
3. Dividing security domains for intelligent numerical control system
The more accurate and comprehensive definition of the security domain refers to different logic regions which are divided according to different elements such as the property of data information, a used main body, a security target and a policy in the same system, the same security protection requirement and an editing control policy are arranged in the domain, the same security access control is carried out, mutual trust relationship exists between domains, and effective isolation can be realized. For an intelligent numerical control system, the security domain division can be performed first according to the actual application condition, for example, the domain division method is determined according to the obligation department and the terminal distribution. The security domain is the same as the security level of the terminal which is classified into the security domain, and a domain division table is stored in the database. The design and maintenance of the domain-division management are carried out through the database, the domain-division scheme and the domain-division table can be updated through the management interface of the proxy gateway, and the interactivity is strong.
4. Information flow direction of intelligent numerical control system
The safe proxy gateway is a core component in the system, the information flow direction control is also a key function of the safe proxy gateway, in an access control system of the intelligent numerical control system, a main body is each terminal, an object is sensitive data, and the operation is mainly that the terminal sends and receives the sensitive data. The control of the information flow is based on the classification of the terminal and the security domain.
The BLP model is widely applied to safety protection of a high-safety-level information system. The BLP model identifies and ranks the security of subjects and objects, corresponding to security levels of military types. The subject can read the object only if the security level of the subject is not lower than that of the object; a host can only write to a guest when the host's security level is not higher than the guest's security level. Through the access rule of 'reading downwards and writing downwards', the information is controlled to flow to the single direction of a high security level without being allowed to flow downwards, and the information security in the information system is ensured. Corresponding to the security characteristics of the BLP model, it can be seen that, the administrator of the mandatory access control system assigns a security level (a sensitive level label) to all subjects and objects in the system, and wraps the security levels and categories of the subjects and the objects, and by comparing the security levels of the subjects and the objects, the access of the subjects to the objects is constrained forcibly, and the subjects can only access the objects with rights, so as to control information not to flow downwards.
According to the rules of the BLP model, the following policies must be observed when the terminal is required to send and receive data:
(1) the data is created by the subject as a guest and inherits the security identification of the subject, so that the data has the same security level as the subject.
(2) Transmission is only allowed if the message security level is less than or equal to the recipient's security level.
(3) Acceptance of the message is only allowed if the recipient has a higher or equal security level than the message.
Because the security level of the message is inherited to the sender, for sending and receiving data, the judgment is only carried out according to the security level of the message and the security level of the receiver. The access control policy may be in the form of a cup converted into an access control matrix. In the system, with reference to the definition method of the BLP, the security levels of the subject and the object are classified into level 0 (secret), level 1 (secret), and level 2 (high secret). The weight is defined to be higher and lower for each security level and the access control matrix form is shown in table 1.
Table 1 access control matrix form
For the security gateway, according to the rules of the access control matrix, the security level of the message and the security level of the receiver are obtained and input into the matrix for query, if the output value is Y, the message can be forwarded, otherwise, the operation is rejected if the operation does not conform to the access control strategy, so that the operation efficiency and robustness of the intelligent numerical control system can be improved, and the system environment and the access control rules are ensured to be updated synchronously. Because the security domain has the same grade as the terminal therein, the inter-domain information of different grades can judge the result through the rule defined by the access control matrix, and for different sub-domains of the same grade, if finer-grained access control needs to be implemented, the judgment can be carried out according to the sent identifier of the domain to which the access control belongs. It should be noted that, while the confidentiality of the system can be guaranteed by fully implementing the information flow to access control, the usability in a specific application environment is also limited.
5. Securing data using sensitive level tags
Firstly, the sensitive level label is a mandatory access control mechanism, and in the safety protection mechanism of the intelligent numerical control system, the mandatory protection control mechanism is independent of the autonomous access control mechanism. As can be seen from the above, the sensitive data rating labels can be classified into three levels. The basic flow of the network circulation control system based on the data message sensitive level label is that the sensitive level grade label is bound to the communication data of the numerical control processing system forcibly, and then the communication data is forwarded through a high-performance network IO platform. Before forwarding, the access control of the sensitivity level of the message is carried out. The process comprises the steps of analyzing a network communication protocol, extracting a sensitive grade label after the analysis is finished, then decoding and checking the integrity of the grade label, carrying out access control according to the sensitive grade of the message, formulating a safe strategy route, and avoiding the occurrence of a high-density low-flow safety event caused by the fact that data illegally flows into a low-density area due to the reason of a route error and the like. And finally, recombining and forwarding the message.
In order to protect confidentiality of sensitive data, a sensitive level label needs to be designed and bound with a sensitive data message, and the data content mainly comprises:
(1) the sensitive data message is represented in encrypted form, and the identifier associates the protected sensitive data messages into a static identifier Cpsec, the message type.
(2) The sensitive data level, the expiration date of the level.
(3) Associated collateral information of the data message.
(4) The protected data packet, as follows:
| CPSec | D_type | P_OP | P_T | SORC | D_LEN | D_HASH | DATA |
wherein each part has the following meanings:
| CPSec | fixed header, static identification of tagged sensitive data message |
| D_type | Type of message |
| P_OP | Sensitive data rating |
| P_T | Class deadline |
| SORC | Newspaper source |
| D_LEN | Message length |
| D_HASH | Sensitive data message hash value |
| DATA | Sensitive data message |
The binding message is to add a label to an optional part of the message, the binding is a forced binding, and the message without the label can not be forwarded.
Before the message is forwarded, the message is analyzed through a network communication protocol, the state information of a sender is identified, and access control is carried out through a state firewall. And then extracting the message sensitivity level labels, wherein the three levels are 0 (common sensitive data), 1 (more sensitive data) and 2 (very sensitive data). By decoding the sensitive grade label and then carrying out integrity check, the incomplete sensitive data message cannot be forwarded. And then, the message passing the integrity check establishes a safe routing strategy by judging the sensitivity level of the message, and the principle is that the message with high sensitivity level can not flow to the network with low sensitivity level, so that sensitive data is prevented from being leaked. This requires a corresponding border access router to set up. And finally, completing corresponding message recombination and forwarding according to the established routing strategy.
6. Access control algorithm for security gateway
The access control of the proxy gateway to the message is the most critical part of the whole system, so the flow and algorithm of the access control are described first. The BLP model limits the access right of the subject to the object from the two aspects of "read" and "write", respectively, so the proxy gateway also needs to control the sending and receiving requests of the terminal, respectively. Before sending communication data, adding a self-defined sensitive grade label to each message, wherein the label comprises a secret grade attribute field, and the secret grades of senders in an assigned attribute value range are the same, then receiving the message by a high-performance network IO support platform and sending the message to a proxy gateway, decoding the sensitive grade label by the proxy gateway, carrying out integrity check, inputting an access control matrix, and implementing write access control according to an output result. If the message is allowed to be sent, the message is recombined and then forwarded through the proxy server, otherwise, the message is refused to be sent. Besides realizing the access control function, the proxy gateway also converts an access request submitted by a user and management on system security level and other variables into operation on a server database. The realization of the function mainly depends on the definition of the user authority of the review check of a designated system administrator, and the specific realization process is realized by a database operation algorithm.
Materials demonstrating the advantages and positive effects of the present invention, such as the supporting materials section (/ experimental or experimental data and results/simulation results and figures/pharmacological analysis// product sample photographs// commercial value-related testings/expert opinions of contracts or agreements of technical importance and advancement of technical cooperation/etc.)
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus a necessary hardware platform, and may also be implemented by hardware entirely. With this understanding in mind, all or part of the technical solutions of the present invention that contribute to the background can be embodied in the form of a software product, which can be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes instructions for causing a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments or some parts of the embodiments of the present invention.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A sensitive data grading protection method based on a numerical control system is characterized by comprising the following steps:
classifying, grading, combing and identifying sensitive data in a numerical control system, and constructing data structures for storing different data;
step two, dividing security domains for the data structures which construct different data storages;
step three, controlling the information flow direction by utilizing a BLP model according to the divided security domains;
fourthly, managing and controlling network circulation based on the data message sensitivity level label according to a data sensitivity level label generating algorithm;
and fifthly, accessing the network boundary based on the sensitive grade label by the network flow control based on the sensitive grade label of the data message.
2. The numerical control system-based sensitive data hierarchical protection method according to claim 1, wherein in the first step, the sensitive data includes:
processing parameters, running data and log information of the equipment;
parameters of the mobile device operation, and data generated during the operation;
interactive information of the man-machine interaction unit comprises identity information, account number passwords and position information;
cloud multimedia information, business process data and equipment state information of the networked platform.
3. The numerical control system-based sensitive data hierarchical protection method according to claim 1, wherein in the first step, the sensitive data identification process includes:
the method comprises the steps of preliminarily judging whether the data is classified as sensitive data or not by using key field definitions and related identification detection in data retrieval specific files or data acquired under the environment of an application agent and a service server, simulating and processing set natural language rules by using computer software by using artificial intelligence theories and technologies, expressing various types of sensitive data according to classification and classification requirements, and generating and binding sensitive data grade labels.
4. The sensitive data hierarchical protection method based on the numerical control system according to claim 1, wherein in step two, the security domains are different logic regions partitioned differently according to the nature of data information, the used main body, the security target and the policy element in the same system, and the logic regions are built with the same security protection requirement and editing control policy and the same security access control policy for information isolation;
storing a domain table in a database in the security domain; and performing domain management and maintenance through the database, and updating a domain scheme and a domain table through a management interface of the proxy gateway.
5. The numerical control system-based sensitive data hierarchical protection method according to claim 1, wherein in the third step, the method for controlling information flow by using the BLP model comprises:
carrying out security identification on a subject and an object and carrying out security classification, wherein the security classification is 0 level, 1 level and 2 levels, and the weight is defined to be higher or lower for each security classification; when the security level of the host is not lower than that of the object, the host reads the object; when the security level of the host is not higher than that of the object, the host writes the object; by reading down the access rule of writing down, the control information flows to the single direction of the high security level without allowing the downward flow;
the access rule of the read-down write-down includes:
(1) the data is used as an object, is created by the subject and inherits the security identification of the subject, and the security level of the data is the same as that of the subject;
(2) when the message security level is lower than or equal to the security level of the receiver, allowing the message to be sent;
(3) when the recipient's privacy level is greater than or equal to the message's privacy level, the message is allowed to be accepted.
6. The sensitive data grading protection method based on the numerical control system according to claim 1, wherein in the fourth step, according to the data sensitivity level label generation algorithm, the method for managing and controlling the network flow based on the data message sensitivity level label comprises:
forcibly binding a sensitive grade grading label to the communication data of the numerical control processing system; the communication data comprises: the sensitive data message is encrypted to show that the identifier associates the protected sensitive data messages, and the identifier is a static identifier Cpsec, the message type; a sensitive data level, an expiration date of the level; relevant attached information of the data message; a protected data message;
then, forwarding is carried out through a high-performance network IO platform; before forwarding, carrying out sensitivity level access control on the message; the method comprises the steps of analyzing a network communication protocol, and extracting a sensitive grade label after the analysis is finished;
decoding and integrity checking the level label, performing access control according to the sensitivity level of the message, and making a safe strategy route;
and finally, recombining and forwarding the message.
7. The sensitive data hierarchical protection method based on the numerical control system as set forth in claim 1, wherein in step five, the method for accessing the network boundary based on the sensitive level label comprises:
before sending communication data, adding a self-defined sensitive grade label containing a secret grade attribute field to each message, and assigning that the secret grades of senders in an attribute value range are the same;
then the high-performance network IO supporting platform receives the message and sends the message to the proxy gateway, the proxy gateway decodes the sensitive grade label, integrity check is carried out, an access control matrix is input, and write access control is carried out according to an output result; if the message is allowed to be sent, the message is recombined and then forwarded through the proxy server, otherwise, the message is refused to be sent; besides realizing the access control function, the proxy gateway also converts the submitted access request and the management of system security level and other variables into the operation of a server database.
8. A sensitive data grading protection system based on a numerical control system comprises:
the sensitive data classification and grading carding identification module is used for classifying, grading, carding and identifying the sensitive data in the numerical control system and constructing data structures for storing different data;
the security domain division module is used for dividing security domains for the data structures which construct different data storages;
the information flow direction control module is used for controlling the information flow direction by utilizing the BLP model according to the divided security domains;
the network flow control module is used for controlling the network flow based on the data message sensitivity level label according to the data sensitivity level label generating algorithm;
and the network boundary access module is used for accessing the network boundary based on the sensitive level label by the network flow management and control based on the sensitive level label of the data message.
9. A program storage medium for receiving user input, the stored computer program causing an electronic device to execute the method for hierarchical protection of sensitive data based on a numerical control system according to claims 1 to 7, comprising:
the method comprises the steps of classifying and grading sensitive data of the numerical control system, identifying and storing the sensitive data, dividing security domains of the intelligent numerical control system, controlling information flow direction of the intelligent numerical control system, designing a sensitive grade label to guarantee data security and designing an access control algorithm of a security gateway, so that the sensitive data of the intelligent numerical control system is protected in confidentiality, the network flow direction of the sensitive data is controlled, and routing errors are prevented from causing the data to flow into a low-security level area in a violation mode.
10. A computer program product stored on a computer readable medium, comprising a computer readable program for providing a user input interface for implementing the numerical control system based sensitive data hierarchical protection method as claimed in claims 1 to 7 when executed on an electronic device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010554733.5A CN111726353A (en) | 2020-06-17 | 2020-06-17 | Sensitive data grading protection method and grading protection system based on numerical control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010554733.5A CN111726353A (en) | 2020-06-17 | 2020-06-17 | Sensitive data grading protection method and grading protection system based on numerical control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111726353A true CN111726353A (en) | 2020-09-29 |
Family
ID=72567296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010554733.5A Pending CN111726353A (en) | 2020-06-17 | 2020-06-17 | Sensitive data grading protection method and grading protection system based on numerical control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111726353A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112417391A (en) * | 2020-10-28 | 2021-02-26 | 深圳市橡树黑卡网络科技有限公司 | Information data security processing method, device, equipment and storage medium |
| CN112528298A (en) * | 2020-12-02 | 2021-03-19 | 恒宝股份有限公司 | Intelligent manufacturing data management method for carbon fiber composite material |
| CN112580110A (en) * | 2020-12-23 | 2021-03-30 | 国家电网有限公司大数据中心 | Data resource sharing safety method based on watermark technology |
| CN112733152A (en) * | 2021-01-22 | 2021-04-30 | 湖北宸威玺链信息技术有限公司 | Sensitive data processing method, system and device |
| CN112787992A (en) * | 2020-12-17 | 2021-05-11 | 福建新大陆软件工程有限公司 | Method, device, equipment and medium for detecting and protecting sensitive data |
| CN115168345A (en) * | 2022-06-27 | 2022-10-11 | 天翼爱音乐文化科技有限公司 | Database classification method, system, device and storage medium |
| CN115185466A (en) * | 2022-07-25 | 2022-10-14 | 北京珞安科技有限责任公司 | Hierarchical management and control tool and method for mobile storage device |
| CN115296933A (en) * | 2022-10-08 | 2022-11-04 | 国家工业信息安全发展研究中心 | Industrial production data risk level assessment method and system |
| CN115396374A (en) * | 2022-08-12 | 2022-11-25 | 徐州恒佳电子科技有限公司 | Intelligent routing system special for priority data forwarding and method thereof |
| CN115577379A (en) * | 2022-11-09 | 2023-01-06 | 中孚安全技术有限公司 | Hierarchical protection security analysis method, system and equipment |
| CN116579022A (en) * | 2023-07-12 | 2023-08-11 | 嘉联支付有限公司 | Data security privacy protection method based on cloud service |
| CN116595593A (en) * | 2023-07-18 | 2023-08-15 | 北京数字众智科技有限公司 | Privacy calculation encryption method and system for digital community |
| CN116611116A (en) * | 2023-07-21 | 2023-08-18 | 江苏华存电子科技有限公司 | Data secure storage management method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944884A (en) * | 2014-03-24 | 2014-07-23 | 瑞达信息安全产业股份有限公司 | Hierarchical sub-domain control method and system based on network label communication |
-
2020
- 2020-06-17 CN CN202010554733.5A patent/CN111726353A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944884A (en) * | 2014-03-24 | 2014-07-23 | 瑞达信息安全产业股份有限公司 | Hierarchical sub-domain control method and system based on network label communication |
Non-Patent Citations (2)
| Title |
|---|
| 曹利峰: "面向多级安全的网络安全通信模型及其关键技术研究", 《中国博士学位论文全文数据库信息科技辑》 * |
| 朱贵强: "涉密信息系统多级访问控制方法研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112417391A (en) * | 2020-10-28 | 2021-02-26 | 深圳市橡树黑卡网络科技有限公司 | Information data security processing method, device, equipment and storage medium |
| CN112417391B (en) * | 2020-10-28 | 2023-12-19 | 深圳市橡树黑卡网络科技有限公司 | Information data security processing method, device, equipment and storage medium |
| CN112528298A (en) * | 2020-12-02 | 2021-03-19 | 恒宝股份有限公司 | Intelligent manufacturing data management method for carbon fiber composite material |
| CN112787992A (en) * | 2020-12-17 | 2021-05-11 | 福建新大陆软件工程有限公司 | Method, device, equipment and medium for detecting and protecting sensitive data |
| CN112580110A (en) * | 2020-12-23 | 2021-03-30 | 国家电网有限公司大数据中心 | Data resource sharing safety method based on watermark technology |
| CN112733152A (en) * | 2021-01-22 | 2021-04-30 | 湖北宸威玺链信息技术有限公司 | Sensitive data processing method, system and device |
| CN115168345A (en) * | 2022-06-27 | 2022-10-11 | 天翼爱音乐文化科技有限公司 | Database classification method, system, device and storage medium |
| CN115168345B (en) * | 2022-06-27 | 2023-04-18 | 天翼爱音乐文化科技有限公司 | Database classification method, system, device and storage medium |
| CN115185466A (en) * | 2022-07-25 | 2022-10-14 | 北京珞安科技有限责任公司 | Hierarchical management and control tool and method for mobile storage device |
| CN115185466B (en) * | 2022-07-25 | 2023-02-28 | 北京珞安科技有限责任公司 | Hierarchical management and control tool and method for mobile storage device |
| CN115396374A (en) * | 2022-08-12 | 2022-11-25 | 徐州恒佳电子科技有限公司 | Intelligent routing system special for priority data forwarding and method thereof |
| CN115396374B (en) * | 2022-08-12 | 2023-12-22 | 徐州恒佳电子科技有限公司 | Routing system and method special for intelligent priority data forwarding |
| CN115296933B (en) * | 2022-10-08 | 2022-12-23 | 国家工业信息安全发展研究中心 | Industrial production data risk level assessment method and system |
| CN115296933A (en) * | 2022-10-08 | 2022-11-04 | 国家工业信息安全发展研究中心 | Industrial production data risk level assessment method and system |
| CN115577379A (en) * | 2022-11-09 | 2023-01-06 | 中孚安全技术有限公司 | Hierarchical protection security analysis method, system and equipment |
| CN115577379B (en) * | 2022-11-09 | 2023-05-09 | 中孚安全技术有限公司 | Hierarchical protection security analysis method, system and equipment |
| CN116579022A (en) * | 2023-07-12 | 2023-08-11 | 嘉联支付有限公司 | Data security privacy protection method based on cloud service |
| CN116595593A (en) * | 2023-07-18 | 2023-08-15 | 北京数字众智科技有限公司 | Privacy calculation encryption method and system for digital community |
| CN116595593B (en) * | 2023-07-18 | 2023-11-07 | 北京数字众智科技有限公司 | Privacy calculation encryption method and system for digital community |
| CN116611116A (en) * | 2023-07-21 | 2023-08-18 | 江苏华存电子科技有限公司 | Data secure storage management method and system |
| CN116611116B (en) * | 2023-07-21 | 2023-11-17 | 江苏华存电子科技有限公司 | Data secure storage management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111726353A (en) | Sensitive data grading protection method and grading protection system based on numerical control system | |
| CN105357201B (en) | A kind of object cloud storage access control method and system | |
| Hu et al. | Guidelines for access control system evaluation metrics | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| WO2003088018A2 (en) | System and techniques to bind information objects to security labels | |
| CN110990858B (en) | Cross-cloud resource sharing system and method based on distributed information flow control | |
| Mythili et al. | Trust management approach for secure and privacy data access in cloud computing | |
| Iskanderov et al. | Security of information processes in supply chains | |
| CN114372098A (en) | Platform and method for protecting and mining power data middling station private data based on privileged account management | |
| CN112837194A (en) | Intelligent system | |
| CN111931239A (en) | Data leakage prevention system for database security protection | |
| Li et al. | Research on information security risk analysis and prevention technology of network communication based on cloud computing algorithm | |
| CN114218194A (en) | Data bank safety system | |
| Manikandakumar et al. | Security and Privacy Challenges in Big Data Environment | |
| Allegue et al. | Toward gdpr compliance in iot systems | |
| Chen et al. | BSPPF: Blockchain-based security and privacy preventing framework for Data Middle Platform in the era of IR 4.0 | |
| Bisikalo et al. | Modeling the security policy of the information system for critical use | |
| US11947694B2 (en) | Dynamic virtual honeypot utilizing honey tokens and data masking | |
| Basso et al. | Requirements, design and evaluation of a privacy reference architecture for web applications and services | |
| Lu et al. | DIFCS: a secure cloud data sharing approach based on decentralized information flow control | |
| Hernandez et al. | TIKD: A Trusted Integrated Knowledge Dataspace for Sensitive Data Sharing and Collaboration | |
| Renu et al. | An enhanced security tree to secure cloud data | |
| Wang et al. | Security strategy and research of power protection equipment based on SELinux | |
| Amanowicz et al. | Data-Centric Security | |
| Myagmar | Threat Modeling networked and data-centric systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200929 |