CN112130798B - Weapon equipment control endophytic safety computer design system and method - Google Patents
Weapon equipment control endophytic safety computer design system and method Download PDFInfo
- Publication number
- CN112130798B CN112130798B CN202011009013.7A CN202011009013A CN112130798B CN 112130798 B CN112130798 B CN 112130798B CN 202011009013 A CN202011009013 A CN 202011009013A CN 112130798 B CN112130798 B CN 112130798B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- control
- judging
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013461 design Methods 0.000 title claims abstract description 26
- 230000008569 process Effects 0.000 claims abstract description 15
- 230000004044 response Effects 0.000 claims description 24
- 239000003795 chemical substances by application Substances 0.000 claims description 23
- 238000004140 cleaning Methods 0.000 claims description 20
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 15
- 238000007405 data analysis Methods 0.000 claims description 12
- 239000000872 buffer Substances 0.000 claims description 10
- 230000003139 buffering effect Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 10
- 238000011084 recovery Methods 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 8
- 238000006317 isomerization reaction Methods 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000011144 upstream manufacturing Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 9
- 230000007123 defense Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
- G06F3/1423—Digital output to display device ; Cooperation and interconnection of the display device with other functional units controlling a plurality of local displays, e.g. CRT and flat panel display
- G06F3/1431—Digital output to display device ; Cooperation and interconnection of the display device with other functional units controlling a plurality of local displays, e.g. CRT and flat panel display using a single graphics controller
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Computer Graphics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multi Processors (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a weapon equipment control endophytic safety computer design system, which comprises: the system comprises a distribution agent module, a heterogeneous executor module, a judging service module and a feedback control module; and one or more heterogeneous execution body modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch. The invention designs a display switching function aiming at the condition of multi-path display and control of a weapon equipment control computer, provides control from multi-path screen display to single-path display, and outputs control to have decision service selected according to a decision result. The control input of the user aiming at the screen is sent to the distribution agent by display switching and submitted to the currently running execution bodies so as to ensure the state consistency of all the execution bodies in the running process.
Description
Technical Field
The invention relates to the field of computer network security, in particular to a weapon equipment control endophytic security computer design system and method.
Background
The safety of domestic weaponry initially takes the safety of protective weaponry instructions as a main target, a weaponry safety instruction receiver receives the safety instructions sent by ground safety control equipment, the instructions are sent to a safety controller after decoding and recognition, and the controller outputs execution instructions to complete ground information instruction tasks. The information command is generally a binary digit coding command to increase the anti-interference capability, and the information system has a strong command conversion function, usually hundreds of commands are provided, and the selection is performed just before the weapon is fired. After the instruction is selected, the information instruction receiver is bound, then the information instruction receiver is connected with the information transmitter in a butt joint mode, and the generation, transmission and detection of the instruction are carried out. The weapon equipment information data protection means mainly comprises: (1) The traffic is encrypted so that any unauthorized party cannot interpret the information content from the authorized source. The encryption service uses a data encryption algorithm to convert plaintext data into ciphertext data so as to prevent the leakage of data content; (2) Integrity service, guaranteeing that information of an authorized source is not modified illegally in the sending, transmitting and receiving processes; (3) The authentication service can prevent counterfeited data attack of illegal persons, wherein the authentication service is realized by checking a data source address, a data transmission sequence count and the like protected by the encryption service or the integrity service.
But all the above ways are based on the data protection layer to improve equipment security. The mimicry defense technology is a novel active defense technology proposed by scientists in China, and the core of the mimicry defense technology is to realize dynamic, heterogeneous and redundant endophytic security design from the architecture level, so that the system can normally operate when receiving a backdoor and vulnerability threat attack and is not influenced.
The current design of the computer for preventing the hacker attack comprises a partition design for hardware isolation and a network defense method based on encryption algorithm reconstruction.
The patent document "anti-hacking computer design" with publication number CN110337651a "discloses a computer architecture disclosed for implementing an anti-hacking computing device, which is mainly an anti-hacking method proposed from the point of view of hacking. The invention is based on passive defense of hacker access and theft related operation, and the invention provided herein is a novel active defense mode oriented to weapon equipment control, and the technical fields are different.
The invention provides a dynamic defense method of an endophytic safe industrial control network, which is disclosed in a patent document with publication number of 107065750A, and is characterized in that the dynamic reconstruction of an encryption algorithm is realized, while the invention provided herein carries out heterogeneous design on a control execution body from the perspective of mimicry defense, and realizes that the receiving and transmitting of weapon equipment control instructions are not influenced even if abnormal conditions occur through the cooperation of a distribution and arbitration module and a feedback control module.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a weapon equipment control endophytic safety computer design system and method.
According to one aspect of the present invention, there is provided a weapon equipment control endophytic safety computer design system comprising the following modules: the system comprises a distribution agent module, a heterogeneous executor module, a judging service module and a feedback control module;
and one or more heterogeneous execution body modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch.
Preferably, the distribution agent module includes: the system comprises a network data receiving and transmitting module, a frame data signing module, a data buffering module and a frame data forwarding module; the network data receiving and transmitting module receives the datagram from the upstream, submits the datagram to a data buffer queue of the data buffer module for buffering, and after unified coding and signing are carried out through frame data signing of the frame data signing module, the datagram is copied into three parts through the frame data forwarding module and is respectively submitted to each control executing body.
Preferably, the heterogeneous execution body module provides a heterogeneous control execution body, the war plan, the weapon equipment control data and the instruction provided by the distribution agent module from the distribution equipment and the external equipment are transmitted to the plurality of weapon equipment control execution bodies in a one-to-many mode, after the processes of data encryption and decryption and data analysis, the heterogeneous control execution body forwards the data response, the instruction response state and the context state to the arbitration service module, and the arbitration service module outputs a correct result based on a majority voting mechanism.
Preferably, the arbitration service module comprises a network data receiving and transmitting module, a frame queue management module, a strategy management module, a result arbitration module and a result feedback module; the network data receiving and transmitting module buffers the data received from the control executive body and submits the data to a frame queue of the frame queue management module, analyzes the signature, obtains three uniformly signed datagrams, compares the results in the result judging module according to the judging strategy of the strategy management module, outputs a correct result, reports the judging record to the feedback control module, and calls the feedback control module to perform asynchronous cleaning recovery processing according to the preset strategy of the judging equipment if the judging service finds that the response data of a plurality of executive bodies are inconsistent.
Preferably, the feedback control module comprises a network data receiving and transmitting module, a judging result recording module, a log analysis module and an executive body cleaning control module; the feedback control module receives the result reported by the judging service module through the network data receiving and transmitting module, records the result through the judging result recording module, judges whether the application execution body is abnormal through log comparison and analysis in the log analysis module, initiates a cleaning control instruction aiming at the abnormal application execution body through the execution body definition control module, and provides self-healing feedback capability for the endogenous safety application system.
According to another aspect of the present invention, there is provided a method for designing a weapon equipment control endophytic safety computer, according to the above-mentioned weapon equipment control endophytic safety computer design system, comprising the steps of: a dispatch proxy step, a heterogeneous executable step, a arbitration service step, and a feedback control step.
Preferably, the distributing agent step includes:
sub-step 1: maintaining information such as codes, domain names, addresses, forwarding channels, forwarding ports and the like of all devices in the system to form an overall routing form of the system;
sub-step 2: after receiving the data message or file from the port, analyzing the message header to search out the destination user code, and simultaneously inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port and forwarding according to the requirement;
sub-step 3: aiming at the endophytic safety protection of the forwarded message, multiple copies are formed through the isomerization design of the application software, and data analysis is independently executed when the message needing to be forwarded is received, so that the routing table query is completed.
Preferably, the heterogeneous performing step includes:
sub-step 1: the arbitration service software receives data from the application executor and submits the data to a frame queue for buffering, and analyzes the signature to obtain three datagrams with unified signatures;
sub-step 2: comparing the results of the three datagrams obtained after the signature analysis according to the arbitration policy, outputting a correct result, and reporting the arbitration record to the feedback control service software;
sub-step 3: if the judging service discovery system has inconsistent response data of a plurality of executors, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the judging equipment.
Preferably, the feedback control step includes:
sub-step 1: recording the result reported by the arbitration service software in the running process and recording the result as a log;
sub-step 2: and judging whether the application execution body is abnormal or not through log comparison and analysis, and initiating a cleaning control instruction aiming at the abnormal application execution body to provide self-healing feedback capability for the endogenous safety application system.
Preferably, the heterogeneous performing step includes: and transmitting the war plan, the weapon equipment control data and the instruction provided by the distribution agent step from the distribution equipment and the external equipment to a plurality of weapon equipment control executors in a one-to-many mode, and transmitting the data response, the instruction response state and the context state to a judging service step by the heterogeneous control executors after the processes of data encryption and decryption and data analysis, wherein the judging service step outputs a correct result based on a majority voting mechanism.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention is based on the mimicry-defended DHR architecture, realizes TCP data receiving and transmitting based on the C/S architecture under the condition of not changing the operation flow of the system, and realizes the endophytic security design of the computer through different configurations of the embedded heterogeneous executor.
2. According to the invention, the display control and service modules of the computer are separated by researching the background of requirements for ground system functions and information safety of the weapon equipment, the output control is carried out by the judging service, the display of abnormal information is switched in real time, and the efficiency of cleaning and recovering the system is improved.
3. The distribution agent, the arbitration service and the feedback control module of the endogenous safety computer all adopt an embedded real-time processing mode, so that the real-time performance and the time certainty of the computer service processing are well ensured.
4. The invention takes the functions and information security of the ground system of the weapon equipment as the background of requirements, takes the traditional weapon equipment security method as the basis, integrates the concept of endogenous security into the design of a computer architecture, develops an endogenous security control computer oriented to the weapon equipment, solves the endogenous security problem oriented to the weapon equipment control computer from the architecture level, and provides powerful guarantee for the weapon equipment system.
5. According to the invention, different modules such as display control and business are separated, so that the safety of the system is greatly improved.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, given with reference to the accompanying drawings in which:
FIG. 1 is a block diagram of a weapon control endogenous safety computer system;
FIG. 2 is a diagram of a weapon equipment control endogenous safety computer system architecture;
fig. 3 is a flow chart of the weapon equipment control endogenous safety computer information.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present invention.
Example 1
The invention provides a weapon equipment control endophytic safety computer design system, as shown in figure 1, a distribution agent module, a heterogeneous execution body module, a decision service module and a feedback control module; and one or more heterogeneous execution body modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch.
As described in fig. 2, the distribution agent module includes: the system comprises a network data receiving and transmitting module, a frame data signing module, a data buffering module and a frame data forwarding module; the network data receiving and transmitting module receives the datagram from the upstream, submits the datagram to a data buffer queue of the data buffer module for buffering, and after unified coding and signing are carried out through frame data signing of the frame data signing module, the datagram is copied into three parts through the frame data forwarding module and is respectively submitted to each control executing body.
The heterogeneous execution body module provides a heterogeneous control execution body, the war plan, the weapon equipment control data and the instruction provided by the distribution agent module from the distribution equipment and the external equipment are transmitted to the plurality of weapon equipment control execution bodies in a one-to-many mode, after the processes of data encryption, decryption and data analysis, the heterogeneous control execution body forwards the data response, the instruction response state and the context state to the arbitration service module, and the arbitration service module outputs a correct result based on a majority voting mechanism.
The arbitration service module comprises a network data receiving and transmitting module, a frame queue management module, a strategy management module, a result arbitration module and a result feedback module; the network data receiving and transmitting module buffers the data received from the control executive body and submits the data to a frame queue of the frame queue management module, analyzes the signature, obtains three uniformly signed datagrams, compares the results in the result judging module according to the judging strategy of the strategy management module, outputs a correct result, reports the judging record to the feedback control module, and calls the feedback control module to perform asynchronous cleaning recovery processing according to the preset strategy of the judging equipment if the judging service finds that the response data of a plurality of executive bodies are inconsistent.
The feedback control module comprises a network data receiving and transmitting module, a judging result recording module, a log analysis module and an executive body cleaning control module; the feedback control module receives the result reported by the judging service module through the network data receiving and transmitting module, records the result through the judging result recording module, judges whether the application execution body is abnormal through log comparison and analysis in the log analysis module, initiates a cleaning control instruction aiming at the abnormal application execution body through the execution body definition control module, and provides self-healing feedback capability for the endogenous safety application system.
In this embodiment, first, an operating system layer builds heterogeneous execution bodies based on Windows, ruihua, vxworks and the like by taking an X86, a homemade ARM and the like as basic platforms, and an application layer correspondingly realizes software and hardware infrastructures of target application versions of Windows, ruihua, vxworks and the like. Meanwhile, a C/S architecture is adopted, and a TCP monitoring mode is used for receiving and transmitting service requests under the condition of not changing the operation flow of the system. Aiming at the high real-time requirement of an embedded processing platform, a data buffer module and a frame data signature module are added in a distribution proxy module according to the design provided by the invention, then war plans, weapon equipment control data and instructions from distribution equipment and external equipment are transmitted to a plurality of weapon equipment control executors in a one-to-many mode, after the processes of data encryption, decryption, data analysis and the like, the heterogeneous executors forward data response, instruction response state and context state to an arbitration service, and the arbitration service outputs correct results based on a majority voting mechanism. In addition, by designing a light feedback control mechanism, the system can save the context of the executive body, if the judging service finds an abnormal executive body, the running state of the executive body can be quickly and synchronously executed through the context synchronization after the cleaning and recovery are executed, the system is prevented from being in a blocking state waiting for the service of the executive body, and the information of the abnormal control executive body is output through the feedback control module, so that the support is provided for the cleaning and recovery of the system. The high-reliability and stable operation of the system is realized.
The invention designs a display switching function aiming at the condition of multi-path display and control of a weapon equipment control computer, provides control from multi-path screen display to single-path display, and outputs control to have decision service selected according to a decision result. The control input of the user aiming at the screen is sent to the distribution agent through display switching and submitted to the currently running executive body so as to ensure the state consistency of all the executive bodies in the running process; if the output result of the displayed executing body is abnormal, the display switching work is automatically executed, so that the weapon equipment control computer can be ensured to display and control correctly in the executing process.
Example 2
The invention also provides a design method of the weapon equipment control endophytic safety computer, which comprises the following steps: a dispatch proxy step, a heterogeneous executable step, a arbitration service step, and a feedback control step.
The distributing agent step comprises: sub-step 1: maintaining information such as codes, domain names, addresses, forwarding channels, forwarding ports and the like of all devices in the system to form an overall routing form of the system; sub-step 2: after receiving the data message or file from the port, analyzing the message header to search out the destination user code, and simultaneously inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port and forwarding according to the requirement; sub-step 3: aiming at the endophytic safety protection of the forwarded message, multiple copies are formed through the isomerization design of the application software, and data analysis is independently executed when the message needing to be forwarded is received, so that the routing table query is completed.
The heterogeneous execution steps include: sub-step 1: the arbitration service software receives data from the application executor and submits the data to a frame queue for buffering, and analyzes the signature to obtain three datagrams with unified signatures; sub-step 2: comparing the results of the three datagrams obtained after the signature analysis according to the arbitration policy, outputting a correct result, and reporting the arbitration record to the feedback control service software; sub-step 3: if the judging service discovery system has inconsistent response data of a plurality of executors, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the judging equipment.
The feedback control step includes: sub-step 1: recording the result reported by the arbitration service software in the running process and recording the result as a log; sub-step 2: and judging whether the application execution body is abnormal or not through log comparison and analysis, and initiating a cleaning control instruction aiming at the abnormal application execution body to provide self-healing feedback capability for the endogenous safety application system.
The heterogeneous execution steps include: and transmitting the war plan, the weapon equipment control data and the instruction provided by the distribution agent step from the distribution equipment and the external equipment to a plurality of weapon equipment control executors in a one-to-many mode, and transmitting the data response, the instruction response state and the context state to a judging service step by the heterogeneous control executors after the processes of data encryption and decryption and data analysis, wherein the judging service step outputs a correct result based on a majority voting mechanism.
In this embodiment, as shown in fig. 3, the computer information flow is transferred through the following steps:
step one: transmitting control commands to the distribution agent module through inputs of a display, a keyboard, a mouse and the like;
step two: after receiving the corresponding weapon equipment control command request, the distribution agent updates and maintains the routing form of the system, prepares the planning control work of the data command;
step three: after receiving the data message/file from the port, analyzing the message header to search out the destination user code, inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port, and forwarding according to the requirement;
step four: aiming at the endophytic safety protection of the forwarding message, forming multiple copies through the isomerization design of the application software;
step five: each executive body independently executes data analysis when receiving a message to be forwarded, and performs weapon equipment control, data recording and monitoring management according to respective execution logic;
step six: after the weapon equipment control executor performs the processes of data encryption and decryption, data analysis and the like, forwarding the data response, the instruction response state and the context state to the arbitration service at the first time;
step seven: the arbitration service software receives data from the application executor and submits the data to a frame queue for buffering, and analyzes the signature to obtain three datagrams with unified signatures;
step eight: comparing the results of the three datagrams with the same format obtained after the signature is analyzed according to the arbitration policy, outputting a correct result, and reporting an arbitration record to the feedback control service software;
step nine: if the arbitration service is consistent, the system normally outputs a weapon equipment control command; the display displays the status of each executing body and weapon equipment control information under normal condition. If the judging service discovery system has inconsistent response data of a plurality of executors, turning to a step ten;
step ten: if the judging service discovery system has inconsistent response data of a plurality of executors, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the judging equipment. At this time, the abnormal execution body condition output is displayed on a display; and for which a real-time cleaning recovery is performed.
Those skilled in the art will appreciate that the invention provides a system and its individual devices, modules, units, etc. that can be implemented entirely by logic programming of method steps, in addition to being implemented as pure computer readable program code, in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units for realizing various functions included in the system can also be regarded as structures in the hardware component; means, modules, and units for implementing the various functions may also be considered as either software modules for implementing the methods or structures within hardware components.
In the description of the present application, it should be understood that the terms "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientations or positional relationships illustrated in the drawings, merely to facilitate description of the present application and simplify the description, and do not indicate or imply that the devices or elements being referred to must have a specific orientation, be configured and operated in a specific orientation, and are not to be construed as limiting the present application.
The foregoing describes specific embodiments of the present invention. It is to be understood that the invention is not limited to the particular embodiments described above, and that various changes or modifications may be made by those skilled in the art within the scope of the appended claims without affecting the spirit of the invention. The embodiments of the present application and features in the embodiments may be combined with each other arbitrarily without conflict.
Claims (4)
1. A weapon equipment control endophytic safety computer design system, comprising: the system comprises a distribution agent module, a heterogeneous executor module, a judging service module and a feedback control module;
one or more heterogeneous execution body modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch;
the heterogeneous execution body module provides a control execution body which forms a heterogeneous structure, the war plan, the weapon equipment control data and the instruction provided by the distribution agent module are transmitted to a plurality of weapon equipment control execution bodies in a one-to-many mode, after the processes of data encryption, decryption and data analysis, the heterogeneous control execution body transmits the data response, the instruction response state and the context state to the arbitration service module, and the arbitration service module outputs a correct result based on a majority voting mechanism;
the judging service module comprises a network data receiving and transmitting module, a frame queue management module, a strategy management module, a result judging module and a result feedback module;
the network data receiving and transmitting module buffers the received data from the control executive body and submits the data to a frame queue of the frame queue management module, analyzes the signature, obtains three uniformly signed datagrams, compares the results in the result judging module according to the judging strategy of the strategy management module, outputs a correct result, reports the judging record to the feedback control module, and calls the feedback control module to perform asynchronous cleaning recovery processing according to the preset strategy of the judging equipment if the judging service finds that the response data of a plurality of executive bodies are inconsistent;
the feedback control module comprises a network data receiving and transmitting module, a judging result recording module, a log analysis module and an executive body cleaning control module;
the feedback control module receives the result reported by the arbitration service module through the network data receiving and transmitting module, records the result through the arbitration result recording module, judges whether the application execution body is abnormal through log comparison and analysis in the log analysis module, initiates a cleaning control instruction aiming at the abnormal application execution body through the execution body definition control module, and provides self-healing feedback capability for the endogenous safety application system;
the distribution agent module includes: the system comprises a network data receiving and transmitting module, a frame data signing module, a data buffering module and a frame data forwarding module;
the network data receiving and transmitting module receives the datagram from the upstream, submits the datagram to a data buffer queue of the data buffer module for buffering, and copies the datagram into three parts to be respectively submitted to each heterogeneous executor module through the frame data forwarding module after unified coding and signing are carried out through the frame data signature of the frame data signature module.
2. A method of designing a weapon control endophytic safety computer, a weapon control endophytic safety computer design system as claimed in claim 1, comprising: a distributing agent step, a heterogeneous executable step, a arbitrating service step and a feedback control step;
the heterogeneous execution body step comprises the following steps:
sub-step 1: the arbitration service software receives data from the application executor and submits the data to a frame queue for buffering, and analyzes the signature to obtain three datagrams with unified signatures;
sub-step 2: comparing the results of the three datagrams obtained after the signature analysis according to the arbitration policy, outputting a correct result, and reporting the arbitration record to the feedback control service software;
sub-step 3: if the judging service discovery system has inconsistent response data of a plurality of executors, calling feedback control software to perform asynchronous cleaning recovery processing according to a preset strategy of judging equipment;
the feedback control step includes:
sub-step 1: recording the result reported by the arbitration service software in the running process and recording the result as a log;
sub-step 2: and judging whether the application execution body is abnormal or not through log comparison and analysis, and initiating a cleaning control instruction aiming at the abnormal application execution body to provide self-healing feedback capability for the endogenous safety application system.
3. A weapon controlled endophytic safety computer design method as claimed in claim 2, wherein the step of distributing agents comprises:
sub-step 1: maintaining information including codes, domain names, addresses, forwarding channels and forwarding ports of all devices in the system to form an overall routing form of the system;
sub-step 2: after receiving the data message or file from the port, analyzing the message header to search out the destination user code, and simultaneously inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port and forwarding according to the requirement;
sub-step 3: aiming at the endophytic safety protection of the forwarded message, multiple copies are formed through the isomerization design of the application software, and data analysis is independently executed when the message needing to be forwarded is received, so that the routing table query is completed.
4. A method of designing a weapon controlled endophytic safety computer according to claim 2, wherein the heterogeneous performing step comprises: and transmitting the war plan, the weapon equipment control data and the instruction provided by the distribution agent step from the distribution equipment and the external equipment to a plurality of weapon equipment control executors in a one-to-many mode, and transmitting the data response, the instruction response state and the context state to a judging service step by the heterogeneous control executors after the processes of data encryption and decryption and data analysis, wherein the judging service step outputs a correct result based on a majority voting mechanism.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011009013.7A CN112130798B (en) | 2020-09-23 | 2020-09-23 | Weapon equipment control endophytic safety computer design system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011009013.7A CN112130798B (en) | 2020-09-23 | 2020-09-23 | Weapon equipment control endophytic safety computer design system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112130798A CN112130798A (en) | 2020-12-25 |
CN112130798B true CN112130798B (en) | 2024-04-02 |
Family
ID=73842934
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011009013.7A Active CN112130798B (en) | 2020-09-23 | 2020-09-23 | Weapon equipment control endophytic safety computer design system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112130798B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113505006A (en) * | 2021-07-08 | 2021-10-15 | 上海红阵信息科技有限公司 | Mimicry database oriented arbitration device and method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108282337A (en) * | 2017-12-04 | 2018-07-13 | 中国电子科技集团公司第三十研究所 | A kind of Routing Protocol reinforcement means based on trusted cryptography's card |
CN110380961A (en) * | 2019-07-05 | 2019-10-25 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method of conventional router mimicryization transformation |
CN110557437A (en) * | 2019-08-05 | 2019-12-10 | 上海拟态数据技术有限公司 | universal mimicry distribution voting scheduling device and method based on user-defined protocol |
CN111310245A (en) * | 2020-03-05 | 2020-06-19 | 之江实验室 | Data encryption storage method for mimicry defense system |
CN111464335A (en) * | 2020-03-10 | 2020-07-28 | 北京邮电大学 | Intelligent service customization method and system for endogenous trusted network |
CN111669342A (en) * | 2020-04-25 | 2020-09-15 | 中国人民解放军战略支援部队信息工程大学 | Network defense method, system and switch based on generalized robust control |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070112574A1 (en) * | 2003-08-05 | 2007-05-17 | Greene William S | System and method for use of mobile policy agents and local services, within a geographically distributed service grid, to provide greater security via local intelligence and life-cycle management for RFlD tagged items |
EP2732423A4 (en) * | 2011-07-13 | 2014-11-26 | Multiple Myeloma Res Foundation Inc | Methods for data collection and distribution |
-
2020
- 2020-09-23 CN CN202011009013.7A patent/CN112130798B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108282337A (en) * | 2017-12-04 | 2018-07-13 | 中国电子科技集团公司第三十研究所 | A kind of Routing Protocol reinforcement means based on trusted cryptography's card |
CN110380961A (en) * | 2019-07-05 | 2019-10-25 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method of conventional router mimicryization transformation |
CN110557437A (en) * | 2019-08-05 | 2019-12-10 | 上海拟态数据技术有限公司 | universal mimicry distribution voting scheduling device and method based on user-defined protocol |
CN111310245A (en) * | 2020-03-05 | 2020-06-19 | 之江实验室 | Data encryption storage method for mimicry defense system |
CN111464335A (en) * | 2020-03-10 | 2020-07-28 | 北京邮电大学 | Intelligent service customization method and system for endogenous trusted network |
CN111669342A (en) * | 2020-04-25 | 2020-09-15 | 中国人民解放军战略支援部队信息工程大学 | Network defense method, system and switch based on generalized robust control |
Non-Patent Citations (2)
Title |
---|
基于动态异构冗余机制的路由器拟态防御体系结构;马海龙;伊鹏;江逸茗;贺磊;;信息安全学报;第2卷(第1期);29-41 * |
魔高一尺,道高一丈:工业控制系统的内生安全观;门嘉平;《信息安全研究》;第5卷(第12期);1133-1136 * |
Also Published As
Publication number | Publication date |
---|---|
CN112130798A (en) | 2020-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109587168B (en) | Network function deployment method based on mimicry defense in software defined network | |
US6134664A (en) | Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources | |
Chandia et al. | Security strategies for SCADA networks | |
CN109257334B (en) | Block chain-based data uplink system, method and storage medium | |
US20030051026A1 (en) | Network surveillance and security system | |
CN104769606A (en) | System and method for providing a secure computational environment | |
US7340597B1 (en) | Method and apparatus for securing a communications device using a logging module | |
CN112134956A (en) | Distributed Internet of things instruction management method and system based on block chain | |
CN111884996A (en) | Mimicry switch arbitration system and method based on credibility measurement | |
CN111638951B (en) | Mimicry judging device and method, mimicry defending system and mimicry server | |
US20140189868A1 (en) | Method for detecting intrusions on a set of virtual resources | |
Pan et al. | Review of PLC security issues in industrial control system | |
CN112130798B (en) | Weapon equipment control endophytic safety computer design system and method | |
CN111343139A (en) | Multi-mode judgment method for industrial control mimicry security gateway | |
US8732469B2 (en) | Communication cutoff device, server device and method | |
Karger | Non-discretionary access control for decentralized computing systems | |
US6516041B1 (en) | Method and apparatus to eliminate confirmation switches and channel demultiplexer from soft control man-machine interface (MMI) | |
Luo et al. | Formal security evaluation and improvement of wireless hart protocol in industrial wireless network | |
Ramirez et al. | PLC cyber-security challenges in industrial networks | |
CN108322460B (en) | Business system flow monitoring system | |
CN114448888B (en) | Financial network mimicry routing method and device | |
CN112953897B (en) | Train control system edge security node implementation method based on cloud computing equipment | |
EP4231168A1 (en) | Mimic storage system and method for data security of industrial control system | |
CN202720652U (en) | Dual-computer system for information security protection | |
Betancourt et al. | Linking intrusion detection system information and system model to redesign security architecture |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |