CN112417445B - System security joint protection system, method, storage medium and electronic equipment - Google Patents
System security joint protection system, method, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN112417445B CN112417445B CN202011413207.3A CN202011413207A CN112417445B CN 112417445 B CN112417445 B CN 112417445B CN 202011413207 A CN202011413207 A CN 202011413207A CN 112417445 B CN112417445 B CN 112417445B
- Authority
- CN
- China
- Prior art keywords
- protection device
- instruction
- safety
- protection
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000002159 abnormal effect Effects 0.000 claims abstract description 127
- 230000005856 abnormality Effects 0.000 claims abstract description 96
- 230000006870 function Effects 0.000 claims abstract description 19
- 230000007246 mechanism Effects 0.000 claims description 35
- 230000009471 action Effects 0.000 claims description 27
- 230000000903 blocking effect Effects 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 6
- 238000007689 inspection Methods 0.000 description 5
- 230000008439 repair process Effects 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000007257 malfunction Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000007488 abnormal function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Abstract
The application provides a system safety combined protection system, a method, a storage medium and electronic equipment, wherein the system safety combined protection system comprises a combined protection device and at least one safety protection device, the combined protection device determines the safety protection device with the abnormality and the reason for the abnormality by analyzing the received abnormality information, and generates corresponding control instructions and protection instructions; and sending the generated control instruction to the abnormal safety protection device, and simultaneously sending the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device. Therefore, the safety protection device of at least one safety protection device of the system can be combined through the combined protection device, when one safety protection device is attacked, other safety protection devices are effectively protected, the normal functions of the other safety protection devices are guaranteed, the system is prevented from being attacked in multiple aspects, and the safety of the system is improved.
Description
Technical Field
The present disclosure relates to the field of system protection technologies, and in particular, to a system security joint protection system, a method, a storage medium, and an electronic device.
Background
With the rapid development of science and technology, more and more intelligent systems are applied to production and life, an industrial system is one of the intelligent systems, and analysis of safety protection requirements of an industrial control system is a premise and a foundation for guaranteeing safe operation of the system.
It is found that, in a system, a plurality of safety protection devices are respectively responsible for protecting a plurality of areas of the system, and attacks on the system may come from the inside of the system, possibly come from the outside of the system, and how to effectively protect the safety of the system against the attacks from the inside and the outside of the system becomes a problem to be solved.
Disclosure of Invention
In view of this, the present application aims to provide a system security joint protection system, a method, a storage medium and an electronic device, which can combine the security protection devices of at least one security protection device of the system through the set joint protection device, and effectively protect other security protection devices when one security protection device is attacked, and ensure the normal functions of the other security protection devices, thereby avoiding the system from being attacked in multiple aspects and being helpful for improving the security of the system.
The embodiment of the application provides a system safety joint protection system, which comprises a joint protection device and at least one safety protection device;
when the combined protection device receives the abnormal information, analyzing the abnormal information, and determining a safety protection device with abnormality and an abnormality reason; determining a control instruction and a protection instruction corresponding to the abnormality reason based on the abnormality reason and the safety protection device with the abnormality;
after the control instruction and the protection instruction are determined, the combined protection device sends the control instruction to the abnormal safety protection device, and simultaneously sends the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, so that the abnormal safety protection device and the other safety protection devices are controlled to carry out safety protection.
Further, the safety protection device comprises an information safety protection device and a functional safety protection device.
Further, when it is determined that the abnormal safety guard includes the information safety guard, the joint guard is further configured to:
based on the abnormal reasons, determining an abnormal intrusion link, generating a control instruction for blocking the intrusion link and sending the control instruction to the information safety protection device;
and sending the generated instruction checking and detecting protection instruction to the functional safety protection device.
Further, when it is determined that the abnormal safety device includes a functional safety device, the joint protection device is further configured to:
determining a failure position of the functional failure based on the abnormality cause;
based on the failure position, a control instruction for generating failure point instruction blocking is sent to the functional safety protection device;
and generating a protection instruction for stopping sending the action instruction and sending the protection instruction to the information safety protection device.
Further, the information safety protection device is used for:
when the intrusion of the upper computer is detected, abnormal information is generated and sent to the joint protection device.
Further, the information safety protection device is further used for:
after receiving the protection instruction, determining a fault link indicated in the protection instruction, and interrupting sending an action instruction to the fault link.
Further, the functional safety protection device is used for:
and when detecting that the corresponding function of any executing mechanism fails, generating abnormal information and sending the abnormal information to the combined protection device.
Further, the functional safety device is further configured to:
after receiving the protection instruction, checking and detecting the received action instruction sent by the information safety protection device.
The embodiment of the application also provides a joint protection method for system security, which comprises the following steps:
when the control combined protection device receives the abnormal information, analyzing the abnormal information, and determining a safety protection device with abnormality and an abnormality reason; determining a control instruction and a protection instruction corresponding to the abnormality reason based on the abnormality reason and the safety protection device with the abnormality;
after the control instruction and the protection instruction are determined, the combined protection device is controlled to send the control instruction to the abnormal safety protection device, and meanwhile, the protection instruction is sent to other safety protection devices connected with the combined protection device except the abnormal safety protection device, and the abnormal safety protection device and the other safety protection devices are controlled to carry out safety protection.
The embodiment of the application also provides electronic equipment, which comprises: a processor, a memory and a bus, said memory storing machine readable instructions executable by said processor, said processor and said memory communicating via the bus when the electronic device is running, said machine readable instructions when executed by said processor performing the steps of a joint protection method for system security as described above.
Embodiments of the present application also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of a joint protection method for system security as described above.
According to the system safety combined protection system, the method, the storage medium and the electronic equipment, when the combined protection device receives the abnormal information, the abnormal safety protection device and the reason of the abnormality are determined through analysis of the abnormal information, and corresponding control instructions and protection instructions are generated; and sending the generated control instruction to the abnormal safety protection device, and simultaneously sending the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, wherein the safety protection device of at least one safety protection device of the system can be combined through the arranged combined protection device, when one safety protection device is attacked, the other safety protection devices are effectively protected, and the normal functions of the other safety protection devices are ensured, so that the system is prevented from being attacked in multiple aspects, and the safety of the system is improved.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system security joint protection system according to an embodiment of the present application;
FIG. 2 is a second schematic diagram of a system security joint protection system according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an industrial system according to an embodiment of the present disclosure;
FIG. 4 is a flowchart of a system security joint protection method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Icon: 100-joint protection system; 110-joint guard; 120-safety shield apparatus; 121-an information security device; 122-functional safety device; 3-an industrial system; 30-basic system layer; 31-a security protection layer; 310-information system; 311-an upper computer; 312-an execution unit; 32-linkage handling layer; 500-an electronic device; 510-a processor; 520-memory; 530-bus.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. Based on the embodiments of the present application, every other embodiment that a person skilled in the art would obtain without making any inventive effort is within the scope of protection of the present application.
First, application scenarios applicable to the present application will be described. The method can be applied to the technical field of system protection, along with the rapid development of science and technology, more and more intelligent systems are applied to production and life, an industrial system is one of the intelligent systems, and analysis of safety protection requirements of an industrial control system is a premise and a foundation for guaranteeing the safe operation of the system.
It is found that, in a system, a plurality of safety protection devices are respectively responsible for protecting a plurality of areas of the system, and attacks on the system may come from the inside of the system, possibly come from the outside of the system, and how to effectively protect the safety of the system against the attacks from the inside and the outside of the system becomes a problem to be solved.
Based on this, the embodiment of the application provides a system safety combined protection system, so as to effectively protect other safety protection devices and ensure the normal functions of the other safety protection devices, thereby avoiding the system from being attacked in multiple aspects and being beneficial to improving the safety of the system.
Further, a system security joint protection system 100 is described.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a system security joint protection system 100 according to an embodiment of the present application. As shown in fig. 1, the joint protection system 100 includes a joint protection device 110 and at least one safety protection device 120;
the combined guard 110 determines, through the received abnormality information, the abnormal guard 120 in the at least one connected guard 120, generates a control command correspondingly, and sends the control command to the abnormal guard 120, and generates a corresponding guard command to the non-abnormal guard 120 connected to the combined guard 110, so as to achieve the purpose of combined guard between the at least one guard 120, and prevent the abnormality from expanding further, thereby affecting the normal operation of the whole system.
Specifically, when the combined protection device 110 receives the abnormality information, the abnormality information is analyzed, and the safety protection device 120 and the cause of the abnormality are determined; and determines a control instruction and a guard instruction corresponding to the abnormality cause based on the abnormality cause and the safety guard 120 in which the abnormality occurs.
Here, when the abnormality information is received, the received abnormality information is analyzed, and the safety guard 120 in which the abnormality has occurred and the cause of the abnormality of the safety guard 120 are determined by analyzing the abnormality information.
Referring to fig. 2, fig. 2 is a schematic diagram of a second embodiment of a system security combined protection system 100, and specifically, a security protection device 120 may include an information security protection device 121 and a functional security protection device 122; the combined guard 110 is connected with the information safety guard 121 and the functional safety guard 122, respectively; communication connection can also be performed between the information safety protection device 121 and the functional safety protection device 122, so as to complete safety check and protection of the system respectively.
Here, the functional safety guard 122 is responsible for inner ring protection, and the information safety guard 121 is responsible for outer ring protection. However, attacks on the system may come from within and outside the system.
Taking the system as a public system as an example, the information system mainly protected by the information safety protection device 121 is responsible for sending machine instructions to each functional mechanism so as to ensure that each functional mechanism works according to the instructions; the functional safety device 122 protects the functional systems, which are ready to work, and the functional safety device 122 observes whether the functions of the systems are normal.
Here, the abnormality information received by the joint protection device 110 may be an abnormality occurring in the information system early-warning from the information security protection device 121, or may be a functional abnormality occurring in the functional system early-warning from the functional security protection device 122.
Wherein, the abnormality of the information system generally means that the upper computer is invaded; an abnormality in the functional system generally refers to a functional abnormality of each actuator.
Here, when the combined protection device 110 in the real-time example of the present application receives the abnormal information, not only a control instruction for the abnormal safety protection device 120 needs to be generated to repair the abnormality, but also a protection instruction needs to be generated for other safety protection devices 120, so that the safety protection device 120 that is not abnormal temporarily does not take a protection measure, so as to achieve the purpose of combined protection.
Here, when the functional safety protection device 122 detects that the functional failure occurs, the information safety protection device 121 is notified of the failure of the actuator in time, the failed link is located, the action instruction of the information system is prevented, and further misoperation of the actuator is prevented; after the fault processing is finished, recovering the action of the information system; when the information safety protection device 121 detects that the upper computer is invaded, the notification function safety protection device 122 enters a defending state, the inspection of the upper computer instruction is enhanced, and the upper computer is prevented from sending error information after being attacked, so that misoperation of an executing mechanism is prevented.
Here, the generated control instruction is sent to the abnormal safety protection device 120, and the generated protection instruction is sent to other safety protection devices 120 connected with the combined protection device 110 except the abnormal safety protection device 120, so as to control the abnormal safety protection device 120 to check and repair the abnormal, and control the other safety protection devices 120 to perform safety protection, thereby preventing further abnormal occurrence.
Here, the guard instruction may include a manner of repairing the abnormality and measures for preventing further abnormality, which require the safety guard 120 to perform safety detection without abnormality.
Further, when it is determined that the abnormal safety guard 120 includes the information safety guard 121, the joint guard 110 is further configured to: based on the abnormality cause, determining an abnormal intrusion link, and generating a control instruction for intrusion link blocking and sending the control instruction to the information safety protection device 121; the generated instruction checking detection guard instruction is sent to the functional safety guard 122.
Here, when the abnormal security guard 120 includes the information security guard 121, according to the cause of the abnormality, the abnormal intrusion link is analyzed, and at the same time, a control instruction for blocking the intrusion link is generated and transmitted to the information security guard 121, preventing further link intrusion; meanwhile, a protection instruction for checking and detecting the instruction needs to be sent to the functional safety protection device 122, so that the functional safety protection device 122 checks the machine instruction sent by the information system to prevent receiving an error instruction.
Here, the reason for the abnormality of the information system protected by the information security protection apparatus 121 is generally caused by the abnormality of the host computer, and the information of the invaded link and the evaluation information of the abnormal event are transmitted to the joint protection apparatus by the intrusion detection unit, the monitoring and auditing system event unit included in the information system, and the joint protection apparatus 110 determines the invaded link based on the information, sends a blocking instruction to the link, and cuts off the instruction and the information transfer on the link.
Here, the checking of the instruction of the information system by the functional safety protection device 122 may be to increase the number of times of checking the instruction, for example, when the information system is safe, 1 check is needed for the instruction sent by the information system to check the correctness of the instruction, and when the protection instruction is received, the number of times of checking may be increased appropriately, for example, to 3 times to check the correctness of the instruction; the instruction checking period can be shortened, for example, when the information system is safe, the instruction checking is performed once every N minutes, so that when the protection instruction is received, the time interval required to be checked can be reduced appropriately, for example, the checking is performed once in 1 minute, so that the correctness of the instruction is ensured; the detection dimension of the instruction verification can be increased, for example, when the information system is safe, only the format of the instruction is required to be checked to be in accordance with the instruction format, and when the protection instruction is received, the specific content of the instruction is required to be checked.
In this way, after the information security protection apparatus 121 determines that the information system is abnormal, the function security protection apparatus 122 can be notified to protect against erroneous operation of the mechanism unit that executes the instruction.
Further, when it is determined that the abnormal safety guard 120 includes the functional safety guard 122, the joint guard 110 is further configured to: determining a failure position of the functional failure based on the abnormality cause; based on the failure position, a control instruction for generating failure point instruction blocking is sent to the functional safety protection device 122; and generating a guard instruction for stopping issuing the action instruction and sending the guard instruction to the information safety guard 121.
Here, when it is determined that the safety guard 120 in which an abnormality has occurred includes the functional safety guard 122, a failure position in which a functional failure has occurred in the functional system indicated by the cause of the abnormality is determined based on the received abnormality information; and determines the failure location, generates a control command for failure point command blocking to the functional safety guard 122, and generates a guard command to stop issuing action commands to the information safety guard 121.
The failure position may be a mechanism in which an abnormality occurs, an abnormal portion of a mechanism in which an abnormality occurs, or the like.
Here, the functional safety protection device 122 receives the failure fault and the functional safety event, and sends the failure fault and the functional safety event to the joint protection device 110 for processing, and the joint protection device 110 determines the position of the functional failure.
Here, when it is determined that the functional system is abnormal, the functional operation at the position where the functional abnormality occurs is cut off to prevent further abnormality of the abnormal mechanism unit, and at the same time, the information safety guard 121 is notified, and the control information system stops sending an operation instruction to the abnormal mechanism unit to prevent the mechanism unit that has been abnormal from operating again, causing further mechanism abnormality.
Further, the information security device 121 is further configured to: when the upper computer is detected to be invaded, abnormal information is generated and sent to the joint protection device 110.
Here, when the information security protection apparatus 121 detects that the upper computer in the information system is invaded, it generates corresponding abnormal information and sends the abnormal information to the joint protection apparatus 110, so as to trigger the joint protection apparatus 110 to perform a joint protection mechanism.
Further, the information security device 121 is further configured to: after receiving the protection instruction, determining a fault link indicated in the protection instruction, and interrupting sending an action instruction to the fault link.
Here, after receiving the protection instruction sent by the joint protection device 110, the information safety protection device 121 determines that the functional safety protection device 122 is abnormal, and at this time, it is required to determine a failed link indicated in the received protection instruction, and at the same time, interrupt sending an action instruction again to the failed link, so as to prevent further malfunction of the execution mechanism; and after the fault processing is finished, recovering the action of the information system.
Further, the functional safety device 122 is further configured to: when detecting that the corresponding function of any execution unit fails, generating exception information and sending the exception information to the joint protection device 110.
Here, when detecting that the function of any execution mechanism in the protected functional system fails, the functional safety protection device 122 determines that the function of the system is abnormal, and generates corresponding abnormal information to send to the joint protection device 110, so as to trigger the joint protection device 110 to perform a joint protection mechanism.
Further, the functional safety device 122 is further configured to: after receiving the protection instruction, checking and detecting the received action instruction sent by the information safety protection device 121.
Here, when the functional safety protection device 122 receives the protection instruction sent by the joint protection device 110, it determines that a problem occurs in the connected information system for sending the action instruction, and further detection needs to be performed on the action instruction sent by the upper computer, so that the upper computer is prevented from sending error information after being attacked, and the execution mechanism is prevented from being malfunction.
Further, in combination with the specific embodiments, to describe the specific working principle of the system security joint protection system 100, please refer to fig. 3, fig. 3 is a schematic structural diagram of the industrial system 3 provided in the embodiment of the present application, as shown in fig. 3, the industrial system 3 includes a basic system layer 30, a security protection layer 31, and a linkage handling layer 32; the basic system layer 30 is a component part of an original system, and is composed of an information system 310, an upper computer 311 and an execution unit 312, and is an original system; on the basis of which a safety protection layer 31 is added, the safety protection layer 31 comprises an information safety protection device 121 and a functional safety protection device 122; information safety guard 121 collects information anomalies of information system 310 in real time, and functional safety guard 122 collects functional anomalies of execution unit 312 in real time; the linkage handling layer 32 comprises a joint protection device 110, can judge fault sources and threat attack sources by receiving abnormal information at the information safety protection device 121 and the functional safety protection device 122, timely isolate corresponding fault parts, avoid fault diffusion, send out instructions such as attack link blocking, failure point instruction blocking, instruction inspection enhancement and the like, and inform the system to recover after processing is finished.
The information security protection device 121, the functional security protection device 122, and the joint protection device 110 collectively process the joint protection system 100 in the embodiment of the present application to combine the functional security and the information security of the protection system.
According to the system safety combined protection system provided by the embodiment of the application, when abnormal information is received by the combined protection device, the safety protection device with the abnormality and the reason for the abnormality are determined through analysis of the abnormal information, and corresponding control instructions and protection instructions are generated; and sending the generated control instruction to the abnormal safety protection device, and simultaneously sending the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, wherein the safety protection device of at least one safety protection device of the system can be combined through the arranged combined protection device, when one safety protection device is attacked, the other safety protection devices are effectively protected, and the normal functions of the other safety protection devices are ensured, so that the system is prevented from being attacked in multiple aspects, and the safety of the system is improved.
Referring to fig. 4, fig. 4 is a flowchart of a system security joint protection method according to an embodiment of the present application. As shown in fig. 4, the method for jointly protecting system security provided in the embodiment of the present application includes:
s401, when the control combined protection device receives the abnormal information, analyzing the abnormal information, and determining a safety protection device with abnormality and an abnormality reason; and determining a control instruction and a protection instruction corresponding to the abnormality cause based on the abnormality cause and the safety protection device generating the abnormality.
In the step, when abnormal information is received, the received abnormal information is analyzed, and the abnormal safety protection device and the reason for the abnormal safety protection device are determined through the analysis of the abnormal information; based on the received abnormality cause, a control instruction for the safety guard device in which the abnormality has occurred and a guard instruction for a safety guard device other than the abnormality safety guard device connected to the joint guard device are generated based on the abnormality cause.
Here, the safety device which may be abnormal is a device connected to the joint protection device for inspection, and includes an information safety device and a functional safety device, which perform safety inspection and protection of the system, respectively.
Here, the functional safety device is responsible for the inner ring protection, and the information safety device is responsible for the outer ring protection. However, attacks on the system may come from within and outside the system.
Taking a public system as an example, the information system mainly protected by the information safety protection device is responsible for sending machine instructions to each functional mechanism so as to ensure that each functional mechanism works according to the instructions; the functional safety protection device is used for protecting the functional system, is all mechanisms which work at present, and can observe whether the functions of all the systems are normal or not through the functional safety protection device.
Here, when the abnormal information is received, the joint protection device in the real-time example of the application needs to generate a control instruction for the abnormal safety protection device to repair the abnormality, and also needs to generate a protection instruction for other safety protection devices, so that the safety protection device which is not abnormal temporarily takes protection measures, and the purpose of joint protection is achieved.
When the functional safety protection device detects that the functional failure occurs, the functional safety protection device timely informs the information protection device of the fault of the executing mechanism, positions a fault link, prevents the action instruction of the information system and prevents the executing mechanism from further misoperation; after the fault processing is finished, recovering the action of the information system; when the information safety protection device detects that the upper computer is invaded, the information safety protection device informs the function that the safety protection device enters a defending state, the inspection of the upper computer instruction is enhanced, and the upper computer is prevented from sending error information after being attacked, so that misoperation of an executing mechanism is caused.
And S402, after the control instruction and the protection instruction are determined, the combined protection device sends the control instruction to the abnormal safety protection device, and simultaneously sends the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, so that the abnormal safety protection device and the other safety protection devices are controlled to carry out safety protection.
In the step, the generated control instruction is sent to an abnormal safety protection device with an abnormality, and the generated protection instruction is sent to other safety protection devices connected with the combined protection device except the abnormal safety protection device, so that the abnormal safety protection device is controlled to check and repair the abnormality, and the other safety protection devices are controlled to carry out safety protection at the same time, so that further abnormality is prevented.
Here, the protection instruction may include an abnormal safety protection device that needs to perform safety detection without occurrence of an abnormality, and the control instruction may include a repair mode of the abnormality and measures to prevent further abnormality.
Further, when it is determined that the abnormal safety device includes the information safety device, the protection instruction and the control instruction are determined by:
based on the abnormal reasons, determining an abnormal intrusion link, generating a control instruction for blocking the intrusion link and sending the control instruction to the information safety protection device; and sending the generated instruction checking and detecting protection instruction to the functional safety protection device.
In the step, when the abnormal safety protection device comprises an information safety protection device, according to the abnormal reasons, analyzing an abnormal intrusion link, and simultaneously generating a control instruction for blocking the intrusion link and sending the control instruction to the information safety protection device to prevent further link intrusion; meanwhile, a protection instruction for checking and detecting the instruction is required to be sent to the functional safety protection device, so that the functional safety protection device can check the machine instruction sent by the information system, and the error instruction is prevented from being received.
Here, the reason for the abnormality of the information system protected by the information safety protection device is generally caused by the abnormality of the upper computer, and the information of the invaded link and the evaluation information of the abnormal event are transmitted to the joint protection device by the intrusion detection unit, the monitoring and auditing system event unit included in the information system, and the joint protection device determines the invaded link based on the information, sends a blocking instruction to the link, and cuts off the instruction and the information transmission on the link.
Here, the checking of the instruction of the functional safety protection device on the information system may be to increase the number of times of checking the instruction, for example, when the information system is safe, the instruction sent by the information system needs to be checked for correctness of the instruction by 1 time of checking, and when the protection instruction is received, the number of times of checking may be increased appropriately, for example, to 3 times of checking for correctness of the instruction; the instruction checking period can be shortened, for example, when the information system is safe, the instruction checking is performed once every N minutes, so that when the protection instruction is received, the time interval required to be checked can be reduced appropriately, for example, the checking is performed once in 1 minute, so that the correctness of the instruction is ensured; the detection dimension of the instruction verification can be increased, for example, when the information system is safe, only the format of the instruction is required to be checked to be in accordance with the instruction format, and when the protection instruction is received, the specific content of the instruction is required to be checked.
Further, when it is determined that the abnormal safety device includes the functional safety device, the protection instruction and the control instruction are determined by: determining a failure position of the functional failure based on the abnormality cause; based on the failure position, a control instruction for generating failure point instruction blocking is sent to the functional safety protection device; and generating a protection instruction for stopping sending the action instruction and sending the protection instruction to the information safety protection device.
In the step, when the abnormal safety protection device is determined to comprise the functional safety protection device, determining a failure position where functional failure occurs in the functional system indicated by the abnormal reason according to the received abnormal information; and determining the failure position, generating a control instruction aiming at failure point instruction blocking, sending the control instruction to the functional safety protection device, and generating a protection instruction stopping sending action instructions and sending the protection instruction to the information safety protection device.
The failure position may be a mechanism in which an abnormality occurs, an abnormal portion of a mechanism in which an abnormality occurs, or the like.
Here, the functional safety protection device receives failure faults and functional safety events, sends the failure faults and the functional safety events to the linkage protection device for processing, and the linkage protection device determines the functional failure position.
Here, when it is determined that the functional system is abnormal, the functional operation at the position where the functional abnormality occurs is cut off to prevent further abnormality of the abnormal mechanism unit, and at the same time, the information safety guard is notified that the control information system stops sending an operation instruction to the abnormal mechanism unit to prevent the mechanism unit that has been abnormal from operating again to cause further mechanism abnormality.
Further, before step S401, the joint protection method further includes: and controlling the information safety protection device to generate abnormal information and send the abnormal information to the combined protection device when the upper computer is detected to be invaded.
In the step, when the information safety protection device detects that an upper computer in an information system is invaded, the information safety protection device generates corresponding abnormal information and sends the corresponding abnormal information to the joint protection device so as to trigger the joint protection device to carry out a joint protection mechanism.
Further, before step S401, the joint protection method further includes: and controlling the functional safety protection device to generate abnormal information and send the abnormal information to the combined protection device when detecting the corresponding functional failure of any execution mechanism.
In the step, when the functional safety protection device detects that the function of any executing mechanism in the protected functional system fails, the functional safety protection device determines that the system has abnormal functions, and generates corresponding abnormal information to send to the joint protection device so as to trigger the joint protection device to perform a joint protection mechanism.
Further, after step S402, the joint protection method further includes: and after the information safety protection device receives the protection instruction, determining a fault link indicated in the protection instruction, and interrupting sending an action instruction to the fault link.
In the step, after the information safety protection device receives the protection instruction sent by the combined protection device, the information safety protection device determines that the functional safety protection device is abnormal, at the moment, a fault link with faults indicated in the received protection instruction needs to be determined, and meanwhile, the action instruction is sent to the fault link again in an interrupted mode so as to prevent further misoperation of an executing mechanism; and after the fault processing is finished, recovering the action of the information system.
Further, after step S402, the joint protection method further includes: and controlling the functional safety protection device to check and detect the received action instruction sent by the information safety protection device after receiving the protection instruction.
In the step, when the functional safety protection device receives the protection instruction sent by the combined protection device, the information system connected with the functional safety protection device and used for sending the action instruction is determined to have a problem, the action instruction sent by the upper computer needs to be further detected, and the upper computer is prevented from sending error information after being attacked, so that the execution mechanism is prevented from misoperation.
According to the system safety joint protection method provided by the embodiment of the application, when the joint protection device receives the abnormal information, the abnormal information is analyzed, and the safety protection device with the abnormality and the reason of the abnormality are determined; determining a control instruction and a protection instruction corresponding to the abnormality reason based on the abnormality reason and the safety protection device with the abnormality; after the control instruction and the protection instruction are determined, the combined protection device is controlled to send the control instruction to the abnormal safety protection device, and meanwhile, the protection instruction is sent to other safety protection devices connected with the combined protection device except the abnormal safety protection device, and the abnormal safety protection device and the other safety protection devices are controlled to carry out safety protection.
When the control combined protection device receives the abnormal information, the safety protection device with the abnormality and the reason for the abnormality are determined through analysis of the abnormal information, and corresponding control instructions and protection instructions are generated; and sending the generated control instruction to the abnormal safety protection device, and simultaneously sending the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, wherein the safety protection device of at least one safety protection device of the system can be combined through the arranged combined protection device, when one safety protection device is attacked, the other safety protection devices are effectively protected, and the normal functions of the other safety protection devices are ensured, so that the system is prevented from being attacked in multiple aspects, and the safety of the system is improved.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 5, the electronic device 500 includes a processor 510, a memory 520, and a bus 530.
The memory 520 stores machine-readable instructions executable by the processor 510, and when the electronic device 500 is running, the processor 510 communicates with the memory 520 through the bus 530, and when the machine-readable instructions are executed by the processor 510, the steps of the system security joint protection method in the method embodiment shown in fig. 4 may be executed, and a specific implementation manner may refer to the method embodiment and will not be described herein.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the system security joint protection method in the method embodiment shown in fig. 4 may be executed, and a specific implementation manner may refer to the method embodiment and will not be described herein.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the foregoing examples are merely specific embodiments of the present application, and are not intended to limit the scope of the present application, but the present application is not limited thereto, and those skilled in the art will appreciate that while the foregoing examples are described in detail, the present application is not limited thereto. Any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or make equivalent substitutions for some of the technical features within the technical scope of the disclosure of the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (9)
1. A system-safe joint protection system, characterized in that the joint protection system comprises a joint protection device and at least one safety protection device; the safety protection device comprises an information safety protection device and a functional safety protection device; wherein,
when the combined protection device receives the abnormal information, analyzing the abnormal information and determining a safety protection device with abnormality and an abnormality reason; determining a control instruction and a protection instruction corresponding to the abnormality reason based on the abnormality reason and the safety protection device with the abnormality;
after the control instruction and the protection instruction are determined, the combined protection device sends the control instruction to the abnormal safety protection device, and simultaneously sends the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, so as to control the abnormal safety protection device and the other safety protection devices to carry out safety protection;
when it is determined that the abnormal safety guard includes a functional safety guard, the joint guard is further configured to:
determining a failure position of the functional failure based on the abnormality cause;
based on the failure position, a control instruction for generating failure point instruction blocking is sent to the functional safety protection device;
and generating a protection instruction for stopping sending the action instruction and sending the protection instruction to the information safety protection device.
2. The joint protection system of claim 1, wherein when it is determined that an abnormal safety guard includes an information safety guard, the joint guard is further configured to:
based on the abnormal reasons, determining an abnormal intrusion link, generating a control instruction for blocking the intrusion link and sending the control instruction to the information safety protection device;
and sending the generated instruction checking and detecting protection instruction to the functional safety protection device.
3. The joint protection system of claim 2, wherein the information security device is configured to:
when the intrusion of the upper computer is detected, abnormal information is generated and sent to the joint protection device.
4. The joint protection system of claim 2, wherein the information security guard is further configured to:
after receiving the protection instruction, determining a fault link indicated in the protection instruction, and interrupting sending an action instruction to the fault link.
5. The joint protection system of claim 1, wherein the functional safety guard is configured to:
and when detecting that the corresponding function of any executing mechanism fails, generating abnormal information and sending the abnormal information to the combined protection device.
6. The joint protection system of claim 1, wherein the functional safety guard is further configured to:
after receiving the protection instruction, checking and detecting the received action instruction sent by the information safety protection device.
7. A joint protection method for system security, the joint protection method comprising:
when the control combined protection device receives the abnormal information, analyzing the abnormal information, and determining a safety protection device with abnormality and an abnormality reason; determining a control instruction and a protection instruction corresponding to the abnormality reason based on the abnormality reason and the safety protection device with the abnormality;
after the control instruction and the protection instruction are determined, controlling the combined protection device to send the control instruction to the abnormal safety protection device, and simultaneously sending the protection instruction to other safety protection devices connected with the combined protection device except the abnormal safety protection device, and controlling the abnormal safety protection device and the other safety protection devices to carry out safety protection;
the safety protection device comprises an information safety protection device and a functional safety protection device;
when it is determined that the abnormal safety device includes the functional safety device, the protection instruction and the control instruction are determined by:
determining a failure position of the functional failure based on the abnormality cause; based on the failure position, a control instruction for generating failure point instruction blocking is sent to the functional safety protection device; and generating a protection instruction for stopping sending the action instruction and sending the protection instruction to the information safety protection device.
8. An electronic device, comprising: a processor, a memory and a bus, said memory storing machine-readable instructions executable by said processor, said processor and said memory in communication via said bus when said electronic device is running, said machine-readable instructions when executed by said processor performing the steps of the joint protection method of system security as recited in claim 7.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the joint protection method of system security according to claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011413207.3A CN112417445B (en) | 2020-12-04 | 2020-12-04 | System security joint protection system, method, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011413207.3A CN112417445B (en) | 2020-12-04 | 2020-12-04 | System security joint protection system, method, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112417445A CN112417445A (en) | 2021-02-26 |
| CN112417445B true CN112417445B (en) | 2024-03-08 |
Family
ID=74774922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011413207.3A Active CN112417445B (en) | 2020-12-04 | 2020-12-04 | System security joint protection system, method, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112417445B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1372174A (en) * | 2001-02-20 | 2002-10-02 | 本田技研工业株式会社 | Long distance machinery monitor and management method |
| CN103631739A (en) * | 2012-08-28 | 2014-03-12 | 华为技术有限公司 | Positioning analysis method for embedded system and embedded system |
| CN106647724A (en) * | 2017-02-15 | 2017-05-10 | 北京航空航天大学 | T-BOX information security detection and protection method based on vehicle anomaly data monitoring |
| CN109142949A (en) * | 2018-07-24 | 2019-01-04 | 珠海格力电器股份有限公司 | Fault detection method, device, system, computer equipment and storage medium |
| CN109862583A (en) * | 2019-01-04 | 2019-06-07 | 新华三技术有限公司 | A kind of method and device reporting exception information |
| CN111010706A (en) * | 2019-11-22 | 2020-04-14 | 杭州迪普科技股份有限公司 | Exception recovery method and device |
| CN111597194A (en) * | 2020-04-30 | 2020-08-28 | 广东良实机电工程有限公司 | Equipment energy consumption control method and device, terminal equipment and storage medium |
| CN112019932A (en) * | 2020-08-27 | 2020-12-01 | 广州华多网络科技有限公司 | Network fault root cause positioning method and device, computer equipment and storage medium |
-
2020
- 2020-12-04 CN CN202011413207.3A patent/CN112417445B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1372174A (en) * | 2001-02-20 | 2002-10-02 | 本田技研工业株式会社 | Long distance machinery monitor and management method |
| CN103631739A (en) * | 2012-08-28 | 2014-03-12 | 华为技术有限公司 | Positioning analysis method for embedded system and embedded system |
| CN106647724A (en) * | 2017-02-15 | 2017-05-10 | 北京航空航天大学 | T-BOX information security detection and protection method based on vehicle anomaly data monitoring |
| CN109142949A (en) * | 2018-07-24 | 2019-01-04 | 珠海格力电器股份有限公司 | Fault detection method, device, system, computer equipment and storage medium |
| CN109862583A (en) * | 2019-01-04 | 2019-06-07 | 新华三技术有限公司 | A kind of method and device reporting exception information |
| CN111010706A (en) * | 2019-11-22 | 2020-04-14 | 杭州迪普科技股份有限公司 | Exception recovery method and device |
| CN111597194A (en) * | 2020-04-30 | 2020-08-28 | 广东良实机电工程有限公司 | Equipment energy consumption control method and device, terminal equipment and storage medium |
| CN112019932A (en) * | 2020-08-27 | 2020-12-01 | 广州华多网络科技有限公司 | Network fault root cause positioning method and device, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 4A管理控制平台系统的设计;杨诚炜;信息科技;20170215(第2期);20-30 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112417445A (en) | 2021-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107407919B (en) | Safety control system and method for operating a safety control system | |
| CN109992963B (en) | Information security protection method and system for power terminal and embedded system thereof | |
| CN101989242A (en) | Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof | |
| CN104991528A (en) | DCS information safety control method and control station | |
| CN101369141B (en) | Protection unit for a programmable data processing unit | |
| US20100107148A1 (en) | Check-stopping firmware implemented virtual communication channels without disabling all firmware functions | |
| CN105426263B (en) | A kind of method and system for realizing national treasury system safety operation | |
| CN112804234A (en) | Embedded intrusion-tolerant fault-tolerant device applied to power terminal and processing method | |
| CN112417445B (en) | System security joint protection system, method, storage medium and electronic equipment | |
| US4627057A (en) | Method and arrangement for the functional testing of computers | |
| RU2647684C2 (en) | Device and method for detecting unauthorized manipulations with the system state of the nuclear plant control unit | |
| JP5176405B2 (en) | Computer error detection and recovery method | |
| CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
| CN107945897B (en) | Method and device for processing nuclear power accidents | |
| Kanamaru | Requirements for IT/OT cooperation in safe and secure IACS | |
| Choi et al. | Vendor-independent monitoring on programmable logic controller status for ICS security log management | |
| CN114629676B (en) | Safety protection system and method for thermal power generating unit fuel system | |
| EP3361335A1 (en) | Safety controller using hardware memory protection | |
| CN201515382U (en) | Exchange machine with intrusion prevention system | |
| JP2017191958A (en) | Redundancy management system, redundancy switching method, and redundancy switching program | |
| CN113518949A (en) | Controller system | |
| WO2020109252A1 (en) | Test system and method for data analytics | |
| CN112489389B (en) | Nuclear power station alarm system and alarm method | |
| CN113779561B (en) | Kernel vulnerability processing method and device, storage medium and electronic equipment | |
| CN110045641A (en) | A kind of control system safety guard |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |