CN117784743A - A trusted DCS control system and method - Google Patents

A trusted DCS control system and method Download PDF

Info

Publication number
CN117784743A
CN117784743A CN202410220787.6A CN202410220787A CN117784743A CN 117784743 A CN117784743 A CN 117784743A CN 202410220787 A CN202410220787 A CN 202410220787A CN 117784743 A CN117784743 A CN 117784743A
Authority
CN
China
Prior art keywords
trusted
module
storage unit
bus interface
fpga
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410220787.6A
Other languages
Chinese (zh)
Other versions
CN117784743B (en
Inventor
陈江
许世森
程阳
苏立新
王垚
曾卫东
史本天
吴建国
薛建中
付宁
宋美艳
李辉
胡波
黄斌
李�杰
马东森
于信波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Huaneng Group Co Ltd
Xian Thermal Power Research Institute Co Ltd
Huaneng Power International Inc
Huaneng Shandong Power Generation Co Ltd
Huaneng Weihai Power Generation Co Ltd
Original Assignee
China Huaneng Group Co Ltd
Xian Thermal Power Research Institute Co Ltd
Huaneng Power International Inc
Huaneng Shandong Power Generation Co Ltd
Huaneng Weihai Power Generation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Huaneng Group Co Ltd, Xian Thermal Power Research Institute Co Ltd, Huaneng Power International Inc, Huaneng Shandong Power Generation Co Ltd, Huaneng Weihai Power Generation Co Ltd filed Critical China Huaneng Group Co Ltd
Priority to CN202410220787.6A priority Critical patent/CN117784743B/en
Publication of CN117784743A publication Critical patent/CN117784743A/en
Application granted granted Critical
Publication of CN117784743B publication Critical patent/CN117784743B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Stored Programmes (AREA)

Abstract

The invention discloses a trusted DCS control system and a method, comprising an upper computer, a switch and a lower computer, wherein the upper computer comprises a trusted operation station, and the lower computer comprises a trusted controller, a clock module, a system bus interface, an external bus interface, a firmware storage unit and a power module for providing electric energy; the trusted controller comprises a trusted CPU, an FPGA, a program storage unit, a configuration storage unit and a trusted module; the system and the method can ensure that the safety of an intranet is improved, and the protection capability is excellent.

Description

一种可信DCS控制系统及方法A trusted DCS control system and method

技术领域Technical field

本发明属于自动控制领域,涉及一种控制系统及方法,具体涉及一种可信DCS控制系统及方法。The invention belongs to the field of automatic control, relates to a control system and a method, and specifically relates to a trusted DCS control system and method.

背景技术Background technique

当前,电力基础设施核心设备—火电DCS控制系统面临严峻安全风险。DCS控制系统为满足工业实时性的要求,设计时多数未考虑系统内在安全特性,导致系统运行时处于未保护状态,安全防护能力薄弱。基于工控系统连续生产的要求,系统实时更新困难,传统打补丁式防病毒和检测手段难以保障系统长期安全、稳定。全国产DCS控制系统传统的边界防护手段仅能实现内外网安全隔离,横向保障系统的安全,不能保证内网安全,无法达到纵深防护效果,一旦防火墙等边界被攻破,整套控制系统将失去防护能力等一系列问题。目前的防护手段无法从根本上解决DCS控制系统内生安全问题,无法及时应对新出现的病毒攻击,导致系统无法有效防护,对电力安全生产带来极大的隐患。At present, the core equipment of power infrastructure - thermal power DCS control system faces severe security risks. In order to meet the requirements of industrial real-time, most DCS control systems do not consider the inherent security characteristics of the system during design, resulting in the system being in an unprotected state during operation and weak security protection capabilities. Based on the requirements of continuous production of industrial control systems, it is difficult to update the system in real time, and traditional patch-type anti-virus and detection methods are difficult to ensure the long-term security and stability of the system. The traditional boundary protection methods of domestically produced DCS control systems can only achieve internal and external network security isolation, horizontally guarantee the security of the system, cannot guarantee the security of the internal network, and cannot achieve a deep protection effect. Once the boundaries such as firewalls are breached, the entire control system will lose its protection capabilities and other problems. The current protection methods cannot fundamentally solve the inherent security problems of the DCS control system, and cannot respond to new virus attacks in a timely manner, resulting in the system being unable to effectively protect, which brings great hidden dangers to power safety production.

发明内容Summary of the invention

本发明的目的在于克服上述现有技术的缺点,提供了一种可信DCS控制系统及方法,该系统及方法能够提高内网的安全性,防护能力较为优异。The purpose of the present invention is to overcome the shortcomings of the above-mentioned prior art and provide a trusted DCS control system and method, which can improve the security of the intranet and have excellent protection capabilities.

为达到上述目的,本发明所述的可信DCS控制系统包括上位机、交换机及下位机,其中,所述上位机包括可信操作站,所述下位机包括可信控制器、时钟模块、系统总线接口、对外总线接口、固件存储单元以及用于提供电能的电源模块;可信控制器包括可信CPU、FPGA、程序存储单元、配置存储单元及可信模块;In order to achieve the above objectives, the trusted DCS control system of the present invention includes a host computer, a switch and a slave computer, wherein the host computer includes a trusted operating station, and the slave computer includes a trusted controller, a clock module, a system Bus interface, external bus interface, firmware storage unit and power module for providing power; trusted controller includes trusted CPU, FPGA, program storage unit, configuration storage unit and trusted module;

所述可信操作站与交换机相连接,交换机经对外总线接口与FPGA相连接,可信CPU与FPGA、可信模块、时钟模块、程序存储单元、配置存储单元及固件存储单元相连接,FPGA与系统总线接口相连接。The trusted operating station is connected to the switch, the switch is connected to the FPGA via the external bus interface, the trusted CPU is connected to the FPGA, the trusted module, the clock module, the program storage unit, the configuration storage unit and the firmware storage unit, and the FPGA is connected to connected to the system bus interface.

所述可信模块采用TPM芯片。The trusted module uses a TPM chip.

所述上位机还包括可信服务器,可信服务器与交换机相连接。The host computer also includes a trusted server, and the trusted server is connected to the switch.

配置存储单元为非易失性随机访问存储器。The configuration storage unit is non-volatile random access memory.

本发明所述的可信DCS控制方法包括以下步骤:The trusted DCS control method of the present invention comprises the following steps:

电源模块供电后,可信模块利用可信CPU对固件存储单元中的系统固件进行可信度量,当系统固件可信度量通过,则系统进行正常启动加载,若系统固件可信度量不通过,则切断外围接口芯片的供电,防止有错误指令下发,导致设备出现误动;After the power module supplies power, the trusted module uses the trusted CPU to perform trustworthy measurement on the system firmware in the firmware storage unit. When the system firmware trustworthy standard passes, the system will start and load normally. If the system firmware trustworthy standard does not pass, then the system will start and load normally. Cut off the power supply to the peripheral interface chip to prevent incorrect instructions from being issued, causing malfunction of the equipment;

待系统进行正常启动加载后,可信模块利用可信CPU对程序存储单元中的应用程序进行可信度量,当应用程序可信度量通过,则可信控制器正常启动,否则,则可信控制器无法正常启动,同时电源模块切断与外部通信的接口芯片供电。After the system is started and loaded normally, the trusted module uses the trusted CPU to perform trustworthy measurement on the application in the program storage unit. When the application's trustworthy measure passes, the trusted controller starts normally. Otherwise, the trusted controller starts normally. The controller cannot start normally, and the power module cuts off the power supply to the interface chip that communicates with the outside.

所述可信控制器正常启动之后还包括:After the trusted controller is started normally, the following steps are also included:

通过数据总线进行FPGA的程序加载及寄存器配置。FPGA program loading and register configuration are performed through the data bus.

FPGA程序加载正常后,初始化系统总线接口,通过系统总线接口与外部测量的IO模件通讯,收集IO模件发送过来的测量数据,并下发数据的分析结果及设备的参数。After the FPGA program is loaded normally, the system bus interface is initialized, communicates with the externally measured IO module through the system bus interface, collects the measurement data sent by the IO module, and issues the data analysis results and device parameters.

FPGA程序加载正常后,初始化对外总线接口,通过交换机分别与可信操作站及可信服务器连接。After the FPGA program is loaded normally, the external bus interface is initialized and connected to the trusted operation station and the trusted server through the switch.

可信操作站正常启动后,操作人员通过可信操作站实时进行可信控制的参数配置及下发,实现可信操作站与下位机之间的通信。After the trusted operation station starts normally, the operator configures and delivers trusted control parameters in real time through the trusted operation station to realize communication between the trusted operation station and the lower computer.

本发明具有以下有益效果:The present invention has the following beneficial effects:

本发明所述的可信DCS控制系统及方法在具体操作时,没有采用传统的软件安防手段,而是采用可信CPU、可信模块及可信操作站从系统的全链路实现硬件的可信,避免传统打补丁式防病毒和检测手段,同时,可信控制器在进行度量时,与控制的电源模块相辅相成,在可信度量不通过时,电源模块自动切掉与外部通信接口的电源,防止误触发信号的下发,有效确保可信控制器的完全可信,提高内网的安全性,防护能力较为优异。During specific operations, the trusted DCS control system and method of the present invention do not use traditional software security measures, but use trusted CPUs, trusted modules and trusted operating stations to realize hardware reliability from the full link of the system. Trust, avoiding traditional patching anti-virus and detection methods. At the same time, the trusted controller complements the controlled power module when performing measurements. When the trustworthiness does not pass, the power module automatically cuts off the power to the external communication interface. , prevent the issuance of false trigger signals, effectively ensure the complete trustworthiness of the trusted controller, improve the security of the intranet, and have excellent protection capabilities.

附图说明Description of drawings

图1为本发明的结构示意图。Figure 1 is a schematic structural diagram of the present invention.

其中,1为可信操作站、2为可信服务器、3为交换机、4为可信CPU、5为FPGA、6为系统总线接口、7为对外总线接口、8为时钟模块、9为可信模块、10为电源模块、11为固件存储单元、12为配置存储单元、13为程序存储单元。Among them, 1 is a trusted operating station, 2 is a trusted server, 3 is a switch, 4 is a trusted CPU, 5 is an FPGA, 6 is a system bus interface, 7 is an external bus interface, 8 is a clock module, and 9 is a trusted module, 10 is the power module, 11 is the firmware storage unit, 12 is the configuration storage unit, and 13 is the program storage unit.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,不是全部的实施例,而并非要限制本发明公开的范围。此外,在以下说明中,省略了对公知结构和技术的描述,以避免不必要的混淆本发明公开的概念。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only These are part of the embodiments of the present invention, not all of them, and are not intended to limit the scope of the disclosure of the present invention. Furthermore, in the following description, descriptions of well-known structures and techniques are omitted to avoid unnecessarily obscuring the concepts disclosed in the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of the present invention.

在附图中示出了根据本发明公开实施例的结构示意图。这些图并非是按比例绘制的,其中为了清楚表达的目的,放大了某些细节,并且可能省略了某些细节。图中所示出的各种区域、层的形状及它们之间的相对大小、位置关系仅是示例性的,实际中可能由于制造公差或技术限制而有所偏差,并且本领域技术人员根据实际所需可以另外设计具有不同形状、大小、相对位置的区域/层。A schematic structural diagram according to a disclosed embodiment of the present invention is shown in the accompanying drawings. The drawings are not drawn to scale, with certain details exaggerated and may have been omitted for purposes of clarity. The shapes of the various regions and layers shown in the figures and the relative sizes and positional relationships between them are only exemplary. In practice, there may be deviations due to manufacturing tolerances or technical limitations, and those skilled in the art will base their judgment on actual situations. Additional regions/layers with different shapes, sizes, and relative positions can be designed as needed.

参考图1,本发明所述的可信DCS控制系统包括上位机、交换机3及下位机;Referring to FIG1 , the trusted DCS control system of the present invention includes a host computer, a switch 3 and a slave computer;

所述上位机包括可信操作站1及可信服务器2,所述下位机包括可信控制器、时钟模块8、系统总线接口6、对外总线接口7、固件存储单元11以及用于提供电能的电源模块10;可信控制器包括可信CPU4、FPGA5、程序存储单元13、配置存储单元12及可信模块9;The host computer includes a trusted operation station 1 and a trusted server 2, and the lower computer includes a trusted controller, a clock module 8, a system bus interface 6, an external bus interface 7, a firmware storage unit 11, and a power supply module 10 for providing electric energy; the trusted controller includes a trusted CPU 4, an FPGA 5, a program storage unit 13, a configuration storage unit 12, and a trusted module 9;

其中,所述可信操作站1与交换机3相连接,交换机3经对外总线接口7与FPGA5相连接,可信CPU4与FPGA5、可信模块9、时钟模块8、程序存储单元13、配置存储单元12及固件存储单元11相连接,FPGA5与系统总线接口6相连接。Among them, the trusted operating station 1 is connected to the switch 3, the switch 3 is connected to the FPGA 5 via the external bus interface 7, the trusted CPU 4 is connected to the FPGA 5, the trusted module 9, the clock module 8, the program storage unit 13, and the configuration storage unit 12 is connected to the firmware storage unit 11, and the FPGA 5 is connected to the system bus interface 6.

本实施例中,所述可信模块9采用TPM芯片。In this embodiment, the trusted module 9 uses a TPM chip.

基于上述可信DCS控制系统,本发明所述的可信DCS控制系方法包括以下步骤:Based on the above trusted DCS control system, the trusted DCS control system method of the present invention includes the following steps:

1)电源模块10供电后,可信模块9利用可信CPU4对固件存储单元11中的系统固件进行可信度量,当系统固件可信度量通过,则系统进行正常启动加载,则系统固件可信度量不通过,则电源模块10切断电源。1) After the power supply module 10 supplies power, the trusted module 9 uses the trusted CPU 4 to perform trustworthiness on the system firmware in the firmware storage unit 11. When the system firmware trustworthiness passes, the system starts and loads normally, and the system firmware is trustworthy. If the measurement fails, the power module 10 cuts off the power supply.

2)系统进行正常启动加载后,可信模块9利用可信CPU4对程序存储单元13中的应用程序进行可信度量,当应用程序可信度量正确时,则可信控制器正常启动,否则,则可信控制器无法正常启动,同时电源模块10切断电源。2) After the system is started and loaded normally, the trusted module 9 uses the trusted CPU 4 to perform trustworthiness on the application program in the program storage unit 13. When the trustworthiness of the application program is correct, the trusted controller starts normally. Otherwise, Then the trusted controller cannot start normally, and the power module 10 cuts off the power supply.

3)可信控制器正常启动后,通过数据总线(PCIE、LPC、网口)进行FPGA5 的程序加载及寄存器配置。3) After the trusted controller starts normally, program loading and register configuration of FPGA5 are performed through the data bus (PCIE, LPC, network port).

4)FPGA5程序加载正常后,初始化系统总线接口6,通过系统总线接口6与外部测量的IO模件通讯,收集IO模件发送过来的测量数据,进行数据的分析及设备的参数下发。4) After the FPGA5 program loads normally, initialize the system bus interface 6, communicate with the external measured IO module through the system bus interface 6, collect the measurement data sent by the IO module, analyze the data and issue the parameters of the device.

FPGA5程序加载正常后,初始化对外总线接口7,通过交换机3分别与可信操作站1及可信服务器2连接,可信操作站1正常启动后,操作人员通过可信操作站1实时进行可信控制的参数配置及下发,实现可信操作站1与下位机之间的通信。After the FPGA5 program is loaded normally, the external bus interface 7 is initialized and connected to the trusted operating station 1 and the trusted server 2 through the switch 3. After the trusted operating station 1 starts normally, the operator performs trusted operations in real time through the trusted operating station 1. Control parameter configuration and distribution to achieve communication between the trusted operation station 1 and the lower computer.

5)可信控制器将收集到的下位机数据通过交换机3传输至可信服务器2进行数据的存储。5) The trusted controller transmits the collected lower computer data to the trusted server 2 through the switch 3 for data storage.

6)操作员通过可信操作站1,利用交换机3对可信服务器2中存储的历史数据进行调取查看。6) The operator uses the trusted operation station 1 and the switch 3 to retrieve and view the historical data stored in the trusted server 2.

配置存储单元12为非易失性随机访问存储器NVRAM,用于存储可信操作站1下发的配置文件,以供可信CPU4内部自动实时的调取。The configuration storage unit 12 is a non-volatile random access memory NVRAM, which is used to store the configuration file issued by the trusted operating station 1 for automatic real-time retrieval within the trusted CPU 4 .

电源模块10为下位机供电,当初始上电后,则可信CPU4和可信模块9的可信度量无法通过,则切断电源供给。The power module 10 supplies power to the lower computer. After the initial power-on, if the trustworthiness of the trusted CPU 4 and the trusted module 9 cannot pass, the power supply is cut off.

所述时钟模块8用于为可信CPU4、FPGA5以及数据总线提供时钟。The clock module 8 is used to provide clocks for the trusted CPU 4 , FPGA 5 and data bus.

需要说明的是,本发明具有以下特点:It should be noted that the present invention has the following characteristics:

本发明没有采用传统的软件安防手段,而是采用可信CPU4、可信模块9、可信操作站1及可信服务器2从系统的全链路实现硬件的可信,避免传统打补丁式防病毒和检测手段,实现等保2.0“可信验证”等安全功能,满足密评对可信计算的要求,增加系统内生主动防御能力,提升系统整体的安全性及可信性,并且后期维护方便,便于大规模推广应用。The present invention does not adopt traditional software security means, but adopts trusted CPU 4, trusted module 9, trusted operation station 1 and trusted server 2 to realize hardware trust from the whole link of the system, avoids traditional patch-type anti-virus and detection means, realizes security functions such as "trusted verification" of Information Security Technology 2.0, meets the requirements of confidentiality evaluation for trusted computing, increases the system's inherent active defense capabilities, improves the overall security and reliability of the system, and is easy to maintain in the later stage, facilitating large-scale promotion and application.

合理的分配可信控制内部的存储,实现可信度量的合理性,通过不同内存存储的策略方案,实时调整可信控制器的状态。Reasonably allocate the internal storage of the trusted control to achieve the rationality of the trustworthiness, and adjust the status of the trusted controller in real time through different memory storage strategies.

可信控制器在进行度量时,严格与电源模块10相辅相成,实现可信度量不通过,电源模块10供电系统自动切掉的硬逻辑,有效确保可信控制器的完全可信。When the trusted controller performs measurements, it strictly complements the power supply module 10 to implement the hard logic that if the trustworthy measurement fails, the power supply system of the power supply module 10 will automatically cut off, effectively ensuring the complete trustworthiness of the trusted controller.

可信控制器包括可信CPU4、FPGA5、程序存储单元13、配置存储单元12、可信模块9,系统检测到板卡上有可信模块9,则在上电时,可信模块9对固件存储单元11中固件的安全度量,实现可信程序启动时的检测和加载,当度量通过TPM芯片度量正确,则可信控制器正常启动,否则,则认为可信控制器中的程序已被非法篡改,此时可信控制器将无法正常启动,即可提醒运行人员检查更换。同时在全国产DCS可信控制器正常运行时,对关键的程序模块进行动态的度量,采用TPM安全度量芯片,可实现实时程序度量,当在实时度量时出现验签有问题,则可信控制器会将度量的结果上报给可信的管理平台进行决策,可信控制器会根据flash中存储的不同工况下执行不同的策略,实现对运行机组的保护,避免传统的打补丁升级的方式,便于产品的推广和维护。The trusted controller includes a trusted CPU4, an FPGA5, a program storage unit 13, a configuration storage unit 12, and a trusted module 9. When the system detects that there is a trusted module 9 on the board, when it is powered on, the trusted module 9 The security measurement of the firmware in the storage unit 11 realizes the detection and loading of the trusted program when it is started. When the measurement is correct through the TPM chip, the trusted controller starts normally. Otherwise, the program in the trusted controller is considered to have been illegal. If tampered, the trusted controller will not be able to start normally, and the operator can be reminded to check and replace it. At the same time, when the national DCS trusted controller is running normally, key program modules are dynamically measured. The TPM security measurement chip is used to achieve real-time program measurement. When there is a problem with the signature verification during real-time measurement, the trusted control The controller will report the measurement results to a trusted management platform for decision-making. The trusted controller will execute different strategies according to different working conditions stored in the flash to protect the operating units and avoid traditional patching and upgrade methods. , to facilitate product promotion and maintenance.

需要说明的是,本发明在应用程序的关键执行环节进行动态可信验证,在检测到其可信性受到破坏后进行告警,并将验证结果形成审计记录并送至可信安全管理平台。It should be noted that the present invention performs dynamic trustworthiness verification in the key execution links of the application program, issues an alarm after detecting that its trustworthiness has been damaged, and forms an audit record of the verification results and sends them to the trustworthy security management platform.

最后应当说明的是:以上实施例仅用以说明本发明的技术方案而非对其限制,尽管参照上述实施例对本发明进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本发明的具体实施方式进行修改或者等同替换,而未脱离本发明精神和范围的任何修改或者等同替换,其均应涵盖在本发明的权利要求保护范围之内。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention rather than to limit it. Although the present invention has been described in detail with reference to the above embodiments, ordinary technicians in the relevant field should understand that the specific implementation methods of the present invention can still be modified or replaced by equivalents. Any modification or equivalent replacement that does not depart from the spirit and scope of the present invention should be covered within the scope of protection of the claims of the present invention.

Claims (9)

1. The trusted DCS control system is characterized by comprising an upper computer, a switch (3) and a lower computer, wherein the upper computer comprises a trusted operation station (1), and the lower computer comprises a trusted controller, a clock module (8), a system bus interface (6), an external bus interface (7), a firmware storage unit (11) and a power module (10) for providing electric energy; the trusted controller comprises a trusted CPU (4), an FPGA (5), a program storage unit (13), a configuration storage unit (12) and a trusted module (9);
the trusted operation station (1) is connected with the switch (3), the switch (3) is connected with the FPGA (5) through an external bus interface (7), the trusted CPU (4) is connected with the FPGA (5), the trusted module (9), the clock module (8), the program storage unit (13), the configuration storage unit (12) and the firmware storage unit (11), and the FPGA (5) is connected with the system bus interface (6).
2. The trusted DCS control system of claim 1, wherein the trusted module (9) employs a TPM chip.
3. The trusted DCS control system of claim 1, wherein the host computer further comprises a trusted server (2), the trusted server (2) being connected to the switch (3).
4. The trusted DCS control system of claim 1, wherein the configuration storage unit (12) is a non-volatile random access memory.
5. A trusted DCS control method, based on the trusted DCS control system of claim 1, comprising the steps of:
after the power module (10) supplies power, the trusted module (9) utilizes the trusted CPU (4) to perform trusted measurement on system firmware in the firmware storage unit (11), when the trusted measurement of the system firmware passes, the system is normally started and loaded, and when the trusted measurement of the system firmware does not pass, the power module (10) cuts off the power supply to the peripheral interface chip;
after the system is normally started and loaded, the trusted module (9) utilizes the trusted CPU (4) to perform trusted measurement on the application program in the program storage unit (13), when the trusted measurement of the application program is passed, the trusted controller is normally started, otherwise, the trusted controller cannot be normally started, and meanwhile, the power supply to the peripheral interface chip is cut off.
6. The trusted DCS control method of claim 5, wherein said trusted controller further comprises, after normal start-up:
and loading programs and configuring registers of the FPGA (5) through a data bus.
7. The method for controlling the trusted DCS according to claim 6, wherein after the FPGA (5) program is loaded normally, a system bus interface (6) is initialized, the system bus interface (6) is communicated with an IO module for external measurement, measurement data sent by the IO module are collected, and analysis results of the measurement data and parameters of equipment are issued.
8. The method for controlling the trusted DCS according to claim 6, wherein after the FPGA (5) is normally loaded, an external bus interface (7) is initialized, and the external bus interface is respectively connected with the trusted operating station (1) and the trusted server (2) through the switch (3).
9. The trusted DCS control method of claim 6, wherein after the trusted operator station (1) is normally started, the operator performs the parameter configuration and issuing of the trusted control in real time through the trusted operator station (1).
CN202410220787.6A 2024-02-28 2024-02-28 Trusted DCS control system and method Active CN117784743B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410220787.6A CN117784743B (en) 2024-02-28 2024-02-28 Trusted DCS control system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410220787.6A CN117784743B (en) 2024-02-28 2024-02-28 Trusted DCS control system and method

Publications (2)

Publication Number Publication Date
CN117784743A true CN117784743A (en) 2024-03-29
CN117784743B CN117784743B (en) 2024-05-17

Family

ID=90402002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410220787.6A Active CN117784743B (en) 2024-02-28 2024-02-28 Trusted DCS control system and method

Country Status (1)

Country Link
CN (1) CN117784743B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104778141A (en) * 2015-02-10 2015-07-15 浙江大学 Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology
CN105205401A (en) * 2015-09-30 2015-12-30 中国人民解放军信息工程大学 Trusted computer system based on safe password chip and trusted guiding method thereof
CN107612731A (en) * 2017-09-19 2018-01-19 北京工业大学 One kind is based on the believable network section generation of software definition and credible recovery system
CN112948086A (en) * 2021-03-04 2021-06-11 浙江中控研究院有限公司 Credible PLC control system
GB202112858D0 (en) * 2020-09-10 2021-10-27 Fisher Rosemount Systems Inc Network resource management in a communication network for control and automation systems
CN114896640A (en) * 2022-04-30 2022-08-12 苏州浪潮智能科技有限公司 Secure boot method, device, equipment and readable medium based on trusted root
US20220408262A1 (en) * 2021-06-22 2022-12-22 Microsoft Technology Licensing, Llc Trusted 5g network slices
CN116991487A (en) * 2023-08-21 2023-11-03 中国电子科技集团公司第三十研究所 Trusted platform control system based on data compression and trusted firmware recovery method
CN117032831A (en) * 2023-08-25 2023-11-10 西安热工研究院有限公司 Trusted DCS upper computer system, starting method thereof and software starting method thereof
CN117112474A (en) * 2023-10-23 2023-11-24 湖南博匠信息科技有限公司 Universal trusted substrate management method and system
CN117195231A (en) * 2023-09-14 2023-12-08 华能威海发电有限责任公司 Security protection methods, systems and media for trusted DCS controller real-time operating systems
CN117221073A (en) * 2023-09-06 2023-12-12 西安热工研究院有限公司 Alarm processing system and method of trusted industrial control system

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104778141A (en) * 2015-02-10 2015-07-15 浙江大学 Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology
CN105205401A (en) * 2015-09-30 2015-12-30 中国人民解放军信息工程大学 Trusted computer system based on safe password chip and trusted guiding method thereof
CN107612731A (en) * 2017-09-19 2018-01-19 北京工业大学 One kind is based on the believable network section generation of software definition and credible recovery system
GB202112858D0 (en) * 2020-09-10 2021-10-27 Fisher Rosemount Systems Inc Network resource management in a communication network for control and automation systems
CN112948086A (en) * 2021-03-04 2021-06-11 浙江中控研究院有限公司 Credible PLC control system
US20220408262A1 (en) * 2021-06-22 2022-12-22 Microsoft Technology Licensing, Llc Trusted 5g network slices
CN114896640A (en) * 2022-04-30 2022-08-12 苏州浪潮智能科技有限公司 Secure boot method, device, equipment and readable medium based on trusted root
CN116991487A (en) * 2023-08-21 2023-11-03 中国电子科技集团公司第三十研究所 Trusted platform control system based on data compression and trusted firmware recovery method
CN117032831A (en) * 2023-08-25 2023-11-10 西安热工研究院有限公司 Trusted DCS upper computer system, starting method thereof and software starting method thereof
CN117221073A (en) * 2023-09-06 2023-12-12 西安热工研究院有限公司 Alarm processing system and method of trusted industrial control system
CN117195231A (en) * 2023-09-14 2023-12-08 华能威海发电有限责任公司 Security protection methods, systems and media for trusted DCS controller real-time operating systems
CN117112474A (en) * 2023-10-23 2023-11-24 湖南博匠信息科技有限公司 Universal trusted substrate management method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
孙亮;陈小春;钟阳;林志鹏;任彤;: "基于可信BMC的服务器安全启动机制", 山东大学学报(理学版), no. 01, 22 December 2017 (2017-12-22) *

Also Published As

Publication number Publication date
CN117784743B (en) 2024-05-17

Similar Documents

Publication Publication Date Title
CN101989242B (en) Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof
CN103119602B (en) A kind of method of the non-volatile storage for configuration-system and a kind of computer equipment
CN105205401B (en) Trusted computer system and its trusted bootstrap method based on security password chip
CN101295340A (en) A trusted platform module and its active measurement method
CN102012979B (en) Embedded credible computing terminal
CN101520833B (en) Data leakage prevention system and method based on virtual machine
US20220067165A1 (en) Security measurement method and security measurement device for startup of server system, and server
CN104885057A (en) Isolated guest creation in virtualized computing system
CN110069361A (en) Method and device for TPM (trusted platform Module) failover
WO2023193351A1 (en) Server starting method and apparatus, device, and storage medium
CN107301082A (en) A kind of method and apparatus for realizing operating system integrity protection
US20230161599A1 (en) Redundant data log retrieval in multi-processor device
CN106991327B (en) A kind of design method based on Power platform credible computer and control operation method
WO2024230401A1 (en) Baseboard management controller system operation method and apparatus, device, and non-volatile readable storage medium
CN111125707A (en) BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module
CN105119765B (en) A kind of Intelligent treatment fault system framework
CN101303716B (en) Embedded System Restoration Method Based on Trusted Platform Module
CN113325940A (en) Power consumption control method, system, terminal and storage medium of intelligent device
CN118796647A (en) A government affairs system operation and maintenance method and system based on multi-source data fusion
US20240419776A1 (en) Component Authentication Method and Apparatus
CN117784743B (en) Trusted DCS control system and method
CN201203868Y (en) A Trusted Platform Module
US20240412805A1 (en) Glitch detection redundancy
CN206649517U (en) Server credible platform measures control system and the server including the system
CN209692807U (en) A kind of credible platform measurement guard system of data cell

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant