WO2022190526A1 - 制御システムおよびその制御方法 - Google Patents
制御システムおよびその制御方法 Download PDFInfo
- Publication number
- WO2022190526A1 WO2022190526A1 PCT/JP2021/046973 JP2021046973W WO2022190526A1 WO 2022190526 A1 WO2022190526 A1 WO 2022190526A1 JP 2021046973 W JP2021046973 W JP 2021046973W WO 2022190526 A1 WO2022190526 A1 WO 2022190526A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- physical memory
- access
- data
- program
- variable
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 49
- 230000015654 memory Effects 0.000 claims description 224
- 238000004458 analytical method Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 description 28
- 238000010586 diagram Methods 0.000 description 22
- 230000008859 change Effects 0.000 description 17
- 238000004891 communication Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 17
- 230000006870 function Effects 0.000 description 14
- 239000000203 mixture Substances 0.000 description 11
- 238000004519 manufacturing process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- LWCVWGNRFYSORH-UHFFFAOYSA-N BBBBBBB Chemical compound BBBBBBB LWCVWGNRFYSORH-UHFFFAOYSA-N 0.000 description 2
- 238000005401 electroluminescence Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007431 microscopic evaluation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
- G05B19/41835—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by programme execution
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24167—Encryption, password, user access privileges
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31368—MAP manufacturing automation protocol
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/36—Nc in input of data, input key till input tape
- G05B2219/36542—Cryptography, encrypt, access, authorize with key, code, password
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the present disclosure relates to control systems, and more particularly to access control of control systems.
- Machines and equipment used at production sites using FA are typically controlled by control devices such as programmable logic controllers (hereinafter also referred to as "PLC").
- PLC programmable logic controllers
- These controllers store data indicated by variables or physical memory. The user can confirm or change the settings of the controller by referring to or changing the data indicated by these variables or physical memory. Also, some data may contain important settings. Therefore, there is a need for an access control technique that appropriately sets the security level for each variable or physical memory or the data indicated by the variable or physical memory.
- Patent Document 1 discloses that "a user management means for identifying a user who accesses a programmable display device and a user identified by the user management means generation means for generating an interface screen including information from the control device according to the granted authority; display unit for outputting the interface screen; and user management means for responding to a user access request from the external device a connection management means for establishing a connection with the external device based on the identification result of the user, and sending an interface screen to the external device with which the connection has been established, wherein the user management means are given different authority respectively "Prevents simultaneous access to the programmable display by multiple users who are being served" (see [Abstract]).
- Patent Document 1 According to the technology disclosed in Patent Document 1, it is not possible to set access rights for each data referenced within a program. Therefore, there is a need for a technique for setting access rights for each data referenced within a program.
- the present disclosure has been made in view of the above background, and an object in one aspect is to provide a technique for setting access rights for each data referenced within a program.
- a control system includes a control unit that controls a controlled object, a storage unit that stores a program executed by the control unit, access rights to each of a plurality of data referred to by the program, and any of a plurality of data and an input unit that receives an access request for.
- Each access right includes information on operations that can be performed by each user with different rights.
- the control unit refers to each access authority based on the acquisition of an access request for one of the plurality of data from the input unit, and based on each access authority, the user who sent the access request requests the access. determine whether you have access rights to the data
- control system determines whether or not to accept an access request to each of the plurality of data referenced by the program based on each access right to each of the plurality of data referenced by the program. can be done.
- each of the plurality of data is data indicated by a variable in the program or an address in physical memory.
- control system can determine whether or not to accept an access request to each variable or each physical memory based on each access right to each of the multiple data referenced by the program.
- the storage unit further stores write range information for each variable or physical memory. Based on the write range information, the control unit limits the range of writable values for the variable or physical memory for which an access request has been made.
- control system can limit the range of writable values for variables or physical memory for which access is requested.
- the access authority for each of the plurality of data is generated based on a first rule defining access authority for each variable name or a second rule defining access authority for each physical memory. .
- control system can automatically generate access rights for each of the plurality of data based on the first rule or the second rule.
- control system further includes a device for creating a program.
- the device analyzes the program based on the first rule or the second rule, generates each access authority based on the analysis result, and outputs each access authority to the storage unit.
- control system can generate access rights to each of the plurality of data by the device.
- the storage further stores the first rule or the second rule.
- the control unit Based on the acquisition of the program from another device, the control unit analyzes the program using the first rule or the second rule, generates each access right based on the analysis result, and performs each access. Output authority to storage unit.
- control system can generate access rights to each of the plurality of data by the control unit.
- control unit stores the update history in the storage unit based on the update of any of the plurality of data referenced by the program.
- the update history includes variable names or physical memory addresses indicating updated data, updated data, and user identifiers of users who updated the data.
- control system can generate an update history based on the update of any of the multiple data referenced by the program.
- user can confirm whether or not there has been unauthorized update processing by viewing the update history.
- a control method for a control system includes accessing a program executed by the controller and respective access rights to each of a plurality of data referenced by the program.
- Each access right includes information on operations that can be performed by each user with different rights.
- the control method includes a step of referring to each access right based on obtaining an access request for one of a plurality of data; and determining whether the user has access rights to the data.
- each of the plurality of data is data indicated by a variable in the program or an address in physical memory.
- control method comprises the step of accessing information of a write range for each of the variables or physical memory; and limiting the range of values.
- the access authority for each of the plurality of data is generated based on a first rule defining access authority for each variable name or a second rule defining access authority for each physical memory. .
- control method further includes the steps of analyzing the program, or based on the second rule, generating each access right based on the analysis result, and outputting each access right. include.
- control method further includes the step of generating an update history based on any one of the plurality of data referenced by the program being updated.
- the update history includes variable names or physical memory addresses indicating updated data, updated data, and user identifiers of users who updated the data.
- an update history can be generated based on the update of any of the multiple data referenced by the program.
- the user can confirm whether or not there has been unauthorized update processing by viewing the update history.
- access rights can be set for each data referenced within the program.
- FIG. 1 is a diagram schematically showing an overall configuration of a network system 100 including a control system 1 according to an embodiment
- FIG. 1 is an external view showing a configuration example of a control system 1 according to an embodiment
- FIG. 2 is a schematic diagram showing a hardware configuration example of a control unit 200 configuring the control system 1 according to an embodiment
- FIG. 2 is a schematic diagram showing a hardware configuration example of support device 110 that can be connected to control system 1 according to an embodiment.
- FIG. 5 is a diagram showing an example of operation authority information 500 for variables and operation authority information 510 for physical memory
- FIG. 6 is a diagram showing an example of variable write range information 600 and physical memory write range information 610.
- FIG. 7 is a diagram showing an example of user account information 700.
- FIG. 1 is a diagram schematically showing an overall configuration of a network system 100 including a control system 1 according to an embodiment
- FIG. 1 is an external view showing a configuration example of a control system 1 according to an embodiment
- FIG. 2 is a
- FIG. 8A and 8B are diagrams illustrating an example of a variable rule 800 and a physical memory rule 810;
- FIG. 9 is a diagram showing an example of a variable master 900 and a physical memory master 910;
- 4 is a diagram showing an example of an access request to the control unit 200;
- FIG. FIG. 10 is a diagram showing an example of a procedure for generating access control information 322;
- FIG. 4 is a diagram showing an example of an access control procedure by the control unit 200;
- FIG. 1 is a diagram schematically showing the overall configuration of network system 100 including control system 1 according to the present embodiment. Using the configuration shown in FIG. 1 as an example, a situation where the technique according to the present embodiment is applied will be described.
- the network system 100 comprises a control system 1, a server device 120, a display device 140 and a gateway (GW: Gateway) 130 as a configuration. These configurations may be interconnected via network 150 .
- Network 150 is also connected to the Internet, which is an external network, via gateway 130 .
- network 150 may be implemented with the common network protocols Ethernet (registered trademark) or EtherNet/IP (registered trademark).
- the control system 1 is connected via a field network 160 to a controlled object 170 including field facilities and equipment, and various devices (sensors, actuators, etc.) placed thereon.
- the field network 160 preferably employs a bus or network that performs fixed-cycle communication, in which the arrival time of data is guaranteed.
- the field network 160 may be realized by EtherCAT (registered trademark) as a bus or network that performs such periodic communication.
- the support device 110 provides a support tool that supports the user in operating the control system 1. Also, the support device 110 may have a function of installing a program in the control system 1 . In one aspect, support device 110 may be a personal computer, tablet, smart phone, or any other information processing device.
- the support device 110 is detachably connected to the control system 1 by USB (Universal Serial Bus).
- USB Universal Serial Bus
- a communication protocol for user authentication may be adopted for this USB communication in order to ensure communication security.
- support device 110 may communicate with control system 1 via network 150 .
- the server device 120 is, for example, a database system, a manufacturing execution system (MES: Manufacturing Execution System), or the like.
- the manufacturing execution system acquires information from manufacturing equipment or equipment to be controlled, monitors and manages the entire production, and can handle order information, quality information, shipping information, and the like.
- the server device 120 may be a device that provides an information system service (a process of acquiring various information from a controlled object and performing macroscopic or microscopic analysis, etc.).
- the display device 140 receives an operation from the user, outputs a command or the like according to the user's operation to the control system 1, and graphically displays the calculation result or the like in the control system 1.
- display device 140 may include any output device such as a liquid crystal display or an organic EL (Electro-Luminescence) display.
- the display device 140 may include any input device such as a touch panel or a switch.
- the gateway 130 performs protocol conversion between the network 150 and an external network (Internet) and processing as a firewall.
- the control system 1 controls the controlled object 170 on the field network 160 based on the installed program, and the network 150 It can communicate with each device above.
- the user can check or change the functions of the control system 1 by referring to or changing the values indicated by the variables used in the programs installed in the control system 1 or the values indicated by the physical memory of the control system 1. .
- the user can refer to or update the setting values of the control unit 200 as the values referenced by the program installed in the control unit 200 .
- the values are defined as variables in the program or values stored in physical memory. Therefore, the user can refer to or update the value by specifying a variable or physical memory in the program.
- the values indicated by the variables referenced by the programs installed in the control system 1 and the values indicated by the physical memory of the control system 1 may be data containing information in any format such as characters in addition to numerical values. good.
- control system 1 includes important commands such as port closing, VPN (Virtual Private Network) enable/disable, and access control change. Changes to these important instructions can have a significant impact on the functionality, security, etc. provided by the control system 1 . Therefore, the control system 1 improves the security function of the control system 1 by providing a function for performing access control for each value indicated by a variable or physical memory.
- important commands such as port closing, VPN (Virtual Private Network) enable/disable, and access control change. Changes to these important instructions can have a significant impact on the functionality, security, etc. provided by the control system 1 . Therefore, the control system 1 improves the security function of the control system 1 by providing a function for performing access control for each value indicated by a variable or physical memory.
- control system 1 includes both or one of variable operation authority information 500 and physical memory operation authority information 510 (see FIG. 5).
- the variable operation authority information 500 includes access authority for each value indicated by the variable.
- a value indicated by a variable is a value stored at a physical memory address indicated by a certain variable.
- the physical memory operation authority information 510 includes access authority for each value indicated by the physical memory.
- a value indicated by a physical memory is a value stored at an address in a certain physical memory.
- the value includes any value indicated by a variable or physical memory, and may include, for example, a value such as NULL that means emptiness.
- access in the present embodiment can include read processing, write processing, and the like.
- the access authority in the present embodiment may include authority for read processing, authority for write processing, and the like.
- the access authority for each value indicated by a variable or physical memory may be set for each user account authority or attribute (administrator, designer, etc.). In another aspect, access rights for each value indicated by a variable or physical memory may be set for each individual user account.
- the access authority is the access authority to data (value), but the access authority in the present embodiment can also be said to be reference access authority.
- a reference here means a variable, a physical address, or the like indicating the location of data. Therefore, the access authority to the data (value) indicated by the variable or the data (value) indicated by the physical address can be said to be the access authority to the reference.
- variables 501 and 601 and physical memories 511 and 611 shown in FIGS. 5 and 6 can also be read as references.
- the variable name rule 810 and the physical memory range 811 shown in FIG. 8 can be read as the reference name rule and the reference range.
- the control system 1 identifies the authority of the user account based on the acceptance of the access request for the value indicated by the variable or physical memory. Next, the control system 1 refers to the variable operation authority information 500 or the physical memory operation authority information 510, and the user account that sent the access request has the authority to change the value of the requested variable. Determine whether or not The operation authority information 500 for variables and the operation authority information 510 for physical memory and methods for generating them will be described later.
- a certain user account has read or write authority for value X means that the user account has authority to refer to or update value X indicated by a variable or physical memory.
- a user account having read or write authority for variable A means that the user account has authority to refer to or update the value indicated by variable A.
- a user account having the right to read or write to physical memory B means that the user account has the right to refer to or update the value indicated by physical memory B (the value stored in physical memory B). It means that there is
- FIG. 2 is an external view showing a configuration example of control system 1 according to the present embodiment.
- control system 1 includes control unit 200 , security unit 210 , safety unit 220 , one or more functional units 230 and power supply unit 240 .
- control unit 200 and security unit 210 are connected via a PCI Express bus or the like.
- control unit 200, safety unit 220, one or more functional units 230, and power supply unit 240 are also interconnected via an internal bus.
- the control unit 200 includes, for example, a PLC (programmable controller).
- the control unit 200 controls objects to be controlled by executing a control program.
- the control program includes programs such as IO refresh, control arithmetic processing, etc. for exchanging signals between equipment and devices to be controlled and various devices (sensors, actuators, etc.) installed therein.
- IO refresh outputs a command value calculated in the control unit 200 to the controlled object, or collects an input value from the controlled object.
- the control calculation process for example, calculates a command value or a control amount based on input values collected by IO refresh.
- a control program having such functions is also an example of a "user program" including a program created by a user or a development company according to the required specifications of the controlled object.
- the security unit 210 sets the security of the control system 1, more specifically the control unit 200. This security setting includes settings for preventing unintended duplication of the control program, ie, unauthorized duplication.
- the safety unit 220 executes control calculations independently of the control unit 200 to implement safety functions related to the controlled object.
- the functional unit 230 provides various functions for realizing control of various controlled objects by the control system 1 . Functional units 230 may typically include I/O units, safety I/O units, communication units, motion controller units, temperature regulation units, pulse counter units, and the like. Examples of I/O units include digital input (DI) units, digital output (DO) units, analog output (AI) units, analog output (AO) units, pulse catch input units, and a mixture of multiple types. and a composite unit.
- the safety I/O unit is in charge of I/O processing related to safety control.
- the power supply unit 240 supplies power of a predetermined voltage to each unit that configures the control system 1 .
- control unit 200 (b. Hardware configuration of control unit 200) Next, a hardware configuration example of control unit 200 included in control system 1 according to the present embodiment will be described.
- FIG. 3 is a schematic diagram showing a hardware configuration example of the control unit 200 configuring the control system 1 according to the present embodiment.
- control unit 200 includes, as main components, processor 301 such as CPU (Central Processing Unit) or GPU (Graphical Processing Unit), chipset 302, secondary storage device 303, main storage device 304, communication It includes controller 305 , USB controller 314 , memory card interface 313 , network controllers 310 , 311 , 312 , internal bus controller 309 , indicator 306 and switch interface 307 .
- processor 301 such as CPU (Central Processing Unit) or GPU (Graphical Processing Unit)
- secondary storage device 303 main storage device 304
- communication It includes controller 305 , USB controller 314 , memory card interface 313 , network controllers 310 , 311 , 312 , internal bus controller 309 , indicator 306 and switch interface 307 .
- the processor 301 reads various programs stored in the secondary storage device 303, develops them in the main storage device 304, and executes them, thereby realizing various processes including control calculation and service processing.
- the chipset 302 implements processing of the control unit 200 as a whole by mediating data exchange between the processor 301 and each component.
- the main storage device 304 comprises a volatile storage device such as DRAM (Dynamic Random Access Memory) or SRAM (Static Random Access Memory). At least some of these volatile storage devices constitute a volatile storage area 325 for storing decoded control programs 326 .
- DRAM Dynamic Random Access Memory
- SRAM Static Random Access Memory
- the secondary storage device 303 is typically, for example, a HDD (Hard Disk Drive) or SSD (Solid State Drive), ROM (Read Only Memory), EPROM (Erasable Programmable Read Only Memory), EEPROM (Electrically Erasable Programmable Read Equipped with a non-volatile storage device such as -Only Memory). At least part of these nonvolatile storage devices constitute a nonvolatile storage area 323 for storing an encrypted control program 324 .
- a HDD Hard Disk Drive
- SSD Solid State Drive
- ROM Read Only Memory
- EPROM Erasable Programmable Read Only Memory
- EEPROM Electrically Erasable Programmable Read Equipped with a non-volatile storage device such as -Only Memory.
- At least part of these nonvolatile storage devices constitute a nonvolatile storage area 323 for storing an encrypted control program 324 .
- the secondary storage device 303 further stores system programs 320 including the OS, service programs 321, access control information 322, and the like.
- the access control information 322 includes various information used for access control in values indicated by variables or physical memory shown in FIGS.
- System program 320 provides a program execution environment for user programs such as decoded control program 326 and service program 321 to operate.
- the communication controller 305 transmits and receives data to and from the security unit 210 via the bus 330 .
- the communication controller 305 can be realized, for example, by a communication chip compatible with a bus such as PCI Express.
- the indicator 306 notifies the operating state of the control unit 200, and is composed of one or more LEDs (Light Emitting Diodes) or the like arranged on the surface of the unit.
- the switch interface 307 for example, is connected to a DIP switch 308 and outputs an ON or OFF signal for the DIP switch 308 to the processor 301 .
- the internal bus controller 309 transmits and receives data via an internal bus between the safety unit 220 and one or more functional units 230 that configure the control system 1 .
- This internal bus may use a manufacturer-specific communication protocol, or may use a communication protocol that is the same as or conforms to any industrial network protocol.
- Each of the network controllers 310, 311, and 312 is in charge of exchanging data with arbitrary devices via the network.
- Network controllers 310, 311, 312 may employ industrial network protocols such as EtherCAT®, EtherNet/IP®, DeviceNet®, CompoNet®, and the like.
- the memory card interface 313 is configured such that a memory card 340 can be attached/detached, and writes a user program or data such as various settings to the memory card 340, or reads the program or data such as various settings from the memory card 340. It is possible to read out.
- USB controller 314 may transmit and receive data to and from any information processing device, including support device 110, via a USB connection.
- FIG. 3 shows a configuration example in which necessary functions are provided by the processor 301 executing a program.
- the main part of the control unit 200 may be implemented using hardware following a general-purpose architecture (for example, an industrial personal computer based on a general-purpose personal computer).
- a general-purpose architecture for example, an industrial personal computer based on a general-purpose personal computer.
- virtualization technology may be used to execute a plurality of OSs with different purposes in parallel, and necessary applications may be executed on each OS.
- FIG. 4 is a schematic diagram showing a hardware configuration example of support device 110 that can be connected to control system 1 according to the present embodiment.
- the support device 110 can be implemented using, as an example, a device (personal computer, tablet, etc.) following a general-purpose architecture.
- the support device 110 includes a processor 401 such as a CPU or GPU, a main storage device 402, an input section 403, an output section 404, a secondary storage device 405, an optical drive 406, and a communication interface 407. These components are connected via processor bus 410 . Since main memory device 402 and secondary memory device 405 can be configured similarly to main memory device 304 and secondary memory device 303 of control unit 200, respectively, description thereof will not be repeated.
- processor 401 such as a CPU or GPU
- main storage device 402 an input section 403, an output section 404
- main memory device 402 and secondary memory device 405 can be configured similarly to main memory device 304 and secondary memory device 303 of control unit 200, respectively, description thereof will not be repeated.
- the processor 401 reads programs (for example, the OS 424 and the support program 423) stored in the secondary storage device 405, develops them in the main storage device 402, and executes them, thereby realizing various processes.
- programs for example, the OS 424 and the support program 423 stored in the secondary storage device 405, develops them in the main storage device 402, and executes them, thereby realizing various processes.
- the secondary storage device 405 stores a support program 423 for providing functions as the support device 110 in addition to an OS 424 for realizing basic functions.
- the support device 110 (substantially the processor 401 ) implements the functions of various support tools provided by the support device 110 by executing the support program 423 .
- the support tool provides a program development environment for the support device 110 .
- the secondary storage device 405 also stores a control program 420 created using a support tool, a variable/physical memory operation authority information generation program 421, and a variable/physical memory write range information generation program 422. do.
- Control program 420 may be the source code of a program that runs on control unit 200 . Also, the control program 420 may include executable files of programs executed by the control unit 200 .
- variable/physical memory operation authority information generation program 421 refers to the variable rule 800 and the physical memory rule 810 (see FIG. 8) to access each value indicated by the variable or physical memory included in the control program 420. Operation authority information 500 of variables including authority or operation authority information 510 of physical memory is generated.
- the variable/physical memory write range information generation program 422 generates the variable write range information 600 including the writable value range in each of the variables or physical memory included in the control program 420 or the physical memory write range. Generate information 610 (see FIG. 6). In one aspect, the variable/physical memory write range information generation program 422 generates the variable write range information 600 or the physical memory write range information 610 based on the operation authority information 500 or the physical memory operation authority information 510. (see FIG. 6) may be generated. In this case, the secondary storage device 405 stores information on a predetermined write range for each security level of variables or physical memory. The security level of a variable or physical memory can be determined, for example, by which authority (administrator, designer, etc.) user account can access the value indicated by the variable or physical memory.
- the secondary storage device 405 may store an encrypted control program obtained by encrypting the control program 420 . Furthermore, the secondary storage device 405 may store a key for encrypting the control program 420 and an encryption processing program. Also, the secondary storage device 405 may store a simple encryption processing program. The processor 401 can generate a simple encrypted control program by executing the simple encryption processing program.
- the input unit 403 is composed of a keyboard, mouse, etc., and receives user operations.
- An output unit 404 includes a display, various indicators, a printer, and the like, and outputs processing results from the processor 401 and the like.
- the support device 110 has an optical drive 406 .
- the optical drive 406 reads a program stored therein from a recording medium 450 (for example, an optical recording medium such as a DVD (Digital Versatile Disc)) and installs the program in the secondary storage device 405 or the like.
- a recording medium 450 for example, an optical recording medium such as a DVD (Digital Versatile Disc)
- the communication interface 407 can transmit and receive data to and from the control unit 200 or security unit 210 included in the control system 1 via any communication medium such as USB or Ethernet.
- the support program 423 and the like executed by the support device 110 may be installed via the computer-readable recording medium 450, or may be installed by downloading from a server device or the like on the network. Also, the functions provided by support device 110 according to the present embodiment can be realized by using some of the modules provided by the OS.
- FIG. 4 shows a configuration example in which the functions necessary for the support device 110 are provided by the processor 401 executing a program. It may be implemented using a circuit (eg, ASIC, FPGA, etc.). Moreover, in the present embodiment, the support device 110 may be removed from the control system 1 while the control system 1 is in operation.
- the processor 401 executing a program. It may be implemented using a circuit (eg, ASIC, FPGA, etc.). Moreover, in the present embodiment, the support device 110 may be removed from the control system 1 while the control system 1 is in operation.
- the support device 110 transmits the generated control program 420 or the encrypted control program to the control unit 200. Further, the support device 110 transmits the variable operation authority information 500 or the physical memory operation authority information 510 and the variable write range information 600 or the physical memory write range information 610 to the control unit 200 .
- the control unit 200 receives the variable operation authority information 500 or the physical memory operation authority information 510 and the variable write range information 600 or the physical memory write range information 610 as part of the access control information 322, Stored in the secondary storage device 303 .
- control unit 200 When there is an access request to a value indicated by a variable or physical memory referenced in the control program 420, the control unit 200 refers to the operational authority information 500 of the variable or the operational authority information 510 of the physical memory. It can decide whether to accept or deny the access request.
- control unit 200 refers to the variable write range information 600 or the physical memory write range information 610 to accept or reject the write request. can determine whether
- control unit 200 may store the variable/physical memory operation authority information generation program 421 and the variable/physical memory write range information generation program 422 in advance in the secondary storage device 303 .
- control unit 200 receives the control program 420 or the encrypted control program from the control program 420 or the encrypted control program. and generate range information 610 .
- FIG. 5 is a diagram showing an example of operational authority information 500 for variables and operational authority information 510 for physical memory.
- the variable operation authority information 500 indicates read and write operation restrictions (access authority) for each variable for each user account authority.
- Physical memory operation authority information 510 indicates read and write operation restrictions (access authority) for each physical memory for each user account authority.
- variable operation authority information 500 and the physical memory operation authority information 510 may be expressed as a relational database table, or any other data format such as JSON (JavaScript (registered trademark) Object Notation). may be expressed as JSON (JavaScript (registered trademark) Object Notation).
- variable operation authority information 500 includes, as data items, variables 501, operations 502, and access restrictions 503 for each user account authority. Furthermore, the variable operation authority information 500 may include an identifier for uniquely identifying each record.
- the variable 501 contains each variable name included in the control program 420.
- Operation 502 includes at least two methods of operation: read and write. Reading is an operation of referring to a value indicated by a certain variable. Writing is an operation that changes or overwrites the value indicated by a certain variable. Access restrictions 503 are read and write restrictions for each authority of the user account.
- the "administrator” user account has both read and write privileges for the variable "AAAAAAA”. Conversely, the "operator” user account does not have both read and write privileges on the variable "AAAAAAA”. Also, for the variable "AAAAAAA”, only “administrator, designer” has both read and write privileges. On the other hand, for the variable "BBBBBBB”, more user accounts “administrator, designer, maintainer” have both read and write privileges. In this case, it can be said that the security level of the variable "AAAAAAA" is higher than the security level of the variable "BBBBBBB.
- Physical memory operation authority information 510 includes, as data items, physical memory 511, operation 512, and access restriction 513 for each authority of a user account. Furthermore, the physical memory operation authority information 510 may include an identifier for uniquely identifying each record.
- the physical memory 511 contains the address of each physical memory included in the control program 420 .
- physical memory 511 may include a range of physical memory addresses.
- Operation 512 includes at least two methods of operation: read and write. Reading is an operation that refers to a value indicated by a certain physical memory. A write is an operation that modifies or overwrites the value indicated by some physical memory. Access restrictions 513 are read and write restrictions for each user account authority.
- the "administrator” user account has both read and write privileges for the physical memory "D0000". Conversely, the "operator” user account does not have both read and write privileges for physical memory "D0000”. Also, with respect to physical memory "D0000”, only “administrator, designer” has both read and write authority. On the other hand, with respect to physical memory "D0001", more user accounts “administrator, designer, maintainer” have both read and write privileges. In this case, it can be said that the security level of the physical memory "D0000" is higher than the security level of the physical memory "D0001".
- control unit 200 or the support device 110 When the control program 420 includes variables, the control unit 200 or the support device 110 generates operational authority information 500 for the variables. Conversely, if the control program 420 includes physical memory, the control unit 200 or the support device 110 generates physical memory operation authority information 510 . In one aspect, when the control program 420 includes both variables and physical memory, the control unit 200 or the support device 110 generates information combining the variable operation authority information 500 and the physical memory operation authority information 510, Information may be used for access control.
- the control unit 200 determines whether or not to accept an access request to the value indicated by the variable or the physical memory based on the variable operation authority information 500 or the physical memory operation authority information 510 and the user account information 700 (see FIG. 7). to judge.
- FIG. 6 is a diagram showing an example of variable write range information 600 and physical memory write range information 610 .
- the variable write range information 600 indicates the range of values that can be written to each variable for each authority of the user account.
- Physical memory write range information 610 indicates the range of values that can be written to each physical memory for each authority of the user account.
- variable write range information 600 and the physical memory write range information 610 may be represented as tables in a relational database, or any other data such as JSON (JavaScript (registered trademark) Object Notation). It may be expressed in data format.
- JSON JavaScript (registered trademark) Object Notation
- the variable write range information 600 includes, as data items, a variable 601, a write range 602, and a write operation limit 603 for each user account authority. Furthermore, the variable write range information 600 may include an identifier for uniquely identifying each record.
- the variable 601 includes each variable name included in the control program 420.
- a write range 602 is the range of values that can be written to a variable.
- a write operation restriction 603 is a write operation restriction of the value indicated by the write range 602 for each authority of the user account.
- the "administrator” user account can write the value "0-100" to the variable "CCCCCCC”.
- the "Maintainer” user account can write the value "50-90” to the variable “CCCCCCC”.
- the "operator” user account can only write the value "50” to the variable "CCCCCCC”.
- the physical memory write range information 610 includes, as data items, a physical memory 611, a write range 612, and a write operation limit 613 for each user account authority. Furthermore, the physical memory write range information 610 may include an identifier for uniquely identifying each record.
- the physical memory 611 contains the address of each physical memory included in the control program 420.
- physical memory 511 may include a range of physical memory addresses.
- a write range 612 is the range of values that can be written to some physical memory.
- a write operation restriction 613 is a write operation restriction for each authority of a user account.
- the "administrator” user account can write the value "0-100" to the physical memory address "D0002".
- the "maintenance person” user account can write the value "50-90” to the variable "D0002".
- the "operator” user account can only write the value "50” to the variable "D0002".
- control unit 200 or the support device 110 When the control program 420 includes variables, the control unit 200 or the support device 110 generates write range information 600 for the variables. Conversely, if the control program 420 includes physical memory, the control unit 200 or the support device 110 generates the physical memory write range information 610 . In one aspect, if control program 420 includes both variables and physical memory, control unit 200 or support device 110 generates information that combines variable write range information 600 and physical memory write range information 610. may use this information for access control.
- the control unit 200 determines whether or not to accept the write request based on the variable write range information 600 or the physical memory write range information 610 and the user account information 700 .
- FIG. 7 is a diagram showing an example of user account information 700.
- the user account information 700 may be expressed as a relational database table, or in any other data format such as JSON (JavaScript (registered trademark) Object Notation).
- User account information 700 includes user identifier 701 , password 702 , and authority 703 .
- a user identifier 701 uniquely indicates a user.
- users may include devices or systems as well as humans.
- another device or system as a user, may send a request for access to a value indicated by a variable or physical memory of control unit 200 .
- a password 702 is a password for authentication for each user.
- Authority 703 is the authority (or attribute) of each user.
- the password of the user indicated by the user identifier "Kita” is "1111".
- the authority of the user indicated by the user identifier 701 "Kita” is "designer”.
- the user indicated by the user identifier 701 "Kita” has read and write authority for the variables "AAAAAA, BBBBBBBB, CCCCCCC” or the physical memory "D0000, D0001, D0002” (see FIG. 5).
- the user indicated by the user identifier 701 “Kita” has the authority to write the value “0-100” to the variable “CCCCCCC” or physical memory “D0002” (see FIG. 6).
- the password may actually be encrypted.
- FIG. 8 is a diagram showing an example of a variable rule 800 and a physical memory rule 810.
- Variable rules 800 include variable naming conventions and access restrictions associated with each variable name.
- Physical memory rules 810 include physical memory ranges and access restrictions associated with each physical memory range.
- variable rule 800 and the physical memory rule 810 may be expressed as tables in a relational database, or expressed in any other data format such as JSON (JavaScript (registered trademark) Object Notation). good too.
- JSON JavaScript (registered trademark) Object Notation
- a variable rule 800 includes, as data items, a variable name rule 801, an operation 802, and an access restriction 803 for each authority of a user account.
- variable name rules 801 include naming rules for variable names in any format such as regular expressions.
- Operation 802 includes read and write operations.
- Access restrictions 803 are read and write restrictions for each authority of the user account.
- a physical memory rule 810 includes, as data items, a physical memory range 811, an operation 812, and an access restriction 813 for each authority of a user account.
- physical memory range 811 includes the range indicated by the start address and end address of physical memory. As another example, physical memory range 811 may include a single physical memory address or multiple non-contiguous physical memory addresses. Operation 802 includes read and write operations. Access restrictions 803 are read and write restrictions for each authority of a user account.
- variable/physical memory operation authority information generation program 421 references the variable rule 800 and the physical memory rule 810, and generates the variable operation authority information 500 and the physical memory operation authority information 510 from the control program 420. Generate.
- the support device 110 executes the variable/physical memory operation authority information generation program 421
- the support device 110 stores the variable rule 800 and/or the physical memory rule 810 in the secondary storage device 405 .
- the control unit 200 executes the variable/physical memory operation authority information generation program 421
- the control unit 200 stores the variable rule 800 and/or the physical memory rule 810 in the secondary storage device 303 .
- the user can create the variable rule 800 and the physical memory rule 810 in advance using the support device 110 (support tool, etc.).
- the created variable rule 800 and physical memory rule 810 may be stored in the secondary storage device 405 or sent to the control unit 200 .
- FIG. 9 is a diagram showing an example of a variable master 900 and a physical memory master 910.
- FIG. Variable master 900 includes all variables defined within control program 420 .
- Variable master 900 contains all physical memory available within control program 420 .
- variable master 900 and the physical memory master 910 may be represented as tables of a relational database, or may be represented in any other data format such as JSON (JavaScript (registered trademark) Object Notation). .
- variable master 900 includes variable identifiers 901 and variables 902 as data items.
- a variable identifier 901 uniquely identifies a variable.
- Variable 902 contains the name of the variable defined within control program 420 .
- a physical memory master 910 includes a physical memory identifier 911 and a physical memory 912 as data items.
- Physical memory identifier 911 uniquely identifies a physical memory or range of physical memory.
- Physical memory 912 includes physical memory or ranges of physical memory available within control program 420 .
- support device 110 or control unit 200 may first generate variable master 900 or physical memory master 910 from control program 420 .
- the support device 110 or the control unit 200 based on the variable master 900 or the physical memory master 910 and the variable rule 800 or the physical memory rule 810, the variable operation authority information 500 or the physical memory operation authority information 510 can be generated.
- the support device 110 or the control unit 200 may generate the variable manipulation authority information 500 or the physical memory manipulation authority information 510 without using the variable master 900 or the physical memory master 910 .
- FIG. 10 is a diagram showing an example of an access request to the control unit 200.
- FIG. Assume that the control unit 200 receives from the terminal 1000 an access request 1010 for a value indicated by a certain variable or physical memory.
- the terminal 1000 may be a support device 110, a display device 140, another control system 1 or any other device.
- the access request 1010 shown in FIG. 10 is a write request and includes, as an example, a user identifier 1011, password 1012, write command 1013, variable 1014, and write value 1015.
- access request 1010 may include a read command instead of write command 1013 and write value 1015, as an example. Also, access request 1010 may include physical memory instead of variable 1014 .
- the user identifier 1011 uniquely identifies the user who sent the access request 1010.
- Password 1012 is a password for authenticating the user.
- a write command 1013 is a command to be executed by the control unit 200 .
- a variable 1014 is a variable name to be written.
- the write value 1015 is the value to write to the variable.
- control unit 200 Upon receiving the access request 1010, the control unit 200 refers to the user account information 700 and authenticates the user account that sent the access request 1010. Next, the control unit 200 determines whether or not to accept the access request 1010 based on the variable operation authority information 500 or the physical memory operation authority information 510 .
- control unit 200 refers to variable write range information 600 or physical memory write range information 610 to determine whether to accept the write request. to judge.
- the control unit 200 accepts the write request if the value to be written to the variable or physical memory is within the authority of the user account that sent the access request 1010, otherwise rejects the write request.
- the control unit 200 when the access request 1010 is received, the control unit 200 generates a change history based on the fact that the value indicated by each variable or physical memory has been changed (write processing has been performed).
- the change history is stored in the secondary storage device 303 .
- the change history may include the variable name or physical memory address indicating the updated value, the updated value, and the user identifier of the user who updated the value.
- the change history may record only the change records of the values indicated by each variable or physical memory separately from the access log. By separating the change history and the log, the change history will not be buried in a huge log, and the administrator of the control system 1 can easily check whether there has been unauthorized access or the like by checking the change history. can do.
- the change history includes, for example, the changed variable name or physical memory address, the value before and after the change, and the user identifier of the user who executed the write process.
- FIG. 11 is a diagram showing an example of the procedure for generating the access control information 322.
- FIG. 11 may be performed by either control unit 200 or support device 110 .
- the processor 301 may load a program for executing the process shown in FIG. 11 from the secondary storage device 303 to the main storage device 304 and execute the program. .
- part or all of the process may also be implemented as a combination of circuit elements configured to perform the process.
- the processor 401 may load a program for executing the processing of FIG. 11 from the secondary storage device 405 into the main storage device 402 and execute the program. .
- part or all of the process may also be implemented as a combination of circuit elements configured to perform the process.
- control unit 200 executes the processing shown in FIG. 11, but even when the support device 110 executes the processing shown in FIG. 11, the generated access control information 322 is transmitted to the control unit 200 Other procedures are the same.
- step S1110 the control program 420 is obtained from the support device 110.
- the control program 420 may or may not be encrypted.
- the control unit 200 acquires the encrypted control program 420, the control unit 200 performs decryption processing.
- the processor 301 acquires the variable rule 800 and the physical memory rule 810.
- processor 301 may retrieve variable rules 800 and physical memory rules 810 stored in secondary storage 303 .
- processor 301 may receive variable rules 800 and physical memory rules 810 from support device 110 .
- the processor 301 creates or updates the variable master 900 and the physical memory master 910. If variables are used within control program 420 , processor 301 generates variable master 900 that includes all variables referenced within control program 420 . If physical memory is used in control program 420 , processor 301 creates physical memory master 910 containing all physical memory provided by control unit 200 . Note that the physical memory master 910 may be stored in the secondary storage device 303 in advance.
- step S1140 the processor 301 generates the variable operational authority information 500 and/or the physical memory operational authority information 510. More specifically, the processor 301 generates the variable operation authority information 500 based on the variable rule 800 and the variable master 900 . The processor 301 also generates physical memory operation authority information 510 based on the physical memory rule 810 and the physical memory master 910 . Processor 301 may omit the processing of step S1130 and extract variables or physical memory from control program 420 in the processing of step S1140.
- the processor 301 generates variable write range information 600 and/or physical memory write range information 610. More specifically, the secondary storage device 303 (the secondary storage device 405 when the support device 110 executes the processing shown in FIG. 11) is a variable or physical memory security level (access by a user account with which authority). It is also possible to prepare a writing range rule (not shown) in advance based on whether or not it is possible.
- the processor 301 can generate the variable write range information 600 based on the variable operation authority information 500 and the write range rule based on the variable security level.
- the processor 301 can also generate physical memory write range information 610 based on the physical memory operation authority information 510 and the write range rule based on the physical memory security level.
- the information generated in each step is transmitted to the control unit 200 as part of the access control information 322.
- FIG. 12 is a diagram showing an example of an access control procedure by the control unit 200.
- processor 301 may load a program for performing the processing of FIG. 12 from secondary storage device 303 into main storage device 304 and execute the program.
- part or all of the process may also be implemented as a combination of circuit elements configured to perform the process.
- step S1210 the processor 301 repeatedly executes the processing within the loop until an end request is received.
- a termination request may be input to the control unit 200 by the user, or may be transmitted to the control unit 200 from an external device. Alternatively, the processor 301 may continue to execute the processes after step S1220 while the control unit 200 is operating.
- step S1220 the processor 301 determines whether or not there is a request to access variables or physical memory. If processor 301 determines that there is a request to access a variable or physical memory (YES in step S1220), processor 301 moves control to step S1230. Otherwise (NO in step S1220), processor 301 shifts control to step S1210.
- the processor 301 obtains the user account information 700.
- the user account information 700 may be stored in the secondary storage device 303 in advance.
- step S1240 the processor 301 determines whether the user who sent the access request has access rights to the value indicated by the requested variable or physical memory. If processor 301 determines that the user who has sent the access request has the right to access the value indicated by the requested variable or physical memory (YES in step S1240), processor 301 moves control to step S1250. Otherwise (NO in step S1240), processor 301 shifts control to step S1260.
- the processor 301 permits (accepts) the access request. More specifically, the processor 301 executes reading processing of the value indicated by the variable or physical memory, or writing processing to the variable or physical memory based on the instruction included in the access request.
- the change history may include the variable name or physical memory address indicating the updated value, the updated value, and the user identifier of the user who updated the value. It should be noted that the processor 301 generates or updates a change history and stores the change history in the secondary storage device 303 when executing the writing process.
- step S1260 the processor 301 denies the access request.
- step S1270 the processor 301 determines whether or not a termination request has been received. If processor 301 determines that the end request has been received (YES in step S1270), it ends the process. Otherwise (NO in step S1270), processor 301 returns control to step S1210.
- control unit 200 has access control information 322 for each variable or physical memory. Thereby, the control unit 200 can determine whether or not to accept an access request for each variable or physical memory. Furthermore, control unit 200 according to the present embodiment can limit the write range for each variable or physical memory based on the security level of the variable or physical memory.
- control unit 200 or support device 110 can generate variable operation authority information based on control program 420 .
- control program 420 can generate variable operation authority information 500 by defining variables according to a predetermined naming rule in the control program 420 .
- control unit 200 or support device 110 may hold physical memory operation authority information 510 in advance. Thereby, the control unit 200 can automatically determine whether or not to accept an access request for each physical memory.
- the present embodiment includes the following disclosures.
- (Configuration 1) a control unit (301) that controls a controlled object; a storage unit (303) storing a program (420) executed by the control unit (301) and access rights (500, 510) to each of a plurality of data referred to by the program (420); An input unit (305, 314) that receives an access request for any of the plurality of data,
- Each of the above access rights (500, 510) includes information on operations that can be performed by each of the users having each right,
- the control unit (301) referring to each of the access rights (500, 510) based on obtaining an access request for any of the plurality of data from the input unit (305, 314);
- a control system (1, 510) for determining, based on each of the access rights (500, 510), whether the user who sent the access request has access rights (500, 510) to the data for which the access is requested. 200).
- Configuration 2 The control system (1, 200) of configuration 1, wherein each of said plurality of data is data indicated by a variable or physical memory address in said program (420).
- composition 3 The storage unit (303) further stores write range information (600, 610) for each of the variables or the physical memory, The control of configuration 2, wherein the control unit (301) limits the range of writable values for the variable or the physical memory for which access is requested based on the write range information (600, 610). System (1,200).
- the access rights (500, 510) for each of the plurality of data are defined by the first rule (800) defining the access rights (500, 510) for each variable name, or the access rights (500, 510) for each physical memory.
- a control system (1, 200) of configuration 2 or 3 generated based on a second rule (810) defining ).
- Composition 5 further comprising a device (110) for creating the program (420);
- the device (110) comprises: Analyzing the program (420) based on the first rule (800) or the second rule (810), Based on the analysis result, each of the above access rights (500, 510) is generated, A control system (1, 200) of configuration 4, outputting each of said access rights (500, 510) to said storage (303).
- the storage unit (303) further stores the first rule (800) or the second rule (810),
- the control unit (301) Analyzing the program (420) using the first rule (800) or the second rule (810) based on having obtained the program (420) from another device, Based on the analysis result, each of the above access rights (500, 510) is generated, A control system (1, 200) of configuration 4, outputting each of said access rights (500, 510) to said storage (303).
- Control unit (301) stores an update history in the storage unit (303) based on updating of any of the plurality of data referred to by the program (420), The control system (1 , 200).
- Composition 8 A control method for a control device, accessing a program (420) executed by the controller and respective access rights (500, 510) to each of a plurality of data referenced by the program (420);
- Each of the above access rights (500, 510) includes information on operations that can be performed by each of the users having each right, referring to each of the access rights (500, 510) based on obtaining an access request for any of the plurality of data; determining whether the user who sent the access request has access rights (500, 510) to the requested data based on each of the access rights (500, 510); control method.
- composition 9 9. The control method of configuration 8, wherein each of said plurality of data is data indicated by a variable in said program (420) or a physical memory address.
- Configuration 10 accessing write range information (600, 610) for each of said variables or said physical memory; 10.
- composition 11 The access rights (500, 510) for each of the plurality of data are defined by the first rule (800) defining the access rights (500, 510) for each variable name, or the access rights (500, 510) for each physical memory. ) is generated based on the second rule (810) defining the control method of configuration 9 or 10.
- Composition 12 analyzing said program (420) based on said first rule (800) or said second rule (810); a step of generating each of the access rights (500, 510) based on the analysis result; and outputting each of said access rights (500, 510).
- composition 13 further comprising generating an update history based on any of the plurality of data referenced by the program (420) being updated;
- control system 100 network system, 110 support device, 120 server device, 130 gateway, 140 display device, 150 network, 160 field network, 170 controlled object, 200 control unit, 210 security unit, 220 safety unit, 230 functional unit, 240 power supply unit, 301, 401 processor, 302 chipset, 303, 405 secondary storage device, 304, 402 main storage device, 305 communication controller, 306 indicator, 307 switch interface, 308 dip switch, 309 internal bus controller, 310, 311, 312 network controller, 313 memory card interface, 314 controller, 320 system program, 321 service program, 322 access control information, 323 non-volatile storage area, 324 encrypted control program, 325 volatile storage area, 326 decrypted control Program, 330 bus, 340 memory card, 403 input unit, 404 output unit, 406 optical drive, 407 communication interface, 410 processor bus, 420 control program, 421 operation authority information generation program, 422 write range information generation program, 423 support Program, 424 OS, 450 Recording medium, 500,
Abstract
Description
図1は、本実施の形態に従う制御システム1を備えるネットワークシステム100の全体構成を模式的に示す図である。図1に示す構成を例に、本実施の形態に従う技術が適用される場面について説明する。
次に、本実施の形態に従うネットワークシステム100が備える各装置のハードウェア構成について説明する。
図2は、本実施の形態に従う制御システム1の構成例を示す外観図である。図2を参照して、制御システム1は、制御ユニット200、セキュリティユニット210、セーフティユニット220、1または複数の機能ユニット230、および電源ユニット240を含む。
次に、本実施の形態に従う制御システム1が含む制御ユニット200のハードウェア構成例について説明する。
次に、本実施の形態に従う制御システム1に接続され得るサポート装置110のハードウェア構成例について説明する。
次に、変数または物理メモリが示す値ごとのアクセスコントロールを実現するためのアクセスコントロール情報322が含む各種情報について説明する。
次に、本実施の形態に従う制御ユニット200によるアクセスコントロールの手順について説明する。
以上のように、本実施の形態では以下のような開示を含む。
制御対象を制御する制御部(301)と、
上記制御部(301)によって実行されるプログラム(420)と、上記プログラム(420)で参照される複数のデータの各々に対する各アクセス権限(500,510)とを格納する記憶部(303)と、
上記複数のデータのいずれかに対するアクセス要求を受け付ける入力部(305,314)とを備え、
各上記アクセス権限(500,510)は、各権限を持つユーザの各々が実行可能な操作の情報を含み、
上記制御部(301)は、
上記入力部(305,314)から上記複数のデータのいずれかに対するアクセス要求を取得したことに基づいて、各上記アクセス権限(500,510)を参照し、
各上記アクセス権限(500,510)に基づいて、上記アクセス要求を送信したユーザが、当該アクセスを要求したデータに対するアクセス権限(500,510)を有するか否かを判断する、制御システム(1,200)。
上記複数のデータの各々は、上記プログラム(420)内の変数または物理メモリのアドレスにより示されるデータである、構成1の制御システム(1,200)。
上記記憶部(303)は、さらに、上記変数または上記物理メモリの各々に対する書込範囲の情報(600,610)を格納し、
上記制御部(301)は、上記書込範囲の情報(600,610)に基づいて、アクセス要求のあった上記変数または上記物理メモリに対する書込可能な値の範囲を制限する、構成2の制御システム(1,200)。
上記複数のデータの各々に対するアクセス権限(500,510)は、変数名ごとのアクセス権限(500,510)を定義した第1のルール(800)、または、物理メモリごとのアクセス権限(500,510)を定義した第2のルール(810)に基づいて生成される、構成2または3の制御システム(1,200)。
上記プログラム(420)を作成するための装置(110)をさらに備え、
上記装置(110)は、
上記第1のルール(800)または上記第2のルール(810)に基づいて、上記プログラム(420)を解析し、
解析結果に基づいて、各上記アクセス権限(500,510)を生成し、
各上記アクセス権限(500,510)を上記記憶部(303)に出力する、構成4の制御システム(1,200)。
上記記憶部(303)は、上記第1のルール(800)または上記第2のルール(810)をさらに格納し、
上記制御部(301)は、
他の装置から上記プログラム(420)を取得したことに基づいて、上記第1のルール(800)または上記第2のルール(810)を用いて、上記プログラム(420)を解析し、
解析結果に基づいて、各上記アクセス権限(500,510)を生成し、
各上記アクセス権限(500,510)を上記記憶部(303)に出力する、構成4の制御システム(1,200)。
上記制御部(301)は、上記プログラム(420)で参照される複数のデータのいずれかが更新されたことに基づいて、更新履歴を上記記憶部(303)に格納し、
上記更新履歴は、更新されたデータを示す変数名または物理メモリのアドレスと、上記更新されたデータと、データを更新したユーザのユーザ識別子とを含む、構成2~6の記載の制御システム(1,200)。
制御装置の制御方法であって、
上記制御装置によって実行されるプログラム(420)と、上記プログラム(420)で参照される複数のデータの各々に対する各アクセス権限(500,510)とにアクセスするステップを含み、
各上記アクセス権限(500,510)は、各権限を持つユーザの各々が実行可能な操作の情報を含み、
上記複数のデータのいずれかに対するアクセス要求を取得したことに基づいて、各上記アクセス権限(500,510)を参照するステップと、
各上記アクセス権限(500,510)に基づいて、上記アクセス要求を送信したユーザが、当該アクセスを要求したデータに対するアクセス権限(500,510)を有するか否かを判断するステップとをさらに含む、制御方法。
上記複数のデータの各々は、上記プログラム(420)内の変数または物理メモリのアドレスにより示されるデータである、構成8の制御方法。
上記変数または上記物理メモリの各々に対する書込範囲の情報(600,610)にアクセスするステップと、
上記書込範囲の情報(600,610)に基づいて、アクセス要求のあった上記変数または上記物理メモリに対する書込可能な値の範囲を制限するステップとをさらに含む、構成9の制御方法。
上記複数のデータの各々に対するアクセス権限(500,510)は、変数名ごとのアクセス権限(500,510)を定義した第1のルール(800)、または、物理メモリごとのアクセス権限(500,510)を定義した第2のルール(810)に基づいて生成される、構成9または10の制御方法。
上記第1のルール(800)または上記第2のルール(810)に基づいて、上記プログラム(420)を解析するステップと、
解析結果に基づいて、各上記アクセス権限(500,510)を生成するステップと、
各上記アクセス権限(500,510)を出力するステップとをさらに含む、構成11の制御方法。
上記プログラム(420)で参照される複数のデータのいずれかが更新されたことに基づいて、更新履歴を生成するステップをさらに含み、
上記更新履歴は、更新されたデータを示す変数名または物理メモリのアドレスと、上記更新されたデータと、データを更新したユーザのユーザ識別子とを含む、構成9~12の制御方法。
Claims (13)
- 制御対象を制御する制御部と、
前記制御部によって実行されるプログラムと、前記プログラムで参照される複数のデータの各々に対する各アクセス権限とを格納する記憶部と、
前記複数のデータのいずれかに対するアクセス要求を受け付ける入力部とを備え、
各前記アクセス権限は、異なる権限を持つユーザの各々が実行可能な操作の情報を含み、
前記制御部は、
前記入力部から前記複数のデータのいずれかに対するアクセス要求を取得したことに基づいて、各前記アクセス権限を参照し、
各前記アクセス権限に基づいて、前記アクセス要求を送信したユーザが、当該アクセスを要求したデータに対するアクセス権限を有するか否かを判断する、制御システム。 - 前記複数のデータの各々は、前記プログラム内の変数または物理メモリのアドレスにより示されるデータである、請求項1に記載の制御システム。
- 前記記憶部は、さらに、前記変数または前記物理メモリの各々に対する書込範囲の情報を格納し、
前記制御部は、前記書込範囲の情報に基づいて、アクセス要求のあった前記変数または前記物理メモリに対する書込可能な値の範囲を制限する、請求項2に記載の制御システム。 - 前記複数のデータの各々に対するアクセス権限は、変数名ごとのアクセス権限を定義した第1のルール、または、物理メモリごとのアクセス権限を定義した第2のルールに基づいて生成される、請求項2または3に記載の制御システム。
- 前記プログラムを作成するための装置をさらに備え、
前記装置は、
前記第1のルールまたは前記第2のルールに基づいて、前記プログラムを解析し、
解析結果に基づいて、各前記アクセス権限を生成し、
各前記アクセス権限を前記記憶部に出力する、請求項4に記載の制御システム。 - 前記記憶部は、前記第1のルールまたは前記第2のルールをさらに格納し、
前記制御部は、
他の装置から前記プログラムを取得したことに基づいて、前記第1のルールまたは前記第2のルールを用いて、前記プログラムを解析し、
解析結果に基づいて、各前記アクセス権限を生成し、
各前記アクセス権限を前記記憶部に出力する、請求項4に記載の制御システム。 - 前記制御部は、前記プログラムで参照される複数のデータのいずれかが更新されたことに基づいて、更新履歴を前記記憶部に格納し、
前記更新履歴は、更新されたデータを示す変数名または物理メモリのアドレスと、前記更新されたデータと、データを更新したユーザのユーザ識別子とを含む、請求項2~6のいずれかに記載の制御システム。 - 制御装置の制御方法であって、
前記制御装置によって実行されるプログラムと、前記プログラムで参照される複数のデータの各々に対する各アクセス権限とにアクセスするステップを含み、
各前記アクセス権限は、異なる権限を持つユーザの各々が実行可能な操作の情報を含み、
前記複数のデータのいずれかに対するアクセス要求を取得したことに基づいて、各前記アクセス権限を参照するステップと、
各前記アクセス権限に基づいて、前記アクセス要求を送信したユーザが、当該アクセスを要求したデータに対するアクセス権限を有するか否かを判断するステップとをさらに含む、制御方法。 - 前記複数のデータの各々は、前記プログラム内の変数または物理メモリのアドレスにより示されるデータである、請求項8に記載の制御方法。
- 前記変数または前記物理メモリの各々に対する書込範囲の情報にアクセスするステップと、
前記書込範囲の情報に基づいて、アクセス要求のあった前記変数または前記物理メモリに対する書込可能な値の範囲を制限するステップとをさらに含む、請求項9に記載の制御方法。 - 前記複数のデータの各々に対するアクセス権限は、変数名ごとのアクセス権限を定義した第1のルール、または、物理メモリごとのアクセス権限を定義した第2のルールに基づいて生成される、請求項9または10に記載の制御方法。
- 前記第1のルールまたは前記第2のルールに基づいて、前記プログラムを解析するステップと、
解析結果に基づいて、各前記アクセス権限を生成するステップと、
各前記アクセス権限を出力するステップとをさらに含む、請求項11に記載の制御方法。 - 前記プログラムで参照される複数のデータのいずれかが更新されたことに基づいて、更新履歴を生成するステップをさらに含み、
前記更新履歴は、更新されたデータを示す変数名または物理メモリのアドレスと、前記更新されたデータと、データを更新したユーザのユーザ識別子とを含む、請求項9~12のいずれかに記載の制御方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/279,325 US20240142952A1 (en) | 2021-03-12 | 2021-12-20 | Control system and method for controlling same |
EP21930371.6A EP4307150A1 (en) | 2021-03-12 | 2021-12-20 | Control system and method for controlling same |
CN202180094671.7A CN116997898A (zh) | 2021-03-12 | 2021-12-20 | 控制系统及其控制方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021-040012 | 2021-03-12 | ||
JP2021040012A JP2022139565A (ja) | 2021-03-12 | 2021-03-12 | 制御システムおよびその制御方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022190526A1 true WO2022190526A1 (ja) | 2022-09-15 |
Family
ID=83227544
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2021/046973 WO2022190526A1 (ja) | 2021-03-12 | 2021-12-20 | 制御システムおよびその制御方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20240142952A1 (ja) |
EP (1) | EP4307150A1 (ja) |
JP (1) | JP2022139565A (ja) |
CN (1) | CN116997898A (ja) |
WO (1) | WO2022190526A1 (ja) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150192918A1 (en) * | 2012-09-21 | 2015-07-09 | Abb Research Ltd | Operating a programmable logic controller |
JP2016134137A (ja) | 2015-01-22 | 2016-07-25 | オムロン株式会社 | プログラマブル表示器 |
JP2017220114A (ja) * | 2016-06-09 | 2017-12-14 | 富士電機株式会社 | 制御システム及び制御方法 |
-
2021
- 2021-03-12 JP JP2021040012A patent/JP2022139565A/ja active Pending
- 2021-12-20 WO PCT/JP2021/046973 patent/WO2022190526A1/ja active Application Filing
- 2021-12-20 US US18/279,325 patent/US20240142952A1/en active Pending
- 2021-12-20 EP EP21930371.6A patent/EP4307150A1/en active Pending
- 2021-12-20 CN CN202180094671.7A patent/CN116997898A/zh active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150192918A1 (en) * | 2012-09-21 | 2015-07-09 | Abb Research Ltd | Operating a programmable logic controller |
JP2016134137A (ja) | 2015-01-22 | 2016-07-25 | オムロン株式会社 | プログラマブル表示器 |
JP2017220114A (ja) * | 2016-06-09 | 2017-12-14 | 富士電機株式会社 | 制御システム及び制御方法 |
Also Published As
Publication number | Publication date |
---|---|
JP2022139565A (ja) | 2022-09-26 |
EP4307150A1 (en) | 2024-01-17 |
US20240142952A1 (en) | 2024-05-02 |
CN116997898A (zh) | 2023-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3048523B9 (en) | Programmable display | |
TWI428721B (zh) | 工業控制系統、在工業控制環境中之通訊方法,以及用於實施此方法之電腦可讀取媒體 | |
US20140380057A1 (en) | Method, Server, Host, and System for Protecting Data Security | |
CN105530236B (zh) | 用于加密的方法、加密装置、解密装置及开发系统 | |
CN105659646B (zh) | 移动设备验证 | |
US11412047B2 (en) | Method and control system for controlling and/or monitoring devices | |
US11146591B2 (en) | Security unit and method for an industrial control system | |
JP2021051741A (ja) | プロセス制御システムにおけるhart通信のためのホワイトリスト | |
WO2017121928A1 (en) | Executing operation to service in industrial automation system | |
WO2022190526A1 (ja) | 制御システムおよびその制御方法 | |
CN103163860A (zh) | 经过计算机网络进行访问控制的加工机床 | |
EP3951518A1 (en) | Control system, security device, and method | |
US9087201B2 (en) | System and methods for host enabled management in a storage system | |
CN111108451B (zh) | 工业控制系统 | |
WO2022185583A1 (ja) | 制御装置、ならびに制御装置の記憶部に保存されたデータの入出力を管理するプログラムおよび方法 | |
EP3794482A1 (en) | Method for securing an automated system | |
JP2020067793A (ja) | 制御装置 | |
WO2021005831A1 (ja) | 制御システム、および制御方法 | |
JP4622474B2 (ja) | フィールド機器及びこれを用いたシステム | |
JP7052755B2 (ja) | 制御装置、管理プログラムおよび制御システム | |
WO2022190422A1 (ja) | 制御システムおよびその制御方法 | |
US20230093865A1 (en) | Control system, relay device, and access management program | |
JP2022139149A (ja) | 制御システムおよび制御方法 | |
Riti et al. | Vault HCL | |
CN112817277A (zh) | 自动化技术中的工业控制系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21930371 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202180094671.7 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18279325 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2021930371 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021930371 Country of ref document: EP Effective date: 20231012 |