Huazhong University of Science and Technology
The National Basic Research Program of China (973 Program)
工业互联网背景下, 工业控制系统面临攻击防不住、脆弱性易暴露的安全挑战, 要保障工控系统安全稳定运行, 首先需要深入探究引发工控系统故障的原因, 明确系统脆弱性机理. 针对当前单点或局部脆弱性分析的局限性, 本文面向工控系统全生命周期安全需求及特征, 提出脆弱性多维协同分析框架, 通过模型驱动的系统静态、动态脆弱性分析以及多域融合评估, 剖析和挖掘系统脆弱点及其关联渗透过程, 生成系统脆弱性知识. 本文提出的框架首次明确脆弱性含义, 同时全生命周期需求覆盖以及一体化架构特性有助于实现系统全局脆弱性机理揭示.
In the context of industrial internet, industrial control systems are faced with the challenges of attack intrusion and vulnerability exposure. In order to ensure the safe and stable operation of industrial control systems, it is neccessary to explore the cause of system failures and clarify potential vulnerabilities. In this paper, based on the full-lifecycle security requirements and characteristics of industrial control systems, a multi-dimensional collaborative vulnerability analysis framework is proposed. With model-driven system static and dynamic vulnerability analysis, the system vulnerability knowledge is then generated. Meanwhile, the framework proposed firstly clarifies the meaning of vulnerability in industrial control systems, and the full-lifecycle coverage and integrated architectural features are benificial to realize the global vulnerability disclosure of industrial control systems.