基于可信计算技术构建电力监测控制系统网络安全免疫系统

电力系统是国家重要基础设施，电网调度控制系统是现代大电网安全稳定运行的重要手段，也是国家级网络对抗中的重点攻击目标。中国电网已经全面建成了以网络隔离及边界防护为主的网络安全纵深防护体系，但面对以快速演进的恶意代码为主要技术手段的APT攻击，存在防护技术滞后于攻击手段、安全功能制约于业务功能、防护措施影响控制业务实时性等问题。可信计算是一种运算与保护并行结构的计算模式，通过保持计算环境及计算逻辑的完整性，为计算平台提供了对恶意代码、非法操作的自主免疫能力。基于可信计算技术，建立电力监测控制系统网络安全免疫系统，由控制主站系统电力可信计算平台、可信网络通信及可信现场测控终端构成，覆盖电力控制业务从现场监测、通信、计算分析、控制指令下达与执行全部环节，为电力控制系统提供了一种行之有效的主动防御机制。主站系统电力可信计算平台包括作为信任根的可信密码模块硬件和嵌入到操作系统内核的可信软件基两个核心组件，实现计算机的可信引导，对操作系统及应用程序的完整性度量、强制访问控制和强制执行控。电力可信计算平台在标准的信任链构建方法基础上，在操作系统引导器中植入度量代码，通过CPU实模式驱动下的可信密码硬件对系统引导程序代码完整性进行回溯度量。与当前通用的可信计算技术实现方式相比,电力可信计算平台将度量的起点从操作系统前推到操作系统引导器,从而使得系统安全性大幅度提升。结合电网调度控制系统中的安全标签机制，电力可信计算平台对应用进程实现了融合操作系统层和应用层的双重强制访问控制。结合调度数字证书系统，实现了应用程序预期值安全管理，确保预期值的真实性与权威性。电力可信计算平台使用了计算组件中的原生安全功能，无需对业务程序、逻辑和系统资源进行改动，避免了对在运业务系统进行大规模改造，在工程上切实可行。全面的测试及广泛的工程实践表明，电力可信计算平台消耗系统资源少，运行效率完全满足控制业务实时性要求，对业务功能没有任何干扰。基于可信计算技术构建的网络安全免疫系统，为电力监测控制系统提供了一套高效率、高强度防护机制，对恶意代码、非法操作具有主动防御能力，同时也适用于其他业务逻辑固定、系统更新不频繁、安全等级要求高的工业控制系统。

Construction of the Immune System of Cyber Security for Electric Power Supervise and Control System Based on Trusted Computing

Electric power system is critical infrastructure of the nation.As one of the most important methods for the whole power grid''s stability,power grid control system has become the key target of international network attacks.Against these attacks,China has built network deep defense system in power grid,which is mainly based on network isolation and border protection strategy.However,as the APT attacks whose main technological mean is developing malicious code rapidly,some new problems appear, such as outdated protection technology,business functions limitation caused by security functions,negative effects on the real-time control brought about by security controls,and etc.Trusted computing is a computing model for computing and protecting parallel structure,which provides the platform with the ability of autonomous immunity to malicious code and illegal operation,by keeping the integrity of the computing environment and the computing logic.Based on the trusted computing,our goal is to establish cyber security immune system which provides an active defense mechanism effectively for power supervise and control system.The cyber security immune system consists of the trusted computing platform for power control main station system,trusted network communications and trusted field terminal.The trusted computing platform includes the trusted hardware module as the trusted root,and the trusted software module embedded in the operating system kernel to realize the trusted guidance of the computer,the integrity protection for the operating system and the application,mandatory access control and enforcement control.Based on the standard trusted chain construction method,the power trusted computing platform embeds the measurement code in the operating system guide,and retrospectively evaluates the code integrity of the system boot code through the trusted password hardware driven by the CPU real mode.Compared to the current use of trusted computing technology,the starting point of the measurement is brought from the head of the operating system to the operating system boot,which leads to great improvement in the system security.Combined with the security label mechanism in the power grid dispatching control system,the power trusted computing platform realizes the double mandatory access control of the integrated operating system layer and the application layer.Combined with the scheduling of digital certificate system, the platform achieves the security management of expected value of the application,ensuring that the authenticity and authority of the expected value.The trusted computing platform utilizes the original security features in the compute component,eliminating the need of changes in business processes,logic and system resources, thus avoiding the need for large-scale retrofitting of operational systems.Comprehensive tests and extensive engineering practices show that the trusted computing platform for electric power saves the system resources,its operating efficiency fully meets the real-time requirements of control business and realizes the professional work without any interference.Based on the trusted computing technology,the immune system of cyber security provides the system of the power supervise and control system with a set of high efficiency and high-intensity protection mechanism.It achieves active defense capabilities against malicious code and illegal operation,simultaneously fits other industrial control system with fixed-logic work,in frequent system update and high-level security requirements.