面向城轨云平台边界安全防护的动态信任管理方法
A Dynamic Trust Management Method for Border Security Protection of Metro Cloud Platform
张雷 1徐倩 2何积丰 1曾小清 2宁正2
作者信息
- 1. 同济大学 交通运输工程学院, 上海 201804;同济大学 上海自主智能无人系统科学中心, 上海 201810
- 2. 同济大学 交通运输工程学院, 上海 201804
- 折叠
摘要
针对城轨云平台边界数量多、边界安全防护薄弱的问题,分析了城轨云与工业控制网络协同交互过程,提出了一种面向城轨云平台边界安全防护的动态信任管理方法,包括异常行为识别、信任评估、信任更新、基于信任值的动态访问控制.根据城轨云的综合监控系统网络拓扑,分析了未经授权控制指令、违规控制指令、干扰正常控制指令三类异常行为.结果表明,所提出的动态信任管理方法能够有效抵御恶意节点发起的异常行为;对于不同节点、不同异常行为的信任值变化不同;符合"缓升快降"的规则,能够保障城轨云平台细粒度的边界安全防护.
Abstract
To address the problem of numerous borders and weak border protection in metro cloud platform,the collaborative interaction between the cloud and the industrial control network is analyzed,and a dynamic trust management method for border security protection of metro cloud platform is proposed.The method consists of abnormal behavior recognition,trust evaluation,trust updating,and trust-based dynamic access control.Based on the network topology of metro cloud-based integrated supervisory control system,three kinds of abnormal control commands are simulated,i.e.,unauthorized control commands,non-conforming control commands,and interference with normal control commands.The results show that the proposed method can effectively resist abnormal control commands initiated by malicious nodes.The changes in trust values vary for different nodes and different types of misbehaviors following the rule of"slow rise and fast fall",thus ensuring fine-grained boundary protection for the metro cloud platform.
关键词
信任管理/城轨云/边界安全防护/异常控制指令Key words
trust management/metro cloud/border security protection/abnormal control commands引用本文复制引用
基金项目
国家自然科学基金资助项目(52172329)
国家重点研发计划资助项目(2022YFB4300501)
上海市科委资助项目(23DZ2204900)
出版年
2024
国家科技期刊平台
NSTL
万方数据