检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李嘉伟 刘京娟 Li Jiawei;Liu Jingjuan(China Industrial Control Systems Cyber Emergency Response Team,Beijing 100040)
机构地区:[1]国家工业信息安全发展研究中心,北京100040
出 处:《网络空间安全》2020年第10期73-79,92,共8页Cyberspace Security
摘 要:随着工业4.0智能化时代的到来,工业软件被提升到了前所未有的高度。目前,工业软件已经渗透于工业企业产业链的各个环节,其在促进制造业提质增效的同时,也带来了巨大的安全隐患。当前,针对工业软件安全性的研究多注重于“功能安全”,而隐通道作为工业软件“通信安全”的首要威胁,并未引起产业界的足够重视。文章简要概述了隐通道的定义、分类、成因以及典型案例,并基于法国施耐德电气的Quantum PLC设备搭建隐通道实验环境,详细分析了工业软件领域隐通道的构建过程以及数据隐蔽传输过程,并通过实验数据印证了隐通道可绕过系统访问控制策略进行敏感信息隐蔽传输的特性。With the advent of the intelligent era of Industry 4.0,industrial software has been elevated to an unprecedented level.At present,industrial software has penetrated into all links of the industrial chain of industrial enterprises,which not only promotes the quality and efficiency of the manufacturing industry,but also brings huge security risks.The current research on the security of industrial software focuses on"functional security",and covert channel as the primary threat to the"communication security"of industrial software has not attracted enough attention from the industry.This paper briefly outlines the definition,classification,causes and typical cases of the covert channel,and builds a covert channel experimental environment based on the Schneider Electric Modicon Quantum PLC equipment.It analyzes in detail the construction process of covert channel and the covert transmission of data in the field of industrial software.The experimental data shows that the covert channel can bypass the system access control strategy to achieve the covert transmission of sensitive information.
分 类 号:TN918.91[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.170