汽轮机控制保护系统攻击建模与逻辑完整性检测  

作　　者：马海迎 李奕彤 袁晓舒 何立栋 MA Haiying;LI Yitong;YUAN Xiaoshu;HE Lidong(School of Automation,Nanjing University of Science and Technology,Nanjing 210094,China;DEC Academy of Science and Technology Co.,Ltd.,Chengdu 611731,China)

机构地区：[1]南京理工大学自动化学院,江苏南京210094 [2]东方电气能源装备工控网络安全工程实验室,四川成都611731

出　　处：《控制工程》2024年第11期2062-2070,共9页Control Engineering of China

基　　金：国家自然科学基金资助项目(61973163);东方电气集团科研项目(GKKY21001)。

摘　　要：控制保护逻辑是整个汽轮机控制保护系统的核心,以往传统模型侧重于描述系统的物理属性,而对逻辑属性有所忽视。目前关于汽轮机控制保护系统的攻击大多围绕网络通信的脆弱性以及模型数据的不可靠性展开,对系统本身逻辑过程脆弱性的研究较少。鉴于此,在基于时间自动机的汽轮机控制保护系统模型基础上,建立活性与汽轮机控制保护逻辑的内在联系。其中,活性指好的事情终会发生,由此将逻辑完整性问题转换为活性完整性问题。并且针对汽轮机控制保护逻辑提出窜改控制指令参数和传感器监测阈值的攻击方式。此外,还提出了状态检测法和变量检测法,用于检测汽轮机控制保护系统逻辑完整性是否被破坏。最后,利用UPPAAL软件对遭受攻击前后的系统进行仿真验证。The control protection logic is the core of the entire steam turbine control and protection system,while the traditional model focuses on the description of the physical attributes of the system,and ignores the characterization of the logical attributes of the system.Furthermore,most of the current attacks on steam turbine control and protection systems revolve around the vulnerability of the system in network communication and the reliability of model data.And there are few related studies which is based on the vulnerability of the logical process of the system itself.Based on the steam turbine control and protection system model by using time automata,the intrinsic relationship between the liveness and the steam turbine control protection logic is established.In this case,liveness refers to the fact that good things will eventually happen,thus converting the logical integrity problem into the liveness integrity.Furthermore,attack methods are proposed for tampering with control command parameters and sensor monitoring thresholds for steam turbine control protection logic.Moreover,state detection and variable detection methods are proposed to detect whether the logic integrity of the steam turbine control and protection system has been broken.Finally,UPPAAL software is used to simulate and verify the system before and after the attack.

关 键 词：汽轮机控制保护逻辑 形式化方法 活性 UPPAAL 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]