面向TSN工控系统的安全策略冲突消解方法  

作　　者：王志通 胡晓娅[1,2] WANG Zhitong;HU Xiaoya(School of Artificial Intelligence and Automation,Huazhong University of Science and Technology,Wuhan 430074,China;Shenzhen Research Institute of Huazhong University of Science and Technology,Shenzhen 518057,China)

机构地区：[1]华中科技大学人工智能与自动化学院,湖北武汉430074 [2]华中科技大学深圳研究院,广东深圳518057

出　　处：《系统工程与电子技术》2024年第12期4128-4139,共12页Systems Engineering and Electronics

基　　金：国家自然科学基金(62173153);深圳市科技计划(JCYJ20230807143613028)资助课题。

摘　　要：时间敏感网络(time sensitive networking,TSN)工控系统中安全策略的执行可能影响业务流的正常运行,使系统的信息安全和功能安全之间发生冲突。因此,TSN工控系统中信息安全策略和功能安全策略需要进行一体化部署,并解决两种不同安全策略之间的冲突问题。针对该问题,提出双粒度融合的冲突识别与消解多步方法。第一步,基于策略决策进行粗粒度的冲突识别与消解,以获得无冲突的安全策略集合。第二步,基于任务调度进行细粒度的冲突识别与消解,通过策略解析和时延预估模型的优化闭环,满足业务流传输安全一体化的需求。最后,通过实验验证所提冲突消解方法的有效性和可行性,证明所提方法可生成同时满足TSN工控系统安全性与实时性的安全策略及其对应的安全任务。In the area of time sensitive networking(TSN)industrial control system,the execution of security strategies may affect the normal operation of the business flow,leading to conflicts between system information security and function safety.Therefore,information safety and function security strategies in TSN industrial control system need to be deployed together and resolve conflicts between the two different safety strategies.To address the problem,a multi-step method for conflict identification and resolution with dual granularity fusion is proposed.The first step is to perform coarse-grained conflict identification and resolution based on strategy decision-making to obtain a set of conflict-free security strategies.The second step is to perform fine-grained conflict identification and resolution based on task scheduling,meeting the integrated requirements of business flow transmission security through strategy analysis and optimized closed-loop of delay prediction models.Finally,the effectiveness and feasibility of the proposed conflict resolution method are validated through experiments,which demonstrate that the proposed method can generate security strategies and corresponding security tasks that simultaneously meet the safety and real-time requirements of TSN industrial control systems.

关 键 词：时间敏感网络工控系统 信息安全 功能安全 冲突消解 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]