基于PROFIBUS-DP的嵌入式安全Web网关的设计与实现

发布时间：2018-06-24 14:57

本文选题：PROFIBUS-DP + Internet　；参考：《吉林大学》2014年硕士论文

【摘要】：PROFIBUS现场总线是当前业界应用最成功、最广泛的现场总线技术，它将企业现场控制系统与底层设备相连，构成企业的控制层网络。传统的企业控制层网络和企业信息网络相对孤立封闭，企业的管理层和技术人员只有亲临现场或者通过定期的上报文件来了解现场生产状况。在信息瞬息万变的时代，企业的生存与发展很大程度上依赖于对现场设备运行状况的了解并且做出正确、及时的决策。如何将现场总线网络接入Internet网络实现对设备的远程实时监控是工业自动化的热点研究问题之一，同时安全问题也是现场总线网络接入Internet网络不容忽视的重要问题。本文针对两种异构网络的互联接入问题和接入时的安全问题，提出了采用嵌入式安全Web网关的方法实现通过Internet网对PROFIBUS-DP总线上设备的实时、快捷直观、安全的监控。本项研究在对PROFIBUS-DP现场总线网络和Internet网络两种异构网络网络结构和网络协议深入研究和分析的基础上，，提出了采用嵌入式网关的方法使两种异构网络互联通信，并设计了具体的协议转换模型和协议转换方法，进而达到通过Internet对PROFIBUS-DP现场总线上设备远程监控的目的。根据两种异构网络的通信模型，设计了网关软、硬件系统架构。在硬件系统架构上，该网关采用了高性能的S3C2440微处理器、高速以太网控制器DM9000、以及大容量的SDRAM和FLASH存储器，同时具备PROFIBUS和Internet接口。在软件系统架构上，采用了网络性能优良的嵌入式Linux操作系统，并引入了具有优秀网络友好交互能力的嵌入式Web技术和对数据信息进行管理的嵌入式数据库技术。在系统安全方面，本项研究详细分析了PROFIBUS-DP工控网络通过嵌入式Web网关接入Internet互联网的安全威胁，在研究现有通用的安全方法的基础上，提出了适合本项研究应用场景的安全机制。在本嵌入式Web网关上同时采用强制访问控制思想进行用户身份访问控制、SSL套接层协议对数据进行加密安全传输、分类系统日志对系统提供不可抵赖性服务这三种措施来对系统进行安全保护。利用动态网页技术-CGI编程实现用户与设备交互、用户强制访问控制、分类系统日志记录，并对设计的嵌入式安全Web网关进行了模拟验证与测试。测试结果表明：本项研究设计的嵌入式安全Web网关方案能实现通过Internet网对PROFIBUS-DP总线上的设备进行方便快捷、实时地远程监控，同时设计的安全机制能对系统提供较高的安全性保障。
[Abstract]:PROFIBUS field bus is the most successful and widely used field bus technology in the industry at present. It connects the enterprise field control system with the underlying equipment and constitutes the control layer network of the enterprise. The traditional enterprise control layer network and enterprise information network are relatively isolated and closed. The management and technical personnel of the enterprise only come to the scene in person or through regular reporting documents to understand the production situation on the spot. In the era of rapid change of information, the survival and development of enterprises depend largely on the understanding of the operation status of field equipment and making correct and timely decisions. How to connect the fieldbus network to the Internet network to realize the remote real-time monitoring of the equipment is one of the hot research issues in industrial automation. At the same time, the security problem is also an important issue that can not be ignored when the fieldbus network is connected to the Internet network. In this paper, aiming at the problem of interconnection and security of two heterogeneous networks, an embedded secure Web gateway is proposed to monitor the devices on PROFIBUS-DP bus in real time, fast, and safely through the Internet. Based on the deep research and analysis of two kinds of heterogeneous network structures and protocols of PROFIBUS-DP fieldbus network and Internet network, an embedded gateway method is proposed to make the two heterogeneous networks communicate with each other. The specific protocol conversion model and protocol conversion method are designed to achieve the purpose of remote monitoring of PROFIBUS-DP devices through the Internet. According to the communication model of two heterogeneous networks, the software and hardware architecture of gateway is designed. In the hardware system architecture, the gateway adopts high performance S3C2440 microprocessor, high speed Ethernet controller DM9000, large capacity SDRAM and flash memory, and also has PROFIBUS and Internet interface. In the software system architecture, the embedded Linux operating system with excellent network performance is adopted, and the embedded Web technology with excellent network friendly interaction ability and the embedded database technology which manages the data information are introduced. In the aspect of system security, the security threat of PROFIBUS-DP industrial control network accessing Internet through embedded Web gateway is analyzed in detail. A security mechanism suitable for the application scenario of this study is proposed. In the embedded Web gateway, the mandatory access control idea is also adopted to encrypt the data through SSL socket layer protocol. Classification system logs provide nonrepudiation services to the system to protect the system. Dynamic web page technology -CGI programming is used to realize user / device interaction, user mandatory access control, classification system logging, and the embedded secure Web gateway is simulated and tested. The test results show that the embedded secure Web gateway scheme can be used to monitor the PROFIBUS-DP bus conveniently and remotely in real time. At the same time, the designed security mechanism can provide a high level of security for the system.
【学位授予单位】：吉林大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.05

【参考文献】