面向控制网络协议安全隔离平台的设计与实现

发布时间：2019-01-07 18:09

【摘要】：随着网络信息技术的飞速发展,计算机控制的网络在铁路行业中呈现出巨大需求。通过网络,分散在各处的列车控制系统被联系在一起,它们之间共享程序、数据、文档等各种资源,进行协同控制,大大提升了工作效率。计算机网络在方便铁路信号控制系统的同时也因自身存在的开放性、连通性和共享性等特征使得铁路控制网络中隐藏着各种各样的安全风险。铁路信号控制网络隶属于铁路运输网,是以普通计算机网络为基础的工业控制专网,其网络地理跨度大、子网多、结构相对复杂,实时性要求高,一旦病毒或攻击入侵则会造成不可估量的损失或灾难性后果,为此铁路信号控制网络对网络安全提出了全新的要求。在上述背景下,论文首先分析了我国铁路信号控制网络的发展现状和所面临的安全问题,阐述了这些安全威胁的严重性和防护技术的局限性,进而针对铁路信号控制网络的特点提出了一种网络安全防护方案,设计了基于μC/OS-II面向铁路控制网络安全协议的隔离平台,包括该平台的硬件电路设计和嵌入式μC/OS-II系统的移植与相关程序的编写。最后,介绍了所述安全隔离平台的整体性能与测试方法。综合控制网络协议安全隔离平台采用DUAL-MCU(LPC3250)+DUAL-PORT STATIC RAM的系统构架,集成了以太网、CAN、 PROFIBUS、422以及232等网络协议标准和现场总线技术,有助于铁路信号控制系统的终端加固和边界防护。通过大量的模拟测试与仿真验证,结果表明,该平台不但能较好地保证通信的实时性,还有较高的系统吞吐量,为提高铁路信号控制网络安全提供参考。
[Abstract]:With the rapid development of network information technology, the computer-controlled network presents a huge demand in the railway industry. Through the network, the train control systems scattered in various places are linked together, and they share programs, data, documents and other resources to carry out collaborative control, which greatly improves the working efficiency. Computer network not only facilitates the railway signal control system, but also because of its own characteristics of openness, connectivity and sharing, there are various security risks hidden in the railway control network. The railway signal control network belongs to the railway transportation network. It is a special industrial control network based on the ordinary computer network. The network has a large geographical span, many subnets, relatively complex structure and high real-time requirements. Once a virus or attack is invaded, it will cause incalculable losses or disastrous consequences. Therefore, the railway signal control network has put forward a new requirement for network security. Under the above background, the paper first analyzes the present situation of railway signal control network in China and the security problems it faces, and expounds the seriousness of these security threats and the limitation of protection technology. Then, according to the characteristics of railway signal control network, a network security protection scheme is proposed, and an isolation platform for railway control network security protocol based on 渭 C/OS-II is designed. Including the hardware circuit design of the platform, the embedded 渭 C/OS-II system transplant and the programming of related programs. Finally, the overall performance and testing method of the security isolation platform are introduced. The integrated control network protocol security isolation platform adopts the system framework of DUAL-MCU (LPC3250) DUAL-PORT STATIC RAM, and integrates network protocol standards, such as Ethernet, CAN, PROFIBUS,422 and 232, and fieldbus technology. It is helpful for terminal reinforcement and boundary protection of railway signal control system. Through a large number of simulation tests and simulations, the results show that the platform not only can ensure the real-time communication, but also has a higher system throughput, which provides a reference for improving the safety of railway signal control network.
【学位授予单位】：西南交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：U284;TP393.08

【参考文献】