一种典型工业控制系统的安全检测技术研究

发布时间：2018-06-21 13:57

本文选题：工控软件 + 动态污点分析　；参考：《北京邮电大学》2016年硕士论文

【摘要】：工业控制系统(简称“工控系统”)是工业生产中采用的控制系统的总称。随着工控系统不断转型升级,越来越多的传统IT技术应用于工业控制中,然而,工控系统的升级虽然推进了工业生产的发展,却也带来了诸多的安全隐患,特别是在2010年“震网”事件后,工控系统安全事件出现井喷式增长,工控系统安全问题日益严峻。工控问题解决的关键在于在被攻击前进行安全检测和修复。目前,国内外关于工控系统的研究重点主要聚焦于工控网络,关于其他方面如工控软件和工控设备固件的研究则相对较少,而当前暴露出的涉及工控软件和工控设备固件的安全问题逐渐增多,危害较大,因此本文将工控软件和工控设备固件作为研究重点,研究相应的安全检测技术。具体工作包括:(1)阐述研究背景,分析国内外研究现状,将本文研究重点定为工控软件和工控设备固件的安全检测。(2)研究工业控制系统特点,从与传统IT系统区别、安全事件和公开漏洞三方面出发对其安全性进行分析,研究了现有工控软件和固件安全检测技术的特点,并重点分析了常见工控软件安全检测技术的不足。(3)针对工控软件设计了一种基于动态污点分析的模糊测试方法。模糊测试是软件安全检测最常用的方法,传统模糊测试存在变异位置选择盲目、变异策略简单等不足,因此本文引入动态污点分析技术辅助完成测试用例生成。该方法采用工控软件配置文件作为样本文件,使用结合工控软件特点改进的动态污点分析技术完成关键变异字节的选取,并结合模糊测试技术完成畸形数据的生成和测试,使得测试用例更具有针对性且检测效率更高。(4)根据设计的工控软件安全检测方法,本文实现了相应的工控软件安全检测系统,详细介绍了系统的设计与实现,并使用系统对现有实验环境进行安全检测,通过与传统模糊测试结果进行对比分析,得出本文方法实现系统的安全检测效率和正确性明显提高。(5)针对工控设备固件本文设计了一种基于特征值工控固件安全检测方法。该方法主要包括固件识别和固件安全检测两方面,在大量分析工控固件特性的基础上,本文针对固件识别提出了采用特征值匹配方法;在安全检测方面结合工控固件嵌入式特性,提出了一种专门针对ftp server后门的安全检测模型。最终结合本文方法模型对某一款国外品牌固件进行安全检测,成功验证此固件存在的后门信息,并分析出后门信息内容和来源,证明了方法的有效性。
[Abstract]:Industrial control system (abbreviated as "industrial control system") is the general name of control system used in industrial production. With the continuous transformation and upgrading of industrial control system, more and more traditional IT technology is applied in industrial control. However, although the upgrading of industrial control system has promoted the development of industrial production, it has also brought many hidden dangers to safety. Especially after the "earthquake net" incident in 2010, the industrial control system security incidents appear blowout growth, industrial control system security problems are increasingly serious. The key to solve industrial control problem lies in security detection and repair before being attacked. At present, the research focus of industrial control system at home and abroad is mainly focused on industrial control network, and the research on other aspects such as industrial control software and firmware of industrial control equipment is relatively few. At present, the safety problems related to industrial control software and firmware of industrial control equipment are gradually increasing, which is harmful. Therefore, this paper focuses on industrial control software and firmware of industrial control equipment, and studies the corresponding safety detection technology. The specific work includes: (1) expatiating the research background, analyzing the current research situation at home and abroad, and focusing the research on the industrial control software and the safety inspection of the firmware of industrial control equipment. (2) to study the characteristics of the industrial control system, which is different from the traditional IT system. Security events and open vulnerabilities are analyzed, and the characteristics of existing industrial control software and firmware security detection techniques are studied. The deficiency of common industrial control software safety detection technology is analyzed. A fuzzy test method based on dynamic stain analysis is designed for industrial control software. Fuzzy testing is the most commonly used method for software security detection. The traditional fuzzy test has some shortcomings such as blind selection of mutation location and simple mutation strategy. So this paper introduces dynamic stain analysis technology to complete test case generation. In this method, the industrial control software configuration file is used as the sample file, the dynamic stain analysis technique, which combines the characteristics of the industrial control software, is used to complete the selection of the key variant bytes, and the fuzzy test technique is used to complete the generation and test of the abnormal data. According to the design of the industrial control software security detection method, this paper implements the corresponding industrial control software security detection system, and introduces the design and implementation of the system in detail. The system is used to detect the safety of the existing experimental environment, and the results are compared with the traditional fuzzy test results. It is concluded that the safety detection efficiency and correctness of the system are obviously improved by this method. (5) A new method based on eigenvalue is designed in this paper for the firmware of industrial control equipment. This method mainly includes firmware recognition and firmware security detection. On the basis of analyzing the characteristics of industrial control firmware, this paper proposes a method of eigenvalue matching for firmware recognition. In the aspect of security detection, a security detection model for ftp server backdoor is proposed based on the embedded characteristics of industrial control firmware. Finally, combining the method model of this paper, a foreign brand firmware is tested, and the back door information is verified successfully, and the content and source of the back door information are analyzed, which proves the validity of the method.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP273;TP309

【参考文献】