实时数据的安全隔离装置设计与实现

发布时间：2018-03-20 15:43

本文选题：DCS　切入点：隔离装置　出处：《华北电力大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着分散控制系统(DCS)的广泛应用,产生的大量实时数据需送入外部信息管理系统(SIS)进行处理,且外部信息管理系统(SIS)同时与DCS和Internet连接,增加了来自外部网络恶性程序和病毒攻击系统的可能性,提升了机组故障的风险,因此,数据的安全可靠传输就十分关键,设计安全隔离装置就显得至关重要。本文首先介绍了近年来国内外安全隔离技术的发展现状,并分析了原有的网桥协议、防火墙技术、单向物理隔离装置等隔离技术的利弊,提出了基于FPGA数据通信的安全隔离装置的设计。然后从最高层出发设计各模块,如发送、接收、校验等模块,以Quartus II为软件平台,使用Verilog HDL语言对各模块进行编程,实现数据从高层向低层传输的封装过程和从底层向高层传输的拆包过程,连接各模块,搭建DCS的PC机与FPGA间的网口通信。最后基于以上搭建的网口通信建立DCS的PC机与SIS的PC机之间双网口的通信平台,再设计监控替换模块置于发送模块之前,通过仿真和调试,达到安全数据放行、已知威胁数据替换和大规模数据提取的目标,实现数据正向透传和反向隔离的安全可靠传输,完成了安全隔离装置的要求。通过改变监控替换模块的部分语句即可规定安全数据以及威胁数据的格式,给系统整体设计带来了极大地方便。本文设计的基于FPGA安全隔离装置在软件上实现模块化,使程序清晰完整,因此具有很高的灵活性,在设计中只需改变部分模块语句和连接就可实现数据的通信。
[Abstract]:With the wide application of distributed control system (DCS), a large number of real-time data need to be sent to the external information management system (sis) for processing, and the external information management system (sis) is connected with DCS and Internet at the same time. It increases the possibility of malicious programs from external networks and virus attack systems, and raises the risk of unit failure. Therefore, the safe and reliable transmission of data is crucial. It is very important to design the security isolation device. Firstly, this paper introduces the development status of the security isolation technology at home and abroad in recent years, and analyzes the advantages and disadvantages of the original isolation technology, such as bridge protocol, firewall technology, unidirectional physical isolation device, etc. The design of security isolation device based on FPGA data communication is put forward, and then every module, such as sending, receiving, checking and so on, is designed from the highest level. The software platform is Quartus II, and each module is programmed by Verilog HDL language. The encapsulation process of data transmission from the high level to the lower layer and the unpacking process from the bottom layer to the top layer are realized, and the modules are connected. Finally, the communication platform between PC of DCS and PC of SIS is established based on the communication between PC and FPGA of DCS, and the monitoring and replacing module is designed and placed before the sending module, and through simulation and debugging, the communication platform between PC and SIS is designed. To achieve the goals of security data release, known threat data replacement and large-scale data extraction, data forward transmission and reverse isolation of secure and reliable transmission, The requirements of the security isolation device are fulfilled. The format of the security data and the threat data can be specified by changing some statements of the monitor replacement module. The security isolation device based on FPGA is modularized in software, which makes the program clear and complete, so it has high flexibility. In the design, only some module statements and connections can be changed to achieve data communication.
【学位授予单位】：华北电力大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309;TP273;TN791

【参考文献】