面向城轨云平台边界安全防护的动态信任管理方法

针对城轨云平台边界数量多、边界安全防护薄弱的问题,分析了城轨云与工业控制网络协同交互过程,提出了一种面向城轨云平台边界安全防护的动态信任管理方法,包括异常行为识别、信任评估、信任更新、基于信任值的动态访问控制。根据城轨云的综合监控系统网络拓扑,分析了未经授权控制指令、违规控制指令、干扰正常控制指令三类异常行为。结果表明,所提出的动态信任管理方法能够有效抵御恶意节点发起的异常行为;对于不同节点、不同异常行为的信任值变化不同;符合“缓升快降”的规则,能够保障城轨云平台细粒度的边界安全防护。

A Dynamic Trust Management Method for Border Security Protection of Metro Cloud Platform

To address the problem of numerous borders and weak border protection in metro cloud platform, the collaborative interaction between the cloud and the industrial control network is analyzed, and a dynamic trust management method for border security protection of metro cloud platform is proposed. The method consists of abnormal behavior recognition, trust evaluation, trust updating, and trust-based dynamic access control. Based on the network topology of metro cloud-based integrated supervisory control system, three kinds of abnormal control commands are simulated, i.e., unauthorized control commands, non-conforming control commands, and interference with normal control commands. The results show that the proposed method can effectively resist abnormal control commands initiated by malicious nodes. The changes in trust values vary for different nodes and different types of misbehaviors following the rule of “slow rise and fast fall”, thus ensuring fine-grained boundary protection for the metro cloud platform.