【作者】 王保义；

【导师】 朱永利；

【作者基本信息】 华北电力大学（河北） ， 电力系统及其自动化， 2009， 博士

【摘要】 随着电力信息网络系统的广泛应用,既要防止外部的也要防止内部的各种攻击,电力信息系统信息安全的问题日益突出,已成为影响电力系统生产和经营正常运行的重大问题。由于电力系统是国民经济的基础设施,决定了其网络信息安全既具有一般计算机信息安全的特征,更要考虑高安全要求的特征。本文对电力信息系统信息安全关键技术进行了深入的研究和探索工作,主要研究工作及成果如下:1.针对电力信息网络系统的特点及信息安全日趋严重问题,设计了一个电力信息网络安全的体系结构,给出该体系结构中具体安全技术,以保障网络信息安全。2.研究了影响电力市场运营系统安全运行的一种关键技术——访问控制技术:考虑到电力市场成员的分布式特点,以及电力市场操作的时间性,提出并设计了一个具有时空约束的基于角色的访问控制模型并设计出了访问控制算法,仿真验证了该模型和算法可以满足电力市场的安全访问控制要求;针对电力市场的信息保密性、用户角色多样性和访问权限多变性,提出并设计了一个具有角色层次关系的基于角色和可信度的动态访问控制模型,通过应用案例验证了模型的有效性。3.研究了影响变电站远程控制及工作流管理安全的亟待解决的访问控制问题:针对电力信息系统构成了一个复杂的多域环境,提出并设计了一种针对多域环境的基于属性的访问控制模型,满足电力信息系统所处的异构环境和所有者对资源进行自主管理的需求,保证域内、域外用户对系统资源进行访问的安全;针对IEC61850中规定的变电站自动化系统结构,提出并设计了一种符合ITU-T X.509和IEC61850国际标准的分布式RBAC访问控制模型与算法,可提高变电站访问控制的安全性和效率;针对电力工作流系统的特点,提出并设计了一种基于组织与任务的访问控制模型并设计出访问控制算法,可提高电力工作流系统安全,方便电力工作流的应用。4.研究了亟待解决的电力信息系统安全传输问题:针对电力市场运营系统中交易中心和市场成员间数据传输安全要求提出了一种基于消息中间件通信方法,设计了数据安全传输算法,可保证数据在传输过程中的安全;针对变电站通信数据的安全要求,提出并设计了一种基于SSL协议和IEC 61850协议的通信安全的机制,可提高变电站通信数据的安全。5.针对电力企业信息系统集成的高安全性要求,提出了一种基于电力行业公钥基础设施/授权管理基础设施PKI/PMI的单一登录模型,并给出了相关算法,满足电力企业集成操作和实现安全的单一登录。更多还原

【Abstract】 All kinds of attacking both inside and outside of power information network system should be prevented along with its widely used. The information secure problem of power information system is even remarkable and it already turns into one important problem which can influence normal running of producing and operating in power system. The network security of power system owns the characteristic of general computer information security and also high security request is even more need to be considered for it is the infrastructure of national economy. Key techniques of information security in power information system are studied in-depth and exploring works are given in this paper, principal results are as follows:1. The architecture of security of power information network is designed aiming at the characteristics of power information network system and increasingly serious problems of information security, and also concrete safety techniques are given in this architecture to ensure the security of network information.2. One key technique, the access control technique, which can influence the normal running of power market operating system is studied: considering the distributing characteristic of the power market members and the operating timeliness of power market, a temporarily-spatially constrained RBAC model is proposed and designed, and the access control algorithm is designed. The request of secure access control of power market can be satisfied with the simulation. A role-and-credibility-based dynamic access control model with role hierarchy relationship is proposed and designed according to the information secrecy of power market, diversity of the user role and polytropy of access authority. The validity of the model is validated by application case.3. The questions to be solved of access control which can influence the remote control of substation and management security of workflow are studied: an attribute based access control model for multi-domains is proposed and designed according to the complex multi-domain environment of power information system. It can adapt well to the heterogeneous environment, satisfy the self-management to their resources and ensure the secure access of system resources for users of interior and outer regions. A distributed RBAC model and algorithm which consisted with international standard ITU-T X.509 and IEC61850 are proposed and designed according to the system structure of substation automation stipulated in IEC61850. The security, feasibility and efficiency of the access control of substation can be improved. An access control model based on organization and task is proposed and the access control algorithm is designed according to characteristic of workflow for power system. The security of workflow for power system can be advanced and its application can be convenient.4. The question to be solved of secure transmission in power information system is studied: a communications method based on message middleware is proposed according to the safety of data transmission requirement between business center and market members in power market operating system, and also the secure data transmission algorithm is designed, data’s security can be ensured in transferring process. A mechanism of communication security based on SSL and IEC61850 is proposed and designed according to the safety requirement of communication data in substation, the security of communication data in substation can be improved in the mechanism.5. A single sign-on model based on PKI/PMI in power industry is proposed according to the high safety requirement integrated in power enterprise information system, and corresponding algorithm is given. The integration operating and implementing of secure single sign-on can be satisfied in the model.更多还原