电力信息系统云安全风险分析与评估技术

doi:10.11959/j.issn.1000-0801.2018047

摘要/Abstract

摘要：

结合电力行业对云计算技术的应用，针对电力云安全分析与评估方法展开了系统研究，对电力信息系统云环境下的功能实体和业务流程进行全面梳理，通过静态 STRIDE 威胁建模与动态攻击链算法相结合的方式对云平台面临的主要风险进行了分类识别和量化评估，并有针对性地提出了适用于电力云系统的安全防护架构，以促进云计算在电力行业的推广和应用，并为电力信息系统安全可控提供有力的支撑。

关键词: 电力云, 风险分析, 威胁建模, 攻击链

Abstract:

Combining the power industry with cloud computing technology,a systematic study on safety analysis and evaluation methods of the power cloud was carried out.A comprehensive combing on functional entities and business processes of the power information system under the cloud environment was conducted.Through the combination of static STRIDE threat modeling and dynamic attack chain algorithm,the main risks of cloud platform were classified and quantified.A security protection architecture of power cloud system was put forward to promote the popularization and application of cloud computing in the power industry,and to provide a strong support for the safety and control of power information system.

Key words: power cloud, risk analysis, threat modeling, attack chain

中图分类号:

TP393

沈亮,王栋,玄佳兴. 电力信息系统云安全风险分析与评估技术[J]. 电信科学, 2018, 34(2): 153-160.

Liang SHEN,Dong WANG,Jiaxing XUAN. Security risk analysis and evaluation techniques in power information system cloud[J]. Telecommunications Science, 2018, 34(2): 153-160.

图/表 10

图1

图2

图3

图4

表1

图5

图6

表2

表3

图7

参考文献 22

[1]	杨宁, 罗华永, 李兴 ,等. 电力资源池基础架构的设计和实施[J]. 电信科学, 2016,33(3): 142-147.
	YANG N , LUO H Y , LI X ,et al. Design and implementation of electric cloud’s resource pool[J]. Telecommunications Science, 2016,33(3): 142-147.
[2]	刘俊文, 玄佳兴 . 数据中心仿真云平台的功能需求与设计[J]. 电信科学, 2017,33(5): 176-182.
	LIU J W , XUAN J X . Functional requirements and design of simulation cloud platform for data center[J]. Telecommunications Science, 2017,33(5): 176-182.
[3]	LUO F , ZHAO J , DONG Z Y ,et al. Cloud-based information infrastructure for next-generation power grid:conception,architecture,and applications[J]. IEEE Transactions on Smart Grid, 2016,7(4): 1896-1912.
[4]	马军伟, 罗红波, 栗秀琴 . 电力云计算信息安全问题研究[C]// 中国电机工程学会,2013年10月12日, 长沙,中国:[S.l:s.n] 2013.
	MA J W , LUO H B , SU X Q . The research on information security issues of power cloud computing[C]// China Society of Electrical Engineering,October 12,2013, Changsha,China:[S.l:s.n] 2013.
[5]	KOTOWSKI J , OKO J , OCHLA M . Deployment models and optimization procedures in cloud computing[C]// International Conference on Computer Aided Systems Theory,July 18-24,2015,San Francisco,USA. Berlin:Springer, 2015: 805-812.
[6]	KAVIS M . Architecting the cloud:design decisions for cloud computing service models (SaaS,PaaS,and IaaS)[M]. New Delhi: Wiley India Private Limited, 2014.
[7]	陈永卫, 张中华, 吉晓佳 . 基于云计算的电力调度软交换系统研究[J]. 电力系统通信, 2012,33(11): 88-92.
	CHEN Y W , ZHANG Z H , JI X J . Research on soft dispatch system of power dispatching based on cloud computing[J]. Power System Communication, 2012,33(11): 88-92.
[8]	任梦吟 . 智能电网下的云计算隐私保护与安全存储研究[D]. 成都:电子科技大学, 2015.
	REN M Y . Research on privacy protection and security storage of cloud computing under smart grid[D]. Chengdu:University of Electronic Science and Technology, 2015.
[9]	WEI L , ZHU H , CAO Z ,et al. Security and privacy for storage and computation in cloud computing[J]. Information Sciences, 2014,258(3): 371-386.
[10]	习姚鹏 . 云技术在电力系统不良数据处理中的研究与应用[D]. 南京:东南大学, 2015.
	XI Y P . Research and application of cloud technology in defect data processing of power system[D]. Nanjing:Southeast University, 2015.
[11]	WANG H . Proxy provable data possession in public clouds[J]. IEEE Transactions on Services Computing, 2013,6(4): 551-559.
[12]	RUJ S , STOJMENOVIC M , NAYAK A . Decentralized access control with anonymous authentication of data stored in clouds[J]. IEEE Transactions on Parallel ＆ Distributed Systems, 2013,25(2): 384-394.
[13]	周延 . 改进的STRIDE威胁模型研究[D]. 武汉:华中科技大学, 2015.
	ZHOU Y . The research of improved stride threat model[D]. Wuhan:Huazhong University of Science and Technology, 2015.
[14]	HO S M , FU H , TIMMARAJUS S S ,et al. Insider threat:language-action cues in group dynamics[C]// Hawaii International Conference on System Sciences,June 4-6,2015,California,USA. Piscataway:IEEE Press, 2015: 2729-2738.
[15]	BURGER E W , GOODMAN M D , KAMPANAKIS P ,et al. Taxonomy model for cyber threat intelligence information exchange technologies[C]// ACM Workshop on Information Sharing ＆ Collaborative Security,November 3,Scoltsdale,Arizona,USA. New York:ACM Press, 2014: 51-60.
[16]	杨泽明, 李强, 刘俊荣 ,等. 面向攻击溯源的威胁情报共享利用研究[J]. 信息安全研究, 2015,1(1): 31-36.
	YANG Z M , LI Q , LIU J R ,et al. Research on the use of threat information sharing for attack-oriented tracing[J]. Information Security Research, 2015,1(1): 31-36.
[17]	孙建坡 . 基于攻击链的威胁感知系统[J]. 邮电设计技术, 2016(1): 74-77.
	SUN J P . The threat perception system based on attack chain[J]. Designing Techniques of Posts and Telecommunications, 2016(1): 74-77.
[18]	庄刘, 魏中许 . 基于情报信息的空防安全威胁评估回归模型研究[J]. 四川师范大学学报(自然科学版), 2015,38(3): 460-465.
	ZHUANG L , WEI Z X . Research on regression model of air defense security threat assessment based on intelligence information[J]. Journal of Sichuan Normal University (Natural Science Edition), 2015,38(3): 460-465.
[19]	LO C C , CHEN W J . A hybrid information security risk assessment procedure considering interdependences between controls[J]. Expert Systems with Applications, 2012,39(1): 247-257.
[20]	王笑帝, 张云勇, 刘镝 ,等. 云计算虚拟化安全技术研究[J]. 电信科学, 2015,31(6): 1-5.
	WANG X D , ZHANG Y Y , LIU D ,et al. Research on security of virtualization on cloud computing[J]. Telecommunications Science, 2015,31(6): 1-5.
[21]	SHAMIR ADI . Identity-based cryptosystems and signature schemes[J]. Lecture Notes in Computer Science, 1984,21(12): 47-53.
[22]	GE W J , HU X H , DENG Y . Research of IBC model and application in web-security system[J]. Omr Mlaon, 2010,27(9): 120-124.

涉及实体	涉及流程	威胁类型	威胁方式
用户端认证组件	认证	S	账户泄露非法登录
用户端认证组件	认证	S	身份欺骗
用户端认证组件	认证	D	DDoS拒绝服务
用户端认证组件	认证	E	越权访问
用户计算管理组件	云资源相关操作	E	越权访问
用户存储管理组件	存储相关操作	E	越权访问
用户镜像管理组件	镜像相关操作	E	越权访问
用户网络管理组件	网络相关操作	E	越权访问
物理机	无	S	账户泄露非法登录
物理机	无	T	非法修改数据
物理机	无	I	关键信息泄露
物理机	无	E	越权访问
数据库	无	S	账户泄露非法登录
数据库	无	T	非法修改数据
数据库	无	I	关键信息泄露
数据库	无	E	越权访问
所有实体	无	R	双方否认进行过的交互动作

攻击路径	威胁方式	攻击路径	威胁方式
S→A	账户泄露非法登录	B→E	越权访问
A→B、D→G	身份欺骗	E→F	越权访问
B→C	关键信息泄露	A→D	虚拟机渗透

节点	资产价值	直接损失（D_x）	间接损失（I_x）	总损失（V_x）
A	0.6	0.12	0.82	0.94
B	0.8	0.4	1.6	2
C	1	0.8	-	0.8
D	0.7	0.42	0.63	1.05
E	1	0.8	0.6	1.4
F	0.6	0.78	-	0.78
G	0.9	0.45	-	0.45