• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文OA文献 >Improving the security in interconnecting building automation systems to outside networks
【2h】

Improving the security in interconnecting building automation systems to outside networks

机译:提高将楼宇自动化系统互连到外部网络的安全性

代理获取
本网站仅为用户提供外文OA文献查询和代理获取服务,本网站没有原文。下单后我们将采用程序或人工为您竭诚获取高质量的原文,但由于OA文献来源多样且变更频繁,仍可能出现获取不到、文献不完整或与标题不符等情况,如果获取不到我们将提供退款服务。请知悉。
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

As control systems are becoming more complex and capable with much functionality, it requires more efforts not only to maintain correct operations but also to protect them from various threats. Security of the control network which connects entities in the system and serves as a path for information transfer between them is a major cause of concern. Operators of the control systems have taken a conservative way to provide a protection to the network where it is simply isolated from other systems and networks that could introduce access channels. Even though the isolation provides a great protection, it limits management efficiency and expandability of the system. Solving the problem of providing interconnectivity as well as sufficient protection to the control network is not trivial.Existing work proposed a solution where they applied a multi-tier web server system to the control system in the effort to provide better connectivity and introduced a concept of redundant authentication to mitigate risks to the system. In this architecture, a front end system that accepts requests from users is required to provide a non-repudiable credential of the requesting user when it passes the request to a back end proxy that has access privilege on the control system. This limits malicious actions that could be performed by the compromised front end system. It, however, forces every recently authenticated user to share the vulnerability in the case of the compromised front end system due to a requirement that clients should remain unmodified.In this thesis, we suggest a new solution with a client program to overcome the above limitation and provide a better protection. Installation of the client program is required in order to access the control system from the outside network. With this architecture, users who have chosen to opt out by not installing the client program are safe from the risk introduced by other users who have chosen to install the program and use the service. Non-repudiable credentials are still required with every request to the control system hence containing the possible actions of the compromised front end system on the control system. We validate our strategy on Building Automation System (BAS) testbed with a practical application which allows users to unlock doors of the building.
机译:随着控制系统变得越来越复杂并具有更多功能,它不仅需要付出更多的努力来维持正确的操作,还需要保护它们免受各种威胁。连接系统中的实体并用作它们之间的信息传输路径的控制网络的安全性是引起人们关注的主要原因。控制系统的运营商采取了一种保守的方式来为网络提供保护,在这种情况下,网络仅与可能引入接入通道的其他系统和网络隔离开即可。即使隔离提供了强大的保护,它也会限制管理效率和系统的可扩展性。解决为控制网络提供互连性和足够保护的问题并非易事。现有工作提出了一种解决方案,他们将多层Web服务器系统应用于控制系统以努力提供更好的连通性,并提出了一种解决方案。冗余身份验证以减轻系统风险。在这种体系结构中,当将请求传递给在控制系统上具有访问权限的后端代理时,要求接受来自用户的请求的前端系统必须提供请求用户的不可否认的凭据。这限制了受感染的前端系统可能执行的恶意操作。但是,由于要求客户端保持不变,因此它迫使每个最近通过身份验证的用户共享漏洞(在前端系统受损的情况下)。在本文中,我们建议使用客户端程序的新解决方案来克服上述限制。并提供更好的保护。为了从外部网络访问控制系统,需要安装客户端程序。通过这种体系结构,选择不通过安装客户端程序选择退出的用户可以避免其他选择安装程序和使用服务的用户带来的风险。到控制系统的每个请求中仍然需要不可否认的凭据,因此包含受感染的前端系统在控制系统上可能采取的措施。我们通过实际应用验证了我们在楼宇自动化系统(BAS)试验台上的策略,该应用可以使用户解锁建筑物的门。

著录项

  • 作者

    Jung Hee Dong;

  • 作者单位
  • 年度 2011
  • 总页数
  • 原文格式 PDF
  • 正文语种 {"code":"en","name":"English","id":9}
  • 中图分类

相似文献

  • 外文文献
  • 中文文献
  • 专利

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号