电力信息系统信息安全关键技术的研究
|
摘要
随着电力信息网络系统的广泛应用,既要防止外部的也要防止内部的各种攻击,电力信息系统信息安全的问题日益突出,已成为影响电力系统生产和经营正常运行的重大问题。由于电力系统是国民经济的基础设施,决定了其网络信息安全既具有一般计算机信息安全的特征,更要考虑高安全要求的特征。本文对电力信息系统信息安全关键技术进行了深入的研究和探索工作,主要研究工作及成果如下:
1.针对电力信息网络系统的特点及信息安全日趋严重问题,设计了一个电力信息网络安全的体系结构,给出该体系结构中具体安全技术,以保障网络信息安全。
2.研究了影响电力市场运营系统安全运行的一种关键技术——访问控制技术:考虑到电力市场成员的分布式特点,以及电力市场操作的时间性,提出并设计了一个具有时空约束的基于角色的访问控制模型并设计出了访问控制算法,仿真验证了该模型和算法可以满足电力市场的安全访问控制要求;针对电力市场的信息保密性、用户角色多样性和访问权限多变性,提出并设计了一个具有角色层次关系的基于角色和可信度的动态访问控制模型,通过应用案例验证了模型的有效性。
3.研究了影响变电站远程控制及工作流管理安全的亟待解决的访问控制问题:针对电力信息系统构成了一个复杂的多域环境,提出并设计了一种针对多域环境的基于属性的访问控制模型,满足电力信息系统所处的异构环境和所有者对资源进行自主管理的需求,保证域内、域外用户对系统资源进行访问的安全;针对IEC61850中规定的变电站自动化系统结构,提出并设计了一种符合ITU-T X.509和IEC61850国际标准的分布式RBAC访问控制模型与算法,可提高变电站访问控制的安全性和效率;针对电力工作流系统的特点,提出并设计了一种基于组织与任务的访问控制模型并设计出访问控制算法,可提高电力工作流系统安全,方便电力工作流的应用。
4.研究了亟待解决的电力信息系统安全传输问题:针对电力市场运营系统中交易中心和市场成员间数据传输安全要求提出了一种基于消息中间件通信方法,设计了数据安全传输算法,可保证数据在传输过程中的安全;针对变电站通信数据的安全要求,提出并设计了一种基于SSL协议和IEC 61850协议的通信安全的机制,可提高变电站通信数据的安全。
5.针对电力企业信息系统集成的高安全性要求,提出了一种基于电力行业公钥基础设施/授权管理基础设施PKI/PMI的单一登录模型,并给出了相关算法,满足电力企业集成操作和实现安全的单一登录。
All kinds of attacking both inside and outside of power information network system should be prevented along with its widely used. The information secure problem of power information system is even remarkable and it already turns into one important problem which can influence normal running of producing and operating in power system. The network security of power system owns the characteristic of general computer information security and also high security request is even more need to be considered for it is the infrastructure of national economy. Key techniques of information security in power information system are studied in-depth and exploring works are given in this paper, principal results are as follows:
1. The architecture of security of power information network is designed aiming at the characteristics of power information network system and increasingly serious problems of information security, and also concrete safety techniques are given in this architecture to ensure the security of network information.
2. One key technique, the access control technique, which can influence the normal running of power market operating system is studied: considering the distributing characteristic of the power market members and the operating timeliness of power market, a temporarily-spatially constrained RBAC model is proposed and designed, and the access control algorithm is designed. The request of secure access control of power market can be satisfied with the simulation. A role-and-credibility-based dynamic access control model with role hierarchy relationship is proposed and designed according to the information secrecy of power market, diversity of the user role and polytropy of access authority. The validity of the model is validated by application case.
3. The questions to be solved of access control which can influence the remote control of substation and management security of workflow are studied: an attribute based access control model for multi-domains is proposed and designed according to the complex multi-domain environment of power information system. It can adapt well to the heterogeneous environment, satisfy the self-management to their resources and ensure the secure access of system resources for users of interior and outer regions. A distributed RBAC model and algorithm which consisted with international standard ITU-T X.509 and IEC61850 are proposed and designed according to the system structure of substation automation stipulated in IEC61850. The security, feasibility and efficiency of the access control of substation can be improved. An access control model based on organization and task is proposed and the access control algorithm is designed according to characteristic of workflow for power system. The security of workflow for power system can be advanced and its application can be convenient.
4. The question to be solved of secure transmission in power information system is studied: a communications method based on message middleware is proposed according to the safety of data transmission requirement between business center and market members in power market operating system, and also the secure data transmission algorithm is designed, data’s security can be ensured in transferring process. A mechanism of communication security based on SSL and IEC61850 is proposed and designed according to the safety requirement of communication data in substation, the security of communication data in substation can be improved in the mechanism.
5. A single sign-on model based on PKI/PMI in power industry is proposed according to the high safety requirement integrated in power enterprise information system, and corresponding algorithm is given. The integration operating and implementing of secure single sign-on can be satisfied in the model.
1.针对电力信息网络系统的特点及信息安全日趋严重问题,设计了一个电力信息网络安全的体系结构,给出该体系结构中具体安全技术,以保障网络信息安全。
2.研究了影响电力市场运营系统安全运行的一种关键技术——访问控制技术:考虑到电力市场成员的分布式特点,以及电力市场操作的时间性,提出并设计了一个具有时空约束的基于角色的访问控制模型并设计出了访问控制算法,仿真验证了该模型和算法可以满足电力市场的安全访问控制要求;针对电力市场的信息保密性、用户角色多样性和访问权限多变性,提出并设计了一个具有角色层次关系的基于角色和可信度的动态访问控制模型,通过应用案例验证了模型的有效性。
3.研究了影响变电站远程控制及工作流管理安全的亟待解决的访问控制问题:针对电力信息系统构成了一个复杂的多域环境,提出并设计了一种针对多域环境的基于属性的访问控制模型,满足电力信息系统所处的异构环境和所有者对资源进行自主管理的需求,保证域内、域外用户对系统资源进行访问的安全;针对IEC61850中规定的变电站自动化系统结构,提出并设计了一种符合ITU-T X.509和IEC61850国际标准的分布式RBAC访问控制模型与算法,可提高变电站访问控制的安全性和效率;针对电力工作流系统的特点,提出并设计了一种基于组织与任务的访问控制模型并设计出访问控制算法,可提高电力工作流系统安全,方便电力工作流的应用。
4.研究了亟待解决的电力信息系统安全传输问题:针对电力市场运营系统中交易中心和市场成员间数据传输安全要求提出了一种基于消息中间件通信方法,设计了数据安全传输算法,可保证数据在传输过程中的安全;针对变电站通信数据的安全要求,提出并设计了一种基于SSL协议和IEC 61850协议的通信安全的机制,可提高变电站通信数据的安全。
5.针对电力企业信息系统集成的高安全性要求,提出了一种基于电力行业公钥基础设施/授权管理基础设施PKI/PMI的单一登录模型,并给出了相关算法,满足电力企业集成操作和实现安全的单一登录。
All kinds of attacking both inside and outside of power information network system should be prevented along with its widely used. The information secure problem of power information system is even remarkable and it already turns into one important problem which can influence normal running of producing and operating in power system. The network security of power system owns the characteristic of general computer information security and also high security request is even more need to be considered for it is the infrastructure of national economy. Key techniques of information security in power information system are studied in-depth and exploring works are given in this paper, principal results are as follows:
1. The architecture of security of power information network is designed aiming at the characteristics of power information network system and increasingly serious problems of information security, and also concrete safety techniques are given in this architecture to ensure the security of network information.
2. One key technique, the access control technique, which can influence the normal running of power market operating system is studied: considering the distributing characteristic of the power market members and the operating timeliness of power market, a temporarily-spatially constrained RBAC model is proposed and designed, and the access control algorithm is designed. The request of secure access control of power market can be satisfied with the simulation. A role-and-credibility-based dynamic access control model with role hierarchy relationship is proposed and designed according to the information secrecy of power market, diversity of the user role and polytropy of access authority. The validity of the model is validated by application case.
3. The questions to be solved of access control which can influence the remote control of substation and management security of workflow are studied: an attribute based access control model for multi-domains is proposed and designed according to the complex multi-domain environment of power information system. It can adapt well to the heterogeneous environment, satisfy the self-management to their resources and ensure the secure access of system resources for users of interior and outer regions. A distributed RBAC model and algorithm which consisted with international standard ITU-T X.509 and IEC61850 are proposed and designed according to the system structure of substation automation stipulated in IEC61850. The security, feasibility and efficiency of the access control of substation can be improved. An access control model based on organization and task is proposed and the access control algorithm is designed according to characteristic of workflow for power system. The security of workflow for power system can be advanced and its application can be convenient.
4. The question to be solved of secure transmission in power information system is studied: a communications method based on message middleware is proposed according to the safety of data transmission requirement between business center and market members in power market operating system, and also the secure data transmission algorithm is designed, data’s security can be ensured in transferring process. A mechanism of communication security based on SSL and IEC61850 is proposed and designed according to the safety requirement of communication data in substation, the security of communication data in substation can be improved in the mechanism.
5. A single sign-on model based on PKI/PMI in power industry is proposed according to the high safety requirement integrated in power enterprise information system, and corresponding algorithm is given. The integration operating and implementing of secure single sign-on can be satisfied in the model.
引文
[1]王刚军,张学松,郭志忠.电力信息安全的监控与分析[J].电网技术, 2004, vol. 28(9): 50~53.
[2]全国电力二次系统安全防护工作组.全国电力二次系统安全防护总体框架[S], 2002.
[3]高新华,王文,马骁.电力信息网络安全隔离设备的研究[J].电网技术, 2003, vol. 27(9): 69~72.
[4]王保义,张少敏.用混合密码算法实现电力系统重要信息的安全传送[J].电力自动化设备, 2004, vol. 24(4): 64~67.
[5]高卓,罗毅,涂光瑜,吴彤.变电站的计算机网络安全分析[J].电力系统自动化, 2002, vol. 26(1): 53~57.
[6]Wang Baoyi, Zhang Shaomin, Xia Xiaodong. The Application Research of Role-Based Access Control Model in Workflow Management System [J]. Lecture Notes in Computer Science of Springer-Verlag Heidelberg, Vol. 3033(2004) 1034~1037.
[7]胡炎,谢小荣,辛耀中.电力信息系统现有安全设计方法分析比较[J].电网技术, 2006, vol. 30(4): 36~42.
[8]胡炎,谢小荣,韩英铎,辛耀中.电力信息系统安全体系设计方法综述[J].电网技术, 2005, vol. 29(1): 35~39.
[9]吴政球,叶世顺,匡文凯.电力市场环境下的可靠性电价与可靠性交易[J].电网技术, 2006, vol. 30(4): 74~77.
[10]谭伦农,张保会.市场环境下的事故备用容量[J].中国电机工程学报, 2002, vol. 22(11): 54~58.
[11]宋燕敏,杨争林,曹荣章,等.电力市场运营系统中的安全访问控制[J].电力系统自动化, 2006, vol. 30(7): 80~84.
[12]张保会,王立永,谭伦农,等.市场环境下电力系统安全可靠性措施的经济当量[J].中国电机工程学报, 2005, vol. 25(24): 41~46.
[13]G?ran N. Ericsson. Toward a Framework for Managing Information Security for an Electric Power Utility - CIGRéExperiences[J]. IEEE transactions on power delivery, 2007, vol. 22(3): 1461~1469.
[14]David Watts. Security & vulnerability in electric power systems[C]. 35th North American power symposium, October 20-21, 2003: 559~566.
[15]曹连军,王文,马骁,等.电力市场运营系统的安全分析与防护策略[J].电网技术, 2005, vol. 29(7): 18~22.
[16]程渤,浮花玲,杨国纬,等.基于工作流任务实例变迁的动态访问控制模型[J].电力系统自动化, 2005, vol. 29(13): 56~60.
[17]王保义,王蓝婧.电力信息系统中基于属性的访问控制模型的设计[J].电力系统自动化, 2007, vol. 31(7): 81~84, 98.
[18]Celia Li, Cungang Yang, Todd Mander, Richard Cheung. Advanced Security Model for Power System Computer Networks[C]. Power Engineering Society General Meeting, 2005: 1115~1122.
[19]Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein. Role-based Access Control Codels[J]. IEEE Computer, Feb. 1996, Vol. 29(2): 38~47.
[20]曾剑平,郭东辉.一种基于可信度计算的集成身份认证与访问控制的安全机制[J].计算机工程, 2005, vol. 31(24): 30~32.
[21]许访,沈昌祥.信任动态多级安全模型及其实现[J].计算机工程, 2005, vol. 31(13): 27~28.
[22]沈昌祥,张焕国,冯登国,等.信息安全综述[J].中国科学(E辑:信息科学), 2007, vol. 37(2): 129~150.
[23]屈延文.软件行为学[M].电力工业出版社,北京: 2004.
[24]John Mallery, Jason Zann et al.邓琦皓,孙学涛,许鸿飞译. Network Security–Bulletproof Your Systems before You Are Hacked中文版[M].北京:清华大学出版社, 2006.
[25]李卿,乔元松,郑慧.角色分离的层次化RBAC模型[J].计算机工程与设计, 2005, vol. 26(6): 1563~1565, 1585.
[26]顾春华,肖宝亮. RBAC模型层次关系中的角色权限[J].华东理工大学学报(自然科学版), 2007, vol. 33(1): 96~99.
[27]苏玮,曾广周.一种考虑用户可信度的动态RBAC模型[J].计算机工程, 2005, vol. 31(15): 84~86.
[28]赖菲.电力市场运营系统体系结构设计及实现技术[J].电力自动化设备, 2006, vol. 26(3): 57~60.
[29]丁军威,夏清,胡旸.发电侧逐步市场化的竞价新模式[J].中国电机工程学报, 2003, vol. 23(3): 10~15.
[30]姚建刚,唐捷,李西泉.发电侧电力市场竟价交易模式的研究[J].中国电机工程学报, 2004, vol. 24(5): 79~83.
[31]彭春华,林中达.电力市场下发电侧的发电与报价优化策略[J].电力自动化设备, 2005, vol. 25(12): 1~5.
[32]张显,王锡凡.发电商长期电能分配策略研究[J].中国电机工程学报, 2005, vol. 25(1): 6~12.
[33]江健,夏清.基于期货的新型电力交易模式[J].中国电机工程学报, 2003, vol. 23(4): 31~37.
[34]李健,唐文忠.角色访问控制技术在管理信息系统中的应用[J].北京航空航天大学学报, 2003, vol. 29(6): 534~538.
[35]曹天杰,张永平.管理信息系统中基于角色的访问控制[J].计算机应用, 2001, vol. 21(8): 21~23.
[36]靳泰戈,余航.一种基于角色的访问控制模型及其实现[J].计算机应用研究, 2005, vol. 22(12): 138~140.
[37]徐洪学,郭秀英,刘永贤.基于RBAC的具有时空约束的工作流授权模型[J].东北大学学报(自然科学版), 2006, vol. 27(2): 217~220.
[38]Jason Crampton. XACML and Role-based Access Control. DIMACS Workshop on Security of Web Services and E-Commerce[C], May 5~6, 2005.
[39]徐兰芳.实现基于角色访问控制的PMI角色模型[J].华中科技大学学报(自然科学版), 2006, vol. 34(7): 24~26.
[40]杨静,张粒子,舒隽.电力市场下日前多边交易模型及算法研究[J].中国电机工程学报, 2005, vol. 25(19): 51~56.
[41]张国立,李庚银,谢宏.日前和实时市场统一电能交易模型[J].中国电机工程学报, 2006, vol. 26(21): 50~56.
[42]张竞,肖先勇.基于XML的电能质量标准数据共享模型及跨平台数据交换[J].电力自动化设备, 2007, vol. 27(12): 88~92.
[43]杨鲲鹏,李海峰. SOAP消息安全性分析及其加密、签名的实现[J].计算机与现代化, 2005, 6: 123~126.
[44]罗汉武,李昉,张栋.安全数据网的构建及其在河南电力调度数据网应用[J].电力自动化设备, 2007, vol. 27(1): 65~67.
[45]吴俊勇.一种通用的电力市场安全高速通信通道方案的实现[J].电力系统自动化, 2005, vol. 29(7): 93~97.
[46]刘小览.基于XML的网络安全技术[J].计算机工程, 2006, vol. 32(2): 164~166.
[47]史开泉,陈泽雄.电力系统加密通信与通信认证问题[J].中国电机工程学报, 2002, vol. 22(10): 34~38.
[48]杨争林,宋燕敏,曹荣章.基于Web Services技术的数据申报实现[J].电力系统自动化, 2005, vol. 29(4): 14~17.
[49]宋磊,罗其亮,罗毅.电力系统实时数据通信加密方案[J].电力系统自动化, 2004, vol. 28(14): 76~81.
[50]伍军,段斌,黄生龙.基于可信计算方法的变电站自动化远程通信设计[J].电力系统自动化, 2005, Vol. 29(24): 60~65.
[51]段斌,刘念,王键,等.基于PKI/PMI的变电站自动化系统访问安全管理[J].电力系统自动化, 2005, Vol. 39(23): 58~63.
[52]王保义,于晓波.电力工作流中基于组织与任务的访问控制模型[J].电力系统自动化, 2007, vol. 31(4): 51~55.
[53]Mingchao Ma, Steve Woodhead. Constraint-enabled Distributed RBAC forSubscription-based Remote Network Services[C]. Proceedings of The Sixth IEEE International Conference on Computer and Information Technology, 2006.
[54]Qi Li, Jingpu Shi, SihanQing. An Administration Model of DRBAC on the Web[C]. Proceedings of the2005 IEEE International Conference on e-Bussiness Engineering, 2005.
[55]何卫,唐成虹,张祥文等.基于IEC61850的IED数据结构设计[J].电力系统自动化, 2007, vol. 31(1): 57~60.
[56]段斌,王键.变电站自动化信息交换认证体系[J].电力系统自动化, 2005, vol. 29(9): 55~59.
[57]IEC 61850-7-2. Communication Networks and Systems in Substations– Part 7-2: Basic Communication Structure for Substation and Feeder Equipment– Abstract Communication Service Interface (ACSI) [S]. 2003.
[58]ITU-T Recommendation X.509 | ISO/IEC 9594-8:“Information Technology– Open Systems Interconnection– The Directory: Public-Key and Attribute Certificate Frameworks”[S]. 2001.
[59]江智伟.变电站自动化及其新技术[M].北京:中国电力出版社, 2006.
[60]谭文恕.变电站通信网络和系统协议IEC61850介绍[J].电网技术, 2001, vol. 25(9): 8~11.
[61]ABIGENT D, ADAMIAK M, MACKIEWICZ R. IEC 61850 Communication Networks and Systems in Substation: An Overview for Users[EB/OL]. http://www.sisconet.com.
[62]段斌,王健.变电站自动化信息交换安全认证体系[J].电力系统自动化, 2005, vol. 29(9): 55~59.
[63]Yuanyuan Lin, Bin Duan. Strengthen the Security of Data Communication in Wind Power Farm with Improved TLS Protocol[C]. DRPT2008, 6-9 April 2008 Nanjing China.
[64]邓兆云,张建平.电力调度生产管理信息系统的工作流系统[J].电力系统自动化, 2003, vol. 27(10): 78~80.
[65]陆剑江,张建平.电力系统中移动工作流平台的设计[J].电力系统自动化, 2004, vol. 28(17): 84~87.
[66]Elisa Bertino, Elena Ferrari, Vijayalakshmi Atluri. A Flexible Model Supporting the Specification and Enforcement of Role-based Authorizations in Workfiow Management Systems[C]. In Proc of the 2nd ACM Workshop on Role-based Access Control, November 1997.
[67]Jason Crampton. A Reference Monitor for Workflow Systems with Constrained Task Execution[C]. In Proc of the 10th ACM Symposium on Access Control Models and Technologies, 2005.
[68]程渤,浮花玲,杨国纬.基于工作流及集成中间件技术的电力信息一体化设计及实现[J].电力系统自动化, 2004, vol. 28(19): 80~83.
[69]王玮,徐丽杰,王林等.基于工作流的电力系统检修管理建模方法和技术实现[J].电力系统自动化, 2004, vol. 28(13): 80~84.
[70]邹盟军,黄炜.基于组件的工作流管理平台的设计与实现[J].电力系统自动化, 2004, vol. 28(10): 88~90.
[71]罗滇生,葛亮,姚尧等.发电企业柔性工作流管理系统[J].电力系统自动化, 2003, vol. 27(22): 76~79.
[72]孔震,林峰,俞俊. PI 2000工作流引擎的设计与实现[J].电力系统自动化, 2003, vol. 27(21): 75~78.
[73]王晴.电气设备与电力线路典型操作票工作票200例[M].北京:中国电力出版社, 2005.
[74]李晓明,潘艳蓉,张莲梅.异构电力信息系统综合查询的设计与实现[J].电力系统自动化, 2004, vol. 28(3): 81~85.
[75]胡严,谢小荣,辛耀中.电力信息系统建模和定量安全评估[J].电力系统自动化, 2005, vol. 29(10): 30~35.
[76]Mohammad A. Al-Kahtani, Ravi Sandhu. A Model for Attribute-Based User-Role Assignment[C]. 18th Annual Computer Security Applications Conference, 2002: 353~362.
[77]Eric Yuan, Jin Tong. Attribute Based Access Control (ABAC) for Web Services[C]. Proceedings of the IEEE International Conference on Web Services, 2005.
[78]Chadwick, D.W., Otenko, A. RBAC Policies in XML for X.509 Based Privilege Management[C]. Security Engineering Conference, 2002.
[79]高卓,罗毅,涂光瑜.基于分布式对象技术的变电站远程维护系统[J].电力系统自动化, 2002, vol. 26(16): 66~70.
[80]蒋年德,魏育成.变电站综合自动化系统体系结构研究[J].电网技术, 2003, vol. 27(10): 48~51.
[81]孙鸣,谢芝东.基于嵌入式以太网的变电站自动化系统无缝通信体系结构[J].电网技术, 2007, vol. 31(9): 70~79.
[82]谢大为,杨晓忠.调度自动化系统中远动技术网络化的实现[J].电网技术, 2004, vol. 28(8): 34~37.
[83]吴在军,胡敏强.基于IEC 61850标准的变电站自动化系统研究[J].电网技术, 2003, vol. 27(10): 61~65.
[84]辛耀中. 2006年国际大电网会议系列报道(二)电力系统运行与控制新进展[J].电力系统自动化, 2006, vol. 30(22): 1~6.
[85]徐立子.变电站自动化系统的可靠性分析[J].电网技术, 2002, vol. 26(8): 68~72.
[86]陈升.网络化变电站自动化系统的应用[J].电网技术, 2003, vol. 27(2): 72~75.
[87]段斌,孙璐,邹吉昌.基于SAML的电力企业集成服务智能登录系统设计[J].电力系统自动化, 2006, vol. 30(15): 30~34.
[88]黄敏,朱永利.基于多Agent和IEC61850的电力远动通信系统模型[J].电网技术, 2006, vol. 30(21): 78~83.
[89]周武,金远平. XML数据语义映射方法研究[J].计算机工程与应用, 2003, 28: 88~91.
[90]杨波,王常吉,段海新,等.基于PKI/PMI的校园网安全单一登录方案[J].计算机工程与应用, 2004, 36: 118~121.
[91]Liu Nian, Duan Bin, Wang Jian, et al. Study on PMI Based Access Control of Substation Automation System[C]. IEEE Power Engineering Society General Meeting, 2006.
[92]王民昆,田立峰,苟骁毅.四川电网调度自动化综合监控系统[J].电网技术, 2006, vol. 30(21): 89~93.
[93]IEC62351-3. Power Systems Management and Associated Information Exchange-Data and Communication Security-Part 3: Communication Network and Dystem Security-Profiles Including TCP/IP[S], 2007.
[94]IEC62351-4. Power Systems Management and Associated Information Exchange-Data and Communication Security-Part 4: Profiles Including MMS[S], 2007.
[95]IEC62351-5. Power Systems Management and Associated Information Exchange-Data and Communication Security-Part 5: Security for IEC 60870-5 and Derivatives[S], 2007.
[96]IEC62351-6. Power Systems Management and Associated Information Exchange - Data and Communication Security-Part 6: Security for IEC61850[S], 2007.
[97]廖建容,段斌,谭步学,孙璐.基于口令的变电站数据与通信安全认证[J].电力系统自动化, 2007, vol. 31(10): 71~75.
[98]Xin Jianbo, Duan Xianzhong. A Priority-based Transfer Scheme Bbased on Information Models in Switched Ethernet for Substation Process-level[J]. Istanbul University Journal of Electrical & Electronics Engineering. 2005, vol. 5(2): 1403~1409.
[99]孙军平,盛万光等.新一代变电站自动化网络通信系统研究[J].中国电机工程学报, 2003, vol. 23(3): 16~19.
[100]殷志良,刘万顺,杨奇逊等.基于IEC 61850的通用变电站事件模型[J].电力系统自动化, 2005, vol. 19(29): 45~50.
[101]邵光强,王岳. OpenSSL在IEC61850通信安全中的应用[J].电力系统通信, 2008, vol. 29(6): 30~34.
[102]李春光,孙朝霞.基于安全散列算法的口令安全机制及Java实现[J].青岛理工大学学报, 2005, vol. 26(5): 67~70.
[103]Taylord, Perrint et al. Using SRP for TLS Authentication[EB/OL]. [2006-08.20] http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-12.txt, 2006.
[2]全国电力二次系统安全防护工作组.全国电力二次系统安全防护总体框架[S], 2002.
[3]高新华,王文,马骁.电力信息网络安全隔离设备的研究[J].电网技术, 2003, vol. 27(9): 69~72.
[4]王保义,张少敏.用混合密码算法实现电力系统重要信息的安全传送[J].电力自动化设备, 2004, vol. 24(4): 64~67.
[5]高卓,罗毅,涂光瑜,吴彤.变电站的计算机网络安全分析[J].电力系统自动化, 2002, vol. 26(1): 53~57.
[6]Wang Baoyi, Zhang Shaomin, Xia Xiaodong. The Application Research of Role-Based Access Control Model in Workflow Management System [J]. Lecture Notes in Computer Science of Springer-Verlag Heidelberg, Vol. 3033(2004) 1034~1037.
[7]胡炎,谢小荣,辛耀中.电力信息系统现有安全设计方法分析比较[J].电网技术, 2006, vol. 30(4): 36~42.
[8]胡炎,谢小荣,韩英铎,辛耀中.电力信息系统安全体系设计方法综述[J].电网技术, 2005, vol. 29(1): 35~39.
[9]吴政球,叶世顺,匡文凯.电力市场环境下的可靠性电价与可靠性交易[J].电网技术, 2006, vol. 30(4): 74~77.
[10]谭伦农,张保会.市场环境下的事故备用容量[J].中国电机工程学报, 2002, vol. 22(11): 54~58.
[11]宋燕敏,杨争林,曹荣章,等.电力市场运营系统中的安全访问控制[J].电力系统自动化, 2006, vol. 30(7): 80~84.
[12]张保会,王立永,谭伦农,等.市场环境下电力系统安全可靠性措施的经济当量[J].中国电机工程学报, 2005, vol. 25(24): 41~46.
[13]G?ran N. Ericsson. Toward a Framework for Managing Information Security for an Electric Power Utility - CIGRéExperiences[J]. IEEE transactions on power delivery, 2007, vol. 22(3): 1461~1469.
[14]David Watts. Security & vulnerability in electric power systems[C]. 35th North American power symposium, October 20-21, 2003: 559~566.
[15]曹连军,王文,马骁,等.电力市场运营系统的安全分析与防护策略[J].电网技术, 2005, vol. 29(7): 18~22.
[16]程渤,浮花玲,杨国纬,等.基于工作流任务实例变迁的动态访问控制模型[J].电力系统自动化, 2005, vol. 29(13): 56~60.
[17]王保义,王蓝婧.电力信息系统中基于属性的访问控制模型的设计[J].电力系统自动化, 2007, vol. 31(7): 81~84, 98.
[18]Celia Li, Cungang Yang, Todd Mander, Richard Cheung. Advanced Security Model for Power System Computer Networks[C]. Power Engineering Society General Meeting, 2005: 1115~1122.
[19]Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein. Role-based Access Control Codels[J]. IEEE Computer, Feb. 1996, Vol. 29(2): 38~47.
[20]曾剑平,郭东辉.一种基于可信度计算的集成身份认证与访问控制的安全机制[J].计算机工程, 2005, vol. 31(24): 30~32.
[21]许访,沈昌祥.信任动态多级安全模型及其实现[J].计算机工程, 2005, vol. 31(13): 27~28.
[22]沈昌祥,张焕国,冯登国,等.信息安全综述[J].中国科学(E辑:信息科学), 2007, vol. 37(2): 129~150.
[23]屈延文.软件行为学[M].电力工业出版社,北京: 2004.
[24]John Mallery, Jason Zann et al.邓琦皓,孙学涛,许鸿飞译. Network Security–Bulletproof Your Systems before You Are Hacked中文版[M].北京:清华大学出版社, 2006.
[25]李卿,乔元松,郑慧.角色分离的层次化RBAC模型[J].计算机工程与设计, 2005, vol. 26(6): 1563~1565, 1585.
[26]顾春华,肖宝亮. RBAC模型层次关系中的角色权限[J].华东理工大学学报(自然科学版), 2007, vol. 33(1): 96~99.
[27]苏玮,曾广周.一种考虑用户可信度的动态RBAC模型[J].计算机工程, 2005, vol. 31(15): 84~86.
[28]赖菲.电力市场运营系统体系结构设计及实现技术[J].电力自动化设备, 2006, vol. 26(3): 57~60.
[29]丁军威,夏清,胡旸.发电侧逐步市场化的竞价新模式[J].中国电机工程学报, 2003, vol. 23(3): 10~15.
[30]姚建刚,唐捷,李西泉.发电侧电力市场竟价交易模式的研究[J].中国电机工程学报, 2004, vol. 24(5): 79~83.
[31]彭春华,林中达.电力市场下发电侧的发电与报价优化策略[J].电力自动化设备, 2005, vol. 25(12): 1~5.
[32]张显,王锡凡.发电商长期电能分配策略研究[J].中国电机工程学报, 2005, vol. 25(1): 6~12.
[33]江健,夏清.基于期货的新型电力交易模式[J].中国电机工程学报, 2003, vol. 23(4): 31~37.
[34]李健,唐文忠.角色访问控制技术在管理信息系统中的应用[J].北京航空航天大学学报, 2003, vol. 29(6): 534~538.
[35]曹天杰,张永平.管理信息系统中基于角色的访问控制[J].计算机应用, 2001, vol. 21(8): 21~23.
[36]靳泰戈,余航.一种基于角色的访问控制模型及其实现[J].计算机应用研究, 2005, vol. 22(12): 138~140.
[37]徐洪学,郭秀英,刘永贤.基于RBAC的具有时空约束的工作流授权模型[J].东北大学学报(自然科学版), 2006, vol. 27(2): 217~220.
[38]Jason Crampton. XACML and Role-based Access Control. DIMACS Workshop on Security of Web Services and E-Commerce[C], May 5~6, 2005.
[39]徐兰芳.实现基于角色访问控制的PMI角色模型[J].华中科技大学学报(自然科学版), 2006, vol. 34(7): 24~26.
[40]杨静,张粒子,舒隽.电力市场下日前多边交易模型及算法研究[J].中国电机工程学报, 2005, vol. 25(19): 51~56.
[41]张国立,李庚银,谢宏.日前和实时市场统一电能交易模型[J].中国电机工程学报, 2006, vol. 26(21): 50~56.
[42]张竞,肖先勇.基于XML的电能质量标准数据共享模型及跨平台数据交换[J].电力自动化设备, 2007, vol. 27(12): 88~92.
[43]杨鲲鹏,李海峰. SOAP消息安全性分析及其加密、签名的实现[J].计算机与现代化, 2005, 6: 123~126.
[44]罗汉武,李昉,张栋.安全数据网的构建及其在河南电力调度数据网应用[J].电力自动化设备, 2007, vol. 27(1): 65~67.
[45]吴俊勇.一种通用的电力市场安全高速通信通道方案的实现[J].电力系统自动化, 2005, vol. 29(7): 93~97.
[46]刘小览.基于XML的网络安全技术[J].计算机工程, 2006, vol. 32(2): 164~166.
[47]史开泉,陈泽雄.电力系统加密通信与通信认证问题[J].中国电机工程学报, 2002, vol. 22(10): 34~38.
[48]杨争林,宋燕敏,曹荣章.基于Web Services技术的数据申报实现[J].电力系统自动化, 2005, vol. 29(4): 14~17.
[49]宋磊,罗其亮,罗毅.电力系统实时数据通信加密方案[J].电力系统自动化, 2004, vol. 28(14): 76~81.
[50]伍军,段斌,黄生龙.基于可信计算方法的变电站自动化远程通信设计[J].电力系统自动化, 2005, Vol. 29(24): 60~65.
[51]段斌,刘念,王键,等.基于PKI/PMI的变电站自动化系统访问安全管理[J].电力系统自动化, 2005, Vol. 39(23): 58~63.
[52]王保义,于晓波.电力工作流中基于组织与任务的访问控制模型[J].电力系统自动化, 2007, vol. 31(4): 51~55.
[53]Mingchao Ma, Steve Woodhead. Constraint-enabled Distributed RBAC forSubscription-based Remote Network Services[C]. Proceedings of The Sixth IEEE International Conference on Computer and Information Technology, 2006.
[54]Qi Li, Jingpu Shi, SihanQing. An Administration Model of DRBAC on the Web[C]. Proceedings of the2005 IEEE International Conference on e-Bussiness Engineering, 2005.
[55]何卫,唐成虹,张祥文等.基于IEC61850的IED数据结构设计[J].电力系统自动化, 2007, vol. 31(1): 57~60.
[56]段斌,王键.变电站自动化信息交换认证体系[J].电力系统自动化, 2005, vol. 29(9): 55~59.
[57]IEC 61850-7-2. Communication Networks and Systems in Substations– Part 7-2: Basic Communication Structure for Substation and Feeder Equipment– Abstract Communication Service Interface (ACSI) [S]. 2003.
[58]ITU-T Recommendation X.509 | ISO/IEC 9594-8:“Information Technology– Open Systems Interconnection– The Directory: Public-Key and Attribute Certificate Frameworks”[S]. 2001.
[59]江智伟.变电站自动化及其新技术[M].北京:中国电力出版社, 2006.
[60]谭文恕.变电站通信网络和系统协议IEC61850介绍[J].电网技术, 2001, vol. 25(9): 8~11.
[61]ABIGENT D, ADAMIAK M, MACKIEWICZ R. IEC 61850 Communication Networks and Systems in Substation: An Overview for Users[EB/OL]. http://www.sisconet.com.
[62]段斌,王健.变电站自动化信息交换安全认证体系[J].电力系统自动化, 2005, vol. 29(9): 55~59.
[63]Yuanyuan Lin, Bin Duan. Strengthen the Security of Data Communication in Wind Power Farm with Improved TLS Protocol[C]. DRPT2008, 6-9 April 2008 Nanjing China.
[64]邓兆云,张建平.电力调度生产管理信息系统的工作流系统[J].电力系统自动化, 2003, vol. 27(10): 78~80.
[65]陆剑江,张建平.电力系统中移动工作流平台的设计[J].电力系统自动化, 2004, vol. 28(17): 84~87.
[66]Elisa Bertino, Elena Ferrari, Vijayalakshmi Atluri. A Flexible Model Supporting the Specification and Enforcement of Role-based Authorizations in Workfiow Management Systems[C]. In Proc of the 2nd ACM Workshop on Role-based Access Control, November 1997.
[67]Jason Crampton. A Reference Monitor for Workflow Systems with Constrained Task Execution[C]. In Proc of the 10th ACM Symposium on Access Control Models and Technologies, 2005.
[68]程渤,浮花玲,杨国纬.基于工作流及集成中间件技术的电力信息一体化设计及实现[J].电力系统自动化, 2004, vol. 28(19): 80~83.
[69]王玮,徐丽杰,王林等.基于工作流的电力系统检修管理建模方法和技术实现[J].电力系统自动化, 2004, vol. 28(13): 80~84.
[70]邹盟军,黄炜.基于组件的工作流管理平台的设计与实现[J].电力系统自动化, 2004, vol. 28(10): 88~90.
[71]罗滇生,葛亮,姚尧等.发电企业柔性工作流管理系统[J].电力系统自动化, 2003, vol. 27(22): 76~79.
[72]孔震,林峰,俞俊. PI 2000工作流引擎的设计与实现[J].电力系统自动化, 2003, vol. 27(21): 75~78.
[73]王晴.电气设备与电力线路典型操作票工作票200例[M].北京:中国电力出版社, 2005.
[74]李晓明,潘艳蓉,张莲梅.异构电力信息系统综合查询的设计与实现[J].电力系统自动化, 2004, vol. 28(3): 81~85.
[75]胡严,谢小荣,辛耀中.电力信息系统建模和定量安全评估[J].电力系统自动化, 2005, vol. 29(10): 30~35.
[76]Mohammad A. Al-Kahtani, Ravi Sandhu. A Model for Attribute-Based User-Role Assignment[C]. 18th Annual Computer Security Applications Conference, 2002: 353~362.
[77]Eric Yuan, Jin Tong. Attribute Based Access Control (ABAC) for Web Services[C]. Proceedings of the IEEE International Conference on Web Services, 2005.
[78]Chadwick, D.W., Otenko, A. RBAC Policies in XML for X.509 Based Privilege Management[C]. Security Engineering Conference, 2002.
[79]高卓,罗毅,涂光瑜.基于分布式对象技术的变电站远程维护系统[J].电力系统自动化, 2002, vol. 26(16): 66~70.
[80]蒋年德,魏育成.变电站综合自动化系统体系结构研究[J].电网技术, 2003, vol. 27(10): 48~51.
[81]孙鸣,谢芝东.基于嵌入式以太网的变电站自动化系统无缝通信体系结构[J].电网技术, 2007, vol. 31(9): 70~79.
[82]谢大为,杨晓忠.调度自动化系统中远动技术网络化的实现[J].电网技术, 2004, vol. 28(8): 34~37.
[83]吴在军,胡敏强.基于IEC 61850标准的变电站自动化系统研究[J].电网技术, 2003, vol. 27(10): 61~65.
[84]辛耀中. 2006年国际大电网会议系列报道(二)电力系统运行与控制新进展[J].电力系统自动化, 2006, vol. 30(22): 1~6.
[85]徐立子.变电站自动化系统的可靠性分析[J].电网技术, 2002, vol. 26(8): 68~72.
[86]陈升.网络化变电站自动化系统的应用[J].电网技术, 2003, vol. 27(2): 72~75.
[87]段斌,孙璐,邹吉昌.基于SAML的电力企业集成服务智能登录系统设计[J].电力系统自动化, 2006, vol. 30(15): 30~34.
[88]黄敏,朱永利.基于多Agent和IEC61850的电力远动通信系统模型[J].电网技术, 2006, vol. 30(21): 78~83.
[89]周武,金远平. XML数据语义映射方法研究[J].计算机工程与应用, 2003, 28: 88~91.
[90]杨波,王常吉,段海新,等.基于PKI/PMI的校园网安全单一登录方案[J].计算机工程与应用, 2004, 36: 118~121.
[91]Liu Nian, Duan Bin, Wang Jian, et al. Study on PMI Based Access Control of Substation Automation System[C]. IEEE Power Engineering Society General Meeting, 2006.
[92]王民昆,田立峰,苟骁毅.四川电网调度自动化综合监控系统[J].电网技术, 2006, vol. 30(21): 89~93.
[93]IEC62351-3. Power Systems Management and Associated Information Exchange-Data and Communication Security-Part 3: Communication Network and Dystem Security-Profiles Including TCP/IP[S], 2007.
[94]IEC62351-4. Power Systems Management and Associated Information Exchange-Data and Communication Security-Part 4: Profiles Including MMS[S], 2007.
[95]IEC62351-5. Power Systems Management and Associated Information Exchange-Data and Communication Security-Part 5: Security for IEC 60870-5 and Derivatives[S], 2007.
[96]IEC62351-6. Power Systems Management and Associated Information Exchange - Data and Communication Security-Part 6: Security for IEC61850[S], 2007.
[97]廖建容,段斌,谭步学,孙璐.基于口令的变电站数据与通信安全认证[J].电力系统自动化, 2007, vol. 31(10): 71~75.
[98]Xin Jianbo, Duan Xianzhong. A Priority-based Transfer Scheme Bbased on Information Models in Switched Ethernet for Substation Process-level[J]. Istanbul University Journal of Electrical & Electronics Engineering. 2005, vol. 5(2): 1403~1409.
[99]孙军平,盛万光等.新一代变电站自动化网络通信系统研究[J].中国电机工程学报, 2003, vol. 23(3): 16~19.
[100]殷志良,刘万顺,杨奇逊等.基于IEC 61850的通用变电站事件模型[J].电力系统自动化, 2005, vol. 19(29): 45~50.
[101]邵光强,王岳. OpenSSL在IEC61850通信安全中的应用[J].电力系统通信, 2008, vol. 29(6): 30~34.
[102]李春光,孙朝霞.基于安全散列算法的口令安全机制及Java实现[J].青岛理工大学学报, 2005, vol. 26(5): 67~70.
[103]Taylord, Perrint et al. Using SRP for TLS Authentication[EB/OL]. [2006-08.20] http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-12.txt, 2006.