摘要
随着自动化控制技术的不断发展,其在工业控制领域应用得越来越广泛,逐步形成了以自动化控制为基础的工业控制系统。黑客们也已经将注意力从以往对网络服务器的攻击逐步转移到了对工业控制系统的攻击上。通过攻击工业控制系统不仅可对网络系统造成威胁,甚至可以破坏工业基础设施,危及人身安全及国家安全,因此工业控制系统安全已经受到广泛关注。组态软件作为工业控制系统软件功能的重要组成部分,其安全性将直接影响着整个工业控制系统的安全。文章综述了工业控制系统组态软件的特点及面临的安全风险,并以亚控组态软件(WELLINTECH)King View 6.53存在的缓冲区溢出漏洞为实例分析漏洞产生原因、攻击方法及危害,最后从组态软件业务逻辑、权限管理、运维部署等方面提出安全建议,提高组态软件及整个工业控制的安全防护能力。
With the continuous development of automatic control technology, in the combination of industry automation control and computer information technology, more and more widely used, and gradually formed the industrial control system based on automatic control. Hackers have also turned their attention from previous attacks on Web servers to industrial control systems. By attacking the industrial control system not only pose a threat to the network system, and even destroy the industrial infrastructure, endangering personal safety and national security, industrial control system security has been widespread concern. Configuration software is an important part of industrial control system software, and its security will directly affect the safety of the whole industrial control system. This paper summarizes the characteristics of the industrial control system configuration software and the security risks, and to buffer overflow vulnerabilities as examples to analyze causes, attack and harm, and finally puts forward the security building on configuration software business logic, rights management, deployment, enhance the ability of security protection of the industrial control system and configuration software.
出处
《信息网络安全》
CSCD
2017年第7期73-79,共7页
Netinfo Security
基金
国家自然科学基金[1471129]
关键词
工控安全
组态安全
组态软件
缓冲区溢出
industrial control safety
configuration security
configuration software
buffer overflow
