高级检索

用于继电保护装置的可信计算实现方案

A Trusted Computing Implementation Scheme for Relay Protection Devices

  • 摘要: 针对智能电网继电保护装置运行和维护过程中所面临的各种安全风险(如恶意代码注入、供应链攻击等),结合传统的嵌入式保护装置在主动免疫与内生安全方面的不足,提出了一种基于可信计算技术的安全增强方案。该方案通过对继电保护装置可信适配系统架构、可信根的选型和硬件适配技术、可信启动的技术环节、操作系统的可信增强、设备端可信配置管理命令集以及可信环境下告警与审计的内容和采集等多个方面的深入研究,设计了一种可以覆盖硬件适配、可信启动、运行时防护、配置管理及审计追踪的全栈可信计算方案。通过实验验证,该方案能够在满足装置整体业务性能的前提下,有效提高继电保护装置的安全性和可信度,具有良好的应用前景和推广价值。

     

    Abstract: Aiming at the various security risks faced by intelligent grid relay protection devices during operation and maintenance (e.g., malicious code injection, supply chain attacks) and addressing the shortcomings of traditional embedded protection devices in terms of active immunity and endogenous security, this paper proposes a security enhancement scheme based on trusted computing technology. Through in-depth research on multiple aspects including the trusted adaptation system architecture of relay protection devices, selection and hardware adaptation of trusted roots, trusted boot process, trusted enhancement of operating systems, device-end trusted configuration management command sets, and trusted alerting, auditing, and data collection, this study designs a comprehensive trusted computing solution covering hardware adaptation, trusted boot, runtime protection, configuration management, and audit tracing. Experimental results demonstrate that the proposed scheme can effectively improve the safety and reliability of relay protection devices while meeting the overall business performance of the device, and has good application prospects and promotion value.

     

/

返回文章
返回