Research On Development Methods Of Industrial Data Acquisition System Based On CC

Industrial Data Acquisition System (DAS) provides the access service offield data which is an important function needed by Industrial Control System(ICS). DAS is the core part of ICS and is deployed in wild fields, such aspower, military and communication, just to name a few. Informationtechnology is now utilized in DAS pervasively, bringing the revolution ofproduction methods and increasing the productive efficiency. As the sametime, reasonable solution for information security is the key to the applicationof information technology in industrial domains. Thus, based on informationsecurity technology and characteristics of DAS, researching on systematicmethodologies to develop highly trusted DAS to meet the increasing securityrequirements is important and necessary both for theory and application.With the experiment of building a practical secure Industrial DAS inaccordance to the philosophy of the framework of the international standardsfor computer security evaluation, i.e., the Common Criteria (CC), research onmethods of secure DAS development is conducted this thesis. The maincontent of the dissertation are as follows:1 The secure engineering methodologies of secure DAS based onCC assurance requirementsResearching on the whole life-cycle secure engineering methodology ofDAS based on CC assurance requirements. A classification methodology ofCC assurance requirements is proposed, which organizes CC assurancerequirements into different layers according to the class's assurance scope inengineering activities, thus providing a general framework to integrate CCsecurity assurance requirements into software engineering activities. Basedon the layered structure, the integration framework of CC assurancerequirements and CMM (Capability Maturity Model) is proposed. Theextended CMM model is compatible of standard CMM and is able to meet thesecurity requirement of development process. At last, the secure engineeringmethod based on CC assurance requirements is constructed.2 The secure requirement engineering methodologies of secure DAS based on CC function requirementsResearching on the secure requirement engineering methodology ofsecure DAS based on CC functional requirements. A three-phase securerequirement engineering method is proposed. In the first phase, theearly-phase security requirement modeling, an extended i~* framework isproposed to modeling the security environments and security objectives ofsecure DAS visually and effectively. In the second phase, with theintroduction of trusted network connect, a Trust and Role Based AccessControl model (TRBAC) is constructed to meet the security threat of DAScompatibly. In the third phase, the late-phase security requirement modeling,a classification methodology of CC function requirements based onrequirement characteristics is proposed, and CC-UML, a requirementsmodeling language integrated CC functional requirements is constructed tomodeling the system requirements of secure DAS.3 The general software architecture of secure DAS and its keytechnologiesAn open and layered architecture of secure DAS which support theTRBAC access control model is proposed. Detailed researching on thesecure protocol of the architecture has been carried out, besides theformalization of them by Petri Net. A formal grammar based on BNF isproposed for the definition of security policy of DAS and the definition is given.Finally, a DAS server rapid developing methodology which integrating theaccess control interface is proposed. The tool is based on current rapiddevelopment method of DAS server, and has more security characteristics tomeet the security requirements better.4 Development and realization of secure DAS as a prototypeAccording to the methodology proposed, a prototype of a high levelsecure DAS is realized, and its application in industrial control environment isdiscussed.In summary, this thesis focuses on the research of the application ofinformation security technology in industrial domains, and the principleachievements made out are helpful to the exploration of novel developmentmethodologies of secure Industrial Data Acquisition System.