CN113434866A - Unified risk quantitative evaluation method for instrument functional safety and information safety strategies - Google Patents

Abstract

The invention discloses a unified risk quantification assessment method for instrument function safety and information security strategy. The method specifically includes establishing an instrument integrated causal failure model by combining an attack tree and a fault tree; analyzing the possibility of attack occurrence and exploiting loopholes Calculate the failure probability of each functional module of the instrument; according to the attributes of the security policy, analyze the instrument security loopholes that can be mitigated by the instrument functional safety and information security strategy and the corresponding strategy implementation effect; add in the instrument integration causal failure model Protect nodes and establish an instrument security policy evaluation model; through expert scoring of each functional module of the instrument, the instrument functional safety and information security policies are quantitatively evaluated according to the changes in the risk value before and after the implementation of the security policy. The invention can provide a certain theoretical basis for the deployment of the safety strategy in the instrument design process, and improves the accuracy compared with the qualitative evaluation in the current safety standards.

Description

Unified risk quantitative evaluation method for instrument functional safety and information safety strategies

Technical Field

The invention belongs to the field of instrument safety protection, and particularly relates to a unified risk quantitative evaluation method for instrument functional safety and information safety strategies.

Background

With the rapid development of microcomputer technology and network communication technology, intelligent instruments with functions of measurement, operation, control, execution, communication, diagnosis, etc. are widely used in field devices of industrial control systems. However, compared with the traditional instrument, the intelligent instrument brings great convenience to production and operation, and simultaneously faces threats such as continuously increased functional failure factors and accelerated penetration of information attack. Therefore, there is an urgent need for functional safety and information safety protection of smart meters. How to carry out effective unified quantitative evaluation on the instrument safety protection strategy under the requirements of functional safety and information safety protection so as to provide theoretical guidance for later-stage deployment of the instrument functional safety and information safety protection strategy is a big problem to be solved at present.

At present, the instrument function safety and information safety strategies have independent effectiveness evaluation methods, and different safety standards lack a unified evaluation method and index for the safety strategies. In the prior art, the target and the function of the functional security strategy are qualitatively described, and the vulnerability relieved by the information security strategy, the existing problems and the like are qualitatively evaluated. The methods are all used for evaluating and describing the safety protection strategy through a qualitative method, accuracy is lacked, and no evaluation method can quantitatively evaluate the safety risk of an instrument at present.

Disclosure of Invention

Aiming at the defects or the improvement requirements of the prior art, the invention provides a unified risk quantitative evaluation method for the instrument functional safety and the information safety strategy, aiming at carrying out unified evaluation on the instrument functional safety and the information safety strategy through a quantitative method based on the risk angle, and improving the accuracy compared with the existing qualitative method.

In order to achieve the above object, the present invention provides a method for quantitatively evaluating a unified risk of an instrument functional security and an information security policy, the method specifically includes the following steps:

(1) inquiring instrument information security loopholes, analyzing attack paths which can be taken by attackers, and establishing an attack tree;

(2) analyzing the vulnerability of the functional module of the instrument, deducing the failure process of the function and establishing a fault tree;

(3) establishing an instrument integrated causal failure model based on an attack tree and a fault tree according to the relevance between the information security event and the functional failure event;

(4) quantifying the failure probability of the instrument functional module from the probability of implementing the attack and the probability of the exploit;

(5) performing security attribute analysis on the instrument function security and the information security policy from the perspective of security function, policy association, security level and security target;

(6) adding a protection node associated with a safety attribute in the instrument integrated causal failure model, and establishing an evaluation model of a safety strategy;

(7) and quantitatively evaluating the function safety and information safety strategies of the instrument according to a risk quantitative formula by combining assets of each function module of the instrument.

Further, the step (4) specifically includes:

(41) the probability of implementing an attack is:

wherein A is_iRepresenting an attack event initiated by any one attack node, namely an attacker; p (ai) represents the probability of an attack node occurring; cost_AiIndicating the origin of an attack eventThe required cost;

representing the ease of initiating an attack event; det_AiIndicating a level at which an attack event may be discovered; w_costA weight representing an attack cost parameter; w_diffA weight representing an attack difficulty parameter; w_detRepresents the weight of the discovered likelihood parameter, and W_cost+W_diff+W_det＝1；

A utility value representing an attack cost parameter;

a utility value representing an attack difficulty parameter;

a utility value representing a parameter of likelihood of attack being discovered;

the probability of vulnerability being exploited ═ attack pathway score × attack complexity score × authentication score × ((confidentiality impact score × confidentiality weight) + (integrity × integrity weight) + (availability × availability weight));

(42) combining the probability of implementing the attack and the probability of utilizing the vulnerability with an integrated causal failure model of the instrument, quantifying the failure probability of each functional module of the instrument:

P(F_i)＝P(F_i|V_i＝T，A_i＝T)×P(V_i＝T)×P(A_i＝T)+P(F_i|V_i＝T，A_i＝F)×P(V_i＝T)×P(A_i＝F)+P(F_i|V_i＝F，A_i＝T)×P(V_i＝F)×P(A_i＝T)+P(F_i|V_i＝F，A_i＝F)×P(V_i＝F)×P(A_i＝F)

wherein, P (F)_i) For intelligent instrument function module F_iProbability of failure, P (F)_i|V_i,A_i) Strip for indicating failure of functional module of intelligent instrumentProbability of article, P (V)_iT) represents the probability of a vulnerability node being exploited, P (V)_iF) denotes the probability that a vulnerability node is not utilized, P (a)_iT) denotes the probability of occurrence of an attack node, P (a)_iF) represents the probability that an attacking node has not occurred.

Further, the step (5) specifically includes:

(51) inquiring a safety standard based on instrument information security holes and instrument function module fragility in the step (1) and the step (2), and selecting a function security strategy and an information security strategy suitable for the instrument;

(52) analyzing information security vulnerability and function module vulnerability which can be relieved by a security strategy according to qualitative description of a function security strategy and an information security strategy of an instrument in a security standard and by combining the security function, strategy association and security target attribute of the security strategy;

and grading the security policy according to the security level attribute of the security policy to determine the policy implementation effect.

Further, the step (6) specifically includes:

(61) implementing the safety loophole of the instrument functional module which can be relieved according to the instrument safety strategy, and adding protection nodes after connecting logic gates of an attack node and a loophole node and after a functional failure node in an instrument integrated causal failure model;

(62) and setting different protection coefficients for the associated protection nodes according to the grade of the instrument safety strategy, and establishing an instrument safety strategy evaluation model.

Further, the step (7) specifically includes:

(71) carrying out important interaction scoring on the safety related function module assets, wherein the safety related function module assets comprise instrument sensing and detection, data processing and control, electric output and drive and network communication;

(72) quantitatively evaluating the functional safety strategy and the information safety strategy of the instrument by using a quantitative formula in combination with the failure probability of each safety-related functional module of the instrument obtained by the instrument safety strategy evaluation model after the safety strategy is implemented;

the quantization formula is:

wherein, Delta R is the risk variation value of the instrument before and after the implementation of the safety strategy, W_iValue scores of all function modules of the instrument based on the interaction scoring;

functional module failure probability after enforcement of functional security policies

The calculation formula is as follows:

functional module failure probability after implementing information security policy

The calculation formula is as follows:

wherein d is_jThe protection coefficient of the associated protection node corresponding to the security policy of the security vulnerability of the instrument can be relieved.

On the other hand, the application also realizes a unified risk quantitative evaluation system of the instrument function safety and information safety strategy, and the system comprises the following parts:

the first module is used for inquiring the security vulnerability of the instrument information, analyzing an attack path which can be taken by an attacker and establishing an attack tree;

the second module is used for analyzing the vulnerability of the instrument functional module, deducing the functional failure process and establishing a fault tree;

the third module is used for establishing an instrument integrated causal failure model based on an attack tree and a fault tree according to the relevance between the information security event and the functional failure event;

a fourth module for quantifying a failure probability of the meter functional module from a probability of implementing the attack and a probability of the exploit;

the fifth module is used for analyzing the safety attribute of the instrument function safety and the information safety strategy from the aspects of safety function, strategy association, safety level and safety target;

the sixth module is used for adding a protection node associated with the safety attribute in the integrated causal failure model of the instrument and establishing an evaluation model of the safety strategy;

and the seventh module is used for quantitatively evaluating the functional safety and information safety strategies of the instrument according to a risk quantitative formula by combining the assets of each functional module of the instrument.

Further, the fourth module specifically includes:

the first unit is used for analyzing the probability of implementing the attack, and specifically comprises the following steps:

wherein A is_iRepresenting an attack event initiated by any one attack node, namely an attacker; p (ai) represents the probability of an attack node occurring; cost_AiRepresents the cost required to launch an attack event;

representing the ease of initiating an attack event; det_AiIndicating a level at which an attack event may be discovered; w_costA weight representing an attack cost parameter; w_diffA weight representing an attack difficulty parameter; w_detRepresents the weight of the discovered likelihood parameter, and W_cost+W_diff+W_det＝1；

A utility value representing an attack cost parameter;

a utility value representing an attack difficulty parameter;

a utility value representing a parameter of likelihood of attack being discovered;

the probability of vulnerability being exploited ═ attack pathway score × attack complexity score × authentication score × ((confidentiality impact score × confidentiality weight) + (integrity × integrity weight) + (availability × availability weight));

the second unit is used for combining the probability of implementing the attack and the probability of utilizing the vulnerability with an integrated causal failure model of the instrument, and quantifying the failure probability of each functional module of the instrument:

P(F_i)＝P(F_i|V_i＝T，A_i＝T)×P(V_i＝T)×P(A_i＝T)+P(F_i|V_i＝T，A_i＝F)×P(V_i＝T)×P(A_i＝F)+P(F_i|V_i＝F，A_i＝T)×P(V_i＝F)×P(A_i＝T)+P(F_i|V_i＝F，A_i＝F)×P(V_i＝F)×P(A_i＝F)

wherein, P (F)_i) For intelligent instrument function module F_iProbability of failure, P (F)_i|V_i,A_i) Indicating probability of failure condition of smart meter functional module, P (V)_iT) represents the probability of a vulnerability node being exploited, P (V)_iF) denotes the probability that a vulnerability node is not utilized, P (a)_iT) denotes the probability of occurrence of an attack node, P (a)_iF) represents the probability that an attacking node has not occurred.

Further, the fifth module specifically includes:

the query module is used for querying a safety standard based on instrument information security holes and the vulnerability of an instrument functional module in the first module and the second module, and selecting a functional security strategy and an information security strategy which are suitable for the instrument;

the analysis unit is used for analyzing information security vulnerabilities and function module vulnerabilities which can be relieved by the security strategy according to qualitative description of the function security strategy and the information security strategy of the instrument in the security standard and by combining the security function, strategy association and security target attribute of the security strategy;

and grading the security policy according to the security level attribute of the security policy to determine the policy implementation effect.

Further, the sixth module specifically includes:

the protection adding unit is used for implementing the safety loophole of the instrument function module which can be relieved according to the instrument safety strategy, and adding protection nodes after connecting the attack nodes and the logic gates of the loophole nodes in the instrument integrated causal failure model and after the function failure nodes;

and the evaluation model establishing unit is used for setting different protection coefficients for the associated protection nodes according to the grade of the instrument safety strategy and establishing an instrument safety strategy evaluation model.

Further, the seventh module specifically includes:

the system comprises an importance scoring unit, a safety-related function module asset management unit and a safety-related function module asset management unit, wherein the importance scoring unit is used for performing importance interactive scoring on the safety-related function module asset, and the safety-related function module asset comprises instrument sensing and detection, data processing and control, electric output and drive and network communication;

the quantitative evaluation unit is used for quantitatively evaluating the functional safety strategy and the information safety strategy of the instrument by using a quantitative formula in combination with the failure probability of each safety-related functional module of the instrument obtained by the instrument safety strategy evaluation model after the safety strategy is implemented;

the quantization formula is:

wherein, Delta R is the risk variation value of the instrument before and after the implementation of the safety strategy, W_iValue scores of all function modules of the instrument based on the interaction scoring;

functional module failure probability after enforcement of functional security policies

The calculation formula is as follows:

functional module failure probability after implementing information security policy

The calculation formula is as follows:

wherein d is_jThe protection coefficient of the associated protection node corresponding to the security policy of the security vulnerability of the instrument can be relieved.

Generally, compared with the prior art, the above technical solution conceived by the present invention has the following beneficial effects:

(1) the unified risk quantitative evaluation method for the instrument functional safety and information safety strategies, provided by the invention, overcomes the limitation of qualitative description on the functional safety and information safety strategies in the traditional safety standard, and can effectively analyze the implementation effect of the instrument functional safety and information safety strategies;

(2) firstly, analyzing the instrument function module bugs which can be relieved by the instrument security strategy according to the security target, the security function and the strategy association attribute of the instrument function security and information security strategy, then analyzing the security strategy implementation effect according to the security level attribute of the instrument security strategy, and finally associating the security attribute to a protection node in a security strategy evaluation model, thereby providing possibility for the instrument function security strategy and the information security strategy based on unified scale analysis;

(3) the method performs unified quantitative evaluation on the instrument function safety and information safety strategies from the risk perspective, improves the accuracy and provides a certain theoretical basis for the deployment of the safety strategies compared with a qualitative method.

Drawings

FIG. 1 is a schematic flow diagram of the process of the present invention;

FIG. 2 is a schematic diagram of an instrument attack tree in an embodiment of the invention;

FIG. 3 is a schematic diagram of a meter fault tree in an embodiment of the present invention;

FIG. 4 is a schematic diagram of an instrument integration causal failure model in an embodiment of the present invention;

FIG. 5 is a schematic diagram of a process for extracting and analyzing the functional safety and information security policy attributes of the meter according to the present invention;

FIG. 6 is a schematic diagram of a meter functional safety and information security policy evaluation model in the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.

The invention provides a method for quantitatively evaluating the unified risk of instrument functional safety and information safety strategies, the flow of which is shown in figure 1, and the method comprises the following steps:

step 1: inquiring the security loophole of the instrument information, analyzing the attack path possibly taken by an attacker, and establishing an attack tree.

Step 1.1: and acquiring an instrument security vulnerability list by executing vulnerability scanning or inquiring an information security vulnerability library, and then analyzing all possible attack scenes according to the instrument security vulnerability list and combining with a known attack strategy.

Inquiring an information security leak library to find common instrument information security vulnerabilities CNVD-2021-; by means of the configuration, check management, debugging and other functions of the general portable manual operator or instrument management communication software, the firmware or the operating system of the intelligent instrument can be tampered through a debugging interface and the like, and even malicious codes are injected, so that the functions of the data processing and control module of the intelligent instrument are invalid; the attacker can also access the intelligent instrument through unauthorized external equipment or communication configuration software, so that the operations of malicious tampering of the range of the intelligent instrument, zero drift, stopping working and the like can be realized.

Step 1.2: and taking the attack event node and the vulnerability node as leaf nodes, analyzing the functional failure event possibly caused by attacking by utilizing vulnerability launching information, taking the functional failure event as a root node, and establishing an attack tree from bottom to top. The attack tree is shown in fig. 2.

Step 2: and analyzing the vulnerability of the functional module of the instrument, deducing the failure process of the function and establishing a fault tree.

Step 2.1: and (3) analyzing the vulnerability of each safety related function module of the instrument by combining the process potential failure mode and consequence analysis table or consulting field engineering personnel, and determining the function module with common failure of the instrument, wherein the process potential failure mode and consequence analysis table are shown in table 1.

TABLE 1

Step 2.2: taking a failure event of a certain function module of the instrument as a top-level event node, taking the failure event of the function module causing the occurrence of the top-level event as a basic event node by combining the working operation principle of the instrument, connecting the top-level event node and the basic event node through a logic gate and a directed edge, and establishing a fault tree from top to bottom.

The input signal of the intelligent instrument is processed by conversion, amplification, shaping, compensation and the like through a switching value input channel circuit or an analog value input channel circuit. For analog quantity signals, the analog quantity signals need to be converted into digital signals through an A/D converter and then are sent to a microcontroller through an interface. The microcontroller processes and calculates the input data, and sends the processed data to the display or printer via interface, or outputs switch signal or converts the signal into analog signal via D/A converter of analog channel, or realizes data communication via serial interface (such as RS-232) to complete complex measurement and control tasks. Therefore, once the sensing detection module or the data processing and control module fails to work, the output driving module and the network communication module also fail. Based on the failure scenario, a fault tree is built from top to bottom, as shown in fig. 3.

And step 3: whether the same node exists between the basic event node of the fault tree and the attack target node of the attack tree is analyzed, once the same node exists, the same basic node of the fault tree is used as the attack target, an attack path is added, and the integrated causal failure model of the instrument is obtained. The instrument integrated causal failure model is shown in fig. 4.

And 4, step 4: the possibility of occurrence of a failure event of the meter function module is analyzed from the viewpoints of the possibility of attack implementation, the possibility of exploitation of a vulnerability, and the like.

Step 4.1: and analyzing the possibility of attack launching from the attack cost, the attack difficulty and the possibility of attack discovery, and analyzing the possibility of vulnerability exploitation through a CVSS vulnerability scoring standard.

Considering that the possibility of an attacker to launch an attack is related to the attack cost, the attack difficulty and the possibility of discovering the attack, and when the possibility of attacking nodes is calculated, the three attribute values are given to each attacking node. And converting the attributes into utility values for realizing the target by applying a multi-attribute utility theory. The formula for calculating the attack possibility of the attacker is as follows:

wherein: a. the_iRepresenting an attack event initiated by any one attack node, namely an attacker; p (A)_i) Representing the probability of the attack node;

represents the cost required to launch an attack event;

representing the ease of initiating an attack event; det_AiIndicating the level at which an attack event may be discovered. W_costA weight representing an attack cost parameter; w_diffA weight representing an attack difficulty parameter; w_detRepresents the weight of the estimated found likelihood parameter and the sum of these three weight coefficients is 1.

A utility value representing an attack cost parameter;

a utility value representing an attack difficulty parameter;

a utility value representing a parameter of the likelihood of attack being discovered.

Solving the probability P (A) of the occurrence of the attack event by the formula (1)_i) Three attributes are involved and therefore need to be evaluated by making corresponding scoring criteria. The rating and scoring criteria used in the present invention are shown in table 2.

TABLE 2

To calculate the probability of an attacker launching an attack event, a utility value needs to be calculated

As can be seen by the analysis, the method,

diff_Ai、

and

in an inversely proportional relationship. For calculation, the correspondence between the three groups is taken as u (x) 1/x. The probability P (A) of the occurrence of an attack event can be determined by using the formula (1)_i)。

Common Virtualization Scoring System (CVSS), which is a "universal Vulnerability Scoring System," is an industry-published standard designed to evaluate the severity of vulnerabilities, and is mainly used to help people establish a standard for evaluating the severity of vulnerabilities, thereby facilitating analysis of the severity of vulnerabilities. The method calculates the possibility of utilizing the information security vulnerability of the instrument through the CVSS. The CVSS includes three elements of a basic score, a provisional score and an environmental score, and only the basic score needs to be considered here, and the basic score evaluation index is shown in table 3.

TABLE 3

Basic score ═ attack pathway score ═ attack complexity score · authentication score ((confidentiality impact score · confidentiality weight) + (integrity · integrity weight) + (availability · availability weight))

Step 4.2: and analyzing historical data or consulting field engineers to analyze the failure conditional probability of each functional module of the instrument, and combining the attack starting probability of an attacker and the utilization probability of the vulnerability in the formula (1) to obtain the failure probability of each functional module of the instrument.

And 5: and performing safety attribute characteristic quantitative analysis on the instrument function safety and information safety strategies from the aspects of safety functions, strategy association, safety levels, safety targets and the like. The attribute analysis quantization flow diagram of the security policy is shown in fig. 5.

Step 5.1: and (3) selecting a function failure control strategy and an information safety protection strategy suitable for the instrument by inquiring relevant safety standards according to the common information security loopholes and the function module failure mechanism of the instrument obtained in the step (1) and the step (2).

The intelligent instrument is used as a device of a field physical layer, the information security threats faced by the intelligent instrument mainly comprise DOS attacks, access and tampering of unknown devices and the like, access control, intrusion detection, log management, authority control and identity verification strategies are selected according to the IEC62443 information security standard, the acquisition, operation, output and communication functions of the instrument are realized by considering that the instrument mainly passes through a sensing and detection module, a data processing and control module, an electric output and drive module and a network communication interface functional module, and once a functional module fails, the action value of the instrument is greatly influenced. The invention selects the technical strategies of microprocessor unit diagnosis, acquisition diagnosis, output diagnosis, time sequence and logic monitoring and multiplexing according to IEC 61508.

Step 5.2: and analyzing the security vulnerability of the instrument function module and the implementation effect of the security strategy, which can be relieved by the security strategy, according to the qualitative description of the function security and information security strategy of the instrument in the related security standard and the security function, strategy association and security target attribute of the instrument security strategy.

Taking the authority control as an example, the authority control is the first step of protecting the industrial control system and its key assets from accidental damage. The rights control determines the process by which the associated role should be allowed to enter or leave a system. Once this information is determined, defense-in-depth access control measures can be implemented to verify that only authorized personnel and equipment can actually access the industrial control system. Therefore, the authority control can relieve the access vulnerability of unknown equipment. Compared with the traditional authority control, the role-based authority control overcomes the problem that the role authority is difficult to update in time in a dynamic environment through the access based on the user role or work responsibility, and has a better vulnerability protection effect.

Step 6: and adding a protection node associated with the safety attribute in the causal failure model, and establishing an evaluation model of the safety strategy.

Step 6.1: and implementing the safety loophole of the instrument functional module which can be relieved according to the instrument safety strategy, and adding protection nodes after connecting logic gates of the attack nodes and the loophole nodes and after the functional failure nodes in the integrated causal failure model of the instrument.

And 5, obtaining a vulnerability which can be relieved by implementing the information security strategy according to the fifth analysis of the step, adding a protection node in a corresponding attack path, and adding a protection node in a corresponding failure path according to the vulnerability of the functional module which can be relieved by implementing the functional security strategy obtained by the fifth analysis of the step. The instrument function security and information security policy associated protection node is shown in table 4.

TABLE 4

Step 6.2: and setting different protection coefficients for the protection nodes according to the implementation effect of the instrument safety strategy, and establishing an instrument safety strategy evaluation model.

For the security level attributes of the functional security and information security policies, the invention sets two different levels, and the security policy level attribute table is shown in table 5.

TABLE 5

And establishing an instrument safety strategy evaluation model based on the steps. The meaning of each node in the meter safety strategy evaluation model is shown in table 6.

TABLE 6

And 7: and quantitatively evaluating the function safety and information safety strategies of the instrument according to a risk quantitative formula by combining assets of each function module of the instrument.

Step 7.1: taking into account safety related function module assets such as instrument sensing and detection, data processing and control, electric output and drive, network communication and the like, and carrying out expert scoring according to the importance of the function module;

step 7.2: the change value delta P (F) of the failure probability of each functional module of the instrument before and after the implementation of the safety strategy_i) And quantitatively evaluating the functional safety and information safety strategies of the instrument by using a quantitative formula.

Wherein, Delta R is the risk change value of the instrument before and after the implementation of the safety strategy, n is the number of the safety-related function modules of the instrument, and W is the number of the safety-related function modules of the instrument_iAnd (4) scoring the value scores of all functional modules of the instrument based on expert scoring.

Obtaining F by analyzing historical data or consulting field engineers₁，F₂，F₃Conditional probability P (F) of a node₁|A₁,V₁)，P(F₂|A₂,V₂)，P(F₃|F₁,F₂)，P(F₄|F₁,A₃,V₃) In connection with attack event node A₁，A₂，A₃Probability of occurrence of P (A)₁)，P(A₂)，P(A₃) And the probability of occurrence of a vulnerability node P (V)₁)，P(V₂)，P(V₃). Further, the failure probability P (F) of each functional module can be calculated₁)，P(F₂)，P(F₃)，P(F₄)。

By implementing a security strategy, under the action of a security protection node, obtaining the occurrence probability of a new attack event node

Generation of new vulnerability nodesProbability of

Further obtaining the new probability of failure accident of each functional module

Value score W for bound function module_iI is 1, 2, 3, 4, finally obtaining the risk variation value formula

And (4) quantitatively evaluating the functional safety and the information safety strategy of the instrument according to the change of the risk value before and after the implementation of each safety strategy calculated by the formula (3).

Functional module failure probability after enforcement of functional security policies

The calculation formula is as follows:

functional module failure probability after implementing information security policy

The calculation formula is as follows:

d_jthe protection coefficient of the associated protection node corresponding to the security policy of the security vulnerability of the instrument can be relieved.

It will be appreciated by those skilled in the art that the foregoing is only a preferred embodiment of the invention, and is not intended to limit the invention, such that various modifications, equivalents and improvements may be made without departing from the spirit and scope of the invention.

Claims (10)

1. A unified risk quantitative evaluation method for meter functional safety and information safety strategies is characterized by comprising the following steps:

(1) inquiring instrument information security loopholes, analyzing attack paths which can be taken by attackers, and establishing an attack tree;

(2) analyzing the vulnerability of the functional module of the instrument, deducing the failure process of the function and establishing a fault tree;

(3) establishing an instrument integrated causal failure model based on an attack tree and a fault tree according to the relevance between the information security event and the functional failure event;

(4) quantifying the failure probability of the instrument functional module from the probability of implementing the attack and the probability of the exploit;

(5) performing security attribute analysis on the instrument function security and the information security policy from the perspective of security function, policy association, security level and security target;

(6) adding a protection node associated with a safety attribute in the instrument integrated causal failure model, and establishing an evaluation model of a safety strategy;

(7) and quantitatively evaluating the function safety and information safety strategies of the instrument according to a risk quantitative formula by combining assets of each function module of the instrument.

2. The method for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 1, wherein the step (4) specifically comprises:

(41) the probability of implementing an attack is:

wherein A is_iRepresenting an attack event initiated by any one attack node, namely an attacker; p (ai) represents the probability of an attack node occurring; cost_AiIndicating an initiating attack eventThe cost required;

representing the ease of initiating an attack event; det_AiIndicating a level at which an attack event may be discovered; w_costA weight representing an attack cost parameter; w_diffA weight representing an attack difficulty parameter; w_detRepresents the weight of the discovered likelihood parameter, and W_cost+W_diff+W_det＝1；

A utility value representing an attack cost parameter;

a utility value representing an attack difficulty parameter;

a utility value representing a parameter of likelihood of attack being discovered;

the probability of vulnerability being exploited ═ attack pathway score × attack complexity score × authentication score × ((confidentiality impact score × confidentiality weight) + (integrity × integrity weight) + (availability × availability weight));

(42) combining the probability of implementing the attack and the probability of utilizing the vulnerability with an integrated causal failure model of the instrument, quantifying the failure probability of each functional module of the instrument:

P(F_i)＝P(F_i|V_i＝T，A_i＝T)×P(V_i＝T)×P(A_i＝T)+P(F_i|V_i＝T，A_i＝F)×P(V_i＝T)×P(A_i＝F)+P(F_i|V_i＝F，A_i＝T)×P(V_i＝F)×P(A_i＝T)+P(F_i|V_i＝F，A_i＝F)×P(V_i＝F)×P(A_i＝F)

wherein, P (F)_i) For intelligent instrument function module F_iProbability of failure, P (F)_i|V_i,A_i) Indicating probability of failure condition of smart meter functional module, P (V)_iT) represents the probability of a vulnerability node being exploited, P (V)_iF) denotes the probability that a vulnerability node is not utilized, P (a)_iT) denotes the probability of occurrence of an attack node, P (a)_iF) represents the probability that an attacking node has not occurred.

3. The method for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 1, wherein the step (5) specifically comprises:

(51) inquiring a safety standard based on instrument information security holes and instrument function module fragility in the step (1) and the step (2), and selecting a function security strategy and an information security strategy suitable for the instrument;

(52) analyzing information security vulnerability and function module vulnerability which can be relieved by a security strategy according to qualitative description of a function security strategy and an information security strategy of an instrument in a security standard and by combining the security function, strategy association and security target attribute of the security strategy;

and grading the security policy according to the security level attribute of the security policy to determine the policy implementation effect.

4. The method for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 1, wherein the step (6) specifically comprises:

(61) implementing the safety loophole of the instrument functional module which can be relieved according to the instrument safety strategy, and adding protection nodes after connecting logic gates of an attack node and a loophole node and after a functional failure node in an instrument integrated causal failure model;

(62) and setting different protection coefficients for the associated protection nodes according to the grade of the instrument safety strategy, and establishing an instrument safety strategy evaluation model.

5. The method for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 2, wherein the step (7) specifically comprises:

(71) carrying out important interaction scoring on the safety related function module assets, wherein the safety related function module assets comprise instrument sensing and detection, data processing and control, electric output and drive and network communication;

(72) quantitatively evaluating the functional safety strategy and the information safety strategy of the instrument by using a quantitative formula in combination with the failure probability of each safety-related functional module of the instrument obtained by the instrument safety strategy evaluation model after the safety strategy is implemented;

the quantization formula is:

wherein, Delta R is the risk variation value of the instrument before and after the implementation of the safety strategy, W_iValue scores of all function modules of the instrument based on the interaction scoring;

functional module failure probability after enforcement of functional security policies

The calculation formula is as follows:

functional module failure probability after implementing information security policy

The calculation formula is as follows:

wherein d is_jThe protection coefficient of the associated protection node corresponding to the security policy of the security vulnerability of the instrument can be relieved.

6. A system for unified risk quantification assessment of meter functional safety and information security policies, the system comprising:

the first module is used for inquiring the security vulnerability of the instrument information, analyzing an attack path which can be taken by an attacker and establishing an attack tree;

the second module is used for analyzing the vulnerability of the instrument functional module, deducing the functional failure process and establishing a fault tree;

the third module is used for establishing an instrument integrated causal failure model based on an attack tree and a fault tree according to the relevance between the information security event and the functional failure event;

a fourth module for quantifying a failure probability of the meter functional module from a probability of implementing the attack and a probability of the exploit;

the fifth module is used for analyzing the safety attribute of the instrument function safety and the information safety strategy from the aspects of safety function, strategy association, safety level and safety target;

the sixth module is used for adding a protection node associated with the safety attribute in the integrated causal failure model of the instrument and establishing an evaluation model of the safety strategy;

and the seventh module is used for quantitatively evaluating the functional safety and information safety strategies of the instrument according to a risk quantitative formula by combining the assets of each functional module of the instrument.

7. The system for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 6, wherein the fourth module specifically comprises:

the first unit is used for analyzing the probability of implementing the attack, and specifically comprises the following steps:

wherein A is_iRepresenting an attack event initiated by any one attack node, namely an attacker; p (ai) represents the probability of an attack node occurring; cost_AiRepresents the cost required to launch an attack event;

representing the ease of initiating an attack event; det_AiIndicating a level at which an attack event may be discovered; w_costA weight representing an attack cost parameter; w_diffA weight representing an attack difficulty parameter; w_detRepresents the weight of the discovered likelihood parameter, and W_cost+W_diff+W_det＝1；

A utility value representing an attack cost parameter;

a utility value representing an attack difficulty parameter;

a utility value representing a parameter of likelihood of attack being discovered;

the probability of vulnerability being exploited ═ attack pathway score × attack complexity score × authentication score × ((confidentiality impact score × confidentiality weight) + (integrity × integrity weight) + (availability × availability weight));

the second unit is used for combining the probability of implementing the attack and the probability of utilizing the vulnerability with an integrated causal failure model of the instrument, and quantifying the failure probability of each functional module of the instrument:

P(F_i)＝P(F_i|V_i＝T，A_i＝T)×P(V_i＝T)×P(A_i＝T)+P(F_i|V_i＝T，A_i＝F)×P(V_i＝T)×P(A_i＝F)+P(F_i|V_i＝F，A_i＝T)×P(V_i＝F)×P(A_i＝T)+P(F_i|V_i＝F，A_i＝F)×P(V_i＝F)×P(A_i＝F)

wherein, P (F)_i) For intelligent instrument function module F_iProbability of failure，P(F_i|V_i,A_i) Indicating probability of failure condition of smart meter functional module, P (V)_iT) represents the probability of a vulnerability node being exploited, P (V)_iF) denotes the probability that a vulnerability node is not utilized, P (a)_iT) denotes the probability of occurrence of an attack node, P (a)_iF) represents the probability that an attacking node has not occurred.

8. The system for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 6, wherein the fifth module specifically comprises:

the query module is used for querying a safety standard based on instrument information security holes and the vulnerability of an instrument functional module in the first module and the second module, and selecting a functional security strategy and an information security strategy which are suitable for the instrument;

the analysis unit is used for analyzing information security vulnerabilities and function module vulnerabilities which can be relieved by the security strategy according to qualitative description of the function security strategy and the information security strategy of the instrument in the security standard and by combining the security function, strategy association and security target attribute of the security strategy;

and grading the security policy according to the security level attribute of the security policy to determine the policy implementation effect.

9. The system for quantitatively evaluating the unified risk of the meter functional safety and the information safety policy according to claim 6, wherein the sixth module specifically comprises:

the protection adding unit is used for implementing the safety loophole of the instrument function module which can be relieved according to the instrument safety strategy, and adding protection nodes after connecting the attack nodes and the logic gates of the loophole nodes in the instrument integrated causal failure model and after the function failure nodes;

and the evaluation model establishing unit is used for setting different protection coefficients for the associated protection nodes according to the grade of the instrument safety strategy and establishing an instrument safety strategy evaluation model.

10. The system according to claim 7, wherein the seventh module specifically comprises:

the system comprises an importance scoring unit, a safety-related function module asset management unit and a safety-related function module asset management unit, wherein the importance scoring unit is used for performing importance interactive scoring on the safety-related function module asset, and the safety-related function module asset comprises instrument sensing and detection, data processing and control, electric output and drive and network communication;

the quantitative evaluation unit is used for quantitatively evaluating the functional safety strategy and the information safety strategy of the instrument by using a quantitative formula in combination with the failure probability of each safety-related functional module of the instrument obtained by the instrument safety strategy evaluation model after the safety strategy is implemented;

the quantization formula is:

wherein, Delta R is the risk variation value of the instrument before and after the implementation of the safety strategy, W_iValue scores of all function modules of the instrument based on the interaction scoring;

functional module failure probability after enforcement of functional security policies

The calculation formula is as follows:

functional module failure probability after implementing information security policy

The calculation formula is as follows:

wherein d is_jThe protection coefficient of the associated protection node corresponding to the security policy of the security vulnerability of the instrument can be relieved.

Images