[go: up one dir, main page]

CN111309978A - Transformer substation system safety protection method and device, computer equipment and storage medium - Google Patents

Transformer substation system safety protection method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111309978A
CN111309978A CN202010113096.8A CN202010113096A CN111309978A CN 111309978 A CN111309978 A CN 111309978A CN 202010113096 A CN202010113096 A CN 202010113096A CN 111309978 A CN111309978 A CN 111309978A
Authority
CN
China
Prior art keywords
substation system
program
transformer substation
hash value
executed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010113096.8A
Other languages
Chinese (zh)
Inventor
汪昌元
朱万生
肖平
蒋彦君
游晨曦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd
Original Assignee
Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd filed Critical Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd
Priority to CN202010113096.8A priority Critical patent/CN111309978A/en
Publication of CN111309978A publication Critical patent/CN111309978A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9014Indexing; Data structures therefor; Storage structures hash tables
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • Public Health (AREA)
  • Water Supply & Treatment (AREA)
  • Bioethics (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a transformer substation system safety protection method and device, computer equipment and a storage medium. The method comprises the following steps: receiving a program execution request sent by a transformer substation system; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the transformer substation system, sending the program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed. According to the application, the first hash value of the program to be executed is obtained through the safety monitoring system of the transformer substation system, whether the second hash value matched with the first hash value exists in the white list database or not is judged, the program to be executed is operated only when the second hash value exists, the safety threat caused by unknown programs or viruses in the transformer substation system can be avoided, and the safety protection performance of the transformer substation system is further improved.

Description

Transformer substation system safety protection method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of power safety technologies, and in particular, to a transformer substation system safety protection method, device, computer device, and storage medium.
Background
With the development of electric power safety technology, the safety of a substation system becomes an important component of the safety of electric power infrastructure, and once the substation system fails, the monitoring and operation of the state of the substation are affected, so that abnormal warning information cannot be checked, the power-on/off time is prolonged, and the personal safety risk during the operation of equipment is increased.
However, the existing transformer substation system security protection method still makes the transformer substation system vulnerable to security threats such as bugs, viruses and trojans existing in programs or systems, and has the problem of low security protection performance.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a substation system safety protection method, device, computer device and storage medium for solving the above technical problems.
A safety protection method of a transformer substation system is applied to a safety monitoring system of the transformer substation system, and comprises the following steps:
receiving a program execution request sent by the transformer substation system; the program execution request carries a program identifier for identifying a program to be executed;
acquiring a first hash value of the program to be executed corresponding to the program identifier;
and if a second hash value matched with the first hash value is stored in a white list database of the transformer substation system, sending a program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed.
In one embodiment, before sending the program execution instruction to the substation system, the method further includes: acquiring auxiliary verification information sent by the transformer substation system; acquiring a verification result of the auxiliary verification information; and if a second hash value matched with the first hash value is stored in a white list database of the substation system and the verification result is verification pass, generating the program execution instruction.
In one embodiment, the acquiring the auxiliary verification information sent by the substation system includes: receiving first password verification information sent by the transformer substation system; the first password authentication information is password authentication information of a user logging in the transformer substation system; the obtaining of the verification result of the auxiliary verification information includes: and if second password verification information matched with the first password verification information is stored in a white list database of the transformer substation system, determining that the verification result is that the verification is passed.
In one embodiment, the acquiring auxiliary verification information sent by the substation system includes: receiving first random coding information and signature information sent by the transformer substation system; the first random coding information is coding information randomly generated by the transformer substation system; the signature information is a digital signature of the substation system on the first random coding information; the obtaining of the verification result of the auxiliary verification information includes: checking the signature information to obtain second random coding information; and if the second random coding information is matched with the first random coding information, determining that the verification result is verification pass.
In one embodiment, after obtaining the verification result of the auxiliary verification information, the method further includes: and if the auxiliary verification result is that the verification fails, prohibiting the transformer substation system from executing the program to be executed, and storing the auxiliary verification information.
In one embodiment, the substation system safety protection method further includes: scanning a plurality of trusted programs pre-installed in the transformer substation system to acquire a plurality of hash values corresponding to the plurality of trusted programs; and constructing the white list database based on the plurality of hash values.
In one embodiment, after the obtaining the first hash value of the program to be executed corresponding to the program identifier, the method further includes: and if the white list database of the transformer substation system does not have a second hash value matched with the first hash value, prohibiting the transformer substation system from executing the program to be executed, and triggering the transformer substation system to send out an alarm signal.
A safety protection device of a transformer substation system is applied to a safety monitoring system of the transformer substation system, and the device comprises:
the request receiving module is used for receiving a program execution request sent by the transformer substation system; the program execution request carries a program identifier for identifying a program to be executed;
a hash obtaining module, configured to obtain a first hash value of the to-be-executed program corresponding to the program identifier;
and the instruction sending module is used for sending a program execution instruction to the substation system if a second hash value matched with the first hash value is stored in a white list database of the substation system, and is used for indicating the substation system to execute the program to be executed.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program: receiving a program execution request sent by a transformer substation system; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the transformer substation system, sending the program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of: receiving a program execution request sent by a transformer substation system; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the transformer substation system, sending the program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed.
According to the transformer substation system safety protection method and device, the computer equipment and the storage medium, the safety monitoring system of the transformer substation system receives the program execution request sent by the transformer substation system; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the transformer substation system, sending the program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed. According to the application, the first hash value of the program to be executed is obtained through the safety monitoring system of the transformer substation system, whether the second hash value matched with the first hash value exists in the white list database or not is judged, the program to be executed is operated only when the second hash value exists, the safety threat caused by unknown programs or viruses in the transformer substation system can be avoided, and the safety protection performance of the transformer substation system is improved.
Drawings
FIG. 1 is a diagram of an application environment of a security protection method for a substation system in one embodiment;
FIG. 2 is a schematic flow chart of a method for securing a substation system in one embodiment;
FIG. 3 is a flow diagram illustrating the secondary verification step in one embodiment;
FIG. 4 is a schematic flow chart of a method for security protection of a substation system in one embodiment;
FIG. 5 is a flow chart illustrating a safety protection method for a substation system in an application example;
FIG. 6 is a block diagram of a trusted verification module in an exemplary application;
FIG. 7 is a block diagram of a substation system safety guard in one embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The transformer substation system safety protection method provided by the application can be applied to the application environment shown in fig. 1. The substation system 101 and the safety monitoring system 102 of the substation system may be connected via a network or may be electrically connected. Specifically, the safety monitoring system 102 of the substation system receives a program execution request sent by the substation system 101, finds a first hash value of a program to be executed, compares the first hash value with a second hash value stored in a white list database prestored in the safety monitoring system 102 of the substation system, and generates a program execution instruction to return to the substation system 101 when the first hash value is matched with the second hash value, so that the substation system 101 executes the program to be executed. The safety monitoring system 102 of the substation system may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and electronic keys, and the substation system 101 may be implemented by an independent computer or a computer cluster formed by a plurality of computers.
In one embodiment, as shown in fig. 2, a substation system security protection method is provided, which is described by taking the method as an example of the application of the method to the security monitoring system 102 of the substation system in fig. 1, and includes the following steps:
step S201, receiving a program execution request sent by the substation system 101; the program execution request carries a program identifier for identifying the program to be executed.
The program execution request is generated by the substation system 101, and may be triggered and generated by clicking to run a certain program by a user using the substation system 101, the program execution request has a program identifier and may be used to identify a program to be executed, and the substation system 101 may find the program to be executed according to the program identifier carried in the program execution request and run the program. Specifically, in the present application, after the substation system 101 obtains a program execution request, the program execution request is first sent to the safety monitoring system 102 of the substation system, so as to ensure the safe execution of the program.
Step S202, a first hash value of the program to be executed corresponding to the program identifier is obtained.
The first hash value is determined by the program content of the program to be executed. Specifically, after the safety monitoring system 102 of the substation system obtains a program execution request sent by the substation system 101, first extract a program identifier of a program to be executed from the program execution request, and then find program content of the program to be executed, and perform hash operation, for example: and generating a first hash value corresponding to the program to be executed according to the program content of the program to be executed by utilizing a hash function.
Step S203, if a second hash value matching the first hash value is stored in the white list database of the substation system 101, sending a program execution instruction to the substation system 101, so as to instruct the substation system 101 to execute the program to be executed.
The white list database of the substation system 101 may be stored in the security monitoring system 102 of the substation system, and a plurality of hash values are stored in the white list database, and the hash values may respectively correspond to the trusted programs. Specifically, after the first hash value of the program to be executed is obtained in step S202, the security monitoring system 102 of the substation system compares the obtained first hash value with a plurality of hash values stored in the white list database one by one, and generates a program execution instruction until a second hash value stored in the white list database that matches the first hash value is found, and returns the program execution instruction to the substation system 101. The program execution instruction is used for instructing the substation system 101 to execute the program to be executed according to the program execution request.
In the transformer substation system safety protection method, a safety monitoring system 102 of the transformer substation system receives a program execution request sent by a transformer substation system 101; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the substation system 101, sending a program execution instruction to the substation system 101 for instructing the substation system 101 to execute the program to be executed. According to the method and the device, the first hash value of the program to be executed is obtained through the safety monitoring system 102 of the transformer substation system, whether the second hash value matched with the first hash value exists in the white list database or not is judged, the program to be executed is operated only when the second hash value exists, safety threats caused by unknown programs or viruses in the transformer substation system 101 can be avoided, and the safety protection performance of the transformer substation system 101 is improved.
On this basis, in order to further improve the safety performance of the substation system 101, in an embodiment, as shown in fig. 3, before the safety monitoring system 102 of the substation system sends the program execution instruction to the substation system 101 in step S203, the method further includes the following steps:
step S301, acquiring the auxiliary verification information sent by the substation system 101.
The auxiliary verification information may include one or more of: the identity of the login user can be verified in a password verification mode, the program is executed only when the password is verified, and the auxiliary verification information can be actively acquired by the transformer substation system 101 and sent to the security monitoring system 102 of the transformer substation system.
Step S302, a verification result of the auxiliary verification information is acquired.
The verification result refers to a verification result of the auxiliary verification information, and the verification result is verified only when all the auxiliary verification information passes the verification. For example: if only one auxiliary verification information is sent by the substation system 101, the verification result can be determined to be verified only by verifying the auxiliary verification information, and if the auxiliary verification information sent by the substation system 101 includes two or more types, all the auxiliary verification information is required to be verified, the verification result is verified, and if any one auxiliary verification information is not verified, the auxiliary verification result is determined to be not verified.
Step S303, if a second hash value matching the first hash value is stored in the white list database of the substation system 101, and the verification result is that the verification passes, generating a program execution instruction.
Specifically, only when the verification result is that the verification is passed and a second hash value matching the first hash value is stored in the white list database of the substation system 101, the safety monitoring system 102 of the substation system generates a program execution instruction and returns the program execution instruction to the substation system 101, so that the substation system 101 executes the program to be executed according to the program execution instruction.
Further, step S301 may include: receiving first password authentication information sent by the substation system 101; the first password authentication information is password authentication information of a user logging in the substation system 101; step S302 may include: and if the white list database of the transformer substation system 101 stores second password verification information matched with the first password verification information, determining that the verification result is that the verification is passed.
The auxiliary authentication information includes first password authentication information, and the first password authentication information may be password login information input when a user logs in the substation system 101. Specifically, after the substation system 101 obtains the user login password information, the password information may be sent to the security monitoring system 102 of the substation system as first password verification information, the security monitoring system 102 of the substation system compares the obtained first password verification information with the password of the white list database in which a plurality of trusted password verification information are prestored, and the verification result is determined to be passed through only if the white list database stores second password verification information matched with the first password verification information.
Further, step S301 may further include: receiving first random coding information and signature information sent by the substation system 101; the first random encoding information is encoding information randomly generated by the substation system 101; the signature information is a digital signature of the substation system 101 on the first random encoding information; step S302 may further include: checking the signature information to obtain second random coding information; and if the second random coding information is matched with the first random coding information, determining that the verification result is verification pass.
The first random encoding information may be randomly generated by a random number generator in the substation system 101, and may generate signature information matched with the first random encoding information in a manner of digitally signing the first random encoding information, and send the first random encoding information and the signature information to the security monitoring system 102 of the substation system. The security monitoring system 102 of the substation system can check the signature of the signature information to obtain second random coding information, compare the second random coding information obtained by checking the signature with the first random coding information sent by the substation system 101, and determine that the verification result is verified only when the second random coding information is matched with the first random coding information.
Further, the auxiliary verification information may also include first password verification information, first random encoding information, and signature information, the substation system 101 may send the first password verification information, the first random encoding information, and the signature information to the security monitoring system 102 of the substation system, so that the security monitoring system 102 of the substation system obtains a first verification result according to the first password verification information, and obtains a second verification result according to the first random encoding information and the signature information, and only when both the first verification result and the second verification result are verified, the verification result of the auxiliary verification information is determined to be verified.
Further, after step S302, the method further includes: and if the auxiliary verification result is that the verification fails, prohibiting the substation system 101 from executing the program to be executed, and storing the auxiliary verification information.
If the secondary verification result obtained in step S302 is that the verification fails, for example: the user may input a wrong login password when logging in the substation system 101, and the security monitoring system 102 of the substation system stops the user's request for running the program for security, and stores relevant information, including the login password, login time, login location, and the like.
In this embodiment, the safety monitoring system 102 of the substation system may further verify the auxiliary verification information sent by the substation system 101, and the substation system 101 executes the program to be executed only when the auxiliary verification passes, so that the safety protection performance of the substation system 101 may be further improved.
In one embodiment, the substation system safety protection method further includes: scanning a plurality of trusted programs pre-installed in the substation system 101 to obtain a plurality of hash values corresponding to the plurality of trusted programs; and constructing a white list database based on the plurality of hash values.
The trusted programs are security programs which can be trusted by the substation system 101 to run, and a user can screen one or more trusted programs from the substation system 101 as required, acquire hash values of all the trusted programs in a scanning mode, and store the hash values in the white list database. If the white list database needs to be updated, for example, a new trusted program is added, the hash value of the program can also be obtained in a scanning manner and stored in the white list database.
According to the embodiment, the white list database is constructed in a scanning mode, and further safety guarantee is provided for the transformer substation system safety protection method.
In one embodiment, after the obtaining of the first hash value of the program to be executed corresponding to the program identifier in step S203, the method further includes: and if the white list database of the substation system 101 does not have the second hash value matched with the first hash value, prohibiting the substation system 101 from executing the program to be executed, and triggering the substation system 101 to send out an alarm signal.
Specifically, if the white list database of the substation system 101 does not have the second hash value matching the first hash value, the condition is determined as unknown program operation, and the substation system 101 is likely to be attacked by viruses, so that the security monitoring system 102 of the substation system can trigger the substation system 101 to send an alarm signal while prohibiting the substation system 101 from operating the related program, so as to remind security operation and maintenance personnel to handle the related security threat, thereby avoiding causing greater danger.
In this embodiment, when the white list database does not have the second hash value matching the first hash value, the alarm signal is sent while the program execution of the substation system 101 is stopped, so that the operation and maintenance personnel can timely handle the security threat situation, and further greater harm is avoided, and the security performance of the substation system 101 is further improved.
In one embodiment, as shown in fig. 4, a substation system security protection method is provided, which may be applied to a security monitoring system 102 of a substation system, and the method may include the following steps:
step S401, a safety monitoring system 102 of a transformer substation system scans a plurality of credible programs pre-installed in the transformer substation system 101 to obtain a plurality of Hash values corresponding to the credible programs; constructing a white list database based on the plurality of hash values;
step S402, the safety monitoring system 102 of the transformer substation system receives a program execution request and auxiliary verification information sent by the transformer substation system 101; the program execution request carries a program identifier for identifying a program to be executed; the auxiliary verification information comprises first password verification information, first random coding information and signature information;
step S403, the security monitoring system 102 of the transformer substation system checks the signature information to obtain second random coding information;
step S404, if second password verification information matched with the first password verification information is stored in a white list database of the transformer substation system 101, and the second random coding information is matched with the first random coding information, the security monitoring system 102 of the transformer substation system determines that the verification result is that the verification is passed;
step S405, the safety monitoring system 102 of the transformer substation system acquires a first hash value of a program to be executed corresponding to the program identifier;
step S406, if a second hash value matched with the first hash value is stored in the white list database of the substation system 101, and the verification result is that the verification passes, the safety monitoring system 102 of the substation system generates a program execution instruction;
step S407, the safety monitoring system 102 of the substation system sends the program execution instruction to the substation system 101, so as to instruct the substation system 101 to execute the program to be executed.
In the above embodiment, the safety monitoring system 102 of the substation system obtains the verification result through the auxiliary verification information while matching the first hash value with the second hash value in the white list database of the substation system 101, and executes the program to be executed only when the verification is passed, thereby further improving the safety performance of the substation system 101.
The following describes a substation system security protection method by using an application example, where the method may be implemented by a trusted verification module, and referring to fig. 5, the method may include the following steps:
step 0: when the system is installed/configured and updated, the strategy management submodule generates a management strategy according to the user configuration, and the strategy management submodule is loaded by the measurement verification submodule when the credible verification module is loaded.
Step 1: the user application accesses the request for modifying the system resource through the system call.
Step 2: the trusted control/protection sub-module intercepts a user call request.
And step 3: the trusted control/protection sub-module calls the measurement verification sub-module to judge whether the user call request conforms to the user policy.
And 4, step 4: the trusted control/protection submodule allows policy-compliant requests to continue execution.
And 4: the trusted control/protection sub-module prevents requests that do not comply with the policy from continuing execution. (and Auditing)
And 5: the system call execution returns.
In addition, a module architecture of the trusted verification module in an application example is also provided, as shown in fig. 6, the trusted verification module is composed of a policy processing sub-module, a measurement verification sub-module, and a trusted control/protection sub-module. And the measurement verification sub-module calls the TCM to perform measurement work when the TCM is available, and otherwise, calls a soft algorithm to perform measurement.
The trusted verification module works in an operating system kernel layer and measures an executive program, a configuration file and the like in the operating system, and the measurement range and the content are determined by a trusted strategy; and for the verification result, the credible verification module can generate corresponding audit information according to the configuration strategy. In addition, the credible verification module can monitor the expected value change caused by legal software installation and system upgrade and automatically update and audit the system strategy, and can also prevent the behavior of destroying the expected value of the system file and audit except the system upgrade and legal installation.
Wherein, the function of each module is respectively:
and the strategy management submodule generates a system operation strategy according to the configuration of the user.
And the measurement verification submodule reads in a system operation strategy and performs management and maintenance. And according to the configuration of a user, calling a soft algorithm or trusted hardware to calculate the abstract value of the measurement target. And performing matching query according to the calculation result and the strategy.
And the trusted control/protection sub-module controls the authority of the user according to the operation strategy and the verification result. And reporting audit information. And recording a file created by the trusted process for updating the strategy.
It should be understood that although the various steps in the flow charts of fig. 2-5 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-5 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 7, there is provided a substation system safety guard device, including: a request receiving module 701, a hash obtaining module 702 and an instruction sending module 703, wherein:
a request receiving module 701, configured to receive a program execution request sent by the substation system 101; the program execution request carries a program identifier for identifying a program to be executed;
a hash obtaining module 702, configured to obtain a first hash value of the to-be-executed program corresponding to the program identifier;
the instruction sending module 703 is configured to send a program execution instruction to the substation system 101, if a second hash value matching the first hash value is stored in the white list database of the substation system 101, and is used to instruct the substation system 101 to execute the program to be executed.
In one embodiment, the substation system safety protection device further comprises: the auxiliary verification module is used for acquiring auxiliary verification information sent by the substation system 101; acquiring a verification result of the auxiliary verification information; and if a second hash value matched with the first hash value is stored in the white list database of the substation system 101 and the verification result is that the verification is passed, generating a program execution instruction.
In one embodiment, the auxiliary verification module is further configured to receive first password verification information sent by the substation system 101; the first password authentication information is password authentication information of a user logging in the substation system 101; and if the white list database of the transformer substation system 101 stores second password verification information matched with the first password verification information, determining that the verification result is that the verification is passed.
In one embodiment, the auxiliary verification module is further configured to receive the first random encoding information and the signature information sent by the substation system 101; the first random encoding information is encoding information randomly generated by the substation system 101; the signature information is a digital signature of the substation system 101 on the first random encoding information; checking the signature information to obtain second random coding information; and if the second random coding information is matched with the first random coding information, determining that the verification result is verification pass.
In an embodiment, the auxiliary verification module is further configured to prohibit the substation system 101 from executing the program to be executed if the auxiliary verification result is that the verification fails, and store the auxiliary verification information.
In one embodiment, the substation system safety protection device further comprises: the white list building module is used for scanning a plurality of trusted programs pre-installed in the transformer substation system 101 to obtain a plurality of hash values corresponding to the plurality of trusted programs; and constructing a white list database based on the plurality of hash values.
In one embodiment, the substation system safety protection device further comprises: and the forbidding module is used for forbidding the transformer substation system 101 to execute the program to be executed and triggering the transformer substation system 101 to send out an alarm signal if the white list database of the transformer substation system 101 does not have the second hash value matched with the first hash value.
For specific limitations of the substation system safety protection device, reference may be made to the above limitations of the substation system safety protection method, which are not described herein again. All or part of each module in the substation system safety protection device can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program: receiving a program execution request sent by a transformer substation system; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the transformer substation system, sending the program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring auxiliary verification information sent by a transformer substation system; acquiring a verification result of the auxiliary verification information; and if a second hash value matched with the first hash value is stored in the white list database of the substation system and the verification result is that the verification is passed, generating a program execution instruction.
In one embodiment, the processor, when executing the computer program, further performs the steps of: receiving first password verification information sent by a transformer substation system; the first password authentication information is password authentication information of a user logging in the transformer substation system; and if the white list database of the transformer substation system stores second password verification information matched with the first password verification information, determining that the verification result is that the verification is passed.
In one embodiment, the processor, when executing the computer program, further performs the steps of: receiving first random coding information and signature information sent by a transformer substation system; the first random coding information is coding information randomly generated by the transformer substation system; the signature information is a digital signature of the substation system on the first random coding information; checking the signature information to obtain second random coding information; and if the second random coding information is matched with the first random coding information, determining that the verification result is verification pass.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and if the auxiliary verification result is that the verification fails, forbidding the transformer substation system to execute the program to be executed, and storing the auxiliary verification information.
In one embodiment, the processor, when executing the computer program, further performs the steps of: scanning a plurality of credible programs pre-installed in a transformer substation system to acquire a plurality of hash values corresponding to the credible programs; and constructing a white list database based on the plurality of hash values.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and if the white list database of the transformer substation system does not have the second hash value matched with the first hash value, prohibiting the transformer substation system from executing the program to be executed, and triggering the transformer substation system to send out an alarm signal.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving a program execution request sent by a transformer substation system; the program execution request carries a program identifier for identifying a program to be executed; acquiring a first hash value of a program to be executed corresponding to the program identifier; and if a second hash value matched with the first hash value is stored in the white list database of the transformer substation system, sending the program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring auxiliary verification information sent by a transformer substation system; acquiring a verification result of the auxiliary verification information; and if a second hash value matched with the first hash value is stored in the white list database of the substation system and the verification result is that the verification is passed, generating a program execution instruction.
In one embodiment, the computer program when executed by the processor further performs the steps of: receiving first password verification information sent by a transformer substation system; the first password authentication information is password authentication information of a user logging in the transformer substation system; and if the white list database of the transformer substation system stores second password verification information matched with the first password verification information, determining that the verification result is that the verification is passed.
In one embodiment, the computer program when executed by the processor further performs the steps of: receiving first random coding information and signature information sent by a transformer substation system; the first random coding information is coding information randomly generated by the transformer substation system; the signature information is a digital signature of the substation system on the first random coding information; checking the signature information to obtain second random coding information; and if the second random coding information is matched with the first random coding information, determining that the verification result is verification pass.
In one embodiment, the computer program when executed by the processor further performs the steps of: and if the auxiliary verification result is that the verification fails, forbidding the transformer substation system to execute the program to be executed, and storing the auxiliary verification information.
In one embodiment, the computer program when executed by the processor further performs the steps of: scanning a plurality of credible programs pre-installed in a transformer substation system to obtain a plurality of hash values corresponding to the credible programs; and constructing a white list database based on the plurality of hash values.
In one embodiment, the computer program when executed by the processor further performs the steps of: and if the white list database of the transformer substation system does not have the second hash value matched with the first hash value, prohibiting the transformer substation system from executing the program to be executed, and triggering the transformer substation system to send out an alarm signal.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A safety protection method for a transformer substation system is characterized by being applied to a safety monitoring system of the transformer substation system, and the method comprises the following steps:
receiving a program execution request sent by the transformer substation system; the program execution request carries a program identifier for identifying a program to be executed;
acquiring a first hash value of the program to be executed corresponding to the program identifier;
and if a second hash value matched with the first hash value is stored in a white list database of the transformer substation system, sending a program execution instruction to the transformer substation system for instructing the transformer substation system to execute the program to be executed.
2. The method of claim 1, wherein prior to sending the program execution instructions to the substation system, further comprising:
acquiring auxiliary verification information sent by the transformer substation system;
acquiring a verification result of the auxiliary verification information;
and if a second hash value matched with the first hash value is stored in a white list database of the substation system and the verification result is verification pass, generating the program execution instruction.
3. The method of claim 2,
the acquiring of the auxiliary verification information sent by the substation system comprises: receiving first password verification information sent by the transformer substation system; the first password authentication information is password authentication information of a user logging in the transformer substation system;
the obtaining of the verification result of the auxiliary verification information includes:
and if second password verification information matched with the first password verification information is stored in a white list database of the transformer substation system, determining that the verification result is that the verification is passed.
4. The method of claim 2,
the acquiring of the auxiliary verification information sent by the substation system includes: receiving first random coding information and signature information sent by the transformer substation system; the first random coding information is coding information randomly generated by the transformer substation system; the signature information is a digital signature of the substation system on the first random coding information;
the obtaining of the verification result of the auxiliary verification information includes:
checking the signature information to obtain second random coding information;
and if the second random coding information is matched with the first random coding information, determining that the verification result is verification pass.
5. The method according to any one of claims 2 to 4, wherein after obtaining the verification result of the auxiliary verification information, the method further comprises:
and if the auxiliary verification result is that the verification fails, prohibiting the transformer substation system from executing the program to be executed, and storing the auxiliary verification information.
6. The method of claim 1, further comprising:
scanning a plurality of trusted programs pre-installed in the transformer substation system to acquire a plurality of hash values corresponding to the plurality of trusted programs;
and constructing the white list database based on the plurality of hash values.
7. The method according to claim 1, wherein after obtaining the first hash value of the program to be executed corresponding to the program identifier, the method further comprises:
and if the white list database of the transformer substation system does not have a second hash value matched with the first hash value, prohibiting the transformer substation system from executing the program to be executed, and triggering the transformer substation system to send out an alarm signal.
8. The safety protection device for the transformer substation system is characterized by being applied to a safety monitoring system of the transformer substation system, and the device comprises:
the request receiving module is used for receiving a program execution request sent by the transformer substation system; the program execution request carries a program identifier for identifying a program to be executed;
a hash obtaining module, configured to obtain a first hash value of the to-be-executed program corresponding to the program identifier;
and the instruction sending module is used for sending a program execution instruction to the substation system if a second hash value matched with the first hash value is stored in a white list database of the substation system, and is used for indicating the substation system to execute the program to be executed.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202010113096.8A 2020-02-24 2020-02-24 Transformer substation system safety protection method and device, computer equipment and storage medium Pending CN111309978A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010113096.8A CN111309978A (en) 2020-02-24 2020-02-24 Transformer substation system safety protection method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010113096.8A CN111309978A (en) 2020-02-24 2020-02-24 Transformer substation system safety protection method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111309978A true CN111309978A (en) 2020-06-19

Family

ID=71148468

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010113096.8A Pending CN111309978A (en) 2020-02-24 2020-02-24 Transformer substation system safety protection method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111309978A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667996A (en) * 2020-12-28 2021-04-16 南方电网数字电网研究院有限公司 Transformer substation trusted management system, method and device and computer equipment
CN112711500A (en) * 2021-02-05 2021-04-27 国网浙江省电力有限公司湖州供电公司 Mobile phone APP-based transformer substation equipment defect management and control method
CN117240550A (en) * 2023-09-18 2023-12-15 国网宁夏电力有限公司建设分公司 Isolation control method and firewall for substation production control zone I and zone II

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011030455A1 (en) * 2009-09-14 2011-03-17 森清 Secure audit system and secure audit method
CN102855274A (en) * 2012-07-17 2013-01-02 北京奇虎科技有限公司 Method and device for detecting suspicious progresses
CN102930202A (en) * 2012-11-05 2013-02-13 曙光信息产业(北京)有限公司 Operation executing method in Linux system
CN106529282A (en) * 2016-11-10 2017-03-22 广东电网有限责任公司电力科学研究院 Execution system and execution method for white list based on trust chain
CN110750778A (en) * 2019-09-29 2020-02-04 苏州浪潮智能科技有限公司 Application program control method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011030455A1 (en) * 2009-09-14 2011-03-17 森清 Secure audit system and secure audit method
CN102855274A (en) * 2012-07-17 2013-01-02 北京奇虎科技有限公司 Method and device for detecting suspicious progresses
CN102930202A (en) * 2012-11-05 2013-02-13 曙光信息产业(北京)有限公司 Operation executing method in Linux system
CN106529282A (en) * 2016-11-10 2017-03-22 广东电网有限责任公司电力科学研究院 Execution system and execution method for white list based on trust chain
CN110750778A (en) * 2019-09-29 2020-02-04 苏州浪潮智能科技有限公司 Application program control method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667996A (en) * 2020-12-28 2021-04-16 南方电网数字电网研究院有限公司 Transformer substation trusted management system, method and device and computer equipment
CN112711500A (en) * 2021-02-05 2021-04-27 国网浙江省电力有限公司湖州供电公司 Mobile phone APP-based transformer substation equipment defect management and control method
CN112711500B (en) * 2021-02-05 2024-06-11 国网浙江省电力有限公司湖州供电公司 A method for substation equipment defect control based on mobile phone APP
CN117240550A (en) * 2023-09-18 2023-12-15 国网宁夏电力有限公司建设分公司 Isolation control method and firewall for substation production control zone I and zone II
CN117240550B (en) * 2023-09-18 2024-06-04 国网宁夏电力有限公司建设分公司 Isolation control method and firewall for production control zone I and zone II of transformer substation

Similar Documents

Publication Publication Date Title
AU2019246773B2 (en) Systems and methods of risk based rules for application control
US9467465B2 (en) Systems and methods of risk based rules for application control
EP3262560B1 (en) System and method for verifying integrity of an electronic device
CN107016283B (en) Android privilege-escalation attack safety defense method and device based on integrity verification
CN112653714A (en) Access control method, device, equipment and readable storage medium
CN115701019A (en) Access request processing method and device of zero trust network and electronic equipment
CN110061987B (en) Access access control method and device based on role and terminal credibility
CN112231726B (en) Access control method and device based on trusted verification and computer equipment
CN113282946B (en) Information security method and system based on data access process in high-reliability environment
CN112446029B (en) Trusted Computing Platform
CN111309978A (en) Transformer substation system safety protection method and device, computer equipment and storage medium
KR20200041639A (en) In-vehicle software update system and method for controlling the same
CN115879099A (en) DCS controller, operation processing method and protection subsystem
CN112347472A (en) Behavior measurement method and device of power system
CN111209561B (en) Application calling method and device of terminal equipment and terminal equipment
US20200244461A1 (en) Data Processing Method and Apparatus
CN109359450B (en) Security access method, device, equipment and storage medium of Linux system
CN109495436B (en) Trusted cloud platform measurement system and method
Powers et al. Whitelist malware defense for embedded control system devices
KR20150089696A (en) Integrity Verification System and the method based on Access Control and Priority Level
CN111291355A (en) Transformer substation system
KR102201218B1 (en) Access control system and method to security engine of mobile terminal
CN111858114B (en) Device starting exception handling and device starting control method, device and system
JP2018147444A (en) Computer system for executing analysis program and method for monitoring execution of analysis program
US20250158994A1 (en) System of access control based on confidence level of user and user terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200619

RJ01 Rejection of invention patent application after publication