OPC UA IEC 62443合规性映射：增强工业网络的安全性.pdf

《OPC UA IEC 62443合规性映射：增强工业网络的安全性.pdf》由会员分享，可在线阅读，更多相关《OPC UA IEC 62443合规性映射：增强工业网络的安全性.pdf（26页珍藏版）》请在三个皮匠报告上搜索。

1、OPC Day InternationalPaul HunkarDirector of Compliance&CertificationEditor OPC UA Part 2:SecurityOPC Day InternationalSecure by DesignMany Productsfrom Many VendorsMany aspects Client/Server communication Pub/Sub communication Information models.2Enterprise networkPlant Floor NetworkOperation Networ

2、kOPC SubscriberOPC ClientOPC SubscriberOPC SubscriberOPC ClientOPC ServerOPC ServerOPC ServerOPCClientOPCPublisherSubscriberOperation NetworkOPC ServerOPCClientOPCPublisherSubscriberOPC ClientOPC ClientCA SKSGDSCA InternetOPC Day InternationalOPC UA Server products PC Laptop Rack server Embedded con

3、trollerServerServerOPC Day InternationalOPC UA Server products PC Laptop Rack server Embedded controllerApplication(s)OPC UA Client Securely obtain data Include users identity/authorizationGlobal Services Certificate Authentication AuthorizationGDSOPC Day InternationalConfidentiality Protecting priv

4、acy of message contentsChanged Value:Variable Y Value 0OPC UA Information and FunctionalityPrevented by confidentiality controlsOPC Day InternationalIntegrity Not manipulating the content of a messageOPC UA Information and FunctionalityWrite:Variable X Value 1Changed Value:Variable Y Value 0Value 0V

5、alue 1Prevented byintegrity controlsOPC Day InternationalAvailability Resiliant to DoS threats,maximizing availability Protected by Design for availabilityUA ServerUA ClientOPC Day InternationalApplication:Authentication and AuthorizationApplication InstanceCertificatesOPC UA Information and Functio

6、nality(e.g.read,write)OPC Day InternationalUser:Authentication and Authorization OPC UA Information and Functionality(e.g.read,write)1.Authenticate User(e.g.username and password,CertificatesOAuth 2.0Others)2.Authorize for specific operations and information(e.g.writing a specific value)OPC Day Inte