高度安全系統之可信度分析

Abstract

現今高度安全有關的系統，控制系統的趨勢使用數位化與網路化以取代舊有的硬接線方式。因此網路安全、實體安全與可靠度研究特別在高度安全有關的系統中是很重要的議題。本篇論文首先用一般化隨機Petri nets來模擬網路與實體入侵，我們提出不同的階層來達成網路與實體保護，我們亦討論網路與實體攻擊的關連性，並提出新的網路架構，此架構不僅可以防止外來的網路攻擊亦符合法規要求，我們也提出新的實體架構以防止潛在的實體攻擊，我們以可靠性、可維護性與可用性來評估可靠度，在個案研究中，我們利用一般化隨機Petri nets來分析可用性，並驗證新的網路架構可以達到高的可靠度。其次，本篇論文亦利用組合數學模型來評估安全與可靠度，我們利用錯誤樹與狀態樹來模擬系統的可靠度，我們提出合併有序的二元決策法，以評估統計相關與統計獨立之狀態機率。在安全範疇中，我們使用攻擊樹來分析實體與網路安全，我們亦提出對應措施與不同階層的保護。我們整合狀態樹、錯誤樹與攻擊樹以分析網路與實體安全。透過高度安全系統的個案研究，可以驗證我們提出的方法可行，採用安全措施後，可以大幅改善風險。最後我們探討結構安全，以重要安全包封容器的氣密性為例，我們提出實際的架構來設計、實作與驗證包封容器的氣密性。

In modern safety-critical systems, the trend of control systems is to replace the obsolete analog hard-wired systems with the contemporary digital and cyber based systems. Therefore, cyber-physical security as well as dependability is a critical issue. First, we adopt generalized stochastic Petri nets to model cyber-physical intrusions. We present different levels/layers of protection to manage cyber/physical security. We also discuss the interrelationship between cyber and physical attacks. We then propose a new cyber framework and show that the proposed framework not only prevents cyber-attacks but also conforms to cyber security regulations. We also propose a physical framework to prevent potential physical-attacks. We discuss the dependability through three metrics, i.e., reliability, maintainability, and availability. A case study is presented to demonstrate that the proposed cyber framework is highly dependable through analyzing steady-state probabilities. Besides, we adopt the combinatorial model to evaluate dependability and security. We use fault trees and event trees to model system dependability. We propose a combined ordered binary decision diagram method to quantitatively evaluate dependability of both statistically(s-) dependent and s-independent events. In the security domain, we analyze cyber-physical security issues using attack trees. The countermeasures and different layers of protection are well presented. The integration of the dependability and security analysis is adopted by combining event trees, fault trees, and attack trees. A case study is presented to demonstrate that the integration of dependability and security is feasible and the improvement of outcome risk is remarkable by adopting the security countermeasures. Finally, we discuss the structural security considering the leak tightness of safety-critical containment vessels. We propose a practical framework for design, implementation, and verification and validation (V V) the leak-tightness of containment vessels.