欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    IEC TR 62541-2-2016 OPC unified architecture - Part 2 Security Model《OPC统一架构.第2部分 安全模型》.pdf

    • 资源ID:1238093       资源大小:2MB        全文页数:40页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    IEC TR 62541-2-2016 OPC unified architecture - Part 2 Security Model《OPC统一架构.第2部分 安全模型》.pdf

    1、 IEC TR 62541-2 Edition 2.0 2016-10 TECHNICAL REPORT OPC unified architecture Part 2: Security Model IEC TR 62541-2:2016-10(en) colour inside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2016 IEC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this publication m

    2、ay be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of the requester. If you have any questions about IEC copyright or have an enquiry

    3、about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. IEC Central Office Tel.: +41 22 919 02 11 3, rue de Varemb Fax: +41 22 919 03 00 CH-1211 Geneva 20 infoiec.ch Switzerland www.iec.ch About the

    4、IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. About IEC publications The technical content of IEC publications is kept under constant review by th

    5、e IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have been published. IEC Catalogue - webstore.iec.ch/catalogue The stand-alone application for consulting the entire bibliographical information on IEC International Standards, Technical Specifications, Tech

    6、nical Reports and other documents. Available for PC, Mac OS, Android Tablets and iPad. IEC publications search - www.iec.ch/searchpub The advanced search enables to find IEC publications by a variety of criteria (reference number, text, technical committee,). It also gives information on projects, r

    7、eplaced and withdrawn publications. IEC Just Published - webstore.iec.ch/justpublished Stay up to date on all new IEC publications. Just Published details all new publications released. Available online and also once a month by email. Electropedia - www.electropedia.org The worlds leading online dic

    8、tionary of electronic and electrical terms containing 20 000 terms and definitions in English and French, with equivalent terms in 15 additional languages. Also known as the International Electrotechnical Vocabulary (IEV) online. IEC Glossary - std.iec.ch/glossary 65 000 electrotechnical terminology

    9、 entries in English and French extracted from the Terms and Definitions clause of IEC publications issued since 2002. Some entries have been collected from earlier publications of IEC TC 37, 77, 86 and CISPR. IEC Customer Service Centre - webstore.iec.ch/csc If you wish to give us your feedback on t

    10、his publication or need further assistance, please contact the Customer Service Centre: csciec.ch. IEC TR 62541-2 Edition 2.0 2016-10 TECHNICAL REPORT OPC unified architecture Part 2: Security Model INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 25.040.40; 35.100.01 ISBN 978-2-8322-3641-3 Registered

    11、trademark of the International Electrotechnical Commission Warning! Make sure that you obtained this publication from an authorized distributor. colour inside 2 IEC TR 62541-2:2016 IEC 2016 CONTENTS FOREWORD . 4 1 Scope 6 2 Normative references. 6 3 Terms, definitions and abbreviations 8 3.1 Terms a

    12、nd definitions 8 3.2 Abbreviations 12 3.3 Conventions for security model figures 12 4 OPC UA security architecture. 12 4.1 OPC UA security environment . 12 4.2 Security objectives 13 4.2.1 Overview 13 4.2.2 Authentication 13 4.2.3 Authorization 13 4.2.4 Confidentiality 14 4.2.5 Integrity . 14 4.2.6

    13、Auditability . 14 4.2.7 Availability . 14 4.3 Security threats to OPC UA systems 14 4.3.1 Overview 14 4.3.2 Message flooding . 14 4.3.3 Eavesdropping . 15 4.3.4 Message spoofing 15 4.3.5 Message alteration . 15 4.3.6 Message replay 15 4.3.7 Malformed Messages . 15 4.3.8 Server profiling . 16 4.3.9 S

    14、ession hijacking . 16 4.3.10 Rogue Server . 16 4.3.11 Compromising user credentials . 16 4.4 OPC UA relationship to site security 17 4.5 OPC UA security architecture 17 4.6 SecurityPolicies 19 4.7 Security Profiles 20 4.8 User Authorization 20 4.9 User Authentication . 20 4.10 Application Authentica

    15、tion . 20 4.11 OPC UA security related Services . 21 4.12 Auditing 21 4.12.1 General 21 4.12.2 Single Client and Server . 22 4.12.3 Aggregating Server 23 4.12.4 Aggregation through a non-auditing Server . 23 4.12.5 Aggregating Server with service distribution 24 5 Security reconciliation 25 5.1 Reco

    16、nciliation of threats with OPC UA security mechanisms 25 5.1.1 Overview 25 IEC TR 62541-2:2016 IEC 2016 3 5.1.2 Message flooding . 25 5.1.3 Eavesdropping . 26 5.1.4 Message spoofing 26 5.1.5 Message alteration . 26 5.1.6 Message replay 26 5.1.7 Malformed Messages . 27 5.1.8 Server profiling . 27 5.1

    17、.9 Session hijacking . 27 5.1.10 Rogue Server . 27 5.1.11 Compromising user credentials . 27 5.2 Reconciliation of objectives with OPC UA security mechanisms 27 5.2.1 Overview 27 5.2.2 Application Authentication 28 5.2.3 User Authentication 28 5.2.4 Authorization 28 5.2.5 Confidentiality 28 5.2.6 In

    18、tegrity . 28 5.2.7 Auditability . 28 5.2.8 Availability . 29 6 Implementation and deployment considerations 29 6.1 Overview. 29 6.2 Appropriate timeouts . 29 6.3 Strict Message processing . 29 6.4 Random number generation 29 6.5 Special and reserved packets 30 6.6 Rate limiting and flow control . 30

    19、 6.7 Administrative access 30 6.8 Alarm related guidance 30 6.9 Program access 30 6.10 Audit event management . 31 6.11 Certificate management 31 Bibliography . 36 Figure 1 OPC UA network model 13 Figure 2 OPC UA security architecture . 18 Figure 3 Simple Servers . 22 Figure 4 Aggregating Servers .

    20、23 Figure 5 Aggregation with a non-auditing Server . 24 Figure 6 Aggregate Server with service distribution. 25 Figure 7 Manual Certificate handling 32 Figure 8 CA Certificate handling . 33 Figure 9 Certificate handling 34 4 IEC TR 62541-2:2016 IEC 2016 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ OP

    21、C UNIFIED ARCHITECTURE Part 2: Security Model FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on a

    22、ll questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publ

    23、ication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non- governmental organizations liaising with the IEC also participate in this preparation.

    24、IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of

    25、opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made

    26、to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transpare

    27、ntly to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certi

    28、fication bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability sha

    29、ll attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including leg

    30、al fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this pub

    31、lication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical committees is to prepare International Standards.

    32、However, a technical committee may propose the publication of a technical report when it has collected data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC TR 62541-2, which is a technical report, has been prepared by subcom

    33、mittee 65E: Devices and integration in enterprise systems, of IEC technical committee 65: Industrial- process measurement, control and automation. The text of this technical report is based on the following documents: Enquiry draft Report on voting 65E/413/DTR 65E/464/RVC Full information on the vot

    34、ing for the approval of this technical report can be found in the report on voting indicated in the above table. IEC TR 62541-2:2016 IEC 2016 5 This second edition cancels and replaces the first edition of IEC TR 62541-2, published in 2010. This second edition includes no technical changes with resp

    35、ect to the first edition but a number of clarifications and additional text for completeness. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. Throughout this document and the referenced other parts of the series, certain document conventions are used: Italics are

    36、 used to denote a defined term or definition that appears in the “Terms and definition” clause in one of the parts of the series. Italics are also used to denote the name of a service input or output parameter or the name of a structure or element of a structure that are usually defined in tables. T

    37、he italicized terms and names are also often written in camel-case (the practice of writing compound words or phrases in which the elements are joined without spaces, with each elements initial letter capitalized within the compound). For example the defined term is AddressSpace instead of Address S

    38、pace. This makes it easier to understand that there is a single definition for AddressSpace, not separate definitions for Address and Space. A list of all parts of the IEC 62541 series, published under the general title OPC unified architecture, can be found on the IEC website. The committee has dec

    39、ided that the contents of this publication will remain unchanged until the stability date indicated on the IEC website under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amende

    40、d. A bilingual version of this publication may be issued at a later date. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours which are considered to be useful for the correct understanding of its contents. Users should therefore print this docum

    41、ent using a colour printer. 6 IEC TR 62541-2:2016 IEC 2016 OPC UNIFIED ARCHITECTURE Part 2: Security Model 1 Scope This part of IEC 62541, which a Technical Report, describes the OPC unified architecture (OPC UA) security model. It describes the security threats of the physical, hardware, and softwa

    42、re environments in which OPC UA is expected to run. It describes how OPC UA relies upon other standards for security. It provides definition of common security terms that are used in this and other parts of the OPC UA specification. It gives an overview of the security features that are specified in

    43、 other parts of the OPC UA specification. It references services, mappings, and Profiles that are specified normatively in other parts of this multi-part specification. It provides suggestions or best practice guidelines on implementing security. Any seeming ambiguity between this part of IEC 62541

    44、and one of the normative parts of IEC 62541 does not remove or reduce the requirement specified in the normative part. Note that there are many different aspects of security that have to be addressed when developing applications. However since OPC UA specifies a communication protocol, the focus is

    45、on securing the data exchanged between applications. This does not mean that an application developer can ignore the other aspects of security like protecting persistent data against tampering. It is important that the developers look into all aspects of security and decide how they can be addressed

    46、 in the application. This part of IEC 62541 is directed to readers who will develop OPC UA Client or Server applications or implement the OPC UA services layer. It is also for end users that wish to understand the various security features and functionality provided by OPC UA. It also offers some su

    47、ggestions that can be applied when deploying systems. These suggestions are generic in nature since the details would depend on the actual implementation of the OPC UA Applications and the choices made for the site security. It is assumed that the reader is familiar with Web Services and XML/SOAP. I

    48、nformation on these technologies can be found in SOAP Part 1: and SOAP Part 2. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated

    49、 references, the latest edition of the referenced document (including any amendments) applies. IEC 62351 (all parts), Power systems management and associated information exchange Data and communications security IEC TR 62541-1, OPC unified architecture Part 1: Overview and concepts IEC 62541-4, OPC unified architecture Part 4: Services IEC 62541-5, OPC unified architecture Part 5: Information Model IEC 62541-6, OPC unified architecture Part 6: Mappings IEC 62541-7, OPC unified archite


    注意事项

    本文(IEC TR 62541-2-2016 OPC unified architecture - Part 2 Security Model《OPC统一架构.第2部分 安全模型》.pdf)为本站会员(eveningprove235)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开