[go: up one dir, main page]

CN112104516B - Method for realizing OPCUA protocol support simulation system - Google Patents

Method for realizing OPCUA protocol support simulation system Download PDF

Info

Publication number
CN112104516B
CN112104516B CN202011299260.5A CN202011299260A CN112104516B CN 112104516 B CN112104516 B CN 112104516B CN 202011299260 A CN202011299260 A CN 202011299260A CN 112104516 B CN112104516 B CN 112104516B
Authority
CN
China
Prior art keywords
opcua
state
resource
module
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011299260.5A
Other languages
Chinese (zh)
Other versions
CN112104516A (en
Inventor
闫林林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Lab
Original Assignee
Zhejiang Lab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Lab filed Critical Zhejiang Lab
Priority to CN202011299260.5A priority Critical patent/CN112104516B/en
Publication of CN112104516A publication Critical patent/CN112104516A/en
Application granted granted Critical
Publication of CN112104516B publication Critical patent/CN112104516B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • H04L41/028Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for synchronisation between service call and response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for realizing an OPCUA protocol supporting a pseudo-state system, which comprises the steps of synchronously normalizing output messages and quickly starting an OPCUA application on the pseudo-state system. And each executive body of the mimicry system runs an OPCUA process, and the mimicry system is a single system for external presentation. In order to ensure that the OPCUA processes on multiple execution bodies can normally run, it is necessary to ensure that the OPCUA processes on the respective execution bodies can synchronously run and output consistent content. The invention guarantees the output synchronization by sending the output agent control message; all resources are managed uniformly through a resource management module, and the OPCUA process on all running executors applies for the resources from the resource management module to solve the problem of normalization; the state of the current OPCUA operation and the configuration information required by the interaction are stored in the OPCUA state synchronization module, and the OPCUA process on the execution body can read the operation state and the configuration information to realize quick start.

Description

Method for realizing OPCUA protocol support simulation system
Technical Field
The invention belongs to the field of network communication, and particularly relates to a method for realizing an OPCUA protocol supported simulation system.
Background
While the network space is developed vigorously, the network space is facing a severe security situation, a large number of malicious attack events aiming at the network space exist, in addition, the network system is complex, and inevitable holes exist, so that the network space not only comes from external threats, but also is interwoven with the internal security hole problem, and the security risk is severe and complex. Under a new network space security situation, the traditional defense means based on prior knowledge is difficult to deal with various attacks, the defense thought needs to be changed, a new defense boundary is defined, the depth of a defense line is consolidated, and active defense from passive to endogenous security is developed.
Chinese patent CN201610853938.7, "a device, method and apparatus for encapsulating isomerous functional equivalents," proposes a mimicry security defense technique, which can obtain favorable internal defense situation from the initiative, variability and randomness, and makes dynamic change through the mimicry environment, so as to make it difficult to observe and predict the attacker, thereby greatly increasing the attack difficulty and cost including unknown available bugs and backdoors. The main principle is as shown in figure 1, after receiving an external service request, an input agent sends the external service request to one or more selected heterogeneous functional equivalents according to an agent strategy of a redundancy controller; the heterogeneous function equivalent works and runs after receiving the service request, outputs a service response and sends the service response to the output agent, and sends the mimicry arbitration parameter to the redundancy controller; and after receiving the service response, the output agent selects the output of one of the heterogeneous functional equivalents as an external service response to be sent according to the output arbitration strategy of the redundancy controller. Due to the asynchrony of the opua (ole) protocol Process and the differences of random numbers, timestamps, etc. of different systems in the interactive flow, the opua protocol cannot normally run on the mimicry system as shown in fig. 1.
The chinese patent CN201610853938.7 solves the problem of security protection of network elements well, but at present, the network functions are more and more complex, and the types of security attacks are more and more, for example, in network edge calculation, the network elements not only have network transmission functions, but also have storage and calculation functions, data stored by the network elements usually exceed G bytes or even T bytes, and the calculation functions are complex, and if the mimicry arbitration function of the chinese patent CN201610853938.7 is still adopted, it is difficult to meet the actual requirements of the network in terms of timeliness and arbitration accuracy.
The problem of TCP normalization is well solved by chinese patent CN202010521038.9, but because different applications have large differences, there is a problem that normalization is required due to timestamp, incremental sequence number, channel ID, etc. and meanwhile, when an application is abnormally restarted, there is a need to keep synchronization with application processes in other executors after restart.
Disclosure of Invention
The invention aims to provide a method for realizing an OPCUA protocol supported simulation system aiming at the defects of the prior art.
The purpose of the invention is realized by the following technical scheme: a method for realizing OPCUA protocol support simulation system comprises a resource management module, an output agent module and an OPCUA state synchronization module; different resource tables are created in a resource management module, and resources are managed uniformly, so that the same relevant resources are obtained by the OPCUA processes running on different executives; the OPCUA state synchronization module stores configuration information corresponding to the current state of all OPCUA processes according to different states of the OPCUA processes, and realizes quick start of the OPCUA process of a new execution body; the output agent module enables the OPCUA process output of each execution body to be synchronous through controlling message output.
Further, in the resource management module, resource data are stored in different tables, different tables represent different resource types, and the content in the tables consists of table names, indexes and values; the index is a key value for inquiring the resource, and is obtained by Hash calculation through quintuple and self protocol information; the value is the data information portion of the resource.
Further, the resource table includes a random number storage table, a current time storage table, a source port number storage table, and an increment sequence storage table.
Further, the five-tuple includes a source port number, a destination port number, a source IP, a destination IP, and a protocol type.
Further, the resource management module is used for resource application and release, and specifically includes:
the OPCUA process of the executive body sends a resource application request to the resource management module, and the resource management module sets the executive body and judges whether all the executive bodies are set or not; if yes, returning directly if the resource exists, and if not, returning after creation;
when the OPCUA process of the executive body exits or the executive body exits, the executive body sends a resource release request to the resource management module, and the resource management module sets the executive body and judges whether all the running executive bodies are set or not; if yes, releasing the corresponding resource.
Further, the OPCUA state synchronization module is configured to store the current state and configuration information of OPCUA, and interact with the new online OPCUA process to enable the new online OPCUA process to run to the same state as other OPCUA processes.
Further, the workflow of the OPCUA state synchronization module includes the following steps:
(1) after starting the OPCUA process of the executive body, sending a message to an OPCUA state synchronization module;
(2) the OPCUA state synchronization module firstly inquires whether a saved state exists; if yes, judging whether the OPCUA process of the executive body is synchronous with the saved state or not according to the index corresponding to the message, if not, executing the step (3), and if so, executing the step (4); if the saved state does not exist, executing the step (4);
(3) the OPCUA state synchronization module and the execution body OPCUA process finish initialization of configuration information through interaction until the saved states of the execution body OPCUA process and the OPCUA state synchronization module are synchronized; the OPCUA state synchronization module quits the interaction with the execution body OPCUA process; continuing to execute the step (4);
(4) the method comprises the steps that an executive OPCUA process sends messages to an output proxy module, and after the output proxy module judges that the messages of all executive OPCUA processes are output, the output proxy module firstly informs an OPCUA state synchronization module to extract configuration information corresponding to the states of all current OPCUA processes and updates the stored states; if the final state is reached, not extracting information and updating the state; and finally, the output agent module outputs the message.
Further, the final state refers to an active session state.
Further, the state of the opuua process includes establishing a TCP connection, HELLO interaction, establishing a secure channel, acquiring endpoint, establishing a session, and activating a session.
The invention has the beneficial effects that: the method for supporting the pseudo-state system by the OPCUA protocol realizes synchronization and normalization of output messages and quick start of the OPCUA application on the pseudo-state system. Ensuring output synchronization by sending control messages at the output agent; all resources are managed uniformly through a resource management module, and OPCUA processes on all running executors apply for the resources from the resource management module to solve the problem of normalization; the state of the current OPCUA operation and the configuration information required by the interaction are stored in the OPCUA state synchronization module, and the OPCUA process on the execution body can read the operation state and the configuration information to realize quick start. The invention deploys the OPCUA protocol to the mimicry system, and can be expanded to the solution of supporting the mimicry system by other application programs.
Drawings
FIG. 1 is a schematic diagram of the operation principle of a mimicry system;
FIG. 2 is a schematic diagram of the phase division of the OPCUA application of the method of the present invention;
FIG. 3 is a schematic view of the resource management module workflow of the method of the present invention;
FIG. 4 is a schematic diagram of the OPCUA export proxy module of the method of the present invention;
FIG. 5 is a schematic diagram of an OPCUA state synchronization module of the method of the present invention;
fig. 6 is a schematic view of the overall embodiment of the present invention.
Detailed Description
The invention relates to a method for realizing an OPCUA protocol support simulation system, which mainly comprises a uniform resource management module, an OPCUA state synchronization module and an OPCUA output agent module. The OPCUA protocol is applied in the form of an OPCUA process in a mimicry system.
As shown in fig. 2, the OPCUA process includes six states of establishing a TCP connection, HELLO interaction, establishing a secure channel, acquiring endpoint, establishing a session, and activating the session, where each state corresponds to different configuration information. The configuration information corresponding to the TCP connection state is established mainly comprises TCP three-way handshake information, such as the size of a sliding window, a random number and the like; the configuration information corresponding to the HELLO interaction state mainly comprises values of the sizes of interaction sending and receiving data caches; the configuration information corresponding to the established safe channel state mainly comprises the configuration information of the safe channel, such as a safe algorithm, TokenID, safe channel ID information and the like; acquiring configuration information corresponding to an endpoint state, wherein the configuration information mainly comprises an endpoint supported by an OPCUA process and configuration information required for establishing a secure channel, such as encryption mode configuration information and the like; the configuration information corresponding to the session establishment state includes configuration information for establishing a session by the OPCUA, such as Sessionld, authitiontontoken, and the like; the configuration information corresponding to the activation session state contains information required by the opuua process (client) to activate the session, such as a signature generated by a private key associated with the client certificate.
The resource management module is used for uniformly managing all resources and solving the problems of normalization of the OPCUA process and key node synchronization in different executors of the mimicry system.
As shown in fig. 3, the resource management module includes two parts, agent and resource management; wherein, the agent part is used for resource application or release request session; the resource data in the resource management part is stored in the form of tables, and each table represents a resource type, such as a random number storage table, a current time storage table, a source port number storage table, an increment sequence storage table and the like; the contents of the resource data consist of a table name, an index, and a value. Different indexes represent different states of the OPCUA process; the index is obtained by Hash calculation through quintuple and self protocol information; the five-tuple includes a source port number, a destination port number, a source IP, a destination IP, and a protocol type.
When the agent part receives a resource application or a release request sent by an executive OPCUA process, firstly, an index is created according to a request attribute; the request attribute comprises a quintuple of common TCP connection, a secure channel ID of the OPCUA and the like; then setting an execution body corresponding to the index; finally, the agent part judges whether all the running executors are set; if the execution body which is not set exists, continuing to wait for the OPCUA process on other execution bodies to send the request; if all the running executives have been set, the agent part sends a resource application or release request to the resource management part.
After receiving the resource application request, the resource management part judges whether the resource exists according to the index; if not, the resource is created, and the resource value and the index thereof are returned to the agent part; if so, the resource value is returned directly to the proxy portion. The proxy component distributes the acquired resource values to the OPCUA processes on all running executives. When the OPCUA process of the executive body exits or the executive body exits, the executive body applies for releasing resources to the resource management module; and after receiving the resource release request, the resource management part finds the corresponding resource according to the index and releases the resource.
In the mimicry system, the OPCUA process in each executive body can cause the problem of inconsistent running speed due to the difference of the hardware architecture and software of the executive body; the resource management module can ensure that the information acquired by all executors is consistent, and can ensure the synchronization of key nodes and execution flows in the OPCUA process and the normalization of the key information in the OPCUA process. For example, when the OPCUA message applies for the current time, the current time acquired by the OPCUA in all the executors can be guaranteed to be consistent by acquiring the current time in the resource management module.
As shown in fig. 4, the output proxy module mainly completes synchronous output of the OPCUA message. When an output agent module receives an OPCUA message output by an executive body, firstly, an index is created according to the characteristics of the message, then bit information of the executive body corresponding to the index is set, and finally, the output agent module judges whether all the executive bodies currently running are set; and if all the messages are set, outputting the messages, and otherwise, continuously waiting for other execution bodies OPCUA processes to output the messages.
Because the mimicry system is presented as a single execution unit, the output agent module only outputs one message after receiving all the operating executive OPCUA process messages; the synchronization of the output flow of each executive can be ensured through the output agent module.
In the mimicry system, an executive body is cleaned to be taken off a line after being attacked from the outside, a new executive body is taken on the line at the same time, an OPCUA process in the new on-line executive body cannot normally work because the OPCUA process is asynchronous with the OPCUA processes in other normally-running executive bodies, and if the new on-line executive body is also taken as a running executive body in an output agent module, the OPCUA messages of other executive bodies cannot be output because the new on-line executive body cannot output messages consistent with the other executive bodies, so that the OPCUA messages of other executive bodies cannot normally work. And if the newly online executive body participates in output judgment, ensuring that the OPCUA processes on all the executive bodies run synchronously.
The OPCUA state synchronization module is used for solving the problem of quick starting of the OPCUA process of the new online executive body; the OPCUA process of the new online executive body completes the initial stage interaction with the OPCUA state synchronization module, and can be quickly synchronized with the state of the OPCUA process on the running executive body.
Specifically, the workflow of the OPCUA state synchronization module, as shown in fig. 5, includes the following steps:
(1) after starting the OPCUA process of the executive body, sending an OPCUA message to an OPCUA state synchronization module;
(2) after receiving the OPCUA message of the executive body, the OPCUA state synchronization module judges whether a stored state exists or not; if the OPCUA state of the executive body is different from the stored state, the executive body is a new on-line executive body, and the step (3) is executed; if the states exist and are the same, executing the step (4); if the fact that all execution bodies are newly online does not exist, executing the step (4);
(3) the OPCUA state synchronization module reads the configuration information corresponding to the saved state, and interacts with the OPCUA process of the execution body until the OPCUA process of the execution body runs to the saved state of the OPCUA state synchronization module; all resources of the OPCUA process of the executive body in the interactive process are acquired from the resource management module through indexes, and related resources at the stage are already applied by other running executive bodies and exist;
(4) at the moment, all the OPCUA processes of the execution bodies run synchronously, and all OPCUA messages of the execution bodies are output to the output agent module; when the output agent module receives all the executive OPCUA messages, the output agent module firstly informs the OPCUA state synchronization module to extract the configuration information corresponding to all the current OPCUA states and establishes corresponding index updating and saving states; if the final state is reached, not extracting information and updating the state; and finally, the output agent module outputs the message.
The technical solution is further described in detail with reference to the following examples.
The overall flow of the OPCUA process running on the mimicry system is shown in fig. 6: an external OPCUA process input message is distributed to the running executors 1, 2 and 3 through an input agent; the three executors receive the message and then analyze and process the message to construct a response message, and information such as random numbers, timestamps and the like in the response message is acquired from the resource management module. Sending the response message to an output agent module, calculating an index by the output agent module according to the message related information, and juxtaposing a mark bit of a corresponding execution body; when all the operating execution bodies are set, the OPCUA state synchronization module is firstly informed, the OPCUA state synchronization module acquires the configuration information corresponding to the current state, and then the output proxy module outputs the OPCUA message.
After the executor 3 is cleaned and is taken off the line, then the executor 4 is taken on the line, the OPCUA process of the executor 4 will interact with the OPCUA state synchronization module after being started, and the interaction flow is specifically as follows: after a new executive 4 is online, when an OPCUA process on the executive 4 establishes TCP connection, an OPCUA message firstly enters an OPCUA state synchronization module, and an index corresponding to the current state can be calculated; then judging whether a stored state exists in the OPCUA state synchronization module; and if the OPCUA of the executive body 4 is the same as the saved state, judging whether the OPCUA of the executive body 4 is the same as the saved state according to the index, and if the OPCUA of the executive body 4 is not the same as the saved state, interacting with the OPCUA process of the executive body 4 according to the configuration information corresponding to the saved state by the OPCUA state synchronization module until the OPCUA process of the executive body 4 runs to the saved state of the OPCUA state synchronization module. When the OPCUA process state of the executive body 4 is switched to the state saved by the OPCUA state synchronization module, the OPCUA state synchronization module exits the interaction with the OPCUA process in the executive body 4; the opuca message of the executor 4 is output to the output agent module, and the normal flow is started.

Claims (8)

1.一种OPCUA协议支持拟态系统的实现方法,其特征在于,包含资源管理模块、输出代理模块和OPCUA状态同步模块;在资源管理模块中创建不同资源表,对资源进行统一管理,保证不同执行体上运行的OPCUA进程获取到的相关资源是相同的;OPCUA状态同步模块根据OPCUA进程的不同状态,保存所有OPCUA进程当前状态对应的配置信息,实现新执行体OPCUA进程的快速启动;输出代理模块通过控制报文输出,使各执行体OPCUA进程输出同步;1. a realization method of OPCUA protocol supporting mimic system, it is characterized in that, comprise resource management module, output agent module and OPCUA state synchronization module; Create different resource table in resource management module, carry out unified management to resource, guarantee different execution The related resources obtained by the OPCUA process running on the body are the same; the OPCUA state synchronization module saves the configuration information corresponding to the current state of all OPCUA processes according to the different states of the OPCUA process, so as to realize the rapid start of the new execution body OPCUA process; the output agent module By controlling the output of the message, the output of the OPCUA process of each execution body is synchronized; 所述OPCUA状态同步模块的工作流程包括以下步骤:The workflow of the OPCUA state synchronization module includes the following steps: (1)执行体OPCUA进程启动后,发送报文给OPCUA状态同步模块;(1) After the execution body OPCUA process is started, it sends a message to the OPCUA state synchronization module; (2)OPCUA状态同步模块先查询是否存在已保存状态;如果存在,根据报文对应的索引判断该执行体OPCUA进程与已保存状态是否同步,如不同步则执行步骤(3),如同步则执行步骤(4);如果不存在已保存状态则也执行步骤(4);(2) The OPCUA state synchronization module first inquires whether there is a saved state; if so, judges whether the execution body OPCUA process is synchronized with the saved state according to the index corresponding to the message, if not, execute step (3), if it is synchronized, then Step (4) is performed; if there is no saved state, step (4) is also performed; (3)OPCUA状态同步模块和该执行体OPCUA进程通过交互完成配置信息的初始化,直至该执行体OPCUA进程和OPCUA状态同步模块的已保存状态同步;OPCUA状态同步模块退出与该执行体OPCUA进程的交互;继续执行步骤(4);(3) The OPCUA state synchronization module and the execution body OPCUA process complete the initialization of configuration information through interaction, until the execution body OPCUA process and the saved state of the OPCUA state synchronization module are synchronized; the OPCUA state synchronization module exits the execution body OPCUA process. Interaction; continue to step (4); (4)执行体OPCUA进程发送报文到输出代理模块,输出代理模块判定所有执行体OPCUA进程的报文都已输出后,先通知OPCUA状态同步模块提取当前所有OPCUA进程的状态对应的配置信息并更新保存的状态;如果所述状态为最终状态则不提取配置信息和更新状态;最后输出代理模块输出报文。(4) The executive OPCUA process sends a message to the output agent module. After the output agent module determines that the messages of all the executive OPCUA processes have been output, it first informs the OPCUA state synchronization module to extract the configuration information corresponding to the status of all current OPCUA processes and Update the saved state; if the state is the final state, do not extract the configuration information and update the state; finally output the proxy module output message. 2.根据权利要求1所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述资源管理模块中,资源数据以不同的表的形式进行存储,不同的表代表不同资源类型,表中的内容由表名、索引和值组成;索引是用于查询资源的关键值,由五元组加自身协议信息通过哈希计算得到;值是资源的数据信息部分。2. according to the implementation method of the described OPCUA protocol supporting mimic system of claim 1, it is characterized in that, in the described resource management module, resource data is stored in the form of different tables, and different tables represent different resource types, and the The content consists of table name, index and value; the index is the key value used to query the resource, which is obtained by hashing the quintuple plus its own protocol information; the value is the data information part of the resource. 3.根据权利要求2所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述资源表包括随机数存储表、当前时间存储表、源端口号存储表和递增序列存储表。3 . The method for realizing the OPCUA protocol supporting mimic system according to claim 2 , wherein the resource table comprises a random number storage table, a current time storage table, a source port number storage table and an incremental sequence storage table. 4 . 4.根据权利要求2所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述五元组包括源端口号、目的端口号、源IP、目的IP和协议类型。4 . The method for implementing an OPCUA protocol supporting mimic system according to claim 2 , wherein the quintuple comprises a source port number, a destination port number, a source IP, a destination IP and a protocol type. 5 . 5.根据权利要求2所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述资源管理模块用于资源申请和释放,具体为:5. according to the implementation method of the described OPCUA protocol supporting mimic system of claim 2, it is characterized in that, described resource management module is used for resource application and release, is specially: 执行体OPCUA进程向资源管理模块发送资源申请请求,资源管理模块对该执行体置位,并判断是否所有运行执行体均置位;如果是且该资源存在则直接返回,如果是但该资源不存在则创建后返回;The execution body OPCUA process sends a resource application request to the resource management module, the resource management module sets the execution body, and judges whether all running execution bodies are set; If it exists, it will be created and returned; 当执行体OPCUA进程退出或者执行体退出时,该执行体向资源管理模块发送资源释放请求,资源管理模块对该执行体置位,并判断是否所有运行执行体均置位;如果是则释放对应的资源。When the execution body OPCUA process exits or the execution body exits, the execution body sends a resource release request to the resource management module, the resource management module sets the execution body, and judges whether all running execution bodies are set; if so, release the corresponding Resources. 6.根据权利要求1所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述OPCUA状态同步模块用于保存OPCUA当前状态及配置信息,和与新上线OPCUA进程进行交互,使其运行到与其它OPCUA进程相同的状态。6. according to the implementation method of the described OPCUA protocol support imitation system of claim 1, it is characterized in that, described OPCUA state synchronization module is used for saving OPCUA current state and configuration information, and interacts with new on-line OPCUA process, makes it run to. The same state as other OPCUA processes. 7.根据权利要求1所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述最终状态指激活会话状态。7 . The method for implementing an OPCUA protocol supporting mimic system according to claim 1 , wherein the final state refers to an active session state. 8 . 8.根据权利要求1所述OPCUA协议支持拟态系统的实现方法,其特征在于,所述OPCUA进程的状态包括建立TCP连接、HELLO交互、建立安全通道、获取endpoint、建立会话和激活会话。8 . The method for implementing the OPCUA protocol support mimic system according to claim 1 , wherein the state of the OPCUA process includes establishing a TCP connection, HELLO interaction, establishing a secure channel, acquiring an endpoint, establishing a session, and activating a session. 9 .
CN202011299260.5A 2020-11-18 2020-11-18 Method for realizing OPCUA protocol support simulation system Active CN112104516B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011299260.5A CN112104516B (en) 2020-11-18 2020-11-18 Method for realizing OPCUA protocol support simulation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011299260.5A CN112104516B (en) 2020-11-18 2020-11-18 Method for realizing OPCUA protocol support simulation system

Publications (2)

Publication Number Publication Date
CN112104516A CN112104516A (en) 2020-12-18
CN112104516B true CN112104516B (en) 2021-02-12

Family

ID=73785543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011299260.5A Active CN112104516B (en) 2020-11-18 2020-11-18 Method for realizing OPCUA protocol support simulation system

Country Status (1)

Country Link
CN (1) CN112104516B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242804B (en) * 2022-06-10 2023-07-21 河南信大网御科技有限公司 Method for detecting random number of mimicry executor

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009083133A1 (en) * 2007-12-21 2009-07-09 Abb Research Ltd. Method and device for client/server communication according to the standard protocol opc ua
CN109508231A (en) * 2018-11-17 2019-03-22 中国人民解放军战略支援部队信息工程大学 Synchronous method and device between the equivalents of isomery multi-mode processor
CN110290100A (en) * 2019-03-06 2019-09-27 广东电网有限责任公司信息中心 A SDN-based mimic Web server and user request processing method
CN110535843A (en) * 2019-08-20 2019-12-03 之江实验室 A kind of device and method that mimicry ruling parameter message is synchronous
CN111431944A (en) * 2020-06-10 2020-07-17 之江实验室 Mimicry arbitration system and configuration and recovery method thereof
CN111556008A (en) * 2020-03-16 2020-08-18 中国人民解放军战略支援部队信息工程大学 A Synchronization Method for Stateful Protocols in Mimic Architecture Switching Devices
CN111866030A (en) * 2020-09-21 2020-10-30 之江实验室 An industrial protocol identification device and method for mimicking edge gateways

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108337224B (en) * 2017-12-14 2020-12-15 兆辉易安(北京)网络安全技术有限公司 Three-mode heterogeneous redundancy industrial control security gateway system and intrusion sensing method thereof
CN111371907B (en) * 2020-05-26 2020-08-14 网络通信与安全紫金山实验室 STP (spanning Tree protocol) -based data synchronization method and device and mimicry switch

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009083133A1 (en) * 2007-12-21 2009-07-09 Abb Research Ltd. Method and device for client/server communication according to the standard protocol opc ua
CN109508231A (en) * 2018-11-17 2019-03-22 中国人民解放军战略支援部队信息工程大学 Synchronous method and device between the equivalents of isomery multi-mode processor
CN110290100A (en) * 2019-03-06 2019-09-27 广东电网有限责任公司信息中心 A SDN-based mimic Web server and user request processing method
CN110535843A (en) * 2019-08-20 2019-12-03 之江实验室 A kind of device and method that mimicry ruling parameter message is synchronous
CN111556008A (en) * 2020-03-16 2020-08-18 中国人民解放军战略支援部队信息工程大学 A Synchronization Method for Stateful Protocols in Mimic Architecture Switching Devices
CN111431944A (en) * 2020-06-10 2020-07-17 之江实验室 Mimicry arbitration system and configuration and recovery method thereof
CN111866030A (en) * 2020-09-21 2020-10-30 之江实验室 An industrial protocol identification device and method for mimicking edge gateways

Also Published As

Publication number Publication date
CN112104516A (en) 2020-12-18

Similar Documents

Publication Publication Date Title
US11902290B2 (en) Systems and methods for hybrid blockchain control
JP6446032B2 (en) Synchronizing credential hashes across directory services
US10901771B2 (en) Methods and systems for securely and efficiently clustering distributed processes using a consistent database
JP2018523248A (en) Custom communication channel for application deployment
CN110191118B (en) Unified control method and system for network security equipment
CN112104516B (en) Method for realizing OPCUA protocol support simulation system
KR102533536B1 (en) A method, an apparatus, an electronic device and a storage medium for communicating between private networks
Soriente et al. Replicatee: Enabling seamless replication of sgx enclaves in the cloud
US10791119B1 (en) Methods for temporal password injection and devices thereof
US10326600B2 (en) Routing method of forwarding task instructions between computer systems, computer network infrastructure and a computer program product
CN113518095A (en) SSH cluster deployment method, device, equipment and storage medium
CN112929225A (en) Session exception handling method and device, computer equipment and storage medium
WO2020210925A1 (en) Access authentication method for switch, switch, and system
WO2022121492A1 (en) File transmission method and apparatus, computer device, and storage medium
Chen et al. Research and practice of dynamic network security architecture for IaaS platforms
CN112291318A (en) Block chain network node adding method, system, storage medium and device
CN116346834A (en) Session synchronization method, device, computing equipment and computer storage medium
CN113067903B (en) Method for building block chain sub-network and block chain system
WO2016188172A1 (en) Method and system for implementing remote terminal tool
CN113297158A (en) Cloud security product management method, device, equipment and storage medium
WO2016180141A1 (en) Virtual machine state management method and device
CN114930313A (en) System and method for managing blockchain nodes
CN112804091B (en) Operation realization method, device, equipment and storage medium of alliance network
CN114024743B (en) Remote management method, device and equipment for application server and storage medium
CN116192853B (en) Multi-cluster management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant