7 research outputs found

    Wide-Area Situation Awareness based on a Secure Interconnection between Cyber-Physical Control Systems

    Get PDF
    Posteriormente, examinamos e identificamos los requisitos especiales que limitan el diseño y la operación de una arquitectura de interoperabilidad segura para los SSC (particularmente los SCCF) del smart grid. Nos enfocamos en modelar requisitos no funcionales que dan forma a esta infraestructura, siguiendo la metodología NFR para extraer requisitos esenciales, técnicas para la satisfacción de los requisitos y métricas para nuestro modelo arquitectural. Estudiamos los servicios necesarios para la interoperabilidad segura de los SSC del SG revisando en profundidad los mecanismos de seguridad, desde los servicios básicos hasta los procedimientos avanzados capaces de hacer frente a las amenazas sofisticadas contra los sistemas de control, como son los sistemas de detección, protección y respuesta ante intrusiones. Nuestro análisis se divide en diferentes áreas: prevención, consciencia y reacción, y restauración; las cuales general un modelo de seguridad robusto para la protección de los sistemas críticos. Proporcionamos el diseño para un modelo arquitectural para la interoperabilidad segura y la interconexión de los SCCF del smart grid. Este escenario contempla la interconectividad de una federación de proveedores de energía del SG, que interactúan a través de la plataforma de interoperabilidad segura para gestionar y controlar sus infraestructuras de forma cooperativa. La plataforma tiene en cuenta las características inherentes y los nuevos servicios y tecnologías que acompañan al movimiento de la Industria 4.0. Por último, presentamos una prueba de concepto de nuestro modelo arquitectural, el cual ayuda a validar el diseño propuesto a través de experimentaciones. Creamos un conjunto de casos de validación que prueban algunas de las funcionalidades principales ofrecidas por la arquitectura diseñada para la interoperabilidad segura, proporcionando información sobre su rendimiento y capacidades.Las infraestructuras críticas (IICC) modernas son vastos sistemas altamente complejos, que precisan del uso de las tecnologías de la información para gestionar, controlar y monitorizar el funcionamiento de estas infraestructuras. Debido a sus funciones esenciales, la protección y seguridad de las infraestructuras críticas y, por tanto, de sus sistemas de control, se ha convertido en una tarea prioritaria para las diversas instituciones gubernamentales y académicas a nivel mundial. La interoperabilidad de las IICC, en especial de sus sistemas de control (SSC), se convierte en una característica clave para que estos sistemas sean capaces de coordinarse y realizar tareas de control y seguridad de forma cooperativa. El objetivo de esta tesis se centra, por tanto, en proporcionar herramientas para la interoperabilidad segura de los diferentes SSC, especialmente los sistemas de control ciber-físicos (SCCF), de forma que se potencie la intercomunicación y coordinación entre ellos para crear un entorno en el que las diversas infraestructuras puedan realizar tareas de control y seguridad cooperativas, creando una plataforma de interoperabilidad segura capaz de dar servicio a diversas IICC, en un entorno de consciencia situacional (del inglés situational awareness) de alto espectro o área (wide-area). Para ello, en primer lugar, revisamos las amenazas de carácter más sofisticado que amenazan la operación de los sistemas críticos, particularmente enfocándonos en los ciberataques camuflados (del inglés stealth) que amenazan los sistemas de control de infraestructuras críticas como el smart grid. Enfocamos nuestra investigación al análisis y comprensión de este nuevo tipo de ataques que aparece contra los sistemas críticos, y a las posibles contramedidas y herramientas para mitigar los efectos de estos ataques

    Tunneling Horizontal IEC 61850 Traffic through Audio Video Bridging Streams for Flexible Microgrid Control and Protection

    Get PDF
    In this paper, it is argued that some low-level aspects of the usual IEC 61850 mapping to Ethernet are not well suited to microgrids due to their dynamic nature and geographical distribution as compared to substations. It is proposed that the integration of IEEE time-sensitive networking (TSN) concepts (which are currently implemented as audio video bridging (AVB) technologies) within an IEC 61850 / Manufacturing Message Specification framework provides a flexible and reconfigurable platform capable of overcoming such issues. A prototype test platform and bump-in-the-wire device for tunneling horizontal traffic through AVB are described. Experimental results are presented for sending IEC 61850 GOOSE (generic object oriented substation events) and SV (sampled values) messages through AVB tunnels. The obtained results verify that IEC 61850 event and sampled data may be reliably transported within the proposed framework with very low latency, even over a congested network. It is argued that since AVB streams can be flexibly configured from one or more central locations, and bandwidth reserved for their data ensuring predictability of delivery, this gives a solution which seems significantly more reliable than a pure MMS-based solution

    Dependable Control for Wireless Distributed Control Systems

    Get PDF
    The use of wireless communications for real-time control applications poses several problems related to the comparatively low reliability of the communication channels. This paper is concerned with adaptive and predictive application-level strategies for ameliorating the effects of packet losses and burst errors in industrial sampled-data Distributed Control Systems (DCSs), which are implemented via one or more wireless and/or wired links, possibly spanning multiple hops. The paper describes an adaptive compensator that reconstructs the best estimates (in a least squares sense) of a sequence of one or more missing sensor node data packets in the controller node. At each sample time, the controller node calculates the current control, and a prediction of future controls to apply over a short time horizon; these controls are forwarded to the actuator node every sample time step. A simple design method for a digital Proportional Integral Derivative (PID)-like adaptive controller is also described for use in the controller node. Together these mechanisms give robustness to packet losses around the control loop; in addition, the majority of the computational overhead resides in the controller node. An implementation of the proposed techniques is applied to a case study using a Hardware in the Loop (HIL) test facility, and favorable results (in terms of both performance and computational overheads) are found when compared to an existing robust control method for a DCS experiencing artificially induced burst errors

    Embedded computing systems design: architectural and application perspectives

    Get PDF
    Questo elaborato affronta varie problematiche legate alla progettazione e all'implementazione dei moderni sistemi embedded di computing, ponendo in rilevo, e talvolta in contrapposizione, le sfide che emergono all'avanzare della tecnologia ed i requisiti che invece emergono a livello applicativo, derivanti dalle necessità degli utenti finali e dai trend di mercato. La discussione sarà articolata tenendo conto di due punti di vista: la progettazione hardware e la loro applicazione a livello di sistema. A livello hardware saranno affrontati nel dettaglio i problemi di interconnettività on-chip. Aspetto che riguarda la parallelizzazione del calcolo, ma anche l'integrazione di funzionalità eterogenee. Sarà quindi discussa un'architettura d'interconnessione denominata Network-on-Chip (NoC). La soluzione proposta è in grado di supportare funzionalità avanzate di networking direttamente in hardware, consentendo tuttavia di raggiungere sempre un compromesso ottimale tra prestazioni in termini di traffico e requisiti di implementazioni a seconda dell'applicazione specifica. Nella discussione di questa tematica, verrà posto l'accento sul problema della configurabilità dei blocchi che compongono una NoC. Quello della configurabilità, è un problema sempre più sentito nella progettazione dei sistemi complessi, nei quali si cerca di sviluppare delle funzionalità, anche molto evolute, ma che siano semplicemente riutilizzabili. A tale scopo sarà introdotta una nuova metodologia, denominata Metacoding che consiste nell'astrarre i problemi di configurabilità attraverso linguaggi di programmazione di alto livello. Sulla base del metacoding verrà anche proposto un flusso di design automatico in grado di semplificare la progettazione e la configurazione di una NoC da parte del designer di rete. Come anticipato, la discussione si sposterà poi a livello di sistema, per affrontare la progettazione di tali sistemi dal punto di vista applicativo, focalizzando l'attenzione in particolare sulle applicazioni di monitoraggio remoto. A tal riguardo saranno studiati nel dettaglio tutti gli aspetti che riguardano la progettazione di un sistema per il monitoraggio di pazienti affetti da scompenso cardiaco cronico. Si partirà dalla definizione dei requisiti, che, come spesso accade a questo livello, derivano principalmente dai bisogni dell'utente finale, nel nostro caso medici e pazienti. Verranno discusse le problematiche di acquisizione, elaborazione e gestione delle misure. Il sistema proposto introduce vari aspetti innovativi tra i quali il concetto di protocollo operativo e l'elevata interoperabilità offerta. In ultima analisi, verranno riportati i risultati relativi alla sperimentazione del sistema implementato. Infine, il tema del monitoraggio remoto sarà concluso con lo studio delle reti di distribuzione elettrica intelligenti: le Smart Grid, cercando di fare uno studio dello stato dell'arte del settore, proponendo un'architettura di Home Area Network (HAN) e suggerendone una possibile implementazione attraverso Commercial Off the Shelf (COTS)

    Investigating Performance and Reliability of Process Bus Networks for Digital Protective Relaying

    Get PDF
    To reduce the cost of complex and long copper wiring, as well as to achieve flexibility in signal communications, IEC 61850 part 9-2 proposes a process bus communication network between process level switchyard equipments, and bay level protection and control (P&C) Intelligent Electronic Devices (IEDs). After successful implementation of Ethernet networks for IEC 61850 standard part 8-1 (station bus) at several substations worldwide, major manufacturers are currently working on the development of interoperable products for the IEC 61850-9-2 based process bus. The major technical challenges for applying Ethernet networks at process level include: 1) the performance of time critical messages for protection applications; 2) impacts of process bus Ethernet networks on the reliability of substation protection systems. This work starts with the performance analysis in terms of time critical Sampled Value (SV) messages loss and/or delay over the IEC 61850-9-2 process bus networks of a typical substation. Unlike GOOSE, the SV message is not repeated several times, and therefore, there is no assurance that each SV message will be received from the process bus network at protection IEDs. Therefore, the detailed modeling of IEC 61850 based substation protection devices, communication protocols, and packet format is carried out using an industry-trusted simulation tool OPNET, to study and quantify number of SV loss and delay over the process bus. The impact of SV loss/delay on digital substation protection systems is evident, and recognized by several manufacturers. Therefore, a sample value estimation algorithm is developed in order to enhance the performance of digital substation protection functions by estimating the lost and delayed sampled values. The error of estimation is evaluated in detail considering several scenarios of power system relaying. The work is further carried out to investigate the possible impact of SV loss/delay on protection functions, and test the proposed SV estimation algorithm using the hardware setup. Therefore, a state-of-the-art process bus laboratory with the protection IEDs and merging unit playback simulator using industrial computers on the QNX hard-real-time platform, is developed for a typical IEC 61850-9-2 based process bus network. Moreover, the proposed SV estimation algorithm is implemented as a part of bus differential and transmission line distance protection IEDs, and it is tested using the developed experimental setup for various SV loss/delay scenarios and power system fault conditions. In addition to the performance analysis, this work also focuses on the reliability aspects of protection systems with process bus communication network. To study the impact of process bus communication on reliability indices of a substation protection function, the detailed reliability modeling and analysis is carried out for a typical substation layout. First of all, reliability analysis is done using Reliability Block Diagrams (RBD) considering various practical process bus architectures, as well as, time synchronization techniques. After obtaining important failure rates from the RBD, an extended Markov model is proposed to analyze the reliability indices of protection systems, such as, protection unavailability, abnormal unavailability, and loss of security. It is shown with the proposed Markov model that the implementation of sampled value estimation improves the reliability indices of a protection system
    corecore