Certains contenus de cette application ne sont pas disponibles pour le moment.
Si cette situation persiste, veuillez nous contacter àObservations et contact
1. (WO2019066883) DÉPLOIEMENT DE FONCTIONNALITÉ DE SÉCURITÉ DÉCLARATIVE PRÊTE À L'EMPLOI POUR PLATEFORME D'INGÉNIERIE
Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

Claims

What is claimed is:

1. An industrial control system (ICS) comprising:

a programmable logic controller (PLC) comprising a computer processor;

a first processing core of the computer processor;

a control operating system running on the first processing core;

a real-time database stored in a memory in communication with the control operating system;

an embedded historian within the real-time database;

a first messaging component of the control operating system in communication with the embedded historian;

a security operating system on a second processing core;

an embedded security server in communication with the PLC operating system;

a second messaging component in communication with the embedded security server and with the first messaging component of the control operating system;

wherein the embedded security server is configured to apply at least one security functionality to a data operation of the control operating system.

2. The ICS of Claim 1 further comprising:

a second real-time database in communication with the embedded security server, wherein the second real-time database stores time series information of the ICS.

3. The ICS of Claim 2, further comprising:

a processing component configured to perform additional processing of data stored in the second real-time database.

4. The ICS of Claim 3, further comprising:

a context component configured to translate a security-based meaning of the processed data in a first form to a second form representative of processing knowledge.

5. The ICS of Claim 1 , further comprising:

an app container in communication with the embedded security server configured to contain at least one app in communication with the embedded security server.

6. The ICS of Claim 5, further comprising:

at least one app configured to providing security functionality stored within the app container, wherein the embedded security is configured to execute the at least one app and apply the security functionality of the at least one app to the at data communication of the control operating system.

7. The ICS of Claim 1 , wherein the real-time database, the embedded historian and the first messaging component are stored within a sandboxed region of a memory of the control operating system.

8. The ICS of Claim 1 , further comprising:

a first control element in communication with the control operating system; and a second control element in communication with the control operating system, wherein the data operation is a data communication transmitted between the first control element and the second control element.

9. The ICS of Claim 1 , wherein the first processing core and the second processing core are contained within one computer processor.

10. The ICS of Claim 1 , wherein the first processing core is contained in a first computer processor and the second processing core is contained within a second computer processor.

1 1. A cyber-security system for supplementing cyber-security functionality of a computerized operations system, comprising:

a computer processor for executing computer executable instructions for implementing the computerized operations system;

a security server in communication with the computerized operations system;

at least one app, the at least one app configured to provide a cyber-security functionality to at least one aspect of the computerized operations system, the at least one app developed according to an application programming interface (API) associated with the computerized operations system and the at least one app being operable to receive a command to launch the app from the security server;

wherein the security server is configured to launch the at least one app and apply the cyber-security functionality of the at least one app to the at least one aspect of the computerized operations system.

12. The cyber-security system of Claim 1 1 further comprising a real-time database in communication with the security server, the real-time database storing a plurality of time series of data generated by the operation of the computerized operations system.

13. The cyber-security system of Claim 12, wherein the plurality of time series data includes data relating to at least input values and output values representing states of the computerized operations system over time.

14. The cyber-security system of Claim 12, wherein the plurality of time series data includes data relating to security data of the computerized operations system over time.

15. The cyber-security system of Claim 12, wherein the plurality of time series data includes data relating to metadata related to components of the computerized operations system over time.

16. The cyber-security system of Claim 12, further comprising a process element in communication with the real-time database configured to perform processing of data stored within the real-time database.

17. The cyber-security system of Claim 16, further comprising a context element configured to translate meanings of the processed data from the process element into processing knowledge.

18. A method for supplementing cyber security in a computerized control system, the method comprising:

in a security server, intercepting a data communication between a first component and a second component of the computerized control system;

applying, by the security server, at least one security functionality to the intercepted data communication;

transmitting the data communication to the second component by an operating system of the computerized control system;

delivering a security enhanced communication to the second component, based on the security functionality applied by the security server.

19. The method of Claim 18, further comprising:

in the security server, providing a command to a cyber-security app, the command operative to execute the security app to apply the at least one security functionality to the intercepted communication.

20. The method of Claim 18, further comprising:

applying, by the security server, a second at least one security functionality to the intercepted data communication before the intercepted data communication is delivered to the second component.

21. The method of Claim 20, further comprising:

applying data decryption, by the security server, as part of applying the second at least one security functionality.

22. The method of Claim 18, further comprising:

applying data encryption, by the security server, as part of applying the first at least one security functionality.

23. A system for providing security to an industrial control system (ICS), comprising: a computer processor executing an operation system of a programmable logic controller (PLC);

a security server running on an operating system of the PLC;

at least one software application executing on the operating system of the PLC, wherein the security server is in communication with the software application.

24. The system of Claim 23, further comprising an annotation within computer code of the software application, the annotation indicative of a security function to be performed by the security server.

25. The system of Claim 24, wherein the annotation comprises a security feature in an SLC code of an organization block.

26. The system of Claim 24, wherein the annotation comprises instructions that cause the security server to identify execution permissions.

27. The system of Claim 24, wherein the annotation comprises instructions that cause the runtime environment to generate a security log entry for the output switch data recording event.

28. The system of Claim 24, wherein the annotation comprises instructions to define an application authorization level for a user or for a machine-to-machine authentication.

29. The system of Claim 24, wherein the annotation comprises instructions to the security server to require authentication as a condition precedent to the execution of a given command.

30. The system of Claim 24, wherein the annotation comprises instructions to the security server to identify an execution of a command as a sensitive operation requiring handling of the execution of the command in a secure memory.

31. The system of Claim 24, wherein the annotation comprises instructions to the security server for requiring an application to set a role for a command execution.

32. The system of Claim 24, wherein the annotation comprises instructions to the security server to require an application to accept only data that is collected locally to the system associated with the application.

31. The system of Claim 22, wherein the annotation comprises instructions to the security server allows an application to execute a command only if the invocation of the command is received from a specified network address.