A security testing method, device and storage medium of an industrial real-time database

By conducting security tests on the three-zone isolation architecture of the industrial real-time database, the security issues of cross-zone data transmission were resolved, ensuring the compliance and integrity of data transmission, verifying the transmission security and emergency mechanisms of the industrial protocol, and improving the security and reliability of the system.

CN121923899BActive Publication Date: 2026-07-14CHINA IND INTERNET RES INST

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA IND INTERNET RES INST
Filing Date
2026-01-20
Publication Date
2026-07-14

Smart Images

  • Figure CN121923899B_ABST
    Figure CN121923899B_ABST
Patent Text Reader

Abstract

The application discloses a kind of security testing method, equipment and storage medium of industrial real-time database, it is related to industrial internet technology field.The method comprises: based on three security partition architecture, by verifying the transmission security of each interval realizes the security test to industrial real-time database.Security area and the logical isolation test between security two areas focus on testing access control strategy, industrial protocol transmission integrity and abnormal traffic filtering.The physical isolation test between security area or security two areas and security three areas includes verifying the unidirectional transmission and data integrity of forward isolation device, and the check of format and security strategy by reverse isolation device.Crossover three-area linkage transmission test covers end-to-end data transmission security verification, simulated attack penetration test from security three areas to security area, and emergency mechanism test under the failure of isolation device.The application can improve the security of industrial real-time database by three-partition test method.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of industrial internet technology, and in particular to a security testing method, equipment, and storage medium for industrial real-time databases. Background Technology

[0002] Industrial real-time databases are specialized databases designed for industrial scenarios, enabling high-concurrency acquisition, low-latency storage, and rapid querying and analysis of real-time production data. Unlike traditional transactional databases and big data platforms, their core value lies in adapting to the "continuous, high-frequency, high-reliability, and highly real-time" data characteristics of industrial production. Industrial real-time databases have become the "data hub" connecting physical production and digital systems, and their importance permeates the entire production, management, optimization, and innovation chain.

[0003] The security of industrial real-time databases is of paramount importance, exceeding the scope of ordinary IT system security. It directly impacts the continuity of industrial production, the safety of personnel and equipment, core corporate interests, and even the security of national industrial infrastructure. Security testing for ordinary IT systems often focuses on single technical aspects such as vulnerability scanning, intrusion detection, and code auditing, which is far from sufficient for industrial real-time databases.

[0004] Industrial real-time database architecture differs from ordinary databases, primarily divided into three security zones. This division is common in industries that rely on real-time databases for production monitoring. The core principle is to divide zones according to security level and business type to ensure the security of the production system. The characteristics and connection methods of these three security zones are explained in detail below.

[0005] Security Zone 1: This is the core real-time system zone, used to maintain and operate core production data. It is the core area of ​​the real-time database, responsible for processing real-time monitoring data of production equipment and issuing control commands. It has extremely high requirements for data real-time performance and security, and is usually strictly isolated from external networks.

[0006] Security Zone 3: Primarily a management information zone, including web systems, GPRS public network front-end systems, etc. The database in this zone automatically synchronizes with the core data in Zone 1. It is mainly used for non-core control-related business such as data display and external data interaction. It is connected to Zone 1 through physical isolation devices to prevent external risks from being transmitted to the core production system.

[0007] Security Zone 2: Typically a transition zone, specifically referring to the non-controlled production area, it, together with Security Zone 1, forms the main production control zone. This zone is crucial for ensuring the security of real-time databases and related operations in industries such as power. This zoning design allows the production control system to ensure the security of core real-time control operations while simultaneously conducting various auxiliary production operations in an orderly manner, making it an important component of the security protection system.

[0008] Connection methods between security zones 1, 2, and 3:

[0009] 1) Security Zone 1 and Zone 2

[0010] These two areas belong to the same production control zone and have extremely strong business interrelationships. For example, real-time control data from Zone 1 needs to be synchronized to Zone 2 for fault analysis. The connection between the two is primarily based on logical isolation, typically achieved through a hardware firewall. The firewall is configured with strict access control policies, only opening necessary business data transmission ports between the two zones, such as the dedicated port for Zone 2's fault recording system to obtain real-time operating data from Zone 1's equipment. Unrelated access is blocked, ensuring efficient data flow while preventing the spread of risks within the production control zone.

[0011] 2) Security Zone 1 / 2 and Security Zone 3

[0012] Zones 1 and 2 are core production areas, while Zone 3 is a production management area. The two zones have significantly different safety levels, and connections require unidirectional data transmission through forward and reverse isolation devices, with physical isolation as the connection protection level.

[0013] ① Zone 1 / 2 to Zone 3: A one-way connection channel is established using a forward isolation device. This device will sever penetrating TCP connections, allowing only real-time data and equipment operation reports from the production control zone to be transmitted unidirectionally to Zone 3. For example, grid load data from Zone 1 and electricity metering data from Zone 2 are synchronized to Zone 3 for production statistics, preventing abnormal data or attacks from Zone 3 from invading the production control zone in reverse.

[0014] ② From Zone 3 to Zone 1 / 2: A connection is established through a reverse isolation device, and transmission is strictly limited. Data must first be converted to text file format, encrypted with a dedicated encryption algorithm, and digitally signed before transmission. For example, the equipment maintenance plan text file from Zone 3 is processed and then transmitted to Zone 2 for filing, thereby ensuring that the production control zone is not affected by network risks from Zone 3.

[0015] 3) Indirect connections across Zone 1, Zone 2, and Zone 3

[0016] To enable cross-zone data interaction between Zone 1 and Zone 3, Zone 2 is typically used as an indirect relay node. For example, real-time equipment fault data from Zone 1 is first synchronized to Zone 2. After data processing in Zone 2, it is then transmitted to Zone 3 via a forward isolation device. Conversely, maintenance instructions from Zone 3 to Zone 1 are first sent to Zone 2 for verification before being transmitted to Zone 1 through a compliance process. This method further filters out abnormal risks in data transmission, ensuring the security of the core control area.

[0017] The three security zones are logically or physically isolated through isolation devices and firewalls. The unidirectionality and integrity of cross-zone data transmission are the core challenges in testing. First, it's crucial to address the effectiveness of isolation testing between Zone 1 and Zone 2, and between Zone 2 and Zone 3. For example, verifying whether the forward isolation device only allows unidirectional data transmission from Zone 2 to Zone 3, and whether reverse malicious data inflows can be completely blocked, without violating the original isolation device policies during testing. Second, the unique characteristics of industrial protocols (such as Modbus TCP and IEC 104) make cross-zone data transmission susceptible to tampering or injection of abnormal data packets. It's necessary to solve the problem of how to simulate malicious transmission behaviors characteristic of industrial protocols to verify whether the data verification mechanism can accurately identify anomalies. Third, data delays or loss may occur during cross-zone synchronization. Testing needs to address how to quantitatively evaluate data consistency during synchronization, while distinguishing between test interference and inherent system vulnerabilities. Summary of the Invention

[0018] The purpose of this invention is to provide a security testing method, device and storage medium for industrial real-time databases, aiming to solve or improve at least one of the above-mentioned technical problems.

[0019] To achieve the above objectives, the present invention provides the following solution:

[0020] A security testing method for industrial real-time databases includes:

[0021] An industrial real-time database is deployed in a three-security partition architecture, and each partition is subjected to logical isolation transmission security testing, physical isolation transmission security testing, or linkage transmission security testing through isolation devices; wherein, the three-security partition architecture consists of Security Zone 1, Security Zone 2, and Security Zone 3;

[0022] The logical isolation transmission security test between Security Zone 1 and Security Zone 2 includes: access control policy verification, industrial protocol transmission integrity verification, and abnormal traffic filtering verification.

[0023] The access control policy verification involves initiating a connection request from a security zone 2 node to an unauthorized port of the security zone 1 database, recording firewall logs and connection results to verify the effectiveness of the firewall access control policy; the industrial protocol transmission integrity verification involves transmitting real-time data from security zone 1 to security zone 2 via a specified industrial protocol, capturing and comparing the consistency of the data at the sending and receiving ends; the abnormal traffic filtering verification involves constructing and injecting abnormal data packets of a specified industrial protocol from a security zone 2 node into security zone 1, and checking the response and firewall blocking records of security zone 1.

[0024] Physical isolation transmission security testing between Security Zone 1 or Security Zone 2 and Security Zone 3 includes: forward transmission testing and reverse transmission testing;

[0025] The forward transmission test is for data transmission from Security Zone 1 or Security Zone 2 to Security Zone 3, testing the unidirectional transmission effectiveness, data format conversion effectiveness, and data integrity of the forward isolation device; the reverse transmission test is for data transmission from Security Zone 3 to Security Zone 1 or Security Zone 2, testing the reverse isolation device's verification of transmission format restrictions and the effectiveness of encryption signatures.

[0026] The cross-zone coordinated transmission security test includes: coordinated transmission test from Security Zone 1 to Security Zone 2 and then to Security Zone 3, cross-zone attack penetration test, and emergency test for isolation device failure.

[0027] The linked transmission test verifies the end-to-end transmission security and data consistency of data from Security Zone 1 through Security Zone 2 to Security Zone 3; the cross-zone attack penetration test simulates an attack initiated from Security Zone 3, penetrating through Security Zone 2 to Security Zone 1, and monitors the protective behavior of each isolation device; the isolation device failure emergency test simulates isolation device failure scenarios and tests the data transmission failure alarm, buffering, and recovery and retransmission mechanisms.

[0028] Optionally, the access control policy verification also includes data transmission via a non-open protocol; the specified industrial protocol in the industrial protocol transmission integrity verification is the OPC UA protocol, and the transmission data packets are captured using a protocol analysis tool; the specified industrial protocol in the abnormal traffic filtering verification is the Modbus TCP protocol.

[0029] Optionally, in the forward transmission test, the test process for the effectiveness of the one-way transmission is to initiate a reverse connection request or transfer a file from Security Zone 3 to Security Zone 1, and check the blocking logs and results of the forward isolation device; the test process for the effectiveness of the data format conversion is to capture the data transmitted from Security Zone 1 or Security Zone 2 to Security Zone 3 via the forward isolation device, and verify whether it has been converted from the original format to the specified text format; the test process for the data integrity is to verify the data integrity of cross-zone transmission by calculating and comparing the checksums of large files at the sending end and the receiving end.

[0030] Optionally, in the reverse transmission test, the verification process for the transmission format restriction is to transmit a non-text format file from Security Zone 3 to Security Zone 1 or Security Zone 2 and check the interception record of the reverse isolation device; the verification process for the validity of the encrypted signature is to transmit an unsigned text file from Security Zone 3 to Security Zone 1 or Security Zone 2 via the reverse isolation device and check the reception result and device log.

[0031] Optionally, the process of the linked transmission test specifically includes: generating real-time device fault data in the first security zone, transmitting it to the second security zone through an industrial control firewall for format sorting, then transmitting it to the third security zone through a forward isolation device, and finally comparing the consistency between the original data in the first security zone and the received data in the third security zone.

[0032] Optionally, the process of the cross-zone attack penetration test specifically includes: simulating and constructing management data containing malicious SQL statements in the third security zone, transmitting it to the second security zone through a reverse isolation device, and further penetrating into the first security zone to monitor the protection behaviors of the database in the second security zone, the industrial control firewall, and the forward isolation device.

[0033] Optionally, the process of the isolation device fault emergency test specifically includes: manually simulating the disconnection of the forward isolation device connection to enable the first security zone to continuously transmit data to the third security zone, and recording the fault alarm time, data caching situation, and the data retransmission effect after the fault recovery.

[0034] The present invention also provides an electronic device, including a memory and a processor. The memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the security test method of the industrial real-time database according to the above.

[0035] The present invention also provides a computer-readable storage medium, which stores a computer program. When the computer program is executed by a processor, it implements the security test method of the industrial real-time database as described above.

[0036] According to the specific embodiments provided by the present invention, the following technical effects are disclosed:

[0037] The present invention discloses a security test method, device, and storage medium for an industrial real-time database. The method includes performing a security test on the industrial real-time database based on a three-security-zone architecture by verifying the transmission security between zones. The logical isolation test between the first security zone and the second security zone focuses on verifying access control policies, industrial protocol transmission integrity, and abnormal traffic filtering. The physical isolation test between the first security zone or the second security zone and the third security zone includes verifying the one-way transmission and data integrity of the forward isolation device, as well as the format and security policy verification of the reverse isolation device. The cross-three-zone linked transmission test covers end-to-end data transmission security verification, simulated attack penetration test from the third security zone to the first security zone, and emergency mechanism test under the failure of the isolation device. The present invention can improve the security of the industrial real-time database through the three-zone test method. BRIEF DESCRIPTION OF THE DRAWINGS

[0038] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0039] Figure 1 This is a flowchart illustrating the security testing method for the industrial real-time database of the present invention. Detailed Implementation

[0040] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0041] The purpose of this invention is to provide a security testing method, device and storage medium for industrial real-time databases, aiming to solve or improve at least one of the above-mentioned technical problems.

[0042] To make the above-mentioned objects, features and advantages of the present invention more apparent and understandable, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0043] like Figure 1 As shown, this invention provides a security testing method for industrial real-time databases, including:

[0044] The industrial real-time database is deployed in a three-security partition architecture, and each partition is connected to the other partition for logical isolation transmission security testing, physical isolation transmission security testing, or linkage transmission security testing through isolation devices; wherein the three-security partition architecture consists of Security Zone 1, Security Zone 2, and Security Zone 3.

[0045] The testing process between different zones includes:

[0046] 1. The logical isolation transmission security test between Security Zone 1 and Security Zone 2 includes: access control policy verification, industrial protocol transmission integrity verification, and abnormal traffic filtering verification.

[0047] The access control policy verification involves initiating a connection request from a security zone 2 node to an unauthorized port of the security zone 1 database, recording firewall logs and connection results to verify the effectiveness of the firewall access control policy. The industrial protocol transmission integrity verification involves transmitting real-time data from security zone 1 to security zone 2 via a specified industrial protocol, capturing and comparing the consistency of the data at the sending and receiving ends. The abnormal traffic filtering verification involves constructing and injecting abnormal data packets of a specified industrial protocol from a security zone 2 node into security zone 1, and checking the response and firewall blocking records of security zone 1.

[0048] The access control policy verification also includes data transmission via unopened protocols; the industrial protocol transmission integrity verification specifies the OPC UA protocol and uses protocol analysis tools to capture transmission data packets; the abnormal traffic filtering verification specifies the Modbus TCP protocol.

[0049] 2. Physical isolation transmission security testing between Security Zone 1 or Security Zone 2 and Security Zone 3 includes: forward transmission test and reverse transmission test.

[0050] The forward transmission test is for data transmission from Security Zone 1 or Security Zone 2 to Security Zone 3, testing the unidirectional transmission effectiveness, data format conversion effectiveness, and data integrity of the forward isolation device; the reverse transmission test is for data transmission from Security Zone 3 to Security Zone 1 or Security Zone 2, testing the verification of transmission format restrictions and encryption signature effectiveness by the reverse isolation device.

[0051] Specifically, in the forward transmission test, the test process for the effectiveness of unidirectional transmission involves initiating a reverse connection request or transferring a file from Security Zone 3 to Security Zone 1, and checking the blocking logs and results of the forward isolation device; the test process for the effectiveness of data format conversion involves capturing data transmitted from Security Zone 1 or Security Zone 2 to Security Zone 3 via the forward isolation device, and verifying whether it has been converted from the original format to the specified text format; the test process for data integrity involves calculating and comparing the checksums of large files at the sending and receiving ends to verify the data integrity of cross-zone transmission.

[0052] In the reverse transmission test, the verification process for the transmission format restriction is to transmit a non-text format file from Security Zone 3 to Security Zone 1 or Security Zone 2 and check the interception records of the reverse isolation device; the verification process for the validity of the encrypted signature is to transmit an unsigned text file from Security Zone 3 to Security Zone 1 or Security Zone 2 via the reverse isolation device and check the reception result and device log.

[0053] 3. Cross-zone linkage transmission security testing includes: linkage transmission testing from security zone 1 to security zone 2 and then to security zone 3, cross-zone attack penetration testing, and emergency testing for isolation device failure.

[0054] The linked transmission test verifies the end-to-end transmission security and data consistency of data from Security Zone 1 through Security Zone 2 to Security Zone 3; the cross-zone attack penetration test simulates an attack initiated from Security Zone 3, penetrating through Security Zone 2 to Security Zone 1, and monitors the protective behavior of each isolation device; the isolation device failure emergency test simulates isolation device failure scenarios and tests the data transmission failure alarm, buffering, and recovery and retransmission mechanisms.

[0055] The process of the linkage transmission test specifically includes: generating real-time equipment fault data in Security Zone 1, transmitting it to Security Zone 2 via the industrial control firewall for formatting, then transmitting it to Security Zone 3 via the forward isolation device, and finally comparing the consistency between the original data in Security Zone 1 and the data received in Security Zone 3.

[0056] The cross-zone attack penetration test process specifically includes: constructing management data containing malicious SQL statements from Security Zone 3, transmitting it to Security Zone 2 via a reverse isolation device, and further penetrating into Security Zone 1, monitoring the protective behavior of the database, industrial control firewall, and forward isolation device in Security Zone 2.

[0057] The process of emergency testing for the isolation device failure specifically includes: manually simulating the disconnection of the forward isolation device connection, allowing the first safety zone to continuously transmit data to the third safety zone, and recording the fault alarm time, data caching status, and the data retransmission effect after fault recovery.

[0058] Based on the above technical solution, the following specific implementation method is provided.

[0059] First, regarding the technical problem to be solved, the technical solution of this embodiment includes three parts:

[0060] 1. Test and verify the effectiveness of cross-zone transmission boundary isolation: ensure the implementation of logical isolation between Zone 1 and Zone 2, and physical isolation strategies between Zone 1 and Zone 2 and Zone 3, to block unauthorized access and attack penetration;

[0061] 2. Test and verify data transmission compliance: Verify the effectiveness of rules such as one-way data transmission restrictions, format conversion, and encryption signatures to ensure data integrity and tamper-proofing;

[0062] 3. Test and verify the security of industrial protocol transmission: Verify the protocol parsing and anomaly filtering capabilities for cross-regional transmission of industrial protocols such as Modbus, OPC UA, and IEC 61850.

[0063] Secondly, the detailed description of the above technical solution is as follows:

[0064] 1. Security test of transmission between security zone 1 and zone 2 (logical isolation verification) to verify the effectiveness of access control policies of industrial control firewalls, integrity of industrial protocol transmission, and security of cross-zone data interaction.

[0065] 1) Access control policy verification: Unauthorized port access test.

[0066] ① Initiate a TCP connection request from the second-zone node to the unauthorized port of the first-zone database; ② Attempt to transmit data using an unopened protocol; ③ Record firewall logs and connection results.

[0067] 2) Industrial Protocol Transmission Verification: OPC UA Protocol Cross-Regional Transmission Integrity Test.

[0068] ① Transmit 1000 real-time device data entries (including timestamps and values) from the Zone 1 SCADA system to the Zone 2 fault recording system via OPC UA; ② Capture the transmitted data packets using a protocol analysis tool; ③ Compare the consistency between the data from the sending and receiving ends.

[0069] 3) Abnormal traffic filtering verification: Industrial protocol abnormal data packet injection test.

[0070] ① Construct Modbus TCP exception packets from the second zone node; ② Inject 100 exception packets into the first zone database; ③ Check the first zone database response and firewall blocking records.

[0071] 2. Security test of transmission between security zone 1 / 2 and zone 3 (physical isolation verification) to verify the unidirectional transmission limit of forward / reverse isolation devices, the effectiveness of data format conversion, and the integrity of encryption signature, and to block cross-zone attack penetration.

[0072] 1) Forward transmission test (zone 1 / zone 2 → zone 3), the core verification is "data flows out in one direction and reverse flow is prohibited", focusing on the protection capability of the forward isolation device.

[0073] ①One-way transmission validity test: Three-zone reverse access to one-zone test.

[0074] A. Initiate an SSH connection request from the Zone 3 MIS system to the Zone 1 database; B. Attempt to transfer a script file to Zone 1 via the forward isolation device; C. Check the isolation device logs and connection results.

[0075] ② Data format conversion verification: Real-time data to text transmission test.

[0076] A. The database in Zone 1 transmits real-time data (originally in binary format) to the equipment in Zone 3; B. Captures the output data from the forward isolation device; C. Verifies whether the data has been converted to the specified text format.

[0077] ③ Data integrity test: Large file cross-region transmission verification test.

[0078] A. Transfer a 1GB production report file (including MD5 checksum) from Zone 2 to Zone 3; B. Calculate the MD5 value of the file after receiving it; C. Compare the checksums of the sending and receiving ends.

[0079] 2) Reverse transmission test (zone 3 → zone 1 / zone 2).

[0080] ① Transmission format limitation test: Non-text format file transmission test.

[0081] A. Transfer executable files (.exe format) from Zone 3 to Zone 2; B. Initiate the transfer directly without encryption and signature processing; C. Check the interception records of the reverse isolation device.

[0082] ② Encryption signature validity test: Unsigned file transfer test.

[0083] A. Generate a maintenance plan text file from Zone 3 without digital signature; B. Transmit to Zone 2 via the reverse isolation device; C. Check the reception results in Zone 2 and the isolation device log.

[0084] 3. Cross-zone linkage transmission security test (end-to-end verification): Verify the security of cross-zone linkage transmission from Zone 1 to Zone 2 to Zone 3 and from Zone 3 to Zone 2 to Zone 1, as well as the emergency protection capability under abnormal scenarios.

[0085] 1) Zone 1 → Zone 2 → Zone 3 Interconnected Transmission Test:

[0086] ① Zone 1 generates real-time equipment fault data (including fault codes and timestamps); ② The data is transmitted to Zone 2 via the industrial control firewall, where it is formatted and fault descriptions are added; ③ The formatted data is transmitted to Zone 3 via a forward isolation device; ④ The consistency between the original data in Zone 1 and the final data received in Zone 3 is compared.

[0087] 2) Cross-regional attack penetration test:

[0088] ① Simulate an SQL injection attack from Zone 3 (construct management data containing malicious SQL statements); ② Attempt to transmit the data to Zone 2 via the reverse isolation device, and then attempt to penetrate Zone 1; ③ Monitor the protective behavior of the database, industrial control firewall, and forward isolation device in Zone 2.

[0089] 3) Emergency test for isolation device failure:

[0090] ① Simulate a fault in the forward isolation device (disconnection); ② Continuously transmit real-time data from Zone 1 to Zone 3; record the fault alarm time, data caching status, and data retransmission effect after fault recovery.

[0091] Example

[0092] 1. Determine the test background

[0093] Taking an energy management center as an example, the above method is deployed in the KingHistorian industrial real-time database and its boundary security protection system in a three-security zone.

[0094] Architecture Overview:

[0095] Safety Zone 1 (Production Control Zone): Deploys a real-time database master node, SCADA server, and DCS / PLC controller. The database stores raw real-time production data (such as voltage, current, temperature, and valve status).

[0096] Security Zone 2 (Non-Controlled Production Area): Deploys real-time database mirror nodes, fault recording systems, and production monitoring web servers. Used for advanced data analysis, fault diagnosis, and internal visualization.

[0097] Security Zone 3 (Management Information Zone): Deploys MIS system, SIS system, and big data analytics platform. Used for enterprise-level management, report generation, and decision support.

[0098] Boundary protection:

[0099] Industrial firewalls (such as those from Winuot and Kuangen) are deployed between Zone 1 and Zone 2. Forward isolation devices and reverse isolation devices (such as those from NARI and Kedong) are deployed between Zone 2 and Zone 3.

[0100] Test objective:

[0101] Verify the effectiveness of cross-regional transmission boundary isolation: Confirm that the policies of the industrial control firewall and forward / reverse isolation devices are correct and can block unauthorized access and attack penetration.

[0102] Verify data transmission compliance: Confirm that security policies such as one-way data transmission, format conversion, and encryption signature are effectively implemented to ensure data integrity and prevent tampering.

[0103] Verify the security of industrial protocol transmission: Verify the system's ability to parse, filter, and protect against anomalies in cross-regional transmission of industrial protocols such as OPC UA and Modbus TCP.

[0104] 2. Testing Environment and Tools

[0105] Test environment: A simulation test platform with the same network topology as the production environment.

[0106] Testing tools:

[0107] Protocol analysis tool: Wireshark.

[0108] Vulnerability scanning and penetration testing tools: Nmap, SQLMap (only for use in authorized testing environments).

[0109] Packet construction tool: Scapy.

[0110] File integrity verification tools: MD5 / SHA256 verification tools.

[0111] Log analysis tools: Management consoles for various firewalls and isolation devices.

[0112] 3. Detailed test process and results

[0113] 3.1 Security Test for Logically Isolated Transmission Between Security Zone 1 and Security Zone 2

[0114] Test 1: Access Control Policy Verification

[0115] A connection request is initiated from the test node in Security Zone 2 (IP: 192.168.2.100) to the unauthorized port TCP / 8080 of the real-time database in Security Zone 1 (IP: 192.168.1.10) (assuming the database only has TCP / 443 open).

[0116] Try sending data to the database using the S7comm protocol (Siemens PLC protocol, a non-open protocol).

[0117] View the industrial firewall logs and record the connection results.

[0118] Expected result: The connection request was rejected by the firewall, and the firewall log recorded a "Deny" rule hit from source IP 192.168.2.100 and destination port 8080.

[0119] Actual result: Connection timed out, firewall policy took effect, and log records were consistent with expectations.

[0120] Test 2: Industrial Protocol Transmission Integrity Verification (OPC UA)

[0121] On the SCADA system in Safety Zone 1, 1,000 simulated real-time voltage and current data (each data entry contains a millisecond-level timestamp and a floating-point value) are transmitted to the fault recording system in Safety Zone 2 via the OPC UA protocol.

[0122] Use Wireshark on the mirror port of the industrial firewall to capture transmitted OPC UA packets.

[0123] Compare the logs sent by the SCADA system with the data received by the fault recording system to check whether the timestamps and values ​​are completely consistent and whether there are any packet losses or out-of-order packets.

[0124] Expected result: Data transmission was successful. The 1000 data messages sent and received were completely identical in content and order, and the protocol communication was normal.

[0125] Actual results: The data consistency rate was 100%, verifying the integrity of the OPC UA protocol transmission in a cross-regional logical isolation environment.

[0126] Test 3: Verification of Abnormal Traffic Filtering (Modbus TCP)

[0127] On the test node in the second security zone, 100 invalid Modbus TCP packets were constructed using Scapy, including packets with abnormal function codes (such as 0x00), abnormal length fields, and packets with disordered transaction identifiers.

[0128] These anomalous data packets are injected into the Modbus TCP service port (TCP / 502) of the real-time database in Zone 1 of Security.

[0129] Check the response of the security zone 1 database (there should be no response or an error), and review the intrusion prevention (IPS) logs of the industrial firewall.

[0130] Expected result: The vast majority or all of the abnormal data packets were identified and blocked by the firewall's IPS module, and the database service was unaffected.

[0131] Actual results: Firewall logs showed that 98% of abnormal packets were blocked; two malformed packets penetrated but were rejected by the database service. Conclusion: The protection was effective, but the strategy can be further optimized.

[0132] 3.2 Physical isolation transmission security test between Security Zone 1 / 2 and Security Zone 3

[0133] Test 4: Forward Transmission Test (Zone 2 → Zone 3)

[0134] 4a. One-way transmission validity test:

[0135] Steps: From the MIS system in Security Zone 3 (IP: 10.10.10.50), attempt to initiate an SSH connection request to the database mirror node in Security Zone 2 (IP: 192.168.2.20), and attempt to upload a script file.

[0136] Result: No response to the connection request, and the forward isolation device log shows "Violation of one-way transmission rules, connection blocked".

[0137] 4b. Data format conversion verification:

[0138] Steps: The Security Zone 1 database sends a segment of real-time device status data (originally in binary / proprietary format) to Security Zone 3 via a forward isolation device. Data is captured at the output side of the forward isolation device.

[0139] Result: The captured data was in XML format, which meets the "non-secondary mechanism text format" requirement of security management regulations, verifying the effectiveness of the format conversion function.

[0140] 4c. Data integrity test:

[0141] Steps: Transfer a 1.2GB compressed production daily report file from Security Zone 2 to Security Zone 3. Calculate the MD5 checksum of the file before and after the transfer.

[0142] Result: The MD5 values ​​of the sending and receiving ends are completely consistent, proving that the data of the large file is intact after being transmitted through the isolation device.

[0143] Test 5: Reverse transmission test (Zone 3 → Zone 2)

[0144] 5a. Transmission format limitation test:

[0145] Steps: Attempt to transfer an update_tool.exe executable file from Security Zone 3 to Security Zone 2 via a reverse isolation device.

[0146] Result: Transmission failed, and the reverse isolation device log recorded "Invalid file format, transmission terminated", which is consistent with the policy of "only allowing specific text formats (such as txt, xml)".

[0147] 5b. Cryptographic Signature Validity Test:

[0148] Steps: Generate a file named "#1 Unit Maintenance Plan.txt" in Security Zone 3, without attaching a digital signature, and attempt to send it to Security Zone 2 via the reverse isolation device.

[0149] Result: Transmission failed, the reverse isolation device discarded the file and issued a warning in the log: "File not verified signature, transmission prohibited." Transmission succeeded after using a file with the same name signed by an authorized CA.

[0150] 3.3 Security Test for Cross-Three-Zone Interconnected Transmission

[0151] Test 6: Zone 1 → Zone 2 → Zone 3 Interconnected Transmission Test

[0152] In the safety zone, a "bearing temperature too high" fault is simulated in generator #1, generating a real-time alarm data containing fault code (F101), timestamp, and measurement point value.

[0153] The data is transmitted to the production monitoring system in Security Zone 2 via the industrial control firewall, and the system automatically adds fault descriptions and suggested measures.

[0154] The integrated data is pushed to the SIS system in the security zone 3 through a forward isolation device.

[0155] Compare the original alarm records of Security Zone 1 with the records finally received by the SIS system in Security Zone 3.

[0156] Result: The records in Zone 3 are complete, containing the original fault codes and timestamps from Zone 1, as well as the descriptive information added from Zone 2. The data is consistent, and the end-to-end transmission link is secure and reliable.

[0157] Test 7: Cross-regional attack penetration test

[0158] Simulate an attacker in the secure zone 3 to construct a management command disguised as a "device parameter query", but containing a malicious SQL statement: 'OR '1'='1' --.

[0159] Try sending this "instruction" file to the web service interface of Security Zone 2 via the reverse isolation device.

[0160] Monitor the behavior of the Web Application Firewall (WAF) in Security Zone 2, database audit logs, and the Industrial Firewall at the Zone 1 boundary.

[0161] Results: The reverse isolation device blocked the first attempt due to format mismatch (not a purely compliant instruction) or signature verification failure. After the attacker forged the signature, the file entered Zone 2, but was identified as an SQL injection attack and blocked by the Zone 2 WAF. No penetration into Zone 1 was achieved, verifying the effectiveness of defense-in-depth.

[0162] Test 8: Emergency Test for Isolation Device Failure

[0163] Manually disconnect the network cable from the forward isolation device (zone 2 -> zone 3) to simulate a hardware failure.

[0164] Security Zone 1 continuously sends real-time data streams (10 streams per second) to Security Zone 3.

[0165] Observe the alarm information on the monitoring platform and check the amount of data cached at the sending end of the forward isolation device.

[0166] The network connection will be restored after 5 minutes.

[0167] result:

[0168] Ten seconds after the failure, the network management platform received an emergency alarm for "forward isolation device link interruption". Data was buffered on the sending side of the isolation device, and the buffer size continued to increase without any data loss. After the connection was restored, the buffered data was automatically retransmitted to Security Zone 3 within 2 minutes, and subsequent data was transmitted in real time. The retransmitted data was verified to be complete and error-free.

[0169] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on the differences from other embodiments. The same or similar parts between the various embodiments can be referred to each other.

[0170] This document uses specific examples to illustrate the principles and implementation methods of the present invention. The descriptions of the above embodiments are only for the purpose of helping to understand the core ideas of the present invention. Furthermore, those skilled in the art will recognize that, based on the ideas of the present invention, there will be changes in the specific implementation methods and application scope. Therefore, the content of this specification should not be construed as a limitation of the present invention.

Claims

1. A security testing method for an industrial real-time database, characterized in that, include: An industrial real-time database is deployed in a three-security partition architecture, and each partition is subjected to logical isolation transmission security testing, physical isolation transmission security testing, or linkage transmission security testing through isolation devices; wherein, the three-security partition architecture consists of Security Zone 1, Security Zone 2, and Security Zone 3; The logical isolation transmission security test between Security Zone 1 and Security Zone 2 includes: access control policy verification, industrial protocol transmission integrity verification, and abnormal traffic filtering verification. The access control policy verification involves initiating a connection request from a security zone 2 node to an unauthorized port of the security zone 1 database, recording firewall logs and connection results to verify the effectiveness of the firewall access control policy; the industrial protocol transmission integrity verification involves transmitting real-time data from security zone 1 to security zone 2 via a specified industrial protocol, capturing and comparing the consistency of the data at the sending and receiving ends; the abnormal traffic filtering verification involves constructing and injecting abnormal data packets of a specified industrial protocol from a security zone 2 node into security zone 1, and checking the response and firewall blocking records of security zone 1. Physical isolation transmission security testing between Security Zone 1 or Security Zone 2 and Security Zone 3 includes: forward transmission testing and reverse transmission testing; The forward transmission test is for data transmission from Security Zone 1 or Security Zone 2 to Security Zone 3, testing the unidirectional transmission effectiveness, data format conversion effectiveness, and data integrity of the forward isolation device; the reverse transmission test is for data transmission from Security Zone 3 to Security Zone 1 or Security Zone 2, testing the reverse isolation device's verification of transmission format restrictions and the effectiveness of encryption signatures. The cross-zone coordinated transmission security test includes: coordinated transmission test from Security Zone 1 to Security Zone 2 and then to Security Zone 3, cross-zone attack penetration test, and emergency test for isolation device failure. The linked transmission test verifies the end-to-end transmission security and data consistency of data from Security Zone 1 through Security Zone 2 to Security Zone 3; the cross-zone attack penetration test simulates an attack initiated from Security Zone 3, penetrating through Security Zone 2 to Security Zone 1, and monitors the protective behavior of each isolation device; the isolation device failure emergency test simulates isolation device failure scenarios and tests the data transmission failure alarm, buffering, and recovery and retransmission mechanisms.

2. The security testing method for industrial real-time databases according to claim 1, characterized in that, The access control policy verification also includes data transmission via unopened protocols; the specified industrial protocol in the industrial protocol transmission integrity verification is the OPC UA protocol, and the transmission data packets are captured using protocol analysis tools; the specified industrial protocol in the abnormal traffic filtering verification is the Modbus TCP protocol.

3. The security testing method for industrial real-time databases according to claim 1, characterized in that, In the forward transmission test, the test process for the effectiveness of unidirectional transmission involves initiating a reverse connection request or transferring a file from Security Zone 3 to Security Zone 1, and checking the blocking logs and results of the forward isolation device; the test process for the effectiveness of data format conversion involves capturing data transmitted from Security Zone 1 or Security Zone 2 to Security Zone 3 via the forward isolation device, and verifying whether it has been converted from the original format to the specified text format; the test process for data integrity involves calculating and comparing the checksums of large files at the sending and receiving ends to verify the data integrity of cross-zone transmission.

4. The security testing method for industrial real-time databases according to claim 1, characterized in that, In the reverse transmission test, the verification process for the transmission format restriction is to transmit a non-text format file from Security Zone 3 to Security Zone 1 or Security Zone 2 and check the interception records of the reverse isolation device; the verification process for the validity of the encrypted signature is to transmit an unsigned text file from Security Zone 3 to Security Zone 1 or Security Zone 2 via the reverse isolation device and check the reception result and device log.

5. The security testing method for industrial real-time databases according to claim 1, characterized in that, The process of the linkage transmission test specifically includes: generating real-time equipment fault data in Security Zone 1, transmitting it to Security Zone 2 via the industrial control firewall for formatting, then transmitting it to Security Zone 3 via the forward isolation device, and finally comparing the consistency between the original data in Security Zone 1 and the data received in Security Zone 3.

6. The security testing method for industrial real-time databases according to claim 1, characterized in that, The cross-zone attack penetration test process specifically includes: constructing management data containing malicious SQL statements from Security Zone 3, transmitting it to Security Zone 2 via a reverse isolation device, and further penetrating into Security Zone 1, monitoring the protective behavior of the database, industrial control firewall, and forward isolation device in Security Zone 2.

7. The security testing method for industrial real-time databases according to claim 1, characterized in that, The process of emergency testing for the isolation device failure specifically includes: manually simulating the disconnection of the forward isolation device connection, allowing the first safety zone to continuously transmit data to the third safety zone, and recording the fault alarm time, data caching status, and the data retransmission effect after fault recovery.

8. An electronic device, characterized in that, The device includes a memory and a processor, the memory being used to store a computer program, and the processor running the computer program to cause the electronic device to perform a security testing method for an industrial real-time database according to any one of claims 1-7.

9. A computer-readable storage medium, characterized in that, It stores a computer program that, when executed by a processor, implements the security testing method for an industrial real-time database as described in any one of claims 1-7.