|
US$494.00 ยท In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 33863.2-2017: OPC unified architecture -- Part 2: Security model
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 33863.2-2017 | English | 494 |
Add to Cart
|
3 days [Need to translate]
|
OPC unified architecture -- Part 2: Security model
| Valid |
GB/T 33863.2-2017
|
PDF similar to GB/T 33863.2-2017
Basic data | Standard ID | GB/T 33863.2-2017 (GB/T33863.2-2017) | | Description (Translated English) | OPC unified architecture -- Part 2: Security model | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | N10 | | Classification of International Standard | 25.040 | | Word Count Estimation | 26,292 | | Date of Issue | 2017-07-12 | | Date of Implementation | 2018-02-01 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 33863.2-2017: OPC unified architecture -- Part 2: Security model---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
OPC unified architecture - Part 2. Security model
ICS 25.040
N10
National Standards of People's Republic of China
OPC unified architecture - Part 2. Security model
(IEC /T R62541-2..2010, IDT)
2017-07-12 released
2018-02-01 Implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
China National Standardization Management Committee released
Directory
Preface III
Introduction IV
1 Scope 1
2 normative reference document 1
3 terms, definitions, acronyms and conventions
3.1 Terms and definitions 1
3.2 Abbreviations 4
3.3 Convention on Safety Model 5
4 OPCUA safety structure 5
4.1 OPCUA security environment 5
4.2 Safety objectives 6
4.2.1 Overview 6
4.2.2 Identification 6
4.2.3 Authorization 6
4.2.4 Confidentiality 6
4.2.5 Integrity 6
4.2.6 Audibility 6
4.2.7 Availability 6
4.3 Security threats to OPCUA systems 6
4.3.1 Overview 6
4.3.2 news flooding 6
4.3.3 eavesdropping 7
4.3.4 Message spoofing 7
4.3.5 Message Change 7
4.3.6 Message replay 7
4.3.7 malformed message 7
4.3.8 server profiling (profiling) 8
4.3.9 Session hijacking 8
4.3.10 Fraud server
4.3.11 User Credentials Leak 8
4.4 Relationship between OPCUA and Site Security 8
4.5 OPCUA security architecture 9
4.6 Security Policy 10
4.7 Safety Regulations 10
4.8 User Authorization 11
4.9 User authentication 11
4.10 Application Identification 11
4.11 OPCUA security related services 11
4.12 Audit 11
4.12.1 Overview 11
4.12.2 individual client and server 12
4.12.3 Aggregate server 12
4.12.4 Aggregation through Non-Auditing Server 13
4.12.5 Aggregate server with service distribution 14
5 Security coordination 15
5.1 OPCUA Security Mechanism for Threats
5.1.1 Overview 15
5.1.2 news flooding 15
5.1.3 eavesdropping 16
5.1.4 Message spoofing 16
5.1.5 Message Change 16
5.1.6 Message replay 16
5.1.7 malformed news 16
5.1.8 server analysis (Serverprofiling) 16
5.1.9 Session hijacking 16
5.1.10 Fraud server
5.1.11 User Credentials Leak 17
5.2 OPCUA security mechanism for implementation goals
5.2.1 Overview 17
5.2.2 Identification 17
5.2.2.1 Overview 17
5.2.2.2 Application Identification 17
5.2.2.3 User authentication 17
5.2.3 Authorization 17
5.2.4 Confidentiality 18
5.2.5 Integrity 18
5.2.6 Auditability 18
5.2.7 Availability 18
Implementing Considerations
6.1 Overview 18
6.2 Appropriate timeout 18
6.3 Strict message handling 18
6.4 Random number generation 19
6.5 specific and reserved packets 19
6.6 Rate Limits and Flow Control 19
Reference 20
Foreword
GB/T 33863 "OPC unified architecture" consists of the following components.
- Part 1. Overview and concepts;
- Part 2. Safety model;
Part 3. Address space model;
- Part 4. Services;
- Part 5. Information model;
- Part 6. Mapping;
- Part 7. Statute;
- Part 8. Data access;
- Part 9. Alarms and conditions;
- Part 10. Procedures;
- Part 11. Historical visit;
- Part 12. Discovery;
Part 13. Aggregation.
This part is part 2 of GB/T 33863.
This part is drafted in accordance with the rules given in GB/T 1.1-2009.
This part uses the translation method equivalent to IEC /T R62541-2..2010 "OPC Unified Architecture Part 2. Security Model".
This section makes the following editorial changes.
--- Delete references that are repeated with normative references.
This part is made by the China Machinery Industry Federation.
This part is headed by the National Industrial Process Measurement Control and Automation Standardization Technical Committee (SAC/TC124).
This part of the drafting unit. mechanical industry instrumentation integrated technology and economic research institute, Beijing three-dimensional force control Technology Co., Ltd., Shanghai automatic
Instrument Co., Ltd., Chongqing Sichuan Instrument Automation Co., Ltd., Southwest University, China Academy of Engineering Physics Power Department.
The main drafters of this part. Wang Linkun, Wang Chunxi, Li Yun, Ding Lu, Wang Yumin, Ding Yan, Zhang Qingjun, Yao Jie, Liu Feng, Zheng Qiuping.
Introduction
This section provides a security model for the OPC unified architecture specified in GB/T 33863. This standard is given for the development of standard interfaces
The process of analysis and design, the standard interface can be accelerated by a number of suppliers to complete the application development, and to achieve the internal operation of the seamless
connection.
OPC unified architecture - Part 2. Security model
1 Scope
This part of GB/T 33863 gives an OPC Unified Architecture (UA) safety model that describes what OPCUA expects to run
Security threats in hardware, software and software environments, and how OPCUA uses other standards for security. This section is given in the OPC
Overview of the safety features specified in the UA specification. This section refers to services that are normative in other parts of this standard
Shooting and regulation.
Note. Many other aspects of security are addressed when developing applications. Since OPCUA specifies a communication protocol, this section focuses on protection
The security of data exchange between.
This does not mean that application developers can ignore other aspects of security, such as the protection of permanent data from tampering. The developer should observe
All secure content and determine how to handle in the application.
This section is used to guide the development of OPCUA client or server applications or to implement the OPCUA service layer.
This section assumes that the reader is familiar with Web services and XML/SOAP. For information on these technologies, refer to SOAP Part 1 and
Part 2.
2 normative reference documents
The following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article
Pieces. For undated references, the latest edition (including all modifications) applies to this document.
IEC 62541 (all parts) OPC unified architecture (OPCunifiedarchitecture)
IEC /T R62541-1 OPC Unified Architecture Part 1. Overview and Concepts (OPCunifiedarchitecture-Part 1.
Overviewandconcepts)
3 terms, definitions, abbreviations and conventions
3.1 Terms and definitions
IEC /T R62541-1 and the following terms and definitions apply to this document.
3.1.1
Application instance ApplicationInstance
A separate installation of a program running on a computer.
Note. Several application instances of the same application can run on one or more computers at the same time.
3.1.2
Apply instance certificate ApplicationInstanceCertificate
A digital certificate that has been installed on a single host in a single application instance.
Note. A different installation of a software product should have a different application instance certificate.
3.1.3
Asymmetric Cryptography
Use a pair of key encryption methods. A key is designated as a private key, not public; another key is called a public key, usually
obtain.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 33863.2-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 33863.2-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 33863.2-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 33863.2-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|