1、 IEC/TR 62541-2Edition 1.0 2010-02TECHNICAL REPORT OPC Unified Architecture Part 2:Security Model IEC/TR 62541-2:2010(E)LICENSED TO MECON LIMITED-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2010 IEC,Geneva,S
2、witzerland All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either IEC or IECs member National Committee in the country
3、 of the requester.If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,please contact the address below or your local IEC member National Committee for further information.Droits de reproduction rservs.Sauf indication contraire,aucune
4、 partie de cette publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd,lectronique ou mcanique,y compris la photocopie et les microfilms,sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur.Si vous avez des questions sur le copyrig
5、ht de la CEI ou si vous dsirez obtenir des droits supplmentaires sur cette publication,utilisez les coordonnes ci-aprs ou contactez le Comit national de la CEI de votre pays de rsidence.IEC Central Office 3,rue de Varemb CH-1211 Geneva 20 Switzerland Email:inmailiec.ch Web:www.iec.ch About IEC publi
6、cations The technical content of IEC publications is kept under constant review by the IEC.Please make sure that you have the latest edition,a corrigenda or an amendment might have been published.?Catalogue of IEC publications:www.iec.ch/searchpub The IEC on-line Catalogue enables you to search by a
7、 variety of criteria(reference number,text,technical committee,).It also gives information on projects,withdrawn and replaced publications.?IEC Just Published:www.iec.ch/online_news/justpub Stay up to date on all new IEC publications.Just Published details twice a month all new publications released
8、.Available on-line and also by email.?Electropedia:www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions in English and French,with equivalent terms in additional languages.Also known as the International Electr
9、otechnical Vocabulary online.?Customer Service Centre:www.iec.ch/webstore/custserv If you wish to give us your feedback on this publication or need further assistance,please visit the Customer Service Centre FAQ or contact us:Email:csciec.ch Tel.:+41 22 919 02 11 Fax:+41 22 919 03 00 LICENSED TO MEC
10、ON LIMITED-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.IEC/TR 62541-2Edition 1.0 2010-02TECHNICAL REPORT OPC Unified Architecture Part 2:Security Model INTERNATIONAL ELECTROTECHNICAL COMMISSION VICS 25.040.40;35.100.01 PRICE CODEISBN 2-8318-1080-3 Registere
11、d trademark of the International Electrotechnical Commission LICENSED TO MECON LIMITED-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.2 TR 62541-2 IEC:2010(E)CONTENTS FOREWORD.4 INTRODUCTION.6 1 Scope.7 2 Normative references.7 3 Terms,definitions,abbreviation
12、s and conventions.7 3.1 Terms and definitions.7 3.2 Abbreviations and symbols.11 3.3 Conventions concerning security model figures.11 4 OPC UA Security architecture.11 4.1 OPC UA security environment.11 4.2 Security objectives.12 4.2.1 General.12 4.2.2 Authentication.13 4.2.3 Authorization.13 4.2.4
13、Confidentiality.13 4.2.5 Integrity.13 4.2.6 Auditability.13 4.2.7 Availability.13 4.3 Security threats to OPC UA systems.13 4.3.1 General.13 4.3.2 Message flooding.13 4.3.3 Eavesdropping.14 4.3.4 Message spoofing.14 4.3.5 Message alteration.14 4.3.6 Message replay.14 4.3.7 Malformed messages.15 4.3.
14、8 Server profiling.15 4.3.9 Session hijacking.15 4.3.10 Rogue server.15 4.3.11 Compromising user credentials.15 4.4 OPC UA relationship to site security.16 4.5 OPC UA security architecture.16 4.6 Security policies.18 4.7 Security profiles.18 4.8 User authorization.19 4.9 User authentication.19 4.10
15、Application authentication.19 4.11 OPC UA security related services.19 4.12 Auditing.20 4.12.1 General.20 4.12.2 Single client and server.21 4.12.3 Aggregating server.21 4.12.4 Aggregation through a non-auditing server.22 4.12.5 Aggregating server with service distribution.23 5 Security reconciliati
16、on.24 5.1 Reconciliation of threats with OPC UA security mechanisms.24 LICENSED TO MECON LIMITED-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.TR 62541-2 IEC:2010(E)3 5.1.1 General.24 5.1.2 Message flooding.24 5.1.3 Eavesdropping.25 5.1.4 Message spoofing.25 5.1.5 Message alteration.25 5.1.6 Message replay.25 5.1.7 Malformed messages.26 5.1.8 Server profiling.26 5.1.9 Session hijacking.26 5.1.10 Rogue server.26 5.1.11 Compromising user credentials.26 5.2
