Search

CN-121980557-A - PLC implementation method, device and medium based on microkernel secure operating system

CN121980557ACN 121980557 ACN121980557 ACN 121980557ACN-121980557-A

Abstract

The embodiment of the specification discloses a PLC (programmable logic controller) implementation method, equipment and medium based on a microkernel safe operating system, and relates to the technical field of industrial control, wherein the method comprises the steps of receiving an initial PLC program file from a client through a back-end service running in a microkernel user mode, and converting the initial PLC program file into a target program compatible with the microkernel operating system; the method comprises the steps of linking a target program with components of a microkernel operating system to generate a system image file, scheduling logic of the execution target program in a cyclic scanning mode through a kernel mode scheduler, creating a dedicated capacity space for an update PLC program corresponding to a program update request, mapping the update PLC program to a protected memory area controlled by the capacity space, verifying the validity of a control flow pointing to an entry point of the update PLC program before executing jump, and switching program execution control rights from a current program to the update PLC program through a next scheduling period boundary of the kernel mode scheduler.

Inventors

  • GAO FENG
  • LUO QINGCAI
  • ZHAO YIFEI
  • QI GUANGPENG
  • SHANG GUANGYONG

Assignees

  • 浪潮云洲工业互联网有限公司

Dates

Publication Date
20260505
Application Date
20251224

Claims (10)

  1. 1. The PLC implementation method based on the microkernel secure operating system is characterized by comprising the following steps: receiving an initial PLC program file from a client through a back-end service running in a microkernel user mode, and converting the initial PLC program file into a target program compatible with the microkernel operating system; Linking the target program with a component of a microkernel operating system to generate a system image file, and scheduling logic for executing the target program in a cyclic scanning mode through a kernel mode scheduler after the system image file is started, wherein the component of the microkernel operating system comprises the kernel mode scheduler; Responding to a program update request, creating a dedicated capacity space for an update PLC program corresponding to the program update request, mapping the update PLC program to a protected memory area controlled by the capacity space, and executing authority verification by a microkernel in the mapping process; Before executing the jump, verifying the validity of the control flow pointing to the entry point of the updated PLC program, and after the verification is passed, switching the program execution control right from the current program to the updated PLC program at the boundary of the next scheduling period of the kernel-mode scheduler.
  2. 2. The method for implementing PLC based on microkernel secure operating system according to claim 1, wherein the receiving initial PLC program file from the client through the back-end service running in microkernel user mode specifically comprises: Starting CPython interpreters integrated in processes of the microkernel through a back-end service running in a microkernel user mode so as to analyze and execute Python script logic; calling a callback function of the lightweight TFTP server through the Python script logic, and starting a designated network port to monitor a connection request from a client; receiving a fixed-size data block which is transmitted by a client and numbered in sequence through a writing callback function of the TFTP server; sequentially checking the received data blocks according to the serial numbers of the data blocks, and reorganizing the checked data blocks into a complete initial PLC program file; And calling a file system interface, and storing the recombined initial PLC program file to the appointed directory path of the embedded multimedia card.
  3. 3. The PLC implementation method based on the microkernel secure operating system according to claim 1, wherein the converting the initial PLC program file into the target program compatible with the microkernel operating system specifically includes: reading the initial PLC program file, and converting the initial PLC program file into a C language program file through a preset conversion tool; And calling a cross compiler to compile the C language program file into the target program capable of running in the user mode of the microkernel operating system.
  4. 4. The PLC implementation method based on the microkernel secure operating system according to claim 1, wherein the linking the target program with a component of the microkernel operating system to generate a system image file specifically includes: Splitting the PLC runtime into a kernel mode scheduler and a user mode logic executor, compiling the kernel mode scheduler into kernel threads of microkernels by using a cross compiler, and generating kernel executable files; Determining the target program as a user state logic executor, and linking the user state logic executor with other user state components of the microkernel operating system through a user state linking script to generate a user state loader; Packaging the kernel executable file, the equipment tree file and the user mode loader through an archiving tool to generate an archiving file; And linking the archive file by using a kernel linking script to generate a boot loader, and processing the boot loader by using an object replication tool to generate the system image file.
  5. 5. The PLC implemented method based on a microkernel secure operating system of claim 1, wherein after the step of scheduling execution of the logic of the target program in a circular scan manner by the kernel mode scheduler, the method further comprises: According to a plurality of preset industrial protocol types, respectively constructing independent user state processes for protocol services corresponding to each industrial protocol type, distributing unique identifiers for each user state process through a micro-kernel capability space, and constructing mutually isolated protection domains according to the unique identifiers; In each scanning period of the kernel mode scheduler, according to a request message sent by a source protocol protection domain through an interprocess communication gateway, carrying out verification processing on a message format and content; According to the verified information, carrying out information route conversion processing to obtain an identifiable information format of the target protocol protection domain, and sending the converted information to the target protocol protection domain; Performing abnormality diagnosis processing according to the protocol process running state data periodically collected by the monitoring module, and generating a fault signal when a specified protocol protection domain is diagnosed to be faulty; and calling a microkernel thread suspension function according to the fault signal to suspend the fault protection domain corresponding to the designated protocol protection domain.
  6. 6. The method for implementing PLC based on microkernel secure operating system according to claim 1, wherein creating a dedicated capability space for the updated PLC program corresponding to the program update request to map the updated PLC program to the protected memory area controlled by the capability space, specifically comprises: Calling a capacity node creation function, creating an independent capacity space container for the updated PLC program, calling an untyped memory conversion function, and distributing a physical memory page for the updated PLC program from a system memory pool; loading the binary code of the updated PLC program stored in the embedded multimedia card to the allocated physical memory page; and calling a memory page mapping function to map the physical memory page containing the binary code of the updated PLC program to an address space controlled by the capacity space container.
  7. 7. The PLC implementation method based on the microkernel secure operating system according to claim 1, wherein the authority verification is performed by the microkernel in the mapping process, specifically comprising: When executing the memory page mapping function, the microkernel checks the authority bitmap of the capacity space container requesting mapping, and verifies whether the mapping authority of the target address space is possessed; checking, by the micro-kernel, a range of the target address space to determine that the mapping operation is within an authorized address boundary; Performing, by the microkernel, mapping conflict detection to determine that the target address space is not occupied by other programs; and when any check fails, terminating the mapping operation and generating a permission error signal.
  8. 8. The method for implementing PLC based on microkernel secure operating system according to claim 1, wherein verifying the legitimacy of the control flow directed to the updated PLC program entry point comprises: extracting an entry point function pointer from the header information of the updated PLC program; Calling a capability node checking function, and carrying out matching check on the entry point function pointer and an effective capability item in the current thread capability space; if the entry point function pointer is located in the authorized memory capacity range, generating a verification passing signal, and allowing the subsequent control right switching to be executed; and if the matching verification fails, generating a capacity fault signal and triggering a safety exception handling flow.
  9. 9. A PLC implemented device based on a microkernel secure operating system, the device comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
  10. 10. A non-transitory computer storage medium storing computer-executable instructions configured to perform the method recited in any one of claims 1-8.

Description

PLC implementation method, device and medium based on microkernel secure operating system Technical Field The present disclosure relates to the field of industrial control technologies, and in particular, to a method, an apparatus, and a medium for implementing a PLC based on a microkernel secure operating system. Background Programmable Logic Controllers (PLCs) have been widely used in the fields of intelligent manufacturing, energy management, and the like as core control devices for industrial automation systems. Currently, most of the mainstream PLC systems are built based on the operating system of the macro kernel architecture. Under the architecture, a plurality of functional modules such as network service, file management, application service and the like and a system kernel operate together in the same privilege level address space. This highly integrated design results in systems that are exposed to inherent flaws in the face of increasingly severe industrial network security threats, and once one of the service modules is breached, an attacker may gain kernel-level authority, compromising the overall control system, making effective fault isolation and security difficult. To improve system security, industry is exploring the adoption of microkernel secure operating systems. The system minimizes the kernel function, only retains the core services such as the most basic process scheduling, memory management and the like, and moves other system services to user mode operation, thereby realizing the isolation of the core kernel and the services. However, existing microkernel-based PLC implementations are still not perfect. Firstly, a unified and efficient communication mechanism is lacking between a visual management interface of a user mode and control logic of a bottom layer, so that real-time performance and user experience of remote monitoring and management are poor. Secondly, in terms of program updating, the existing scheme often needs to restart the whole controller or replace a complete system image, and on-line updating and replacing of the PLC program cannot be realized on the premise of ensuring continuous operation of the system, so that the requirement of a high-availability industrial field is difficult to meet. In addition, the traditional PLC program development follows IEC 61131-3 and other standards, and how to integrate the traditional PLC program into a micro-kernel architecture efficiently on the premise of not sacrificing standardized compatibility and operation efficiency is also a problem to be solved. In summary, in the prior art, in the process of constructing the high-security and high-availability programmable logic controller based on the micro-kernel architecture, dynamic online loading and verification cannot be performed on the premise of not interrupting the kernel and other services during operation, and the problems of insufficient system flexibility and difficult updating and maintenance exist, so that the compatibility requirement on high security and high continuous operation in a complex and changeable industrial internet environment is difficult to meet. Disclosure of Invention One or more embodiments of the present disclosure provide a method, an apparatus, and a medium for implementing a PLC based on a microkernel secure operating system, which are used to solve the technical problems that in the prior art, in the process of constructing a high-security and high-availability programmable logic controller based on a microkernel architecture, dynamic online loading and verification cannot be performed without interrupting a kernel and other services during operation, and problems of insufficient system flexibility and difficult update and maintenance exist, so that it is difficult to satisfy compatibility requirements for high security and high continuous operation in a complex and variable industrial internet environment. One or more embodiments of the present disclosure adopt the following technical solutions: One or more embodiments of the present disclosure provide a method for implementing a PLC based on a microkernel secure operating system, where the method includes receiving an initial PLC program file from a client through a back-end service running in a microkernel user state, converting the initial PLC program file into a target program compatible with the microkernel operating system, linking the target program with a component of the microkernel operating system to generate a system image file, after starting the system image file, scheduling execution of the target program by the kernel state scheduler in a circular scanning manner, where the component of the microkernel operating system includes a kernel state scheduler, creating a dedicated capacity space for an update PLC program corresponding to the program update request in response to the program update request, performing authority verification by the microkernel in a mapping process, ver