基于事件注入的安全性评测方法的研究与实现
摘要
随着网络技术的发展和普及,计算机系统的安全性越来越受到人们的关注。由于计算机系统存在多种安全性缺陷,所以在计算机系统的设计和开发过程中,如何测试系统的安全性,是开发可信计算机系统各个阶段中的重要任务。
本文研究基于事件注入的系统安全性评测方法,对计算机系统面临的各种安全性事件的特点进行分析,抽象出基本的共同点,建立事件模型。
针对系统安全性提出了三个评测模型:基于概率树的评测模型、安全度模型和基于排队论的评测模型。三个评测模型给出的评价指标,相互独立。
通过对现有事件注入技术以及注入算法的研究和分析,在此基础上,给出了安全性评测工具的系统架构,详细描述了架构中各种模块的功能,继而给出了控制模块、心跳检测模块、结果回收模块、事件注入模块等的详细设计,并且按照详细设计方案实现这些模块。在设计心跳检测模块时,提出了贝叶斯分类器的设计思想,该分类器根据心跳信息样本成功辨别了目标机所处状态;接收心跳信息的超时时间应该是自适应的,要考虑数据包往返时间、系统忙闲等要素,自动进行调整,因此本文设计了自适应超时算法。
然后,本文介绍了事件并发注入机制,并给出了多线程并发注入的设计。为了降低数据包丢包的概率,设计并实现了支持多线程并发的缓冲区管理模块。
最后,利用实现的安全性评测工具,对计算机系统进行了实验,注入完成后,进行结果回收,根据前面的评价方法,给出了各种指标的定量数据。通过成功的实验验证了本工具的正确性和实用性。
With the development of networks, security of computer systems becomes more and more important. Because there is a wide range of security defects, how to test security of the system becomes an important task through all stages of developing dependable computer systems.
In this paper, a method of security evaluation is proposed, which is based on event injection. By analyzing the characteristics of events which threat security of computer systems and abstracting the basic common ground, the event model is established.
In this paper, three evaluating models are proposed: evaluating model based on probability tree, degree of security model and evaluating model based on queuing theory. These three models give evaluating measures which are mutually independent and have significance respectively.
After studying and analyzing the algorithms of event injection, the architecture of security evaluating tool is presented. Subsequently, the detail design of controller module, heartbeat detection module, result recycling module and event injection module are discussed and implemented. Particularly, in heartbeat module, in order to take advantage of statistical methods to identify the status of target system, a Bayesian classifier are put forward, which successfully identify the status by analysis heartbeat packets. An algorithm of adaptive timer is proposed which can dynamically adjust itself according to circumstances.
Then, the mechanism of concurrent injections is discussed; subsequently, a data-structure is presented which supports concurrency. In order to reduce the probability of packet loss, a buffer module is designed and implemented, which also can support mechanism of concurrency.
Finally, some experiments are carried out by the implemented tool. When injection is completed, the results are collected. According to the proposed evaluating measures, the tool presents the final evaluating results of a experimental object system. Through these experiments, the correctness and practicality of the tool are proved.
本文研究基于事件注入的系统安全性评测方法,对计算机系统面临的各种安全性事件的特点进行分析,抽象出基本的共同点,建立事件模型。
针对系统安全性提出了三个评测模型:基于概率树的评测模型、安全度模型和基于排队论的评测模型。三个评测模型给出的评价指标,相互独立。
通过对现有事件注入技术以及注入算法的研究和分析,在此基础上,给出了安全性评测工具的系统架构,详细描述了架构中各种模块的功能,继而给出了控制模块、心跳检测模块、结果回收模块、事件注入模块等的详细设计,并且按照详细设计方案实现这些模块。在设计心跳检测模块时,提出了贝叶斯分类器的设计思想,该分类器根据心跳信息样本成功辨别了目标机所处状态;接收心跳信息的超时时间应该是自适应的,要考虑数据包往返时间、系统忙闲等要素,自动进行调整,因此本文设计了自适应超时算法。
然后,本文介绍了事件并发注入机制,并给出了多线程并发注入的设计。为了降低数据包丢包的概率,设计并实现了支持多线程并发的缓冲区管理模块。
最后,利用实现的安全性评测工具,对计算机系统进行了实验,注入完成后,进行结果回收,根据前面的评价方法,给出了各种指标的定量数据。通过成功的实验验证了本工具的正确性和实用性。
With the development of networks, security of computer systems becomes more and more important. Because there is a wide range of security defects, how to test security of the system becomes an important task through all stages of developing dependable computer systems.
In this paper, a method of security evaluation is proposed, which is based on event injection. By analyzing the characteristics of events which threat security of computer systems and abstracting the basic common ground, the event model is established.
In this paper, three evaluating models are proposed: evaluating model based on probability tree, degree of security model and evaluating model based on queuing theory. These three models give evaluating measures which are mutually independent and have significance respectively.
After studying and analyzing the algorithms of event injection, the architecture of security evaluating tool is presented. Subsequently, the detail design of controller module, heartbeat detection module, result recycling module and event injection module are discussed and implemented. Particularly, in heartbeat module, in order to take advantage of statistical methods to identify the status of target system, a Bayesian classifier are put forward, which successfully identify the status by analysis heartbeat packets. An algorithm of adaptive timer is proposed which can dynamically adjust itself according to circumstances.
Then, the mechanism of concurrent injections is discussed; subsequently, a data-structure is presented which supports concurrency. In order to reduce the probability of packet loss, a buffer module is designed and implemented, which also can support mechanism of concurrency.
Finally, some experiments are carried out by the implemented tool. When injection is completed, the results are collected. According to the proposed evaluating measures, the tool presents the final evaluating results of a experimental object system. Through these experiments, the correctness and practicality of the tool are proved.
引文
1. Algirdas Avizienis, Jean-Claude Lapric, Brian Randell, Carl Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans on Dependable and Secure Computing Vol1. 2004:2-32
2. Aviaiienis A, Laprie J C, Rondell B. Foundational Concepts of Computer System Dependability. IARP/IEEE-RAS Workshop on Robot Dependability Technological Challenge of Dependable Robots Environment, Seoul Korea. May 2004:21-22
3. Fotios Harmantzis and Manu MaleK. Security risk analysis and evaluation. IEEE Communication Society. 2004: 2-5
4.谭佳基于事件注入的可信评测工具的研究与实现。July 7, 2007
5.诸葛建伟,叶志远,邹维.攻击技术分类研究. H计算机工程H. 2005, 31(21):121-123
6. Michael Attig, John W. Lockwood, A Framework for Rule Processing in Reconfigurable Network Systems, In Proceedings of: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, CA, April 2005:18-20
7. Jean Arlat, Alain Costes, Yves Crouzet. Fault Injection and Dependability Evaluation of Fault-Tolerant Systems. IEEE transaction on computer. 2004: 2-11
8. Salvatore Distefano, Antonio Puliafito. Dependability Evaluation with Dynamic Reliability Block Diagrams and Dynamic Fault Trees. IEEE transaction on dependable and security computing. 2009: 2-16
9.李晓红.概率树在全概率公式中的应用.高等数学研究. 2008
10. Jiwen Guan, David A.Bell, Aayou Liu. Intelligent Data Mining: Tools and Application, Volume1. 2005: 214-232
11. Erland Jonsson, Tomas Olovsson. A quantitative Model of the security Intrusion Process Based on Attack Behavior. IEEE transaction on software engineering. 1997
12.刘芳,戴葵,王志英,吴丹.基于概率统计的系统安全性定量评估技术.计算机工程. 2004
13. Yang Yu. A Perspective on the State of Research on Fault Injection Techniques.Research Report. 2003:5
14.周立兵,柳景超. DDos攻击原理与防范方法.计算机与数字工程. 2007, 35(5):113-115
15.刘成光.基于木马的网络攻击技术研究.西北工业大学,硕士论文. 2004:12-15
16.王传林,过雪东.防火墙抗SYN Flood攻击技术研究与实现.计算机安全. 2007, (5):10-13
17.童永清.口令攻击与防范.计算机安全. 2004, (1):66-67
18.池瑞楠. Windows缓冲区溢出的深入研究.电脑编程技巧与维护. 2006,(9):79-81
19.闫伯儒,方滨兴,李斌,王圭. DNS欺骗攻击的检测与防范.计算机工程. 2006
20.董剑,左德承,刘宏伟,杨孝宗.一种基于QoS的自适应网格失效检测器.软件学报. 2006:2-8
21. Naohiro Hayashibara, Xavier Defago, Rami Yared. TheφAccrual Failure Detector. IS-RR. 2004:2-15
22. W.Richard Stevens著. TCP/IP详解, Vol1.机械工业出版社. 2007:15-268
23. Roger S. Pressman. Software Engineering: A Practitioner’s approach. (Sixth Edition). R.S. Pressman & Associates, 2004:461-499
24.程杰编著.大话设计模式.清华大学出版社. 2007: 45-200
25.徐云,周安民,王炜.一种缓冲溢出攻击的通用模型研究.微计算机信息. 2008: 1-3
26. Laprie.J.C. Dependable Computing: Concepts, Challenges, Directions. Computer Software and Applications Conference. Proceedings of the 28th Annual International, Toulouse, France. 2004:242
27. Jeffrey M. Voas, K. Miller. Improving Software Reliability by Estimating the Fault Hiding Ability of a Program Before It Is Written. In Proceedings of the 9th Software Reliability Symposium, Denver Section of the IEEE Reliability Society, Colorado Springs, USA. May 2004: 11-14
28. Spyros T.Halkidis, Nikolaos Tsantalis. Architectural Risk Analysis of Software Systems Based on Security Patterns. 2007:1-13
29. Terrence Champion, Skaion Corporation. A Benchmark Evaluation of Network Intrusion Detection Systems. IEEE. 2003: 2-6
30. xiao-weinie, deng-guo feng, jian-jun che. Design and Implementation of Security Operating Systems Based on Trusted Computing. Proceedings of the Fifth International Conference on Machine Learning and Cybernetics. 2006: 2-4
31. David M. Nicol, Willian H. Sanders, Kishor S. Trivedi. Model-Based Evaluation: From Dependability to Security. IEEE transaction on dependable and secure computing. 2004: 3-17
32.闵应骅.前进中的可信计算.中国传媒科技. 2005:50-52
33. U.S.Department of Defense. Trusted Computer Systems Evaluation Criteria. DoD 5200.28-STD. August 2003:1-10
34. Anderson R.J. Cryptography and Competition Policy Issues with Trusted Computing. Proceedings of the PODC’03, Boston, Massachusetts. 2003: 13-16
35. Felten E. W. Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? IEEE Security & Privacy Magazine. 2003, 1 (3):60-62
36. TCG. PC Specific, Implementation Specification version 1.1[EB/OL]. 2003: 4-5
37. Yang Yu. A Perspective on the State of Research on Fault Injection Techniques. Research Report. 2003:5
38. Maia.R., Henriques.L, Costa.D, Madeira.H. Xception-Enhanced Automated Fault-Injection Environment. HDependable Systems and Networks International Conference, WashingtonDC. USA H.2004:547
39. Peter Mell, Vincent Hu, Richard Lippmann, Josh Haines, Marc Zissman. An Overview of Issues in Testing Intrusion Detection Systems. Lincoln Laboratory, 2003:13-24
40. NSS IDS Test Group. The 100Mbps Intrusion Detection System Group Test Report (Edition4). 2003:8-10
41. D.T. Stott, Benjamin Floering. NFTAPE: A framework for Assessing Dependability in Distributed Systems with Lightweight Fault Injectors. In Proceedings of the IEEE International Computer Performance and Dependability Symposium. Chicago USA.IEEE computer society, March 2006: 91-100
42. Linux上软件实现的故障注入方案及其实现。August 27,2007
43.王传林,过雪东.防火墙抗SYN Flood攻击技术研究与实现.计算机安全. 2007, (5):10-13
44.周立兵,柳景超. DDos攻击原理与防范方法.计算机与数字工程. 2007, 35(5):113-115
45.高阳,罗军丹.基于灰色关联决策算法的信息安全风险评估方法.东南大学学报. 2009:2-5
46.李娜.可信计算与内网安全.中国电子学报. 2005:1-3
47.林闯,彭雪海.可信网络研究.计算机学报. 2008: 1-8
48.高飞,张洪钺.带马尔科夫参数的容错控制系统中系统噪声与故障诊断检测延迟时间的关系.航天控制. 2004: 2-3
49.尚凤军.网络瓶颈链路流量和时延关系研究.仪器仪表学报. 2006
50.罗宇翔,梁洪亮. FreeBSD的地址空间随机化.计算机应用与软件.2008
51.赵东梅.信息安全风险评估量化方法研究.西安电子科技大学. 2007
2. Aviaiienis A, Laprie J C, Rondell B. Foundational Concepts of Computer System Dependability. IARP/IEEE-RAS Workshop on Robot Dependability Technological Challenge of Dependable Robots Environment, Seoul Korea. May 2004:21-22
3. Fotios Harmantzis and Manu MaleK. Security risk analysis and evaluation. IEEE Communication Society. 2004: 2-5
4.谭佳基于事件注入的可信评测工具的研究与实现。July 7, 2007
5.诸葛建伟,叶志远,邹维.攻击技术分类研究. H计算机工程H. 2005, 31(21):121-123
6. Michael Attig, John W. Lockwood, A Framework for Rule Processing in Reconfigurable Network Systems, In Proceedings of: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, CA, April 2005:18-20
7. Jean Arlat, Alain Costes, Yves Crouzet. Fault Injection and Dependability Evaluation of Fault-Tolerant Systems. IEEE transaction on computer. 2004: 2-11
8. Salvatore Distefano, Antonio Puliafito. Dependability Evaluation with Dynamic Reliability Block Diagrams and Dynamic Fault Trees. IEEE transaction on dependable and security computing. 2009: 2-16
9.李晓红.概率树在全概率公式中的应用.高等数学研究. 2008
10. Jiwen Guan, David A.Bell, Aayou Liu. Intelligent Data Mining: Tools and Application, Volume1. 2005: 214-232
11. Erland Jonsson, Tomas Olovsson. A quantitative Model of the security Intrusion Process Based on Attack Behavior. IEEE transaction on software engineering. 1997
12.刘芳,戴葵,王志英,吴丹.基于概率统计的系统安全性定量评估技术.计算机工程. 2004
13. Yang Yu. A Perspective on the State of Research on Fault Injection Techniques.Research Report. 2003:5
14.周立兵,柳景超. DDos攻击原理与防范方法.计算机与数字工程. 2007, 35(5):113-115
15.刘成光.基于木马的网络攻击技术研究.西北工业大学,硕士论文. 2004:12-15
16.王传林,过雪东.防火墙抗SYN Flood攻击技术研究与实现.计算机安全. 2007, (5):10-13
17.童永清.口令攻击与防范.计算机安全. 2004, (1):66-67
18.池瑞楠. Windows缓冲区溢出的深入研究.电脑编程技巧与维护. 2006,(9):79-81
19.闫伯儒,方滨兴,李斌,王圭. DNS欺骗攻击的检测与防范.计算机工程. 2006
20.董剑,左德承,刘宏伟,杨孝宗.一种基于QoS的自适应网格失效检测器.软件学报. 2006:2-8
21. Naohiro Hayashibara, Xavier Defago, Rami Yared. TheφAccrual Failure Detector. IS-RR. 2004:2-15
22. W.Richard Stevens著. TCP/IP详解, Vol1.机械工业出版社. 2007:15-268
23. Roger S. Pressman. Software Engineering: A Practitioner’s approach. (Sixth Edition). R.S. Pressman & Associates, 2004:461-499
24.程杰编著.大话设计模式.清华大学出版社. 2007: 45-200
25.徐云,周安民,王炜.一种缓冲溢出攻击的通用模型研究.微计算机信息. 2008: 1-3
26. Laprie.J.C. Dependable Computing: Concepts, Challenges, Directions. Computer Software and Applications Conference. Proceedings of the 28th Annual International, Toulouse, France. 2004:242
27. Jeffrey M. Voas, K. Miller. Improving Software Reliability by Estimating the Fault Hiding Ability of a Program Before It Is Written. In Proceedings of the 9th Software Reliability Symposium, Denver Section of the IEEE Reliability Society, Colorado Springs, USA. May 2004: 11-14
28. Spyros T.Halkidis, Nikolaos Tsantalis. Architectural Risk Analysis of Software Systems Based on Security Patterns. 2007:1-13
29. Terrence Champion, Skaion Corporation. A Benchmark Evaluation of Network Intrusion Detection Systems. IEEE. 2003: 2-6
30. xiao-weinie, deng-guo feng, jian-jun che. Design and Implementation of Security Operating Systems Based on Trusted Computing. Proceedings of the Fifth International Conference on Machine Learning and Cybernetics. 2006: 2-4
31. David M. Nicol, Willian H. Sanders, Kishor S. Trivedi. Model-Based Evaluation: From Dependability to Security. IEEE transaction on dependable and secure computing. 2004: 3-17
32.闵应骅.前进中的可信计算.中国传媒科技. 2005:50-52
33. U.S.Department of Defense. Trusted Computer Systems Evaluation Criteria. DoD 5200.28-STD. August 2003:1-10
34. Anderson R.J. Cryptography and Competition Policy Issues with Trusted Computing. Proceedings of the PODC’03, Boston, Massachusetts. 2003: 13-16
35. Felten E. W. Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? IEEE Security & Privacy Magazine. 2003, 1 (3):60-62
36. TCG. PC Specific, Implementation Specification version 1.1[EB/OL]. 2003: 4-5
37. Yang Yu. A Perspective on the State of Research on Fault Injection Techniques. Research Report. 2003:5
38. Maia.R., Henriques.L, Costa.D, Madeira.H. Xception-Enhanced Automated Fault-Injection Environment. HDependable Systems and Networks International Conference, WashingtonDC. USA H.2004:547
39. Peter Mell, Vincent Hu, Richard Lippmann, Josh Haines, Marc Zissman. An Overview of Issues in Testing Intrusion Detection Systems. Lincoln Laboratory, 2003:13-24
40. NSS IDS Test Group. The 100Mbps Intrusion Detection System Group Test Report (Edition4). 2003:8-10
41. D.T. Stott, Benjamin Floering. NFTAPE: A framework for Assessing Dependability in Distributed Systems with Lightweight Fault Injectors. In Proceedings of the IEEE International Computer Performance and Dependability Symposium. Chicago USA.IEEE computer society, March 2006: 91-100
42. Linux上软件实现的故障注入方案及其实现。August 27,2007
43.王传林,过雪东.防火墙抗SYN Flood攻击技术研究与实现.计算机安全. 2007, (5):10-13
44.周立兵,柳景超. DDos攻击原理与防范方法.计算机与数字工程. 2007, 35(5):113-115
45.高阳,罗军丹.基于灰色关联决策算法的信息安全风险评估方法.东南大学学报. 2009:2-5
46.李娜.可信计算与内网安全.中国电子学报. 2005:1-3
47.林闯,彭雪海.可信网络研究.计算机学报. 2008: 1-8
48.高飞,张洪钺.带马尔科夫参数的容错控制系统中系统噪声与故障诊断检测延迟时间的关系.航天控制. 2004: 2-3
49.尚凤军.网络瓶颈链路流量和时延关系研究.仪器仪表学报. 2006
50.罗宇翔,梁洪亮. FreeBSD的地址空间随机化.计算机应用与软件.2008
51.赵东梅.信息安全风险评估量化方法研究.西安电子科技大学. 2007