网络入侵容忍的理论及应用技术研究
|
摘要
入侵容忍是一门融合密码技术和容错技术的新兴网络安全技术,其关注的不是如何检测或防御入侵,而是考虑系统在已经遭到入侵的情况下,如何有效的屏蔽或遏制入侵行为。入侵容忍技术可以使被入侵的系统继续保证其数据的机密性、完整性,以及对外服务的可用性,其被称作是网络系统的最后一道防线。
虽然国内外学者已经对入侵容忍的有关理论和技术进行了大量研究,但入侵容忍毕竟是一种新兴的网络安全技术,其仍然存在许多尚未解决的问题。本文对入侵容忍系统的建模、性能分析、秘密共享方案以及设计方法等几个方面进行了研究,主要研究成果及创新性工作如下:
(1)通过对入侵容忍系统的运行状态和状态转移特性的归纳分析,提出了一种基于Petri net的分布式入侵容忍系统定性模型,给出了模型对入侵容忍系统的详细描述过程,并分析了其与现有定性模型相比在描述广度和深度上所具有的优势。在此基础上,进一步利用博弈论的有关知识,提出了一种入侵容忍系统的定量分析模型,建立起了入侵容忍系统和入侵者博弈双方的收益函数,并在求取双方最优策略的基础上得到了该博弈系统的纳什均衡。
(2)从安全性、安全态势、资源代价等3个方面对入侵容忍系统的性能进行了分析。首先通过对入侵容忍系统安全性的多侧面定义,以及入侵过程的细化分解,提出了一种比现有方法描述更全面、操作更可行的安全性计算方法;在此基础上,通过构建数据机密度、数据完整度、服务可用度3个评估指标,提出了一种可以动态、实时分析入侵容忍系统安全性的态势评估方法;最后,从成本代价的角度,对入侵容忍系统的资源代价进行了定量分析,给出了入侵容忍系统中持续代价和响应代价的概念,并通过仿真分析了降低资源代价的一些方法和注意事项。
(3)针对入侵容忍中现有秘密共享方案的应用局限性,对秘密共享中的访问结构进行了研究。首先借鉴现有(t,n)门限秘密共享方案以及集合论的有关知识,设计了一种既能满足(t,n)门限要求又能满足攻击结构要求的秘密共享方案,该方案能够直接针对门限和攻击结构的要求来分发共享秘密的子份额;然后通过进一步将攻击结构的概念引入现有(t,n)门限方案中,提出了一种可以应用于一般访问结构上的动态先应式秘密共享方案,该方案在更新子份额的同时可以改变秘密共享的访问结构;最后,通过将一般访问结构上的秘密共享方案与(t,n)门限签名方案相结合,提出了一种一般访问结构上的门限签名方案,该方案比现有基于(t,n)结构的门限签名方案具有更广的应用范围。
(4)在对入侵容忍系统的资源和控制两个属性进行分析的基础上,设计了
一种基于神经网络的入侵容忍系统,给出了系统在不同运行状态下的相应安全机制以及整个系统的工作流程。在此基础上,通过将访问控制技术应用于入侵容忍系统的设计中,提出了一种可操作性更强的、基于信任访问控制的入侵容忍系统,并对该系统的入侵容忍机制进行了详细分析。
最后总结了本文的主要工作,并指出了本文的不足之处和值得进一步研究的问题。
Intrusion tolerance is a rising network security technology which combines the cryptography and the fault tolerance. The concern of intrusion tolerance is not how to detect or prevent intrusion, but how to mask or restrain intrusion. Its goal is to continue to guarantee the confidentiality and integrality of data as well as the usability of service when the network system has been intruded.
There are many unresolved problems in intrusion tolerance although the corresponding theory and technology have been studied extensively by the domestic and foreign academia. In this dissertation, the modeling, analysis of performance, scheme of secret sharing, and design method of the intrusion tolerant system are studied. The main contributions are listed as follows:
(1) A model of distributed intrusion tolerant system based on Petri net is proposed through summarizing and analyzing the work states and the state transition property of intrusion tolerant system. The detailed description process of the model to the intrusion tolerant system is given, and the advantages of the model on description performance compared to other existing models are analyzed. On this basis, a quantitative model of intrusion tolerant system is proposed through utilizing the knowledge of game theory. The income functions of the intrusion tolerant system and the intruder are designed, and the Nash equilibrium of the game system is achieved through analyzing the optimum strategies of the two game sides.
(2) The performance of intrusion tolerant system is analyzed from three aspects: security, security situation, and resource cost. First, a more comprehensive and more feasible computational method of security for intrusion tolerant system is proposed through the multi-dimensional definition for security and the decomposition for intrusion. Then, a method which can evaluate the security of intrusion tolerant system dynamically and timely is proposed through designing the three evaluation indexes: the confidentiality of data, the integrality of data, and the usability of service. Lastly, the resource cost of intrusion tolerance is quantified. The concepts of continuance cost and response cost in intrusion tolerant system are proposed, and some methods and notes of reducing the resource cost are analyzed through simulation.
(3) The access structure of secret sharing in intrusion tolerance is studied. First, a secret shaing scheme which can meet the requirements of both the (t, n) threshold and the adversary structure is proposed basing on the existing (t, n) threshold schemes and the knowledge of set theory. The scheme can distribute the shadows of shared secret according to the requirements of threshold and adversary structure directly. Then, a dynamic proactive secret sharing scheme which can be applied to general access structure is proposed through introducing the concept of adversary structure in the existing (t, n) threshold scheme. The scheme can change its access structure dynamically when its shadows are renewed. Lastly, a threshold signature scheme based on the general access structure is proposed through combining the secret sharing scheme based on the general access structure and the (t, n) threshold signature scheme. The applied range of the scheme is wider compared to the existing (t, n) threshold signature schemes.
(4) An intrusion tolerant system based on neural networks is proposed through analyzing the two attributes of resource and control. The corresponding security mechanisms on different work states and the work process of the system are given. On this basis, a more feasible intrusion tolerant system based on trust-based access control is proposed through applying the access control to the design of intrusion tolerant system, and the intrusion tolerant performance of the system is analyzed in detail.
Finally, the main contributions of this dissertation are summarized, and the shortcomings and future work are pointed out.
虽然国内外学者已经对入侵容忍的有关理论和技术进行了大量研究,但入侵容忍毕竟是一种新兴的网络安全技术,其仍然存在许多尚未解决的问题。本文对入侵容忍系统的建模、性能分析、秘密共享方案以及设计方法等几个方面进行了研究,主要研究成果及创新性工作如下:
(1)通过对入侵容忍系统的运行状态和状态转移特性的归纳分析,提出了一种基于Petri net的分布式入侵容忍系统定性模型,给出了模型对入侵容忍系统的详细描述过程,并分析了其与现有定性模型相比在描述广度和深度上所具有的优势。在此基础上,进一步利用博弈论的有关知识,提出了一种入侵容忍系统的定量分析模型,建立起了入侵容忍系统和入侵者博弈双方的收益函数,并在求取双方最优策略的基础上得到了该博弈系统的纳什均衡。
(2)从安全性、安全态势、资源代价等3个方面对入侵容忍系统的性能进行了分析。首先通过对入侵容忍系统安全性的多侧面定义,以及入侵过程的细化分解,提出了一种比现有方法描述更全面、操作更可行的安全性计算方法;在此基础上,通过构建数据机密度、数据完整度、服务可用度3个评估指标,提出了一种可以动态、实时分析入侵容忍系统安全性的态势评估方法;最后,从成本代价的角度,对入侵容忍系统的资源代价进行了定量分析,给出了入侵容忍系统中持续代价和响应代价的概念,并通过仿真分析了降低资源代价的一些方法和注意事项。
(3)针对入侵容忍中现有秘密共享方案的应用局限性,对秘密共享中的访问结构进行了研究。首先借鉴现有(t,n)门限秘密共享方案以及集合论的有关知识,设计了一种既能满足(t,n)门限要求又能满足攻击结构要求的秘密共享方案,该方案能够直接针对门限和攻击结构的要求来分发共享秘密的子份额;然后通过进一步将攻击结构的概念引入现有(t,n)门限方案中,提出了一种可以应用于一般访问结构上的动态先应式秘密共享方案,该方案在更新子份额的同时可以改变秘密共享的访问结构;最后,通过将一般访问结构上的秘密共享方案与(t,n)门限签名方案相结合,提出了一种一般访问结构上的门限签名方案,该方案比现有基于(t,n)结构的门限签名方案具有更广的应用范围。
(4)在对入侵容忍系统的资源和控制两个属性进行分析的基础上,设计了
一种基于神经网络的入侵容忍系统,给出了系统在不同运行状态下的相应安全机制以及整个系统的工作流程。在此基础上,通过将访问控制技术应用于入侵容忍系统的设计中,提出了一种可操作性更强的、基于信任访问控制的入侵容忍系统,并对该系统的入侵容忍机制进行了详细分析。
最后总结了本文的主要工作,并指出了本文的不足之处和值得进一步研究的问题。
Intrusion tolerance is a rising network security technology which combines the cryptography and the fault tolerance. The concern of intrusion tolerance is not how to detect or prevent intrusion, but how to mask or restrain intrusion. Its goal is to continue to guarantee the confidentiality and integrality of data as well as the usability of service when the network system has been intruded.
There are many unresolved problems in intrusion tolerance although the corresponding theory and technology have been studied extensively by the domestic and foreign academia. In this dissertation, the modeling, analysis of performance, scheme of secret sharing, and design method of the intrusion tolerant system are studied. The main contributions are listed as follows:
(1) A model of distributed intrusion tolerant system based on Petri net is proposed through summarizing and analyzing the work states and the state transition property of intrusion tolerant system. The detailed description process of the model to the intrusion tolerant system is given, and the advantages of the model on description performance compared to other existing models are analyzed. On this basis, a quantitative model of intrusion tolerant system is proposed through utilizing the knowledge of game theory. The income functions of the intrusion tolerant system and the intruder are designed, and the Nash equilibrium of the game system is achieved through analyzing the optimum strategies of the two game sides.
(2) The performance of intrusion tolerant system is analyzed from three aspects: security, security situation, and resource cost. First, a more comprehensive and more feasible computational method of security for intrusion tolerant system is proposed through the multi-dimensional definition for security and the decomposition for intrusion. Then, a method which can evaluate the security of intrusion tolerant system dynamically and timely is proposed through designing the three evaluation indexes: the confidentiality of data, the integrality of data, and the usability of service. Lastly, the resource cost of intrusion tolerance is quantified. The concepts of continuance cost and response cost in intrusion tolerant system are proposed, and some methods and notes of reducing the resource cost are analyzed through simulation.
(3) The access structure of secret sharing in intrusion tolerance is studied. First, a secret shaing scheme which can meet the requirements of both the (t, n) threshold and the adversary structure is proposed basing on the existing (t, n) threshold schemes and the knowledge of set theory. The scheme can distribute the shadows of shared secret according to the requirements of threshold and adversary structure directly. Then, a dynamic proactive secret sharing scheme which can be applied to general access structure is proposed through introducing the concept of adversary structure in the existing (t, n) threshold scheme. The scheme can change its access structure dynamically when its shadows are renewed. Lastly, a threshold signature scheme based on the general access structure is proposed through combining the secret sharing scheme based on the general access structure and the (t, n) threshold signature scheme. The applied range of the scheme is wider compared to the existing (t, n) threshold signature schemes.
(4) An intrusion tolerant system based on neural networks is proposed through analyzing the two attributes of resource and control. The corresponding security mechanisms on different work states and the work process of the system are given. On this basis, a more feasible intrusion tolerant system based on trust-based access control is proposed through applying the access control to the design of intrusion tolerant system, and the intrusion tolerant performance of the system is analyzed in detail.
Finally, the main contributions of this dissertation are summarized, and the shortcomings and future work are pointed out.
引文
[1]郭渊博,马建峰.入侵容忍的国内外研究现状及所存在的问题分析.信息安全与保密通信,2005,7(1):337~341
[2]Fraga J, Powell D. A fault-and intrusion-tolerant file system. The 3rd International Conference on Computer Security,1985:203~218
[3]Sames D, Matt B, Niebuhr B, et al. Developing a heterogeneous intrusion tolerant COBRA system. Proceedings of the International Conference on Dependable Systems and Networks, IEEE Press,2002:387~396
[4]Valdes A, Almgren M, Cheung S, el at. An architecture for an adaptive intrusion-tolerance server. In Security Protocols:10th International Workshop. Heidelberg:Springer-Verlag,2004:158~178
[5]Huang Z, Liu X, Wang H. A diversified dynamic redundancy method exploiting the intrusion tolerance. ISW-2000 proceedings, Boston,2000:217~221
[6]Ferreira N, Verissimo P. Complete specification of APIs and protocols for the MAFTIA middleware. MAFTIA Project, Deliverable D9,2002
[7]Powell D, Stroud R J. Conceptual model and architecture of MAFTIA. MAFTIA Project, Deliverable D21,2003
[8]Shamir A. How to share a secret. Communications of the ACM,1979,11: 612~613
[9]Blakley G R. Safeguarding cryptographic keys. Proceedings of AFIPS National Computer Conference, New York:AFIPS Press,1979:313~317
[10]Asmuth C, Bloom J. A modular approach to key safeguarding. IEEE Transactions on Information Theory,1983,29(2):208~210
[11]Karnin E D, Greene J W, Hellman M E. On secret sharing systems. IEEE Transactions on Information Theory,1983,29(1):35~41
[12]Ito M, Saito A, Nishizeki T. Secret sharing schemes realizing general access structure. Proceedings of IEEE Global Telecommunication Conference, New Jersey:IEEE Press,1987:99~102
[13]He J, Dawson E. Multi secret sharing scheme based on one way function. Electronics Letters,1995,31(2):93~95
[14]Ham L. Efficient sharing (broadcasting) of multiple secrets. IEE Proceedings Computers and Digital Technique,1995,142(3):237~240
[15]Chien H Y, Jan J K, Tseng Y M. A practical (t, n) multi secret sharing scheme. IEEE Transactions on Fundamentals,2000:2762~2765
[16]Ostrovsky R, Yung M. How to withstand mobile virus attacks. Proceedings of the 10th (ACM) Symposium on the Principles of Distributed Computing, New York:ACM press,1991:51~61
[17]Herzberg A, Jarecki S, Krawczyk H, et al. Proactive secret sharing, or how to cope with perpetual leakage. CRYPTO'95, Berlin:Springer-Verlag,1995: 339~352
[18]Malkin M, Wu T, Boneh D. Building intrusion tolerance applications. DARPA Information Survivability Conference & Epposition, Hilton Head, South Carolina,2000
[19]Zhou L. Schneider F B. COCA:A secure distributed on-line certification authority. ACM Transactions on Computer Systems,2002,20(4):329~368
[20]Marsh M A, Schneider F B. CODEX:A robust and secure secret distribution system. IEEE Transactions on Dependable and Secure Computing,2004,1(1): 34~47,
[21]荆继武,冯登国.一种入侵容忍的CA方案.软件学报,2002,13(8):1417~1422
[22]Fischer M J, Lynch N A, Paterson M S. Impossibility of distributed consensus with one faulty process. Journal of the ACM,1985,32(2):374~382
[23]Dolev D, Strong H R. Authenticated algorithms for Byzantine agreement. SIAM Journal on Computing,1983,12:656~666
[24]Bracha G, Toueg S. Asynchronous consensus and broadcast protocols. Joural of the ACM.1985,32(4):824~840
[25]Reiter M K. The Rampart toolkit for building high-integrity services. Theory and Practice in Distributed Systems, Berlin:Springer-Verlag,1995
[26]ITUA Teams. Demonstrating intrusion tolerance with ITUA. Proceedings of the DARPA Information Survivability Conference and Exposition. IEEE Press, 2003:135~137
[27]邹立新,丁建立.基于拜占庭协议的入侵容忍系统模型设计.计算机工程,2005,31(增刊):88~90
[28]孙周军,易锋,肖文名等.基于拜占庭协议构建具有入侵容忍能力的Web服务研究.微电子学与计算机,2008,25(3):35~37
[29]Wang F, Uppalli R. SITAR:A scalable intrusion-tolerant architecture for distributed services. Proceedings of the DARPA Information Survivability Conference and Exposition,2003:153~155
[30]郭渊博,马建峰,王亚弟.一种自适应安全的网络通信系统模型.2005年中国控制与决策学术年会.2005,6
[31]彭文灵,王丽娜,张焕国.基于有限自动机的网络入侵容忍系统研究小型微型计算机系统,2005,26(8):1296~1300
[32]崔竞松,王丽娜,张焕国等.一种并行容侵系统研究模型——RC模型.计算机学报,2004,27(4):500~506
[33]殷丽华,方滨兴.入侵容忍系统的安全属性分析.计算机学报2006,29(8):1505~1512
[34]Wang C, Ma J F. Availability analysis and comparison of different Intrusion-Tolerant System. AWCC 2004, LNCS 3309:161~166
[35]郭世泽,牛冠杰,郑康锋.入侵容忍系统模型构建及量化分析.北京邮电大学学报,2007,30(1):36~39
[36]殷丽华,何松.一种入侵容忍系统的研究与实现.通信学报,2006,27(2):131~136
[37]彭文灵,王丽娜,张焕国等.基于角色访问控制的入侵容忍机制研究.电子学报,2005,33(1):91~95
[38]俞艳苹,郭渊博,马建峰.基于自适应大数表决机制的容忍入侵模型.系统工程与电子技术,2005,27(6):1098~1101
[39]Goseva P K, Wang F, Wang R. Characterizing intrusion tolerant systems using a state transition model. DARPA Information Survivability Conference and Exposition,2001,2(1):211~221
[40]林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术.计算机学报,2005,28(12):1943~1956
[41]Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering,1999,25(5):633~650
[42]Jonsson E, Olovsson T. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering,1997, 23(4):235-245
[43]Mcdermott J. Attack-potential-based survivability modeling for high consequence systems. Proceedings of the 3rd IEEE International Workshop on Information Assurance, Callege Park, Maryland, USA,2005:119~130
[44]Madan B B, Goseva P K, Vaidyanathan K, et al. A method for modeling and quantifying the security attributes of intrusion tolerant system. Performance Evaluation,2004,56(1-4):167~186
[45]周华,孟相如,杨茂繁,张立.入侵容忍系统的状态转移模型定量分析.北京邮电大学学报,2008,31(3):94~97
[46]Wang H, Liu P. Modeling and evaluating the survivability of an intrusion tolerant database system. ESORICS 2006, LNCS 4189:207~224
[47]Singh S, Cukier M, Sanders W H. Probabilistic validation of an intrusion-tolerant replication system. Proceedings of the International Conference on Dependable Systems and Networks, San Francisco, CA, USA, 2003:616~624
[48]Stroud R, Welch I, Warne J, et al. A qualitative analysis of the Intrusion tolerance capabilities of the MAFTIA architecture. Proceedings of the International Conference on Dependable System and Networks, IEEE Press, 2004:453~461
[49]刘欣然.网络攻击分类技术综述.通信学报,2004,25(7):30~36
[50]Chen X Z, Zheng Q H, Guan X H, et al. Multiple behavior information fusion based quantitative threat evaluation. Computers & Security,2005,24(3): 218~231
[51]Hu W, Li J H, Chen Z, et al. A scalable model for network situational awareness based on Endsley's situation model. High Technology Letters,2007,13(4): 395~401
[52]赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型.哈尔滨工业大学学报,2008,40(5):798~801
[53]梁颖,王慧强,刘磊.基于服务影响分析的网络安全态势定量感知方法.东南大学学报(自然科学版),2008,38(A01):64-67
[54]韦勇,连一峰.基于日志审计与性能修复算法的网络安全态势评估模型。计算机学报,2009,32(4):763~772
[55]韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型.计算机研究与发展,2009,46(3):353~362
[56]Benaloh J, Leichter J. Generalized secret sharing and monotone functions. CRYPTO'88, LNCS 403,1990:27~35
[57]Brickell E F. Some ideal secret sharing schemes. Journal of Combinatorial Mathematics and Combinatorial Computing,1989,9:105~113
[58]Tochikubo K, Uyematsu T, Matsumoto R. Efficient secret sharing schemes based on authorized aubsets.EUROCRYPT'97, LNCS 1233:465~479
[59]Simmons G. How to (really) share a secret. Proceedings on advances in cryptology, Santa Barbara, California,1990:390~448
[60]Simmons G. Prepositioned shared secret and/or shared control schemes. EUROCRYPT'89, LNCS 434,1990:436~467
[61]Brickell E F, Stinson D R.Some improved bounds on the information rate of perfect secret sharing schemes. Journal of Cryptology,1992,6:153~166
[62]Hwang R J, Chang C C. An on-line secret sharing scheme for multi-secrets. Computer Communications,1998,21(13):1170~1176
[63]庞辽军,姜正涛,王育民.基于一般访问结构的多重秘密共享方案.计算机研究与发展,2006,43(1):33~38
[64]Xu J. Secret sharing schemes with general access structure based on MSPs. Journal of Communications,2007,2(1):52~54
[65]Wei Y, Zhong P C, Xiong G H. A multi-stage secret sharing scheme with general access structures. WiCOM'08, IEEE Press,2008:1~4
[66]Zhang Z F, Liu M L, Xiao L L. Rearrangements of access structures and their realizations in secret sharing schemes. Discrete Mathematics,2008,308(21): 4882~4891
[67]Chor B,Goldwasser S. Verifiable secret sharing and achieving simultaneity in the presence of faults. Proceedings of 26th IEEE Symposium on Foundations of Computer Science,1985:251~160
[68]Feldman P. A practical scheme for non-interactive verifiable secret sharing. Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York,1987:427~437
[69]Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. CRYPTO'91, LNCS 576,1992:129~140
[70]Cachin C. On-line secret sharing. Cryptography and Coding,1995,1025: 190~198
[71]Pinch R. On-line multiple secret sharing. Electronics Letters,1996,32: 1087~1088
[72]Ingemarsson I, Simmons G J. A Protocol to set up shared secret schemes without the assistance of a mutually trusted party. Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques on Advances in cryptology, Aarhus, Denmark:Springer-Verlag,1991:266~282
[73]Stinson D, Wei R. Unconditionally secure proactive secret sharing scheme with combinatorial structures. SAC'1999, LNCS 1758,1999:200~214
[74]Nikov V, Nikova S, Preneel B, et al. Applying general access structure to proactive secret sharing schemes. Proceedings of the 23rd Symposium on Information Theory, Benelux,2002:197~206
[75]Cachin C, Kursawe K, Lysyanskaya A, et al. Asynchronous verifiable secret sharing and proactive cryptosystems. Proceedings of the 9th (ACM) Conference on Computer and Communications Security, New York:ACM Press,2002: 88~97
[76]Ham L. Group-oriented (t, n) threshold digital signature seheme and multisignature. IEE Proeeedings Cmoputers and Digital Techniques,1994, 141(5):307~313
[77]Chang T Y, Yang C C, Hwang M S. A threshold signature seheme for group communications without a shared distribution center. Future Generation Computer Systems.2004,20(6):1013~1021
[78]Lee N Y. Threshold signature scheme with multiple signing policies. IEE Proeeedings-Cmoputers and Digital Techniques,2001,148(2):95~99
[79]李慧贤,蔡皖东,庞辽军.一个安全的动态门限签名体制.计算机研究与发展,2007,44(9):1545~1549
[80]蔡永泉,张雪迪,姜楠.一种新的基于身份的门限签名方案.电子学报,2008,37(4):103~105
[81]芦殿军,张秉儒,赵海兴.基于多项式秘密共享的前向安全门限签名方案.通信学报,2009,30(1):45~49
[82]Cleve R, Gottesman D, Lo H K. How to share a quantum secret. Phys. Rev. Lett.,1999,83:648-651
[83]Tyc T, Sanders B C. How to share a continuous-variable quantum secret by optical interferometry. Physical Review A.65,2002
[84]Guo G P, Guo G C. Quantum secret sharing without entanglement. Physics Letters A,2003,310(4):247~251
[85]Li Y M, Zhang K S, Peng K C. Multiparty secret sharing of quantum information based on entanglement swapping. Physics Letters A,2004,324(5-6): 420~424
[86]秦素娟,刘太琳,温巧燕.基于纠缠交换和局域操作的量子秘密共享.北京邮电大学学报,2005,28(4):74~77
[87]Guo Y B, Ma J F. Practical secret sharing scheme realizing generalized adversary structure. Journal of Computer Science and Technology,2004,19(4): 564~569
[88]Sun H M, Shieh S P. Secret sharing in graph-based prohibited structures. Proeeedings of IEEE INFOCOM'97, Kobe, Japan,1997:718~724
[89]Sun H M, Shieh S P. An efficient construction of perfect secret sharing for graph-based structures. Journal of Computers and Mathematics with Applications.1996,31(7):129~135
[90]Zhou L, Schneider F, Robbert R. APSS:Proactive secret sharing in asynchronous systems. ACM Transactions on Information and System Security, 2005,8(3):259~286
[91]Desmedt Y, Jajodia S. Redistributing secret shares to new access structures and its applications. Technical Report ISSE TR-97-01, George Mason University, 1997
[92]Wong T M, Wang C, Wing J. Verifiable secret redistribution for archive systems. Proceedings of the 1st International IEEE Security in Storage Workshop, Pittsburgh,2002:94~105
[93]Schultz D A. Mobile proactive secret sharing. Proceedings of the 27th ACM Symposium on Principles of Distributed Computing. Toronto:ACM Press,2008
[94]Aho A, Hopcrofi J, Ullman J. The design and analysis of computer algorithms. Addison-Wesley:Reading Mass,1974
[95]Desmedt Y, Frankel Y. Shared generation of authenticators and signatures. CRYPTO'97, Berlin:Springer-Verlag,1992:457~469
[96]陈伟东,冯登国.一类存在特权集的门限群签名方案.软件学报,2005,16(7):1289~1295
[97]王斌,李建华.无可信中心的(t,n)门限签名方案.计算机学报,2003,26(11):1581-1584
[98]郭丽峰,程相国.一个无可信中心的(t,n)门限签名方案的安全性分析.计算机学报,2006,29(11):2013~2017
[99]黄耀宇,李从东.基于人工神经网络的煤矿安全评估模型研究.工业工程,2007,10(1):112~115
[100]Yao Y, Yu G, Gao F X. A neural network approach for misuse and anomaly intrusion detection. Wuhan University Journal of Natural Sciences,2005, 10(1):115~118
[101]高翔,赵荣椿,王敏.演进模糊神经网络在非监督式异常检测中的应用.哈尔滨工程大学学报,2006,27(增刊):51~54
[102]周志勇,唐家益.基于安全域和可信基的网络容侵系统模型.微计算机信息,2003,19(11):108~109
[103]杨忠林,张静,田培根.改进的BP网络及其在电路故障诊断中的应用.船舶电子工程,2006,26(6):103~106
[2]Fraga J, Powell D. A fault-and intrusion-tolerant file system. The 3rd International Conference on Computer Security,1985:203~218
[3]Sames D, Matt B, Niebuhr B, et al. Developing a heterogeneous intrusion tolerant COBRA system. Proceedings of the International Conference on Dependable Systems and Networks, IEEE Press,2002:387~396
[4]Valdes A, Almgren M, Cheung S, el at. An architecture for an adaptive intrusion-tolerance server. In Security Protocols:10th International Workshop. Heidelberg:Springer-Verlag,2004:158~178
[5]Huang Z, Liu X, Wang H. A diversified dynamic redundancy method exploiting the intrusion tolerance. ISW-2000 proceedings, Boston,2000:217~221
[6]Ferreira N, Verissimo P. Complete specification of APIs and protocols for the MAFTIA middleware. MAFTIA Project, Deliverable D9,2002
[7]Powell D, Stroud R J. Conceptual model and architecture of MAFTIA. MAFTIA Project, Deliverable D21,2003
[8]Shamir A. How to share a secret. Communications of the ACM,1979,11: 612~613
[9]Blakley G R. Safeguarding cryptographic keys. Proceedings of AFIPS National Computer Conference, New York:AFIPS Press,1979:313~317
[10]Asmuth C, Bloom J. A modular approach to key safeguarding. IEEE Transactions on Information Theory,1983,29(2):208~210
[11]Karnin E D, Greene J W, Hellman M E. On secret sharing systems. IEEE Transactions on Information Theory,1983,29(1):35~41
[12]Ito M, Saito A, Nishizeki T. Secret sharing schemes realizing general access structure. Proceedings of IEEE Global Telecommunication Conference, New Jersey:IEEE Press,1987:99~102
[13]He J, Dawson E. Multi secret sharing scheme based on one way function. Electronics Letters,1995,31(2):93~95
[14]Ham L. Efficient sharing (broadcasting) of multiple secrets. IEE Proceedings Computers and Digital Technique,1995,142(3):237~240
[15]Chien H Y, Jan J K, Tseng Y M. A practical (t, n) multi secret sharing scheme. IEEE Transactions on Fundamentals,2000:2762~2765
[16]Ostrovsky R, Yung M. How to withstand mobile virus attacks. Proceedings of the 10th (ACM) Symposium on the Principles of Distributed Computing, New York:ACM press,1991:51~61
[17]Herzberg A, Jarecki S, Krawczyk H, et al. Proactive secret sharing, or how to cope with perpetual leakage. CRYPTO'95, Berlin:Springer-Verlag,1995: 339~352
[18]Malkin M, Wu T, Boneh D. Building intrusion tolerance applications. DARPA Information Survivability Conference & Epposition, Hilton Head, South Carolina,2000
[19]Zhou L. Schneider F B. COCA:A secure distributed on-line certification authority. ACM Transactions on Computer Systems,2002,20(4):329~368
[20]Marsh M A, Schneider F B. CODEX:A robust and secure secret distribution system. IEEE Transactions on Dependable and Secure Computing,2004,1(1): 34~47,
[21]荆继武,冯登国.一种入侵容忍的CA方案.软件学报,2002,13(8):1417~1422
[22]Fischer M J, Lynch N A, Paterson M S. Impossibility of distributed consensus with one faulty process. Journal of the ACM,1985,32(2):374~382
[23]Dolev D, Strong H R. Authenticated algorithms for Byzantine agreement. SIAM Journal on Computing,1983,12:656~666
[24]Bracha G, Toueg S. Asynchronous consensus and broadcast protocols. Joural of the ACM.1985,32(4):824~840
[25]Reiter M K. The Rampart toolkit for building high-integrity services. Theory and Practice in Distributed Systems, Berlin:Springer-Verlag,1995
[26]ITUA Teams. Demonstrating intrusion tolerance with ITUA. Proceedings of the DARPA Information Survivability Conference and Exposition. IEEE Press, 2003:135~137
[27]邹立新,丁建立.基于拜占庭协议的入侵容忍系统模型设计.计算机工程,2005,31(增刊):88~90
[28]孙周军,易锋,肖文名等.基于拜占庭协议构建具有入侵容忍能力的Web服务研究.微电子学与计算机,2008,25(3):35~37
[29]Wang F, Uppalli R. SITAR:A scalable intrusion-tolerant architecture for distributed services. Proceedings of the DARPA Information Survivability Conference and Exposition,2003:153~155
[30]郭渊博,马建峰,王亚弟.一种自适应安全的网络通信系统模型.2005年中国控制与决策学术年会.2005,6
[31]彭文灵,王丽娜,张焕国.基于有限自动机的网络入侵容忍系统研究小型微型计算机系统,2005,26(8):1296~1300
[32]崔竞松,王丽娜,张焕国等.一种并行容侵系统研究模型——RC模型.计算机学报,2004,27(4):500~506
[33]殷丽华,方滨兴.入侵容忍系统的安全属性分析.计算机学报2006,29(8):1505~1512
[34]Wang C, Ma J F. Availability analysis and comparison of different Intrusion-Tolerant System. AWCC 2004, LNCS 3309:161~166
[35]郭世泽,牛冠杰,郑康锋.入侵容忍系统模型构建及量化分析.北京邮电大学学报,2007,30(1):36~39
[36]殷丽华,何松.一种入侵容忍系统的研究与实现.通信学报,2006,27(2):131~136
[37]彭文灵,王丽娜,张焕国等.基于角色访问控制的入侵容忍机制研究.电子学报,2005,33(1):91~95
[38]俞艳苹,郭渊博,马建峰.基于自适应大数表决机制的容忍入侵模型.系统工程与电子技术,2005,27(6):1098~1101
[39]Goseva P K, Wang F, Wang R. Characterizing intrusion tolerant systems using a state transition model. DARPA Information Survivability Conference and Exposition,2001,2(1):211~221
[40]林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术.计算机学报,2005,28(12):1943~1956
[41]Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering,1999,25(5):633~650
[42]Jonsson E, Olovsson T. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering,1997, 23(4):235-245
[43]Mcdermott J. Attack-potential-based survivability modeling for high consequence systems. Proceedings of the 3rd IEEE International Workshop on Information Assurance, Callege Park, Maryland, USA,2005:119~130
[44]Madan B B, Goseva P K, Vaidyanathan K, et al. A method for modeling and quantifying the security attributes of intrusion tolerant system. Performance Evaluation,2004,56(1-4):167~186
[45]周华,孟相如,杨茂繁,张立.入侵容忍系统的状态转移模型定量分析.北京邮电大学学报,2008,31(3):94~97
[46]Wang H, Liu P. Modeling and evaluating the survivability of an intrusion tolerant database system. ESORICS 2006, LNCS 4189:207~224
[47]Singh S, Cukier M, Sanders W H. Probabilistic validation of an intrusion-tolerant replication system. Proceedings of the International Conference on Dependable Systems and Networks, San Francisco, CA, USA, 2003:616~624
[48]Stroud R, Welch I, Warne J, et al. A qualitative analysis of the Intrusion tolerance capabilities of the MAFTIA architecture. Proceedings of the International Conference on Dependable System and Networks, IEEE Press, 2004:453~461
[49]刘欣然.网络攻击分类技术综述.通信学报,2004,25(7):30~36
[50]Chen X Z, Zheng Q H, Guan X H, et al. Multiple behavior information fusion based quantitative threat evaluation. Computers & Security,2005,24(3): 218~231
[51]Hu W, Li J H, Chen Z, et al. A scalable model for network situational awareness based on Endsley's situation model. High Technology Letters,2007,13(4): 395~401
[52]赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型.哈尔滨工业大学学报,2008,40(5):798~801
[53]梁颖,王慧强,刘磊.基于服务影响分析的网络安全态势定量感知方法.东南大学学报(自然科学版),2008,38(A01):64-67
[54]韦勇,连一峰.基于日志审计与性能修复算法的网络安全态势评估模型。计算机学报,2009,32(4):763~772
[55]韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型.计算机研究与发展,2009,46(3):353~362
[56]Benaloh J, Leichter J. Generalized secret sharing and monotone functions. CRYPTO'88, LNCS 403,1990:27~35
[57]Brickell E F. Some ideal secret sharing schemes. Journal of Combinatorial Mathematics and Combinatorial Computing,1989,9:105~113
[58]Tochikubo K, Uyematsu T, Matsumoto R. Efficient secret sharing schemes based on authorized aubsets.EUROCRYPT'97, LNCS 1233:465~479
[59]Simmons G. How to (really) share a secret. Proceedings on advances in cryptology, Santa Barbara, California,1990:390~448
[60]Simmons G. Prepositioned shared secret and/or shared control schemes. EUROCRYPT'89, LNCS 434,1990:436~467
[61]Brickell E F, Stinson D R.Some improved bounds on the information rate of perfect secret sharing schemes. Journal of Cryptology,1992,6:153~166
[62]Hwang R J, Chang C C. An on-line secret sharing scheme for multi-secrets. Computer Communications,1998,21(13):1170~1176
[63]庞辽军,姜正涛,王育民.基于一般访问结构的多重秘密共享方案.计算机研究与发展,2006,43(1):33~38
[64]Xu J. Secret sharing schemes with general access structure based on MSPs. Journal of Communications,2007,2(1):52~54
[65]Wei Y, Zhong P C, Xiong G H. A multi-stage secret sharing scheme with general access structures. WiCOM'08, IEEE Press,2008:1~4
[66]Zhang Z F, Liu M L, Xiao L L. Rearrangements of access structures and their realizations in secret sharing schemes. Discrete Mathematics,2008,308(21): 4882~4891
[67]Chor B,Goldwasser S. Verifiable secret sharing and achieving simultaneity in the presence of faults. Proceedings of 26th IEEE Symposium on Foundations of Computer Science,1985:251~160
[68]Feldman P. A practical scheme for non-interactive verifiable secret sharing. Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York,1987:427~437
[69]Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. CRYPTO'91, LNCS 576,1992:129~140
[70]Cachin C. On-line secret sharing. Cryptography and Coding,1995,1025: 190~198
[71]Pinch R. On-line multiple secret sharing. Electronics Letters,1996,32: 1087~1088
[72]Ingemarsson I, Simmons G J. A Protocol to set up shared secret schemes without the assistance of a mutually trusted party. Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques on Advances in cryptology, Aarhus, Denmark:Springer-Verlag,1991:266~282
[73]Stinson D, Wei R. Unconditionally secure proactive secret sharing scheme with combinatorial structures. SAC'1999, LNCS 1758,1999:200~214
[74]Nikov V, Nikova S, Preneel B, et al. Applying general access structure to proactive secret sharing schemes. Proceedings of the 23rd Symposium on Information Theory, Benelux,2002:197~206
[75]Cachin C, Kursawe K, Lysyanskaya A, et al. Asynchronous verifiable secret sharing and proactive cryptosystems. Proceedings of the 9th (ACM) Conference on Computer and Communications Security, New York:ACM Press,2002: 88~97
[76]Ham L. Group-oriented (t, n) threshold digital signature seheme and multisignature. IEE Proeeedings Cmoputers and Digital Techniques,1994, 141(5):307~313
[77]Chang T Y, Yang C C, Hwang M S. A threshold signature seheme for group communications without a shared distribution center. Future Generation Computer Systems.2004,20(6):1013~1021
[78]Lee N Y. Threshold signature scheme with multiple signing policies. IEE Proeeedings-Cmoputers and Digital Techniques,2001,148(2):95~99
[79]李慧贤,蔡皖东,庞辽军.一个安全的动态门限签名体制.计算机研究与发展,2007,44(9):1545~1549
[80]蔡永泉,张雪迪,姜楠.一种新的基于身份的门限签名方案.电子学报,2008,37(4):103~105
[81]芦殿军,张秉儒,赵海兴.基于多项式秘密共享的前向安全门限签名方案.通信学报,2009,30(1):45~49
[82]Cleve R, Gottesman D, Lo H K. How to share a quantum secret. Phys. Rev. Lett.,1999,83:648-651
[83]Tyc T, Sanders B C. How to share a continuous-variable quantum secret by optical interferometry. Physical Review A.65,2002
[84]Guo G P, Guo G C. Quantum secret sharing without entanglement. Physics Letters A,2003,310(4):247~251
[85]Li Y M, Zhang K S, Peng K C. Multiparty secret sharing of quantum information based on entanglement swapping. Physics Letters A,2004,324(5-6): 420~424
[86]秦素娟,刘太琳,温巧燕.基于纠缠交换和局域操作的量子秘密共享.北京邮电大学学报,2005,28(4):74~77
[87]Guo Y B, Ma J F. Practical secret sharing scheme realizing generalized adversary structure. Journal of Computer Science and Technology,2004,19(4): 564~569
[88]Sun H M, Shieh S P. Secret sharing in graph-based prohibited structures. Proeeedings of IEEE INFOCOM'97, Kobe, Japan,1997:718~724
[89]Sun H M, Shieh S P. An efficient construction of perfect secret sharing for graph-based structures. Journal of Computers and Mathematics with Applications.1996,31(7):129~135
[90]Zhou L, Schneider F, Robbert R. APSS:Proactive secret sharing in asynchronous systems. ACM Transactions on Information and System Security, 2005,8(3):259~286
[91]Desmedt Y, Jajodia S. Redistributing secret shares to new access structures and its applications. Technical Report ISSE TR-97-01, George Mason University, 1997
[92]Wong T M, Wang C, Wing J. Verifiable secret redistribution for archive systems. Proceedings of the 1st International IEEE Security in Storage Workshop, Pittsburgh,2002:94~105
[93]Schultz D A. Mobile proactive secret sharing. Proceedings of the 27th ACM Symposium on Principles of Distributed Computing. Toronto:ACM Press,2008
[94]Aho A, Hopcrofi J, Ullman J. The design and analysis of computer algorithms. Addison-Wesley:Reading Mass,1974
[95]Desmedt Y, Frankel Y. Shared generation of authenticators and signatures. CRYPTO'97, Berlin:Springer-Verlag,1992:457~469
[96]陈伟东,冯登国.一类存在特权集的门限群签名方案.软件学报,2005,16(7):1289~1295
[97]王斌,李建华.无可信中心的(t,n)门限签名方案.计算机学报,2003,26(11):1581-1584
[98]郭丽峰,程相国.一个无可信中心的(t,n)门限签名方案的安全性分析.计算机学报,2006,29(11):2013~2017
[99]黄耀宇,李从东.基于人工神经网络的煤矿安全评估模型研究.工业工程,2007,10(1):112~115
[100]Yao Y, Yu G, Gao F X. A neural network approach for misuse and anomaly intrusion detection. Wuhan University Journal of Natural Sciences,2005, 10(1):115~118
[101]高翔,赵荣椿,王敏.演进模糊神经网络在非监督式异常检测中的应用.哈尔滨工程大学学报,2006,27(增刊):51~54
[102]周志勇,唐家益.基于安全域和可信基的网络容侵系统模型.微计算机信息,2003,19(11):108~109
[103]杨忠林,张静,田培根.改进的BP网络及其在电路故障诊断中的应用.船舶电子工程,2006,26(6):103~106