摘要
计算机系统安全漏洞的研究以及漏洞库的建设,对于提高系统安全性、减少安全事件发生具有重要意义。目前安全漏洞研究的主要问题在于漏洞分类分级不够完善,同时较小的漏洞库容量也使得对系统安全漏洞的分析研究无法充分展开。本文首先详细介绍了计算机漏洞的概念、属性和特点,归纳总结了国内外漏洞研究的现状。在对安全漏洞特征进行分析的基础上,建立了一种安全漏洞分类分级体系,并以此为理论指导实际建立了一个基于国际CVE标准的大容量系统安全漏洞数据库,开发了相应的数据库生成更新软件。该漏洞库及其生成软件已在一些网络安全项目中获得成功应用。
其后,在对漏洞数据库中的大量漏洞进行分析的基础上,本文着重对缓冲区溢出漏洞和安全编程方法两方面进行了研究。利用缓冲区溢出漏洞进行的缓冲区溢出攻击是Internet上危害最大、最广泛的一种攻击手段。本文在讨论缓冲区溢出攻击的内存模型和工作原理的基础上,系统的提出了贯穿软件生命期,包括编程开发、编译测试、安全配置使用三个阶段的完整缓冲区溢出防范体系模型。并进行了缓冲区溢出漏洞的检测、利用方面的研究。同时为了实现在源代码级消除安全漏洞的目的,本文探讨了利用安全威胁模型进行安全编程的方法,并提出了安全编程整体模型的框架和原则,对安全编程方法作了比较详尽的讨论,为今后进一步的研究打下了基础。
最后,为了提供对应用系统安全漏洞的防护,本文提出了一种基于IPSec的VPN网关设计方案。这种通过融合IPSec在Linux系统内核中实现的VPN方案具有处理速度快,可以避免来自操作系统的安全漏洞的优点。以此来作为对未知安全漏洞最后的防御手段。
The research on computer vulnerabilities and the building of the vulnerability database are significant in improving system's security and reducing computer security incidents. The currently focus in this area is on the research in the taxonomy of vulnerabilities and the expand of vulnerability database. This dissertation firstly explain the concept and attributes of vulnerability in detail, and review the current status of vulnerabilities research. Then, it is presented that a structural model of vulnerability database based on the research of the classification of computer vulnerabilities. After that, the dissertation depicts the building of the database based on CVE standard and its generating software.
Then, based on analysis of the vulnerabilities in database, this dissertation carries out some research work in exploiting attack and security programming. Exploiting attack is a serious threat to the safety on Internet. As a basis, its memory model and working way is discussed firstly in this paper. Then the comprehensive defense system model is presented, which runs through the whole life period of software. It is discussed that exploiting scanning and utilization at last. Meanwhile the conception and main principle of safe programming and safe threat model is presented, which is very meaningful in improving the quality of software development.
At last, this dissertation brings forward a new VPN gateway design scheme to provide defense method to unknown system vulnerabilities for application system. This design is based on IPSec protocol include injecting IPSec module and modifying OS kernel. The design by modifying OS kernel has advancement over operating efficiency and safety performance. It is the last line of defense to unknown security vulnerabilities.
引文
[1] Denning, D. E. Cryptography and Data Security. Addison-Wesley Publishing Company 1983
[2] Bishop, M. and Bailey. D. A Critical Analysis of Vulnerability Taxonomies". Department of Computer Science at the University of California at Davis. 1996
[3] Marick, B."A Survey of Software Fault Surveys". University of Illinois at UrbanaChampaign. 1990
[4] Taimur Aslam, Ivan Krsul. "Use of a Taxonomy of Security Faults". Eugene Spafford. In Proceedings of the 19th National Information Systems Security Conference, 1996
[5] Ivan Krsul. "Software Vulnerability Analysis". Department of Computer Sciences, Purdue University, 1998
[6] D. Curry, H. Debar. Intrusion detection message exchange format data model and extensible markup language (xml) document type definition, draft-ietfidwg- idmef-xml-07.txt, January 30, 2003
[7] Gary McGraw, John Viega. Make your software behave: Learning the basics of buffer overflows, http://www-9OO.ibm.com/developerWorks/cn/security/overflows/index_eng.shtml
[8] Gary McGraw, John Viega. Make your software behave: An anatomy of attack code. http://www-900.ibm.com/developerWorks/cn/security/attack/index_eng.shtml
[9] 薛静锋,Linux下防范缓冲区溢出攻击的系统安全策略,http://www-900.ibm.com/developerWorks/cn/security/se-lbuffer/index.shtml
[10] Gary McGraw, John Viega. Make your software behave: Preventing buffer overflows. http://www-900.ibm.com/developerWorks/cn/security/buffer-defend/index_eng.shtml
[11] Carnegie Mellon Software Engineering Institute, OCTAVEsm Information Security Risk Evaluation. http://www.cert.org/octave/, 2003.8
[12] Edward Amoroso. Fundamentals of Computer Security Technology. New Jersey: Prentice Hall, 1994
[13] Michael Howard, David LeBlanc. Writing Secure Code. Washington: Microsoft Press. 2002
[14] Edward. Operationally Critical Threat, Asset, and Vulnerability Evaluation. OCTAVE. Fundamentals of Computer Security Technology. Prentice Hall. 1994
[15] 1998年七月安全专栏,http://www.sunworld.com/swol-07-1998/swol-07-security.html
[16] Matt Bishop, Michael Dilger. Checking for Race Conditions in File Accesses. Department of Computer Science University of California at Davis. 1996
[17] Gary McGraw, John Viega. Building Secure Software. Massachusetts: Addison-Wesley. 2001
[18] Fuzz Revisited. A Re-examination of the Reliability of UNIX Utilities and Services.
ftp://ftp.cs.wisc.edu/pub/paradyn/technical_papers/fuzz-revisited.ps.Z. 2000.2
[19] ICSA测评报告,http://www.icsalabs.com/html/communities/ipsec/certification/certified_products/index.shtml
[20] 基于IPsec的虚拟专用网,http://shanyou.sti.gd.cn/linux/ipsecvpn.htm
[21] S.Kent. Security Architecture for the Internet Protocol. http://www.ietf.org/rfc/rfc2401.txt
[22] 基于IPSec的VPN技术原理与实现,http://aboutcn.com/doc/list.asp?id=511