网络审计系统抗“性能攻击”可生存性机制研究
|
摘要
网络审计系统作为一种安全事件监控产品目前已被广泛使用,由于其数据的敏感性,因此容易受到攻击和破坏。目前,虽然人们做了大量工作从安全防护角度对网络审计系统的安全强度进行提高,并取得了一定成效,但是却很少考虑审计系统一旦被攻破的情况下,如何保证其基本功能尽可能正常运转这个问题。网络入侵防不胜防,现实中我们很难保证审计系统不被攻破,因此必然需要建立起一套容忍入侵机制,来提高审计系统自身的可生存能力。
网络系统生存性理论是目前信息安全领域一个新的研究内容,是对传统信息安全观念的突破和创新,强调系统在遭受攻击、发生故障或意外事故的情况下,能够及时完成其关键任务的能力。可生存性的中心思想是即使入侵成功,甚至系统的重要部分受到损害或摧毁时,系统依然能够保持其基本功能的运转,并及时修复被损坏的服务。
本文研究网络审计系统在受到“性能攻击”时如何持续提供服务的问题,设计了系统的可生存性机制,完成的主要工作如下;
1.分析了可生存性技术与传统安全技术相比在提高系统安全强度方面的优势,对目前生存性研究成果进行较为全面的归纳与总结。
2.设计了基于3R的网络审计系统抗“性能攻击”可生存性机制。通过建立系统性能稳态模型,增强系统识别评估攻击的能力;提出基于服务分级的抗攻击机制,提高系统抗攻击能力;通过系统各机制的联动,增强系统服务恢复能力。
3.实现了一个具有可生存性的网络审计原型系统。在系统可生存性机制研究基础上,建立基于SYSLOG协议的审计系统原型,并实现该系统的可生存性,以提高系统在攻击状态下服务的可持续能力。
通过以上工作,本文提出并实现了一套网络审计系统抗“性能攻击”的可生存性机制,一方面为系统提供了一套有效的保障机制,使系统在受攻击状态下仍能够完成其关键任务;另一方面也对生存性理论应用进行了有益的补充和扩展。
As a security monitor product, network audit system has been used widely. But because of the sensibility of its data, it suffers attack and destruction easily. So far, people have done a lot of work to improve the security level of network audit system in terms of security protection and achieve some effect. However, they didn't consider the problem that how to ensure the essential function to run normally when the attack is successful. There are more and more attacks impossible to defend effectively. We can't ensure full security of the network audit system. So the intrusion tolerance mechanism should be designed to improve the survivability of the system.
Network survivability is the innovation for the traditional network security concepts. The concept of survivability focuses on the capability of implementing the key mission timely during the time when the network application system is suffering from the attack, fault or incident. The clou of survivability is that the system can fulfill the key mission and repair its services which are damaged even if the intrusion is successful.
This paper designs the survivability mechanism which ensures the network audit system to provide the services when the intrusion is successful. The main work includes the following aspects:
1 .Analyzing the advantage of survivability technology comparing to the traditional security technology, summarizing the correlative concepts and applications of the survivability technology.
2.Designing the anti Performance-attack survivability mechanism based on 3R.The stable performance model is established to enforce the capability of recognizing the attack. For different attack intensity, the system should provide different level of system services. This paper proposes the anti-attack mechanism based the service classification. The associate actions of system security mechanism can improve the capability of recovery.
3.Implementing a network audit system which has the Survivable capability. Based on the research of the survivability mechanism, we build up the network audit system prototype based on the SYSLOG protocol; improve the sustainable capability of system services via implementation of the survivability mechanism.
From what has been done above, this paper designs and implements a set of survivability mechanisms for network audit system to anti Performance-attack. They provide effective safeguard mechanisms to accomplish the key missions in the case of the attack state. At the same time, they complement and extend the survivability application theories.
网络系统生存性理论是目前信息安全领域一个新的研究内容,是对传统信息安全观念的突破和创新,强调系统在遭受攻击、发生故障或意外事故的情况下,能够及时完成其关键任务的能力。可生存性的中心思想是即使入侵成功,甚至系统的重要部分受到损害或摧毁时,系统依然能够保持其基本功能的运转,并及时修复被损坏的服务。
本文研究网络审计系统在受到“性能攻击”时如何持续提供服务的问题,设计了系统的可生存性机制,完成的主要工作如下;
1.分析了可生存性技术与传统安全技术相比在提高系统安全强度方面的优势,对目前生存性研究成果进行较为全面的归纳与总结。
2.设计了基于3R的网络审计系统抗“性能攻击”可生存性机制。通过建立系统性能稳态模型,增强系统识别评估攻击的能力;提出基于服务分级的抗攻击机制,提高系统抗攻击能力;通过系统各机制的联动,增强系统服务恢复能力。
3.实现了一个具有可生存性的网络审计原型系统。在系统可生存性机制研究基础上,建立基于SYSLOG协议的审计系统原型,并实现该系统的可生存性,以提高系统在攻击状态下服务的可持续能力。
通过以上工作,本文提出并实现了一套网络审计系统抗“性能攻击”的可生存性机制,一方面为系统提供了一套有效的保障机制,使系统在受攻击状态下仍能够完成其关键任务;另一方面也对生存性理论应用进行了有益的补充和扩展。
As a security monitor product, network audit system has been used widely. But because of the sensibility of its data, it suffers attack and destruction easily. So far, people have done a lot of work to improve the security level of network audit system in terms of security protection and achieve some effect. However, they didn't consider the problem that how to ensure the essential function to run normally when the attack is successful. There are more and more attacks impossible to defend effectively. We can't ensure full security of the network audit system. So the intrusion tolerance mechanism should be designed to improve the survivability of the system.
Network survivability is the innovation for the traditional network security concepts. The concept of survivability focuses on the capability of implementing the key mission timely during the time when the network application system is suffering from the attack, fault or incident. The clou of survivability is that the system can fulfill the key mission and repair its services which are damaged even if the intrusion is successful.
This paper designs the survivability mechanism which ensures the network audit system to provide the services when the intrusion is successful. The main work includes the following aspects:
1 .Analyzing the advantage of survivability technology comparing to the traditional security technology, summarizing the correlative concepts and applications of the survivability technology.
2.Designing the anti Performance-attack survivability mechanism based on 3R.The stable performance model is established to enforce the capability of recognizing the attack. For different attack intensity, the system should provide different level of system services. This paper proposes the anti-attack mechanism based the service classification. The associate actions of system security mechanism can improve the capability of recovery.
3.Implementing a network audit system which has the Survivable capability. Based on the research of the survivability mechanism, we build up the network audit system prototype based on the SYSLOG protocol; improve the sustainable capability of system services via implementation of the survivability mechanism.
From what has been done above, this paper designs and implements a set of survivability mechanisms for network audit system to anti Performance-attack. They provide effective safeguard mechanisms to accomplish the key missions in the case of the attack state. At the same time, they complement and extend the survivability application theories.
引文
[1]APBnews.com(Accessed at http;//apbnews.com/),2007
[2]国家计算机网络应急技术处理协调中心.CNCERT/CC2006年网络安全工作报告[R1,2007(Accessed at http;//www.cnnic.com.cn/)
[3]信息技术 安全技术 信息技术安全性评估准则[S].ISO/IEC 15408-1;1999
[4]信息技术 开放系统互连 系统管理 第8部分;安全审计跟踪功能[S].GB/T 17143.8-1997
[5]信息系统安全审计产品技术要求和测试评价方法.国家标准(征求意见稿)[S],2006
[6]北京启明星辰信息技术有限公司.天玥网络安全审计系统白皮书[R].2004
[7]成都三零盛安信息系统有限公司.鹰眼网络安全审计系统技术白皮书[R].2003
[8]北京天融信公司.综合安全审计系统(TopSEC Auditor)技术白皮书[R].2004
[9]北京天融信公司.网络卫士信息审计系统技术白皮书[R].2004
[10]荆继武.在攻击中生存-入侵容忍技术[J].计算机世界,2004(4);15-17
[11]A.Barners,A.Hollway and P.G.Neumann,Survivable Computer Communication Systems;The Problem and Working Group Recmmendations,Technical report VAL-CE-TR-92-22(revision 1),U.S.Army Research Laboratory,AMSRL-SL-E,White Sands Missile Range.NM 88002-5513,1993
[12]CERT[N],http;//www.cert.org,2004
[13]M.S.Deutsch and R.R.Willis,Software Quality Engineering;A Total Technical and Management Approach[R],Englewood Cliffs,NJ;PrenticeHall,1988
[14]2000 IEEE proceedings of DARPA information survivability conference & exposition,Vol Ⅱ of Ⅱ Moitra,D.Soumyo,etc.A Simulation Model for Managing Survivability of Networked Information Systems[J].SEI,2002
[15]Moitra,D.Soumyo,etc.A Simulation Model for Managing Survivability of Networked Information Systems.SEI,2002.
[16]JHA S K,WING J M,LINGER R C,etc.Survivability analysis of network specifications[A].Proceedings of Workshop on Dependability Despite Malicious Faults.2000 International Conference on Dependable System and Networks(DSN 2000).New York.USA;IEEE Computer Society.2000.613-622
[17]Mark R.Wilson,The Quantitative Impact of Survivable Network Architectures on Service Availability[J],IEEE Communications Magazine,1998
[18]Westmark V R.A Definition for Information System Survivability[J],Proceedings of the 37th Annual Hawaii International Conference on System Science.Hawaii.2004-01-04
[19]Knight J C,Strunk E A,Sullican K J.Towards a Rigorous Definition of Information System Survivability.DARPA Information Survivability Conference and Exposition[A],Washington.2003-2004
[20]杨超,马建峰.可生存性网络系统的形式化定义[J],网络安全技术与应用,2004.43(7);39-41
[21]LOUCA S,PITSILLIDES A,SAMARAS G,On network survivability algorithms based on trellis graph transformations[A],Proceedings of the Fourth IEEE Symposium on Computers and Communications[C],Red Sea,Egypt,1999,235-243
[22]KRINGS A W,AZADMANESH M H.A Graph Based Model for Survivability Analysis[R].Technical Report UI-CS-TR-02-024.Computer Science Department.University of Idaho.2002
[23]ZOLFAGHARIO A,KAUDELI F J.Framework for network survivability performance[J].IEEE Journal on Selected Areas in Communications.1994.12(1);46-51
[24]GAO Z.X,ONG C H,TAN W K.Survivability assessment;modeling dependencies in information systems[A].Preceedings of the 4th IEEE/CMU/SEI Information Survivability Workshop(ISW-2001/2002).Vancouver,Canada.2001
[25]HEVNER A,LINGER R.The flow-service-quality framework;unified engineering for large-scale,adaptive systems[A].Proceedings of the 35th Hawaii International Conference on System Sciences.Hawaii.USA.2002.278
[26]郭渊博,马建峰,分布式系统中服务可生存性的定量分析[J],同济大学学报,2002,30(10);1190-1193
[27]MCDERMOTT J.Attack-potentiai-based survivability modeling for high-consequence system[A].Proceedings of the 3Rd IEEE International Workshop on Information Assurance(IWIA'05).College Park,Maryland.2005.119-130
[28]Dr.Nancy Mead.Survivable Systems Analysis Method[N],2002
[29]Haizhuang Kang,C.Butler,Qingping Yang,Jiamo Chen,A New Survivability Measure for Military Communication Networks[A].Military Communications Conference,Vol.1,IEEE,1998
[30]K.T.Newport.Incorporating Survivability Considerations Directly into the Network Design Process[A],Ninth Annual Joint Conference of the IEEE Computer and Communication Societies,1999
[31]Jianxu Shi.J.P.Fonseka.Traffic-based Survivability Analysis of Telecommunications Networks.Global Telecommunications Conference[A],Vol.2,IEEE,1995
[32]T.A.Dahalberg,K.R.Subramanian.Visualization of Real-time Survivability Metrics for Mobile Networks.Proceedings of the 3'd ACM International Workshop on Modeling,Analysis and Simulation of Wireless and Mobile Systems,ACM,2000
[33]H.C.Cankaya,V.S.S.Nair.A Survivability Assessment Tool for Restorable Networks.3rd IEEE Symposium on Application-Specific Systems and Software Engineering Technology[A],IEEE,2000
[34]S.Jha,J.M.Wing.Survivability Analysis of Networked Systems.Proceedings of the 23rd International Conference on Software Engineering[A],IEEE,2001
[35]高献伟,林雪纲,许榕生.生存性分析方法中的3R量化分析[J],计算机仿真.2004,21(11);125-128.
[36]朱而刚.生存性评估分析模型.北京邮电大学信息安全中心[R].学术报告
[37]张永,方滨兴,包秀国.网络可生存性研究概述[J].计算机工程与应用.2005年7月.第119期
[38]黄遵国,卢锡城,王怀民,可生存性技术及其实现框架研究[J],国防科技大学学报,2002,24(5);29-32
[39]Malkin M,Wu T.Building intrusion tolerant applications.DARPA Information Suvvivability Conference and Exposition,1999,pp.77-87
[40]Ian Welch,John Wame,Peter Ryan,Robert Stroud,Architectural Analysis of MAFTIA's Intrusion Tolerance Capabilities,Technical Report CS-TR-788[R],University of Newcastle upon Tyne,2001
[41]A Scalable Intrusion-Tolerant,Arohitecture.http;//www.anr.mcnc.org/projects/SITAR/SITAR norfolk-2001.pdf,2001
[42]Thomas Wu,Michael Malkin,Dan Boneh,Building Intrusion Tolerant Applications[J],Proceedings of 8th USENIX Security Symposium,1999
[43]P Luenam,Peng Liu.The Design of an Adaptive Intrusion Tolerant Database System[C],In;Proc IEEE Workshop on Intrusion Tolerant Systems,2002
[44]王小艳,谢小权.网络系统的生存性机制.第18次全国计算机安全年会[J].2003
[45]王超,马建峰.可生存网络系统的构建方法[J],电子学报,第12A期,2005;2336-2341
[46]包秀国,胡铭曾,张宏莉等.两种网络安全管理系统的生存性定量分析方法[J],通信学报,2004,25(9);34-41
[47]吴文光.可生存性信息服务系统设计实现与评估方法研究[D],长沙;国防科技大学,2005
[48]黄遵国,卢锡城,胡华平,生存能力技术及其实现案例研究[J],通信学报.2004,25(7);137-145
[49]黄遵国,卢锡城,随机自治可生存调度算法研究[J],计算机工程与科学,2005
[50]张鸿志.网络可生存性研究[D].西安;西安电子科技大学,2005年1月
[51]林雪纲.网络信息系统生存性分析研究[D].杭州;浙江大学.2006
[52]Yen-Ming Chen.Study of The Interdependencies Within The Banking And Finance Infrastructure For Survivability.Carnegie Mellon,University.1999
[53]Lawrence R.Rogers.Survivable Functional Units;Balancing an Enterprise's Mission and Technology[R].CERT Training and Education Center.2004
[54]IMJU BYON.Survivability of the U.S.Electric Power Industry[D].Carnegie Mellon University Information Networking Institute,2000
[55]Jose Caldera.Survivability Requirements for the U.S.Health Care Industry[D].Carnegie Mellon University.2000
[56]National Security Agency,Information Assurance Solutions.IATF Release 3.0[J],Technical Directors,USA,2000
[57]MARS[N],http;//www.cisco.com/web/cn/products/
[58]汉邦信息安全综合强审计监控系统白皮书(HBAudit)[N],http;//www.hba.com
[59]安全审计与基于审计的入侵检测.张相峰.北京;中国科学院研究生院[D],2004
[60]信息安全事件分类分级指南(征求意见稿)[S],2006
[61]TC260-WG5-N50017.入侵检测系统技术要求和评估方法[S],2005
[62]GB_17859-1999.计算机信息系统安全保护等级划分准则[S],1999
[63]The syslog Protocol,draft-ieff-syslog-protocol-15[S],2005
[64]Reliable Delivery for syslog.RFC3195[S],2001
[2]国家计算机网络应急技术处理协调中心.CNCERT/CC2006年网络安全工作报告[R1,2007(Accessed at http;//www.cnnic.com.cn/)
[3]信息技术 安全技术 信息技术安全性评估准则[S].ISO/IEC 15408-1;1999
[4]信息技术 开放系统互连 系统管理 第8部分;安全审计跟踪功能[S].GB/T 17143.8-1997
[5]信息系统安全审计产品技术要求和测试评价方法.国家标准(征求意见稿)[S],2006
[6]北京启明星辰信息技术有限公司.天玥网络安全审计系统白皮书[R].2004
[7]成都三零盛安信息系统有限公司.鹰眼网络安全审计系统技术白皮书[R].2003
[8]北京天融信公司.综合安全审计系统(TopSEC Auditor)技术白皮书[R].2004
[9]北京天融信公司.网络卫士信息审计系统技术白皮书[R].2004
[10]荆继武.在攻击中生存-入侵容忍技术[J].计算机世界,2004(4);15-17
[11]A.Barners,A.Hollway and P.G.Neumann,Survivable Computer Communication Systems;The Problem and Working Group Recmmendations,Technical report VAL-CE-TR-92-22(revision 1),U.S.Army Research Laboratory,AMSRL-SL-E,White Sands Missile Range.NM 88002-5513,1993
[12]CERT[N],http;//www.cert.org,2004
[13]M.S.Deutsch and R.R.Willis,Software Quality Engineering;A Total Technical and Management Approach[R],Englewood Cliffs,NJ;PrenticeHall,1988
[14]2000 IEEE proceedings of DARPA information survivability conference & exposition,Vol Ⅱ of Ⅱ Moitra,D.Soumyo,etc.A Simulation Model for Managing Survivability of Networked Information Systems[J].SEI,2002
[15]Moitra,D.Soumyo,etc.A Simulation Model for Managing Survivability of Networked Information Systems.SEI,2002.
[16]JHA S K,WING J M,LINGER R C,etc.Survivability analysis of network specifications[A].Proceedings of Workshop on Dependability Despite Malicious Faults.2000 International Conference on Dependable System and Networks(DSN 2000).New York.USA;IEEE Computer Society.2000.613-622
[17]Mark R.Wilson,The Quantitative Impact of Survivable Network Architectures on Service Availability[J],IEEE Communications Magazine,1998
[18]Westmark V R.A Definition for Information System Survivability[J],Proceedings of the 37th Annual Hawaii International Conference on System Science.Hawaii.2004-01-04
[19]Knight J C,Strunk E A,Sullican K J.Towards a Rigorous Definition of Information System Survivability.DARPA Information Survivability Conference and Exposition[A],Washington.2003-2004
[20]杨超,马建峰.可生存性网络系统的形式化定义[J],网络安全技术与应用,2004.43(7);39-41
[21]LOUCA S,PITSILLIDES A,SAMARAS G,On network survivability algorithms based on trellis graph transformations[A],Proceedings of the Fourth IEEE Symposium on Computers and Communications[C],Red Sea,Egypt,1999,235-243
[22]KRINGS A W,AZADMANESH M H.A Graph Based Model for Survivability Analysis[R].Technical Report UI-CS-TR-02-024.Computer Science Department.University of Idaho.2002
[23]ZOLFAGHARIO A,KAUDELI F J.Framework for network survivability performance[J].IEEE Journal on Selected Areas in Communications.1994.12(1);46-51
[24]GAO Z.X,ONG C H,TAN W K.Survivability assessment;modeling dependencies in information systems[A].Preceedings of the 4th IEEE/CMU/SEI Information Survivability Workshop(ISW-2001/2002).Vancouver,Canada.2001
[25]HEVNER A,LINGER R.The flow-service-quality framework;unified engineering for large-scale,adaptive systems[A].Proceedings of the 35th Hawaii International Conference on System Sciences.Hawaii.USA.2002.278
[26]郭渊博,马建峰,分布式系统中服务可生存性的定量分析[J],同济大学学报,2002,30(10);1190-1193
[27]MCDERMOTT J.Attack-potentiai-based survivability modeling for high-consequence system[A].Proceedings of the 3Rd IEEE International Workshop on Information Assurance(IWIA'05).College Park,Maryland.2005.119-130
[28]Dr.Nancy Mead.Survivable Systems Analysis Method[N],2002
[29]Haizhuang Kang,C.Butler,Qingping Yang,Jiamo Chen,A New Survivability Measure for Military Communication Networks[A].Military Communications Conference,Vol.1,IEEE,1998
[30]K.T.Newport.Incorporating Survivability Considerations Directly into the Network Design Process[A],Ninth Annual Joint Conference of the IEEE Computer and Communication Societies,1999
[31]Jianxu Shi.J.P.Fonseka.Traffic-based Survivability Analysis of Telecommunications Networks.Global Telecommunications Conference[A],Vol.2,IEEE,1995
[32]T.A.Dahalberg,K.R.Subramanian.Visualization of Real-time Survivability Metrics for Mobile Networks.Proceedings of the 3'd ACM International Workshop on Modeling,Analysis and Simulation of Wireless and Mobile Systems,ACM,2000
[33]H.C.Cankaya,V.S.S.Nair.A Survivability Assessment Tool for Restorable Networks.3rd IEEE Symposium on Application-Specific Systems and Software Engineering Technology[A],IEEE,2000
[34]S.Jha,J.M.Wing.Survivability Analysis of Networked Systems.Proceedings of the 23rd International Conference on Software Engineering[A],IEEE,2001
[35]高献伟,林雪纲,许榕生.生存性分析方法中的3R量化分析[J],计算机仿真.2004,21(11);125-128.
[36]朱而刚.生存性评估分析模型.北京邮电大学信息安全中心[R].学术报告
[37]张永,方滨兴,包秀国.网络可生存性研究概述[J].计算机工程与应用.2005年7月.第119期
[38]黄遵国,卢锡城,王怀民,可生存性技术及其实现框架研究[J],国防科技大学学报,2002,24(5);29-32
[39]Malkin M,Wu T.Building intrusion tolerant applications.DARPA Information Suvvivability Conference and Exposition,1999,pp.77-87
[40]Ian Welch,John Wame,Peter Ryan,Robert Stroud,Architectural Analysis of MAFTIA's Intrusion Tolerance Capabilities,Technical Report CS-TR-788[R],University of Newcastle upon Tyne,2001
[41]A Scalable Intrusion-Tolerant,Arohitecture.http;//www.anr.mcnc.org/projects/SITAR/SITAR norfolk-2001.pdf,2001
[42]Thomas Wu,Michael Malkin,Dan Boneh,Building Intrusion Tolerant Applications[J],Proceedings of 8th USENIX Security Symposium,1999
[43]P Luenam,Peng Liu.The Design of an Adaptive Intrusion Tolerant Database System[C],In;Proc IEEE Workshop on Intrusion Tolerant Systems,2002
[44]王小艳,谢小权.网络系统的生存性机制.第18次全国计算机安全年会[J].2003
[45]王超,马建峰.可生存网络系统的构建方法[J],电子学报,第12A期,2005;2336-2341
[46]包秀国,胡铭曾,张宏莉等.两种网络安全管理系统的生存性定量分析方法[J],通信学报,2004,25(9);34-41
[47]吴文光.可生存性信息服务系统设计实现与评估方法研究[D],长沙;国防科技大学,2005
[48]黄遵国,卢锡城,胡华平,生存能力技术及其实现案例研究[J],通信学报.2004,25(7);137-145
[49]黄遵国,卢锡城,随机自治可生存调度算法研究[J],计算机工程与科学,2005
[50]张鸿志.网络可生存性研究[D].西安;西安电子科技大学,2005年1月
[51]林雪纲.网络信息系统生存性分析研究[D].杭州;浙江大学.2006
[52]Yen-Ming Chen.Study of The Interdependencies Within The Banking And Finance Infrastructure For Survivability.Carnegie Mellon,University.1999
[53]Lawrence R.Rogers.Survivable Functional Units;Balancing an Enterprise's Mission and Technology[R].CERT Training and Education Center.2004
[54]IMJU BYON.Survivability of the U.S.Electric Power Industry[D].Carnegie Mellon University Information Networking Institute,2000
[55]Jose Caldera.Survivability Requirements for the U.S.Health Care Industry[D].Carnegie Mellon University.2000
[56]National Security Agency,Information Assurance Solutions.IATF Release 3.0[J],Technical Directors,USA,2000
[57]MARS[N],http;//www.cisco.com/web/cn/products/
[58]汉邦信息安全综合强审计监控系统白皮书(HBAudit)[N],http;//www.hba.com
[59]安全审计与基于审计的入侵检测.张相峰.北京;中国科学院研究生院[D],2004
[60]信息安全事件分类分级指南(征求意见稿)[S],2006
[61]TC260-WG5-N50017.入侵检测系统技术要求和评估方法[S],2005
[62]GB_17859-1999.计算机信息系统安全保护等级划分准则[S],1999
[63]The syslog Protocol,draft-ieff-syslog-protocol-15[S],2005
[64]Reliable Delivery for syslog.RFC3195[S],2001