移动Agent风险评估模型的研究
|
摘要
随着Internet和信息技术的迅速普及,网络信息安全已经成为人们日益关注的焦点问题。通常攻击者和病毒是利用系统的安全漏洞侵入目标系统的。因此,在漏洞被攻击者利用之前,主动地扫描和检测目标系统的安全漏洞,并根据检测数据对目标进行风险分析与评估是至关重要的,其已经成为目前网络安全研究的热点。
传统的风险评估系统存在以下不足:扫描模块和评估模块不能在网络中移动,限制了评估的速度和范围。为解决这些不足,我们引入移动Agent技术。利用移动Agent技术来改进扫描方式和评估方式,同时降低传统系统对网络带宽的依赖程度,提高系统的服务能力和工作效率。
本文首先介绍了系统漏洞的定义、产生原因,并详细分析了漏洞扫描实现的关键技术。在此基础上,本文还介绍了风险评估的标准、原则、分析方法和评估算法。然后对移动Agent的理论和技术进行了深入的研究,介绍了移动Agent的体系结构和关键技术,并对当前比较典型的移动Agent系统进行了分析和比较。
其次,本文将移动Agent理论和风险评估技术相结合,设计并验证了一种移动Agent风险评估模型。该模型由漏洞扫描、结果处理和风险评估三层组成。它根据客户对评估规则的详细设置,利用移动Agent去扫描目标系统,得出系统漏洞,并根据漏洞情况得出目标系统的风险等级,从而为客户提供详细评估结论和安全建议。文中还详细介绍了模型中所采用的总控Agent、漏洞扫描Agent和风险评估Agent的功能及实现的关键技术。最后对该模型的优点及不足进行了分析和总结。
在模型设计的基础上,本文还对移动Agent风险评估模型进行了验证。该实验系统搭建在移动Agent平台Aglet上。在实验过程中,系统对目标系统进行漏洞扫描,初步实现移动Agent风险评估模型。当客户登陆系统设置评估信息,发出评估请求时,由系统中的总控Agent在本地产生扫描调度Agent和扫描Agent,发送移动Agent到目标系统上执行漏洞扫描,获得目标系统的漏洞信息。然后评估Agent根据返回的漏洞信息,利用先前设计好的评估算法,得出目标系统的风险等级。最后将系统的漏洞信息、评估信息和安全建议返回给客户。文中介绍了系统的总体设计和各个子模块的功能,并对其中的关键技术进行了详细的分析。实验较好的体现了移动Agent在风险评估模型中所具有的节约网络带宽、减轻本地CPU负担及提高系统工作效率等优点。
风险评估技术是我国新兴的研究领域,是网络安全中重要的组成部分。本文对移动Agent风险评估技术进行较为深入的研究,并取得了一些初步的研究成果,具有一定的参考价值。
With the rapid development of Internet and communication technology, network information security has become the focus of people's attention. Generally speaking, attackers and virus intrude into the target system by utilizing security vulnerabilities. Therefore, scanning and examining security vulnerabilities of target system actively, then analyzing and assessing risk of the target system according to the scan result are very necessary. And this technique has become the focus of network security research.
The traditional risk assessment system has some disadvantages. Because the scanning module and assessing module could not move in the net, the velocity and area of assessment are confined. So Mobile Agent technique is imported to make up these disadvantages. Mobile Agent technique could improve the mode of scan and assess, reduce the traditional system's dependence on the bandwidth of net, enhance the service ability and work efficiency of the system.
Firstly, the definition and the cause of system vulnerabilities are studied, and some key technologies of network vulnerability scan are analyzed detailedly. Furthermore, some standards, principles, analysis methods and assessment arithmetics of the risk assessment are introduced. And then the theory and technology of Mobile Agent are studied, its architecture and key technique are introduced, and the analysis as well as comparison of typical Mobile Agent systems is also given out.
Secondly, combining Mobile Agent theory and risk assessment technology, a kind of Mobile Agent risk assessment model has been brought forward. The model is composed of three layers: vulnerability scan layer, result management layer and risk assessment layer. In order to get the target system's vulnerabilities, Mobile Agent is used to scan the system according to user's particular setting of assessment rules. And then the risk grade of target system is given out for providing user particular assessment result and security advice. The function and key technique of Control Agent, Scan Agent and Assessment Agent in the model are also introduced detailedly in the thesis. At last adventages and disadventages of the Model is educed.
On the base of model design, an experiment of Mobile Agent risk assessment model called MARAM also is designed. The experimental system is based on Mobile Agent platform Aglet. In the process of experiment, the target system is scanned according to facility condition, and the function of Mobile Agent risk assessment model is primarily implemented. When a user logs in the system for setting assessment information and sends out assessment requirement, the Control Agent will dispatch Scan Agent which is generated locally to target system to scan vulnerabilities and get vulnerabilities information. Then Assessment Agent can educe the risk grade of target system by utilizing assessment arithmetic according to vulnerabilities information. Finally vulnerabilities information, assessment information and security advice will be returned to the user. The global design of system and function of sub-system are given out, and key techniques of system are also analyzed in this paper. The experiment preferably educes the advantages of saving network bandwidth, lightening burden of local CPU and improving system efficiency by using Mobile Agent.
Risk assessment technology is a fresh research field in our country, and is an important part of network security. The Mobile Agent risk assessment technology is studied, and some primary research fruits are achieved in this dissertation, that will be valuable and have a good prospect to some certain extend.
传统的风险评估系统存在以下不足:扫描模块和评估模块不能在网络中移动,限制了评估的速度和范围。为解决这些不足,我们引入移动Agent技术。利用移动Agent技术来改进扫描方式和评估方式,同时降低传统系统对网络带宽的依赖程度,提高系统的服务能力和工作效率。
本文首先介绍了系统漏洞的定义、产生原因,并详细分析了漏洞扫描实现的关键技术。在此基础上,本文还介绍了风险评估的标准、原则、分析方法和评估算法。然后对移动Agent的理论和技术进行了深入的研究,介绍了移动Agent的体系结构和关键技术,并对当前比较典型的移动Agent系统进行了分析和比较。
其次,本文将移动Agent理论和风险评估技术相结合,设计并验证了一种移动Agent风险评估模型。该模型由漏洞扫描、结果处理和风险评估三层组成。它根据客户对评估规则的详细设置,利用移动Agent去扫描目标系统,得出系统漏洞,并根据漏洞情况得出目标系统的风险等级,从而为客户提供详细评估结论和安全建议。文中还详细介绍了模型中所采用的总控Agent、漏洞扫描Agent和风险评估Agent的功能及实现的关键技术。最后对该模型的优点及不足进行了分析和总结。
在模型设计的基础上,本文还对移动Agent风险评估模型进行了验证。该实验系统搭建在移动Agent平台Aglet上。在实验过程中,系统对目标系统进行漏洞扫描,初步实现移动Agent风险评估模型。当客户登陆系统设置评估信息,发出评估请求时,由系统中的总控Agent在本地产生扫描调度Agent和扫描Agent,发送移动Agent到目标系统上执行漏洞扫描,获得目标系统的漏洞信息。然后评估Agent根据返回的漏洞信息,利用先前设计好的评估算法,得出目标系统的风险等级。最后将系统的漏洞信息、评估信息和安全建议返回给客户。文中介绍了系统的总体设计和各个子模块的功能,并对其中的关键技术进行了详细的分析。实验较好的体现了移动Agent在风险评估模型中所具有的节约网络带宽、减轻本地CPU负担及提高系统工作效率等优点。
风险评估技术是我国新兴的研究领域,是网络安全中重要的组成部分。本文对移动Agent风险评估技术进行较为深入的研究,并取得了一些初步的研究成果,具有一定的参考价值。
With the rapid development of Internet and communication technology, network information security has become the focus of people's attention. Generally speaking, attackers and virus intrude into the target system by utilizing security vulnerabilities. Therefore, scanning and examining security vulnerabilities of target system actively, then analyzing and assessing risk of the target system according to the scan result are very necessary. And this technique has become the focus of network security research.
The traditional risk assessment system has some disadvantages. Because the scanning module and assessing module could not move in the net, the velocity and area of assessment are confined. So Mobile Agent technique is imported to make up these disadvantages. Mobile Agent technique could improve the mode of scan and assess, reduce the traditional system's dependence on the bandwidth of net, enhance the service ability and work efficiency of the system.
Firstly, the definition and the cause of system vulnerabilities are studied, and some key technologies of network vulnerability scan are analyzed detailedly. Furthermore, some standards, principles, analysis methods and assessment arithmetics of the risk assessment are introduced. And then the theory and technology of Mobile Agent are studied, its architecture and key technique are introduced, and the analysis as well as comparison of typical Mobile Agent systems is also given out.
Secondly, combining Mobile Agent theory and risk assessment technology, a kind of Mobile Agent risk assessment model has been brought forward. The model is composed of three layers: vulnerability scan layer, result management layer and risk assessment layer. In order to get the target system's vulnerabilities, Mobile Agent is used to scan the system according to user's particular setting of assessment rules. And then the risk grade of target system is given out for providing user particular assessment result and security advice. The function and key technique of Control Agent, Scan Agent and Assessment Agent in the model are also introduced detailedly in the thesis. At last adventages and disadventages of the Model is educed.
On the base of model design, an experiment of Mobile Agent risk assessment model called MARAM also is designed. The experimental system is based on Mobile Agent platform Aglet. In the process of experiment, the target system is scanned according to facility condition, and the function of Mobile Agent risk assessment model is primarily implemented. When a user logs in the system for setting assessment information and sends out assessment requirement, the Control Agent will dispatch Scan Agent which is generated locally to target system to scan vulnerabilities and get vulnerabilities information. Then Assessment Agent can educe the risk grade of target system by utilizing assessment arithmetic according to vulnerabilities information. Finally vulnerabilities information, assessment information and security advice will be returned to the user. The global design of system and function of sub-system are given out, and key techniques of system are also analyzed in this paper. The experiment preferably educes the advantages of saving network bandwidth, lightening burden of local CPU and improving system efficiency by using Mobile Agent.
Risk assessment technology is a fresh research field in our country, and is an important part of network security. The Mobile Agent risk assessment technology is studied, and some primary research fruits are achieved in this dissertation, that will be valuable and have a good prospect to some certain extend.
引文
[1] download in http://www.edu.cn/wangluoanquan 5177/20061010/199528.html, 2006.10
[2] ewson Alan, Network threats and vulnerability scanners, Network Security, 2005, 12, pp. 13-15
[3] 郎良,张玉清,漏洞检测与主动防御系统模型的研究与实现,计算机工程,2004,26,pp.38-40
[4] 张云勇,刘锦德,移动Agent技术,第二版,北京,清华大学出版社,2003,pp.43-60
[5] 葛建国,基于Agent技术的应用系统研究与发展,硕士学位论文,2001,3,p.23-25
[6] Sheng-Uei Guan, Tianhan Wang, Sim-Heng, A Secure Approach for Mobile Agent Migration Control, seventh International symposium on computers and communications, Taormina-Giardini Naxos, Italy, July 01-04, 2002, pp. 41-45
[7] 戴祖锋,张玉清,胡予濮.安全扫描器综述,计算机工程,2004,2,pp.5-8
[8] Newson Alan, Network threats and vulnerability scanners, Network Security, 2005, 12, pp. 13-15
[9] 陈铁明,基于插件的安全漏洞扫描系统设计,计算机工程与设计,2004,25 (2), pp.194-196
[10] 黄著,苏璞睿,蒋建春,可扩展的网络弱点扫描系统设计与实现,计算机工程,2002,28(2),PP.149-151
[11] Tanemo Fumiyuki, Chikira Kazuaki, High-speed scanning system for security diagnosis, NTT Technical Review, 2004, 2(11), pp. 68-71
[12] 林柏钢,网络与信息安全教程,北京,机械工业出版社,2004,2-4,233-234,286-289,294,322
[13] 张平,蒋凡,一种改进的的网络安全扫描工具,计算机工程,2001,27(9),PP.107-109
[14] 李鹏,杨献荣,许丽华,网络漏洞扫描器的设计与实现,计算机工程,2003,29(8),PP.116-117
[15] 张义荣,张志超,鲜明等,计算机网络扫描技术研究,计算机工程与应用,2004,PP.173-176
[16] 刘海燕,杨洪路,王崛,一个基于网络的脆弱性扫描系统,计算机应用,2003,23(7), pp. 98-99, 102
[17] Panjwani Susmit, Tan Stephanie, Jarrin Keith M, An experimental evaluation to determine if port scans are precursors to an attack, Proceedings of the International Conference on Dependable Systems and Networks, 2005, pp. 602-611
[18] 刘健,曹耀钦,网络隐蔽扫描技术研究,计算机工程与设计,2004,25(2),pp.239-243
[19] 王雨晨,系统漏洞原理与常见攻击方法,计算机工程与应用,2001,38(8),pp.62-65
[20] 单葱胜,李小勇,李建华,主动检测网络扫描技术,计算机工程,2003,29(19),pp.8-10
[21] 上海市信息安全测评认证中心网站,http://www.shtec.gov.cn,2006.3
[22] Ritchey. R. W, Ammann. P, Using model checking to analyze network vulnerabilities, Proceedings 2000 IEEE Sylnposium on Security and Privacy, Oakland, CA, May 2000, pp.156-165
[23] Igor Kotenko, Mihail Stepashkin, Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle, MMM-ACNS 2005, LNCS 3685, 2005, pp. 311-324
[24] Alberts, Christopher J, Dorofee, Audrey J, OCTAVESM Method Implementation Guide, v2.0, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001
[25] C&A Systems Security Ltd, COBRA: Introduction to Risk Analysis http://www.ca-systems.zetnet.co.uk/risk.htm
[26] Dejan Milojicic, Mobile Agent application from Trend Wars, IEEE Concurrency
[27] Omer F. Rana, Performance management of mobile Agent systems, International Conference on Autonomous Agents, Barcelona, Spain 2000, pp. 148-155
[28] 祁明,多智能代理网络购物系统的设计与分析,计算机工程与设计,2001,6,pp.73-75
[29] 赵英,用于网上信息智能检索的Agent技术分析,情报科学,2000,10,pp.54-56.
[30] 顾俊峰,朱亮,移动Agent平台之分析与实现,计算机应用,33 (4),2000,pp.4-6
[31] Ying-Hong Wang, Chen-An Wang, Jen-Shium Chiang, etc. A Secure Model in Agent-Based Marketplace, 17th International Conference on Advanced information networking and application, Xi'an, China, March 27-29, 2003
[32] download in http://www. fipa.org,2005.12
[33] 顾俊峰,朱亮,刘岩等,移动Agent平台之分析和实现,计算机应用,20(8),2000, pp. 19-21.
[34] download in http://www.telescript.com, 2006.9
[35] download in http://www.cs.dartmouth.edu/Agent, 2006.8
[36] download in http://www.ikv.de/products/grasshopper, 2006.10
[37] download in http://www.trial.ibm.com/aglets, 2006.10
[38] 钱秀槟,Web中间件方式的隐患扫描器,计算机工程与应用,2004,pp.168-169,176
[39] Martin Robert, Integrating your information security vulnerability management capabilities through industry standards (CVE and OVAL), Proceedings of the IEEE International Conference on Systems, 2003, 2, pp. 1528-1533
[40] R. Pethia, Internet Security Trends, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Available online at http://www.cert.org/present/internet-security-trends/internet-security-trends.PPT. 2001.11
[41] James W. Meritt, A Method for Quantitative Risk Analysis, CISSP, 2003, 2, pp. 35-39
[42] 夏雨佳,席裕庚,基于Java的移动Agent研究,小型微型计算机系统,2000,21(4),pp.35-40
[43] 鄂晓征,陈定方,Aglet消息系统应用研究,湖北工业学院学报,2004,19(3),pp4-9.
[44] Brian Brewington, Robert Gray, Katsuhiro Moizumi, David Kotz, George Cybenko and Daniela Rus. Mobile Agents in distributed information retrieval. Available at http://Agent.cs.dartmouth.edu/papers/brewington:ir.ps.z.,2006.7.
[2] ewson Alan, Network threats and vulnerability scanners, Network Security, 2005, 12, pp. 13-15
[3] 郎良,张玉清,漏洞检测与主动防御系统模型的研究与实现,计算机工程,2004,26,pp.38-40
[4] 张云勇,刘锦德,移动Agent技术,第二版,北京,清华大学出版社,2003,pp.43-60
[5] 葛建国,基于Agent技术的应用系统研究与发展,硕士学位论文,2001,3,p.23-25
[6] Sheng-Uei Guan, Tianhan Wang, Sim-Heng, A Secure Approach for Mobile Agent Migration Control, seventh International symposium on computers and communications, Taormina-Giardini Naxos, Italy, July 01-04, 2002, pp. 41-45
[7] 戴祖锋,张玉清,胡予濮.安全扫描器综述,计算机工程,2004,2,pp.5-8
[8] Newson Alan, Network threats and vulnerability scanners, Network Security, 2005, 12, pp. 13-15
[9] 陈铁明,基于插件的安全漏洞扫描系统设计,计算机工程与设计,2004,25 (2), pp.194-196
[10] 黄著,苏璞睿,蒋建春,可扩展的网络弱点扫描系统设计与实现,计算机工程,2002,28(2),PP.149-151
[11] Tanemo Fumiyuki, Chikira Kazuaki, High-speed scanning system for security diagnosis, NTT Technical Review, 2004, 2(11), pp. 68-71
[12] 林柏钢,网络与信息安全教程,北京,机械工业出版社,2004,2-4,233-234,286-289,294,322
[13] 张平,蒋凡,一种改进的的网络安全扫描工具,计算机工程,2001,27(9),PP.107-109
[14] 李鹏,杨献荣,许丽华,网络漏洞扫描器的设计与实现,计算机工程,2003,29(8),PP.116-117
[15] 张义荣,张志超,鲜明等,计算机网络扫描技术研究,计算机工程与应用,2004,PP.173-176
[16] 刘海燕,杨洪路,王崛,一个基于网络的脆弱性扫描系统,计算机应用,2003,23(7), pp. 98-99, 102
[17] Panjwani Susmit, Tan Stephanie, Jarrin Keith M, An experimental evaluation to determine if port scans are precursors to an attack, Proceedings of the International Conference on Dependable Systems and Networks, 2005, pp. 602-611
[18] 刘健,曹耀钦,网络隐蔽扫描技术研究,计算机工程与设计,2004,25(2),pp.239-243
[19] 王雨晨,系统漏洞原理与常见攻击方法,计算机工程与应用,2001,38(8),pp.62-65
[20] 单葱胜,李小勇,李建华,主动检测网络扫描技术,计算机工程,2003,29(19),pp.8-10
[21] 上海市信息安全测评认证中心网站,http://www.shtec.gov.cn,2006.3
[22] Ritchey. R. W, Ammann. P, Using model checking to analyze network vulnerabilities, Proceedings 2000 IEEE Sylnposium on Security and Privacy, Oakland, CA, May 2000, pp.156-165
[23] Igor Kotenko, Mihail Stepashkin, Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle, MMM-ACNS 2005, LNCS 3685, 2005, pp. 311-324
[24] Alberts, Christopher J, Dorofee, Audrey J, OCTAVESM Method Implementation Guide, v2.0, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001
[25] C&A Systems Security Ltd, COBRA: Introduction to Risk Analysis http://www.ca-systems.zetnet.co.uk/risk.htm
[26] Dejan Milojicic, Mobile Agent application from Trend Wars, IEEE Concurrency
[27] Omer F. Rana, Performance management of mobile Agent systems, International Conference on Autonomous Agents, Barcelona, Spain 2000, pp. 148-155
[28] 祁明,多智能代理网络购物系统的设计与分析,计算机工程与设计,2001,6,pp.73-75
[29] 赵英,用于网上信息智能检索的Agent技术分析,情报科学,2000,10,pp.54-56.
[30] 顾俊峰,朱亮,移动Agent平台之分析与实现,计算机应用,33 (4),2000,pp.4-6
[31] Ying-Hong Wang, Chen-An Wang, Jen-Shium Chiang, etc. A Secure Model in Agent-Based Marketplace, 17th International Conference on Advanced information networking and application, Xi'an, China, March 27-29, 2003
[32] download in http://www. fipa.org,2005.12
[33] 顾俊峰,朱亮,刘岩等,移动Agent平台之分析和实现,计算机应用,20(8),2000, pp. 19-21.
[34] download in http://www.telescript.com, 2006.9
[35] download in http://www.cs.dartmouth.edu/Agent, 2006.8
[36] download in http://www.ikv.de/products/grasshopper, 2006.10
[37] download in http://www.trial.ibm.com/aglets, 2006.10
[38] 钱秀槟,Web中间件方式的隐患扫描器,计算机工程与应用,2004,pp.168-169,176
[39] Martin Robert, Integrating your information security vulnerability management capabilities through industry standards (CVE and OVAL), Proceedings of the IEEE International Conference on Systems, 2003, 2, pp. 1528-1533
[40] R. Pethia, Internet Security Trends, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Available online at http://www.cert.org/present/internet-security-trends/internet-security-trends.PPT. 2001.11
[41] James W. Meritt, A Method for Quantitative Risk Analysis, CISSP, 2003, 2, pp. 35-39
[42] 夏雨佳,席裕庚,基于Java的移动Agent研究,小型微型计算机系统,2000,21(4),pp.35-40
[43] 鄂晓征,陈定方,Aglet消息系统应用研究,湖北工业学院学报,2004,19(3),pp4-9.
[44] Brian Brewington, Robert Gray, Katsuhiro Moizumi, David Kotz, George Cybenko and Daniela Rus. Mobile Agents in distributed information retrieval. Available at http://Agent.cs.dartmouth.edu/papers/brewington:ir.ps.z.,2006.7.