基于虚电路的微通信元系统架构网络端到端可用性问题研究
|
摘要
多年来,相对信息安全三大属性(机密性、完整性和可用性)的机密性和完整性而言,可用性问题的研究一直不太引起人们的重视。然而,自2000年2月,Yahoo、Buy.com、eBay、Amazon、CNN等多家大型网站遭受分布式拒绝服务攻击以来,基于TCP/IP体系结构的网络可用性问题显得日益突出,于是人们开始重视网络可用性问题的研究。但是,围绕网络可用性问题进行的研究基本上还停留在定性研究的层面,难以对网络可用性进行准确的分析和评估;为解决网络可用性问题而提出的模型和方案都采取的是对现有TCP/IP网络体系结构打补丁的方法,难以从根本上、系统地解决现有TCP/IP网络面临的可用性问题。
为了从根本上、系统地解决现有TCP/IP网络面临的诸多问题(其中包含可用性问题),国内研究人员提出了一种全新的网络体系结构——服务元网络体系结构,并提出了该体系结构的一种实现模型——基于虚电路的微通信元系统架构。尽管基于服务元网络体系结构的微通信元系统架构为解决包含可用性问题在内的诸多问题提供了体系结构的优势,但是在具体实现时仍然有许多与可用性相关的问题需要研究和解决。
论文围绕基于虚电路的微通信元系统架构网络端到端可用性问题,提出了一种对基于虚电路的微通信元系统架构网络端到端可用性进行定量分析的方法;在基于虚电路的微通信元系统架构网络中,由于接入路由器在对请求建立虚电路的源节点进行身份鉴别时,容易遭到针对鉴别协议漏洞而发起的拒绝服务攻击,为此,论文提出了一种能对抗拒绝服务攻击的身份鉴别系统;在基于虚电路的微通信元系统架构网络中,由于恶意授权实体可能通过已建立的虚电路向网络或目标节点发送大量分组,试图淹没网络或目标节点,从而达到使网络或目标节点不能为非恶意授权实体提供服务的目的,为此,论文借鉴传统的资源分配模型,提出了一种基于虚电路的资源分配模型,并对该模型所采用的资源分配算法进行了描述和分析。
论文在总结信息安全领域研究的可用性特点的基础上,通过引入以“服务能力”特征为研究对象的“能力可用性”概念,结合可靠性工程领域以“产品寿命”特征为研究对象的可用性概念,对信息安全领域研究的可用性概念进行了描述,并近似的将信息安全领域研究的可用大小表示为以“产品寿命”特征为研究对象的可用性大小与以“服务能力”特征为研究对象的可用性大小的乘积。
为计算以“产品寿命”特征为研究对象的可用性大小,论文借鉴可靠性工程领域对产品可用性进行定量分析的理论和方法,首先,将微通信元系统架构网络端到端通信的功能结构转变成由三个子系统串联而成的可用性框图,然后,使用随机过程理论,分别计算三个子系统的以“产品寿命”特征为研究对象的可用性大小,最后将三个子系统的以“产品寿命”特征为研究对象的可用性大小的乘积作为微通信元系统架构网络端到端的以“产品寿命”特征为研究对象的可用性大小。
为计算以“服务能力”特征为研究对象的可用性大小,论文将系统的服务能力归结为系统的资源分配能力。与计算以“产品寿命”特征为研究对象的可用性大小方法类似,首先,将微通信元系统架构网络端到端通信的功能结构转变成由多个单元串联而成的能力可用性框图,然后,分别计算各单元的能力可用度,最后,将各单元能力可用度的乘积作为微通信元系统架构网络端到端能力可用度。
论文设计了一种能有效对抗拒绝服务攻击的身份鉴别系统——“CL身份鉴别系统”,该身份鉴别系统所采用的身份鉴别方案具有较小的计算复杂度,同时具有很强的鉴别同步能力。
传统的资源分配模型仅仅基于进程标识和运行进程的用户标识进行资源分配,然而对于某个进程而言,如果其请求的资源大量用于为恶意授权实体提供服务,那么当非恶意授权实体需要进程提供服务时,进程会由于得不到相应的资源而无法为非恶意授权实体提供服务,从而仍然导致拒绝服务问题的产生。为此,论文提出了一种基于虚电路的资源分配模型,在该模型中,资源分配监视器不仅基于进程标识和运行进程的用户标识分配资源,而且还要根据虚电路标识和发起建立虚电路的源节点标识进行资源分配,这样可以有效对抗来自恶意授权实体的拒绝服务攻击。
For years, researches on information security have been focusing more on confidentiality and integrity than availability. Since several big websites like Yahoo, Buy.com, eBuy, Amazon and CNN suffered from the DDoS (Distributive Denial of Service, DDoS) attacks in February, 2000, the problems on the network availability, based on TCP/TP architecture, have become more and more urgent to solve. So researches begin to focus on the network availability. However, they are just laid on the qualitative level. So it is difficult to make precise analysis and evaluation and the models and solutions to network availability, which are just the patches to the existing TCP/TP network architecture, can't solve the problems basically and systematically.
In order to deal with such situation, researches in China put forward a new network architecture—service unit network architecture and its implementation model—micro communication element system structure on the basis of virtual circuit. Although it has some advantages, there are still many problems to study and solve.
The paper is concerned about the end-to-end availability problems on the micro communication element system structure based on the virtual circuit, and the quantitative method about it. In the micro communication element system structure, the access router is easily suffered from denial service attacks which use the vulnerability of identity authentication protocol when it identifies the identity of the source node which requests for setting up the virtual circuit. So the paper puts forward an identity authentication system to resist the denial service attacks. The wicked authorized entity may send a large deal of packets through the established virtual circuit to flood the network or target nodes and make it impossible that the network or target nodes offer service to the non-wicked authenticated entity, So the paper puts forward a resource allocation model based on virtural circuit and make a description and analysis of the resource allocation algorithm adopted by the model.
The paper sums up the availability property in the information security field and introduce the concept "capability availability" which takes the service capability as the subject of study. Then the paper describes the concept "availability" in the information security field related to the concept "availability" which takes "product lifetime" as the subject of study in the reliability engineering field and approximately states that the availability in the information security field is the multiplication between product lifetime availability and the service capability availability.
To calculate the product lifetime availability, the paper takes the quantitative theory and methods in which the reliability engineering analyzes the product availability. First, transform the end-to-end communication structure of micro communication element system structure into the availability diagram with the serial connection of three sub-systems. Then, calculate the product lifetime availability of the three sub-systems respectively using the random process theory. Finally, the product lifetime availability of the end-to-end micro communication element system is the multiplication of the three sub-systems product lifetime availabilities.
To calculate the service capability availability, the paper takes the system service capability as the system resousrce allocation capability. Similar to the method mentioned above, First, transform the end-to-end micro communication element system functional structure into the capability availability diagram with the serial connection of several units, then calculate each unit's capability availability respectively. Finally, the end-to-end micro communication elenet system capability availability is the multiplication of each unit's capability availability.
The paper designs an identity authentication system—CL identity authentication system with little algorithm complexity and powerful authentication synchronic capability.
Traditional resource allocation models just allocate resource based on the process identifier and user identifier of the process. But for some process, the non-wicked authorization entity can't obtain the service needed if the resource requests are utilized to offer service to wicked authorization entity. Then the denial service problems arise. So the paper puts forward a resource allocation model on the basis of virtual circuit in which resource allocation monitor allocates resource not only between process identifier and user identifier of the process but also between virtual circuit identifier and the identification of source node wich initiates the establishment of the virtual circuit. As a result, the model can effectively resist the denial service attack from the wicked authorization entity.
为了从根本上、系统地解决现有TCP/IP网络面临的诸多问题(其中包含可用性问题),国内研究人员提出了一种全新的网络体系结构——服务元网络体系结构,并提出了该体系结构的一种实现模型——基于虚电路的微通信元系统架构。尽管基于服务元网络体系结构的微通信元系统架构为解决包含可用性问题在内的诸多问题提供了体系结构的优势,但是在具体实现时仍然有许多与可用性相关的问题需要研究和解决。
论文围绕基于虚电路的微通信元系统架构网络端到端可用性问题,提出了一种对基于虚电路的微通信元系统架构网络端到端可用性进行定量分析的方法;在基于虚电路的微通信元系统架构网络中,由于接入路由器在对请求建立虚电路的源节点进行身份鉴别时,容易遭到针对鉴别协议漏洞而发起的拒绝服务攻击,为此,论文提出了一种能对抗拒绝服务攻击的身份鉴别系统;在基于虚电路的微通信元系统架构网络中,由于恶意授权实体可能通过已建立的虚电路向网络或目标节点发送大量分组,试图淹没网络或目标节点,从而达到使网络或目标节点不能为非恶意授权实体提供服务的目的,为此,论文借鉴传统的资源分配模型,提出了一种基于虚电路的资源分配模型,并对该模型所采用的资源分配算法进行了描述和分析。
论文在总结信息安全领域研究的可用性特点的基础上,通过引入以“服务能力”特征为研究对象的“能力可用性”概念,结合可靠性工程领域以“产品寿命”特征为研究对象的可用性概念,对信息安全领域研究的可用性概念进行了描述,并近似的将信息安全领域研究的可用大小表示为以“产品寿命”特征为研究对象的可用性大小与以“服务能力”特征为研究对象的可用性大小的乘积。
为计算以“产品寿命”特征为研究对象的可用性大小,论文借鉴可靠性工程领域对产品可用性进行定量分析的理论和方法,首先,将微通信元系统架构网络端到端通信的功能结构转变成由三个子系统串联而成的可用性框图,然后,使用随机过程理论,分别计算三个子系统的以“产品寿命”特征为研究对象的可用性大小,最后将三个子系统的以“产品寿命”特征为研究对象的可用性大小的乘积作为微通信元系统架构网络端到端的以“产品寿命”特征为研究对象的可用性大小。
为计算以“服务能力”特征为研究对象的可用性大小,论文将系统的服务能力归结为系统的资源分配能力。与计算以“产品寿命”特征为研究对象的可用性大小方法类似,首先,将微通信元系统架构网络端到端通信的功能结构转变成由多个单元串联而成的能力可用性框图,然后,分别计算各单元的能力可用度,最后,将各单元能力可用度的乘积作为微通信元系统架构网络端到端能力可用度。
论文设计了一种能有效对抗拒绝服务攻击的身份鉴别系统——“CL身份鉴别系统”,该身份鉴别系统所采用的身份鉴别方案具有较小的计算复杂度,同时具有很强的鉴别同步能力。
传统的资源分配模型仅仅基于进程标识和运行进程的用户标识进行资源分配,然而对于某个进程而言,如果其请求的资源大量用于为恶意授权实体提供服务,那么当非恶意授权实体需要进程提供服务时,进程会由于得不到相应的资源而无法为非恶意授权实体提供服务,从而仍然导致拒绝服务问题的产生。为此,论文提出了一种基于虚电路的资源分配模型,在该模型中,资源分配监视器不仅基于进程标识和运行进程的用户标识分配资源,而且还要根据虚电路标识和发起建立虚电路的源节点标识进行资源分配,这样可以有效对抗来自恶意授权实体的拒绝服务攻击。
For years, researches on information security have been focusing more on confidentiality and integrity than availability. Since several big websites like Yahoo, Buy.com, eBuy, Amazon and CNN suffered from the DDoS (Distributive Denial of Service, DDoS) attacks in February, 2000, the problems on the network availability, based on TCP/TP architecture, have become more and more urgent to solve. So researches begin to focus on the network availability. However, they are just laid on the qualitative level. So it is difficult to make precise analysis and evaluation and the models and solutions to network availability, which are just the patches to the existing TCP/TP network architecture, can't solve the problems basically and systematically.
In order to deal with such situation, researches in China put forward a new network architecture—service unit network architecture and its implementation model—micro communication element system structure on the basis of virtual circuit. Although it has some advantages, there are still many problems to study and solve.
The paper is concerned about the end-to-end availability problems on the micro communication element system structure based on the virtual circuit, and the quantitative method about it. In the micro communication element system structure, the access router is easily suffered from denial service attacks which use the vulnerability of identity authentication protocol when it identifies the identity of the source node which requests for setting up the virtual circuit. So the paper puts forward an identity authentication system to resist the denial service attacks. The wicked authorized entity may send a large deal of packets through the established virtual circuit to flood the network or target nodes and make it impossible that the network or target nodes offer service to the non-wicked authenticated entity, So the paper puts forward a resource allocation model based on virtural circuit and make a description and analysis of the resource allocation algorithm adopted by the model.
The paper sums up the availability property in the information security field and introduce the concept "capability availability" which takes the service capability as the subject of study. Then the paper describes the concept "availability" in the information security field related to the concept "availability" which takes "product lifetime" as the subject of study in the reliability engineering field and approximately states that the availability in the information security field is the multiplication between product lifetime availability and the service capability availability.
To calculate the product lifetime availability, the paper takes the quantitative theory and methods in which the reliability engineering analyzes the product availability. First, transform the end-to-end communication structure of micro communication element system structure into the availability diagram with the serial connection of three sub-systems. Then, calculate the product lifetime availability of the three sub-systems respectively using the random process theory. Finally, the product lifetime availability of the end-to-end micro communication element system is the multiplication of the three sub-systems product lifetime availabilities.
To calculate the service capability availability, the paper takes the system service capability as the system resousrce allocation capability. Similar to the method mentioned above, First, transform the end-to-end micro communication element system functional structure into the capability availability diagram with the serial connection of several units, then calculate each unit's capability availability respectively. Finally, the end-to-end micro communication elenet system capability availability is the multiplication of each unit's capability availability.
The paper designs an identity authentication system—CL identity authentication system with little algorithm complexity and powerful authentication synchronic capability.
Traditional resource allocation models just allocate resource based on the process identifier and user identifier of the process. But for some process, the non-wicked authorization entity can't obtain the service needed if the resource requests are utilized to offer service to wicked authorization entity. Then the denial service problems arise. So the paper puts forward a resource allocation model on the basis of virtual circuit in which resource allocation monitor allocates resource not only between process identifier and user identifier of the process but also between virtual circuit identifier and the identification of source node wich initiates the establishment of the virtual circuit. As a result, the model can effectively resist the denial service attack from the wicked authorization entity.
引文
[1] 方勇,刘嘉勇著,信息系统安全导论,电子工业出版社,2003年4月.
[2] 任冬冬,分布式拒绝服务攻击的网络防御机制的研究,浙江工业大学硕士学位论文,2005年5月.
[3] 高社生,张玲霞著,可靠性理论与工程应用,国防工业出版社,2002年8月.
[4] Canadian Security Establishment (CSE), The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), Version 3.0, January 1993.
[5] ISO 7498-2, Information Processing Systems—Open Systems Interconnection—Basic Reference Model—Part 2: Security Architecture, 1989.
[6] 戴宗坤,刘永澄等著,英汉网络信息安全辞典,电子工业出版社,2003年3月.
[7] 陈麟,李焕洲、胡勇、戴宗坤,防火墙系统高可用性研究,四川大学学报(工程科学版),37(1),pp.127-129,2005年1月.
[8] Wei Xie, Availability and Performance Evaluation of E-business Systems, Duke University, Ph.D Thesis, September, 2003.
[9] Tom Anderson, Timothy Roscoe, David Wetherall, Preventing Internet Denial-of-Service with Capabilities, In ACM HotNets Ⅱ, 2003.
[10] Gary C. Kessler, "Defenses Against Distributed Denial of Service Attacks", SANS Institute, pp. 1-3, Nov. 29, 2000.
[11] Michael Goodrich, Efficient packet marking for largescale IP traceback, In Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 117-126. ACM Press, 2001.
[12] Kihong Park and Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In ACM SIGCOMM'01, pp. 15-26, 2001.
[13] Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, and Sonesh Surana, Internet Indirection Infrastructure. In Proceedings of ACMSIGCOMM 2002, pp. 10-20, August 2002.
[14] Yoohwan Kim, Towards defeating network denial-of-service attacks, Case Western Reserve University, Ph.D Thesis, January, 2004.
[15] [美]W.Richard Stevens著,范建华等译,TCP/IP详解卷1:协议,机械工业出版社,2000年4月.
[16] 谢希仁著,计算机网络(第四版),电子工业出版社,2003年6月.
[17] 文伟平,卿斯汉,王业君,分布式拒绝服务攻击研究进展,计算机技术与应用进展,pp.1013-1021,2004.
[18] Garg A.,Narasimha Reddy, Mitigation of DoS attacks through QoS regulation, in Proceedings of IWQOS Workshop, May 2002.
[19] Huang, Y., Pullen, J.M., Countering Denial-of-Service Attacks Using Congestion Triggered Packet Sampling and Filtering, In Proceedings of Computer Communications and Networks, 2001.
[20] Kashiwa, D., Chen E.Y., Fuji, H., Active shaping: A countermeasure against DDoS Attacks, In Proceedings of European Conference on Universal Multiservice Networks, 2002.
[21] Xiong, Y., Liu, S., Sun, P., On the Defense of the Distributed Denial of Service Attacks: An On-Off Feedback Control Approach, IEEE Transactions on Systems, Man, and Cybernetics Part A: System and Humans, 31(4) pp. 282-293, July 2001.
[22] Floyd, S., Belloviin, S.M., loannidis, J., Kompella, K., Mahajan, R., Paxson, V., Pushback Messages for Controlling Aggregates in the Network; drafl-floyd-pushback-message-00.txt, Internet draft, work in progress, July 2001.
[23] Ioannidis, J., Bellovin, S.M., Implementing Pushback: Router-Based Defense Against DDos Attacks, In Proceeding of Network and Distributed System Security Symposium, February 2002.
[24] Mirkovic, J., Prier, G., Reiher, P., Attacking DDoS at the Source, In Proceedings of 10th IEEE International Conference on Network Protocols, November 2002.
[25] Park, K., Lee, H., On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack, In Proceedings of IEEE Infocom, April 2001.
[26] Jin, C., Wang, H., Shin, K.G., Hop-Count Filterign: An effective Defense Againgst Tpoofed Traffic, In Proceedings of ACM Conference on Computer and Commnications Security (CCS)2003, October 2003.
[27] CHE-FN Yu, Virgil D. Gligor, A Specification and Verification Method for Preventing Denial of Service, IEEE Transactions on Softwar Engineering, Vol. 16, No. 6, pp. 581-592, June 1990.
[28] J.K. Millen, A resource allocation model for denial of service, IEEE Transactions on Security and Privacy, Oakland, USA 1992.
[29] F. Cuppens and C. Saurel, Towards a formalization of availability and denial of service, Information System Technology Panel Symposium on Protecting Nato Information Systems in the 21st century, Washington, 1999.
[30] Theodore Tryfonas, Dimitris Gritzalis, Spyros Kokolakis: A Qualitative Approach to Information Availability. SEC 2000: pp.37-48. 1999.
[31] Chen SG, Chow R. A new perspective in defending against DDoS, In Proceeding of the 10th IEEE Int'l Workshop on Future Trends of Distributed Computing Systems (FTDCS), pp. 186-190, 2004.
[32] 叶娅兰,吴少智,曾家智,杨霞,微通信元架构基于虚电路的通信策略研究,计算机应用,25(10),pp.2244-2246,2005年10月.
[33] ZENG J-Z, XU J, WU Y, et al. Service unit based network architecture. Parallel and Distributed Computing. Applications and Technologies, 2003. PDCAT'2003 [A]. Proceedings of the Fourth International Conference on[C], pp. 27-29, 2003.
[34] 曾家智,徐洁,吴跃等,服务元网络体系结构和微通信元系统构架,电子学报,32(5),pp.745-749,2004.
[35] 戴宗坤,罗万伯著,信息系统安全,电子工业出版社,2002年11月.
[36] 周楝淞,基于微通信元构架的安全净荷和认证服务元的设计和实现,电子科技大学硕士学位论文,2005年5月.
[37] 曾家智,李毅超,韩蒙,计算机网络(第二版),电子科技大学出版社,2004年3月.
[38] 吴晓勇,基于虚电路的微通信元架构基本模型的实现,电子科技大学硕士学位论文,2005年3月.
[39] 叶娅兰,基于虚电路的微通信元系统架构的QoS建模研究,电子科技大学硕士学位论文,2004年12月.
[40] 范华伟,基于微通信元的QoS路由研究与建模,电子科技大学硕士学位论文,2004 年12月.
[41] 肖帮乐,基于虚电路的微通信元构架的安全机制研究,电子科技大学硕士学位论文,2005年5月.
[42] Dong Tang, Dileep Kumar, Sreeram Duvur, Oystein Yorbjornsen, Availability Measurement and Modeling for An Application Server, In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004.
[43] A. Goyal, S. S. Lavenberg and K. S. Trivedi, Probabilistic Modeling of Computer System Availability, Annals &Operations Research, No. 8, March 1987, pp. 285-306.
[44] 卫剑钒,陈钟,段云所,王立福,一种认证协议防御拒绝服务攻击的设计方法,电子学报,33(2),pp.288-292,2005年1月.
[45] Michael Burrows, Martin Abadi, Roger Needham, A logic of authentication, ACM Transactions on Computer Systems, 8(1), pp. 18-36, 1990.
[46] [英]Dieter Gollmann著,华蓓,蒋凡等,计算机安全,人民邮电出版社,2004年1月.
[47] 刘建亚,吕同等著,概率论与数理统计,高等教育出版社,2003年7月.
[48] 张卓奎,陈惠婵著,随机过程,西安电子科技大学出版社,2003年9月.
[49] 苏变萍,陈东立著,复变函数与积分变换,高等教育出版社,2003年5月.
[50] Yue Yang, Gong Jianya, An efficient implementation of shortest path algorithm based on Dijkstra algorithm, Journal of Wuhan Technical University of Surveying and Mapping; 24(3): pp. 209-212, 1999.
[51] Yuliang Zheng, Jussipekka Leiwo, Layered protection of availability, PACIS'97-Proceedings-of the third Pacific Asia conference on information systems- The confluence of theory and practice, Brisbane, Australia 1-5 April, 1997, ISMRC/QUT, Brisbane Queensland, ISBN/ISSN: 1-86435-275-2, pp .889-897, 1997.
[52] David I. Heimann, Nitin Mittal, Kishor S. Trivedi, Availability and reliability modeling for computer system, Advances in computers, Academic Press Professional, Inc., San Diego, CA, 1990.
[53] Ruoshan Kong, Huaibei Zhou, End-to-end Availability Analysis of Physical Network, IEEE Computer and Information Technology, 2004. CIT '04, ISBN: 0-7695-2216-5 Digital Object Identifier: 10.1109/CIT.2004.1357159, pp.668-673, September 2004.
[54] L Zheng, A.C. Myers, End-to-end availability policies and noninterference, Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.272-286, 2005.
[55] 梅启智,廖炯生,孙惠中著,系统可靠性工程基础,科学出版社,1992.
[56] 王沫然著,MATLAB与科学计算(第2版),电子工业出版社,2003年9月.
[57] 朱嘉鲁,基于移动Agent的Web服务组合,中国科学院研究生院(成都计算机应用研究所)硕士学位论文,2006年8月.
[58] X. Castillo, D.R Siewiorek, Workload, performance, and reliability of digital computer systems, In Proceedings, 11th Int. Syrup, Fault-Tolerant Comput, pp.84-89, July 1981.
[59] L. Barroso, K. Gharachorloo, E. Bugnion, Memory System Characterization of Commercial Workloads, In Proceedings of the 25th International Symposium on Computer Architecture, pp. 3-14, June 1998.
[60] Dong Tang, Dileep Kumar, Sreeram Duvur, Oystein Torbjornsen, Availability Measurement and Modeling for An Application Server, In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004.
[61] 史庭俊,马建峰,基于Hash函数的抗攻击无线认证方案,系统工程与电子技术,28(1):pp.122-126,2006年1月.
[62] Matsuura H, Imai H, Protection of authenticated key-agreement protocol against a denial-of-service attack, Lecture Notes in Computer Science, Springer-Verlag, pp.169-182, 1999.
[63] Aura T, Nikander P, et al, Dos-resistant authentication with client puzzles, Lecture Notes In Computer Science archive Revised Papers from the 8th International Workshop on Security Protocol table of contents, Springer-Verlag, pp. 170-177, 2001.
[64] 严蔚敏,吴伟民著,数据结构,清华大学出版社,1999年8月.
[65] [美]MarkAllen Weiss著,冯舜译,数据结构与算法分析,机械工业出版社,2004年1月.
[66] Leiwo, J., Zheng, Y., A Method to Implement a Denial of Service Protection Base, Vol. 1270 of LNCS, Information Security and Privacy, Berlin Germany, pp. 90-101, 1997.
[67] [美]Douglas E.Comer,David L.Stevens著,张娟,王海译,用TCP/IP进行网际互连(第2卷:设计、实现和内部构成),电子工业出版社,1998年7月.
[2] 任冬冬,分布式拒绝服务攻击的网络防御机制的研究,浙江工业大学硕士学位论文,2005年5月.
[3] 高社生,张玲霞著,可靠性理论与工程应用,国防工业出版社,2002年8月.
[4] Canadian Security Establishment (CSE), The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), Version 3.0, January 1993.
[5] ISO 7498-2, Information Processing Systems—Open Systems Interconnection—Basic Reference Model—Part 2: Security Architecture, 1989.
[6] 戴宗坤,刘永澄等著,英汉网络信息安全辞典,电子工业出版社,2003年3月.
[7] 陈麟,李焕洲、胡勇、戴宗坤,防火墙系统高可用性研究,四川大学学报(工程科学版),37(1),pp.127-129,2005年1月.
[8] Wei Xie, Availability and Performance Evaluation of E-business Systems, Duke University, Ph.D Thesis, September, 2003.
[9] Tom Anderson, Timothy Roscoe, David Wetherall, Preventing Internet Denial-of-Service with Capabilities, In ACM HotNets Ⅱ, 2003.
[10] Gary C. Kessler, "Defenses Against Distributed Denial of Service Attacks", SANS Institute, pp. 1-3, Nov. 29, 2000.
[11] Michael Goodrich, Efficient packet marking for largescale IP traceback, In Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 117-126. ACM Press, 2001.
[12] Kihong Park and Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In ACM SIGCOMM'01, pp. 15-26, 2001.
[13] Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, and Sonesh Surana, Internet Indirection Infrastructure. In Proceedings of ACMSIGCOMM 2002, pp. 10-20, August 2002.
[14] Yoohwan Kim, Towards defeating network denial-of-service attacks, Case Western Reserve University, Ph.D Thesis, January, 2004.
[15] [美]W.Richard Stevens著,范建华等译,TCP/IP详解卷1:协议,机械工业出版社,2000年4月.
[16] 谢希仁著,计算机网络(第四版),电子工业出版社,2003年6月.
[17] 文伟平,卿斯汉,王业君,分布式拒绝服务攻击研究进展,计算机技术与应用进展,pp.1013-1021,2004.
[18] Garg A.,Narasimha Reddy, Mitigation of DoS attacks through QoS regulation, in Proceedings of IWQOS Workshop, May 2002.
[19] Huang, Y., Pullen, J.M., Countering Denial-of-Service Attacks Using Congestion Triggered Packet Sampling and Filtering, In Proceedings of Computer Communications and Networks, 2001.
[20] Kashiwa, D., Chen E.Y., Fuji, H., Active shaping: A countermeasure against DDoS Attacks, In Proceedings of European Conference on Universal Multiservice Networks, 2002.
[21] Xiong, Y., Liu, S., Sun, P., On the Defense of the Distributed Denial of Service Attacks: An On-Off Feedback Control Approach, IEEE Transactions on Systems, Man, and Cybernetics Part A: System and Humans, 31(4) pp. 282-293, July 2001.
[22] Floyd, S., Belloviin, S.M., loannidis, J., Kompella, K., Mahajan, R., Paxson, V., Pushback Messages for Controlling Aggregates in the Network; drafl-floyd-pushback-message-00.txt, Internet draft, work in progress, July 2001.
[23] Ioannidis, J., Bellovin, S.M., Implementing Pushback: Router-Based Defense Against DDos Attacks, In Proceeding of Network and Distributed System Security Symposium, February 2002.
[24] Mirkovic, J., Prier, G., Reiher, P., Attacking DDoS at the Source, In Proceedings of 10th IEEE International Conference on Network Protocols, November 2002.
[25] Park, K., Lee, H., On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack, In Proceedings of IEEE Infocom, April 2001.
[26] Jin, C., Wang, H., Shin, K.G., Hop-Count Filterign: An effective Defense Againgst Tpoofed Traffic, In Proceedings of ACM Conference on Computer and Commnications Security (CCS)2003, October 2003.
[27] CHE-FN Yu, Virgil D. Gligor, A Specification and Verification Method for Preventing Denial of Service, IEEE Transactions on Softwar Engineering, Vol. 16, No. 6, pp. 581-592, June 1990.
[28] J.K. Millen, A resource allocation model for denial of service, IEEE Transactions on Security and Privacy, Oakland, USA 1992.
[29] F. Cuppens and C. Saurel, Towards a formalization of availability and denial of service, Information System Technology Panel Symposium on Protecting Nato Information Systems in the 21st century, Washington, 1999.
[30] Theodore Tryfonas, Dimitris Gritzalis, Spyros Kokolakis: A Qualitative Approach to Information Availability. SEC 2000: pp.37-48. 1999.
[31] Chen SG, Chow R. A new perspective in defending against DDoS, In Proceeding of the 10th IEEE Int'l Workshop on Future Trends of Distributed Computing Systems (FTDCS), pp. 186-190, 2004.
[32] 叶娅兰,吴少智,曾家智,杨霞,微通信元架构基于虚电路的通信策略研究,计算机应用,25(10),pp.2244-2246,2005年10月.
[33] ZENG J-Z, XU J, WU Y, et al. Service unit based network architecture. Parallel and Distributed Computing. Applications and Technologies, 2003. PDCAT'2003 [A]. Proceedings of the Fourth International Conference on[C], pp. 27-29, 2003.
[34] 曾家智,徐洁,吴跃等,服务元网络体系结构和微通信元系统构架,电子学报,32(5),pp.745-749,2004.
[35] 戴宗坤,罗万伯著,信息系统安全,电子工业出版社,2002年11月.
[36] 周楝淞,基于微通信元构架的安全净荷和认证服务元的设计和实现,电子科技大学硕士学位论文,2005年5月.
[37] 曾家智,李毅超,韩蒙,计算机网络(第二版),电子科技大学出版社,2004年3月.
[38] 吴晓勇,基于虚电路的微通信元架构基本模型的实现,电子科技大学硕士学位论文,2005年3月.
[39] 叶娅兰,基于虚电路的微通信元系统架构的QoS建模研究,电子科技大学硕士学位论文,2004年12月.
[40] 范华伟,基于微通信元的QoS路由研究与建模,电子科技大学硕士学位论文,2004 年12月.
[41] 肖帮乐,基于虚电路的微通信元构架的安全机制研究,电子科技大学硕士学位论文,2005年5月.
[42] Dong Tang, Dileep Kumar, Sreeram Duvur, Oystein Yorbjornsen, Availability Measurement and Modeling for An Application Server, In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004.
[43] A. Goyal, S. S. Lavenberg and K. S. Trivedi, Probabilistic Modeling of Computer System Availability, Annals &Operations Research, No. 8, March 1987, pp. 285-306.
[44] 卫剑钒,陈钟,段云所,王立福,一种认证协议防御拒绝服务攻击的设计方法,电子学报,33(2),pp.288-292,2005年1月.
[45] Michael Burrows, Martin Abadi, Roger Needham, A logic of authentication, ACM Transactions on Computer Systems, 8(1), pp. 18-36, 1990.
[46] [英]Dieter Gollmann著,华蓓,蒋凡等,计算机安全,人民邮电出版社,2004年1月.
[47] 刘建亚,吕同等著,概率论与数理统计,高等教育出版社,2003年7月.
[48] 张卓奎,陈惠婵著,随机过程,西安电子科技大学出版社,2003年9月.
[49] 苏变萍,陈东立著,复变函数与积分变换,高等教育出版社,2003年5月.
[50] Yue Yang, Gong Jianya, An efficient implementation of shortest path algorithm based on Dijkstra algorithm, Journal of Wuhan Technical University of Surveying and Mapping; 24(3): pp. 209-212, 1999.
[51] Yuliang Zheng, Jussipekka Leiwo, Layered protection of availability, PACIS'97-Proceedings-of the third Pacific Asia conference on information systems- The confluence of theory and practice, Brisbane, Australia 1-5 April, 1997, ISMRC/QUT, Brisbane Queensland, ISBN/ISSN: 1-86435-275-2, pp .889-897, 1997.
[52] David I. Heimann, Nitin Mittal, Kishor S. Trivedi, Availability and reliability modeling for computer system, Advances in computers, Academic Press Professional, Inc., San Diego, CA, 1990.
[53] Ruoshan Kong, Huaibei Zhou, End-to-end Availability Analysis of Physical Network, IEEE Computer and Information Technology, 2004. CIT '04, ISBN: 0-7695-2216-5 Digital Object Identifier: 10.1109/CIT.2004.1357159, pp.668-673, September 2004.
[54] L Zheng, A.C. Myers, End-to-end availability policies and noninterference, Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.272-286, 2005.
[55] 梅启智,廖炯生,孙惠中著,系统可靠性工程基础,科学出版社,1992.
[56] 王沫然著,MATLAB与科学计算(第2版),电子工业出版社,2003年9月.
[57] 朱嘉鲁,基于移动Agent的Web服务组合,中国科学院研究生院(成都计算机应用研究所)硕士学位论文,2006年8月.
[58] X. Castillo, D.R Siewiorek, Workload, performance, and reliability of digital computer systems, In Proceedings, 11th Int. Syrup, Fault-Tolerant Comput, pp.84-89, July 1981.
[59] L. Barroso, K. Gharachorloo, E. Bugnion, Memory System Characterization of Commercial Workloads, In Proceedings of the 25th International Symposium on Computer Architecture, pp. 3-14, June 1998.
[60] Dong Tang, Dileep Kumar, Sreeram Duvur, Oystein Torbjornsen, Availability Measurement and Modeling for An Application Server, In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004.
[61] 史庭俊,马建峰,基于Hash函数的抗攻击无线认证方案,系统工程与电子技术,28(1):pp.122-126,2006年1月.
[62] Matsuura H, Imai H, Protection of authenticated key-agreement protocol against a denial-of-service attack, Lecture Notes in Computer Science, Springer-Verlag, pp.169-182, 1999.
[63] Aura T, Nikander P, et al, Dos-resistant authentication with client puzzles, Lecture Notes In Computer Science archive Revised Papers from the 8th International Workshop on Security Protocol table of contents, Springer-Verlag, pp. 170-177, 2001.
[64] 严蔚敏,吴伟民著,数据结构,清华大学出版社,1999年8月.
[65] [美]MarkAllen Weiss著,冯舜译,数据结构与算法分析,机械工业出版社,2004年1月.
[66] Leiwo, J., Zheng, Y., A Method to Implement a Denial of Service Protection Base, Vol. 1270 of LNCS, Information Security and Privacy, Berlin Germany, pp. 90-101, 1997.
[67] [美]Douglas E.Comer,David L.Stevens著,张娟,王海译,用TCP/IP进行网际互连(第2卷:设计、实现和内部构成),电子工业出版社,1998年7月.