网络信息系统生存性分析研究
|
摘要
随着现代社会日益趋于信息化,信息系统在日常生活中扮演着举足轻重的作用。虽然传统的安全措施提高了信息系统的安全性,但各种入侵事件还是不断的发生,为此必须考虑系统在入侵发生后还能否提供用户满意的服务,这就是生存性。在信息系统生存性研究中,包含有生存性设计和生存性分析两大领域,其中生存性分析着重研究如何评价系统的生存性,目标是提供一个标准的评测标准,从而实施如同信息安全等级认证的生存性认证。
信息系统生存性的研究历史并不长也远未达到成熟阶段,表现在生存性的定义并没统一化,更多的研究停留在定性分析以及理论上的量化分析,距离可真正进行实际应用的生存性定量分析还有很大的差距。
本文对信息系统生存性的量化分析进行了探讨,其中,主要在涉及到量化分析的以下几个方面进行了研究。
首先,对信息系统生存性和可靠性、容错性、QoS相关概念进行了对比分析,并利用形式化方法从系统与环境的关系出发描述了生存性定义。
第二,基于信息系统的开放复杂性,将整个生存性分析问题划分为系统、环境以及分析过程三个子问题,并分别提出各自的模型。三个模型充分考虑了实际分析中的可行性问题,以系统服务为核心来组织系统组件,从而避免了系统的复杂性;利用事件的分级以及不同事件的组合,对系统环境进行定义;通过系统状态的层次化结构,避免了传统的基于系统状态的分析模型中直接系统状态定义和状态转移分析。
第三,提出了一个针对信息系统的生存性分析框架SAF-NIS,该分析框架将整个分析流程划分为七个步骤,而这七个步骤可总结为与分析模型相对应的系统定义、环境定义、生存性测试和结果分析四个阶段。与SNA方法相比,该分析框架最终实现了生存性的量化分析,而且分析
As we turn into informationa society, information systems are more important for people's normal life. Though traditional security can improve information system's security, kinds of intrusions remain as before. Then, we must consider whether system can provide satisfied service when they have been intruded, and this is called survivability. In the research of survivability, there are two major fields: survivability design and survivability analysis, and the latter mostly study how to evaluate system survivability, whose purpose is to provide an evaluation standard for realizing survivability certification.The history of researching information system's survivability is not long, and the research result is far from mature, which can be concluded as following: the definition of survivability was not unified, and most researches are on qualitative analysis and theoretical quantificative analysis which is far from being applied in practice.This thesis focuses on quantificative analysis framework of information system, which is composed of the following aspects:Firstly, based on comparing survivability with correlative concept such as dependability, fault tolerance and QoS, the definition of information system survivability is gived by formalization based on the relations between sytem and environment.Secondly, as information system is an open complex system, the entire problem of survability analysis is divided into three subproblmes: system, environment and analysis process, each of whose models is provided. The three models fully consider the feasibility of practice: system components are combined through system service which avoids system's complex structure;environment is described by events degradation and combination of different
events;Hierarchical structure of system state is provided, which avoids definition of system state and analysis of state transitions in the traditional system state-based analysis model.Thirdly, a framework of information system survivability analysis is provided, which is named SAF-NIS. According to the analysis model, the entire analysis process is composed of seven steps in this framework, which can be concluded into four phases: system definition, environment definition, survivability test and result analysis. Comparing with SNA method, this framework ultimately realizes quantificative analysis of survivability, and the event database in the framework makes the analysis more simple and fair. For the key issue of the framework: quantificative analysis, a hierarchical computation process is provided, and survivability is computed through "3R+A" (resistance, recognition, recovery and adaption), which contribute to the survivability degradation in the future.Fourthly, based on the concept of event scenario in survivability analysis, event is a part of event scenario, and a target-intention based hierarchical classification method is present. This classification method has the advantage of good expansibility and quickly locating event, for the refined process of event target and multidimensional space of event classification. Moreover, sevent quantificative indexes are present to grade events, and an event database is developed to collect normal events through classification and degradation, which is compatible with CVE and other vulnerability database.Finally, a case study is provided to demonstrate the entire process of survivability analysis. Furthermore, a prototype analysis platform is described which is developed to unify the entire analysis process, decrease the analysis workload and interference of human.
信息系统生存性的研究历史并不长也远未达到成熟阶段,表现在生存性的定义并没统一化,更多的研究停留在定性分析以及理论上的量化分析,距离可真正进行实际应用的生存性定量分析还有很大的差距。
本文对信息系统生存性的量化分析进行了探讨,其中,主要在涉及到量化分析的以下几个方面进行了研究。
首先,对信息系统生存性和可靠性、容错性、QoS相关概念进行了对比分析,并利用形式化方法从系统与环境的关系出发描述了生存性定义。
第二,基于信息系统的开放复杂性,将整个生存性分析问题划分为系统、环境以及分析过程三个子问题,并分别提出各自的模型。三个模型充分考虑了实际分析中的可行性问题,以系统服务为核心来组织系统组件,从而避免了系统的复杂性;利用事件的分级以及不同事件的组合,对系统环境进行定义;通过系统状态的层次化结构,避免了传统的基于系统状态的分析模型中直接系统状态定义和状态转移分析。
第三,提出了一个针对信息系统的生存性分析框架SAF-NIS,该分析框架将整个分析流程划分为七个步骤,而这七个步骤可总结为与分析模型相对应的系统定义、环境定义、生存性测试和结果分析四个阶段。与SNA方法相比,该分析框架最终实现了生存性的量化分析,而且分析
As we turn into informationa society, information systems are more important for people's normal life. Though traditional security can improve information system's security, kinds of intrusions remain as before. Then, we must consider whether system can provide satisfied service when they have been intruded, and this is called survivability. In the research of survivability, there are two major fields: survivability design and survivability analysis, and the latter mostly study how to evaluate system survivability, whose purpose is to provide an evaluation standard for realizing survivability certification.The history of researching information system's survivability is not long, and the research result is far from mature, which can be concluded as following: the definition of survivability was not unified, and most researches are on qualitative analysis and theoretical quantificative analysis which is far from being applied in practice.This thesis focuses on quantificative analysis framework of information system, which is composed of the following aspects:Firstly, based on comparing survivability with correlative concept such as dependability, fault tolerance and QoS, the definition of information system survivability is gived by formalization based on the relations between sytem and environment.Secondly, as information system is an open complex system, the entire problem of survability analysis is divided into three subproblmes: system, environment and analysis process, each of whose models is provided. The three models fully consider the feasibility of practice: system components are combined through system service which avoids system's complex structure;environment is described by events degradation and combination of different
events;Hierarchical structure of system state is provided, which avoids definition of system state and analysis of state transitions in the traditional system state-based analysis model.Thirdly, a framework of information system survivability analysis is provided, which is named SAF-NIS. According to the analysis model, the entire analysis process is composed of seven steps in this framework, which can be concluded into four phases: system definition, environment definition, survivability test and result analysis. Comparing with SNA method, this framework ultimately realizes quantificative analysis of survivability, and the event database in the framework makes the analysis more simple and fair. For the key issue of the framework: quantificative analysis, a hierarchical computation process is provided, and survivability is computed through "3R+A" (resistance, recognition, recovery and adaption), which contribute to the survivability degradation in the future.Fourthly, based on the concept of event scenario in survivability analysis, event is a part of event scenario, and a target-intention based hierarchical classification method is present. This classification method has the advantage of good expansibility and quickly locating event, for the refined process of event target and multidimensional space of event classification. Moreover, sevent quantificative indexes are present to grade events, and an event database is developed to collect normal events through classification and degradation, which is compatible with CVE and other vulnerability database.Finally, a case study is provided to demonstrate the entire process of survivability analysis. Furthermore, a prototype analysis platform is described which is developed to unify the entire analysis process, decrease the analysis workload and interference of human.
引文
[1] 维基百科.(Accessed at http://zh.wikipedia.org/wiki/%E4%BF%A1%E6%81%AF%E7%B3%BB%E7%BB%9F.)
[2]. CERT/CC. CERT Coordination Center 2003 Annual Report;2003.
[4]. Ellison R.J., Fisher D.A., Linger R.C.等. Survivable Network System: An Emerging Discipline[J]. Technical Report, CMU/SEI-97-TR-013, Carnegie Mellon University. 1997.
[5].查理.达尔文.物种起源.北京:人民日报出版社;2005.
[6]. Morel Benoit. Immunology and the Survivability of Mission Critical Cyber-Based Systems. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2002 March 18-20, 2002;Vancouver, BC Canada;2002.
[7]. Yurcik William, Doss David, Kruse Hans. Survivability-over-Security: Providing Whole System Assurance. In: the 3rd IEEE/CMU/SEI Information Survivability Workshop (ISW-2000);2000 October 24-26, 2000;Boston, MA;2000.
[8]. Moitra Soumyo D., Oki Eiji, Yamanaka Naoaki. Some New Survivability Measure for Network Analysis and Design[J]. IEICE Transactions on Communications. 1997, E80-B(4): 625-631.
[9]. T1A1.2 Working Group. (Accessed at http://www.t1.org/t1a1/a12-hom.htm.)
[10].王东霞,窦文华.保证关键服务生存性的ATM网络资源管理[J].计算机研究与发展.2000,37(1):50-54.
[11].史国炜,曹烈光.SDH接入网的网络生存性研究[J].清华大学学报:自然科学版.2003,43(9):1269-2171.
[12]. Information Survivability Worksops. (Accessed at http: //www.cert.org/research/isw.html.)
[13]. SOS Research Group. (Accessed at http://www.sosresearch.org/.)
[14]. Survivability and High-assurance Assessments Research Program (SHARP).(Accessed at http://www.sdl.sri.com/programs/sharp/.)
[15]. Active Trust Management for Adaptive Survivable Systems(ATM for ASS's).(Accessed at http://www.ai.mit.edu/projects/its/.)
[16]. University of Massachusetts Amherst, Survivability Project. (Accessed at http://dis.cs.umass.edu/research/survive/.)
[17]. CCERT. (Accessed at http://www.ccert.edu.cn/.)
[18].黄遵国,卢锡城,王怀民.可生存性技术及其实现框架研究[J].国防科技大学学报.2002,24(5):29-32.
[19].黄遵国,卢锡城,胡华平.生存能力技术及其实现案例研究[J].通信学报.2004,25(7):137-145.
[20].郭渊博,马建峰.分布式系统中服务可生存性的定量分析[J].同济大学学报.2002,30(10):1190-1193.
[21].杨超,马建峰.可生存网络系统的形式化定义[J].电子科技.2004,(4):1-4.
[22].包秀国,胡铭曾,张宏莉等.两种网络安全管理系统的生存性定量分析方法[J].通信学报.2004,25(9):34-41.
[23].李之棠,舒承椿.基于信息冗余分散的系统可存活性研究[J].计算机工程与科学.2002,24(1):1-4.
[24].陈小全,张继红,傅鹂等.基于MA的可生存系统基本服务模型[J].重庆大学学报.2004,27(10):37-39.
[25].王红艳,谢小权.网络系统的生存性机制[J].信息网络安全.2003,(11):25-28.
[26].杨凡,蒋建春,陈松乔.网络生存性研究概述[J].计算机应用研究.2001,18(6):12-14.
[27].杨余旺,杨静宇.网络存活系统工程研究进展[J].计算机工程与应用.2003,39(22):142-145.
[28].夏春和,王继伟,赵勇等.可生存性分析方法研究[J].计算机应用研究.2002,19(12):28-32.
[29]. Westmark Vickie R. A Definition for Information System Survivability. In: the 37th Havaii International Coference on System Science (HICSS 2004);2004 January 05-08, 2004;Big Island, Hawaii;2004.
[30]. Mead Nancy R., Ellison Robert J., Linger Richard C.等. Survivable Network Analysis Method[J]. Technical Report CMU/SEI-2000-TR-013, ESC-2000-TR-013, Carnegie Mellon University. 2000.
[31]. Knight John C., Strunk Elisabeth A. Achieving Critical System Survivability through Software Architectures. In: ICSE 2003: Workshop on Software Architectures for Dependable Systems (WADS);2003;Portland, Oregon, USA: Springer;2003. p. 51-78.
[32]. Gollmann Dieter. Computer Security: John Wiley & Sons, Ltd.;1999.
[33]. Longstaff Thomas A. Survivability as Quality. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2002 March 18-20, 2002;Vancouver, BC Canada;2002.
[34]. Kinght John C., Strunk Elisabeth A., Sullivan Kevin J. Towards A Rigorous Definition of Information System Survivability. In: the DARPA Information Survivability Conference and Exposition (DISCEX'03);2003 April 2003;Washington, DC;2003.
[35].冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报.2004,25(7):10-18.
[36]. Deutsch M.S., Willis R.R. Software Quality Engineering: A Total Technical and Management Approach. Englewood Cillfs, NJ: Prentice-Hall;1988.
[37]. Ellison Robert J., Fisher David A., Linger Richard C.等. Survivability: Protecting Your Critical Systems[J]. IEEE Internet Computing. 1999, 3(6): 55-63.
[38]. Moitra Soumyo D., Konda Suresh L. A Simulation Model for Managing Survivability of Networked Information Systems[J]. Technical Report CMU/SEI-2000-TR-020. 2000.
[39]. Jha Sanjay K., Wing Jeannette M., Linger Richard C.等. Survivability Analysis of Network Specifications. In: Workshop on Depenedability Despite Malicious Faults, 2000 International Conference on Dependable Systems and Networks (DSN 2000);2000 June 25-28, 2000;New York, NY, USA: IEEE Computer Society;2000.
[40]. Wilson Mark R. The Quantitative Impact of Survivable Network Architectures on Service Availability[J]. IEEE Communications Magazine. 1998, 36(5): 71-77.
[41]. Louca Soulla, Pitsillides Andreas, Samaras George. On Network Survivability Algorithms Based on Trellis Graph Transformations. In: the Fourth IEEE Symposium on Computers and Communications (ISCC'99);1999 July 6-8, 1999;Red Sea, Egypt;1999. p. 235-243.
[42]. Survivability, the Universe, and Everything. 2002. (Accessed at http://www.cs.cmu.edu/afs/cs/academic/class/17654-fO1/www/refs/Ryan.pdf.)
[43].林雪纲,熊华,叶进星等.信息系统生存性分析研究综述[J].计算机工程.2006,5(32):1-3.
[44].林雪纲,许榕生,熊华等.一种信息系统生存性的量化分析框架[J].电子与信息学报(已录用).2006.
[45]. Krings Axel W., Azadmanesh M. H. A Graph Based Model for Survivability Analysis[J]. Technical Report UI-CS-TR-02-024, Computer Science Department, University of Idaho. 2002.
[46]. Zolfaghario Ali, Kaudel Fred J. Framework for Network SurvivabilityPerformance[J]. IEEE Journal on Selected Areas in Communications. 1994, 12(1): 46-51.
[47]. Gao Zhixing, Ong Chen Hui, Tan Woon Kiong. Survivability Assessment: Modelling Dependencies in Information Systems. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2001 October 15-17, 2001;Vancouver, BC Canada;2001.
[48]. Linger Richard, Hevner Alan, Walton Gwendolyn 等. Semantic Foundations for Survivable System Analysis and Design. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2002 March 18-20, 2002;Vancouver, BC Canada;2002.
[49]. Hevner Alan, Linger Richard. The Flow-Service-Quality Framework: Unified Engineering for Large-scale, Adaptive Systems. In: the 35th Hawaii International Conference on System Sciences;2002;Hawaii: IEEE Computer Society Press;2002.
[50]. Jha Somesh, Wing Jeannette M. Survivability Analysis of Networked Systems. In: the 23rd International Conference on Software Engineering (ICSE'01);2001 May 12-19, 2001;Toronto, Canada;2001.
[51]. McDermott J. Attack-Potential-Based Survivability Modeling for High-Consequence Systems. In: Third IEEE International Workshop on Information Assurance (IWIA'05);2005 March 23-24, 2005;College Park, Maryland;2005. p. 119-130.
[52]. Lin Xuegang, Xu Rongsheng, Zhu Miaoliang. Survivability Analysis for Information Systems. In: the 7th International Conference on Advanced Communication Technology (ICACT2005);2005 February 21-23, 2005;Phoenix Park, South Korea;2005. p. 255-260.
[53].林雪纲,熊华,许榕生.基于FSM的网络信息系统生存性分析模型.In:中国电子学会电子对抗分会计算机网络对抗专业委员会2004年年会;20042004.9;四川,成都;2004.
[54].林雪纲,许榕生.信息系统生存性分析模型研究[J].通信学报.2006,2(27):153-159.
[55]. The Workflow Management Coalition. (Accessed at http://www.wfmc.org/.)
[56]. Harrison W. S., Krings A. W., Hanebutte N.等. On the Performance of a Survivability Architecture for Networked Computing Systems. In: the 35th Hawaii International Conference on System Sciences;2002;Hawaii: IEEE Computer Society Press;2002.
[57]. Sullivan Kevin, Knight John C., Du Xing 等. Information Survivability Control Systems. In: the 1999 International Conference on Software Engineering;1999;Los Angeles, CA;1999.
[58]. Kreidl O. Patrick, Frazier Tiffany M. Feedback Control Applied to Survivability: A Host-Based Autonomic Defense System[J]. IEEE Transactions on Reliability. 2004, 53(1): 148-166.
[59]. Knight John C., Sullivan Kevin J., Elder Matthew C.等. Survivability Architectures: Issues and Approaches. In: DARPA Information Survivability Conference and Exposition (DISCEX 2000);2000 January 2000;Hilton Head SC;2000.
[60]. Rubel Paul, Pal Partha. Assessing Adaptation in the Context of Security and Survivability. In: the First Workshop on Information-Security-System Rating and Ranking (ISSRR);2001;Williamsburg, VA;2001.
[61]. Ellison Robert J., Linger Richard C., Longstaff Thomas 等. A Case Study in Survivable Network System Analysis[J]. Technical Report, CMU/SEI-98-TR-014, Carnegie Mellon University. 1998.
[62]. Ellison Robert J., Linger Richard C., LongstaffThomas A.等. Survivable Network System Analysis: A Case Study[J]. IEEE Software. 1999, 16(4): 70-77.
[63]. Linger Richard C., Mead Nancy R., Lipson Howard F. Requirements Definition for Survivable Network Systems. In: 3rd International Conference on Requirements Engineering: Putting Requirements Engineering to Practice;1998 April 06-10, 1998;Los Alamitos, California;1998. p. 14-23.
[64].林雪纲,熊华,许榕生.网络信息系统生存性分析生存性分析与实现[J].计算机工程(已录用).2006.
[65]. Madan Bharat B., Goseva-Popstojanova Katerina, Vaidyanathan Kalyanaraman 等. A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems[J]. Performance Evaluation. 2004, 56(1-4): 167-186.
[66]. Pal Partha, Atighetchi Michael, Webber Franklin 等. Reflections on Evaluating Survivability: The APOD Experiments. In: 2nd IEEE International Symposium on Network Computing and Applications;2003 April 16-18, 2003;Cambridge, MA, USA;2003.
[67]. Chi Sung-Do, Park Jong Sou, Jung Ki-Chan 等. Network Security Modeling and Cyber Attack Simulation Methodology. In: 6th Australasian Conference on Information Security and Privacy;2001 July 11-13, 2001;Sydney, Australia: Springer;2001. p. 320-333.
[68]. Kim HyungJong. System Specification Based Network Modeling for Survivability Testing Simulation. In: 5th International Conference on Information Security and Cryptology (ICISC 2002);2002 November 28-29, 2002;Seoul, Korea: Springer;2002. p. 90-106.
[69]. Kim HyungJong, Kim Joonmo, Lee Kang Shin 等. Simulation-Based Security Testing for Continuity of Essential Service. In: International Conference on Computational Science and Its Applications (ICCSA 2004);2004 May 14-17, 2004;Assisi, Italy: Springer;2004. p. 567-576.
[70]. Knight John C., Schutt Robert, Sullivan Kevin. A System for Experimental Research in Distributed Survivability Architectures[J]. UVA Technical Report CS-2000-29. 2000.
[71]. Kim HyungJong. Vulnerability Assessment Simulation for Information Infrastructure Protection. In: International Conference on Infrastructure Security (InfraSec 2002);2002 October 1-3, 2002;Bristol, UK: Springer;2002. p.145-161.
[72]. Christie Alan M. Network Survivability Analysis Using Easel[J]. Technical Report, CMU/SEI-2002-TR-039, ESC-TR-2002-039, Software Engineering Institute, Carnegie Mellon University. 2002.
[73].高献伟,林雪纲,许榕生.生存性分析方法中的3R量化分析[J].计算机仿真.2004,21(11):125-128.
[74]. Lin Xuegang, Zhu Miaoliang, Xu Rongsheng. A Framework for Quantifying Information System Survivability. In: the 3rd International Conference on Information Technology and Applications (ICITA2005);2005 04-07 July 2005;Sydney, Australia;2005. p. 552-555.
[75]. Lin Xuegang, Xu Rongsheng, Zhu Miaoliang. Survivability Computation of Networked Information Systems[J]. Lecture Notes on Artificial Intelligence(2005 International Conference on Computational Intelligence and Security). 2005, (3802): 407-414.
[76].林雪纲,许榕生,熊华等.信息系统生存性的层次化计算[J].浙江大学学报工学版(已录用).2006.
[77]. Liew Soung C., Lu Kevin W. A Framework for Network Survivability Characterization. In: IEEE International Conference on Communications (ICC);1992 June 1992;Chicago, IL;1992. p. 405-410.
[78]. Howard John D., Longstaff Thomas A. A Common Language for Computer Security Incidents[J]. Technical Report SAND98-8667, Sandia National Laboratories. 1998.
[79]. Avizienis Algirdas. Fundamental concepts of dependability. In: the 3rd IEEE/CMU/SEI Information Survivability Workshop (ISW-2000);2000 October 23-26, 2000;Boston, MA;2000.
[80].林雪纲,许榕生.计算机和网络事件的分类分析及应用.In:2005中国计算机网络安全应急年会;2005 2005.3;广西,桂林;2005.
[81].林雪纲,郑捷文,熊华等.计算机与网络事件的分类分级研究[J].计算机工程(已录用).2006.
[82]. Hansman Simon, Hunt Ray. A Taxonomy of Network and Computer Attacks[J]. Computers & Security. 2004.
[83].刘欣然.网络攻击分类技术综述[J].通信学报.2004,25(7):30-36.
[84].郑生琳.计算机网络攻击分类[J].密码与信息.2000,(2):22-34.
[85]. CERT/CC. CERT Coordination Center.
[86]. SecurityFocus Bugtraq Vulnerabilities Archive. (Accessed at http://www.securityfocus.com/bid.)
[87].单国栋,戴英侠,王行.计算机漏洞分类研究[J].计算机工程.2002,28(10):3-6.
[88]. Bishop Matt, Bailey David. A Critical Analysis of Vulnerability Taxonomies[J]. Technical Report 96-11, Department of Computer Science, University of California at Davis. 1996.
[89].刘波,刘惠,胡华平等.计算机漏洞库系统的设计、实现与应用[J].计算机工程与科学.2004,26(7):31-33.
[90]. CVE. CVE-Common Vulneratilities and Exposures.
[91]. Nessus. (Accessed at http://www.nessus.org.)
[92]. Icove David, Seger Karl, VonStorch William. Computer Crime: A Crimefighter's Handbook. Sebastopol, CA: O'Reilly & Associates;1995.
[93]. Cohen Frederick B. Information System Attacks: A Preliminary Classification Scheme[J]. Computers and Security. 1997, 16(1): 29-46.
[94]. Russell Deborah F., Gangemi G. T. Computer Security Basics. Sebastopol, CA: O'Reilly Media, Incorporated;1992.
[95]. Neumann Peter G., Parker Donn B. A Summary of Computer Misuse Techniques. In: the 12th National Computer Security Conference;1989 October 10-13, 1989;Baltimore, MD, USA;1989. p. 396-407.
[96].黄旸,胡伟栋,陈可非.网络攻击与安全防护的分类研究[J].计算机工程.2001,27(5):131-134.
[97].向尕,曹元大.基于攻击分类的攻击树生成算法研究[J].北京理工大学学报.2003,23(3):340-344.
[98]. Hansman Simon, Hunt Ray. A Classification of Attack Methodologies for Use by CERTs. In: the 9th Asia Pacific Internet Service Providers Conference;2004 23-26 February, 2004;Kuala Lumpur, Malaysia;2004.
[99]. A Taxonomy of Network and Computer Attack Methodologies. 2003.(Accessed at http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2OO3/hons 0306.pdf.)
[100]. Lindqvist Ulf, Jonsson Erland. How to Systematically Classify Computer Security Intrusions. In: the IEEE Symposium on Security and Privacy;1997 May 1997;Oakland, CA;1997. p. 154-163.
[101].张涛,董占球.网络攻击行为分类技术的研究[J].计算机应用.2004,24(4):115-118.
[102].张森强,唐朝京,张权等.基于攻击效能的网络攻击法分类与形式化描述[J].信息与电子工程.2004,2(3):161-166.
[103]. Tidwell T., Larson R., Fitch K.等. Modeling Internet Attacks. In: 2001 IEEE Workshop on Information Assurance and Security;2001 5-6 June, 2001;West Point, NY;2001. p. 54-59.
[104]. Daley Kristopher, Larson Ryan, Dawkins Jerald. A Structural Framework for Modeling Multi-Stage Network Attacks. In: 2002 International Conference on Parallel Processing Workshops (ICPPW'02);2002 August 18-21, 2002;Vancouver, B.C., Canada;2002.
[105]. Dawkins Jerald, Hale John. A Systematic Approach to Multi-Stage Network Attack Analysis. In: the 2nd IEEE International Information Assurance Workshop(IWIA'04);2004 April 08-04, 2004;Charlotte, North Carolina;2004.
[106]. Moore Andrew P., Ellison Robert J., Linger Richard C. Attack Modeling for Information Security and Survivability[J]. Technical Note CMU/SEI-2001-TN-001, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University. 2001.
[107]. Malicious Software Encyclopedia: Win32/Sasser. (Accessed at http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fSasser.)
[108]. Killourhy Kevin S., Maxion Roy A., Tan Kymie M. C. A Defense-Centric Taxonomy Based on Attack Manifestations. In: 2004 International Conference on Dependable Systems and Networks (DSN 2004);2004 28 June-1 July 2004;Florence, Italy;2004.
[109]. BlackICE. (Accessed at http://blackice.iss.net.)
[110]. US-CERT Vulnerability Note Field Descriptions. (Accessed at http://www.kb.cert.org/vuls/html/fieldhelp.)
[2]. CERT/CC. CERT Coordination Center 2003 Annual Report;2003.
[4]. Ellison R.J., Fisher D.A., Linger R.C.等. Survivable Network System: An Emerging Discipline[J]. Technical Report, CMU/SEI-97-TR-013, Carnegie Mellon University. 1997.
[5].查理.达尔文.物种起源.北京:人民日报出版社;2005.
[6]. Morel Benoit. Immunology and the Survivability of Mission Critical Cyber-Based Systems. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2002 March 18-20, 2002;Vancouver, BC Canada;2002.
[7]. Yurcik William, Doss David, Kruse Hans. Survivability-over-Security: Providing Whole System Assurance. In: the 3rd IEEE/CMU/SEI Information Survivability Workshop (ISW-2000);2000 October 24-26, 2000;Boston, MA;2000.
[8]. Moitra Soumyo D., Oki Eiji, Yamanaka Naoaki. Some New Survivability Measure for Network Analysis and Design[J]. IEICE Transactions on Communications. 1997, E80-B(4): 625-631.
[9]. T1A1.2 Working Group. (Accessed at http://www.t1.org/t1a1/a12-hom.htm.)
[10].王东霞,窦文华.保证关键服务生存性的ATM网络资源管理[J].计算机研究与发展.2000,37(1):50-54.
[11].史国炜,曹烈光.SDH接入网的网络生存性研究[J].清华大学学报:自然科学版.2003,43(9):1269-2171.
[12]. Information Survivability Worksops. (Accessed at http: //www.cert.org/research/isw.html.)
[13]. SOS Research Group. (Accessed at http://www.sosresearch.org/.)
[14]. Survivability and High-assurance Assessments Research Program (SHARP).(Accessed at http://www.sdl.sri.com/programs/sharp/.)
[15]. Active Trust Management for Adaptive Survivable Systems(ATM for ASS's).(Accessed at http://www.ai.mit.edu/projects/its/.)
[16]. University of Massachusetts Amherst, Survivability Project. (Accessed at http://dis.cs.umass.edu/research/survive/.)
[17]. CCERT. (Accessed at http://www.ccert.edu.cn/.)
[18].黄遵国,卢锡城,王怀民.可生存性技术及其实现框架研究[J].国防科技大学学报.2002,24(5):29-32.
[19].黄遵国,卢锡城,胡华平.生存能力技术及其实现案例研究[J].通信学报.2004,25(7):137-145.
[20].郭渊博,马建峰.分布式系统中服务可生存性的定量分析[J].同济大学学报.2002,30(10):1190-1193.
[21].杨超,马建峰.可生存网络系统的形式化定义[J].电子科技.2004,(4):1-4.
[22].包秀国,胡铭曾,张宏莉等.两种网络安全管理系统的生存性定量分析方法[J].通信学报.2004,25(9):34-41.
[23].李之棠,舒承椿.基于信息冗余分散的系统可存活性研究[J].计算机工程与科学.2002,24(1):1-4.
[24].陈小全,张继红,傅鹂等.基于MA的可生存系统基本服务模型[J].重庆大学学报.2004,27(10):37-39.
[25].王红艳,谢小权.网络系统的生存性机制[J].信息网络安全.2003,(11):25-28.
[26].杨凡,蒋建春,陈松乔.网络生存性研究概述[J].计算机应用研究.2001,18(6):12-14.
[27].杨余旺,杨静宇.网络存活系统工程研究进展[J].计算机工程与应用.2003,39(22):142-145.
[28].夏春和,王继伟,赵勇等.可生存性分析方法研究[J].计算机应用研究.2002,19(12):28-32.
[29]. Westmark Vickie R. A Definition for Information System Survivability. In: the 37th Havaii International Coference on System Science (HICSS 2004);2004 January 05-08, 2004;Big Island, Hawaii;2004.
[30]. Mead Nancy R., Ellison Robert J., Linger Richard C.等. Survivable Network Analysis Method[J]. Technical Report CMU/SEI-2000-TR-013, ESC-2000-TR-013, Carnegie Mellon University. 2000.
[31]. Knight John C., Strunk Elisabeth A. Achieving Critical System Survivability through Software Architectures. In: ICSE 2003: Workshop on Software Architectures for Dependable Systems (WADS);2003;Portland, Oregon, USA: Springer;2003. p. 51-78.
[32]. Gollmann Dieter. Computer Security: John Wiley & Sons, Ltd.;1999.
[33]. Longstaff Thomas A. Survivability as Quality. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2002 March 18-20, 2002;Vancouver, BC Canada;2002.
[34]. Kinght John C., Strunk Elisabeth A., Sullivan Kevin J. Towards A Rigorous Definition of Information System Survivability. In: the DARPA Information Survivability Conference and Exposition (DISCEX'03);2003 April 2003;Washington, DC;2003.
[35].冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报.2004,25(7):10-18.
[36]. Deutsch M.S., Willis R.R. Software Quality Engineering: A Total Technical and Management Approach. Englewood Cillfs, NJ: Prentice-Hall;1988.
[37]. Ellison Robert J., Fisher David A., Linger Richard C.等. Survivability: Protecting Your Critical Systems[J]. IEEE Internet Computing. 1999, 3(6): 55-63.
[38]. Moitra Soumyo D., Konda Suresh L. A Simulation Model for Managing Survivability of Networked Information Systems[J]. Technical Report CMU/SEI-2000-TR-020. 2000.
[39]. Jha Sanjay K., Wing Jeannette M., Linger Richard C.等. Survivability Analysis of Network Specifications. In: Workshop on Depenedability Despite Malicious Faults, 2000 International Conference on Dependable Systems and Networks (DSN 2000);2000 June 25-28, 2000;New York, NY, USA: IEEE Computer Society;2000.
[40]. Wilson Mark R. The Quantitative Impact of Survivable Network Architectures on Service Availability[J]. IEEE Communications Magazine. 1998, 36(5): 71-77.
[41]. Louca Soulla, Pitsillides Andreas, Samaras George. On Network Survivability Algorithms Based on Trellis Graph Transformations. In: the Fourth IEEE Symposium on Computers and Communications (ISCC'99);1999 July 6-8, 1999;Red Sea, Egypt;1999. p. 235-243.
[42]. Survivability, the Universe, and Everything. 2002. (Accessed at http://www.cs.cmu.edu/afs/cs/academic/class/17654-fO1/www/refs/Ryan.pdf.)
[43].林雪纲,熊华,叶进星等.信息系统生存性分析研究综述[J].计算机工程.2006,5(32):1-3.
[44].林雪纲,许榕生,熊华等.一种信息系统生存性的量化分析框架[J].电子与信息学报(已录用).2006.
[45]. Krings Axel W., Azadmanesh M. H. A Graph Based Model for Survivability Analysis[J]. Technical Report UI-CS-TR-02-024, Computer Science Department, University of Idaho. 2002.
[46]. Zolfaghario Ali, Kaudel Fred J. Framework for Network SurvivabilityPerformance[J]. IEEE Journal on Selected Areas in Communications. 1994, 12(1): 46-51.
[47]. Gao Zhixing, Ong Chen Hui, Tan Woon Kiong. Survivability Assessment: Modelling Dependencies in Information Systems. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2001 October 15-17, 2001;Vancouver, BC Canada;2001.
[48]. Linger Richard, Hevner Alan, Walton Gwendolyn 等. Semantic Foundations for Survivable System Analysis and Design. In: the 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002);2002 March 18-20, 2002;Vancouver, BC Canada;2002.
[49]. Hevner Alan, Linger Richard. The Flow-Service-Quality Framework: Unified Engineering for Large-scale, Adaptive Systems. In: the 35th Hawaii International Conference on System Sciences;2002;Hawaii: IEEE Computer Society Press;2002.
[50]. Jha Somesh, Wing Jeannette M. Survivability Analysis of Networked Systems. In: the 23rd International Conference on Software Engineering (ICSE'01);2001 May 12-19, 2001;Toronto, Canada;2001.
[51]. McDermott J. Attack-Potential-Based Survivability Modeling for High-Consequence Systems. In: Third IEEE International Workshop on Information Assurance (IWIA'05);2005 March 23-24, 2005;College Park, Maryland;2005. p. 119-130.
[52]. Lin Xuegang, Xu Rongsheng, Zhu Miaoliang. Survivability Analysis for Information Systems. In: the 7th International Conference on Advanced Communication Technology (ICACT2005);2005 February 21-23, 2005;Phoenix Park, South Korea;2005. p. 255-260.
[53].林雪纲,熊华,许榕生.基于FSM的网络信息系统生存性分析模型.In:中国电子学会电子对抗分会计算机网络对抗专业委员会2004年年会;20042004.9;四川,成都;2004.
[54].林雪纲,许榕生.信息系统生存性分析模型研究[J].通信学报.2006,2(27):153-159.
[55]. The Workflow Management Coalition. (Accessed at http://www.wfmc.org/.)
[56]. Harrison W. S., Krings A. W., Hanebutte N.等. On the Performance of a Survivability Architecture for Networked Computing Systems. In: the 35th Hawaii International Conference on System Sciences;2002;Hawaii: IEEE Computer Society Press;2002.
[57]. Sullivan Kevin, Knight John C., Du Xing 等. Information Survivability Control Systems. In: the 1999 International Conference on Software Engineering;1999;Los Angeles, CA;1999.
[58]. Kreidl O. Patrick, Frazier Tiffany M. Feedback Control Applied to Survivability: A Host-Based Autonomic Defense System[J]. IEEE Transactions on Reliability. 2004, 53(1): 148-166.
[59]. Knight John C., Sullivan Kevin J., Elder Matthew C.等. Survivability Architectures: Issues and Approaches. In: DARPA Information Survivability Conference and Exposition (DISCEX 2000);2000 January 2000;Hilton Head SC;2000.
[60]. Rubel Paul, Pal Partha. Assessing Adaptation in the Context of Security and Survivability. In: the First Workshop on Information-Security-System Rating and Ranking (ISSRR);2001;Williamsburg, VA;2001.
[61]. Ellison Robert J., Linger Richard C., Longstaff Thomas 等. A Case Study in Survivable Network System Analysis[J]. Technical Report, CMU/SEI-98-TR-014, Carnegie Mellon University. 1998.
[62]. Ellison Robert J., Linger Richard C., LongstaffThomas A.等. Survivable Network System Analysis: A Case Study[J]. IEEE Software. 1999, 16(4): 70-77.
[63]. Linger Richard C., Mead Nancy R., Lipson Howard F. Requirements Definition for Survivable Network Systems. In: 3rd International Conference on Requirements Engineering: Putting Requirements Engineering to Practice;1998 April 06-10, 1998;Los Alamitos, California;1998. p. 14-23.
[64].林雪纲,熊华,许榕生.网络信息系统生存性分析生存性分析与实现[J].计算机工程(已录用).2006.
[65]. Madan Bharat B., Goseva-Popstojanova Katerina, Vaidyanathan Kalyanaraman 等. A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems[J]. Performance Evaluation. 2004, 56(1-4): 167-186.
[66]. Pal Partha, Atighetchi Michael, Webber Franklin 等. Reflections on Evaluating Survivability: The APOD Experiments. In: 2nd IEEE International Symposium on Network Computing and Applications;2003 April 16-18, 2003;Cambridge, MA, USA;2003.
[67]. Chi Sung-Do, Park Jong Sou, Jung Ki-Chan 等. Network Security Modeling and Cyber Attack Simulation Methodology. In: 6th Australasian Conference on Information Security and Privacy;2001 July 11-13, 2001;Sydney, Australia: Springer;2001. p. 320-333.
[68]. Kim HyungJong. System Specification Based Network Modeling for Survivability Testing Simulation. In: 5th International Conference on Information Security and Cryptology (ICISC 2002);2002 November 28-29, 2002;Seoul, Korea: Springer;2002. p. 90-106.
[69]. Kim HyungJong, Kim Joonmo, Lee Kang Shin 等. Simulation-Based Security Testing for Continuity of Essential Service. In: International Conference on Computational Science and Its Applications (ICCSA 2004);2004 May 14-17, 2004;Assisi, Italy: Springer;2004. p. 567-576.
[70]. Knight John C., Schutt Robert, Sullivan Kevin. A System for Experimental Research in Distributed Survivability Architectures[J]. UVA Technical Report CS-2000-29. 2000.
[71]. Kim HyungJong. Vulnerability Assessment Simulation for Information Infrastructure Protection. In: International Conference on Infrastructure Security (InfraSec 2002);2002 October 1-3, 2002;Bristol, UK: Springer;2002. p.145-161.
[72]. Christie Alan M. Network Survivability Analysis Using Easel[J]. Technical Report, CMU/SEI-2002-TR-039, ESC-TR-2002-039, Software Engineering Institute, Carnegie Mellon University. 2002.
[73].高献伟,林雪纲,许榕生.生存性分析方法中的3R量化分析[J].计算机仿真.2004,21(11):125-128.
[74]. Lin Xuegang, Zhu Miaoliang, Xu Rongsheng. A Framework for Quantifying Information System Survivability. In: the 3rd International Conference on Information Technology and Applications (ICITA2005);2005 04-07 July 2005;Sydney, Australia;2005. p. 552-555.
[75]. Lin Xuegang, Xu Rongsheng, Zhu Miaoliang. Survivability Computation of Networked Information Systems[J]. Lecture Notes on Artificial Intelligence(2005 International Conference on Computational Intelligence and Security). 2005, (3802): 407-414.
[76].林雪纲,许榕生,熊华等.信息系统生存性的层次化计算[J].浙江大学学报工学版(已录用).2006.
[77]. Liew Soung C., Lu Kevin W. A Framework for Network Survivability Characterization. In: IEEE International Conference on Communications (ICC);1992 June 1992;Chicago, IL;1992. p. 405-410.
[78]. Howard John D., Longstaff Thomas A. A Common Language for Computer Security Incidents[J]. Technical Report SAND98-8667, Sandia National Laboratories. 1998.
[79]. Avizienis Algirdas. Fundamental concepts of dependability. In: the 3rd IEEE/CMU/SEI Information Survivability Workshop (ISW-2000);2000 October 23-26, 2000;Boston, MA;2000.
[80].林雪纲,许榕生.计算机和网络事件的分类分析及应用.In:2005中国计算机网络安全应急年会;2005 2005.3;广西,桂林;2005.
[81].林雪纲,郑捷文,熊华等.计算机与网络事件的分类分级研究[J].计算机工程(已录用).2006.
[82]. Hansman Simon, Hunt Ray. A Taxonomy of Network and Computer Attacks[J]. Computers & Security. 2004.
[83].刘欣然.网络攻击分类技术综述[J].通信学报.2004,25(7):30-36.
[84].郑生琳.计算机网络攻击分类[J].密码与信息.2000,(2):22-34.
[85]. CERT/CC. CERT Coordination Center.
[86]. SecurityFocus Bugtraq Vulnerabilities Archive. (Accessed at http://www.securityfocus.com/bid.)
[87].单国栋,戴英侠,王行.计算机漏洞分类研究[J].计算机工程.2002,28(10):3-6.
[88]. Bishop Matt, Bailey David. A Critical Analysis of Vulnerability Taxonomies[J]. Technical Report 96-11, Department of Computer Science, University of California at Davis. 1996.
[89].刘波,刘惠,胡华平等.计算机漏洞库系统的设计、实现与应用[J].计算机工程与科学.2004,26(7):31-33.
[90]. CVE. CVE-Common Vulneratilities and Exposures.
[91]. Nessus. (Accessed at http://www.nessus.org.)
[92]. Icove David, Seger Karl, VonStorch William. Computer Crime: A Crimefighter's Handbook. Sebastopol, CA: O'Reilly & Associates;1995.
[93]. Cohen Frederick B. Information System Attacks: A Preliminary Classification Scheme[J]. Computers and Security. 1997, 16(1): 29-46.
[94]. Russell Deborah F., Gangemi G. T. Computer Security Basics. Sebastopol, CA: O'Reilly Media, Incorporated;1992.
[95]. Neumann Peter G., Parker Donn B. A Summary of Computer Misuse Techniques. In: the 12th National Computer Security Conference;1989 October 10-13, 1989;Baltimore, MD, USA;1989. p. 396-407.
[96].黄旸,胡伟栋,陈可非.网络攻击与安全防护的分类研究[J].计算机工程.2001,27(5):131-134.
[97].向尕,曹元大.基于攻击分类的攻击树生成算法研究[J].北京理工大学学报.2003,23(3):340-344.
[98]. Hansman Simon, Hunt Ray. A Classification of Attack Methodologies for Use by CERTs. In: the 9th Asia Pacific Internet Service Providers Conference;2004 23-26 February, 2004;Kuala Lumpur, Malaysia;2004.
[99]. A Taxonomy of Network and Computer Attack Methodologies. 2003.(Accessed at http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2OO3/hons 0306.pdf.)
[100]. Lindqvist Ulf, Jonsson Erland. How to Systematically Classify Computer Security Intrusions. In: the IEEE Symposium on Security and Privacy;1997 May 1997;Oakland, CA;1997. p. 154-163.
[101].张涛,董占球.网络攻击行为分类技术的研究[J].计算机应用.2004,24(4):115-118.
[102].张森强,唐朝京,张权等.基于攻击效能的网络攻击法分类与形式化描述[J].信息与电子工程.2004,2(3):161-166.
[103]. Tidwell T., Larson R., Fitch K.等. Modeling Internet Attacks. In: 2001 IEEE Workshop on Information Assurance and Security;2001 5-6 June, 2001;West Point, NY;2001. p. 54-59.
[104]. Daley Kristopher, Larson Ryan, Dawkins Jerald. A Structural Framework for Modeling Multi-Stage Network Attacks. In: 2002 International Conference on Parallel Processing Workshops (ICPPW'02);2002 August 18-21, 2002;Vancouver, B.C., Canada;2002.
[105]. Dawkins Jerald, Hale John. A Systematic Approach to Multi-Stage Network Attack Analysis. In: the 2nd IEEE International Information Assurance Workshop(IWIA'04);2004 April 08-04, 2004;Charlotte, North Carolina;2004.
[106]. Moore Andrew P., Ellison Robert J., Linger Richard C. Attack Modeling for Information Security and Survivability[J]. Technical Note CMU/SEI-2001-TN-001, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University. 2001.
[107]. Malicious Software Encyclopedia: Win32/Sasser. (Accessed at http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fSasser.)
[108]. Killourhy Kevin S., Maxion Roy A., Tan Kymie M. C. A Defense-Centric Taxonomy Based on Attack Manifestations. In: 2004 International Conference on Dependable Systems and Networks (DSN 2004);2004 28 June-1 July 2004;Florence, Italy;2004.
[109]. BlackICE. (Accessed at http://blackice.iss.net.)
[110]. US-CERT Vulnerability Note Field Descriptions. (Accessed at http://www.kb.cert.org/vuls/html/fieldhelp.)