异构冗余系统的安全性分析
|
摘要
随着互联网技术的发展和普及,漏洞和后门已经成为导致网络安全问题的主要因素。冗余技术可以很好地解决系统的可靠性问题。受拟态防御思想的启发,分析了异构冗余技术对基于漏洞和后门的网络攻击进行安全防御的有效性。在一些假设前提下,以系统攻击成功率表征系统的安全性,建立了基于马尔科夫过程的异构冗余系统的安全性评估数学模型,给出了系统攻击成功率的表达式。最后对3模异构冗余系统进行了求解和分析,计算结果与直观预期相符。
With the development and popularization of Internet technology,vulnerability and backdoor problems have become the main factor of network security problems.The redundancy technology can solve the reliability problem of system.Inspired by the idea of the mimicry defense,this paper analyzed the effectiveness of the heterogeneous redundant technology against the security defense based on the vulnerability and backdoor network attack.On some assumptions,this paper established a security model of heterogeneous redundant system based on Markov process.System security was characterized by the success rate of system attack,and the expression of success rate of system attack was given.At last,triple-redundant heterogeneous system was solved and analyed.The experimental results are in accordance with the intuitive expectations.
With the development and popularization of Internet technology,vulnerability and backdoor problems have become the main factor of network security problems.The redundancy technology can solve the reliability problem of system.Inspired by the idea of the mimicry defense,this paper analyzed the effectiveness of the heterogeneous redundant technology against the security defense based on the vulnerability and backdoor network attack.On some assumptions,this paper established a security model of heterogeneous redundant system based on Markov process.System security was characterized by the success rate of system attack,and the expression of success rate of system attack was given.At last,triple-redundant heterogeneous system was solved and analyed.The experimental results are in accordance with the intuitive expectations.
引文
[1]吴世忠,郭涛,董国伟,等.软件漏洞分析技术[M].北京:科学出版社,2014.
[2]WU J X.Meaning and Vision of Mimic Computing and Mimic Security Defense[J].Telecommunications Science,2014,30(7):2-7.(in Chinese)邬江兴.拟态计算与拟态安全防御的原意和愿景[J].电信科学,2014,30(7):2-7.
[3]WU J X.Mimic Security Defense in Cyber Space[J].Secrecy Science and Technology,2014(10):4-9.(in Chinese)邬江兴.网络空间拟态安全防御[J].保密科学技术,2014(10):4-9.
[4]WU J X.Research on Cyber Mimic Defense[J].Journal of Cyber Security,2016,1(4):1-10.(in Chinese)邬江兴.网络空间拟态防御研究[J].信息安全学报,2016,1(4):1-10.
[5]MARVIN R.System Reliability Theory:Models,Statistical Methods,and Applications(Second Edition)[M].Beijing:National Defend Industry Press,2011.(in Chinese)MARVIN R.系统可靠性理论:模型、统计方法及应用(第2版)[M].北京:国防工业出版社,2011.
[6]SUN H Y,LIU B,CAO X L.Research on reliability and security of vote redundancy system[J].Journal of Electronic Measurement and Instrument,2011,25(7):661-664.(in Chinese)孙怀义,刘斌,曹晓莉.表决冗余系统可靠性与安全性研究[J].电子测量与仪器学报,2011,25(7):661-664.
[7]LI C Y,CHEN X,YI X S,et al.Analysis of k—out-of-n:G systems subject to common cause failures based on Markov process[J].Systems Engineering and Electronics,2009,31(11):2789-2792.(in Chinese)李春洋,陈循,易晓山,等.基于马尔可夫过程的k/n(G)系统共因失效分析[J].系统工程与电子技术,2009,31(11):2789-2792.
[8]LIU Y,LI R Z,ZHANG G B.Reliability analysis of k/n(G)Markov system with non-homogenous units[J].Journal of Huazhong University of Science and Technology(Natural Science Edition),2015,43(3):17-21.(in Chinese)刘英,李荣祖,张根保.非同型单元k/n(G)马尔可夫系统可靠性分析[J].华中科技大学学报(自然科学版),2015,43(3):17-21.
[9]YIN L H,FANG B X.Security Attributes Analysis for Intrusion Tolerant Systems[J].Chinese Journal of Computers,2006,29(8):1505-1512.(in Chinese)殷丽华,方滨兴.入侵容忍系统安全属性分析[J].计算机学报,2006,29(8):1505-1512.
[10]MADAN B B,GOSEVA-POPSTOJANOVA K,VAIDYANATHAN K,et al.A method for modeling and quantifying the security attributes of intrusion tolerant systems[J].Performance Evaluation,2004,56(1-4):167-186.
[11]ZANG H W,HAN W,GAO D Y.Dissimilar redundancy computer system and reliability analysis[J].Journal of Harbin Institute of Technology,2008,40(3):492-494.(in Chinese)臧红伟,韩炜,高德远.非相似余度计算机系统及其可靠性分析[J].哈尔滨工业大学学报,2008,40(3):492-494.
[12]YE Y,XU X S,JIA Y,et al.An Attack Graph-Based Probabilistic Computing Approach of Network Security[J].Chinese Journal of Computers,2010,33(10):1987-1996.(in Chinese)叶云,徐锡山,贾焰,等.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,33(10):1987-1996.
[2]WU J X.Meaning and Vision of Mimic Computing and Mimic Security Defense[J].Telecommunications Science,2014,30(7):2-7.(in Chinese)邬江兴.拟态计算与拟态安全防御的原意和愿景[J].电信科学,2014,30(7):2-7.
[3]WU J X.Mimic Security Defense in Cyber Space[J].Secrecy Science and Technology,2014(10):4-9.(in Chinese)邬江兴.网络空间拟态安全防御[J].保密科学技术,2014(10):4-9.
[4]WU J X.Research on Cyber Mimic Defense[J].Journal of Cyber Security,2016,1(4):1-10.(in Chinese)邬江兴.网络空间拟态防御研究[J].信息安全学报,2016,1(4):1-10.
[5]MARVIN R.System Reliability Theory:Models,Statistical Methods,and Applications(Second Edition)[M].Beijing:National Defend Industry Press,2011.(in Chinese)MARVIN R.系统可靠性理论:模型、统计方法及应用(第2版)[M].北京:国防工业出版社,2011.
[6]SUN H Y,LIU B,CAO X L.Research on reliability and security of vote redundancy system[J].Journal of Electronic Measurement and Instrument,2011,25(7):661-664.(in Chinese)孙怀义,刘斌,曹晓莉.表决冗余系统可靠性与安全性研究[J].电子测量与仪器学报,2011,25(7):661-664.
[7]LI C Y,CHEN X,YI X S,et al.Analysis of k—out-of-n:G systems subject to common cause failures based on Markov process[J].Systems Engineering and Electronics,2009,31(11):2789-2792.(in Chinese)李春洋,陈循,易晓山,等.基于马尔可夫过程的k/n(G)系统共因失效分析[J].系统工程与电子技术,2009,31(11):2789-2792.
[8]LIU Y,LI R Z,ZHANG G B.Reliability analysis of k/n(G)Markov system with non-homogenous units[J].Journal of Huazhong University of Science and Technology(Natural Science Edition),2015,43(3):17-21.(in Chinese)刘英,李荣祖,张根保.非同型单元k/n(G)马尔可夫系统可靠性分析[J].华中科技大学学报(自然科学版),2015,43(3):17-21.
[9]YIN L H,FANG B X.Security Attributes Analysis for Intrusion Tolerant Systems[J].Chinese Journal of Computers,2006,29(8):1505-1512.(in Chinese)殷丽华,方滨兴.入侵容忍系统安全属性分析[J].计算机学报,2006,29(8):1505-1512.
[10]MADAN B B,GOSEVA-POPSTOJANOVA K,VAIDYANATHAN K,et al.A method for modeling and quantifying the security attributes of intrusion tolerant systems[J].Performance Evaluation,2004,56(1-4):167-186.
[11]ZANG H W,HAN W,GAO D Y.Dissimilar redundancy computer system and reliability analysis[J].Journal of Harbin Institute of Technology,2008,40(3):492-494.(in Chinese)臧红伟,韩炜,高德远.非相似余度计算机系统及其可靠性分析[J].哈尔滨工业大学学报,2008,40(3):492-494.
[12]YE Y,XU X S,JIA Y,et al.An Attack Graph-Based Probabilistic Computing Approach of Network Security[J].Chinese Journal of Computers,2010,33(10):1987-1996.(in Chinese)叶云,徐锡山,贾焰,等.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,33(10):1987-1996.