面向生存能力的应急响应与事故恢复技术研究
|
摘要
生存能力技术脱胎于RAS(Reliability Availability and Serviceability-可靠性,可用性和可维性)技术,但外延到信息攻防的特定环境后,使得它具有许多新的特征,如攻击对于攻击对象的局部性、攻击对于同构环境的穿透性、小概率事件原则的无效性、对手的智能性以及攻击手段的传播性等。这些特性使得生存能力的研究需要有不同于RAS的新技术、新方法和新策略。本文以应急响应和事故恢复需求为背景,重点针对同构环境下攻击的穿透性和攻击行为的不可预知性,探索在信息战环境中增强网络信息系统生存能力的关键技术及其实现途径。主要成果和创新点如下:1.提出了SERIRT模型
SERIRT(The Survivability oriented Emergency Response and Incident RecoveryTechnique —面向生存能力的应急响应与事故恢复技术)模型从信息安全深度防御体系出发,立足应急响应与事故恢复环节探讨增强系统可生存能力的技术途径。在系统构造阶段建立基于多样化的冗余备份机制,在系统运行阶段实行主动的任期责任方法(Tenure Duty Method-TDM),在系统受损阶段提供快速恢复手段。2.提出了多样化体系理论模型及其实现案例
在理论模型中,用形式化方法归纳了关于多样化的概念、结论和实现技术,论述了多样化生存系统、多样化空间以及多样化距离等概念,提出了旨在增强生存能力的冗余设计原则和技术途径。
据此理论模型提出、设计并实现了基于多样化的冗余案例,即分布式动态备份技术,该技术实现SERIRT模型的数据可生存性设计,并为系统受损后的后台恢复提供支持。3.提出、设计和实现了TDM方法
TDM方法借鉴首长负责制的思想,实现无论事故是否发生都会保持网络信息服务的时空随机性的主动漂移机制,完成SERIRT模型的服务可生存性设计,
国防科学技术大学研究生院学位论文
针对特定应用,做到了未雨绸缪,主动应变。
随机任期机制采用无中心控制、无边界网络环境、细粒度和随机自治的算法
模式,通过赋予每个结点一个随机的任期,以改变传统的服务结点终身服务模式,
使服务结点的任期在时间上不可预测,任期结束时服务主动漂移到备份结点,临
灾时能够及时地将服务迅速撤离灾难现场,并将受损的结点切换到后台以完成自
身的恢复。
布朗运动机制实现了备份结点之间的自由竞争,以产生继任的服务结点,自
由竟争机制实现了结点切换的无前端控制模式,避免因增加系统的要害部位可能
带来的生存风险。继任结点在空间上不可预测,从而增强了被保护目标的隐蔽性。
提出的自适应柔性防护技术包括两个方面:自适应柔性TDM方法实现了服
务器任期、安全威胁程度和攻击强度等因素的联动,使生存能力和性能趋于协调;
自适应快速恢复技术实现.了服务结点因灾离任后的自适应快速恢复策略。
4.提出SRA评估方法
在sRA(Spati。一temPoralRo别ning Analyze一时空漂移分析)评估方法中,本
文基于对模型的实测和模拟提出生存能力评估的技术和方法,定性比较了具有容
灾特性的几个系统的相应指标。测试分析验证了本文的结论。模拟评估分析了影
响SE犯RT模型生存能力诸要素之间的关系。
本文所提出的SERIRT模型及其关键构件和技术,对分布式信息服务系统生
存能力的增强设计、评估和测试等均具有参考意义。相应成果在国家863、国家
网络与信息安全管理中心以及预研基金等项目中得到应用和验证,在项目验收时
得到专家的肯定并获得滚动支持,将继续在滚动项目把本文的成果推向实际应
用。
关键词:生存能力,多样化,应急响应与灾难恢复,调度算法,TDM方法,分
布式动态备份
II
The survivability technique is derived from the RAS (Reliability Availability and Serviceability). But with the extension to the info-war environment, many new features appear, such as the locality of the attacks to the attacked targets, the vulnerability of the homogeneous environment to the same attack, the invalidation of the rule of small probability events, the intelligence of the adversaries and extensive spreading of attack methods, etc. These features promote the requirement of new technologies, new methods and new policies for the survivability research, which are different from those of the RAS technique. The dissertation takes the requirement of emergency response and incident recovery as its research background, and focuses on the vulnerability of the homogeneous environment and the unpredictability of the attack behavior. The dissertation explores the key techniques and their implementations of the survivability enhancement of the network information system in info-war environment. The main contributions of the dissertation are as the follows:1. Proposing the SERIRT modelThe SERIRT (the Survivability based Emergency Response and Incident Recovery Technique) model starts from information security defense-in-depth architecture, and tries to find a way to enhance the survivability of a system in the emergency response and incident recovery phase. It constructs the diversity based redundant backup policy in the system construction phase, carries out the active tenure duty method (TDM) when the system is running, and provides rapid recovery after a failure.2. Proposing the diversity architecture theoretical model and its implementation caseIn the theoretical model, the dissertation concludes the concepts, the conclusions and the implementation techniques about diversity. It discusses the concept of the diversity survivability system, diversity space, diversity distance, etc. And it proposes the rules and the ways for the survivability technique design.Based on the theoretical model, the dissertation proposes, designs and implements a diversity based redundancy case, called distributed dynamic backup technique. This technique intends for the data survivability design of the SERIRT model and provides supports for the background recovery after an accident.3. Proposing, designing and implementing the TDM method
The TDM method uses the idea of chief in duty rule for reference. It implements the active roaming mechanism which means that whether the tragedy comes or not, the network information service will keep in motion randomly in the spatio-temporal aspect. It intends for the service survivability design of the SERIRT model, and tries to be in fair weather preparing for foul and to deal with accident actively for special applications.The stochastic tenure mechanism implements the stochastic and autonomous algorithm mode in boundless network environment, and the mode has no central control and fine grain features. The mechanism makes the tenure of the service node unpredictable by assigning a random tenure to the node and thus changes the traditional lifetime service pattern. The service will actively roam to a new node when the tenure is over. When a disaster occurs it can withdraw the services from the disaster scene, and switch the impaired nodes to background for self-recovery and immunity.The Brawn motion mechanism implements a free competition mechanism among the nodes in the same backup pool for the election of the successive service node. The free competition mechanism realize a control mode for service migration without central control and thus avoids the possible survival risk caused by increasing the vitals of the system. The location of the successive service node is also unpredictable. And therefore it improves the concealment of the protected target.The proposed adaptive flexible protection technique includes two sides: the adaptive flexible TDM method combines together with the change of the factors of the service tenure, the degree of threat and the attack strength, and makes a good balance between
SERIRT(The Survivability oriented Emergency Response and Incident RecoveryTechnique —面向生存能力的应急响应与事故恢复技术)模型从信息安全深度防御体系出发,立足应急响应与事故恢复环节探讨增强系统可生存能力的技术途径。在系统构造阶段建立基于多样化的冗余备份机制,在系统运行阶段实行主动的任期责任方法(Tenure Duty Method-TDM),在系统受损阶段提供快速恢复手段。2.提出了多样化体系理论模型及其实现案例
在理论模型中,用形式化方法归纳了关于多样化的概念、结论和实现技术,论述了多样化生存系统、多样化空间以及多样化距离等概念,提出了旨在增强生存能力的冗余设计原则和技术途径。
据此理论模型提出、设计并实现了基于多样化的冗余案例,即分布式动态备份技术,该技术实现SERIRT模型的数据可生存性设计,并为系统受损后的后台恢复提供支持。3.提出、设计和实现了TDM方法
TDM方法借鉴首长负责制的思想,实现无论事故是否发生都会保持网络信息服务的时空随机性的主动漂移机制,完成SERIRT模型的服务可生存性设计,
国防科学技术大学研究生院学位论文
针对特定应用,做到了未雨绸缪,主动应变。
随机任期机制采用无中心控制、无边界网络环境、细粒度和随机自治的算法
模式,通过赋予每个结点一个随机的任期,以改变传统的服务结点终身服务模式,
使服务结点的任期在时间上不可预测,任期结束时服务主动漂移到备份结点,临
灾时能够及时地将服务迅速撤离灾难现场,并将受损的结点切换到后台以完成自
身的恢复。
布朗运动机制实现了备份结点之间的自由竞争,以产生继任的服务结点,自
由竟争机制实现了结点切换的无前端控制模式,避免因增加系统的要害部位可能
带来的生存风险。继任结点在空间上不可预测,从而增强了被保护目标的隐蔽性。
提出的自适应柔性防护技术包括两个方面:自适应柔性TDM方法实现了服
务器任期、安全威胁程度和攻击强度等因素的联动,使生存能力和性能趋于协调;
自适应快速恢复技术实现.了服务结点因灾离任后的自适应快速恢复策略。
4.提出SRA评估方法
在sRA(Spati。一temPoralRo别ning Analyze一时空漂移分析)评估方法中,本
文基于对模型的实测和模拟提出生存能力评估的技术和方法,定性比较了具有容
灾特性的几个系统的相应指标。测试分析验证了本文的结论。模拟评估分析了影
响SE犯RT模型生存能力诸要素之间的关系。
本文所提出的SERIRT模型及其关键构件和技术,对分布式信息服务系统生
存能力的增强设计、评估和测试等均具有参考意义。相应成果在国家863、国家
网络与信息安全管理中心以及预研基金等项目中得到应用和验证,在项目验收时
得到专家的肯定并获得滚动支持,将继续在滚动项目把本文的成果推向实际应
用。
关键词:生存能力,多样化,应急响应与灾难恢复,调度算法,TDM方法,分
布式动态备份
II
The survivability technique is derived from the RAS (Reliability Availability and Serviceability). But with the extension to the info-war environment, many new features appear, such as the locality of the attacks to the attacked targets, the vulnerability of the homogeneous environment to the same attack, the invalidation of the rule of small probability events, the intelligence of the adversaries and extensive spreading of attack methods, etc. These features promote the requirement of new technologies, new methods and new policies for the survivability research, which are different from those of the RAS technique. The dissertation takes the requirement of emergency response and incident recovery as its research background, and focuses on the vulnerability of the homogeneous environment and the unpredictability of the attack behavior. The dissertation explores the key techniques and their implementations of the survivability enhancement of the network information system in info-war environment. The main contributions of the dissertation are as the follows:1. Proposing the SERIRT modelThe SERIRT (the Survivability based Emergency Response and Incident Recovery Technique) model starts from information security defense-in-depth architecture, and tries to find a way to enhance the survivability of a system in the emergency response and incident recovery phase. It constructs the diversity based redundant backup policy in the system construction phase, carries out the active tenure duty method (TDM) when the system is running, and provides rapid recovery after a failure.2. Proposing the diversity architecture theoretical model and its implementation caseIn the theoretical model, the dissertation concludes the concepts, the conclusions and the implementation techniques about diversity. It discusses the concept of the diversity survivability system, diversity space, diversity distance, etc. And it proposes the rules and the ways for the survivability technique design.Based on the theoretical model, the dissertation proposes, designs and implements a diversity based redundancy case, called distributed dynamic backup technique. This technique intends for the data survivability design of the SERIRT model and provides supports for the background recovery after an accident.3. Proposing, designing and implementing the TDM method
The TDM method uses the idea of chief in duty rule for reference. It implements the active roaming mechanism which means that whether the tragedy comes or not, the network information service will keep in motion randomly in the spatio-temporal aspect. It intends for the service survivability design of the SERIRT model, and tries to be in fair weather preparing for foul and to deal with accident actively for special applications.The stochastic tenure mechanism implements the stochastic and autonomous algorithm mode in boundless network environment, and the mode has no central control and fine grain features. The mechanism makes the tenure of the service node unpredictable by assigning a random tenure to the node and thus changes the traditional lifetime service pattern. The service will actively roam to a new node when the tenure is over. When a disaster occurs it can withdraw the services from the disaster scene, and switch the impaired nodes to background for self-recovery and immunity.The Brawn motion mechanism implements a free competition mechanism among the nodes in the same backup pool for the election of the successive service node. The free competition mechanism realize a control mode for service migration without central control and thus avoids the possible survival risk caused by increasing the vitals of the system. The location of the successive service node is also unpredictable. And therefore it improves the concealment of the protected target.The proposed adaptive flexible protection technique includes two sides: the adaptive flexible TDM method combines together with the change of the factors of the service tenure, the degree of threat and the attack strength, and makes a good balance between
引文
[1] Richard C. Linger, Andrew E Moore. Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models. Copyright 2001 by Carnegie Mellon University. October 2001
[2] 何德全.互联网环境下的突发危机管理.全国网络与信息安全技术研讨会主题报告.2003年7月21至22日.北京
[3] 某军区脆弱性分析与处置系统验收材料.2001-2002
[4] Charles Bain, Donald Faatz, Amgad Fayad, Douglas Williams. Diversity as a Defense Strategy in Information Systems Does Evidence from Previous Events Support Such an Approach. http://www.mitre.org/work/tech_papers/tech_papers_01/bain_diversity/bain_diversity.pdf
[5] Marco Casassa Mont, Adrian Baldwin, etc. Towards Diversity of COTS Software Applications: Reducing Risks of Widespread Faults and Attacks. http://www.hpl.hp.corn/research/tsl/extemal%20publications/tech%20reports/HPL-2002-178.pdf
[6] Richard C. Linger. Systematic Generation of Stochastic Diversity as an Intrusion Barrier in Survivable Systems Software.
[7] R.A. Hettinga, John Quarterman. Network Monoculture — Diversity, Survivability, and the Profitablity of Internet Commerce. http://www.xent.com/pipermall/fork/2002-May/011573.html
[8] Robert. J. Ellison, etc. Survivability: Protecting Your Critical System. http://www.sei.cmu.edu/organization/programs/nss/protect-critical-systems.html, 7,Feb, 00
[9] 陈蓉.容灾最后一个保障.http://www.e-works.net.cn/ewkArticles/Category47/Article1520.htm
[10] 方滨兴.论我国计算机网络应急处理体系.全国网络与信息安全技术研讨会主题报告.2003年7月21至22日.北京
[11] 宋成久.信息网络安全应用中的几个关键策略.CIIT2003信息网络安全技术论坛报告,2003年2月20日
[12] 卿斯汉.加强网络安全建设.CIIT2003信息网络安全技术论坛报告,2003年2月20日
[13] 樊建平.信息网络安全核心技术.CIIT2003信息网络安全技术论坛报告,2003年2月20日
[14] 韦乐平.下一代网络的生存性.计算机世界.2000-10-9日
[15] 863-301-06-03应急响应及灾难恢复框架总体设计.2000
[16] 863-301-06-03中期报告及验收报告.2000
[17] 国信安办技01—34目.“多样化动态备份与生存技术”技术报告及验收报告
[18] 国家网络与信息安全管理中心2001-研2-A-014项目:“主动漂移的网络可生存性增强技术”;总体设计说明书
[19] 十五863项目:“应急响应与事故恢复技术”验收报告
[20] 十五863项目:“应急响应与事故恢复技术”技术报告
[21] 协作式应急响应服务与基于漂移的可生存系统研究.国家高技术研究发展计划(863计划)课题任务合同书.课题编号:2003AA142080
[22] Deep Medhi, David Tipper. Multi-Layered Network Survivability - Models, Analysis, Architecture, Framework and Implementation: An Overview. Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX' 2000), Hilton Head Island, South Carolina, January 25-27, 2000
[23] R. C. Linger, N. R. Mead, and H. F. Lipson. Requirements Definition for Survivable Network Systems. Copyright 2000 by Carnegie Mellon University
[24] Lee M. Zeichner, LegalNet. Overhauling the Legal Infrastructure: The Importance of Information Survivability Principles-A Lawyer's Perspective. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[25] R. R. Stewart and Q. Xie. Aggregate. Server Access Protocol (ASAP). Internet Draft, IETF, Nov. 2000. draft-xie-rserpool-asap-01 .txt
[26] Axel W. Krings and Paul Oman. Secure and Survivable Software Systems. http://computer.Org/proceedings/hicss/l 874/track9/l 87490333.pdf
[27] John Knight. Survivability of Critical Infrastructure Systems. http://www.cse.msu.edu/~cse870/Materials/msu.seminar.PDF
[28] R. C. Linger, etc. Requirements Definition For Survivable Network Systems. http://www.sei.cmu.edu/ 97icre.pdf, 1999
[29] John. C. Knight, etc. Survivability architectures http://www.cs.virginia.edu/~survive/research/survive_arch/
[30] Nancy R. Mead, Robert Ellison, Richard C. Linger, Howard F. Lipson, John McHugh. Life-Cycle Models for Survivable Systems. Copyright ?2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[31] Xinyuan Wang. Survivability through Active Intrusion Response. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[32] Thomas Longstaff, Yacov Y. Haimes. Education and Knowledge Management: A Requisite For Information Assurance. Copyright ?2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[33] Paulo Ver'yssimo. The Middleware Architecture of MAFTIA: A Blueprint. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[34] L. Jean Camp, Catherine Wolfram. Pricing Security. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[35] Donald MacLeod, David Whyte. Towards System Survivability using the Single Virtual Enterprise Model and Layered Security through Information Protection Co-ordination Centres. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[36] Matti A. Hiltunen and Richard D. Schlichting Carlos A. Ugarte. Using Redundancy to Increase Survivability. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[37] Concepts and Trends in Information Survivability. CERT Centers http://www.nrcs.usda.gov/intranet/itd/NITS/CERT-hfRCS.pdf
[38] The Survivable Network Analysis Method: Assessing Survivability of Critical Systems, http://www.cert.org/archive/pdf/sna-short.pdf
[39] R. J. Ellison, R. C. Linger, T. Longstaff, N. R. Mead. A Case Study in Survivable Network System Analysis. Copyright 2001 by Carnegie Mellon University; September 1998
[40] Carol Taylor, Axel Krings and Jim Alves-Foss. Risk Analysis and Probabilistic Survivability Assessment (RAPSA): An Assessment Approach for Power Substation Hardeningl. http://www.cs.uidaho.edu/~krings/SACT-2002-T.pdf
[41] Florin Sultan, Kiran Srinivasan, etc. Migratory TCP: Connection Migration for Service Continuity in the Internet. Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02) 1063-6927/02 2002 IEEE
[4
[42] MTCP: TRANSPORT LAYER SUPPORT FOR HIGHLY AVAILABLE NETWORK SERVICES KIRAN SRINIVASAN. New Brunswick, New Jersey. October, 2001
[43] Thomas Ravier, Rob Brennan and Thomas Curran. Experimental studies of SCTP multi-homing, http://telecoms.eeng.dcu.ie/symposium/papers/B4.pdf
[44] R.R. Stewart, Q. Xie, K. Morneault, etc. Stream Control Transmission Protocol'. RFC 2960, IETF, Oct. 2000
[45] R.R. Stewart, Q. Xie, M. Tuexen, and I. Rytina. SCTP Dynamic Addition of IP addresses. Internet Draft, IETF, Nov. 2000. draft-stewart-addip-sctp-sigran-01.txt
[46] Phillip T. Conrad Gerard J. Heinz. SCTP IN BATTLEFIELD NETWORKS. http://www.cis.udel.edu/~amer/PEL/poc/pdf/milcom01-conrad-sctp.pdf
[47] Alex C. Snoeren, David G. Andersen, and Haft Balakrishnan. Fine-Grained Failover Using Connection Migration http://nms.1cs.mit.edu/software/migrate/
[48] A. C. Snoeren and H. Balakrishnan. TCP Connection Migration'; Internet Draft, IETF, Nov. 2000. draft-snoeren-tcp-migrate-00.txt
[49] Dynamic DNS. http://www.technopagan.org/dynamic/
[50] Norihiko YOSHIDA, Kazuo USHIJIMA Toshihiko SHIMOKAWA. DNS-based Mechanism for Policy-added Server Selection. http://www.tenbin.org/publication/ssgrr2000.pdf
[51] A. Cohen, S. Rangarajan, and H. Slye. On the performance of TCP splicing for URL-aware redirection. In Proc. USITS '99, Oct. 1999
[52] Wensong Zhang, Shiyao Jin, Quanyuan Wu.Creating Linux Virtual Servers. http://proxy.iinchina.net/~wensong
[53] 杨兵,黄遵国,胡光明.计算机工程与科学.基于高可用性的动态漂移技术研究.已录用
[54] Yongguang Zhang,Harrick Vin, Lorenzo Alvisi. Heterogeneous Networking: A New Survivability Paradigm. NSPW'01 September 1013,2001, Cloudcroft, New Mexico, USA.O2001 ACM 1-58113-457-6/01/0009
[55] Subhasish Mitra, Nirmal R. Saxena and Edward J. McCluskey. A DESIGN DIVERSITY METRIC AND RELIABILITY ANALYSIS FOR REDUNDANT SYSTEMS. Proceding of 1999. Intl. test Conf. P662-671. http://crc.stanford.edu/crc_papers/mitraitc99.pdf
[56] Samart Bhattatharjee, Mostafa H. Ammar, Ellen W Zegura, Viren Shah, ZhongMing Fei Application-layer Anycasting. ftp://ftp.cc.gatach.edU/pub/coc/tech-reports/1996/GIT-CC-96-25.ps.Z
[57] Alex C. Snoeren, Hari Balakrishnan, and M. Frans Kaashoek. Reconsidering Internet Mobility. Proc. 8th Workshop on Hot Topics in Operating Systems (HotOS-VIII)
[58] A. C. Snoeren and H. Balakrishnan. An end-to-end approach to host mobility. In Proc. ACM/IEEE Mobicom '00, pages 155-166, Aug. 2000
[59] S. Raman and S. McCanne. A model, analysis, and protocol framework for soft state-based communication. In Proc. ACM SIGCOMM '99, Sept. 1999
[60] C.Y. Chen. Mobility with the Internet and IP Networks. http://www.mobile-ip.com.cn/
[61] Howard Shrobe. Model-Based Diagnosis for Information Survivability. http://monet.aber.ac.uk:8080/monet/docs/pdf_files/DX_02/dx02final02.pdf
[62] Florin Sultan, AnirUddha Bohra, Liviu Iftod. Autonomous Transport Protocols for Content Based Networks, http://citeseer.nj.nec.com/sultan02autonomous.html
[63] Christopher Alberts and Audrey Dorofee. OCTAVESM Threat Profiles. http://www.sei.cmu.edu/pub/documents/99.report/pdf/99tr017.pdf
[64] Dr. Paul W. Oman, Dr. Axel Krings. ASSESSING THE SECURITY AND SURVIVABILITY OF TRANSPORTATION CONTROL NETWORKS. http://www.websl.uidaho.edu/niatt/research/UTC_projects/year5/klk215.htm
[6
[65] Alex C. Snoeren. Enabling Internet Suspend/Resume with Session Continuations. http://sow.lcs.mit.edu/2002/proceedings/snoeren.pdf
[66] Jonathan Michael Salz. Tesla: A Transparent, Extensible Session-Layer Framework for End-to-end Network Services.
[67] Anotai Srikitja ,etc. On Providing Survivable QoS Services in the Next Generation Internet. Supported in part by NSF grant NCR 9506652 and DARPA under agreement No. F30602-97-1-0257
[68] W. Lai, and D. McDysan. Network Hierarchy and Multilayer Survivability. rfc3386. November 2002
[69] Abdur Chowdhury, Ophir Friederl, Paul Luse, Peng-Jun Wan. Network Survivability Simulation of a Commercially Deployed Dynamic Routing System rotocol, http://www.ipdps.eece.unm.edu/2000/ftpds/18001286.pdf
[70] 刘鹏.Survivability-Principles and Techniques.全国计算机高级人才研讨班讲义,2001.8,北京
[71] David A. Fisher. Survivability and Simulation. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[72] Michael R. Barber. Increased Server Availability and Flexibility through Failover Capability. 1997 LISA XI - October 26-31, 1997 - San Diego, CA
[73] Subramaniam R. Sthanu,Thomas M. Parks. SURVIVABILITY THROUGH DYNAMIC RECONFIGURATION. http://www.11.mit.edu/IST/pubs/atirp98-sthanu/atirp98.pdf.
[74] William R. Cobb. Preparing for Communication Crisis Survivability and Restoration. http://www.ch2m.com/textonly/svcs/Telecommunications/WhitePapers/Pub_Tech Inc Comm_Crisis.pdf
[75] 刘凯 等.一种自组织通信网络的链路分群算法.通信学报,1998.4
[76] Z. Fei, S. Bhattacharjee, E. W. Zegura, and M. Ammar. A novel server selection technique for improving the response time of a replicated service. In Proc. IEEE Infocom '98, Mar. 1998
[77] IATF Release 3.0[J]—September 2000 Issued by National Security Agency, Information Assurance Solutions Technical Directors, USA
[78] 陈伟胜 等.专用网路由方法的改进及抗毁策略.电子学报,No.2,Vol 27,1999
[79] 曾志峰,杨义先.网络安全的发展与研究.计算机工程与应用,2000,Vol.36,No.10,P1—3
[80] Dan Galik. Defense in Depth: Security for Network-central Warfare, http://www.chips.navy.mil/archives/98_apr/galik.html
[81] 刘宝旭,徐箐,许榕生.黑客入侵防护体系研究与设计.计算机工程与应用,2001,Vol.37,NO.8,P1-3
[82] 胡华平,陈海涛,黄辰林,唐勇.入侵检测系统的研究现状与发展趋势.计算机工程与科学,2001,Vol.23,No.2,P20-25
[83] Zunguo HUANG. The Tenure Duty Method (TDM) in the Active Incident Recovery Research. APPT'03 proceeding; 2003-9, Xiamen, P. R. China
[84] 黄遵国,胡华平,夏戈明,胡光明.网络可生存性增强技术若干问题研究.全国网络与信息安全技术研讨会论文集.2003年7月21至22日.北京
[85] 黄遵国.联合战役中网络生存能力的思考.联合战役特殊作战问题学术研讨会论文集.2003-8,昆明
[86] 唐勇,胡华平,陈海涛,余娜娜,张怡,岳虹.基于代理的网络入侵检测系统的研制.计算机工程与科学,2002,Vol.24,No.1,P9-13
[87] 黄遵国,卢锡城,王怀民.多样化动态备份与生存技术研究.中国电子学会电子系统工程分会第九届C3I理论学术研讨会,中国电子学会优秀论文。 2000.11,合肥
[8
[88] Huang Zunguo, Lu Xicheng and Wang Huaimin. A Diversified Dynamic Redundancy Method Exploiting the Intrusion Tolerance. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[89] 卢锡城,王怀民,黄遵国.我国网络信息系统面临的挑战与对策.国防科技参考,2000.1
[90] 苗青,宣蕾,苏金树.网络安全战略预警系统的攻击检测技术研究.计算机工程与科学.2002,Vol.24,No.1,P14-17
[91] CERT/CC Overview Incident and Vulnerability Trends. 1998, 1999, 2000 by Carnegie Mellon University
[92] 胡华平,黄遵国,庞立会等.网络安全深度防御与保障体系研究.计算机工程与科学.2002,Vol.24,No.6;第7页
[93] 信息安全国家重点实验室.美国信息保障国家战略.信息安全保障战略研讨会会议资料.2003年4月6日,北京
[94] Algirdas Avizienis, Jean-Claude Laprie, Brian Randell. Fundamental Concepts of Dependability. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[95] 冯玉才,王冬敏等.多服务器热备份机制的设计和实现.华中科技大学学报(自然科学版).Vol.31 No.2
[96] 阎雪编著,黑客就这么几招(第2版),北京科海集团公司,2002年3月。
[97] Gregor von Laszewski and Ian Foster. Usage of LDAP in Globus. http://www-leland.stanford.edu/hodges/talks/
[98] 黄遵国,胡光明,任剑勇.一种安全灾难的快速响应与恢复(r—RR)框架及其实现研究.计算机工程与科学.2001,Vol.23,No.6;第43页
[99] 黄遵国,卢锡城,王怀民.国防科技大学学报.可生存性技术及其实现框架.2002,Vol.24,No.5;第29页
[100] Loenard Kleinrock. Queuing system. Aviley-Interscience Publication. 1975
[101] 林闯.随机Petri网和系统性能评价.清华大学出版社;2000-1.ISBN7-302-01017-X/TP.2165
[102] Shih-Kun Huang et al. Survival Acceptability Evaluation and Incident Case Report in Taiwan. FIRST'12, 2000
[103] McClure,Secmbray,Kurtz编著,杨继张 译.黑客大曝光.清华大学出版社.2000-9.ISBN 7-302-04000-1/TP.2346
[104] Andreas Muller. Linux Clustering. Linux Conference, 27. Juni 2000 May 24, 2002; Copyright 2002, Massachusetts Institute of Technology ftp://ftp.isi.edu/in-notes/rfc3386.txt
[2] 何德全.互联网环境下的突发危机管理.全国网络与信息安全技术研讨会主题报告.2003年7月21至22日.北京
[3] 某军区脆弱性分析与处置系统验收材料.2001-2002
[4] Charles Bain, Donald Faatz, Amgad Fayad, Douglas Williams. Diversity as a Defense Strategy in Information Systems Does Evidence from Previous Events Support Such an Approach. http://www.mitre.org/work/tech_papers/tech_papers_01/bain_diversity/bain_diversity.pdf
[5] Marco Casassa Mont, Adrian Baldwin, etc. Towards Diversity of COTS Software Applications: Reducing Risks of Widespread Faults and Attacks. http://www.hpl.hp.corn/research/tsl/extemal%20publications/tech%20reports/HPL-2002-178.pdf
[6] Richard C. Linger. Systematic Generation of Stochastic Diversity as an Intrusion Barrier in Survivable Systems Software.
[7] R.A. Hettinga, John Quarterman. Network Monoculture — Diversity, Survivability, and the Profitablity of Internet Commerce. http://www.xent.com/pipermall/fork/2002-May/011573.html
[8] Robert. J. Ellison, etc. Survivability: Protecting Your Critical System. http://www.sei.cmu.edu/organization/programs/nss/protect-critical-systems.html, 7,Feb, 00
[9] 陈蓉.容灾最后一个保障.http://www.e-works.net.cn/ewkArticles/Category47/Article1520.htm
[10] 方滨兴.论我国计算机网络应急处理体系.全国网络与信息安全技术研讨会主题报告.2003年7月21至22日.北京
[11] 宋成久.信息网络安全应用中的几个关键策略.CIIT2003信息网络安全技术论坛报告,2003年2月20日
[12] 卿斯汉.加强网络安全建设.CIIT2003信息网络安全技术论坛报告,2003年2月20日
[13] 樊建平.信息网络安全核心技术.CIIT2003信息网络安全技术论坛报告,2003年2月20日
[14] 韦乐平.下一代网络的生存性.计算机世界.2000-10-9日
[15] 863-301-06-03应急响应及灾难恢复框架总体设计.2000
[16] 863-301-06-03中期报告及验收报告.2000
[17] 国信安办技01—34目.“多样化动态备份与生存技术”技术报告及验收报告
[18] 国家网络与信息安全管理中心2001-研2-A-014项目:“主动漂移的网络可生存性增强技术”;总体设计说明书
[19] 十五863项目:“应急响应与事故恢复技术”验收报告
[20] 十五863项目:“应急响应与事故恢复技术”技术报告
[21] 协作式应急响应服务与基于漂移的可生存系统研究.国家高技术研究发展计划(863计划)课题任务合同书.课题编号:2003AA142080
[22] Deep Medhi, David Tipper. Multi-Layered Network Survivability - Models, Analysis, Architecture, Framework and Implementation: An Overview. Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX' 2000), Hilton Head Island, South Carolina, January 25-27, 2000
[23] R. C. Linger, N. R. Mead, and H. F. Lipson. Requirements Definition for Survivable Network Systems. Copyright 2000 by Carnegie Mellon University
[24] Lee M. Zeichner, LegalNet. Overhauling the Legal Infrastructure: The Importance of Information Survivability Principles-A Lawyer's Perspective. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[25] R. R. Stewart and Q. Xie. Aggregate. Server Access Protocol (ASAP). Internet Draft, IETF, Nov. 2000. draft-xie-rserpool-asap-01 .txt
[26] Axel W. Krings and Paul Oman. Secure and Survivable Software Systems. http://computer.Org/proceedings/hicss/l 874/track9/l 87490333.pdf
[27] John Knight. Survivability of Critical Infrastructure Systems. http://www.cse.msu.edu/~cse870/Materials/msu.seminar.PDF
[28] R. C. Linger, etc. Requirements Definition For Survivable Network Systems. http://www.sei.cmu.edu/ 97icre.pdf, 1999
[29] John. C. Knight, etc. Survivability architectures http://www.cs.virginia.edu/~survive/research/survive_arch/
[30] Nancy R. Mead, Robert Ellison, Richard C. Linger, Howard F. Lipson, John McHugh. Life-Cycle Models for Survivable Systems. Copyright ?2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[31] Xinyuan Wang. Survivability through Active Intrusion Response. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[32] Thomas Longstaff, Yacov Y. Haimes. Education and Knowledge Management: A Requisite For Information Assurance. Copyright ?2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[33] Paulo Ver'yssimo. The Middleware Architecture of MAFTIA: A Blueprint. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[34] L. Jean Camp, Catherine Wolfram. Pricing Security. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[35] Donald MacLeod, David Whyte. Towards System Survivability using the Single Virtual Enterprise Model and Layered Security through Information Protection Co-ordination Centres. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[36] Matti A. Hiltunen and Richard D. Schlichting Carlos A. Ugarte. Using Redundancy to Increase Survivability. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26,2000, Boston MA, USA
[37] Concepts and Trends in Information Survivability. CERT Centers http://www.nrcs.usda.gov/intranet/itd/NITS/CERT-hfRCS.pdf
[38] The Survivable Network Analysis Method: Assessing Survivability of Critical Systems, http://www.cert.org/archive/pdf/sna-short.pdf
[39] R. J. Ellison, R. C. Linger, T. Longstaff, N. R. Mead. A Case Study in Survivable Network System Analysis. Copyright 2001 by Carnegie Mellon University; September 1998
[40] Carol Taylor, Axel Krings and Jim Alves-Foss. Risk Analysis and Probabilistic Survivability Assessment (RAPSA): An Assessment Approach for Power Substation Hardeningl. http://www.cs.uidaho.edu/~krings/SACT-2002-T.pdf
[41] Florin Sultan, Kiran Srinivasan, etc. Migratory TCP: Connection Migration for Service Continuity in the Internet. Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02) 1063-6927/02 2002 IEEE
[4
[42] MTCP: TRANSPORT LAYER SUPPORT FOR HIGHLY AVAILABLE NETWORK SERVICES KIRAN SRINIVASAN. New Brunswick, New Jersey. October, 2001
[43] Thomas Ravier, Rob Brennan and Thomas Curran. Experimental studies of SCTP multi-homing, http://telecoms.eeng.dcu.ie/symposium/papers/B4.pdf
[44] R.R. Stewart, Q. Xie, K. Morneault, etc. Stream Control Transmission Protocol'. RFC 2960, IETF, Oct. 2000
[45] R.R. Stewart, Q. Xie, M. Tuexen, and I. Rytina. SCTP Dynamic Addition of IP addresses. Internet Draft, IETF, Nov. 2000. draft-stewart-addip-sctp-sigran-01.txt
[46] Phillip T. Conrad Gerard J. Heinz. SCTP IN BATTLEFIELD NETWORKS. http://www.cis.udel.edu/~amer/PEL/poc/pdf/milcom01-conrad-sctp.pdf
[47] Alex C. Snoeren, David G. Andersen, and Haft Balakrishnan. Fine-Grained Failover Using Connection Migration http://nms.1cs.mit.edu/software/migrate/
[48] A. C. Snoeren and H. Balakrishnan. TCP Connection Migration'; Internet Draft, IETF, Nov. 2000. draft-snoeren-tcp-migrate-00.txt
[49] Dynamic DNS. http://www.technopagan.org/dynamic/
[50] Norihiko YOSHIDA, Kazuo USHIJIMA Toshihiko SHIMOKAWA. DNS-based Mechanism for Policy-added Server Selection. http://www.tenbin.org/publication/ssgrr2000.pdf
[51] A. Cohen, S. Rangarajan, and H. Slye. On the performance of TCP splicing for URL-aware redirection. In Proc. USITS '99, Oct. 1999
[52] Wensong Zhang, Shiyao Jin, Quanyuan Wu.Creating Linux Virtual Servers. http://proxy.iinchina.net/~wensong
[53] 杨兵,黄遵国,胡光明.计算机工程与科学.基于高可用性的动态漂移技术研究.已录用
[54] Yongguang Zhang,Harrick Vin, Lorenzo Alvisi. Heterogeneous Networking: A New Survivability Paradigm. NSPW'01 September 1013,2001, Cloudcroft, New Mexico, USA.O2001 ACM 1-58113-457-6/01/0009
[55] Subhasish Mitra, Nirmal R. Saxena and Edward J. McCluskey. A DESIGN DIVERSITY METRIC AND RELIABILITY ANALYSIS FOR REDUNDANT SYSTEMS. Proceding of 1999. Intl. test Conf. P662-671. http://crc.stanford.edu/crc_papers/mitraitc99.pdf
[56] Samart Bhattatharjee, Mostafa H. Ammar, Ellen W Zegura, Viren Shah, ZhongMing Fei Application-layer Anycasting. ftp://ftp.cc.gatach.edU/pub/coc/tech-reports/1996/GIT-CC-96-25.ps.Z
[57] Alex C. Snoeren, Hari Balakrishnan, and M. Frans Kaashoek. Reconsidering Internet Mobility. Proc. 8th Workshop on Hot Topics in Operating Systems (HotOS-VIII)
[58] A. C. Snoeren and H. Balakrishnan. An end-to-end approach to host mobility. In Proc. ACM/IEEE Mobicom '00, pages 155-166, Aug. 2000
[59] S. Raman and S. McCanne. A model, analysis, and protocol framework for soft state-based communication. In Proc. ACM SIGCOMM '99, Sept. 1999
[60] C.Y. Chen. Mobility with the Internet and IP Networks. http://www.mobile-ip.com.cn/
[61] Howard Shrobe. Model-Based Diagnosis for Information Survivability. http://monet.aber.ac.uk:8080/monet/docs/pdf_files/DX_02/dx02final02.pdf
[62] Florin Sultan, AnirUddha Bohra, Liviu Iftod. Autonomous Transport Protocols for Content Based Networks, http://citeseer.nj.nec.com/sultan02autonomous.html
[63] Christopher Alberts and Audrey Dorofee. OCTAVESM Threat Profiles. http://www.sei.cmu.edu/pub/documents/99.report/pdf/99tr017.pdf
[64] Dr. Paul W. Oman, Dr. Axel Krings. ASSESSING THE SECURITY AND SURVIVABILITY OF TRANSPORTATION CONTROL NETWORKS. http://www.websl.uidaho.edu/niatt/research/UTC_projects/year5/klk215.htm
[6
[65] Alex C. Snoeren. Enabling Internet Suspend/Resume with Session Continuations. http://sow.lcs.mit.edu/2002/proceedings/snoeren.pdf
[66] Jonathan Michael Salz. Tesla: A Transparent, Extensible Session-Layer Framework for End-to-end Network Services.
[67] Anotai Srikitja ,etc. On Providing Survivable QoS Services in the Next Generation Internet. Supported in part by NSF grant NCR 9506652 and DARPA under agreement No. F30602-97-1-0257
[68] W. Lai, and D. McDysan. Network Hierarchy and Multilayer Survivability. rfc3386. November 2002
[69] Abdur Chowdhury, Ophir Friederl, Paul Luse, Peng-Jun Wan. Network Survivability Simulation of a Commercially Deployed Dynamic Routing System rotocol, http://www.ipdps.eece.unm.edu/2000/ftpds/18001286.pdf
[70] 刘鹏.Survivability-Principles and Techniques.全国计算机高级人才研讨班讲义,2001.8,北京
[71] David A. Fisher. Survivability and Simulation. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[72] Michael R. Barber. Increased Server Availability and Flexibility through Failover Capability. 1997 LISA XI - October 26-31, 1997 - San Diego, CA
[73] Subramaniam R. Sthanu,Thomas M. Parks. SURVIVABILITY THROUGH DYNAMIC RECONFIGURATION. http://www.11.mit.edu/IST/pubs/atirp98-sthanu/atirp98.pdf.
[74] William R. Cobb. Preparing for Communication Crisis Survivability and Restoration. http://www.ch2m.com/textonly/svcs/Telecommunications/WhitePapers/Pub_Tech Inc Comm_Crisis.pdf
[75] 刘凯 等.一种自组织通信网络的链路分群算法.通信学报,1998.4
[76] Z. Fei, S. Bhattacharjee, E. W. Zegura, and M. Ammar. A novel server selection technique for improving the response time of a replicated service. In Proc. IEEE Infocom '98, Mar. 1998
[77] IATF Release 3.0[J]—September 2000 Issued by National Security Agency, Information Assurance Solutions Technical Directors, USA
[78] 陈伟胜 等.专用网路由方法的改进及抗毁策略.电子学报,No.2,Vol 27,1999
[79] 曾志峰,杨义先.网络安全的发展与研究.计算机工程与应用,2000,Vol.36,No.10,P1—3
[80] Dan Galik. Defense in Depth: Security for Network-central Warfare, http://www.chips.navy.mil/archives/98_apr/galik.html
[81] 刘宝旭,徐箐,许榕生.黑客入侵防护体系研究与设计.计算机工程与应用,2001,Vol.37,NO.8,P1-3
[82] 胡华平,陈海涛,黄辰林,唐勇.入侵检测系统的研究现状与发展趋势.计算机工程与科学,2001,Vol.23,No.2,P20-25
[83] Zunguo HUANG. The Tenure Duty Method (TDM) in the Active Incident Recovery Research. APPT'03 proceeding; 2003-9, Xiamen, P. R. China
[84] 黄遵国,胡华平,夏戈明,胡光明.网络可生存性增强技术若干问题研究.全国网络与信息安全技术研讨会论文集.2003年7月21至22日.北京
[85] 黄遵国.联合战役中网络生存能力的思考.联合战役特殊作战问题学术研讨会论文集.2003-8,昆明
[86] 唐勇,胡华平,陈海涛,余娜娜,张怡,岳虹.基于代理的网络入侵检测系统的研制.计算机工程与科学,2002,Vol.24,No.1,P9-13
[87] 黄遵国,卢锡城,王怀民.多样化动态备份与生存技术研究.中国电子学会电子系统工程分会第九届C3I理论学术研讨会,中国电子学会优秀论文。 2000.11,合肥
[8
[88] Huang Zunguo, Lu Xicheng and Wang Huaimin. A Diversified Dynamic Redundancy Method Exploiting the Intrusion Tolerance. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[89] 卢锡城,王怀民,黄遵国.我国网络信息系统面临的挑战与对策.国防科技参考,2000.1
[90] 苗青,宣蕾,苏金树.网络安全战略预警系统的攻击检测技术研究.计算机工程与科学.2002,Vol.24,No.1,P14-17
[91] CERT/CC Overview Incident and Vulnerability Trends. 1998, 1999, 2000 by Carnegie Mellon University
[92] 胡华平,黄遵国,庞立会等.网络安全深度防御与保障体系研究.计算机工程与科学.2002,Vol.24,No.6;第7页
[93] 信息安全国家重点实验室.美国信息保障国家战略.信息安全保障战略研讨会会议资料.2003年4月6日,北京
[94] Algirdas Avizienis, Jean-Claude Laprie, Brian Randell. Fundamental Concepts of Dependability. Copyright 2000 IEEE. Published in the Proceedings of the Third Information Survivability, Workshop (ISW-2000), October 24-26, 2000, Boston MA, USA
[95] 冯玉才,王冬敏等.多服务器热备份机制的设计和实现.华中科技大学学报(自然科学版).Vol.31 No.2
[96] 阎雪编著,黑客就这么几招(第2版),北京科海集团公司,2002年3月。
[97] Gregor von Laszewski and Ian Foster. Usage of LDAP in Globus. http://www-leland.stanford.edu/hodges/talks/
[98] 黄遵国,胡光明,任剑勇.一种安全灾难的快速响应与恢复(r—RR)框架及其实现研究.计算机工程与科学.2001,Vol.23,No.6;第43页
[99] 黄遵国,卢锡城,王怀民.国防科技大学学报.可生存性技术及其实现框架.2002,Vol.24,No.5;第29页
[100] Loenard Kleinrock. Queuing system. Aviley-Interscience Publication. 1975
[101] 林闯.随机Petri网和系统性能评价.清华大学出版社;2000-1.ISBN7-302-01017-X/TP.2165
[102] Shih-Kun Huang et al. Survival Acceptability Evaluation and Incident Case Report in Taiwan. FIRST'12, 2000
[103] McClure,Secmbray,Kurtz编著,杨继张 译.黑客大曝光.清华大学出版社.2000-9.ISBN 7-302-04000-1/TP.2346
[104] Andreas Muller. Linux Clustering. Linux Conference, 27. Juni 2000 May 24, 2002; Copyright 2002, Massachusetts Institute of Technology ftp://ftp.isi.edu/in-notes/rfc3386.txt