网络信息系统可生存性技术研究
|
摘要
随着国家信息化带动工业化发展战略的确定,计算机网络与信息系统建设取得了长足的发展,网络系统广泛地应用于工业、商业、政府和国防部门。网络系统内、外部环境日趋复杂使得任何网络系统都不可能是安全的,因此,信息系统的可生存性技术研究,是继系统安全性之后的又一个重要方向。
本文所作的主要工作是研究网络信息系统的可生存性评估和增强技术,达到能够分析和定位信息系统可生存性弱点,并在给出量化分析的结果的基础上,提出改进可生存性状况的增强方法。主要包括以下几个方面:
首先,利用随机Petri网模型对信息系统可生存性分析进行了建模研究。第一步,将信息系统抽象为请求组件、通信组件、处理组件、和存储组件四个部分,第二步,将信息系统工作流程形式化描述和可生存性分析建模相结合,分别描述了通用信息系统、系统组件失效修复、串联并接、冗余以及具有可生存属性组件的建模方法。第三步,通过模拟的方法实现对信息系统形式化描述的同时对其生存能力做了定性和定量分析。
其次,提出了一种信息系统可生存性的层次化评估模型。该模型根据系统中关键服务及其原子服务组件信息,进行漏洞探测,生成网络攻击图和攻击方案,并对系统进行基于真实环境下的可生存性测试,记录攻击中和攻击后的服务质量变化。通过服务质量变化分析系统可生存性的四个关键属性,最终实现对整个网络系统的可生存性量化分析。
再次,在系统冗余和多样性的前提条件下,提出了原子组件自组织来增强系统可生存性方法;根据中心极限定理以及系统运行历史数据,获取原子组件可生存性变化曲线,并结合系统服务效率以及服务质量等因素,设计了基于自组织的可生存性增强算法。
第四,在介绍了多种连接迁移技术的基础上,设计一个基于连接迁移技术的服务自组织系统。该系统根据服务处理流程将系统组件分解为通信组件、服务分发组件、服务提供组件;备份组件将其可生存性信息实时发送给工作组件,并获取最新服务状态列表,当某一组件可生存性最高时,根据组件的功能及其在体系结构中的位置,通过多种连接迁移技术进行服务自组织,该系统具有对用户透明,配置简单灵活的优点。实验证明,该方法可以有效提高服务质量,并达到增强服务可生存性目的。
网络信息系统可生存性技术研究还处于起步阶段,本文针对信息系统设计阶段,提出使用随机Petri网进行建模的方法,该技术研究成果可有效指导系统可生存性设计;其次对于基于网络的信息系统提出了基于层次化的评估模型,可以帮助系统管理员快速定位影响系统生存性的关节点;在生存性增强方面,首先,提出基于服务自组织的可生存性增强算法,设计并实现了一个基于连接迁移的服务可生存性增强系统,该系统基于TCP协议实现,具有良好的通用性,具有重要的应用价值。
With the implement of the strategies that national information technologystimulates the development of industrialization,computer networks andinformation systems have made considerable progress;network system is widelyused in industry,commerce,government and defense security.The internal andexternal environment of network system is becoming increasingly complex,whichmakes none of the network systems absolutely safe.As a new direction in networksecurity,survivability is different from traditional network security,it provides uswith a new way to conduct the research of the network security.
The present dissertation probes into the evaluation of survivability and thetechnology of enhancing network information system thus the weak points of theinformation system could be analyzed and located,meanwhile the method ofenhancing survivability of the system could be proposed based on the result of thequantitative analysis.The dissertation involved the following aspects:
Firstly,the modeling method of information system survivability analysisbased on Stochastic Petri Net(SPN) is presented.In this model,networkinformation system is divided into request modules,communication modules,processing modules and storing modules.And then,combining formal descriptionof system working flow with survivability analysis modeling,the dissertationrespectively describes the SPN modeling method of universal information systemmodel,service disabled,recovery,modules redundancy and survivability attributemodel.Accordingly,makes quality and quantity analysis of system survivability.
Secondly,a hierarchical evaluation model of network system survivability isproposed.According to this model,the first step is gathering the information ofkey services and atomic service compositions and then detecting the leakinformation.The second step is building the network attack graph and theattacking scheme.The third is replaying attacking data.Finally,the survivability is quantified according the records of the QoS before and after attacking.
Thirdly,based on redundancy and diversity the method of enhancing systemsurvivability is proposed by self-organization.According to the historical data ofaverage response time,survivability curves are drawn.The self-organizationalgorithm is designed based on the survivability of atomic modules,systemefficiency and the quality of service.
Fourthly,service self-organization system is put forward based onconnection handoff under the condition of redundant backup.According toservice processing flow,the system is divided into communication,servicedistribution and service supply modules.Backup modules' survivabilityinformation is send to online modules and gets the list of newest service states.When the survivability of a module is highest,the self-organization strategies areimplemented using multi-handoff technology.The system possesses the meritssuch as transparency to users,flexibility and operability of the configuration.Experiments confirm that this method can enhance the quality of service andimprove service survivability.
The research of network information system survivability is still at thestarting phase.The model of information system survivability analysis based onstochastic Petri net is put forward for system design;the result of the research canprovide a direct for survivability design.Then a hierarchical evaluation model ofsurvivability is proposed for networked information system which can helpsystem administrator locate the weak point of information system rapidly.In orderto enhance the system survivability,the service self-organization algorithm isdesigned based on the survivability of atomic modules,and then serviceself-organization system which is based on TCP protocol is put forward based onconnection handoff.The system possesses a sound universality and applicability.
本文所作的主要工作是研究网络信息系统的可生存性评估和增强技术,达到能够分析和定位信息系统可生存性弱点,并在给出量化分析的结果的基础上,提出改进可生存性状况的增强方法。主要包括以下几个方面:
首先,利用随机Petri网模型对信息系统可生存性分析进行了建模研究。第一步,将信息系统抽象为请求组件、通信组件、处理组件、和存储组件四个部分,第二步,将信息系统工作流程形式化描述和可生存性分析建模相结合,分别描述了通用信息系统、系统组件失效修复、串联并接、冗余以及具有可生存属性组件的建模方法。第三步,通过模拟的方法实现对信息系统形式化描述的同时对其生存能力做了定性和定量分析。
其次,提出了一种信息系统可生存性的层次化评估模型。该模型根据系统中关键服务及其原子服务组件信息,进行漏洞探测,生成网络攻击图和攻击方案,并对系统进行基于真实环境下的可生存性测试,记录攻击中和攻击后的服务质量变化。通过服务质量变化分析系统可生存性的四个关键属性,最终实现对整个网络系统的可生存性量化分析。
再次,在系统冗余和多样性的前提条件下,提出了原子组件自组织来增强系统可生存性方法;根据中心极限定理以及系统运行历史数据,获取原子组件可生存性变化曲线,并结合系统服务效率以及服务质量等因素,设计了基于自组织的可生存性增强算法。
第四,在介绍了多种连接迁移技术的基础上,设计一个基于连接迁移技术的服务自组织系统。该系统根据服务处理流程将系统组件分解为通信组件、服务分发组件、服务提供组件;备份组件将其可生存性信息实时发送给工作组件,并获取最新服务状态列表,当某一组件可生存性最高时,根据组件的功能及其在体系结构中的位置,通过多种连接迁移技术进行服务自组织,该系统具有对用户透明,配置简单灵活的优点。实验证明,该方法可以有效提高服务质量,并达到增强服务可生存性目的。
网络信息系统可生存性技术研究还处于起步阶段,本文针对信息系统设计阶段,提出使用随机Petri网进行建模的方法,该技术研究成果可有效指导系统可生存性设计;其次对于基于网络的信息系统提出了基于层次化的评估模型,可以帮助系统管理员快速定位影响系统生存性的关节点;在生存性增强方面,首先,提出基于服务自组织的可生存性增强算法,设计并实现了一个基于连接迁移的服务可生存性增强系统,该系统基于TCP协议实现,具有良好的通用性,具有重要的应用价值。
With the implement of the strategies that national information technologystimulates the development of industrialization,computer networks andinformation systems have made considerable progress;network system is widelyused in industry,commerce,government and defense security.The internal andexternal environment of network system is becoming increasingly complex,whichmakes none of the network systems absolutely safe.As a new direction in networksecurity,survivability is different from traditional network security,it provides uswith a new way to conduct the research of the network security.
The present dissertation probes into the evaluation of survivability and thetechnology of enhancing network information system thus the weak points of theinformation system could be analyzed and located,meanwhile the method ofenhancing survivability of the system could be proposed based on the result of thequantitative analysis.The dissertation involved the following aspects:
Firstly,the modeling method of information system survivability analysisbased on Stochastic Petri Net(SPN) is presented.In this model,networkinformation system is divided into request modules,communication modules,processing modules and storing modules.And then,combining formal descriptionof system working flow with survivability analysis modeling,the dissertationrespectively describes the SPN modeling method of universal information systemmodel,service disabled,recovery,modules redundancy and survivability attributemodel.Accordingly,makes quality and quantity analysis of system survivability.
Secondly,a hierarchical evaluation model of network system survivability isproposed.According to this model,the first step is gathering the information ofkey services and atomic service compositions and then detecting the leakinformation.The second step is building the network attack graph and theattacking scheme.The third is replaying attacking data.Finally,the survivability is quantified according the records of the QoS before and after attacking.
Thirdly,based on redundancy and diversity the method of enhancing systemsurvivability is proposed by self-organization.According to the historical data ofaverage response time,survivability curves are drawn.The self-organizationalgorithm is designed based on the survivability of atomic modules,systemefficiency and the quality of service.
Fourthly,service self-organization system is put forward based onconnection handoff under the condition of redundant backup.According toservice processing flow,the system is divided into communication,servicedistribution and service supply modules.Backup modules' survivabilityinformation is send to online modules and gets the list of newest service states.When the survivability of a module is highest,the self-organization strategies areimplemented using multi-handoff technology.The system possesses the meritssuch as transparency to users,flexibility and operability of the configuration.Experiments confirm that this method can enhance the quality of service andimprove service survivability.
The research of network information system survivability is still at thestarting phase.The model of information system survivability analysis based onstochastic Petri net is put forward for system design;the result of the research canprovide a direct for survivability design.Then a hierarchical evaluation model ofsurvivability is proposed for networked information system which can helpsystem administrator locate the weak point of information system rapidly.In orderto enhance the system survivability,the service self-organization algorithm isdesigned based on the survivability of atomic modules,and then serviceself-organization system which is based on TCP protocol is put forward based onconnection handoff.The system possesses a sound universality and applicability.
引文
[1] Yurcik William, Doss David, Kruse Hans. Survivability-over-Security: Providing Whole System Assurance. In: the 3rd IEEE/SEI/CERT Information Survivability Workshop (ISW-2000). IEEE Computer Soc. Press, Los Alamitos, Calif., 2000: 201-204P
[2] Hollway BA, Neumann PG. Survivable computer-communication systems: The problem and working group recommendations. Washington: US Army Research Laboratory, 1993
[3] Nancy R Mead, Robert J Ellison, Richard C Linger et al. Survivable Network Analysis Method. http://www.cert.org/archive/pdf/00tr013.pdf
[4] R J Ellison, D A Fisher, R C Linger et al. An Approach to Survivable Systems. In: the NATO IST Symposium on Protecting Information Systems in the 21 st Century, Washington, DC, 1999, 10
[5] Richard C Linger, Howard F Lipson, John McHugh et al. Life-Cycle Models for Survivable Systems. Sledge TECHNICAL REPORT CMU/SEI-2002-TR-026ESC-TR -2002-026. 2002, 10
[6] J.E llison, A .Fisher, C .Lingeret al . Survivable Network Systems: an Emerging Discipline. Technical Report CMU/SEI-97-TR-013, Carnegie Mellon University, 1997. Available online at http://www.sei .cmu. edu/publications/
[7] A. Julia, S. Carol. Information Survivability: Required Shifts in Perspective. The Journal of Defense Software Engineering. 2002:7-9P
[8] A. Krings, W Harrison. Scheduling Issues in Survivability Applications Using Hybrid Fault Models. Parallel Processing Letters.2004, (14)1: 5P, 22P
[9] K. John, E. Strunk, K. Sullivan. Towards a Rigorous Definition of Information System Survivability. Proceedings of the DISCEX'03, 2003,(l):78-89P
[10]Moitra Soumyo D., Oki Eiji, Yamanaka Naoaki.Some New Survivability Measure for Network Analysis and Design.IEICE Transactions on Communications.1997, E80-B(4): 625-631 P
[11]T1A 1.2 Working Group.(Accessed athttp://www.tl.ort/tlal/al2-hom.htm.)[12]CCERT.(Accessed at http://www.ccert.edu.cn/.)
[13]王东霞,窦文华.保证关键服务生存性的ATM网络资源管理.计算机研究与发展.2000, 37 (1):50 -54页
[14]史国炜,曹烈光.SDH接入网的网络生存性研究.清华大学学报自然科学版.2003, 43 (9):1269-2171页
[15]Westmark V R.A Definition for Information System Survivability.Proceedings of the37HawaiiInternalConferenceonSystem Sciences(HICSS'04), Track 9,2004
[16]Knight J C,Strunk E A, Sullivan K J.Towards a Rigorous Definition of Information System Survivability.In: Proceedings of DARPA Information Survivability Conference and Exposition, 2003, 1:78-89P
[17]IEEE Std 1061-1992.IEEE Standard for a Software Quality Metrics Methodology.1992
[18]林雪纲,许榕生,熊华等.一种信息系统生存性的量化分析框架.电子与信息学报.2006, 28(9): 1721-1726页
[19]林雪纲,熊华,叶进星等.信息系统生存性分析研究综述.计算机工程.2006, 5(32):1-3页.
[20]D.Medhi.A Unified Approach to Network Survivability for Teletraffic Network s: Models, Algorithms and Analysis.Communications, IEEE Trans.1994,(42)234:534- 548P
[21]C.Liew, W Lu.A Framework for Characterizing Disaster-based Network Survivability].SelectedAreasinCommunications,IEEEJournal,1994,(12)1:52-58P
[22]C.Hakki, S.Cankaya.Improved Survivability Analysis for SONET SHRs.Computer Networks.1999,31(23-24):2505-2528P
[23]Moitra Soumyo D.,Konda Suresh L.A Simulation Model for Managing Survivability of Networked InformationSystems.TechnicalReport CMUISEI-2000-TR-020.2000
[24]S.Jha, J.Wing, R Linger Survivability Analysis of Network Specifications.International Conference on Dependable Systems and Networks (DSN 2000)June 2000
[25]Somesh Jha Jeannette M.Wing Survivability Analysis of Networked Systems.Proceedings of the 23rd International Conference on Software Engineering (ICSE'01).Toronto, Canada,2001.307-317P
[26]Ellison Robert J., Linger Richard C., Longstaf Thomas A., A.Case Study in Survivable NetworkSystem Analysis.TechnicalReport,CMU/SEI-98-TR-014, Carnegie Mellon University.1998
[27]Ellison Robert J., Li nger Richard C., Longstaf Thomas.A Survivable Network System Analysis: A Case Study.IEEE Software.1999,16(4):70-77P
[28]Taylor, Krings, Alves-Foss.Risk Analysis and Probabilistic Survivability Assessment (RAPSA): An Assessment Approach for Power Substation Hardening.ACM Workshop of Scientific Aspects of Cyber Terrorism.November 2002
[29]高献伟,林雪纲,许榕生.生存性分析方法中的3R量化分析.计算机仿真.2004, 21(11): 125-128页,216页
[30]郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报.2002, 30(10): 1190-1193页
[31]Gao, Zhixing, et al.Survivability Assessment Modeling Dependencies in Information Systems.IS W2001-2002
[32]包秀国,胡铭曾.两种网络安全管理系统的生存性定量分析方法.通信学报.2004, 25(9): 34-41页
[33]陈家庆,刘俊,张大方.基于数据流的网络安全系统生存性评估研究.计算机工程与应用.2008, 44(2): 140-143页
[34]吴文光,黄遵国,陈海涛.基于状态转换的信息服务系统可生存性评估方法.计算机工程与科学.2007, 29(2): 112-115页
[35]McDermott J..Attack-Potential-BasedSurvivabilityModelingfor High-Consequence Systems.In: Proceedings of the 3rd IEEE International Workshop on Information Assurance (IW IA'05), Callege Park.Maryland.USA, 2005, 119-130P
[36]王前,谢寿生,陈性元,唐慧林.网络系统生存性分析研究.计算机应用研究.2007, 24(11): 111-113页
[37]杜君,蒋卫华,李伟华.基于可生存性的系统安全评估方法.计算机工程.2007, 33(3): 167-168页,171页
[38]林雪纲,许榕生.信息系统生存性分析模型研究.通信学报.2006,27(2):153-159页
[39]Jha S, Wing J, Linger R, Longstaff T.Survivability analysis of network specifications.Proceeding of International Conference on Dependable Systems and Networks, New York, 2000,6: 613-622P
[40]Gao Zhixin, Ong Chen Hui, Tan Woon Kiong, Survivability assessment:modelingdependenciesininformationsystems.4thInformation Survivability Workshop(2001/2002)
[41]Linger R, Hevner A, et al..Semantic foundations for survivable system analysis and design.Proceedings of the International Conference on Dependable Systems and Networks, Goteberg, Sweden, 2001,7
[42]Westmark R.A Definition for Information System Survivability.Proceeding of the 37th HawaiiInternational Conference on SystemSciences (HICSS'04).2004: 2086-2096页
[43]Knight J C, Sullivan K J.On the definition of survivability[EB/OL].http:// www .cs.virginia.edu/-jck/recentpapers.html, 2000.
[44]Park J, Chandramohan P.Static vs dynamic recovery models for survivable distributed systems.Proceedings of the 37th International Conference on System Sciences[C].Washington, USA, 2004.
[45]Koroma J, Li W.A generalized model for network survivability.Proceedings of the 2003 Conference on Diversity in Computing(TAPIA'03).Atlanta,Georgia, USA, 2003:47-51P
[46]赵国生,王慧强,王健.网络系统可生存性定量分析模型.计算机工程. 2008, 34(6): 41-42页,56页
[47]王健,王慧强,赵国生.基于模糊矩阵博弈的网络可生存性策略选择模型.武汉大学学报(理学版).2007, 53(5): 531-534页
[48]张永,方滨兴,包秀国.网络可生存性研究概述.计算机工程与应用.2005, 41(7): 119-121页,129页
[49]周俊杰,张桂戌.普适计算中网络可生存性及系统设计.计算机应用研究.2008, 25(1):246-248页
[50]王树鹏,云晓春,余翔湛.系统生存性增强技术研究.哈尔滨工业大学学报.2007, 39(3): 452-456页,461页
[51]O.Kreidl, T.Frazier.Feedback Control Applied to Survivability: a Host-based Autonomic Defense System.IEEE Trans.on Reliability.2004,53(1):148-56P
[52]Linger R C, et al.Requirements Definition for Survivable Network Systems.http://www.sei.cmu.edu/97icre.pdf, 1999
[53]Glover F.Tabu search-PartⅠ .ORSA Journal on Computing, 1989,1(3):190-206P
[54]Glover F.Tabu search-PartⅠ .ORSA Journal on Computing, 1990,2(1):4-32P
[55]Xu Jie-feng, Chiu S Y, Glover F.Optimizing a ring-based private line telecommunication network using Tabu search.Management Science,1990,45(3): 330-345P
[56]Zhang Hong-bin, Sun Guang-yu.The application of Tabu search on feature selection.Journal of Automation.1999,25 (4): 45 7-466P
[57]刘研,包秀国,张宏莉,张绍瑞.基于Tabu算法的分布式系统可生存性增强.计算机工程与应用.2005, 41(19): 128-131页
[58]Charles Bain, Donald Faatz, Amgad Fayad, Douglas Williams.Diversity as a Defense Strategy in Information Systems Does Evidence from Previous Events Support Such an A pproach.http://www.mitre.orglworkltech-papersltechpapers-Ollbain diversitylbain diversity.pdf
[59]Marco Casassa Mont, Adrian Baldwin, etc.Towards Diversity of COTS Software Applications: Reducing Risks of Widespread Faults and Atacks.http://www.hpl.hp.corn/research/tsl/extemal%20publicati ons/tech%20reports/HPL-2002-178.pdf
[60]Richard C.Linger.Systematic Generation of Stochastic Diversity as an Intrusion Barrierin Survivable Systems Software.
[61]R.A.Hetinga,JohnQuarterman.NetworkMonoculture-Diversity, Survivability, and the Profitablity ofInternet Commerce.http://www.xent.corn/pipermail/fork/2002-May/ 0115 73.htm
[62]Anotai Srikitja, et al.On Providing Survivable QoS Services in the Next Generation Internet.Supported in Part by NSF Grant NCR9506652 and DARPA under Agreement No.F30602-97-1-0257.
[63]Dynamic DNS.http://www.technopagan.org/dynamic/
[64]NorihikoYOSHIDA,Kazuo USHIJIMA,Toshihiko SHIMOKAWA.DNS-based Mechanism for Policy-added Server Selection.http://www.tenbin.org/publication/ ssgrr2000.pdf
[65]A.Cohen, S.Rangarajan, and H.Slye.On the performance of TCP splicing for URL-aware redirection.In Proc.USITS' 99, Oct.1999
[66]黄遵国,卢锡城,王怀民.可生存技术及其实现框架研究.国防科技大学学报,2002, 24(5): 29-32页
[67]包秀国.开放层次式系统的生存性增强技术研究.哈尔滨工业大学博士论文2005,1
[68]M.Joon, C.Joong.An Approach to Intrusion Tolerance for Mission-critical Services Using Adaptability and Diverse Replication.Future Generation Computer Systems.2004,(20)2 :303-313P
[69]L.Zhou, F.Schneider, R.Renesse.COCA: A Secure Distributed Online Certification Authority.ACM Trans.Comput.Syst.2002,20(4):329-368P
[70]荆继武,冯登国.一种入侵容忍的CA方案.软件学报 2002,13(8):1417-1422页
[71]S.Bryant, F.Wang.Aspects of Adaptive Reconfiguration in a Scalable Intrusion Tolerant System.Complexity.2003,(9)2:74-83P
[72]M.Merideth, F.Narasimhan.Proactive Containment of Malice in Survivable Distributed Systems.Proceedings of SAM'03,3-9P
[73]D.Fisher, H.Lipson.Emergent Algorithms: A New Method for Enhancing Survivability in Unbounded Systems.Proceedings of the HICSS-32,1999,7043-7053P
[74]林闯.随机Petri网和系统性能评价.清华大学出版社,1999
[75]LaPrie J-C, Kaaniche M, Kanoun K.Modeling computer systems evolutions: non-stationary processes and stochastic Petri nets-application to dependabilitygrowth,PetriNetsand PerformanceModels.1995,Proceedings of the Sixth International Workshop on 3-6 Oct.1995:221-230P
[76]D Chen, D Selvamuthu, D Chen, L Li, R R Some, A P Nikora, K Trivedi.Reliability and Availability Analysis for the JPL Remote Exploration and Experimentation System.Proceedings of the International Conference Dependable Systems and Networks.2002.337-344P
[77]R A Sahner, K S Trivedi, A Puliafito.Performance and Reliability Analysis of Computer Systems: An Example-Based Approach Using the SHARPE Software Package.Kluwer Academic Publishers, 1996
[78]林闯,王元卓,杨扬,曲杨.基于随机Petri网的网络可信赖性分析方法.电子学报.2006, 34(2):322-332页
[79]S Yamada, S Osaki.Software reliability growth modeling: models and assumptions.IEEE Trans on Software Engineering, SE-I1,1985.1431-143 7P
[80]黄遵国,卢锡城,胡华平.生存能力技术及其实现案例研究.通信学报.2004, 25(7):137-145页
[81]MADAN B, GOSEVA PK, VAIDYANATHAN K,et al.A method for modeling and quantifying the security attributes of intrusion tolerant systems.Performance Evaluation, 2004,56(1-4):167-186P
[82]赵国生,王慧强,李明军.可生存性网络的形式化建模与分析方法.通信学报.2006, 27(zl): 48-52页
[83]王新喆,许榕生.基于漏洞扫描技术的生存性分析系统的设计.计算机工程与应用.2008, 44(12): 107-110页
[84]Howard John D.,Longstaff Thomas A .A Common Language for Computer Security Incidents.Technical Report SAND98-8667, Sandia National Laboratories.1998
[85]Hansman Simon, Hunt Ray.A Taxonomy of Network and Computer Attacks.Computers&Security.2004
[86]刘欣然.网络攻击分类技术综述.通信学报.2004, 25(7):30 -36页
[87]Kim HyungJong.Vulnerability Assessment Simulation for Information Infrastructure Protection.In: International Conference on Infrastructure Security (InfraSec2002).2002 October 1-3,2002; Bristol, UK: Sp ringer;2002, 145-161P
[88]单国栋,戴英侠,王行.计算机漏洞分类研究.计算机工程.2002,28(10):3-6页
[89]Bishop Matt, Bailey David.A Critical Analysis of Vulnerability Taxonomies.Technical Report CSE-96-11,Department of Computer Science, University ofCalifornia at Davis.1996.http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-1 1.pdf
[90]张涛,胡铭曾.计算机网络安全性分析建模研究.通信学报.2005,26(12):100-109页
[91]Nessus, http://www.nessus.org/, 2005
[92]NMAP, http://www.insecure.org/nmap/index.html, 2005
[93]Graphviz, http://www.graphviz.org/pub/graphviz/ARCHIVE/graphviz-1 .12-1.i386.rpm, 2005
[94]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究.通信学报,2004, 25(7): 107-114页
[95]T.Zhang, M.Z.Hu, An Effective Method to Generate Attack Graph.Proceedings of the Fourth International Conference on Machine Learning and Cybernetics (ICMLC'05).2005: 3926-3931P
[96]孙亮,李东,张涛网络攻击图的自动生成.计算机应用研究.2006,23(3):119-122页
[97]Molisz W.Survivability Function-A Measure of Disaster-based Routing Performance.IEEE Journal on Selected Areas in Communications, 2004,22(9): 1876-1883P
[98]Kerivin H, Nace D, Pham T T L.Design of Capacitated Survivable Networks with a Single Facility.IEEE/ACM Transactions on Networking,2005, 13 (2): 248-161P
[99]汪立东.操作系统安全评估和审计增强.哈尔滨:哈尔滨工业大学,2002.
[100]Grover W.D..Self-organizing Broadband Transport Networks.Proceedings of IEEE, Special Issue on Communications in the 21st Century.1997, 85(10)1582-1611P
[101]P.Liu, P Ammann.S.Jajodia.Rewriting Histories: Recovering From Malicious Transactions.Distributed and Parallel Databases.2000, (8)1:7-40P
[102]C.Gershenson,F.Heylighen.WhenCanWeCallaSystem Self-organizing? LNAI 2801.2003: 606-614P
[103]W.Grover.Self-organizing broadband transport networks.Proceedings of IEEE, Special issue on Communications in the 21st Century, 1997, 85(10):1582-1611P
[104]李之棠,舒承椿.基于信息冗余分散的两种系统可存活性模型.计算机研究与发展.2002, (39)7:769-774页
[105]LEWIS E E.Introduction to Reliability Engineering [M].John Wiley & Sons.1987
[106]同济大学概率统计教研组.概率统计(第二版).同济大学出版社,2005,05: 161-167页
[107]赵国生,王慧强,王健.一种基于自主配置的网络可生存性增强算法.武汉大学学报,2006, 52(5): 582-586页
[108]Zhao Guosheng, Wang Huiqiang, Wang Jian.Emergency algorithm for enhanced survivability of key service.Journal of Southeast University (English Edition).2007, 23(3): 443-446P
[109]Florin Sultan, Kiran Srinivasan, etc.Migratory TCP: Connection Migration for Service Continuity in the Internet.Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS'02).2002,2:469-470P
[110]Kiran, Srinivasan.MTCP: Transport Layer Support for Highly Available Network Services.New Brunswick, New Jersey.October, 2001
[111]汪黎,王正华,章文嵩.TCPHA:一个新型的高性能基于内容调度系统.计算机工程.2006, 32(1):151-153页
[2] Hollway BA, Neumann PG. Survivable computer-communication systems: The problem and working group recommendations. Washington: US Army Research Laboratory, 1993
[3] Nancy R Mead, Robert J Ellison, Richard C Linger et al. Survivable Network Analysis Method. http://www.cert.org/archive/pdf/00tr013.pdf
[4] R J Ellison, D A Fisher, R C Linger et al. An Approach to Survivable Systems. In: the NATO IST Symposium on Protecting Information Systems in the 21 st Century, Washington, DC, 1999, 10
[5] Richard C Linger, Howard F Lipson, John McHugh et al. Life-Cycle Models for Survivable Systems. Sledge TECHNICAL REPORT CMU/SEI-2002-TR-026ESC-TR -2002-026. 2002, 10
[6] J.E llison, A .Fisher, C .Lingeret al . Survivable Network Systems: an Emerging Discipline. Technical Report CMU/SEI-97-TR-013, Carnegie Mellon University, 1997. Available online at http://www.sei .cmu. edu/publications/
[7] A. Julia, S. Carol. Information Survivability: Required Shifts in Perspective. The Journal of Defense Software Engineering. 2002:7-9P
[8] A. Krings, W Harrison. Scheduling Issues in Survivability Applications Using Hybrid Fault Models. Parallel Processing Letters.2004, (14)1: 5P, 22P
[9] K. John, E. Strunk, K. Sullivan. Towards a Rigorous Definition of Information System Survivability. Proceedings of the DISCEX'03, 2003,(l):78-89P
[10]Moitra Soumyo D., Oki Eiji, Yamanaka Naoaki.Some New Survivability Measure for Network Analysis and Design.IEICE Transactions on Communications.1997, E80-B(4): 625-631 P
[11]T1A 1.2 Working Group.(Accessed athttp://www.tl.ort/tlal/al2-hom.htm.)[12]CCERT.(Accessed at http://www.ccert.edu.cn/.)
[13]王东霞,窦文华.保证关键服务生存性的ATM网络资源管理.计算机研究与发展.2000, 37 (1):50 -54页
[14]史国炜,曹烈光.SDH接入网的网络生存性研究.清华大学学报自然科学版.2003, 43 (9):1269-2171页
[15]Westmark V R.A Definition for Information System Survivability.Proceedings of the37HawaiiInternalConferenceonSystem Sciences(HICSS'04), Track 9,2004
[16]Knight J C,Strunk E A, Sullivan K J.Towards a Rigorous Definition of Information System Survivability.In: Proceedings of DARPA Information Survivability Conference and Exposition, 2003, 1:78-89P
[17]IEEE Std 1061-1992.IEEE Standard for a Software Quality Metrics Methodology.1992
[18]林雪纲,许榕生,熊华等.一种信息系统生存性的量化分析框架.电子与信息学报.2006, 28(9): 1721-1726页
[19]林雪纲,熊华,叶进星等.信息系统生存性分析研究综述.计算机工程.2006, 5(32):1-3页.
[20]D.Medhi.A Unified Approach to Network Survivability for Teletraffic Network s: Models, Algorithms and Analysis.Communications, IEEE Trans.1994,(42)234:534- 548P
[21]C.Liew, W Lu.A Framework for Characterizing Disaster-based Network Survivability].SelectedAreasinCommunications,IEEEJournal,1994,(12)1:52-58P
[22]C.Hakki, S.Cankaya.Improved Survivability Analysis for SONET SHRs.Computer Networks.1999,31(23-24):2505-2528P
[23]Moitra Soumyo D.,Konda Suresh L.A Simulation Model for Managing Survivability of Networked InformationSystems.TechnicalReport CMUISEI-2000-TR-020.2000
[24]S.Jha, J.Wing, R Linger Survivability Analysis of Network Specifications.International Conference on Dependable Systems and Networks (DSN 2000)June 2000
[25]Somesh Jha Jeannette M.Wing Survivability Analysis of Networked Systems.Proceedings of the 23rd International Conference on Software Engineering (ICSE'01).Toronto, Canada,2001.307-317P
[26]Ellison Robert J., Linger Richard C., Longstaf Thomas A., A.Case Study in Survivable NetworkSystem Analysis.TechnicalReport,CMU/SEI-98-TR-014, Carnegie Mellon University.1998
[27]Ellison Robert J., Li nger Richard C., Longstaf Thomas.A Survivable Network System Analysis: A Case Study.IEEE Software.1999,16(4):70-77P
[28]Taylor, Krings, Alves-Foss.Risk Analysis and Probabilistic Survivability Assessment (RAPSA): An Assessment Approach for Power Substation Hardening.ACM Workshop of Scientific Aspects of Cyber Terrorism.November 2002
[29]高献伟,林雪纲,许榕生.生存性分析方法中的3R量化分析.计算机仿真.2004, 21(11): 125-128页,216页
[30]郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报.2002, 30(10): 1190-1193页
[31]Gao, Zhixing, et al.Survivability Assessment Modeling Dependencies in Information Systems.IS W2001-2002
[32]包秀国,胡铭曾.两种网络安全管理系统的生存性定量分析方法.通信学报.2004, 25(9): 34-41页
[33]陈家庆,刘俊,张大方.基于数据流的网络安全系统生存性评估研究.计算机工程与应用.2008, 44(2): 140-143页
[34]吴文光,黄遵国,陈海涛.基于状态转换的信息服务系统可生存性评估方法.计算机工程与科学.2007, 29(2): 112-115页
[35]McDermott J..Attack-Potential-BasedSurvivabilityModelingfor High-Consequence Systems.In: Proceedings of the 3rd IEEE International Workshop on Information Assurance (IW IA'05), Callege Park.Maryland.USA, 2005, 119-130P
[36]王前,谢寿生,陈性元,唐慧林.网络系统生存性分析研究.计算机应用研究.2007, 24(11): 111-113页
[37]杜君,蒋卫华,李伟华.基于可生存性的系统安全评估方法.计算机工程.2007, 33(3): 167-168页,171页
[38]林雪纲,许榕生.信息系统生存性分析模型研究.通信学报.2006,27(2):153-159页
[39]Jha S, Wing J, Linger R, Longstaff T.Survivability analysis of network specifications.Proceeding of International Conference on Dependable Systems and Networks, New York, 2000,6: 613-622P
[40]Gao Zhixin, Ong Chen Hui, Tan Woon Kiong, Survivability assessment:modelingdependenciesininformationsystems.4thInformation Survivability Workshop(2001/2002)
[41]Linger R, Hevner A, et al..Semantic foundations for survivable system analysis and design.Proceedings of the International Conference on Dependable Systems and Networks, Goteberg, Sweden, 2001,7
[42]Westmark R.A Definition for Information System Survivability.Proceeding of the 37th HawaiiInternational Conference on SystemSciences (HICSS'04).2004: 2086-2096页
[43]Knight J C, Sullivan K J.On the definition of survivability[EB/OL].http:// www .cs.virginia.edu/-jck/recentpapers.html, 2000.
[44]Park J, Chandramohan P.Static vs dynamic recovery models for survivable distributed systems.Proceedings of the 37th International Conference on System Sciences[C].Washington, USA, 2004.
[45]Koroma J, Li W.A generalized model for network survivability.Proceedings of the 2003 Conference on Diversity in Computing(TAPIA'03).Atlanta,Georgia, USA, 2003:47-51P
[46]赵国生,王慧强,王健.网络系统可生存性定量分析模型.计算机工程. 2008, 34(6): 41-42页,56页
[47]王健,王慧强,赵国生.基于模糊矩阵博弈的网络可生存性策略选择模型.武汉大学学报(理学版).2007, 53(5): 531-534页
[48]张永,方滨兴,包秀国.网络可生存性研究概述.计算机工程与应用.2005, 41(7): 119-121页,129页
[49]周俊杰,张桂戌.普适计算中网络可生存性及系统设计.计算机应用研究.2008, 25(1):246-248页
[50]王树鹏,云晓春,余翔湛.系统生存性增强技术研究.哈尔滨工业大学学报.2007, 39(3): 452-456页,461页
[51]O.Kreidl, T.Frazier.Feedback Control Applied to Survivability: a Host-based Autonomic Defense System.IEEE Trans.on Reliability.2004,53(1):148-56P
[52]Linger R C, et al.Requirements Definition for Survivable Network Systems.http://www.sei.cmu.edu/97icre.pdf, 1999
[53]Glover F.Tabu search-PartⅠ .ORSA Journal on Computing, 1989,1(3):190-206P
[54]Glover F.Tabu search-PartⅠ .ORSA Journal on Computing, 1990,2(1):4-32P
[55]Xu Jie-feng, Chiu S Y, Glover F.Optimizing a ring-based private line telecommunication network using Tabu search.Management Science,1990,45(3): 330-345P
[56]Zhang Hong-bin, Sun Guang-yu.The application of Tabu search on feature selection.Journal of Automation.1999,25 (4): 45 7-466P
[57]刘研,包秀国,张宏莉,张绍瑞.基于Tabu算法的分布式系统可生存性增强.计算机工程与应用.2005, 41(19): 128-131页
[58]Charles Bain, Donald Faatz, Amgad Fayad, Douglas Williams.Diversity as a Defense Strategy in Information Systems Does Evidence from Previous Events Support Such an A pproach.http://www.mitre.orglworkltech-papersltechpapers-Ollbain diversitylbain diversity.pdf
[59]Marco Casassa Mont, Adrian Baldwin, etc.Towards Diversity of COTS Software Applications: Reducing Risks of Widespread Faults and Atacks.http://www.hpl.hp.corn/research/tsl/extemal%20publicati ons/tech%20reports/HPL-2002-178.pdf
[60]Richard C.Linger.Systematic Generation of Stochastic Diversity as an Intrusion Barrierin Survivable Systems Software.
[61]R.A.Hetinga,JohnQuarterman.NetworkMonoculture-Diversity, Survivability, and the Profitablity ofInternet Commerce.http://www.xent.corn/pipermail/fork/2002-May/ 0115 73.htm
[62]Anotai Srikitja, et al.On Providing Survivable QoS Services in the Next Generation Internet.Supported in Part by NSF Grant NCR9506652 and DARPA under Agreement No.F30602-97-1-0257.
[63]Dynamic DNS.http://www.technopagan.org/dynamic/
[64]NorihikoYOSHIDA,Kazuo USHIJIMA,Toshihiko SHIMOKAWA.DNS-based Mechanism for Policy-added Server Selection.http://www.tenbin.org/publication/ ssgrr2000.pdf
[65]A.Cohen, S.Rangarajan, and H.Slye.On the performance of TCP splicing for URL-aware redirection.In Proc.USITS' 99, Oct.1999
[66]黄遵国,卢锡城,王怀民.可生存技术及其实现框架研究.国防科技大学学报,2002, 24(5): 29-32页
[67]包秀国.开放层次式系统的生存性增强技术研究.哈尔滨工业大学博士论文2005,1
[68]M.Joon, C.Joong.An Approach to Intrusion Tolerance for Mission-critical Services Using Adaptability and Diverse Replication.Future Generation Computer Systems.2004,(20)2 :303-313P
[69]L.Zhou, F.Schneider, R.Renesse.COCA: A Secure Distributed Online Certification Authority.ACM Trans.Comput.Syst.2002,20(4):329-368P
[70]荆继武,冯登国.一种入侵容忍的CA方案.软件学报 2002,13(8):1417-1422页
[71]S.Bryant, F.Wang.Aspects of Adaptive Reconfiguration in a Scalable Intrusion Tolerant System.Complexity.2003,(9)2:74-83P
[72]M.Merideth, F.Narasimhan.Proactive Containment of Malice in Survivable Distributed Systems.Proceedings of SAM'03,3-9P
[73]D.Fisher, H.Lipson.Emergent Algorithms: A New Method for Enhancing Survivability in Unbounded Systems.Proceedings of the HICSS-32,1999,7043-7053P
[74]林闯.随机Petri网和系统性能评价.清华大学出版社,1999
[75]LaPrie J-C, Kaaniche M, Kanoun K.Modeling computer systems evolutions: non-stationary processes and stochastic Petri nets-application to dependabilitygrowth,PetriNetsand PerformanceModels.1995,Proceedings of the Sixth International Workshop on 3-6 Oct.1995:221-230P
[76]D Chen, D Selvamuthu, D Chen, L Li, R R Some, A P Nikora, K Trivedi.Reliability and Availability Analysis for the JPL Remote Exploration and Experimentation System.Proceedings of the International Conference Dependable Systems and Networks.2002.337-344P
[77]R A Sahner, K S Trivedi, A Puliafito.Performance and Reliability Analysis of Computer Systems: An Example-Based Approach Using the SHARPE Software Package.Kluwer Academic Publishers, 1996
[78]林闯,王元卓,杨扬,曲杨.基于随机Petri网的网络可信赖性分析方法.电子学报.2006, 34(2):322-332页
[79]S Yamada, S Osaki.Software reliability growth modeling: models and assumptions.IEEE Trans on Software Engineering, SE-I1,1985.1431-143 7P
[80]黄遵国,卢锡城,胡华平.生存能力技术及其实现案例研究.通信学报.2004, 25(7):137-145页
[81]MADAN B, GOSEVA PK, VAIDYANATHAN K,et al.A method for modeling and quantifying the security attributes of intrusion tolerant systems.Performance Evaluation, 2004,56(1-4):167-186P
[82]赵国生,王慧强,李明军.可生存性网络的形式化建模与分析方法.通信学报.2006, 27(zl): 48-52页
[83]王新喆,许榕生.基于漏洞扫描技术的生存性分析系统的设计.计算机工程与应用.2008, 44(12): 107-110页
[84]Howard John D.,Longstaff Thomas A .A Common Language for Computer Security Incidents.Technical Report SAND98-8667, Sandia National Laboratories.1998
[85]Hansman Simon, Hunt Ray.A Taxonomy of Network and Computer Attacks.Computers&Security.2004
[86]刘欣然.网络攻击分类技术综述.通信学报.2004, 25(7):30 -36页
[87]Kim HyungJong.Vulnerability Assessment Simulation for Information Infrastructure Protection.In: International Conference on Infrastructure Security (InfraSec2002).2002 October 1-3,2002; Bristol, UK: Sp ringer;2002, 145-161P
[88]单国栋,戴英侠,王行.计算机漏洞分类研究.计算机工程.2002,28(10):3-6页
[89]Bishop Matt, Bailey David.A Critical Analysis of Vulnerability Taxonomies.Technical Report CSE-96-11,Department of Computer Science, University ofCalifornia at Davis.1996.http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-1 1.pdf
[90]张涛,胡铭曾.计算机网络安全性分析建模研究.通信学报.2005,26(12):100-109页
[91]Nessus, http://www.nessus.org/, 2005
[92]NMAP, http://www.insecure.org/nmap/index.html, 2005
[93]Graphviz, http://www.graphviz.org/pub/graphviz/ARCHIVE/graphviz-1 .12-1.i386.rpm, 2005
[94]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究.通信学报,2004, 25(7): 107-114页
[95]T.Zhang, M.Z.Hu, An Effective Method to Generate Attack Graph.Proceedings of the Fourth International Conference on Machine Learning and Cybernetics (ICMLC'05).2005: 3926-3931P
[96]孙亮,李东,张涛网络攻击图的自动生成.计算机应用研究.2006,23(3):119-122页
[97]Molisz W.Survivability Function-A Measure of Disaster-based Routing Performance.IEEE Journal on Selected Areas in Communications, 2004,22(9): 1876-1883P
[98]Kerivin H, Nace D, Pham T T L.Design of Capacitated Survivable Networks with a Single Facility.IEEE/ACM Transactions on Networking,2005, 13 (2): 248-161P
[99]汪立东.操作系统安全评估和审计增强.哈尔滨:哈尔滨工业大学,2002.
[100]Grover W.D..Self-organizing Broadband Transport Networks.Proceedings of IEEE, Special Issue on Communications in the 21st Century.1997, 85(10)1582-1611P
[101]P.Liu, P Ammann.S.Jajodia.Rewriting Histories: Recovering From Malicious Transactions.Distributed and Parallel Databases.2000, (8)1:7-40P
[102]C.Gershenson,F.Heylighen.WhenCanWeCallaSystem Self-organizing? LNAI 2801.2003: 606-614P
[103]W.Grover.Self-organizing broadband transport networks.Proceedings of IEEE, Special issue on Communications in the 21st Century, 1997, 85(10):1582-1611P
[104]李之棠,舒承椿.基于信息冗余分散的两种系统可存活性模型.计算机研究与发展.2002, (39)7:769-774页
[105]LEWIS E E.Introduction to Reliability Engineering [M].John Wiley & Sons.1987
[106]同济大学概率统计教研组.概率统计(第二版).同济大学出版社,2005,05: 161-167页
[107]赵国生,王慧强,王健.一种基于自主配置的网络可生存性增强算法.武汉大学学报,2006, 52(5): 582-586页
[108]Zhao Guosheng, Wang Huiqiang, Wang Jian.Emergency algorithm for enhanced survivability of key service.Journal of Southeast University (English Edition).2007, 23(3): 443-446P
[109]Florin Sultan, Kiran Srinivasan, etc.Migratory TCP: Connection Migration for Service Continuity in the Internet.Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS'02).2002,2:469-470P
[110]Kiran, Srinivasan.MTCP: Transport Layer Support for Highly Available Network Services.New Brunswick, New Jersey.October, 2001
[111]汪黎,王正华,章文嵩.TCPHA:一个新型的高性能基于内容调度系统.计算机工程.2006, 32(1):151-153页