期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向主体脆弱性的权限控制安全分析模型 被引量:1

Privilege Control Security Analysis Model Oriented to Subject Vulnerability
下载PDF
导出
摘要 在网络攻击过程中脆弱性存在于节点的部件主体上,针对该问题,将攻击描述细化到网络部件级,在原权限控制模型中增加对部件间权限、连接关系、属性的描述及脆弱性重写规则,构造NCVTG模型,提出复杂度为多项式时间的NCVTG模型图权限转移闭包生成算法用以评估网络的动态变化,给出当前脆弱性状态下的所有攻击路径。实验结果证明,该模型可对网络安全性进行综合分析,预测所有可能的攻击。 Because vulnerabilities exist in the components of the network nodes during attacking, this paper proposes Network Component Vulnerability Take-Grant(NCVTG) model to describe the network attack on the network components level. The model adds the precise description for the privilege, connection relation and attributes among the network components, and adds the vulnerabilities rewriting rules. A graph privilege transitive closure generation algorithm whose time complexity is polynomial time for NCVTG model is proposed. The algorithm can make dynamic security analysis when the network is changing, and give all attack paths in present vulnerability states. Experimental results prove that the model can make a comprehensive analysis on network security and predict all possible attacks.
作者 黄光球 李艳
机构地区 西安建筑科技大学管理学院
出处 《计算机工程》 CAS CSCD 北大核心 2010年第11期148-151,共4页 Computer Engineering
关键词 网络安全分析模型 攻击图 权限获取-授予模型 重写规则 network security analysis model attack graph privilege Take-Grant model rewriting rule
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956. 被引量:92
  • 2Jones A, Lipton R, Snyder L. A Linear Time Algorithm for Deciding Security[C]//Proc. of the 17th Annual Symp. on Foundations of Computer Science. [S. l.]: ACM Press, 1976.
  • 3Shahriari H R, Jalili R. Vulnerability Take-Grant(VTG): An Efficient Approach to Analyze Network Vulnerabilities[J]. Computer & Security, 2007, 43(6): 249-360.
  • 4张永铮,方滨兴,迟悦,云晓春.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240. 被引量:52
  • 5Ritchey R W, Ammann P. Using Model Checking to Analyze Network Vulnerabilities[C]//Proc. of IEEE Symposium on Security and Privacy. Oakland, USA: [s. n.], 2001.
  • 6Jha S, Sheyner O, Wing J M. Two Formal Analyses of Attack Graphs[C]//Proc. of CSFW'02. Nova Scotia, Canada: [s. n.], 2002, 49-63.

二级参考文献64

  • 1林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量:253
  • 2Qu G.,Jayaprakash,Ramkishore M.,Hariri S.,Raghavendra C.S.A framework for network vulnerability analysis.In:Proceedings of the 1st IASTED International Conference on Communications,Internet,Information Technology (CⅡT2002),St.Thomas,Virgin Islands,USA,2002,289~298
  • 3Moore A.P.,Ellison R.J.,Linger R.C.Attack modeling for information security and survivability.Carnegie Mellon Univer sity:Technical Note CMV/SEI-2001-TH-001,2001
  • 4Jonsson E.,Olovsson T.A quantitative model of the security intrusion process based on attacker behavior.IEEE Transactions on Software Engineering,1997,23(4):235~245
  • 5Mahimkar A.,Shmatikov V.Game-based analysis of Denial-of-service prevention protocols.In:Proceedings of the IEEE Computer Security Foundations Workshop(CSFW05),Aix-en-Provence,France,2005,287~301
  • 6Xia Zheng-You,Zhang Shi-Yong.A kind of network security behavior model based on game theory.In:Proceedings of the 4th International Conference on Parallel and Distributed Computing,Applications and Technologies,PDCAT,Chengdu,China,2003,950~954
  • 7Avizenis A.,Laprie J.,Randell B.Fundamental concepts of dependability.In:Proceedings of the 3rd Information Survivability Workshop,Boston,MA,2000,7~12
  • 8Goseva-Postojanova K.,Wang F.,Wang R.,Gong F.,Vaidyanathan K.,Trivedi K.S.,Muthusamy B.Characterizing intrusion tolerant systems using a state transition model.In:Proceedings of DARPA DISCEX Ⅱ Conference,2001,Ⅱ(2):211~221
  • 9Schneier B.Secrets and Lies:Digital Security in a Networked World.New York:John Wiley & Sons,2000
  • 10Dacier M.Towards quantitative evaluation of computer secur ity[Ph.D.dissertation].Institut National Polytechnique de Toulouse,France,1994

共引文献142

同被引文献5

  • 1Swiler L P,Phillips C,Gaylor T.A Graph-based Network Vulnerability Analysis System[R].Sandia National Laboratories,Tech.Rep.:SAND97-3010/1.UC-705,1997.
  • 2Mcdrmott J.Attack Net Penetration Testing[C] //Proc.of 2000 New Security Parading Workshop.[S.l.] :IEEE Press,2000:5-22.
  • 3Noel S,Jacobs M,Kalapa P Multiple Coordinated Views for Network Attack Graphs[C] //Proc.of Workshop on Visualization for Computer Security.Minneapolis,USA:[s.n] ,2005:99-106.
  • 4胡运权,郭耀煌.运筹学教程[M].北京:清华大学出版社,2001.178-218.
  • 5王航,高强,莫毓昌.基于攻击图和安全度量的网络脆弱性评价[J].计算机工程,2010,36(3):128-130. 被引量:11

引证文献1

二级引证文献3

计算机工程
2010年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部