A model-based aspect-oriented framework for building intrusion-aware software systems

Security is a critical issue for software systems, especially for those systems which are connected to networks and the Internet, since most of them suffer from various malicious attacks. Intrusion detection is an approach to protect software against such attacks. However, security vulnerabilities that are exploited by intruders cut across multiple modules in software systems and are difficult to address and monitor. These kinds of concerns, called cross-cutting concerns, can be handled by aspect-oriented software development (AOSD) for better modularization. A number of works have utilized AOSD to address security issues of software systems, but none of them has employed AOSD for intrusion detection. In this paper, we propose a model-based aspect-oriented framework for building intrusion-aware software systems. We model attack scenarios and intrusion detection aspects using an aspect-oriented Unified Modeling Language (UML) profile. Based on the UML model, the intrusion detection aspects are implemented and woven into the target system. The resulting target system has the ability to detect the intrusions automatically. We present an experimental evaluation by applying this framework for some of the most common attacks included in the Web Application Security Consortium (WASC) web security threat classification. The experimental results demonstrate that the framework is effective in specifying and implementing intrusion detection and can be applied for a wide range of attacks.     

基于复杂网络的车载自组织网络抗毁性分析

针对车载自组织网络（VANET）的抗毁性问题,分析了其在随意攻击和蓄意攻击下网络的抗毁性特征。首先,提出以最大连通度、连通分支平均规模、临界点移除比例及网络效率为评价指标的VANET拓扑抗毁性参数;然后,基于带有车辆换道功能的智能驾驶员模型,应用VanetMobisim仿真软件建立VANET;最后,通过仿真实验分析了网络节点数、通信半径以及攻击模式对VANET抗毁性的影响。实验结果表明由于车辆节点度分布的不均匀性,VANET对随意攻击具有较强的抗毁性,而在蓄意攻击下显得比较脆弱;基于节点介数的蓄意攻击对网络的破坏更快、更强。这些规律为优化VANET拓扑控制、网络协议开发和网络管理提供新的指导。     

轻量级分组密码算法DoT的模板攻击

模板攻击是一种重要的侧信道分析方法,其在实际密码算法破译中具有较强的区分能力。轻量级分组密码算法DoT在硬件和软件实现中都表现出优秀的性能,尽管目前针对DoT算法的传统数学攻击已经取得了一定效果,但是该算法在具体实现中是否足以抵御侧信道攻击仍有待研究。基于DoT算法结构及其S盒特点,提出一种针对DoT算法的模板攻击方法。基于汉明重量模型来刻画加密算法运行时的能耗特征,将S盒输出值的具体分布作为中间状态值构造区分器,从而进行密钥恢复。测试结果表明,该模板攻击仅需6组明文就可恢复出8 bit密钥信息,DoT密码算法在该模板攻击下具有脆弱性。     

一种基于软硬件协同的程序安全关键数据动态保护机制

针对内存和片外总线可能遭受的物理攻击,为保护内存数据安全,提出了一种基于软硬件协同的程序安全关键数据动态保护机制,提取用户定义的安全关键数据放置于安全区域,并且采用动态完整性验证的方式来判断其是否遭到篡改。与传统的程序内存数据保护机制相比,该机制具备能够预防基于硬件及软件的攻击、节约片上和片外存储空间、完整性运算量小、安全效能高等优点。     

Midi数字水印算法

借鉴软件水印的方法,采用类似软件水印中的动态图水印,以水印控制由指令组成的完全二叉树的结构,二叉树前序遍历的结果经过置乱操作就是嵌入水印之后的Midi数据。水印提取完全实现了盲检测,既不需要原始音乐片段,也不需要原始水印。算法具有理想的透明性,对被动攻击具有一定的鲁棒性,对滤波、加噪等主动攻击具有很好的鲁棒性。     

基于ROP/JOP gadgets性质的软件多样化评估方法

为应对信息化生活中的网络攻击及威胁,降低网络系统中同质化攻击快速蔓延的风险,增强网络和软件的安全性,软件多样化技术被应用到系统中。软件多样化旨在生成功能等价但内部发生变化的程序变体,从而改变单一的运行环境,缓解同质化攻击。现有的多样化技术的评估指标 ROP（return-oriented programming）gadgets 幸存率难以直接体现安全性影响且评估方法单一,为了更加全面有效地评估软件多样化方法的有效性,提出基于ROP/JOP（jump-oriented programming）gadgets性质的软件多样化评估方法,通过分析常见的代码重用攻击,将抽象的量化转为具象的指标,从空间、时间及质量3个方面评估多样化方法的安全增益及效果。该方法根据gadgets的相似性、损坏度和可用性3个性质探讨软件多样化技术如何影响ROP/JOP攻击。用指令替换、NOP插入、控制流平坦等9种多样化方法对GNU coreutils程序集进行多样化编译生成多样化程序集。对多样化程序集进行基于 gadgets 性质的实验,根据实验结果评估不同多样化方法的有效性及对攻击造成的影响。实验结果表明,该方法能够对软件多样化方法的安全增益进行准确评估,多样化技术会导致 ROP/JOP 攻击所需的攻击链空间增大,构造攻击链的时间变长且攻击成功率降低。不同的多样化方法产生的效果高低不一,对后续研究具有更高安全增益的多样化技术有指导作用。     

关于加强计算机网络安全的几点思考

随着计算机网络的不断发展,全球信息化已成为人类发展的大趋势。但由于计算机网络具有联结形式多样性、终端分布不均匀性和网络的开放性、互连性等特征,致使网络易受黑客、怪客、恶意软件和其他不轨的攻击,所以网上信息的安全和保密是一个至关重要的问题。     

基于代理技术的LD-IDS任务分派机制研究

代理和移动代理具有自治性、智能性、移动性等特点,可相对独立地完成一项任务。将代理技术应用于大规模分布式入侵检测系统的实现中,提出了可应用于LDIDS的任务分派机制,该机制实现对移动代理的使用和管理。给出了机制模型,描述了任务分派机制的具体步骤,并对实现该机制过程中所涉及的关键技术进行了讨论。     

Analysis of brute-force break-ins of a palmprint authentication system.

Biometric authentication systems are widely applied because they offer inherent advantages over classical knowledge-based and token-based personal-identification approaches. This has led to the development of products using palmprints as biometric traits and their use in several real applications. However, as biometric systems are vulnerable to replay, database, and brute-force attacks, such potential attacks must be analyzed before biometric systems are massively deployed in security systems. This correspondence proposes a projected multinomial distribution for studying the probability of successfully using brute-force attacks to break into a palmprint system. To validate the proposed model, we have conducted a simulation. Its results demonstrate that the proposed model can accurately estimate the probability. The proposed model indicates that it is computationally infeasible to break into the palmprint system using brute-force attacks.     

Architectural Risk Analysis of Software Systems Based on Security Patterns

The importance of software security has been profound, since most attacks to software systems are based on vulnerabilities caused by poorly designed and developed software. Furthermore, the enforcement of security in software systems at the design phase can reduce the high cost and effort associated with the introduction of security during implementation. For this purpose, security patterns that offer security at the architectural level have been proposed in analogy to the well known design patterns. The main goal of this paper is to perform risk analysis of software systems based on the security patterns they contain. The first step is to determine to what extent specific security patterns shield from known attacks. This information is fed to a mathematical model based on fuzzy set theory and fuzzy fault trees in order to compute the risk for each category of attacks. The whole process has been automated using a methodology that extracts the risk of a software system by reading the class diagram of the system under study.     

一种新的反SQL注入策略的研究与实现

SQL注入是一种常用的且易于实施的攻击手段,对网络应用程序的安全构成严重威胁。本文提出并实现了一种新的反SQL注入策略:SQL语法预分析策略。该策略首先将SQL注入分类,并抽象出各类注入的语法结构;然后将用户输入预先组装成完整的SQL语句,对该语句进行语法分析,如果发现具有SQL注入特征的语法结构,则判定为SQL注入攻击。策略的实现不需要修改已有的应用程序代码,也不需要修改任何服务器平台软件。实验表明,新的策略具有极好的SQL注入识别能力,并成功地避免了传统的特征字符串匹配策略固有的高识别率和低误判率之间的矛盾。     

一种基于防篡改的基数编码水印图

在研究基数K编码动态图软件水印的基础上,针对其对多种形式的攻击表现抗攻击力弱的特点,提出了一种旨在提高抗攻击的防篡改方案.在考虑编码效率的前提下,引入对程序中的常量进行编码,并使得常量编码依赖于软件水印的编码结构.当攻击者在篡改软件水印结构以后,提取常量时将得不到正确的值,引起程序执行失败.从而能够有效地保护嵌入在程序中的软件水印信息.     

一种防御DDoS攻击的软件定义安全网络机制

软件定义网络的出现为防御DDoS攻击提供了新的思路.首先,从网络体系结构角度建模分析了DDoS攻击所需的3个必要条件：连通性、隐蔽性与攻击性;然后,从破坏或限制这些必要条件的角度出发,提出了一种能够对抗DDoS攻击的软件定义安全网络机制SDSNM（software defined security networking mechanism）.该机制主要在边缘SDN网络实现,同时继承了核心IP网络体系架构,具有增量部署特性.利用云计算与Chord技术设计实现了原型系统,基于原型系统的测量结果表明,SDSNM具有很好的扩展性和可用性.     

Improving security using extensible lightweight static analysis

Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities)     

创建软件定义网络中的进程级纵深防御体系结构

云计算因其资源的弹性和可拓展性,在为用户提供各项服务时,相对于传统方式占据了先机。在用户考虑是否转向云计算时,一个极其重要的安全风险是：攻击者可以通过共享的云资源对云用户发起针对虚拟机的高效攻击。虚拟机作为云服务的基本资源,攻击者在攻击或者租用了某虚拟机之后,通过在其中部署恶意软件,并针对云内其他虚拟机发起更大范围的攻击行为,如分布式拒绝服务型攻击。为防止此种情况的发生,提出基于软件定义网络的纵深防御系统,以及时检测可疑虚拟机并控制其发出的流量,抑制来自该虚拟机的攻击行为并减轻因攻击所受到的影响。该系统以完全无代理的非侵入方式检测虚拟机状态,且基于软件定义网络,对同主机内虚拟机间或云主机间的网络流量进行进程级的监控。实验结果表明了该系统的有效性。     

基于访问控制的动态着色技术在攻击检测中的研究

内存腐烂攻击在软件安全攻击中占据着较大的比重。近来,动态着色技术得到了越来越多的关注,这种技术通过在访问内存时检测指针的完整性来抵御攻击。然而,存在一类可以绕过指针完整性检查的策略来进行攻击的实例,比如数组的越界访问攻击。提出了一种基于动态着色跟踪分析的方法来解决这类已有着色技术不能检测的问题。其思想是,借助于内存访问控制的思路,首先像已有的动态着色技术那样,在内存访问时对指针进行完整性检查,然后检查指针将要访问的内存区域是否处于指针合理的访问范围之内。原型系统是基于Valgrind的,并不需要源码,因此可以用于很多商业软件。初步实验验证结果表明,该方法可以有效地检测出很多类型的攻击,系统的性能损耗接近于Memcheck这种常用的内存错误检测工具。     

“软硬”兼施防范ARP攻击

最近一段时间以来,全国各地网吧,机关单位,以及校园网等局域网络,都受到不同程度的ARP攻击,ARP攻击直接影响到了网络的正常使用。本文将通过软件和硬件相结合的方法,来讨论ARP攻击的原理,以及如何有效地防范局域网络中的ARP攻击。     

基于Kerberos协议的单点登录研究与设计

通过对传统的基于Kerberos协议的单点登录研究,分析了其存在的问题,提出了自己的解决方案。该方案采用密钥分发中心与资源服务器的会话密钥来替代它们之间的永久密钥以提高系统的安全性,采用基于时间戳和MAC地址的双重验证来解决重放攻击问题,采用Flag标记实现客户方与资源服务器的双向验证。在此基础上设计出了改进的单点登录系统,开发了软件系统原型,并通过实验验证了所提方案的有效性,为单点登录提供了可行的解决途径。     

Secure Bit: Transparent, Hardware Buffer-Overflow Protection

We propose a minimalist, architectural approach, Secure Bit (patent pending), to protect against buffer overflow attacks on control data (return-address and function-pointer attacks in particular). Secure Bit provides a hardware bit to protect the integrity of addresses for the purpose of preventing such buffer-overflow attacks. Secure Bit is transparent to user software: it provides backward compatibility with legacy user code. It can detect and prevent all address-corrupting buffer-overflow attacks with little runtime performance penalty. Addresses passed in buffers between processes are marked insecure, and control instructions using those addresses as targets will raise an exception. An important differentiating aspect of our protocol is that, once an address has been marked as insecure, there is no instruction to remark it as secure. Robustness and transparency are demonstrated by emulating the hardware, booting Linux on the emulator, running application software on that Linux, and performing known attacks