| 基于攻击树的边界网关协议安全测试 |
| |
| 引用本文: | 念其锋,蔡开裕,杜秀春. 基于攻击树的边界网关协议安全测试[J]. 计算机工程与科学, 2006, 28(8): 14-16 |
| |
| 作者姓名: | 念其锋 蔡开裕 杜秀春 |
| |
| 作者单位: | 湖南科技大学计算机学院,湖南,湘潭,411201;国防科技大学计算机学院,湖南,长沙,410073;国防科技大学计算机学院,湖南,长沙,410073 |
| |
| 基金项目: | 国家自然科学基金;国家高技术研究发展计划(863计划);国家重点实验室基金 |
| |
| 摘 要: | 基于BGP协议构造的域间路由系统是因特网的基础设施。域间路由系统面临多种恶意攻击的成胁且易受人为错误的影响。本文提出BGP攻击树(Attack-Tree)模型,并应用该模型构造域间路由系统的安全性测试套件,不但能够全面地对BGP进行安全性测试,而且便于测试案例的生成和系统实现。测试过程就是对树的标记过程,本文为此提出了着
色算法。利用生成的测试案例,对BGP目标系统进行安全测试实验。结果表明,这种方法能有效地发现BGP潜在的安全漏洞,为ISP运营商增强路由系统安全提供依据。
|
| 关 键 词: | 攻击树 边界网关协议(BGP) 域间路由系统 测试 |
| 文章编号: | 1007-130X(2006)08-0014-03 |
| 修稿时间: | 2005-07-13 |
Attack-Tree-Based Security Testing of BGP |
| |
| NIAN Qi-feng,CAI Kai-yu,DU Xiu-chun. Attack-Tree-Based Security Testing of BGP[J]. Computer Engineering & Science, 2006, 28(8): 14-16 |
| |
| Authors: | NIAN Qi-feng CAI Kai-yu DU Xiu-chun |
| |
| Abstract: | The inter-domain routing system based on BGP is the key routing infrastructure in the Internet. However, it is prone to imprudence errors and is menaced by many aggressive attacks. In this paper, we introduce an attack-tree model of BGP, and design a testing suite which can use the model to identify the vulnerability of the inter-domain routing system. The key part of the testing procedure is the process of marking attack-trees, and we present a coloring algorithm to solve it. The model can not only test the security of BGP comprehensively, but also facilitate the generation of testing-cases and the implementation of systems. Using the generated testing-cases, we test the security of a target BGP system and the results indicate that this method can effectively expose the vulnerabilities of BGP, which helps ISP enhance routing systems. |
| |
| Keywords: | attack tree border gateway protocol(BGP) inter-domain routing system test |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载免费的PDF全文 |
