Performance analysis of aspect-oriented UML models

Aspect-Oriented Modeling (AOM) techniques allow software designers to isolate and address separately solutions for crosscutting concerns (such as security, reliability, new functional features, etc.). Current AOM research is concerned not only with the separate expression of concerns and their composition into a complete system model, but also with the analysis of different properties of such models. This paper proposes an approach for analyzing the performance effects of a given aspect on the overall system performance, after the composition of the aspect model with the system’s primary model. Performance analysis of UML models is enabled by the “UML Performance Profile for Schedulability, Performance and Time” (SPT) standardized by OMG, which defines a set of quantitative performance annotations to be added to a UML model. The first step of the proposed approach is to add performance annotations to both the primary and the aspect models. An aspect model is generic at first, and therefore its performance annotations must be parameterized. A generic model is converted into a context-specific aspect model with concrete values assigned to its performance annotations. The latter is composed with the primary model, generating a complete annotated UML model. The composition is performed in both structural and behavioural views. A novel approach for composing activity diagrams based on graph-rewriting concepts is proposed in the paper. The next step is to transform automatically the composed model into a Layered Queueing Network (LQN) performance model, by using techniques developed in previous work. The proposed approach is illustrated with a case study system, whose primary model is enhanced with some security features by using AOM. The performance effects of the security aspect under consideration are analyzed in two design alternatives, by solving and analyzing the LQN model of the composed system.     

From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design

Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.     

探讨数据挖掘技术在网络信息安全管理中的应用

信息的收集,运用以及控制的竞争日益加剧,因此网络的安全问题也逐渐的成为了社会关注的主要问题,信息安全也已成为保障国家安全和社会稳定的重点方面.如何识别防御和攻击以及增强网络的安全已经成为技术管理人员研究的重要方面.网络安全领域的一个热门话题就是入侵检测.入侵检测的主要分析方法是异常检测和误用检测两种方法.     

Comparing attack trees and misuse cases in an industrial setting

The last decade has seen an increasing focus on addressing security already during the earliest stages of system development, such as requirements determination. Attack trees and misuse cases are established techniques for representing security threats along with their potential mitigations. Previous work has compared attack trees and misuse cases in two experiments with students. The present paper instead presents an experiment where industrial practitioners perform the experimental tasks in their workplace. The industrial experiment confirms a central finding from the student experiments: that attack trees tend to help identifying more threats than misuse cases. It also presents a new result: that misuse cases tend to encourage identification of threats associated with earlier development stages than attack trees. The two techniques should therefore be considered complementary and should be used together in practical requirements work.     

基于模型检测的无线传感网安全协议形式化分析与改进

针对Zhang等人提出的一种基于位置的无线传感网络安全方案,开展基于模型检测的形式化分析与改进研究。首先采用模型检测工具SPIN对邻居节点认证协议进行分析和验证,发现节点移动后将导致邻居节点无法认证的问题;为了支持节点可移动,直接对协议给出一种改进方案,采用模型检测对改进后的协议重新建模分析,又发现存在中间人攻击的威胁;最后根据模型检测结果,进一步提出用时间戳替换随机数的改进方案,有效抵御了中间人攻击。本文的工作表明,模型检测不仅能实现对无线传感器网络安全协议的形式化分析与验证,还可有效协助完成安全协议的设计与改进。     

一种安全需求分析中的用例漏洞检测方法

提出一种基于攻击模式的用例漏洞检测方法,用于对需求分析人员设计的用例图进行漏洞检测。该方法以形式化用例作为基础,把误用例作为安全攸关信息的载体、设置为用例的特殊属性。通过与用户的交互完成误用例相关属性的信息采集,并进一步运用这些信息计算出用例的误用例指数。将此指数与预定义的攻击模式相关指数进行对比,以此来判断该用例是否与某个特定误用例、某些特定攻击模式相关。从而检测到用例图中的用例漏洞,并在此基础上提出可行建议。     

Automated Instruction Detection

Although a computer system's primary defense is its access controls, it is plain from numerous newspaper accounts of break-ins and computerized thefts that access control mechanisms cannot be relied on in most cases to safeguard against a penetration or insider attack. Most computer systems have security weaknesses that leave them vulnerable to attack and abuse. Finding and fixing all the flaws is not technically feasible, and building systems with no security vulnerabilities is extremely difficult, if not generally impossible. Moreover, even the most secure systems are vulnerable to abuse by insiders who misuse their privileges.

Audit trails can help ensure the accountability of users for their actions. Audit trails have been viewed as the final defense, not only because of their deterrent value but because in theory they can be perused for suspicious events and provide evidence to establish the guilt or innocence of suspected individuals. Moreover, audit trails may be the only means of detecting authorized but abusive user activity.     

一种基于安全网管的大规模网络误用检测方法

由内部网络误用引起的安全问题已日益成为网络安全管理研究领域中的一个难题。论文提出了一种有效的误用检测方法,并实现了一个原型系统。该方法借鉴了对等网技术的优点,利用IP欺骗原理和ICMP回响功能来完成检测。实验证明,在由若干子网组成的大规模网络中,该方法可以高效地检测出任意一个子网内是否存在网络误用。     

基于XML Schema技术网页安全防护机制的研究

提出了一种基于XML Schema 技术的网页安全防护机制,可解决网页中用户输入数据缺乏验证机制而导致应用层级的安全攻击.该防护机制通过描述网页输入数据的特性,将输入数据转换为XML Document,判断有无应用层级的安全攻击并采取防护措施,为网站开发提供有效而又方便的安全保障.     

一种基于层次分析法的攻击树模型改进

针对传统攻击树模型在计算攻击事件发生概率时未考虑各安全属性权值的不足,设计了一种基于层次分析法的攻击树模型。在计算攻击事件发生概率时,首先给每个叶节点赋予不同安全属性;然后根据攻击者意图和系统特征比较各安全属性对攻击事件发生概率的影响程度,构造判断矩阵;最后对所得矩阵进行一致性检验,若符合要求,则将其特征向量进行归一化处理,即得各安全属性权值。实际应用表明,利用该方法计算所得出的攻击事件发生概率更贴近系统实际。     

一个基于误用检测的数据库安全审计系统

数据库审计是数据库安全的重要组成部分,包括日志记录和日志分析两部分。在SQL Server数据库中,使用审计功能只能获取审计跟踪的信息,并不具备日志分析的能力。针对SQL Server数据库审计功能的不足,给出了一个数据库安全审计系统MyAudit的设计和实现。MyAudit系统使用误用检测方法进行审计分析,能够检测出攻击企图、伪装攻击两种类型的数据库攻击。     

基于CNN_BiLSTM网络的入侵检测方法

网络攻击事件频发,正确高效地检测攻击行为对网络安全至关重要.该方法基于一维卷积神经网络和双向长短期记忆网络引入自注意力机制来检测恶意行为.首先借助随机森林来选择重要的特征作为模型输入以减少输入数据的冗余问题,之后利用一维卷积神经网络和双向长短期记忆网络分别提取空间特征和时间特征,将二者提取的特征"并联"得到融合特征,为...     

基于不同概念层次知识发现的入侵检测系统

本文针对现有误用检测系统缺少对新攻击样式的适应性问题，从不同概念层次的知识发现角度出发，提出了一种新的误用检测方法。该方法首先利用相关特征选取算法提取每种攻击的最优特征子集，然后通过相似性聚类对攻击样式作概念分层，最后用规则学习算法学习概念级误用检测模型。实验结果表明，该入侵检测方法不但能够提高检测概率
率，实现对新的攻击方式的检测，同时还简化了分类模型。     

基于激励机制的网络攻防演化博弈模型研究

随着网络信息系统的日益复杂化,网络的安全性和用户隐私性引起了人们的高度重视,寻找能够维护网络安全、分析和预判网络攻防形式的新技术尤为重要.由于演化博弈理论的特性与网络攻防的特性较为契合,因此,本文对网络环境进行了分析,构建网络攻防场景,并在惩罚机制的基础上引入激励机制,提出了基于激励机制的攻防演化博弈模型.通过给出群体不同的问题情境,利用复制动态方程对局中人的策略选取进行演化分析.另外,在第三方监管部门对局中人管理的基础上,分析不同攻击时长时攻击群体的演化规律,证明攻击具有时效性.通过激励机制对防御群体策略选取的影响以及引入防御投资回报,来进一步证明增加激励机制的可行性.根据实验验证表明,本文提出的攻防演化博弈模型在不同的问题情境下均可达到稳定状态并获得最优防御策略,从而有效减少防御方的损失,遏制攻击方的攻击行为.     

ETSG-SMT:一种SMT时间信道安全问题描述模型

同时多线程(simultaneousmulti-threading,SMT)技术是现代高性能处理器的标配技术,是提升线程级并行度的重要微架构优化技术之一. SMT技术在带来性能提升的同时,也引入了新的时间信道安全问题,相对于跨核、跨处理器,SMT技术下的时间信道安全问题更难应对和防护,且陆续有新的安全问题出现.当前缺少一种系统描述SMT环境下时间信道安全问题的方法.从利用SMT技术产生时间信道的原理入手,聚焦SMT环境下共享资源产生的时间信道及其攻击机理,基于拓扑排序图(topologicalsortgraph,TSG)模型,结合数据流分析扩展得到一种适用于SMT环境下的时间信道安全问题描述模型——ETSG(extendedtopologicalsortgraph,扩展的拓扑排序图)-SMT.首先介绍SMT环境下时间信道安全问题利用和防护的技术特点以及使用TSG模型分析SMT环境下时间信道安全问题的限制与不足;然后在TSG模型基础上,针对SMT技术特征及其安全问题的形式化描述特点,结合数据流分析技术形成一套新的建模方法;最后,通过将ETSG-SMT模型应用到SMT环境下现有的攻击方法和...     

Towards developing consistent misuse case models

Secure software development should begin at the early stages of the development life cycle. Misuse case modeling is a technique that stems from traditional use case modeling, which facilitates the elicitation and modeling functional security requirements at the requirements phase. Misuse case modeling is an effective vehicle to potentially identify a large subset of these threats. It is therefore crucial to develop high quality misuse case models otherwise end system developed will be vulnerable to security threats. Templates to describe misuse cases are populated with syntax-free natural language content. The inherent ambiguity of syntax-free natural language coupled with the crucial role of misuse case models in development can have a very detrimental effect. This paper proposes a structure that will guide misuse case authors towards developing consistent misuse case models. This paper also presents a process that utilizes this structure to ensure the consistency of misuse case models as they evolve, eliminating potential damages caused by inconsistencies. A tool was developed to provide automation support for the proposed structure and process. The feasibility and application of this approach were demonstrated using two real-world case studies.     

消息保密的代理签名方案的安全性分析与改进

通过对一种消息保密的代理签名方案进行安全性分析,发现原始签名人和盲签名的接收者可以在互不泄漏对方秘密的情况下合谋篡改待签名的消息并伪造代理签名,并且代理人可以滥用代理权。为此,通过将代理签名密钥转换为Schnorr签名,并利用授权证书给出了改进方案,可防止代理人滥用代理权和抵制原始签名人和盲签名的接收者合谋攻击,克服了这种方案的缺点,同时具备这种方案的其它安全性要求。     

智能电网信息安全及其对电力系统生存性的影响

目前的电网必将发展成为由电力网和信息网组成的相互依存的复合网络. 分析了智能电网网络构成的特点, 阐述了信息网络安全在智能电网安全中的重要性. 通过对智能电网信息化引入新元素的主要功能和特点的分析, 从信息的采集、传输、处理和互动等角度描述了智能电网的信息安全问题, 预想了各类攻击条件下的安全性事故场景. 从网络功能的耦合性和网络间故障的传播特性探讨了信息网络安全对电力系统生存性的影响. 最后, 从关键技术、标准体系、政策法规、培训管理等方面提出了加强智能电网信息安全的具体建议, 有助于提高智能电网安全性.     

一种基于主机代理的Oracle数据库安全增强方式

由于Oracle数据库不提供源代码,目前主要通过外部安全增强的方式扩充Oracle的安全机制.从应用系统改造、Oracle性能影响与Oracle抗攻击能力等方面分析了现有的安全增强方式的不足,并提出和实现了一种新的安全增强方式.该安全增强方式在提升Oracle数据库的安全性、符合B1级安全标准的同时,具有对应用系统透明、对数据库性能影响较低以及能防范本地和远程攻击等优点.