共查询到18条相似文献,搜索用时 203 毫秒
1.
2.
Web Services Secure Conversation是基于XML的安全协议.本文对该协议进行了形式化的分析,并使用模型检验工具SPIN验证了协议的安全性,结果表明该协议存在认证性缺陷。为此,修改了协议的消息结构并对用户口令进行了数字签名。对改进后协议的安全性进行分析,结果表明改进后的协议不存在原协议的缺陷,协议满足认证性要求。 相似文献
3.
认证协议攻击与非形式化分析 总被引:5,自引:0,他引:5
协议的分析验证方法有形式化与非形式化之分.很多代表性的协议虽然存在着缺陷,但对这些协议的非形式化分析,却可以提出一些值得借鉴的规则,参考这些规则可以避免和减少协议逻辑的漏洞,本文针对Woo-Lam两个改进协议以及SSL协议给出了攻击方法,分析协议存在的漏洞并提出如何使协议更为安全的建议。 相似文献
4.
本文指出了现有时限责任分析技术中存在的缺陷,提出了一种基于Kailar逻辑的安全协议时限责任分析框架。通过该分析框架对一个具有时限性要求的安全电子投递协议进行分析,发现了协议存在的时限问题,修改了协议并给出了修改后的协议满足时限性要求的证明。 相似文献
5.
6.
提出一种分析和设计认证协议的新逻辑,可以用来分析认证协议和设计认证协议。通过运用该逻辑,使认证协议的设计和分析可以在同一种逻辑中进行,也消除了用不同的方法来设计和分析认证协议的不一致性。在分析协议时,先用逻辑对协议进行形式化,再用推理规则对协议进行推理。如果不能推理出协议的最终目标,说明协议存在缺陷或者漏洞。在设计协议时,通过运用合成规则使协议设计者可用一种系统化的方法来构造满足需要的协议。用该逻辑对Needham-Schroeder私钥协议进行了分析,指出该协议不能满足协议目标,并重新设计了该协议。 相似文献
7.
多个主体之间的安全会话需要有可靠的多方认证协议来保证。基于安全协议的操作语义模型,分析了三方认证协议BNV的安全性,结果表明该协议存在一致性和同步性缺陷。为此,修改了协议的消息结构并添加了标识协议主体身份的消息项。对改进后协议的安全性进行分析,结果表明改进后的协议不存在原协议的缺陷,协议参与主体满足一致性与同步性要求。最后,基于改进后协议,提出了一个n方认证协议的协议原型。 相似文献
8.
针对Web安全协议SSL的握手协议部分进行了详尽的阐述,对其安全性作了一定的分析,给出了理论上存在的三个协议漏洞的详尽描述,并且经过测试验证,指出了SSL协议存在***模式漏洞。 相似文献
9.
RIP路由协议及其漏洞攻击防范 总被引:2,自引:0,他引:2
本文对RIP协议的基本工作原理、RIP协议的特点,RIP协议的不足之处等基本理论作了科学的阐述。在此基础上指出了边界网关协议存在的缺陷,并对可能存在的漏洞攻击及其防范措施进行了分析。 相似文献
10.
11.
12.
基于口令的远程身份认证协议是目前认证协议研究的热点。2005年,Sung-WoonLee等人提出了一个低开销的基于随机数的远程身份认证协议即Lee—Kim—Yoo协议,首先分析了此协议中所存在的安全性缺陷。随后构造了一个基于随机数和Hash函数,并使用智能卡的远程身份认证协议,最后用BAN逻辑对修改后的协议进行了形式化的分析,结果表明修改后的协议能够达到协议的安全目标。 相似文献
13.
基于口令的远程身份认证协议是目前认证协议研究的热点。2005年,Sung-Woon Lee等人提出了一个低开销的基于随机数的远程身份认证协议即Lee-Kim-Yoo协议,首先分析了此协议中所存在的安全性缺陷,随后构造了一个基于随机数和Hash函数,并使用智能卡的远程身份认证协议,最后用BAN逻辑对修改后的协议进行了形式化的分析,结果表明修改后的协议能够达到协议的安全目标。 相似文献
14.
One way to deal with bugs is to avoid them entirely. The approach would be wasteful because we'd be underutilizing the many automated tools and techniques that can catch bugs for us. Most tools for eliminating bugs work by tightening the specifications of what we build. At the program code level, tighter specifications affect the operations allowed on various data types, our program's behavior, and our code's style. Furthermore, we can use many different approaches to verify that our code is on track: the programming language, its compiler, specialized tools, libraries, and embedded tests are our most obvious friends. We can delegate bug busting to code. Many libraries come with hooks or specialized builds that can catch questionable argument values, resource leaks, and wrong ordering of function calls. Bugs many be a fact of life, but they're not inevitable. We have some powerful tools to find them before they mess with our programs, and the good news is that these tools get better every year. 相似文献
15.
Distributed shared memory (DSM) allows parallel programs to run on distributed computers by simulating a global virtual shared memory, but data racing bugs may easily occur when the threads of a multi-threaded process concurrently access the physically distributed memory. Earlier tools to help programmers locate data racing bugs in non-DSM parallel programs are not easily applied to DSM systems. This study presents the data race avoidance and replay scheme (DRARS) to assist debugging parallel programs on DSM or multi-core systems. DRARS is a novel tool which controls the consistency protocol of the target program, automatically preventing a large class of data racing bugs when the parallel program is subsequently run, obviating much of the need for manual debugging. For data racing bugs that cannot be avoided automatically, DRARS performs a deterministic replay-type function on DSM systems, faithfully reproducing the behavior of the parallel program during run time. Because one class of data racing bugs has already been eliminated, the remaining manual debugging task is greatly simplified. Unlike previous debugging methods, DRARS does not require that the parallel program be written in a specific style or programming language. Moreover, DRARS can be implemented in most consistency protocols. In this paper, DRARS is realized and verified in real experiments using the eager release consistency protocol on a DSM system with various applications. 相似文献
16.
T.J. Richardson 《Annals of Mathematics and Artificial Intelligence》2001,31(1-4):127-146
In cyclic pursuit n bugs chase each other in cyclic order, each moving at unit speed. Mathematical problems and puzzles of pursuit, and cyclic
pursuit in particular, have attracted interest for many years. In 1971 Klamkin and Newman [17] showed that if n=3 and the initial positions of the bugs are not collinear, then all three bugs capture their prey simultaneously, i.e., no
bug captures its prey prior to the moment when the pursuit collapses to a single point. They asked whether the result generalizes
to more bugs. Behroozi and Gagnon [4] showed that it does generalize to n=4 if the bugs' initial positions form a convex polygon. In this paper we resolve the general question in k dimensions: It is possible for bugs to capture their prey without all bugs simultaneously doing so even for non-collinear
initial positions. The set of initial conditions which give rise to non-mutual captures is, however, a sub-manifold in the
manifold of all possible initial conditions. Hence, if the initial positions are picked randomly according to a smooth probability
distribution, then the probability that a non-mutual capture will occur is zero.
This revised version was published online in August 2006 with corrections to the Cover Date. 相似文献
17.
朱军 《数字社区&智能家居》2009,(6)
从SMTP协议入手,分析垃圾邮件制造者利用SMTP协议的缺陷隐藏邮件来源的方法,然后通过对电子邮件结构中邮件信头的详细分析,从邮件信头读取垃圾邮件的相关信息来追踪垃圾邮件的来源。 相似文献
18.
王立娟 《数字社区&智能家居》2007,(10):157-157,167
本文阐述了如何应用缺陷生命周期控制法解决软件测试中发现的缺陷,并对缺陷进行跟踪管理,为决策者提供支持,提高软件开发的质量。并着重阐述了缺陷跟踪管理中的缺陷状态流转技术,缺陷管理流程,以及基于软件测试的缺陷跟踪技术,通过这样的跟踪技术可以使软件测试更加有效,可以尽早发发现缺陷,减少后期的维护工作。 相似文献