面向进程多变体软件系统的攻击面定性建模分析

doi:10.11959/j.issn.2096-109x.2022059

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (5): 121-128.doi: 10.11959/j.issn.2096-109x.2022059

面向进程多变体软件系统的攻击面定性建模分析

邢福康¹, 张铮¹, 隋然², 曲晟¹, 季新生¹

¹ 信息工程大学，河南郑州 450001
² 中央军委后勤保障部信息中心，北京 100089

修回日期:2022-04-25 出版日期:2022-10-15 发布日期:2022-10-01
作者简介:邢福康（1997- ），男，山东聊城人，信息工程大学博士生，主要研究方向为网络空间安全、Web应用安全
张铮（1976- ），男，湖北黄冈人，博士，信息工程大学副教授，主要研究方向为网络空间安全、主动防御技术
隋然（1974- ），男，山东青岛人，博士，中央军委后勤保障部信息中心研究员，主要研究方向为网络空间安全
曲晟（1996- ），男，山西忻州人，信息工程大学博士生，主要研究方向为网络空间安全、主动防御技术
季新生（1968- ），男，河南驻马店人，博士，信息工程大学教授、博士生导师，主要研究方向为网络空间安全、无线通信
基金资助:
国家自然科学基金(61521003);国家重点研发计划(2018YF0804003);国家重点研发计划(2017YFB0803204)

Qualitative modeling and analysis of attack surface for process multi-variant execution software system

Fukang XING¹, Zheng ZHANG¹, Ran SUI², Sheng QU¹, Xinsheng JI¹

¹ Information Engineering University, Zhengzhou 450001, China
² Information Center of Logistics Support Department of Central Military Commission, Beijing 100089, China

Revised:2022-04-25 Online:2022-10-15 Published:2022-10-01
Supported by:
The National Natural Science Foundation of China(61521003);The National Key R＆D Program of China(2018YF0804003);The National Key R＆D Program of China(2017YFB0803204)

摘要/Abstract

摘要：

攻击面是衡量软件系统安全性的一个重要指标，采用攻击面描述可以通过集合的方式描述软件系统的安全性并对其进行度量。一般的攻击面模型基于I/O自动机模型对软件系统进行建模，其一般采用非冗余的架构，难以应用于类似多变体系统这类异构冗余的系统架构。Manadhatad等提出了一种在非相似余度系统中进行攻击面度量的方式，但其采用的系统架构表决粒度和表决方式与多变体系统不同，无法准确度量多变体系统的攻击面。因此，在传统攻击面模型基础上，结合多变体系统异构冗余架构的特点，对传统攻击面模型进行扩展，并构建多变体系统的攻击面模型；使用形式化方式表示多变体系统的攻击面，根据多变体系统在系统出口点处的表决机制对传统攻击面模型进行改进，以使其能解释多变体系统攻击面缩小的现象，通过该建模方式，能够说明采用多变体架构的多变体系统在运行过程中攻击面的变化。采用了两组多变体执行架构的软件系统进行实例分析，分别通过与未采用多变体架构的功能相同的软件系统在未受攻击和遭受攻击两种情境下进行攻击面的对比分析，体现多变体系统在攻击面上的变化。结合攻击面理论与多变体执行系统的特点提出了一种面向多变体执行系统的攻击面建模方法，目前可以定性分析多变体执行系统攻击面的变化，未来将在定量分析多变体执行系统攻击面的方向继续进行深入研究。

关键词: 多变体, 攻击面, 攻击面度量, 网络安全

Abstract:

Attack surface is an important index to measure security of software system.The general attack surface model is based on the I/O automata model to model the software system, which generally uses a non-redundant architecture and it is difficult to apply to heterogeneous redundant system architectures such as multi variant systems.Manadhatad et al.proposed a method to measure the attack surface in a dissimilar redundancy system.However, the voting granularity and voting method of the system architecture adopted by Manadhatad are different from those of the multi-variant system, which cannot accurately measure the attack surface of the multi variant system.Therefore, based on the traditional attack surface model, combined with the characteristics of heterogeneous redundant architecture of multi variant systems, the traditional attack surface model was extended and the attack surface model of multivariant systems was constructed.The attack surface of the multi variant system was represented in a formal way, and the traditional attack surface model was improved according to the voting mechanism of the multi variant system at the exit point of the system, so that it can explain the phenomenon that the attack surface of the multi variant system shrinks.Through this modeling method, the change of the attack surface of the multi variant system adopting the multi variant architecture can be explained in the running process.Then, two groups of software systems with multi variant execution architecture were used as analyzing examples.The attack surface of the software systems with the same functions as those without multi variant architecture were compared and analyzed in two situations of being attacked and not being attacked, reflecting the changes of the multi variant system in the attack surface.Combining the attack surface theory and the characteristics of the multi variant execution system, an attack surface modeling method for the multi variant execution system was proposed.At present, the changes of the attack surface of the multi variant execution system can be qualitatively analyzed.In-depth research in the quantitative analysis of the attack surface of the multi variant execution system will be continually conducted.

Key words: multi-variant execution, attack surface, attack surface metric, network security

中图分类号:

TP393

邢福康, 张铮, 隋然, 曲晟, 季新生. 面向进程多变体软件系统的攻击面定性建模分析[J]. 网络与信息安全学报, 2022, 8(5): 121-128.

Fukang XING, Zheng ZHANG, Ran SUI, Sheng QU, Xinsheng JI. Qualitative modeling and analysis of attack surface for process multi-variant execution software system[J]. Chinese Journal of Network and Information Security, 2022, 8(5): 121-128.

图/表 7

图1

图2

图3

表1

表2

表3

表4

参考文献 19

[1]	方滨兴 . 定义网络空间安全[J]. 网络与信息安全学报, 2018,4(1): 1-5.
	FANG B X . Define cyberspace security[J]. Chinese Journal of Network and Information Security, 2018,4(1): 1-5.
[2]	邵思豪, 高庆, 马森 ,等. 缓冲区溢出漏洞分析技术研究进展[J]. 软件学报, 2018,29(5): 1179-1198.
	SHAO S H , GAO Q , MA S ,et al. Progress in research on buffer overflow vulnerability analysis technologies[J]. Journal of Software, 2018,29(5): 1179-1198.
[3]	BLETSCH T , JIANG X X , FREEH V W ,et al. Jump-oriented programming:a new class of code-reuse attack[C]// Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security - ASIACCS '11. 2011: 30-40.
[4]	LEVY E . Smashing the stack for fun and profit[J]. Phrack Maga-zine, 1996,8(49): 1-25.
[5]	SHACHAM H , . The geometry of innocent flesh on the bone:return-into-libc without function calls (on the x86)[C]// Proceedings of the 14th ACM conference on Computer and communications security. 2007: 552-561.
[6]	王丰峰, 张涛, 徐伟光 ,等. 进程控制流劫持攻击与防御技术综述[J]. 网络与信息安全学报, 2019,5(6): 10-20.
	WANG F F , ZHANG T , XU W G ,et al. Overview of control-flow hijacking attack and defense techniques for process[J]. Chinese Journal of Network and Information Security, 2019,5(6): 10-20.
[7]	COWAN C , PU C , MAIER D ,et al. StackGuard:automatic adaptive detection and prevention of buffer-overflow attacks[C]// Proceedings of 7th USENIX Security Conference. 1998: 63-78.
[8]	COWAN C , BARRINGER M , BEATTIE S ,et al. FormatGuard:automatic protection from printf format string vulnerabilities[C]// Proceedings of 10th USENIX Security Symposium. 2001: 13-17.
[9]	BITTAU A , BELAY A , MASHTIZADEH A ,et al. Hacking blind[C]// Proceedings of 2014 IEEE Symposium on Security and Privacy. 2014: 227-242.
[10]	WANG Z , JIANG X X . HyperSafe:a lightweight approach to provide lifetime hypervisor control-flow integrity[C]// Proceedings of 2010 IEEE Symposium on Security and Privacy. 2010: 380-395.
[11]	马博林, 张铮, 陈源 ,等. 基于指令集随机化的抗代码注入攻击方法[J]. 信息安全学报, 2020,5(4): 30-43.
	MA B L , ZHANG Z , CHEN Y ,et al. The defense method for code-injection attacks based on instruction set randomization[J]. Journal of Cyber Security, 2020,5(4): 30-43.
[12]	COX B , EVANS D , FILIPI A ,et al. N-variant systems a secretless framework for security through diversity[J]. 15th USENIX Security Symposium, 2006: 105-120.
[13]	SALAMAT B , JACKSON T , GAL A ,et al. Orchestra:intrusion detection using parallel execution and monitoring of program variants in user-space[C]// Proceedings of the 4th ACM European conference on Computer systems. 2009: 33-46.
[14]	KONING K , BOS H , GIUFFRIDA C . Secure and efficient multi-variant execution using hardware-assisted process virtualization[C]// Proceedings of 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 2016: 431-442.
[15]	张铮, 王立群, 李卫超 . 面向非相似余度信息系统的攻击面模型[J]. 通信学报, 2018,39(S2): 223-230.
	ZHANG Z , WANG L Q , LI W C . Research on formal model for an information system's attack surface with dissimilar redundant ar-chitecture[J]. Journal on Communications, 2018,39(S2): 223-230.
[16]	潘传幸, 张铮, 马博林 ,等. 面向进程控制流劫持攻击的拟态防御方法[J]. 通信学报, 2021,42(1): 37-47.
	PAN C X , ZHANG Z , MA B L ,et al. Method against process con-trol-flow hijacking based on mimic defense[J]. Journal on Commu-nications, 2021,42(1): 37-47.
[17]	马博林, 张铮, 刘浩 ,等. SQLMVED：基于多变体执行的 SQL注入运行时防御系统[J]. 通信学报, 2021,42(4): 127-138.
	MA B L , ZHANG Z , LIU H ,et al. SQLMVED:SQL injection runtime prevention system based on multi-variant execution[J]. Journal on Communications, 2021,42(4): 127-138.
[18]	MANADHATA P K , WING J M . A formal model for a system's attack surface[M]// Advances in Information Security. New York,NY: Springer New York, 2011: 1-28.
[19]	MANADHATA P K . Game theoretic approaches to attack surface shifting[M]// Moving Target Defense II. New York,NY: Springer New York, 2012: 1-13.

系统调用序号	普通系统	多变体系统进程1	多变体系统进程2
1	Brk	Brk	Brk
2	Mmap	Mmap	Mmap
3	Access	Access	Access
4	Open	Open	Open
5	Fstat	Fstat	Fstat
6	Mmap	Mmap	Mmap
7	Close	Close	Close
8	Open	Open	Open
9	Read	Read	Read
10	Fstat	Fstat	Fstat
11	Mmap	Mmap	Mmap
12	Mprotect	Mprotect	Mprotect
13	Write	Write	Write
14	Exit	Exit	Exit

系统调用序号	普通系统	多变体系统进程1	多变体系统进程2
1	Brk	Brk	Brk
2	Mmap	Mmap	Mmap
3	Access	Access	Access
4	Open	Open	Open
5	Fstat	Fstat	Fstat
6	Mmap	Mmap	Mmap
7	Close	Close	Close
8	Open	Open	Open
9	Fstat	Fstat	Fstat
10	Mmap	Mmap	Mmap
11	Close	Close	Close
12	Open	Open	Open
13	Read	Read	Read
14	Fstat	Fstat	Fstat
15	Mmap	Mmap	Mmap
16	Mprotect	Mprotect	Mprotect
17	Write	Write	Write
18	Exit	Exit	Exit

系统调用序号	普通系统	多变体系统进程1	多变体系统进程2
1	Brk	Brk	Brk
2	Mmap	Mmap	Mmap
3	Access	Access	Access
4	Open	Open	Open
5	Fstat	Fstat	Fstat
6	Mmap	Mmap	Mmap
7	Close	Close	Close
8	Open	Open	Open
9	Read
10	Write
11	Mmap
12	Write
13	Write
…	Fstat
注：表中的空白表示该时间进程已结束，不再产生系统调用。

系统调用序号	普通系统	多变体系统进程1	多变体系统进程2
1	Brk	Brk	Brk
2	Mmap	Mmap	Mmap
3	Access	Access	Access
4	Open	Open	Open
5	Fstat	Fstat	Fstat
6	Mmap	Mmap	Mmap
7	Close	Close	Close
8	Open	Open	Open
9	Fstat	Fstat	Fstat
10	Mmap	Mmap	Mmap
11	Close	Close	Close
12	Open	Open	Open
13	Read
14	Write
15	Mmap
16	Write
17	Write
…	Fstat

面向进程多变体软件系统的攻击面定性建模分析

Qualitative modeling and analysis of attack surface for process multi-variant execution software system

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 19

相关文章 15

Metrics

推荐阅读 0

[1]	王贺立, 闫巧. 基于交易记录特征的自私挖矿检测方案[J]. 网络与信息安全学报, 2023, 9(2): 104-114.
[2]	陈训逊, 李明哲, 吕宁, 黄亮. 内禀安全：网络安全能力体系化构建方法[J]. 网络与信息安全学报, 2023, 9(1): 92-102.
[3]	李东, 郝艳妮, 彭升辉, 訾瑞杰, 刘西蒙. 国家自然科学基金委员会网络安全现状与展望[J]. 网络与信息安全学报, 2022, 8(6): 92-101.
[4]	王泽南, 李佳浩, 檀朝红, 皮德常. 面向网络安全资源池的智能服务链系统设计与分析[J]. 网络与信息安全学报, 2022, 8(4): 175-181.
[5]	王馨雅, 华光, 江昊, 张海剑. 深度学习模型的版权保护研究综述[J]. 网络与信息安全学报, 2022, 8(2): 1-14.
[6]	王洋, 汤光明, 王硕, 楚江. 基于API调用管理的SDN应用层DDoS攻击防御机制[J]. 网络与信息安全学报, 2022, 8(2): 73-87.
[7]	邱洁, 韩瑞, 魏志丰, 王志洋. 网络空间公共基础设施体系及安全策略研究[J]. 网络与信息安全学报, 2021, 7(6): 56-67.
[8]	王硕, 柏军, 王佰玲, 张旭, 刘红日. 基于时间压缩的流量加速回放方法[J]. 网络与信息安全学报, 2021, 7(5): 178-188.
[9]	赵昊, 舒辉, 康绯, 邢颖. 基于智能合约的高对抗性僵尸网络研究[J]. 网络与信息安全学报, 2021, 7(4): 30-41.
[10]	王涛, 陈鸿昶. 考虑拜占庭属性的SDN安全控制器多目标优化部署方案[J]. 网络与信息安全学报, 2021, 7(3): 72-84.
[11]	张成磊, 付玉龙, 李晖, 曹进. 6G网络安全场景分析及安全模型研究[J]. 网络与信息安全学报, 2021, 7(1): 28-45.
[12]	杨路辉,白惠文,刘光杰,戴跃伟. 基于可分离卷积的轻量级恶意域名检测模型[J]. 网络与信息安全学报, 2020, 6(6): 112-120.
[13]	谢博,申国伟,郭春,周燕,于淼. 基于残差空洞卷积神经网络的网络安全实体识别方法[J]. 网络与信息安全学报, 2020, 6(5): 126-138.
[14]	张孟媛,袁钟怡. 美国网络安全审查制度发展、特点及启示[J]. 网络与信息安全学报, 2019, 5(6): 1-9.
[15]	贾春福,李瑞琪,田美琦,程晓阳. 信息安全与法学复合型人才培养模式[J]. 网络与信息安全学报, 2019, 5(3): 31-35.