采用完整性威胁树的信息流完整性度量方法

doi:10.11959/j.issn.2096-109x.2019016

Abstract

Abstract:

In order to avert the drawback of traditional information flow integrity analysis on ignoring the specific system architecture and associated attack events,an integrity threat tree to quantify the integrity of the system information flow,and the conditional trigger gate to model the associated attack events were proposed.The attack cost was used to quantify the degree of difficulty on attacking each channel.According to the architecture-related integrity threat tree,the minimum attack cost and corresponding target channel set required to achieve the attack target were solved by using the satisfiability modulo theories.The practicality of our approach was demonstrated by the modeling and analysis of the actual flight control system models,and the influence of the conditional trigger gate parameters on the system integrity was discussed.

Key words: integrity, information flow, satisfiability modulo theories, attack tree

CLC Number:

TP309

Qixuan WU,Jianfeng MA,Cong SUN. Information flow integrity measurement method using integrity threat tree[J]. Chinese Journal of Network and Information Security, 2019, 5(2): 50-57.

Figures/Tables 6

References 13

[1]	DENNING D E . A lattice model of secure information flow[J]. Communications of the ACM, 1976,19(5): 236-243.
[2]	BIBA K J . Integrity considerations for secure computer systems:technical report:ESD-TR-76-372[R]. 1977.
[3]	吴泽智, 陈性元, 杨智 ,等. 信息流控制研究进展[J]. 软件学报, 2017,28(1): 135-159.
	WU Z Z , CHEN X Y , YANG Z ,et al. Survey on information flow control[J]. Journal of Software, 2017,28(1): 135-159.
[4]	MILLEN J K , . Covert channel capacity[C]// IEEE Symposium on Security and Privacy. 1987:60.
[5]	CLARKSON M R , SCHNEIDER F B . Quantification of integrity[J]. Mathematical Structures in Computer Science, 2015,25(2): 28-43.
[6]	KORDY B , PIETRE-CAMBACEDES L , SCHWEITZER P . DAG-based attack and defense modeling:don’t miss the forest for the attack trees[J]. Computer Science Review, 2014,(13-14): 1-38.
[7]	JHAWAR R , KORDY B , MAUW S ,et al. Attack trees with sequential conjunction[C]// The 30th IFIP TC 11 International Conference, 2015: 339-353.
[8]	AUDINOT M , PINCHINAT S , KORDY B . Is my attack tree correct[C]// The 22nd European Symposium on Research in Computer Security. 2017: 83-102.
[9]	HOME R , MAUW S , TIU A . Semantics for specialising attack trees based on linear logic[J]. Fundamenta Informaticae, 2017,153(1-2): 57-86.
[10]	SAMET R . Recovery device for real-time dual-redundant computer systems[J]. IEEE Transactions on Dependable and Secure Computing, 2010,8(3): 391-403.
[11]	MAHONY R , KUMAR V , MAHONY P . Multirotor aerial vehicles:modeling,estimation,and control of a quadrotor[J]. IEEE Robotics and Automation Magazine, 2012,19(3): 20-32.
[12]	张杨, 吴文海, 汪杰 . 舰载无人机横侧向着舰控制律设计[J]. 航空学报, 2017,38(S1): 128-134.
	ZHANG Y , WU W H , WANG J . Design of carrier UAV lateral/di rectional landing control law[J]. Acta Aeronautica ET Astronautica Sinica, 2017,38(S1): 128-134.
[13]	HARTLEY E N , MACIEJOWSKI J M . A longitudinal flight control law based on robust MPC and H2 methods to accommodate sensor loss in the reconfigure Benchmark[J]. IFAC Papers Online, 2015,48(21): 1000-1005.

Metrics

Recommended 0

No Suggested Reading articles found!

模块名	Quad-Sim ^[11]			Lateral-Land ^[12]
模块名	输入数据量/bit	输出数据量/bit	Cost	输入数据量/bit	输出数据量/bit	Cost
交叉传输（IT）	106.67	106.67	11 378.488 9	61.9	61.9	3 831.61
控制律计算（CLC）	63.43	33.96	2 154.082 8	35.64	16.98	605.167 2
表决存储器（VM）	9.28	9.28	86.118 4	9.28	9.28	86.118 4
表决控制器（VC）	43.24	9.28	401.267 2	26.26	9.28	243.692 8
数据采集（DC）	126.86	63.43	8 046.729 8	77.28	35.64	2 754.259 2
故障检测（FD）	65.94	2.07	136.495 8	65.94	2.07	136.495 8
类型判断（FTD）	73.24	3.32	243.156 8	73.24	3.32	243.156 8
故障定位（FL）	75.31	5.32	400.649 2	75.31	5.32	400.649 2

Information flow integrity measurement method using integrity threat tree

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 13

Related Articles 5

Metrics

Recommended 0

[1]	Jianming FU, Chang LIU, Mengfei XIE, Chenke LUO. Survey of software anomaly detection based on deception [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 15-29.
[2]	Jiashun ZHOU, Na WANG, Xuehui DU. Multi-party efficient audit mechanism for data integrity based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 113-125.
[3]	Zhanhui YUAN, Zhi YANG, Hongqi ZHANG, Shuyuan JIN, Xuehui DU. Android complex information flow analysis method based on communicating sequential process [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 156-168.
[4]	Fengfeng WANG,Tao ZHANG,Weiguang XU,Meng SUN. Overview of control-flow hijacking attack and defense techniques for process [J]. Chinese Journal of Network and Information Security, 2019, 5(6): 10-20.
[5]	Jiyang LI,Pengyuan ZHAO,Zhe LIU. Trusted access scheme for intranet mobile terminal based on encrypted SD card [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 108-118.