基于进程通信语义的互联安全控制安全分析和优化

doi:10.11959/j.issn.2096-8930.2021029

天地一体化信息网络 ›› 2021, Vol. 2 ›› Issue (3): 35-47.doi: 10.11959/j.issn.2096-8930.2021029

所属专题：专题：天地一体化信息网络安全防护技术

• 专题：天地一体化信息网络安全防护技术 • 上一篇下一篇

基于进程通信语义的互联安全控制安全分析和优化

卢波, 陆月明

北京邮电大学网络空间安全学院，可信分布式计算与服务教育部重点实验室，北京 100876

修回日期:2021-08-24 出版日期:2021-09-20 发布日期:2021-09-01
作者简介:卢波（1988-），男，北京邮电大学博士生，主要研究方向为协议安全分析、安全关键系统设计
陆月明（1969-），男，北京邮电大学教授、博士生导师，可信分布式计算与服务教育部重点实验室学术委员会委员与学术带头人，主要研究方向为互联网安全等
基金资助:
国家重点研发计划资助(2016YFB0800302)

Optimization and Security Analysis of Interconnected Security Control Based on Semantic of Process Communication

Bo LU, Yueming LU

Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, School of Cyber Security, Beijing University of Posts and Telecommunications, Beijing 100876, China

Revised:2021-08-24 Online:2021-09-20 Published:2021-09-01
Supported by:
National Key R＆D Program of China(2016YFB0800302)

摘要/Abstract

摘要：

面对天地一体化信息网络多域安全控制需求，针对单进程正则匹配的方式制约了互联安全网关的性能问题，提出基于进程通信语义安全分析的互联安全控制高性能优化方法。该方法采用以进程概念为中心的并行程序设计语言描述主从进程的交互模型，通过赋予状态转移系统语义，实现主从进程的组合语义精确的表达。通过形式化语义分析，该方法具有运行无死锁、饥饿，且等价于原有正则匹配的语义安全性。实验结果表明，该方法能够充分发挥多核硬件优势，使用进程绑定CPU方式，减少操作系统调度器的上下文切换开销，在复杂正则表达式情形下，比单核运行提高一个数量级。

关键词: 形式化分析, 正则表达式匹配, 访问控制, 并行计算

Abstract:

Facing the demand of multi-domain security control in the integrated network of air and ground, to solve the problem that singleprocess regular matching restricts the performance of interconnected security gateway, the method of high-performance optimization of interconnected security control based on semantic security analysis of process communication was proposed.The interaction model of master-slave processes was described in a parallel programming language in the method.The state transition system semantics were given to accurately express the combined semantics of the master-slave processes.The security of master-slave processes in combinatorial semantics was analyzed, which ensured that the parallel running of processes had no deadlock and starvation, and was equivalent to the original regular matching.Experimental results showed that the proposed method could give full play to the advantages of multi-core hardware and reduced the context switching overhead of the scheduler.In the case of complex regular expressions, the method was an order of magnitude better than single-core running.

Key words: formal analysis, regular expression matching, access control, parallel computing

中图分类号:

TN918.91

卢波, 陆月明. 基于进程通信语义的互联安全控制安全分析和优化[J]. 天地一体化信息网络, 2021, 2(3): 35-47.

Bo LU, Yueming LU. Optimization and Security Analysis of Interconnected Security Control Based on Semantic of Process Communication[J]. Space-Integrated-Ground Information Networks, 2021, 2(3): 35-47.

图/表 11

图1

图2

图3

图4

图5

表1

表2

表3

图6

图7

图8

参考文献 19

[1]	LU B , CAO R H , LU Y M ,et al. Design and formal analysis of an authentication protocol,eWMDP on wearable devices[J]. IEEE Access, 2019,7: 97771-97783.
[2]	ZHANG L H , LU B D , ZHAO T ,et al. A novel decentralized blockchain networks model with high concurrency (blockchain networks model with high concurrency)[C]// Proceedings of 2019 IEEE 14th International Conference on Intelligent Systems and Knowledge Engineering (ISKE). Piscataway:IEEE Press, 2019: 800-804.
[3]	GORRIERI R , VERSARI C . Introduction to concurrency theory[M]. Cham: Springer International Publishing, 2015.
[4]	POLYVYANYY A , SOLTI A , WEIDLICH M ,et al. Monotone precision and recall measures for comparing executions and specifications of dynamic systems[J]. ACM Transactions on Software Engineering and Methodology, 2020,29(3): 1-41.
[5]	DIERTENS B . A process algebra software engineering environment[EB].
[6]	ZHANG F , ZHAO Y W , MA D F ,et al. Formal verification of behavioral AADL models by stateful timed CSP[J]. IEEE Access, 2017,5: 27421-27438.
[7]	MKAOUAR H , ZALILA B , HUGUES J ,et al. A formal approach to AADL model-based software engineering[J]. International Journal on Software Tools for Technology Transfer, 2020,22(2): 219-247.
[8]	KIM R , KWON H T , CHI S Y ,et al. A coordination model for agent behaviors using hierarchical finite state machine with inter-level concurrency[C]// Proceedings of 2016 International Conference on Information and Communication Technology Convergence (ICTC). Piscataway:IEEE Press, 2016: 359-364.
[9]	PRIETO M , SUGEZKY L , GONZáLEZ N ,, et al . Evaluation of the uModel factory software used for the modeling of embedded systems with concurrent states[C]// Proceedings of 2017 IEEE 8th Latin American Symposium on Circuits ＆ Systems (LASCAS). Piscataway:IEEE Press, 2017: 1-4.
[10]	PRZIGODA N , HILKEN C , WILLE R ,et al. Checking concurrent behavior in UML/OCL models[C]// Proceedings of 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS). Piscataway:IEEE Press, 2015: 176-185.
[11]	SHIROLE M , KUMAR R . Test scenario selection for concurrency testing from UML models[C]// Proceedings of 2015 Eighth International Conference on Contemporary Computing (IC3). Piscataway:IEEE Press, 2015: 531-536.
[12]	GADEA C , IONESCU B , IONESCU D . Modeling and simulation of an operational transformation algorithm using finite state machines[C]// Proceedings of 2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI). Piscataway:IEEE Press, 2018: 119-124.
[13]	PAZZI L , PRADELLI M . Modularity and part-whole compositionality for computing the state semantics of statecharts[C]// Proceedings of 2012 12th International Conference on Application of Concurrency to System Design. Piscataway:IEEE Press, 2012: 193-203.
[14]	RAVICHANDRAN K , PANDE S . F2C2-STM:flux-based feedback-driven concurrency control for STMs[C]// Proceedings of 2014 IEEE 28th International Parallel and Distributed Processing Symposium. Piscataway:IEEE Press, 2014: 927-938.
[15]	MEJIA-RICART L , OLMSTED A . Avoiding unnecessary deaths:drag-Back,a deadlock avoidance model[C]// Proceedings of 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST). Piscataway:IEEE Press, 2017: 472-474.
[16]	BAKURA S A , MOHAMMED A . Lock-free hybrid concurrency control strategy for mobile environment[C]// Proceedings of 2014 IEEE 6th International Conference on Adaptive Science ＆Technology (ICAST). Piscataway:IEEE Press, 2014: 1-5.
[17]	RATHNAYAKE A , THIELECKE H . Regular expression matching and operational semantics[J]. Electronic Proceedings in Theoretical Computer Science, 2011,62: 31-45.
[18]	ZENG M , LIU P , MIAO H K . The design and implementation of a modeling tool for regular expressions[C]// Proceedings of 2014 IIAI 3rd International Conference on Advanced Applied Informatics. Piscataway:IEEE Press, 2014: 726-731.
[19]	POURALI P . A user-centric approach to improve the quality of UML-like modeling tools and reduce the efforts of modeling[D]. Waterloo:University of Waterloo, 2020.

处理器	内存	操作系统	备注说明
Intel(R) Core i7-3770 3.40 GHz	8 GB	Windows 10	宿主主机
Intel(R) Core i7-3770 3.40 GHz	4 GB	CentOS7	虚拟主机

软件	版本	测试单元
虚拟化支持	VMware Workstation 16 Pro	主从进程载入正则表达式匹配
C 标准库支持	GNU C Library -GLIBC 2.11	正则表达式匹配引擎
正则表达式匹配库	Perl Compatible Regular Expressions PCRE 8.32-17	正则表达式匹配引擎
正则表达式匹配库	Oniguruma 6.9.6	正则表达式匹配引擎
正则表达式匹配库	SubReg 1.0	正则表达式匹配引擎
正则表达式匹配库	Approximate Regex Matching Engine TRE 0.8.0	正则表达式匹配引擎
正则表达式匹配库	Hyperscan 5.4.0	正则表达式匹配引擎
正则表达式匹配库	International Components for Unicode ICU 66.1	正则表达式匹配引擎
编译器	GNU Compiler Collection 4.8.5 20150623	正则表达式匹配引擎模块编译
跨平台编译器	Cross Platform Make 2.8.12.2	正则表达式匹配引擎模块编译
C++库	Boost 1.63.0	正则表达式匹配引擎模块编译
有限状态机编译器	Ragel State Machine Compiler 6.9	正则表达式匹配引擎模块编译

代号	正则表达式	文本
regexp: 3-text:18	ab+	asdfsdfdsfasfdasff
regexp: 63-text:1	[alw][bmx][cny][doz][ep][fq][gr][hs][it][ju][kv]*[a]+	v
regexp: 63-text:6	[alw][bmx][cny][doz][ep][fq][gr][hs][it][ju][kv]*[a]+	vkvvvv
regexp: 63-text:50	[alw][bmx][cny][doz][ep][fq][gr][hs][it][ju][kv]*[a]+	vkvvvvvvvvvvvvvvvvvv vvvvvvvvvvvvvvvvvvvv vvvvvvvvvv

基于进程通信语义的互联安全控制安全分析和优化

Optimization and Security Analysis of Interconnected Security Control Based on Semantic of Process Communication

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 19

相关文章 1

Metrics

推荐阅读 0