摘要
web服务器拟态防御原理验证系统是基于拟态防御原理的新型web安全防御系统,利用异构性、冗余性、动态性等特性阻断或扰乱网络攻击,以达成系统安全风险可控的要求。针对传统的测试方法实施于web服务器拟态防御原理验证系统中存在不足、不适应复杂安全功能测试以及难以实现准确度量等问题,本文提出了适用于拟态防御架构的web服务器测试方法,基于让步规则改进了灰盒测试,还丰富了漏洞和后门利用复杂度的含义。并以此为基础设计适于该系统的测试方案、测试原则和测试方法,在性能、兼容性、功能实现、HTTP协议一致性,安全性这些方面进行了全面的测试和分析。
Prototype of mimic defense in web servers is a new type of web security defense system based on mimic security defense theory, which makes use of heterogeneity, redundancy, dynamic and other characteristics to block or disrupt the network attacks, in order to achieve the requirement of controlling system security risk. The traditional web services testing methods are inadequate and do not meet the complex security testing requirements and have difficulty in accurate measurement. This paper presents a web services testing method which is applicable to mimic defense architecture, improve gray-box testing method based on concession rule and enriches the meaning of exploiting complexity of vulnerability and back door. Based on this, this paper puts forward the test projects, test principles and test methods for the newly system. It covers comprehensive test and analysis on aspects of performance, compatibility, function, HTTP protocol conformance, security.
作者
张铮
马博林
邬江兴
ZHANG Zheng MA Bolin WU Jiangxing(State key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China)
出处
《信息安全学报》
CSCD
2017年第1期13-28,共16页
Journal of Cyber Security
基金
国家重点研发计划(2016YFB0800104)
上海市科学技术委员会科研计划项目(14DZ1105300)
国家自然科学基金(61572520)资助
关键词
拟态防御原理
灰盒测试
利用复杂度
测试原则
测试用例
测试分析
测试
Micmic defense theory
Gray-Box testing method
exploiting complexity
test principle
test case
test analysis
test