摘要
针对容忍入侵签名系统设计和安全管理问题,提出了一种有效的评估系统可用性的方法。该方法采用随机过程的建模技术,通过建立系统可用性与配置参数及入侵强度之间的定量关系,将系统服务器组由初始完全安全态向失效态转移的渐进过程看作为马尔可夫过程,从而在服务器组构造无关性的假设下,建立了系统配置参数与可用性之间的函数关系,并获得可用性的理论估算。给出了该方法应用的具体步骤,通过仿真实验验证了该方法的有效性。
This paper proposes a practical method for designing and administering the intrusion-tolerant signaturesystem. Due to the difficulty in quantitatively estimating the ability of mobile adversary, the stochastic modelingtechniques are used for depicting the relationships of availability of signature system to the threshold, the number ofthe severs in signature system and the behavior of adversary. Thus, the process of state transition from the securestate to the compromised state can be modeled as a Markov chain. With the state-transition diagram, the availabilityof system is obtained. The performance figures show that the method has good feasibility and effectiveness.
出处
《网络安全技术与应用》
2005年第2期48-50,25,共4页
Network Security Technology & Application
基金
国家自然科学基金重大计划(90204012)
"863"高技术研究发展计划(2002AA143021)
教育部优秀青年教师资助计划
教育部科学技术重点研究项目
总装备部武器装备基金项目资助。
