摘要
基于BGP协议构造的域间路由系统是因特网的基础设施。域间路由系统面临多种恶意攻击的威胁且易受人为错误的影响。本文提出BGP攻击树(Attack-Tree)模型,并应用该模型构造域间路由系统的安全性测试套件,不但能够全面地对BGP进行安全性测试,而且便于测试案例的生成和系统实现。测试过程就是对树的标记过程,本文为此提出了着色算法。利用生成的测试案例,对BGP目标系统进行安全测试实验。结果表明,这种方法能有效地发现BGP潜在的安全漏洞,为ISP运营商增强路由系统安全提供依据。
The inter-domain routing system based on BGP is the key routing infrastructure in the Internet. However, it is prone to imprudence errors and is menaced by many aggressive attacks. In this paper, we introduce an attack-tree model of BGP, and design a testing suite which can use the model to identify the vulnerability of the inter-domain routing system. The key part of the testing procedure is the process of marking attack-trees, and we present a coloring algorithm to solve it. The model can not only test the security of 13GP comprehensively, but also facilitate the generation of testing-cases and the implementation of systems. Using the generated testing-cases, we test the security of a target BGP system and the results indicate that this method can effectively expose the vulnerabilities of BGP, which helps ISP enhance routing systems.
出处
《计算机工程与科学》
CSCD
2006年第8期14-16,29,共4页
Computer Engineering & Science
基金
国家自然科学基金资助项目(90204005)
国家863计划资助项目(2005AA121570)
现代通信国家重点实验室基金资助项目(51436050605KG0102)
