摘要
拜占庭系统被广泛应用于提高云平台的入侵容忍能力。但现阶段的拜占庭系统难以有效防御一种潜伏式攻击,即攻击者通过累积控制个数超过容忍上限的执行体来破坏拜占庭系统。针对此问题提出云环境下具有动态异构性质的拜占庭系统,即将拜占庭系统中的执行体进行最大化多样性配置,同时利用系统漏洞和攻击技能水平来衡量执行体生命周期,将执行体进行动态轮换。仿真结果表明,提出的动态异构拜占庭系统能有效提升系统安全性。
In order to improve the intrusion tolerance performance of cloud platforms, the Byzantine system model has been widely used. But the current Byzantine system is difficult to prevent a latent attack effectively, which can destroy the Byzantine system by accumulating the number of executive modules which the attacker controls and making it exceed the tolerance upper limit. To solve the problem, a dynamic and heterogeneous Byzantine system was proposed. In which the executive modules were maximized diversified in configurations such as different operating systems and so on. Meanwhile, every executive module was assigned a lifetime based on the attacker's ability and the vulnerabilities of the module. The novel system can significantly enhance the intrusion tolerance of the cloud service by diverse and dynamic attack surface, which is verified by simulations.
作者
陈扬
扈红超
刘文彦
霍树民
梁浩
CHEN Yang;HU Hongchao;LIU Wenyan;HUO Shumin;LIANG Hao(National Digital Switching System Engineering & Technological R&D Center, Zhangzhou 450002, Chin)
出处
《网络与信息安全学报》
2018年第5期1-9,共9页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61602509)
国家自然科学基金创新群体资助项目(No.61521003)
国家重点研发计划基金资助项目(No.2016YFB0800100
No.2016YFB0800101)~~
关键词
动态异构
拜占庭
入侵容忍
攻击面
平均攻击时间
dynamic heterogeneous
Byzantine
intrusion tolerance
attack surface
MTTC
