摘要
OpenVPN在现实网络中有广泛应用,对其安全性进行评估具有重要的现实意义.基于自动机理论中模型学习的方法,利用协议状态模糊测试的技术对OpenVPN系统进行黑盒测试分析,自动化推演出目标OpenVPN系统的状态机.提出了状态机时间压缩模型并进行冗余状态和迁移化简,可以准确得到协议状态机中的行为特征.发现了多条期望行为路径外的特别行为路径及可能的安全隐患,为OpenVPN的安全性评估提供了新的思路与方法,同时对类似缺少协议规范但应用广泛的安全协议的内部设计细节分析具有重要参考意义.
OpenVPN is widely used in the real network,the assessment of its security has important practical significance.In this study,technology of state fuzzing is used to carry out black box test on OpenVPN implementation to infer state machine of the target system automatically based on model learning method in automata theory.Time compression model is proposed and state machine of OpenVPN is simplified to remove the redundant states and transitions.Then,the behavior characteristics of the protocol state machine will be obtained accurately to discover a number of special behavior paths and potential security risks outside the expected behavior path.It provides a new idea for the security evaluation of OpenVPN and has important significance for obtaining the internal design details of similar security protocols with little specification but widely used.
作者
申莹珠
顾纯祥
陈熹
张协力
卢政宇
SHEN Ying-Zhu;GU Chun-Xiang;CHEN Xi;ZHANG Xie-Li;LU Zheng-Yu(Information Engineering University,Zhengzhou 450001,China;He’nan Key Laboratory of Network Cryptography Technology,Zhengzhou 450001,China)
出处
《软件学报》
EI
CSCD
北大核心
2019年第12期3750-3764,共15页
Journal of Software
基金
国家自然科学基金(61502533)
河南省自然科学基金(162300410335)~~
关键词
OPENVPN
模型学习
状态模糊测试
脆弱性分析
时间压缩模型
OpenVPN
model learning
protocol state fuzzing
vulnerability analysis and detection
time compression model
