检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:陈扬 扈红超[1] 刘文彦 霍树民 梁浩 CHEN Yang;HU Hongchao;LIU Wenyan;HUO Shumin;LIANG Hao(National Digital Switching System Engineering & Technological R&D Center, Zhangzhou 450002, Chin)
机构地区:[1]国家数字交换系统工程技术研究中心,河南郑州450002
出 处:《网络与信息安全学报》2018年第5期1-9,共9页Chinese Journal of Network and Information Security
基 金:国家自然科学基金资助项目(No.61602509);国家自然科学基金创新群体资助项目(No.61521003);国家重点研发计划基金资助项目(No.2016YFB0800100;No.2016YFB0800101)~~
摘 要:拜占庭系统被广泛应用于提高云平台的入侵容忍能力。但现阶段的拜占庭系统难以有效防御一种潜伏式攻击,即攻击者通过累积控制个数超过容忍上限的执行体来破坏拜占庭系统。针对此问题提出云环境下具有动态异构性质的拜占庭系统,即将拜占庭系统中的执行体进行最大化多样性配置,同时利用系统漏洞和攻击技能水平来衡量执行体生命周期,将执行体进行动态轮换。仿真结果表明,提出的动态异构拜占庭系统能有效提升系统安全性。In order to improve the intrusion tolerance performance of cloud platforms, the Byzantine system model has been widely used. But the current Byzantine system is difficult to prevent a latent attack effectively, which can destroy the Byzantine system by accumulating the number of executive modules which the attacker controls and making it exceed the tolerance upper limit. To solve the problem, a dynamic and heterogeneous Byzantine system was proposed. In which the executive modules were maximized diversified in configurations such as different operating systems and so on. Meanwhile, every executive module was assigned a lifetime based on the attacker's ability and the vulnerabilities of the module. The novel system can significantly enhance the intrusion tolerance of the cloud service by diverse and dynamic attack surface, which is verified by simulations.
关 键 词:动态异构 拜占庭 入侵容忍 攻击面 平均攻击时间
分 类 号:TP302.8[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7