检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:吴铤[1,2] 胡程楠 陈庆南 陈安邦 郑秋华 WU Ting;HU Chengnan;CHEN Qingnan;CHEN Anbang;ZHENG Qiuhua(School of Cyberspace Security,Hangzhou Dianzi University,Hangzhou 310018,China;Hangzhou Innovation Institute,Beihang University,Hangzhou 310051,China)
机构地区:[1]杭州电子科技大学网络空间安全学院,浙江杭州310018 [2]北京航空航天大学杭州创新研究院,浙江杭州310051
出 处:《通信学报》2021年第3期122-134,共13页Journal on Communications
基 金:浙江省重点研发计划基金资助项目(No.2020C01078,No.2019C01012,No.2017C01062)。
摘 要:针对DHR系统服务体在面临共同漏洞时的系统脆弱性问题,提出了一种改进的DHR架构——IDHR。该架构在DHR的基础上,首先引入根据执行体间的异构性对执行体集进行划分的执行体划分模块,以极大增强各执行体池之间的异构性。在此基础上,改进调度模块中的动态选择算法,即采用先随机选择执行体池,再从执行体池中随机选择执行体的方式,以提高在共同漏洞下DHR系统的安全性。最后,通过随机模拟执行体和仿真Web服务器2种实验方案,从攻击成功率和被控制率2个方面对所提IDHR架构进行安全性评估。实验结果表明,IDHR架构的安全性,尤其是在共同漏洞未知情况下,明显优于传统DHR架构。Aiming at the security problem when servants are faced with common vulnerabilities,an improved DHR architecture called IDHR was proposed.On the basis of DHR,an executor-partition module that divided the executor-set to several executor pools by the heterogeneity among the executors was introduced to improve the heterogeneity among the executor pools.Moreover,the scheduling algorithm was improved by choosing executor pools randomly at first,and then choosing the executors from these pools randomly.Finally,through two experimental schemes of random simulation and Web server emulation,the security evaluation of the proposed IDHR architecture was carried out from two aspects of attack success rate and control rate.Experimental results show that the security of the IDHR architecture,especially when the common vulnerability is unknown,is significantly better than the traditional DHR architecture.
关 键 词:拟态防御 拟态系统架构 动态异构冗余 安全性分析
分 类 号:TP309.1[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145