面向网络架构的系统攻击面建模方法  

作　　者：顾兆军[1,2] 杨睿 隋翯 GU Zhaojun;YANG Rui;SUI He(Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;College of Aeronautical Engineering,Civil Aviation University of China,Tianjin 300300,China)

机构地区：[1]中国民航大学信息安全测评中心,天津300300 [2]中国民航大学计算机科学与技术学院,天津300300 [3]中国民航大学航空工程学院,天津300300

出　　处：《信息网络安全》2022年第3期29-38,共10页Netinfo Security

基　　金：民航安全能力建设基金[PESA2020100,PESA2021007,PESA2021009];中国民航大学研究生科技创新基金[2020YJS030]。

摘　　要：针对空管信息系统与互联网隔离、利用公开发布的漏洞信息不能切实体现网络安全性等问题,文章提出网络架构的空管信息系统风险评估模型。该模型综合各资源组件的端口、协议、数据进行资源节点的攻击面建模,使用贝叶斯网络为资源间的相互关系建立资源图。在上述模型的基础上,融合各资源攻击面与在资源图约束下的脆弱性严重程度为系统攻击面三元组,以表征三维度的威胁程度,计算网络结构的整体风险。在空管自动化系统中进行仿真实验,量化系统在不同攻击路径、不同维度上的威胁情况,多角度、多层次分析网络结构风险情况。实验结果表明,文章提出的系统攻击面风险评估模型具有合理性和实践有效性,为空管信息系统网络安全保障提供了指导性建议,从而在有限条件下最大限度地保障系统安全。Aiming at the problems that the air traffic control information system is isolated from the Internet and the use of public released vulnerability information cannot effectively reflect its network security,this paper proposed a risk measurement model of air traffic management information system at the network level.The dimension of attack surface modeling had ports,protocols,data for each resource component.This model used Bayesian network to represent the relationship among resources to establish resource graph.Each resource component’s attack surface and vulnerability severity based on resource graph were fused into network attack surface triple.It represented the threat level of three dimensions and calculated the overall risk of the network architecture.Simulation experiments were carried out in the air traffic management automation system.Experiments quantified the threat situation of the system in different attack paths and dimensions.Besides,the network structure risk was analyzed from different angles and levels.Experimental results demonstrate the rationality and practical effectiveness of the proposed system attack surface risk assessment method.The attack surface model provides guidance for network security measures of air traffic management information system.Thus,security administrator can maximize system security under finite conditions.

关 键 词：风险评估模型 贝叶斯网络 攻击面测量 空管信息系统 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]