J4 ›› 2006, Vol. 28 ›› Issue (8): 14-16.
• 论文 • 上一篇 下一篇
念其锋[1,2] 蔡开裕[2] 杜秀春[2]
出版日期:
发布日期:
Online:
Published:
摘要:
基于BGP协议构造的域间路由系统是因特网的基础设施。域间路由系统面临多种恶意攻击的成胁且易受人为错误的影响。本文提出BGP攻击树(Attack-Tree)模型,并应用该模型构造域间路由系统的安全性测试套件,不但能够全面地对BGP进行安全性测试,而且便于测试案例的生成和系统实现。测试过程就是对树的标记过程,本文为此提出了着 色算法。利用生成的测试案例,对BGP目标系统进行安全测试实验。结果表明,这种方法能有效地发现BGP潜在的安全漏洞,为ISP运营商增强路由系统安全提供依据。
关键词: 攻击树 边界网关协议(BGP) 域间路由系统 测试
Abstract:
The inter-domain routing system based on BGP is the key routing infrastructure in the Internet. However, it is prone to imprudence errors and is menaced by many aggressive attacks. In this paper, we introduce an attack-tree model of BGP, and design a testing suite which can use the model to identify t he vulnerability of the inter-domain routing system. The key part of the testing procedure is the process of marking attack-trees, and we present a colo ring algorithm to solve it. The model can not only test the security of 13GP comprehensively, but also facilitate the generation of testing-cases and the implementation of systems. Using the generated testing-cases, we test the security of a target BGP system and the results indicate that this method can effectively expose the vulnerabilities of BGP, which helps ISP enhance routing systems.
Key words: attack tree, border gateway protocol(BGP), inter-domain routing system, test
念其锋[1,2] 蔡开裕[2] 杜秀春[2]. 基于攻击树的边界网关协议安全测试[J]. J4, 2006, 28(8): 14-16.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://joces.nudt.edu.cn/CN/
http://joces.nudt.edu.cn/CN/Y2006/V28/I8/14