关键词: 攻击树 边界网关协议（BGP） 域间路由系统 测试

Abstract:

The inter-domain routing system based on BGP is the key routing infrastructure in the Internet. However, it is prone to imprudence errors and is menaced by many aggressive attacks. In this paper, we introduce an attack-tree model of BGP, and design a testing suite which can use the model to identify t he vulnerability of the inter-domain routing system. The key part of the testing procedure is the process of marking attack-trees, and we present a colo  ring algorithm to solve it. The model can not only test the security of 13GP comprehensively, but also facilitate the generation of testing-cases and the implementation of systems. Using the generated testing-cases, we test the security of a target BGP system and the results indicate that this method can effectively expose the vulnerabilities of BGP, which helps ISP enhance routing systems.

Key words: attack tree, border gateway protocol（BGP）, inter-domain routing system, test