CN114372269A - Risk assessment method based on system network topological structure - Google Patents
Risk assessment method based on system network topological structure Download PDFInfo
- Publication number
- CN114372269A CN114372269A CN202111554251.0A CN202111554251A CN114372269A CN 114372269 A CN114372269 A CN 114372269A CN 202111554251 A CN202111554251 A CN 202111554251A CN 114372269 A CN114372269 A CN 114372269A
- Authority
- CN
- China
- Prior art keywords
- asset
- risk
- information
- vulnerability
- risk assessment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a risk assessment method based on a system network topological structure, which comprises the following steps: step S1: detecting assets, analyzing the returned data packet, finding network assets, collecting asset basic information and constructing a network asset information base; step S2: adding vulnerability information, application information and function information of the assets; step S3: performing comprehensive risk index calculation on a single asset according to the vulnerability information, the application information and the function information of the asset; step S4: drawing assets and connection relations in the system into a network topology structure diagram, and carrying out relevance risk analysis in the topology structure diagram; step S5: and (4) carrying out network attack path risk assessment according to the comprehensive risk index of the assets on the basis of the topological graph. The risk assessment method based on the system network topological structure can realize comprehensive risk assessment aiming at the industrial control system without influencing the system stability, and realize relevance risk analysis and network attack path risk assessment in the topological structure.
Description
Technical Field
The invention relates to the technical field of nuclear power industrial control information safety, in particular to a risk assessment method based on a system network topological structure.
Background
In recent years, due to rapid development of information technology and international environmental changes, network security events are emerging endlessly, and security situations are becoming severe. The network attack aiming at the industrial control system can directly damage and destroy key information infrastructures such as an industrial control system and equipment, influence the operation of industrial production, and form serious threats to the life of people, the economic development, the social stability, the national security and the like.
In consideration of the stability of the operation of the industrial control system, after the operation of a general system, the network security protection upgrading work cannot be performed inside the system, bugs existing in the system cannot be processed in time, and a bug base and a virus base in anti-virus software cannot be updated in time.
In order to improve the network security protection level of an industrial control system and solve the problems of hysteresis and single protection level of the existing protection method, risk assessment needs to be carried out on the industrial control system so as to find and process risk points in the system in time when attack does not occur. The traditional network risk assessment method is not completely suitable for industrial control systems, lacks of multi-device relevance and system integrity analysis, and cannot predict the attack path with the maximum risk so as to carry out targeted protection.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a risk assessment method based on a system network topological structure, which can realize comprehensive risk assessment aiming at an industrial control system without influencing the stability of the system, and realize relevance risk analysis and network attack path risk assessment in the topological structure.
In order to achieve the above purpose, the invention provides the following technical scheme:
a risk assessment method based on a system network topological structure comprises the following steps:
step S1: detecting assets, analyzing the returned data packet, finding network assets, collecting asset basic information and constructing a network asset information base;
step S2: adding vulnerability information, application information and function information of the assets;
step S3: performing comprehensive risk index calculation on a single asset according to the vulnerability information, the application information and the function information of the asset;
step S4: drawing assets and connection relations in the system into a network topology structure diagram, and carrying out relevance risk analysis in the topology structure diagram;
step S5: and (4) carrying out network attack path risk assessment according to the comprehensive risk index of the assets on the basis of the topological graph.
Further, the asset basic information in step S1 includes asset IP, MAC, open port, os type, os version.
Further, in step S1, an active or passive scanning method is used for asset detection.
Further, the vulnerability information in step S2 includes vulnerability names, access modes, access complexity, authentication, privacy impact, available impact, and complete impact of all vulnerabilities in which the asset exists.
Further, the application information in step S2 includes an application name, a port used, whether the application is a security class application, and whether security check is performed.
Further, the step S3 specifically includes the following steps:
step S31: calculating a vulnerability risk index;
step S32: calculating an application risk index;
step S33: calculating a functional risk index;
step S34: and calculating a comprehensive risk index according to the weights of the vulnerability risk index, the application risk index and the functional risk index.
Further, the step S31 is calculated based on the scoring method in CVSS2.0, and the scoring of a single vulnerability is calculated first, and then the vulnerability risk index of the asset is calculated.
Further, the step S32 first calculates a score of a single application according to the high risk port, the security class application, the security check and the weight distribution, and then calculates an application risk index, wherein,
further, the function risk index in the step S33 includes a security-type function.
Further, the step S5 specifically includes the following steps:
step S51: selecting an invaded asset a in the topological graph, and setting the invaded asset a as a starting point of an attack path;
step S52: selecting an asset b connected with the asset a network in the topological graph, and setting the asset b as an end point of an attack path;
step S53: and (3) performing path risk index traversal calculation on all connection paths between the asset a and the asset b, wherein the algorithm is as follows:
compared with the prior art, the risk assessment method based on the system network topology structure has the following beneficial effects:
the risk evaluation method based on the system network topological structure can carry out integral, single-point, associated and independent risk analysis on the nuclear power industrial control system, and can find and process risk points in the system in time when attack does not occur. The problems of hysteresis and single protection level existing in the existing protection method are effectively solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a risk assessment method based on a system network topology according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of 8 assets provided by an embodiment of the present invention;
FIG. 3 is a schematic diagram of an asset information base of the host 1 according to an embodiment of the present invention;
fig. 4 is a network topology structure diagram provided in the embodiment of the present invention.
Detailed Description
Although the risk assessment method based on the system network topology of the present invention can be implemented in many different ways, the exemplary embodiments will be described in detail herein with reference to the accompanying drawings without limiting the scope of the invention to the exemplary embodiments. Accordingly, the drawings and description of the specific embodiments are to be regarded as illustrative in nature, and not as restrictive.
The following is a more detailed description of the present invention by way of specific embodiments.
As shown in fig. 1, the present invention provides a risk assessment method based on a system network topology, which includes the following steps:
step S1: and (3) carrying out asset detection by adopting an active or passive scanning method, analyzing the returned data packet, discovering the network asset, collecting asset basic information and constructing a network asset information base.
The asset basic information includes asset IP, MAC, open port, operating system type, operating system version, etc.
Step S2: and adding vulnerability information, application information and function information of the assets.
The vulnerability information comprises vulnerability names, access modes, access complexity, authentication, confidentiality influence, available influence and complete influence of all vulnerabilities existing in the asset, a plurality of vulnerabilities exist in one asset, and a vulnerability library can be automatically associated according to asset basic information or vulnerability scanning tools are used for collecting vulnerability information.
The application information comprises an application name, a used port, whether the application is a security class application or not and whether security check is performed or not.
Wherein the function information is whether the device is a security class device.
Step S3: and carrying out comprehensive risk index calculation on the single asset according to the vulnerability information, the application information and the function information of the asset.
Step S31: and calculating the vulnerability risk index.
The Vulnerability risk index is calculated based on a Scoring method in CVSS2.0(Common virtualization Scoring System), the Scoring of a single Vulnerability is firstly calculated, then the Vulnerability risk index of the asset is calculated, and the factors influencing the Vulnerability Scoring are as shown in Table 1:
access means-this element reflects the manner of exploitation of the vulnerability. The vulnerability which can be utilized only through local access requires that an attacker has physical access authority of a target system, the score is lowest, the vulnerability which can be utilized through adjacent network access requires that the attacker can access a broadcast domain or a conflict domain of the target system, the score is central, and the score of the vulnerability which can be utilized through a remote mode is highest;
access complexity-this element measures the complexity of the attack required to exploit a vulnerability, for vulnerabilities that can launch attacks without additional steps, such as buffer overflow in Internet services, once a target system is found, the attacker can launch attacks at will, the access complexity is low, the more complex the additional steps required to launch an attack, the greater the exploitation difficulty, the higher the access complexity;
authentication-this element measures the number of times an attacker must authenticate a target asset when exploiting a vulnerability. But the intensity or complexity of the identity verification process is not measured, and the identity verification process is divided into three conditions of multi-factor, single-factor and no authentication;
privacy impact-this element measures the impact of successfully exploited vulnerabilities on target system privacy;
available impact-this element measures the impact of a successfully exploited vulnerability on target system availability;
integrity impact-this element measures the impact of a successfully exploited vulnerability on the integrity of the target system.
TABLE 1 vulnerability element scoring Table
| Element(s) | Selectable value | Scoring |
| Access mode-Access Vector | Local/adjacent/remote | 0.395/0.646/1.0 |
| Access Complexity-Access Complexity | High/medium/low | 0.35/0.61/0.71 |
| Authentication-Authentication | Multifactor/monokine/none | 0.45/0.56/0.704 |
| Privacy impact-ConfImpact | Unaffected/partial/complete | 0.0/0.275/0.660 |
| Available impact-IntegImpact | Unaffected/partial/complete | 0.0/0.275/0.660 |
| Full impact-Avail impact | Unaffected/partial/complete | 0.0/0.275/0.660 |
The calculation rule is as follows:
1) calculating the impact score:
Impact=10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact));
2) calculating an influence factor:
when Impact is 0, f (Impact) is 0,
when impact ≠ 0, f (impact) is 1.176;
3) calculating availability:
Exploitability=20*Access Vector*Access Complexity*Authentication
4) calculating a single vulnerability score:
VulnerabilityScore=((0.6*Impact)+(0.4*Exploitability)-1.5)*f(impact)
the result is one decimal place, see 1, e.g. 1.63 the final result is 1.7;
5) calculating a vulnerability risk index:
the vulnerability risk index is 10, and the score of a single vulnerability in the existing vulnerabilities of the asset is the maximum value;
step S32: and calculating an application risk index.
A single application score was first calculated, having three elements in total (as shown in table 2):
a high risk port — this element measures whether a port used by an application is a high risk port, and common high risk ports include an 8080 port, a 21 port, a 22 port, a 23 port, a 25 port, an 80 port, and the like;
safety application, namely measuring whether the application is a safety application or not, wherein common safety applications comprise antivirus software, host reinforcement software and the like;
security check-this element measures whether the application itself has undergone a security check, such as virus killing, code auditing, etc.
TABLE 2 application factor scoring sheet
| Element(s) | Selectable value | Scoring |
| High risk port-RiskPort | High/low | 1.0/0.1 |
| Security applications SecApp | Yes/unknown/no | 0.2/0.6/1.0 |
| Security check-SecCheck | Yes/unknown/no | 0.3/0.6/1.0 |
Wherein, the Weight distribution-Weight is 0.7, 0.2 and 0.1 respectively.
Calculate individual application scores:
ApplicationScore=10*(RiskPort*0.7+SecApp*0.2+SecCheck*0.1)
the result is rounded off, leaving no decimal place;
calculating an application risk index:
the result is rounded off, leaving no decimal place;
step S33: and calculating a functional risk index.
Functional risk indices share a risk component:
the security function-this element measures whether the asset itself has the security protection function, and the common security protection functions are firewall, intrusion detection, white list, etc.
TABLE 3 functional element scoring sheet
| Element(s) | Selectable value | Scoring |
| Security class function SecFunction | Yes/unknown/no | 3/5/10 |
Calculating a functional risk index:
FunctionScore=10*SecFunction
the result is rounded off, leaving no decimal place;
step S34: and calculating the comprehensive risk index.
Composite risk index ═ VulnerabilityScore: + applicationcore: + FunctionScore ═ functional weight
Default weight distribution: vulnerability 0.7, application 0.2, function 0.1, result rounded up, decimal place not reserved.
Step S4: the assets and the connection relations in the system are drawn into a network topological structure diagram, each asset icon indicates the comprehensive risk index of the asset, and after the comprehensive risk index is completed, the relevance risk analysis in the topological structure diagram can be carried out, for example, when one asset is connected with a plurality of assets or key assets at the same time, the comprehensive risk index of the asset is high, and the need of safety reinforcement on the asset is known to be urgent.
Step S5: further, based on the topological graph, carrying out network attack path risk assessment according to the comprehensive risk index of the assets;
step S51: selecting a possibly invaded asset a in the topological graph, and setting the asset a as a starting point of an attack path;
step S52: selecting an asset b connected with the asset a network in the topological graph, and setting the asset b as an end point of an attack path;
step S53: and (3) performing path risk index traversal calculation on all connection paths between the asset a and the asset b, wherein the algorithm is as follows: (SigmaIntegrated Risk index of assets on Path) ÷ (Total assets number on Path), i.e.
For the condition that a plurality of network reachable paths exist between the starting point and the end point, the path with the highest path risk index is the path with the highest risk when suffering network attack, and is also the attack path which is most possibly selected by an attacker; for the condition that the same end point is different from the starting point, the starting point corresponding to the path with the higher path risk index is the attack entrance which is more likely to be selected by the attacker; for the condition that different end points are the same as the starting point, the end point corresponding to the path with the higher path risk index is the target system which is more likely to be reached by the attack.
Specifically, as shown in fig. 2, 8 assets are discovered by the probe, host 1, host 2, server 1, server 2, server 3, switch, and controller, respectively. As shown in fig. 3, for example, the host 1 is added with vulnerability information, application information, and function information of the asset. The vulnerability database and the vulnerability scanning tool are combined to obtain the following vulnerability information, as shown in table 4, the application information is shown in table 5, and the function information is shown in table 6.
TABLE 4 vulnerability information
TABLE 5 application information
| Application name | Port(s) | Whether a secure class of application | Whether or not to pass safety inspection |
| telnet | 23 | Whether or not | Whether or not |
| mysql | 3306 | Whether or not | Whether or not |
| dns | 53 | Whether or not | Is that |
| ssh | 22 | Whether or not | Is that |
| Flock safety software | 52975 | Is that | Is that |
TABLE 6 functional information
| Asset type | Whether or not to have the safety function |
| Operator station | Whether or not |
And carrying out comprehensive risk index calculation on the single asset according to the vulnerability information, the application information and the function information of the asset:
taking Linux kernel ALSA/dev/snd/timer driver security vulnerability as an example, the scoring elements of the vulnerability are shown in table 7:
TABLE 7 vulnerability Scoring elements
Through the calculation, the method has the advantages that,
Impact=2.86;
f(Impact)=1.176;
Exploitability=3.95;
VulnerabilityScore=2.2
and calculating other 3 vulnerabilities, wherein the scores of the single vulnerabilities are 4.7, 7.3 and 7.3 respectively, and the vulnerability risk index of the available host 1 is 73.
(2) Calculating an application risk index:
taking telnet as an example, the scoring components of this application are shown in table 8:
TABLE 8 application Scoring elements
| Element(s) | Selectable value | Scoring |
| High risk port-RiskPort | Height of | 1.0/0.1 |
| Security applications SecApp | Whether or not | 0.2/0.6/1.0 |
| Security check-SecCheck | Whether or not | 0.3/0.6/1.0 |
| Weight distribution-Weight | Port/security application/security check | 0.7/0.2/0.1 |
Through the calculation, the method has the advantages that,
ApplicationScore=10
the other 4 vulnerabilities are calculated, and the application risk index of the available host 1 is 38 with the individual application scores of 4, and 1, respectively.
(3) Calculating a functional risk index:
FunctionScore=100
the functional risk index of host 1 is 100.
Calculating the comprehensive risk index of the host 1:
combined risk index of 69
The composite risk index for other assets is calculated in the same way.
Step S4, the assets and connection relationships in the system are drawn into a network topology structure diagram, as shown in fig. 4, as can be seen visually from the topology diagram, the server 2 has a higher risk index and is directly connected to the controller, and security reinforcement is required.
Step S5, further, based on the topological graph, according to the comprehensive risk index of the assets, performing network attack path risk assessment:
(1) setting an attack starting point as a host 1, a terminal point as a controller, a path risk index of a path P 'host 1-switch-server 2-controller' as 81.75, and a path risk index of a path Q 'host 1-switch-server 1-controller' as 68.75, so that the possibility that the path P becomes an attack path is higher;
(2) setting an attack starting point as a host 2 and an end point as a controller, selecting a path M with a higher risk path index, namely the path risk index of the host 2, the firewall, the server 3, the switch, the server 2 and the controller, as 63, wherein compared with the path P, the risk index of the path P is larger, and the possibility that an attacker attacks from the host 1 is larger than that from the host 2 for the same end point;
(3) setting the attack starting point as host 1, the end point as host 2, and the risk path index of path N "host 1-switch-server 3-firewall-host 2" as 61.6, the risk index of path P is larger than that of path P, and it can be known that for the same starting point, the possibility that an attacker attacks from host 1 to reach the controller is larger than that to reach host 2.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A risk assessment method based on a system network topological structure is characterized by comprising the following steps:
step S1: detecting assets, analyzing the returned data packet, finding network assets, collecting asset basic information and constructing a network asset information base;
step S2: adding vulnerability information, application information and function information of the assets;
step S3: performing comprehensive risk index calculation on a single asset according to the vulnerability information, the application information and the function information of the asset;
step S4: drawing assets and connection relations in the system into a network topology structure diagram, and carrying out relevance risk analysis in the topology structure diagram;
step S5: and (4) carrying out network attack path risk assessment according to the comprehensive risk index of the assets on the basis of the topological graph.
2. The risk assessment method based on system network topology according to claim 1, wherein said asset basic information in step S1 includes asset IP, MAC, open port, os type, os version.
3. The risk assessment method based on system network topology according to claim 1, wherein the step S1 employs active or passive scanning method for asset detection.
4. The risk assessment method based on system network topology according to claim 1, wherein the vulnerability information in step S2 includes vulnerability names of all vulnerabilities existing in the asset, access mode, access complexity, authentication, privacy impact, available impact, and complete impact.
5. The risk assessment method based on system network topology according to claim 1, wherein the application information in step S2 includes application name, used port, whether it is a security class application, and whether it has undergone security check.
6. The risk assessment method based on the system network topology according to claim 1, wherein the step S3 specifically comprises the following steps:
step S31: calculating a vulnerability risk index;
step S32: calculating an application risk index;
step S33: calculating a functional risk index;
step S34: and calculating a comprehensive risk index according to the weights of the vulnerability risk index, the application risk index and the functional risk index.
7. The risk assessment method based on system network topology according to claim 6, wherein said step S31 is based on the scoring method in CVSS2.0, and first calculates the score of a single vulnerability, and then calculates the vulnerability risk index of the asset.
8. The risk assessment method based on system network topology according to claim 1, wherein said step S32 calculates the score of single application according to the high risk port, security class application, security check and weight distribution, and calculates the application risk index, wherein,
9. the risk assessment method based on system network topology according to claim 1, wherein the functional risk index in step S33 comprises security class function.
10. The risk assessment method based on the system network topology according to claim 1, wherein the step S5 specifically comprises the following steps:
step S51: selecting an invaded asset a in the topological graph, and setting the invaded asset a as a starting point of an attack path;
step S52: selecting an asset b connected with the asset a network in the topological graph, and setting the asset b as an end point of an attack path;
step S53: and (3) performing path risk index traversal calculation on all connection paths between the asset a and the asset b, wherein the algorithm is as follows:
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111554251.0A CN114372269A (en) | 2021-12-17 | 2021-12-17 | Risk assessment method based on system network topological structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111554251.0A CN114372269A (en) | 2021-12-17 | 2021-12-17 | Risk assessment method based on system network topological structure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114372269A true CN114372269A (en) | 2022-04-19 |
Family
ID=81140659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111554251.0A Pending CN114372269A (en) | 2021-12-17 | 2021-12-17 | Risk assessment method based on system network topological structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114372269A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272330A (en) * | 2023-11-22 | 2023-12-22 | 深圳市奥盛通科技有限公司 | Method and system for reinforcing and updating server system |
-
2021
- 2021-12-17 CN CN202111554251.0A patent/CN114372269A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272330A (en) * | 2023-11-22 | 2023-12-22 | 深圳市奥盛通科技有限公司 | Method and system for reinforcing and updating server system |
| CN117272330B (en) * | 2023-11-22 | 2024-03-08 | 深圳市奥盛通科技有限公司 | Method and system for reinforcing and updating server system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Banerjee et al. | A blockchain future for internet of things security: a position paper | |
| US10587640B2 (en) | System and method for attribution of actors to indicators of threats to a computer system and prediction of future threat actions | |
| Allodi et al. | Security events and vulnerability data for cybersecurity risk estimation | |
| CN108092948B (en) | Network attack mode identification method and device | |
| US10708290B2 (en) | System and method for prediction of future threat actions | |
| CN111490970A (en) | Tracing analysis method for network attack | |
| US8683585B1 (en) | Using file reputations to identify malicious file sources in real time | |
| US20080209566A1 (en) | Method and System For Network Vulnerability Assessment | |
| CN113326514B (en) | Risk assessment method and device for network assets, switch, equipment and server | |
| US10972490B2 (en) | Specifying system, specifying device, and specifying method | |
| KR101893253B1 (en) | Apparatus and Method for estimating automated network penetration path based on network reachability | |
| Palmieri et al. | Automatic security assessment for next generation wireless mobile networks | |
| CN110868403B (en) | Method and equipment for identifying advanced persistent Attack (APT) | |
| CN110874470A (en) | Method and device for predicting network space security based on network attack | |
| Nguyen et al. | DGA botnet detection using collaborative filtering and density-based clustering | |
| Wang et al. | Threat Analysis of Cyber Attacks with Attack Tree+. | |
| CN114372269A (en) | Risk assessment method based on system network topological structure | |
| Moon et al. | Hybrid attack path enumeration system based on reputation scores | |
| JP6592196B2 (en) | Malignant event detection apparatus, malignant event detection method, and malignant event detection program | |
| Nebbione et al. | A Methodological Framework for AI-Assisted Security Assessments of Active Directory Environments | |
| Shafee | Botnets and their detection techniques | |
| Choi et al. | Understanding Internet of Things malware by analyzing endpoints in their static artifacts | |
| Chiba et al. | Botprofiler: Profiling variability of substrings in http requests to detect malware-infected hosts | |
| Saini et al. | Vulnerability and Attack Detection Techniques: Intrusion Detection System | |
| Anwar et al. | Understanding internet of things malware by analyzing endpoints in their static artifacts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |