CN102104609A - Method for analyzing safety defect of network protocol - Google Patents
Method for analyzing safety defect of network protocol Download PDFInfo
- Publication number
- CN102104609A CN102104609A CN2011100650631A CN201110065063A CN102104609A CN 102104609 A CN102104609 A CN 102104609A CN 2011100650631 A CN2011100650631 A CN 2011100650631A CN 201110065063 A CN201110065063 A CN 201110065063A CN 102104609 A CN102104609 A CN 102104609A
- Authority
- CN
- China
- Prior art keywords
- rule
- procotol
- attack
- knowledge base
- based knowledge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for analyzing the safety defect of a network protocol, and relates to the field of safety software engineering. The method comprises the following steps of: analyzing and summarizing the network protocol, and extracting resources, behaviors and harms of the protocol to model the network protocol so as to form an attack rule graph; analyzing all combinations of nodes and parameters in the attack rule graph according to the attack rule graph, and finding out at least one potential attack model; improving a rule knowledge library by using a reasoning mode; and formalizing the attack model in the improved rule knowledge library to establish an alleviation scheme corresponding to the attack model, and finally generating a network protocol attack analysis report. The method provided by the invention is more intelligent; on the protocol modeling aspect, the protocol can be better understood by a computer so as to extract effective information; and the background reasoning is performed based on the rule knowledge library, so that the shortcoming of the prior art is overcome, and the demand in actual application can be met.
Description
Technical field
The present invention is based on the fail-safe software engineering, be particularly related to a kind of procotol safety defect analytical method, this method is at the safety defect and the attack of procotol, proposition is attacked discovery based on the formalization analysis method of Protocol Modeling, by procotol being carried out the formalization modeling of bottom, the reasoning of utilization artificial intelligence field in conjunction with knowledge rule, is obtained the defective and the corresponding attack mode of agreement.
Background technology
Procotol is the control computer carries out information exchange on Network Transfer Media rule and an agreement.In computer network, two entities that intercom mutually are in different geographical position, and two entities intercom mutually, and the action of coordinating them by exchange message reaches synchronously it, and information exchange must be according to the process of appointing jointly in advance.Procotol generally comprises three elements: grammer, semanteme and synchronous.Existing procotol is the skeleton of whole the Internet, is the basis of internet communication, and the fail safe of procotol is directly restricting the coefficient of safety of network environment.At present the formalization modeling of procotol is mainly used in the checking of procotol, comprehensive, test and agreement realization etc.The consistency of procotol is by carrying out the formalization modeling to procotol, can allow computer better understand procotol, and can be accurately and describe the function of procotol completely, on formalized model, add factor of safety, can carry out safe consideration to procotol, thereby improve the fail safe of procotol.Existing formalization modeling to procotol mainly contains FSM (Finite State Machine, finite-state automata) modeling, the modeling of Petri net, temporal logic modeling and communication process calculation.Wherein, the FSM modeling pattern is most popular at present, and basic thought is that component states in the procotol and state exchange thereof are analyzed, and carries out safe analysis and checking on this basis.By to the FSM model extension, add particular community and finish replenishing of protocol information to reach the modeling purpose of characteristic.The Petri net is a kind of mathematical modeling language of describing distributed system, usually comes state that define system had and the transition condition between the state with position and migration form.The temporal logic modeling is the expansion of the logic of modality, and it relates to proposition, predicate and the calculation of the time, state and the relation thereof that contain temporal information.The communication process calculation is the basic theories model of computer communication system, and it is the basis of many formalization language.
Existing threat analysis method mainly is the BAN logic, the BAN logic is the logic to ecommerce protocal analysis and checking, can be used for describing and the authentication verification agreement, be by Michael Burrows at first, and Martin Abadi and Roger Needham are in the logic of modality of exploitation in 1989.When using the BAN logic to carry out protocal analysis, at first need formula that the message of agreement " is idealized " and can be discerned for the BAN logic, carry out rational initialization hypothesis more as the case may be, utilize the inference rule of logic then, carry out reasoning according to idealized agreement and initialization hypothesis, infer that agreement can reach re-set target.
The inventor finds that there is following shortcoming at least in prior art in realizing process of the present invention:
The BAN logic lack explication semantic basis, original hypothesis determine do not have formalization, idealized step do not have formalization.
Summary of the invention
In order to overcome deficiency of the prior art, satisfy the needs in the practical application, the invention provides a kind of procotol safety defect analytical method, see for details hereinafter and describe:
A kind of procotol safety defect analytical method said method comprising the steps of:
(1) procotol is summarized and analyze, extract the related resource of procotol, behavior and harm, described resource, described behavior and described harm are summarized and abstract, obtain procotol knowledge;
(2) according to described procotol knowledge, take out rule-based knowledge base;
(3) according to the rule in the described rule-based knowledge base, described resource, described behavior, described harm are made up, carry out fine-grained modeling, form and attack rule schema; Described attack rule schema is analyzed, the optional parameters of all nodes in the described attack rule schema is selected successively, form at least one potential attack mode;
(4) adopt the automated reasoning mode in described rule-based knowledge base, described at least one potential attack mode to be searched for, judge whether to exist described potential attack mode, if flow process finishes; If not, execution in step (5);
(5) described potential attack mode is joined described rule-based knowledge base, improve described rule-based knowledge base, obtain the rule-based knowledge base after improving;
(6) resource, behavior and attack mode in the rule-based knowledge base after described the improving are carried out the formalization definition, obtain the corresponding data of procotol; And determine and described attack mode relaxes scheme accordingly by described attack mode;
(7) the corresponding data of described procotol, described mitigation scheme are input in the security knowledge base in the unified software model, and generate procotol and attack analysis report, flow process finishes.
Described in the step (6) resource, behavior and attack mode in the rule-based knowledge base after described the improving are carried out the formalization definition, obtain the corresponding data of procotol, be specially:
Resource, behavior and attack mode in the rule-based knowledge base after adopting the Z specification language to described improving carry out the formalization definition, obtain the corresponding data of described procotol.
The beneficial effect of technical scheme provided by the invention is:
The invention provides a kind of procotol safety defect analytical method, the present invention analyzes and sums up procotol, extracts resource, behavior and the harm of agreement, carries out the procotol modeling, has formed the attack rule schema; According to attacking rule schema, node and all combinations of parameter of attacking in the rule schema are analyzed, find the attack model that at least one is potential, adopt the mode of reasoning to improve rule-based knowledge base, to the attack model formalization in the rule-based knowledge base after improving, foundation and attack mode relax scheme accordingly, have finally generated procotol and have attacked analysis report; The aspect that the present invention considers is bottom more, attack aspect procotol is found and is analyzed, will be according to the information in the potential attack model, the binding rule knowledge base is carried out reasoning, when the aspect of modeling and reasoning more bottom the time, reasoning is just more powerful, has constantly improved rule-based knowledge base; Method provided by the invention is intelligence more, aspect Protocol Modeling, allows computer understand agreement more, extracts effective information, and reasoning rule-based knowledge base in backstage has overcome deficiency of the prior art, has satisfied the needs in the practical application.
Description of drawings
Fig. 1 is attack discovery provided by the invention and analysis framework figure;
Fig. 2 is the flow chart of procotol safety defect analytical method provided by the invention;
Fig. 3 is the model of procotol rule provided by the invention;
Fig. 4 is RIP protocol attack discovery provided by the invention and analysis rule figure;
Fig. 5 is the schematic diagram of the attack path discover method in rule-based storehouse provided by the invention;
Fig. 6 is the schematic diagram of RIP precedence diagram provided by the invention modeling;
Fig. 7 describes the result schematic diagram of fragment for the Z specification language of precedence diagram provided by the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
In order to overcome deficiency of the prior art, satisfy the needs in the practical application, the embodiment of the invention provides a kind of procotol safety defect analytical method, referring to Fig. 1 and Fig. 2, sees for details hereinafter and describes:
101: procotol is summarized and analyzed, extract the related resource of procotol, behavior and harm, resource, behavior and harm are summarized and abstract, obtain procotol knowledge;
From procotol, sum up related resource, behavior and harm.Procotol varies owing to its function is different, and network attack is also therefore of all kinds, but the thinking of many network attacks is similar, and the attack method that is adopted is close, can be extracted the attack mode into negligible amounts.As a same reason,, these information are summarized and analyzed, draw procotol knowledge, help the modeling of procotol attack mode like this because the number of types of the harm that the employed resource of procotol, the action of sending and attack cause is limited.
Wherein, procotol knowledge is the data source of attacking discovery and analysis theories, mainly is the procotol of RFC (Request For Comments requests for comments) statement and the application that realizes these procotols, and procotol knowledge is theoretical data basis.
102:, take out rule-based knowledge base according to procotol knowledge;
Rule-based knowledge base is by classification, arrangement, refinement and abstract to procotol knowledge, extracts procotol relevant protocol resource storehouse, behavior storehouse and rule base.Wherein, the protocol resource storehouse comprises the network data that relates in the procotol, as an IP address, and a message, the process pool of server etc.; The behavior storehouse is the relevant assembly of procotol and uses carry out mutual, as checking message, response message etc.; Rule base is to be used for the content of Internet resources and network behavior is described, because carry out in the mutual process at networking component, tend to relate to the network data of a part, so network behavior often is attended by Internet resources, and has the relation of reckoning between the behavior, be that some network behavior concerns the behavior that can infer next step by And and Or, and rule base is used for this two-part content is described exactly.
103: according to the rule in the rule-based knowledge base, the resource that procotol is related, behavior and harm are made up, and carry out fine-grained modeling, form to attack rule schema; Analyze attacking rule schema, the optional parameters of attacking all nodes in the rule schema is selected successively, form at least one potential attack mode;
Wherein, carry out fine-grained modeling after, the attack rule schema of formation can be understood as the abstract of at least one attack mode, attacking the path that the parameter in the rule schema determines all is potential attack mode.Rule that extracts and the behavior of analyzing are stored in the rule-based knowledge base, as the support of inference step.
104: adopt the automated reasoning mode in rule-based knowledge base, at least one potential attack mode to be searched for, judge whether to exist potential attack mode, if flow process finishes; If not, execution in step 105;
105: potential attack mode is joined rule-based knowledge base, improve rule-based knowledge base, obtain the rule-based knowledge base after improving;
Wherein, for example: in step 103, formed five potential attack modes, be respectively the first potential attack mode, the second potential attack mode, the 3rd potential attack mode, the 4th potential attack mode and the 5th potential attack mode, whether search exists one or more in five potential attack modes in rule-based knowledge base, if five potential attack modes are all in rule-based knowledge base, then, flow process finishes; If one or more in five potential attack modes then, join it in rule-based knowledge base not in rule-based knowledge base, improve rule-based knowledge base, obtain the rule-based knowledge base after improving.For example: the first potential attack mode and the second potential attack mode are in rule-based knowledge base, the 3rd potential attack mode, the 4th potential attack mode and the 5th potential attack mode do not have in rule-based knowledge base, then the 3rd potential attack mode, the 4th potential attack mode and the 5th potential attack mode joined in the rule-based knowledge base, obtain the rule-based knowledge base after improving.
106: resource, behavior and attack mode in the rule-based knowledge base after improving are carried out the formalization definition, obtain the corresponding data of procotol; And determine and attack mode relaxes scheme accordingly by attack mode;
Wherein, the embodiment of the invention is carried out the preferred Z of employing of formalization definition specification language to resource, behavior and attack mode in the rule-based knowledge base after improving and is carried out the formalization definition, the Z specification language be a kind of be the specification language of main theoretical basis with the first order predicate calculus, it is a kind of functional language, the Z specification language can clearly be described the state variation of procotol, more helps extracting the effective information that agreement can realize.During specific implementation, can also be other language, the embodiment of the invention does not limit this.
107: the corresponding data of procotol, mitigation scheme are input in the security knowledge base in the unified software model, and generate procotol and attack analysis report.
Wherein, the corresponding data of procotol are input in the security knowledge base in the unified software model are convenient to later attack and defects detection, the procotol that generates is attacked analysis report transfer to relevant design developer use, satisfied the needs in the practical application.Wherein, according to the definition of software life-cycle, unified software model comprises: requirement section, design part and realization part, wherein, requirement section is made up of with illustration, activity diagram and state diagram UML, and activity diagram and state diagram are as UML the additional of illustration, the multidate information in the description demand; Design part is made up of precedence diagram and formalization language, is least unit with the functional unit, and precedence diagram is as framework, has described and has finished the corresponding functional unit that preset function need call and call rule; The formalization language has increased the semantic information of functional unit by formal description; Realize partly forming, and satisfy the formalization language description by the programming language code unit of realizing functional unit.
The feasibility of a kind of procotol safety defect analytical method that the embodiment of the invention provides is described with a specific embodiment below, wherein, the formalization language is an example with the Z specification language, procotol is with RIP (Routing information Protocol)) agreement is that example is described, sees for details hereinafter to describe;
In carrying out procotol RIP analytic process, find four kinds of common attack patterns of RIP altogether, referring to Fig. 3,, extract the Internet resources and the network behavior that relate in the procotol by abstract modeling to these attack modes, and brass tacks.With these resources, compositional modeling is carried out in behavior by the rule in the rule-based knowledge base, can access the rule schema of the RIP after shown in Figure 4 the improving.
The attack of the procotol of rule-based knowledge base is found
(1) Organization Chart and principle explanation
Input: the Z specification language of precedence diagram and precedence diagram is described
Output: procotol is attacked analysis report
Process: in actual development process, 1. describe procotol by precedence diagram; 2. use the Z specification language to come this precedence diagram is carried out extended description; 3. resolve this Z specification language, extract the expressed sequence of events of precedence diagram; 4. bring into and carry out reasoning in the rule-based knowledge base, find out all potential attack modes; 5. generate procotol and attack analysis report, as shown in Figure 5.
(2) attack the process of discovery
Describe by the RIP agreement being carried out precedence diagram, obtain precedence diagram shown in Figure 5;
Precedence diagram shown in Figure 6 is carried out the Z specification language describe, get access to Z specification language fragment as shown in Figure 7;
After obtaining the Z specification language description of precedence diagram, need extract sequence of events by means of the constructed rule-based knowledge base in front:
TransitPacket(RIP_Request)
Filter(Packet)
Encapsulate(Packet)
TransitPacket(RIP_Response)
Filter(Packet)
Update(RoutingTable)
TransitPacket(RIP_Request)
Filter(Packet)
Encapsulate(Packet)
TransitPacket(RIP_Response)
Filter(Packet)
Update(RoutingTable)
Broadcast(RIP_Response)
Filter(Packet)
Update(RoutingTable)
Add(Invalidation_Timer)
UpdateTable(Metric)
DeleteRoute(Metric)
Rule-based knowledge base is carried out analysis ratiocination
The incident that extracts is brought in the attack rule schema, judge whether these event sets can satisfy an attack path.
Generate procotol and attack analysis report:
1:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(RIPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Host)
Describe in detail: under incredible network environment, do not have authentic Request packet, cause incredible packet to the router transmission that moves the RIP agreement; The packet that sends is insincere, causes the RIP packet of forging; Use the RIP packet of forging, router upgrades the jumping figure of routing table, causes the main frame of forging.
2:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(Response);
Fake(Response)[true];RoutingUpdate(Metric)[true];->Disorder(RoutingTable)
Describe in detail: under incredible network environment, do not have authentic Request packet, cause incredible packet to the router transmission that moves the RIP agreement; The packet that sends is insincere, causes the Response packet of forging; Use the Response packet of forging, router upgrades the jumping figure of routing table, causes the routing table disorder.
3:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(520UDPP?acket);
Untrustworthy(Packet)[true];->Fake(520UDPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Route);
Fake(Route)[true];->Broadcast(RoutingPacket);
Broadcast(RoutingPacket)[true];Filter(RoutingPacket)[false];->Exhaust(Bandwidth)
Describe in detail: under incredible network environment, do not have authentic Request packet, cause the incredible UDP message bag that sends by 520 ports to the router transmission that moves the RIP agreement; Insincere from the UDP message bag that 520 ports send, cause the UDP message bag of forging; Use the UDP message bag of 520 ports of forging, router upgrades routing table, causes the router of forging; Use the router of forging to cause broadcasting a large amount of routing update information, these routing update information are not filtered, and cause the network bandwidth to exhaust.
(3) interpretation of result
1:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(RIPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Host)
Describe in detail: under incredible network environment, do not have authentic Request packet, cause incredible packet to the router transmission that moves the RIP agreement; The packet that sends is insincere, causes the RIP packet of forging; Use the RIP packet of forging, router upgrades the jumping figure of routing table, causes the main frame of forging.
This record description the attack method of a forgery main frame: the assailant often attacks the router that has used initial RIP agreement.The assailant can the data falsification bag, notify its main frame of each router to have the path of the fastest connection network-external, the packet that need send out from that network all can be through assailant's main frame like this, and these packets both can the victim inspection, also can be modified.
2:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(Response);
Fake(Response)[true];RoutingUpdate(Metric)[true];->Disorder(RoutingTable)
Describe in detail: under incredible network environment, do not have authentic Request packet, cause incredible packet to the router transmission that moves the RIP agreement; The packet that sends is insincere, causes the Response packet of forging; Use the Response packet of forging, router upgrades the jumping figure of routing table, causes the routing table disorder.
This record description an attack method that makes the routing table disorder of router: the router of an operation RIP agreement, if receive route updating packet from interface, router will be analyzed this message.If the routing iinformation of this message is more effective than the original routing iinformation of router, router will be introduced the routing iinformation of message in the routing table of oneself.The assailant can utilize this defective of RIP agreement, send the destructive route updating packet of forging that has to router, because the RIP agreement does not have built-in authentication mechanism, router can think that these messages are safe, the easy like this routing table disorder that makes router, thus cause network to interrupt.
3:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(520UDPPacket);
Untrustworthy(Packet)[true];->Fake(520UDPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Route);
Fake(Route)[true];->Broadcast(RoutingPacket);
Broadcast(RoutingPacket)[true];Filter(RoutingPacket)[false];->Exhaust(Bandwidth)
Describe in detail: under incredible network environment, do not have authentic Request packet, cause the incredible UDP message bag that sends by 520 ports to the router transmission that moves the RIP agreement; Insincere from the UDP message bag that 520 ports send, cause the UDP message bag of forging; Use the UDP message bag of 520 ports of forging, router upgrades routing table, causes the router of forging; Use the router of forging to cause broadcasting a large amount of routing update information, these routing update information are not filtered, and cause the network bandwidth to exhaust.
This record description the attack method that the network bandwidth is exhausted: assailant's main frame sends the UDP message by 520 ports, assailant's main frame will be by as a router so, thereby this main frame sends broadcast message just can for other routers, the assailant can utilize this defective to attack like this, send a large amount of broadcast messages, because broadcast message will expend the bandwidth of a large amount of preciousnesses, can cause network congestion like this.By above-mentioned test and analysis, verified the feasibility of a kind of procotol safety defect analytical method that the embodiment of the invention provides, satisfied the needs in the practical application.
In sum, the embodiment of the invention provides a kind of procotol safety defect analytical method, and the embodiment of the invention is analyzed and summed up procotol, extracts resource, behavior and the harm of agreement, carries out the procotol modeling, has formed the attack rule schema; According to attacking rule schema, node and all combinations of parameter of attacking in the rule schema are analyzed, find the attack model that at least one is potential, adopt the mode of reasoning to improve rule-based knowledge base, to the attack model formalization in the rule-based knowledge base after improving, foundation and attack mode relax scheme accordingly, have finally generated procotol and have attacked analysis report; The aspect that the embodiment of the invention is considered is bottom more, attack aspect procotol is found and is analyzed, will be according to the information in the potential attack model, the binding rule knowledge base is carried out reasoning, when the aspect of modeling and reasoning more bottom the time, reasoning is just more powerful, has constantly improved rule-based knowledge base; The method that the embodiment of the invention provides is intelligence more, aspect Protocol Modeling, allows computer understand agreement more, extracts effective information, and reasoning rule-based knowledge base in backstage has overcome deficiency of the prior art, has satisfied the needs in the practical application.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the invention described above embodiment sequence number is not represented the quality of embodiment just to description.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1. a procotol safety defect analytical method is characterized in that, said method comprising the steps of:
(1) procotol is summarized and analyze, extract the related resource of procotol, behavior and harm, described resource, described behavior and described harm are summarized and abstract, obtain procotol knowledge;
(2) according to described procotol knowledge, take out rule-based knowledge base;
(3) according to the rule in the described rule-based knowledge base, described resource, described behavior, described harm are made up, carry out fine-grained modeling, form and attack rule schema; Described attack rule schema is analyzed, the optional parameters of all nodes in the described attack rule schema is selected successively, form at least one potential attack mode;
(4) adopt the automated reasoning mode in described rule-based knowledge base, described at least one potential attack mode to be searched for, judge whether to exist described potential attack mode, if flow process finishes; If not, execution in step (5);
(5) described potential attack mode is joined described rule-based knowledge base, improve described rule-based knowledge base, obtain the rule-based knowledge base after improving;
(6) resource, behavior and attack mode in the rule-based knowledge base after described the improving are carried out the formalization definition, obtain the corresponding data of procotol; And determine and described attack mode relaxes scheme accordingly by described attack mode;
(7) the corresponding data of described procotol, described mitigation scheme are input in the security knowledge base in the unified software model, and generate procotol and attack analysis report, flow process finishes.
2. procotol safety defect analytical method according to claim 1, it is characterized in that, described in the step (6) resource, behavior and attack mode in the rule-based knowledge base after described the improving are carried out the formalization definition, obtain the corresponding data of procotol, be specially:
Resource, behavior and attack mode in the rule-based knowledge base after adopting the Z specification language to described improving carry out the formalization definition, obtain the corresponding data of described procotol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110065063 CN102104609B (en) | 2011-03-17 | 2011-03-17 | Method for analyzing safety defect of network protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110065063 CN102104609B (en) | 2011-03-17 | 2011-03-17 | Method for analyzing safety defect of network protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102104609A true CN102104609A (en) | 2011-06-22 |
| CN102104609B CN102104609B (en) | 2013-06-19 |
Family
ID=44157135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110065063 Expired - Fee Related CN102104609B (en) | 2011-03-17 | 2011-03-17 | Method for analyzing safety defect of network protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102104609B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647765A (en) * | 2013-11-29 | 2014-03-19 | 北京广利核系统工程有限公司 | A graphical representation method for describing a network protocol based on a UML sequence diagram and a topological graph |
| CN105933286A (en) * | 2016-04-05 | 2016-09-07 | 浪潮电子信息产业股份有限公司 | Method and device for verifying protocol |
| US20200272916A1 (en) * | 2017-09-29 | 2020-08-27 | Nec Corporation | Hypothesis verification apparatus, hypothesis verification method, and computer-readable recording medium |
| CN112399466A (en) * | 2020-11-12 | 2021-02-23 | 国网江苏省电力有限公司信息通信分公司 | Method for analyzing communication rule defects based on domain rule base |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925488A (en) * | 2006-09-21 | 2007-03-07 | 上海交通大学 | Method for realizing safety protocol checking experimental system supporting large-scale and multiple users |
| CN101217545A (en) * | 2008-01-18 | 2008-07-09 | 东南大学 | An automation design realization method of safety protocol |
| US20090097661A1 (en) * | 2007-09-14 | 2009-04-16 | Security First Corporation | Systems and methods for managing cryptographic keys |
| CN101977180A (en) * | 2010-06-08 | 2011-02-16 | 南京大学 | Security protocol authentication method based on flaw attack |
-
2011
- 2011-03-17 CN CN 201110065063 patent/CN102104609B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925488A (en) * | 2006-09-21 | 2007-03-07 | 上海交通大学 | Method for realizing safety protocol checking experimental system supporting large-scale and multiple users |
| US20090097661A1 (en) * | 2007-09-14 | 2009-04-16 | Security First Corporation | Systems and methods for managing cryptographic keys |
| CN101217545A (en) * | 2008-01-18 | 2008-07-09 | 东南大学 | An automation design realization method of safety protocol |
| CN101977180A (en) * | 2010-06-08 | 2011-02-16 | 南京大学 | Security protocol authentication method based on flaw attack |
Non-Patent Citations (1)
| Title |
|---|
| 薛锐等: "《安全协议的形式化分析技术与方法》", 《计算机学报》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647765A (en) * | 2013-11-29 | 2014-03-19 | 北京广利核系统工程有限公司 | A graphical representation method for describing a network protocol based on a UML sequence diagram and a topological graph |
| CN105933286A (en) * | 2016-04-05 | 2016-09-07 | 浪潮电子信息产业股份有限公司 | Method and device for verifying protocol |
| CN105933286B (en) * | 2016-04-05 | 2019-08-02 | 浪潮电子信息产业股份有限公司 | A kind of method and device of indentification protocol |
| US20200272916A1 (en) * | 2017-09-29 | 2020-08-27 | Nec Corporation | Hypothesis verification apparatus, hypothesis verification method, and computer-readable recording medium |
| CN112399466A (en) * | 2020-11-12 | 2021-02-23 | 国网江苏省电力有限公司信息通信分公司 | Method for analyzing communication rule defects based on domain rule base |
| CN112399466B (en) * | 2020-11-12 | 2024-02-09 | 国网江苏省电力有限公司信息通信分公司 | Communication rule defect analysis method based on domain rule base |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102104609B (en) | 2013-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10972352B2 (en) | Validation of routing information base-forwarding information base equivalence in a network | |
| McClurg et al. | Event-driven network programming | |
| US11063827B2 (en) | Validation of layer 3 bridge domain subnets in a network | |
| US11303520B2 (en) | Validation of cross logical groups in a network | |
| US10862752B2 (en) | Network validation between the logical level and the hardware level of a network | |
| US11153167B2 (en) | Validation of L3OUT configuration for communications outside a network | |
| US20230171157A1 (en) | Detection of overlapping subnets in a network | |
| US10623259B2 (en) | Validation of layer 1 interface in a network | |
| US10812336B2 (en) | Validation of bridge domain-L3out association for communication outside a network | |
| US10528444B2 (en) | Event generation in response to validation between logical level and hardware level | |
| Bjørner et al. | Checking cloud contracts in Microsoft Azure | |
| CN102104609B (en) | Method for analyzing safety defect of network protocol | |
| Kristensen et al. | Applications of coloured Petri nets for functional validation of protocol designs | |
| Yaseen et al. | Aragog: Scalable runtime verification of shardable networked systems | |
| Marchetto et al. | A framework for verification-oriented user-friendly network function modeling | |
| Viana et al. | One step forward: Linking wireless self-organizing network validation techniques with formal testing approaches | |
| CN114221815A (en) | Intrusion detection method, storage medium and system based on honey arranging net | |
| Weitz et al. | Bagpipe: Verified BGP configuration checking | |
| CN103618641A (en) | Data packet detecting and monitoring system based on multiple-core network processor and capable of being deployed fast | |
| Lan et al. | Future network architectures and core technologies | |
| Aryan et al. | A parallel approach for detecting OpenFlow rule anomalies based on a general formalism | |
| Grewal et al. | P4BID: information flow control in p4 | |
| Chen | Automated BGP Policy Analysis | |
| Bourdier et al. | Symbolic analysis of network security policies using rewrite systems | |
| Bringhenti | Automatic Optimized Firewalls Orchestration and Configuration in NFV environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130619 Termination date: 20210317 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |