CN102104609B - Method for analyzing safety defect of network protocol - Google Patents
Method for analyzing safety defect of network protocol Download PDFInfo
- Publication number
- CN102104609B CN102104609B CN 201110065063 CN201110065063A CN102104609B CN 102104609 B CN102104609 B CN 102104609B CN 201110065063 CN201110065063 CN 201110065063 CN 201110065063 A CN201110065063 A CN 201110065063A CN 102104609 B CN102104609 B CN 102104609B
- Authority
- CN
- China
- Prior art keywords
- rule
- attack
- procotol
- knowledge base
- based knowledge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for analyzing the safety defect of a network protocol, and relates to the field of safety software engineering. The method comprises the following steps of: analyzing and summarizing the network protocol, and extracting resources, behaviors and harms of the protocol to model the network protocol so as to form an attack rule graph; analyzing all combinations of nodes and parameters in the attack rule graph according to the attack rule graph, and finding out at least one potential attack model; improving a rule knowledge library by using a reasoning mode; and formalizing the attack model in the improved rule knowledge library to establish an alleviation scheme corresponding to the attack model, and finally generating a network protocol attack analysis report. The method provided by the invention is more intelligent; on the protocol modeling aspect, the protocol can be better understood by a computer so as to extract effective information; and the background reasoning is performed based on the rule knowledge library, so that the shortcoming of the prior art is overcome, and the demand in actual application can be met.
Description
Technical field
The present invention is take the fail-safe software engineering as the basis, be particularly related to a kind of method for analyzing safety defect of network protocol, the method is for safety defect and the attack of procotol, proposition is attacked discovery based on the Formal Analysis Method of Protocol Modeling, by procotol being carried out the Formal Modeling of bottom, use the reasoning of artificial intelligence field, in conjunction with knowledge rule, obtain defective and the corresponding attack mode of agreement.
Background technology
Procotol is to control computer carries out information exchange on Network Transfer Media rule and agreement.In computer network, two entities that intercom mutually are in different geographical position, and two entities intercom mutually, and the action of coordinating them by exchange message reaches synchronously it, and information exchange must be according to the process of jointly appointing in advance.Procotol generally comprises three elements: grammer, semanteme and synchronous.Existing procotol is the skeleton of whole the Internet, is the basis of internet communication, and the fail safe of procotol is directly restricting the coefficient of safety of network environment.At present the Formal Modeling of procotol is mainly used in the checking of procotol, comprehensive, test and agreement realization etc.The consistency of procotol is by carrying out Formal Modeling to procotol, can allow computer better understand procotol, and can be accurately and describe imperfectly the function of procotol, add factor of safety on formalized model, can carry out safe consideration to procotol, thereby improve the fail safe of procotol.Existing Formal Modeling to procotol mainly contains FSM (Finite State Machine, finite-state automata) modeling, the modeling of Petri net, temporal logic modeling and communication process calculation.Wherein, the FSM modeling pattern is most popular at present, and basic thought is that the component states in procotol and state conversion thereof are analyzed, and carries out on this basis safe analysis and checking.By to the FSM model extension, add particular community to complete replenishing to reach the modeling purpose of characteristic of protocol information.The Petri net is a kind of mathematical modeling language of describing distributed system, usually comes state that define system had and the transition condition between state with position and migration form.The temporal logic modeling is the expansion of the logic of modality, and it relates to proposition, predicate and the calculation of the time, state and the relation thereof that contain temporal information.The communication process calculation is the basic theories model of computer communication system, and it is the basis of many Formal Languages.
Existing threat analysis method is mainly the BAN logic, the BAN logic is the logic to E-Commerce Protocol Analysis and checking, can be used for describing and the authentication verification agreement, be by Michael Burrows at first, and Martin Abadi and Roger Needham are in the logic of modality of exploitation in 1989.When using the BAN logic to carry out protocal analysis, at first need formula that the message " idealized " of agreement can be identified for the BAN logic, carry out as the case may be more rational initial state assumption, then utilize the inference rule of logic, carry out reasoning according to idealized agreement and initial state assumption, infer that agreement can reach re-set target.
The inventor finds that there is following shortcoming at least in prior art in realizing process of the present invention:
The BAN logic lack explication semantic basis, original hypothesis determine there is no formalization, idealized step do not have formalization.
Summary of the invention
In order to overcome deficiency of the prior art, satisfy the needs in practical application, the invention provides a kind of method for analyzing safety defect of network protocol, see for details hereinafter and describe:
A kind of method for analyzing safety defect of network protocol said method comprising the steps of:
(1) procotol summarized and analyze, extracting the related resource of procotol, behavior and harm, described resource, described behavior and described harm are summarized and abstract, obtaining procotol knowledge;
(2) according to described procotol knowledge, take out rule-based knowledge base;
(3) according to the rule in described rule-based knowledge base, described resource, described behavior, described harm are made up, carry out fine-grained modeling, form and attack rule schema; Described attack rule schema is analyzed, the optional parameters of all nodes in described attack rule schema is selected successively, form at least one potential attack mode;
(4) adopt the automated reasoning mode in described rule-based knowledge base, described at least one potential attack mode to be searched for, judge whether to exist described potential attack mode, if so, flow process finishes; If not, execution in step (5);
(5) described potential attack mode is joined described rule-based knowledge base, improve described rule-based knowledge base, obtain the rule-based knowledge base after improving;
(6) resource, behavior and attack mode in the rule-based knowledge base after described improving are carried out formal definitions, obtain the corresponding data of procotol; And determine to relax accordingly scheme with described attack mode by described attack mode;
(7) the corresponding data of described procotol, described mitigation scheme are input in security knowledge base in unified software model, and generating network protocol attack analysis report, flow process finishes.
Described in step (6), resource, behavior and attack mode in the rule-based knowledge base after described improving are carried out formal definitions, obtain the corresponding data of procotol, be specially:
Resource, behavior and attack mode in rule-based knowledge base after adopting the Z-specification language to described improving carry out formal definitions, obtain the corresponding data of described procotol.
The beneficial effect of technical scheme provided by the invention is:
The invention provides a kind of method for analyzing safety defect of network protocol, the present invention analyzes and sums up procotol, extracts resource, behavior and the harm of agreement, carries out the procotol modeling, has formed the attack rule schema; According to attacking rule schema, node and all combinations of parameter of attacking in rule schema are analyzed, find the attack model that at least one is potential, adopt the mode of reasoning to improve rule-based knowledge base, to the attack model formalization in the rule-based knowledge base after improving, foundation and attack mode relax scheme accordingly, have finally generated the report of procotol attack analysis; The aspect that the present invention considers is bottom more, attack aspect procotol is found and is analyzed, will be according to the information in potential attack model, the binding rule knowledge base is carried out reasoning, when the aspect of modeling and reasoning more when bottom, reasoning is just more powerful, has constantly improved rule-based knowledge base; Method provided by the invention is more intelligent, aspect Protocol Modeling, allows computer more understand agreement, extracts effective information, and reasoning rule-based knowledge base in backstage has overcome deficiency of the prior art, has satisfied the needs in the practical application.
Description of drawings
Fig. 1 is attack discovery provided by the invention and analysis framework figure;
Fig. 2 is the flow chart of method for analyzing safety defect of network protocol provided by the invention;
Fig. 3 is the model of procotol rule provided by the invention;
Fig. 4 is RIP protocol attack discovery provided by the invention and analysis rule figure;
Fig. 5 is the schematic diagram of the attack path discover method in rule-based storehouse provided by the invention;
Fig. 6 is the schematic diagram of RIP precedence diagram provided by the invention modeling;
Fig. 7 is the result schematic diagram of the Z-specification language description fragment of precedence diagram provided by the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
In order to overcome deficiency of the prior art, satisfy the needs in practical application, the embodiment of the present invention provides a kind of method for analyzing safety defect of network protocol, referring to Fig. 1 and Fig. 2, sees for details hereinafter and describes:
101: procotol summarized and analyzed, extract the related resource of procotol, behavior and harm, resource, behavior and harm are summarized and abstract, obtaining procotol knowledge;
Sum up related resource, behavior and harm from procotol.Procotol varies because its function is different, and network attack is also therefore of all kinds, but the thinking of many network attacks is similar, and the attack method that adopts is close, can be extracted the attack mode into negligible amounts.As a same reason, the number of types of the harm that resource, the action of sending and the attack of using due to procotol causes is limited, and these information are summarized and analyzed, and draws procotol knowledge, helps like this modeling of procotol attack mode.
Wherein, procotol knowledge is the data source of attacking discovery and analysis theories, be mainly the procotol of RFC (Request For Comments requests for comments) statement and the application that realizes these procotols, procotol knowledge is theoretical data basis.
102: according to procotol knowledge, take out rule-based knowledge base;
Rule-based knowledge base is by to procotol knowledge classification, arrangement, refinement and abstract, extracts procotol relevant protocol resource storehouse, behavior storehouse and rule base.Wherein, the protocol resource storehouse comprises the network data that relates in procotol, as an IP address, a message, the process pool of server etc.; The behavior storehouse is the relevant assembly of procotol and uses carry out mutual, as checking message, response message etc.; Rule base is that content to Internet resources and network behavior is described, because carry out in mutual process at networking component, tend to relate to the network data of a part, so network behavior often is attended by Internet resources, and between behavior, the reckoning relation may be arranged, be that some network behavior can infer next step behavior by And and Or relation, and rule base is used for this two-part content is described exactly.
103: according to the rule in rule-based knowledge base, the resource that procotol is related, behavior and harm are made up, and carry out fine-grained modeling, form to attack rule schema; Analyze attacking rule schema, the optional parameters of attacking all nodes in rule schema is selected successively, form at least one potential attack mode;
Wherein, after carrying out fine-grained modeling, the attack rule schema of formation can be understood as the abstract of at least one attack mode, and the path that the parameter in the attack rule schema is determined is all potential attack mode.The rule that extracts and the behavior of analyzing are stored in rule-based knowledge base, as the support of inference step.
104: adopt the automated reasoning mode in rule-based knowledge base, at least one potential attack mode to be searched for, judge whether to exist potential attack mode, if so, flow process finishes; If not, execution in step 105;
105: potential attack mode is joined rule-based knowledge base, improve rule-based knowledge base, obtain the rule-based knowledge base after improving;
Wherein, for example: formed five potential attack modes in step 103, be respectively the first potential attack mode, the second potential attack mode, the 3rd potential attack mode, the 4th potential attack mode and the 5th potential attack mode, whether search exists one or more in five potential attack modes in rule-based knowledge base, if five potential attack modes are all in rule-based knowledge base,, flow process finishes; If one or more in five potential attack modes, join it in rule-based knowledge base not in rule-based knowledge base, improve rule-based knowledge base, obtain the rule-based knowledge base after improving.For example: the first potential attack mode and the second potential attack mode are in rule-based knowledge base, the 3rd potential attack mode, the 4th potential attack mode and the 5th potential attack mode do not have in rule-based knowledge base, the 3rd potential attack mode, the 4th potential attack mode and the 5th potential attack mode joined in rule-based knowledge base, obtain the rule-based knowledge base after improving.
106: resource, behavior and attack mode in the rule-based knowledge base after improving are carried out formal definitions, obtain the corresponding data of procotol; And determine to relax accordingly scheme with attack mode by attack mode;
Wherein, the embodiment of the present invention is carried out formal definitions to resource, behavior and attack mode in the rule-based knowledge base after improving and is preferably adopted the Z-specification language to carry out formal definitions, the Z-specification language is a kind of specification language take first order predicate calculus as main theoretical basis, it is a kind of functional language, the state variation of procotol can clearly be described in the Z-specification language, more is conducive to extract the achieved effective information of agreement.During specific implementation, can also be other language, the embodiment of the present invention does not limit this.
107: the corresponding data of procotol, mitigation scheme are input in security knowledge base in unified software model, and generating network protocol attack analysis report.
Wherein, the corresponding data of procotol are input in security knowledge base in unified software model are convenient to later attack and defects detection, the relevant design developer is transferred in the procotol attack analysis report that generates use, satisfied the needs in the practical application.Wherein, according to the definition of software life-cycle, unified software model comprises: requirement section, design part and realize part, wherein, requirement section is comprised of with illustration, activity diagram and state diagram UML, and activity diagram and state diagram are as UML replenishing of illustration, the multidate information in the description demand; The design part is comprised of precedence diagram and Formal Languages, and take functional unit as least unit, precedence diagram has been described and completed corresponding functional unit and the calling rule that preset function need to call as framework; Formal Languages has increased the semantic information of functional unit by formal description; The realization part is comprised of the programming language code unit of practical function unit, and satisfies Formal Language Description.
The below illustrates the feasibility of a kind of method for analyzing safety defect of network protocol that the embodiment of the present invention provides with a specific embodiment, wherein, Formal Languages is take the Z-specification language as example, procotol is take RIP (Routing information Protocol)) agreement is as example is described, sees for details hereinafter to describe;
In carrying out procotol RIP analytic process, find altogether four kinds of common attack patterns of RIP, referring to Fig. 3, by the abstract modeling to these attack modes, extract the Internet resources and the network behavior that relate in procotol, and brass tacks.With these resources, compositional modeling is carried out in behavior by the rule in rule-based knowledge base, can access the rule schema of the RIP after shown in Figure 4 improving.
The attack of the procotol of rule-based knowledge base is found
(1) Organization Chart and principle explanation
Input: the Z-specification language description of precedence diagram and precedence diagram
Output: procotol attack analysis report
Process: in the actual development process, 1. describe procotol by precedence diagram; 2. with the Z-specification language, this precedence diagram is carried out extended description; 3. resolve this Z-specification language, extract the expressed sequence of events of precedence diagram; 4. bring into and carry out reasoning in rule-based knowledge base, find out all potential attack modes; 5. generating network protocol attack analysis report, as shown in Figure 5.
(2) attack the process of discovery
Describe by the RIP agreement being carried out precedence diagram, obtain precedence diagram shown in Figure 5;
Precedence diagram shown in Figure 6 is carried out the Z-specification language description, get the Z-specification language fragments as shown in Figure 7;
After obtaining the Z-specification language description of precedence diagram, need to by means of the constructed rule-based knowledge base in front, extract sequence of events:
TransitPacket(RIP_Request)
Filter(Packet)
Encapsulate(Packet)
TransitPacket(RIP_Response)
Filter(Packet)
Update(RoutingTable)
TransitPacket(RIP_Request)
Filter(Packet)
Encapsulate(Packet)
TransitPacket(RIP_Response)
Filter(Packet)
Update(RoutingTable)
Broadcast(RIP_Response)
Filter(Packet)
Update(RoutingTable)
Add(Invalidation_Timer)
UpdateTable(Metric)
DeleteRoute(Metric)
Rule-based knowledge base is carried out analysis ratiocination
The event that extracts is brought into attack in rule schema, judge whether these event sets can satisfy an attack path.
Generating network protocol attack analysis report:
1:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(RIPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Host)
Describe in detail: at incredible net environment, do not have authentic Request packet to the router transmission that moves the RIP agreement, cause incredible packet; The packet that sends is insincere, causes the RIP packet of forging; Use the RIP packet of forging, router upgrades the jumping figure of routing table, causes the main frame of forging.
2:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(Response);
Fake(Response)[true];RoutingUpdate(Metric)[true];->Disorder(RoutingTable)
Describe in detail: at incredible net environment, do not have authentic Request packet to the router transmission that moves the RIP agreement, cause incredible packet; The packet that sends is insincere, causes the Response packet of forging; Use the Response packet of forging, router upgrades the jumping figure of routing table, causes routing table disorderly.
3:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(520UDPP?acket);
Untrustworthy(Packet)[true];->Fake(520UDPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Route);
Fake(Route)[true];->Broadcast(RoutingPacket);
Broadcast(RoutingPacket)[true];Filter(RoutingPacket)[false];->Exhaust(Bandwidth)
Describe in detail: at incredible net environment, do not have authentic Request packet to the router transmission that moves the RIP agreement, cause the incredible UDP message bag that is sent by 520 ports; Insincere from the UDP message bag that 520 ports send, cause the UDP message bag of forging; Use the UDP message bag of 520 ports of forging, router upgrades routing table, causes the router of forging; Use the router of forging to cause broadcasting a large amount of routing update information, these routing update information are not filtered, and cause the network bandwidth to exhaust.
(3) interpretation of result
1:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(RIPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Host)
Describe in detail: at incredible net environment, do not have authentic Request packet to the router transmission that moves the RIP agreement, cause incredible packet; The packet that sends is insincere, causes the RIP packet of forging; Use the RIP packet of forging, router upgrades the jumping figure of routing table, causes the main frame of forging.
This record description the attack method of a forgery main frame: the assailant often attacks the router that has used initial RIP agreement.The assailant can packet spoof, notify its main frame of each router to have the path of the fastest interconnection network outside, the packet that need to send out from that network so all can be through assailant's main frame, and these packets both can the victim inspection, also can be modified.
2:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(Packet);
Untrustworthy(Packet)[true];->Fake(Response);
Fake(Response)[true];RoutingUpdate(Metric)[true];->Disorder(RoutingTable)
Describe in detail: at incredible net environment, do not have authentic Request packet to the router transmission that moves the RIP agreement, cause incredible packet; The packet that sends is insincere, causes the Response packet of forging; Use the Response packet of forging, router upgrades the jumping figure of routing table, causes routing table disorderly.
This record description an attack method that makes the routing table disorder of router: the router of an operation RIP agreement, if receive route updating packet from interface, router will be analyzed this message.If the routing iinformation of this message is more effective than the original routing iinformation of router, router will be introduced the routing iinformation of message in the routing table of oneself.The assailant can utilize this defective of RIP agreement, send the damaging route updating packet of being with of forging to router, because the RIP agreement does not have built-in authentication mechanism, router can think that these messages are safe, the easy like this routing table of router that makes is disorderly, thereby causes network to interrupt.
3:Untrustworthy(Environment)[true];TransitPacket(Request)[true];
Authenticate(Packet)[false];Run(RIPProtocol)[true];->Untrustworthy(520UDPPacket);
Untrustworthy(Packet)[true];->Fake(520UDPPacket);
Fake(RIPPacket)[true];RoutingUpdate(Metric)[true];->Fake(Route);
Fake(Route)[true];->Broadcast(RoutingPacket);
Broadcast(RoutingPacket)[true];Filter(RoutingPacket)[false];->Exhaust(Bandwidth)
Describe in detail: at incredible net environment, do not have authentic Request packet to the router transmission that moves the RIP agreement, cause the incredible UDP message bag that is sent by 520 ports; Insincere from the UDP message bag that 520 ports send, cause the UDP message bag of forging; Use the UDP message bag of 520 ports of forging, router upgrades routing table, causes the router of forging; Use the router of forging to cause broadcasting a large amount of routing update information, these routing update information are not filtered, and cause the network bandwidth to exhaust.
This record description the attack method that the network bandwidth is exhausted: assailant's main frame sends the UDP messages by 520 ports, assailant's main frame will be treated as a router so, thereby this main frame sends broadcast message just can for other routers, the assailant can utilize this defective to attack like this, send a large amount of broadcast messages, because broadcast message will expend the bandwidth of a large amount of preciousnesses, can cause network congestion like this.By above-mentioned test and analysis, verified the feasibility of a kind of method for analyzing safety defect of network protocol that the embodiment of the present invention provides, satisfied the needs in the practical application.
In sum, the embodiment of the present invention provides a kind of method for analyzing safety defect of network protocol, and the embodiment of the present invention is analyzed and summed up procotol, extracts resource, behavior and the harm of agreement, carries out the procotol modeling, has formed the attack rule schema; According to attacking rule schema, node and all combinations of parameter of attacking in rule schema are analyzed, find the attack model that at least one is potential, adopt the mode of reasoning to improve rule-based knowledge base, to the attack model formalization in the rule-based knowledge base after improving, foundation and attack mode relax scheme accordingly, have finally generated the report of procotol attack analysis; The aspect that the embodiment of the present invention is considered is bottom more, attack aspect procotol is found and is analyzed, will be according to the information in potential attack model, the binding rule knowledge base is carried out reasoning, when the aspect of modeling and reasoning more when bottom, reasoning is just more powerful, has constantly improved rule-based knowledge base; The method that the embodiment of the present invention provides is more intelligent, aspect Protocol Modeling, allows computer more understand agreement, extracts effective information, and reasoning rule-based knowledge base in backstage has overcome deficiency of the prior art, has satisfied the needs in the practical application.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the invention described above embodiment sequence number does not represent the quality of embodiment just to description.
The above is only preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (1)
1. a method for analyzing safety defect of network protocol, is characterized in that, said method comprising the steps of:
(1) procotol summarized and analyze, extracting the related resource of procotol, behavior and harm, described resource, described behavior and described harm are summarized and abstract, obtaining procotol knowledge;
(2) according to described procotol knowledge, take out rule-based knowledge base;
(3) according to the rule in described rule-based knowledge base, described resource, described behavior, described harm are made up, carry out fine-grained modeling, form and attack rule schema; Described attack rule schema is analyzed, the optional parameters of all nodes in described attack rule schema is selected successively, form at least one potential attack mode;
(4) adopt the automated reasoning mode in described rule-based knowledge base, described at least one potential attack mode to be searched for, judge whether to exist described potential attack mode, if so, flow process finishes; If not, execution in step (5);
(5) described potential attack mode is joined described rule-based knowledge base, improve described rule-based knowledge base, obtain the rule-based knowledge base after improving;
(6) resource, behavior and attack mode in the rule-based knowledge base after described improving are carried out formal definitions, obtain the corresponding data of procotol; And determine to relax accordingly scheme with described attack mode by described attack mode;
(7) the corresponding data of described procotol, described mitigation scheme are input in security knowledge base in unified software model, and generating network protocol attack analysis report, flow process finishes;
Wherein, described in step (6), resource, behavior and attack mode in the rule-based knowledge base after described improving are carried out formal definitions, obtain the corresponding data of procotol, be specially:
Resource, behavior and attack mode in rule-based knowledge base after adopting the Z-specification language to described improving carry out formal definitions, obtain the corresponding data of described procotol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110065063 CN102104609B (en) | 2011-03-17 | 2011-03-17 | Method for analyzing safety defect of network protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110065063 CN102104609B (en) | 2011-03-17 | 2011-03-17 | Method for analyzing safety defect of network protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102104609A CN102104609A (en) | 2011-06-22 |
| CN102104609B true CN102104609B (en) | 2013-06-19 |
Family
ID=44157135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110065063 Expired - Fee Related CN102104609B (en) | 2011-03-17 | 2011-03-17 | Method for analyzing safety defect of network protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102104609B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11803768B2 (en) * | 2017-09-29 | 2023-10-31 | Nec Corporation | Hypothesis verification apparatus, hypothesis verification method, and computer-readable recording medium |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647765A (en) * | 2013-11-29 | 2014-03-19 | 北京广利核系统工程有限公司 | A graphical representation method for describing a network protocol based on a UML sequence diagram and a topological graph |
| CN105933286B (en) * | 2016-04-05 | 2019-08-02 | 浪潮电子信息产业股份有限公司 | A kind of method and device of indentification protocol |
| CN112399466B (en) * | 2020-11-12 | 2024-02-09 | 国网江苏省电力有限公司信息通信分公司 | Communication rule defect analysis method based on domain rule base |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925488A (en) * | 2006-09-21 | 2007-03-07 | 上海交通大学 | Method for realizing safety protocol checking experimental system supporting large-scale and multiple users |
| US8135134B2 (en) * | 2007-09-14 | 2012-03-13 | Security First Corp. | Systems and methods for managing cryptographic keys |
| CN101217545A (en) * | 2008-01-18 | 2008-07-09 | 东南大学 | An automation design realization method of safety protocol |
| CN101977180B (en) * | 2010-06-08 | 2013-06-19 | 南京大学 | Security protocol authentication method based on flaw attack |
-
2011
- 2011-03-17 CN CN 201110065063 patent/CN102104609B/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11803768B2 (en) * | 2017-09-29 | 2023-10-31 | Nec Corporation | Hypothesis verification apparatus, hypothesis verification method, and computer-readable recording medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102104609A (en) | 2011-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yazdinejad et al. | P4-to-blockchain: A secure blockchain-enabled packet parser for software defined networking | |
| Weitz et al. | Scalable verification of border gateway protocol configurations with an SMT solver | |
| Liatifis et al. | Advancing sdn from openflow to p4: A survey | |
| McClurg et al. | Event-driven network programming | |
| Bjørner et al. | Checking cloud contracts in Microsoft Azure | |
| US20230171157A1 (en) | Detection of overlapping subnets in a network | |
| Yang et al. | Scalable verification of networks with packet transformers using atomic predicates | |
| US20180367394A1 (en) | Validation of cross logical groups in a network | |
| CN116055254B (en) | Safe and trusted gateway system, control method, medium, equipment and terminal | |
| CN102104609B (en) | Method for analyzing safety defect of network protocol | |
| CN110120923B (en) | Hash-Trie-based flow rule conflict detection method | |
| Kristensen et al. | Applications of coloured Petri nets for functional validation of protocol designs | |
| Marchetto et al. | A framework for verification-oriented user-friendly network function modeling | |
| Yaseen et al. | Aragog: Scalable runtime verification of shardable networked systems | |
| CN111193640B (en) | Stateful data plane fault detection method using policy decomposition and symbolic execution | |
| CN101242409B (en) | An efficient filtering method for multi-language network data packets | |
| CN114221815A (en) | Intrusion detection method, storage medium and system based on honey arranging net | |
| CN111698110A (en) | Network equipment performance analysis method, system, equipment and computer medium | |
| Xiang et al. | Modeling and verifying the topology discovery mechanism of OpenFlow controllers in software-defined networks using process algebra | |
| Hussein et al. | SDN verification plane for consistency establishment | |
| CN103618641A (en) | Data packet detecting and monitoring system based on multiple-core network processor and capable of being deployed fast | |
| Koïta et al. | A generic learning simulation framework to assess security strategies in cyber-physical production systems | |
| Weitz et al. | Bagpipe: Verified BGP configuration checking | |
| Lan et al. | Future network architectures and core technologies | |
| Ai et al. | Survey on the scheme evaluation, opportunities and challenges of software defined‐information centric network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130619 Termination date: 20210317 |