中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 基础软件国家工程研究中心  > 学位论文
题名:
安全实时数据库隐蔽信道度量和处理技术研究
作者: 曾海涛
答辩日期: 2009-01-16
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 安全实时数据库 ; 数据冲突隐蔽信道 ; 隐蔽信道度量 ; 隐蔽信道处理
其他题名: Research on Covert Channel Measurement and Handling in Secure Real-time Database
摘要: 军事和经济等关键领域的数据应用需要安全实时数据库(SRTDB)提供安全和实时保障,但是隐蔽信道严重威胁着安全实时数据库的表现。如何有效地限制隐蔽信道威胁,同时保障系统的实时性能,是这类数据库迫切需要解决的问题。本文从信道限制、信道容量度量、多种度量指标结合以及信道检测四个方面入手,对安全实时数据库中数据冲突信道(DC信道)度量和处理领域出现的若干关键问题展开研究,取得了以下四个方面的主要成果: 第一,已有的SRTDB系统DC信道处理方法中,基于相对安全目标的信道限制方法能够支持安全和实时需求的均衡,比基于绝对安全目标的消除方法更灵活。在信道限制方法中,基于概率的限制方法降低了满足安全标准时信道限制操作所附加的实时性能损失,但是仍然存在实时性能的额外浪费。针对这一不足,提出了基于多概率的信道限制策略(MPBPSP),能够根据系统安全标准针对每个信道实例施加适当干扰,进一步减少了实时性能的损失。 第二,信道威胁的准确度量是对信道施加适当限制的基础。依据安全评测标准要求,提出了一种使用容量指标的DC信道威胁限制方法(CUCCMM)。该方法克服了已有信道容量限制方法在信道模型描述和度量指标上的缺陷,采用Z信道模型描述MPBPSP方法下DC信道的传输特性,并选择时间单位的容量指标。方法中以定理形式分别给出了干扰下信道容量度量算法,以及根据容量限制标准计算限制措施参数的算法。基于CUCCMM,系统能够准确地实施信道容量限制标准,并对限制下信道的实际容量进行监测。 第三,多种因素共同决定着信道威胁的程度,这些因素对应的度量指标也各有偏重,只有结合多种指标才能全面的度量和限制信道威胁。提出了综合多个指标的DC信道威胁度量和限制方法CMMA,它结合容量和短消息指标度量信道传输能力,并利用消息价值概念在短消息指标中同时包含被传输数据的长度和敏感度属性。实验证明,利用MPBPSP策略,CMMA方法能够同时对信道传输长文件和传输短消息这两方面能力施加限制,并且方法中多个指标的运用并不会带来实时性能损失的成倍增长。 第四,为了威慑入侵者并为限制信道威胁提供准确的依据,需要对信道的实际使用进行审计和检测。提出了对事务冲突信息的审计标准,并且按照用户和数据两种单位划分审计记录,有效地防止入侵者通过分散冲突记录的方式逃避检测。提出了一种基于冲突间隔时间的信道检测方法CTIBDA,方法中将冲突间隔时间的规律性作为检测的依据,并结合两种规律性指标提高了检测方法的健壮性。由于检测方法中没有复杂的学习和运算过程,因此方法还具有实施代价低的优点。
英文摘要: Security and real-time constraints are important characteristics of the data operations in military and economic applications. In these applications, Secure Real-time Database (SRTDB) should be equipped. However, covert channel is a great threat to SRTDB’s performance. How to mitigate the danger of covert channel while decreasing the expense of the real-time performance becomes a critical problem. In this dissertation, research on the key issues of data conflict covert channel (DC-channel) analysis in SRTDB is conducted from four perspectives: channel mitigating, capacity measurement, multiple metrics combination, and channel detection. As a result, four principal achievements have been achieved: Firstly, among the existing approaches of DC-channel handling, channel mitigating approaches which allow partial security are more flexible than channel eliminating approaches which pursue absolute security. Among these mitigating approaches, probabilities based approaches can further reduce the loss of real-time performance which is caused by channel mitigating operation. However, in probabilities based approaches, there still exists waste of real-time performance. A channel mitigating approach based on multiple probabilities is presented. Through exactly imposing appropriate noisy on each channel instances, this new approach can decrease the influence of mitigating operation on real-time performance. Secondly, the accurate measurement of channel danger is the foundation of enforcing appropriate restriction on channel danger. This dissertation proposes a covert channel mitigation method, CUCCMM, which uses capacity as metric for channel danger measurement according to security criteria (TCSEC). The channel under CUCCMM is modeled as Z-channel. The algorithms for channel capacity and noisy parameter are presented. Using CUCCMM, SRTDB can accurately enforce the restriction on the capacity of the channel and monitor the resulted capacity under restriction. Thirdly, danger of covert channel is determined by many factors and the existing danger metrics focus on different factors. Therefore, multi-metrics need to be combined so as to achieve a comprehensive measurement and mitigating of channel danger. This dissertation presents a novel approach, CMMA, which resorts to the combination of multiple metrics. These combined metrics include capacity and small message criterion (SMC). Moreover, based on the definition of message value, SMC’s implementation is designed to incorporate the attributes (data length and sensitivity) of the data which are being transmitted. Using MPBPSP, CMMA can simultaneously mitigate the two aspects of channel’s capability: the capability to transmit long files and send small messages, without multiplying the loss of real-time performance. Finally, to deterrence intruders and provide accurate guidance for channel mitigation, it is expected to audit and detect channels’ usage. This dissertation proposes a standard for transaction conflict information auditing. To avoid intruder evading the detection through distributing conflicts to different users and data, the recorded information should be grouped according to two fields: user and data. A detection approach for DC-channel, CTIBDA, is presented. The detection is based on the time intervals of data conflicts and uses the abnormal regularity of intervals as the clue for detection. Two metrics of regularity is combined to improve CTIBDA’s robustness. Since not containing complex training and computing procedure, CTIBDA has the advantage of low enforcement cost.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7192
Appears in Collections:基础软件国家工程研究中心_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200418015029018曾海涛_paper.pdf(1294KB)----限制开放-- 联系获取全文

Recommended Citation:
曾海涛. 安全实时数据库隐蔽信道度量和处理技术研究[D]. 软件研究所. 中国科学院软件研究所. 2009-01-16.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[曾海涛]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[曾海涛]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace