信息网络安全 ›› 2022, Vol. 22 ›› Issue (3): 29-38.doi: 10.3969/j.issn.1671-1122.2022.03.004

• 技术研究 • 上一篇    下一篇

面向网络架构的系统攻击面建模方法

顾兆军1,2, 杨睿1,2, 隋翯1,3()   

  1. 1. 中国民航大学信息安全测评中心,天津 300300
    2. 中国民航大学计算机科学与技术学院,天津 300300
    3. 中国民航大学航空工程学院,天津 300300
  • 收稿日期:2021-09-08 出版日期:2022-03-10 发布日期:2022-03-28
  • 通讯作者: 隋翯 E-mail:suihe0514@163.com
  • 作者简介:顾兆军(1966—),男,山东,教授,博士,主要研究方向为网络与信息安全、民航信息系统|杨睿(1995—),女,河北,硕士研究生,主要研究方向为网络与信息安全、民航信息系统|隋翯(1987—),男,吉林,讲师,博士,主要研究方向为网络与信息安全、工业控制系统
  • 基金资助:
    民航安全能力建设基金(PESA2020100);民航安全能力建设基金(PESA2021007);民航安全能力建设基金(PESA2021009);中国民航大学研究生科技创新基金(2020YJS030)

System Attack Surface Modeling Method in Network

GU Zhaojun1,2, YANG Rui1,2, SUI He1,3()   

  1. 1. Information Security Evaluation Center, Civil Aviation University of China, Tianjin 300300, China
    2. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
    3. College of Aeronautical Engineering, Civil Aviation University of China, Tianjin 300300, China
  • Received:2021-09-08 Online:2022-03-10 Published:2022-03-28
  • Contact: SUI He E-mail:suihe0514@163.com

摘要:

针对空管信息系统与互联网隔离、利用公开发布的漏洞信息不能切实体现网络安全性等问题,文章提出网络架构的空管信息系统风险评估模型。该模型综合各资源组件的端口、协议、数据进行资源节点的攻击面建模,使用贝叶斯网络为资源间的相互关系建立资源图。在上述模型的基础上,融合各资源攻击面与在资源图约束下的脆弱性严重程度为系统攻击面三元组,以表征三维度的威胁程度,计算网络结构的整体风险。在空管自动化系统中进行仿真实验,量化系统在不同攻击路径、不同维度上的威胁情况,多角度、多层次分析网络结构风险情况。实验结果表明,文章提出的系统攻击面风险评估模型具有合理性和实践有效性,为空管信息系统网络安全保障提供了指导性建议,从而在有限条件下最大限度地保障系统安全。

关键词: 风险评估模型, 贝叶斯网络, 攻击面测量, 空管信息系统

Abstract:

Aiming at the problems that the air traffic control information system is isolated from the Internet and the use of public released vulnerability information cannot effectively reflect its network security, this paper proposed a risk measurement model of air traffic management information system at the network level. The dimension of attack surface modeling had ports, protocols, data for each resource component. This model used Bayesian network to represent the relationship among resources to establish resource graph. Each resource component’s attack surface and vulnerability severity based on resource graph were fused into network attack surface triple. It represented the threat level of three dimensions and calculated the overall risk of the network architecture. Simulation experiments were carried out in the air traffic management automation system. Experiments quantified the threat situation of the system in different attack paths and dimensions. Besides, the network structure risk was analyzed from different angles and levels. Experimental results demonstrate the rationality and practical effectiveness of the proposed system attack surface risk assessment method. The attack surface model provides guidance for network security measures of air traffic management information system. Thus, security administrator can maximize system security under finite conditions.

Key words: risk measurement model, Bayesian network, attack surface metric, air traffic information system

中图分类号: