• •    下一篇

面向云桌面平台的攻防反馈防御图研究设计

黄儒%罗守山%李忠献   

  • 出版日期:2014-11-15
  • 基金资助:
    国家科技支撑计划(2012BAH37B05)

Research and Design on Offensive and Defensive Feedback Defense Graph on Cloud Desktop

HUANG Ru%LUO Shou-shan%LI Zhong-xian   

  • Online:2014-11-15
  • About author:北京邮电大学信息安全中心,北京,100876%国瑞数码安全系统有限公司,北京,100088

摘要: 随着云平台的飞速发展,移动办公、BYOD 办公已经席卷全球,各个企业更是将云桌面办公作为首选,建立基于云服务的云桌面环境。然而,新的办公环境也将引入新的安全问题。目前云桌面安全的研究尚未成体系,云桌面的防御知识相对匮乏,国内也缺少全面、系统、有效的防御方案。云桌面的虚拟化结构决定了其不再是糖葫芦串式的防御结构,在一定程度上云桌面服务器防御比传统服务器更敏感。文章通过对云桌面的防御体系架构分析,提出了一套适用于云桌面的攻防反馈防御图的主动防御方案,将其防御结构过程和攻击结构过程展现出来,通过防御分析进行定向攻击设计,并基于生成的攻击图进行安全防御的反馈,再进行防御图的优化。文章采用了逆向广度搜索算法寻找攻击脆弱点,不漏掉不重复任何一个可靠的攻击路径。文章引入了攻防博弈模型,实现符合适度安全原则的防御优化方案。最后,文章通过某著名的云桌面提供商实验展现云桌面攻防反馈图的仿真过程。

Abstract: With the rapid development of Cloud Platform, Mobile Office and BYOD Office have swept across the world. Companies take Cloud Desktop Office as the preferred, and build Cloud Desktop environment. However, the new office environment will also introduce the new security issues. Currently, Cloud Desktop security architecture has not yet formed. Knowledge of Cloud Desktop defense is relatively scarce. Domestic also lack of comprehensive, system, effective defense model. Cloud desktop virtualization structure determines its defense structure is no longer a string type, to a certain extent; cloud server defense is more sensitive than traditional one. This paper proposed an active defense scheme of offensive and defensive feedback defense graph on which applicable to cloud desktop by analysis cloud desktop defense architecture. It unfolded the restructuring process of its defense and attack, marked the targeted attacks design according to the defense analysis, and feedback attack graph to security defense, and then optimized the defense map. It adopted reverse breadth search algorithm to find attack vulnerable points, no reliable attack path was missed or repeated. It introduces the offensive and defensive game model, to compliance with the principle of appropriate security. Finally, this paper revealed simulation process of offensive and defensive feedback defense graph on cloud desktop through a famous provider of cloud desktop.