安全协议逆向与会话实例重构关键技术研究

项目名称： 安全协议逆向与会话实例重构关键技术研究

项目编号： No.61309018

项目类型： 青年科学基金项目

立项/批准年度： 2014

项目学科： 自动化技术、计算机技术

项目作者： 袁霖

作者单位： 中国人民解放军信息工程大学

项目金额： 23万元

中文摘要： 信息系统整体的安全性不仅取决于密码算法的强度，而且与系统所采用的安全协议密切相关。本课题主要研究面向安全协议的逆向与会话实例重构关键技术，旨在解决信息系统关键节点上的安全协议在线监测问题，为安全协议的运行提供实时、在线保障。本课题拟针对该过程所面临的数据信息分散、不完整、难以精确描述等主要问题，在如下理论和技术方面做出突破： 1）研究安全协议特征项统一描述语言，构建特征项本体框架，实现协议网络轨迹特征、程序执行轨迹特征、协议实体特征等异构数据的统一描述；2）研究协议网络行为与程序执行行为之间的关联和时序关系，尽可能完整地获取各种协议相关数据信息；3）研究基于灰色系统理论的安全协议状态机逆向方法，用于在不确定、非完整和贫数据环境下系统地解决安全协议逆向问题；4）研究网络轨迹数据和执行轨迹数据相结合的安全协议会话实例重构的方法，为实现安全协议在线监测奠定理论和技术基础。

中文关键词： 密码协议；在线监测；协议识别；特征提取；会话实例重构

英文摘要： Security of information system depends on not only strength of cryptographic algorithm but also security protocols which the system adopts. The main subject of this proposal is the key theory and technology of security protocol reverse and session instance rebuilding, and aims to resolve the problem of security protocols online monitoring at key nods of information system. It will provide guarantee for real-time online running of security protocols. Because of existing of encrypted data domains in security protocols, the related data is dispersed, incomplete, and difficult to accurate description. To solve these problems, we intend to make an in-depth study in the following aspects. The first research direction is to propose the unification description language, and construct the ontology framework for identified feature items, which would be used to implement unified description for heterogeneous data. These data include the features of protocol's network trace, program's execution trace, and protocol entities. The second research direction refers to construct the correlative and temporal relationship between network behavior and execution behavior, by which we try to obtain and utilize the protocol related data completely. In this part, as many kinds of feature items are not mutually independent, we plan to re

英文关键词： Cryptographic protocol；Online monitoring；Protocol Identification；Feature extraction；Session rebuilding