远程办公系统安全综述

杨泽霖; 王基策; 徐斐; 黄宇航; 艾铭超; 马慧; 王鹤; 张玉清

引用本文：

杨泽霖,王基策,徐斐,黄宇航,艾铭超,马慧,王鹤,张玉清.远程办公系统安全综述[J].信息安全学报,2022,7(6):31-47 [点击复制]
YANG Zelin,WANG Jice,XU Fei,HUANG Yuhang,AI Mingchao,MA Hui,WANG He,ZHANG Yuqing.Survey of Telecommuting System Security[J].Journal of Cyber Security,2022,7(6):31-47 [点击复制]

本文已被：浏览 2327次下载 2235次	码上扫一扫！
远程办公系统安全综述
杨泽霖^1,2, 王基策^2,3, 徐斐^1,2, 黄宇航², 艾铭超^4,2, 马慧^1,2, 王鹤^1,4,2, 张玉清^1,4,2
0 字体:加大+\|默认\|缩小-
(1.西安电子科技大学网络与信息安全学院西安中国 710071;2.中国科学院大学国家计算机网络入侵防范中心北京中国 101408;3.北京计算机技术及应用研究所北京中国 100854;4.西安电子科技大学杭州研究院杭州中国 311231)

摘要:

受新型冠状病毒肺炎的影响, 远程办公这种新型办公方式在短时间内迅速发展并被社会广泛应用, 由此引发的远程办公系统的安全问题显得越发急迫和突出。目前, 远程办公系统安全的相关研究仍处于起步阶段, 其研究结果并未不足以完全解决远程办公系统发展中的安全问题。为使研究人员系统化地了解目前的研究进展, 本文首次归纳总结了远程办公系统的安全问题,并撰写了本综述。本文首先回顾了远程办公系统的发展历程, 指出了远程办公系统在不同应用场景中特有的安全需求和问题,然后根据远程办公系统的技术架构将其分为虚拟专用网络、远程桌面控制、团队协作平台三种类型。在调研了近 5 年 EI 数据库、 Web of Science 核心数据库和 CCF 推荐网络与信息安全国际学术会议中发表的与远程办公安全相关论文以及其他相关的高水平研究工作的基础上, 本文对以上三类远程办公系统中存在的安全问题进行了系统性的分析和总结, 尤其是重点分析了团队协作平台这种新型办公方式的安全问题。根据团队协作平台的架构和功能以及攻击者常用的攻击方式将团队协作平台的安全风险分为 5 类: 第三方小程序安全、通信协议安全、客户端安全、云服务端安全、侧信道分析。最后进一步指出了远程办公系统安全研究所面临的挑战和机遇, 为远程办公系统安全未来的研究指出了方向。

关键词: 远程办公安全虚拟专用网络远程桌面控制团队协作

DOI：10.19363/J.cnki.cn10-1380/tn.2022.11.02

投稿时间：2022-07-05修订日期：2022-09-29

基金项目:本课题得到国家自然科学基金重点项目: 多源漏洞数据智能分析和漏洞智能利用与挖掘研究(No. U1836210)的资助。

Survey of Telecommuting System Security

YANG Zelin^1,2, WANG Jice^2,3, XU Fei^1,2, HUANG Yuhang², AI Mingchao^4,2, MA Hui^1,2, WANG He^1,4,2, ZHANG Yuqing^1,4,2

(1.School of Cyber Engineering, Xidian University, Xi'an 710071, China;2.National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China;3.Beijing Institute of Computer Technology and Applications, Beijing 100854, China;4.Hangzhou Institute of Technology, Xidian University, Hangzhou 311231, China)

Abstract:

Affected by the Corona Virus Disease 2019 (COVID-19), telecommuting, a new type of office, has developed rapidly in a short period of time and has been widely used in society, and the resulting security problems of telecommuting systems have become more and more urgent and prominent. At present, the research on the security of telecommuting systems is still in its infancy, and the research results are not enough to completely solve the security problems in the development of telecommuting systems. In order to systematically understand the current research progress researchers, this paper summarizes the security problems of telecommuting systems for the first time, and writes this review. This paper first reviews the development process of the telecommuting system, points out the unique security requirements and problems of the telecommuting system in different application scenarios, and then divides the telecommuting system into virtual private network (VPN), remote desktop control and teamwork platform, according to the technical architecture of the telecommuting system. Based on nearly 5 years of research on telecommuting papers published in the EI Database, Web of Science database and CCF recommended international conference on network and information security, as well as other related high-level research work, this paper systematically analyzes and summarizes the security problems existing in the above three types of telecommuting systems, especially focusing on the security problems of teamwork platforms, a new type of telecommuting. According to the architecture and function of the teamwork platform and the attack methods commonly used by attackers, the security risk of teamwork platforms are divided into five categories: third-party APP security, communication protocol security, client security, cloud server security, and side channel analysis. Finally, the challenges and opportunities faced by the telecommuting system security research institute are pointed out, and the direction for the future research of telecommuting system security is pointed out.

Key words: telecommuting security VPN remote desktop control teamwork