摘要: |
web服务器拟态防御原理验证系统是基于拟态防御原理的新型web安全防御系统,利用异构性、冗余性、动态性等特性阻断或扰乱网络攻击,以达成系统安全风险可控的要求。针对传统的测试方法实施于web服务器拟态防御原理验证系统中存在不足、不适应复杂安全功能测试以及难以实现准确度量等问题,本文提出了适用于拟态防御架构的web服务器测试方法,基于让步规则改进了灰盒测试,还丰富了漏洞和后门利用复杂度的含义。并以此为基础设计适于该系统的测试方案、测试原则和测试方法,在性能、兼容性、功能实现、HTTP协议一致性,安全性这些方面进行了全面的测试和分析。 |
关键词: 拟态防御原理 灰盒测试 利用复杂度 测试原则 测试用例 测试分析 测试 |
DOI:10.19363/j.cnki.cn10-1380/tn.2017.01.002 |
Received:September 13, 2016Revised:December 03, 2016 |
基金项目:本课题得到国家重点研发计划(2016YFB0800104),上海市科学技术委员会科研计划项目(14DZ1105300)和国家自然科学基金(61572520)资助。 |
|
The Test and Analysis of Prototype of Mimic Defense in Web Servers |
ZHANG Zheng,MA Bolin,WU Jiangxing |
State key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China;National Digital Switching System Engineering & Technological R & D Center, Zhengzhou 450002, China |
Abstract: |
Prototype of mimic defense in web servers is a new type of web security defense system based on mimic security defense theory, which makes use of heterogeneity, redundancy, dynamic and other characteristics to block or disrupt the network attacks, in order to achieve the requirement of controlling system security risk. The traditional web services testing methods are inadequate and do not meet the complex security testing requirements and have difficulty in accurate measurement. This paper presents a web services testing method which is applicable to mimic defense architecture, improve gray-box testing method based on concession rule and enriches the meaning of exploiting complexity of vulnerability and back door. Based on this, this paper puts forward the test projects, test principles and test methods for the newly system. It covers comprehensive test and analysis on aspects of performance, compatibility, function, HTTP protocol conformance, security. |
Key words: Micmic defense theory Gray-Box testing method exploiting complexity test principle test case test analysis test |