计算机应急响应系统体系研究

doi:10.7523/j.issn.2095-6134.2004.2.009

中国科学院大学学报 ›› 2004, Vol. 21 ›› Issue (2): 202-209.DOI: 10.7523/j.issn.2095-6134.2004.2.009

计算机应急响应系统体系研究

连一峰, 戴英侠

信息安全国家重点实验室(中国科学院研究生院), 北京 100039

收稿日期:2003-03-26 修回日期:2003-06-02 发布日期:2004-03-19
基金资助:
国家973课题(G1999035801);中国科学院研究生院院长基金(yzjj200209)资助项目

Study on the Architecture of Computer Emergency Response System

LIAN Yi-Feng, DAI Ying-Xia

State Key Lab. of Information Security, Graduate School of the Chinese Academy of Sciences, Beijing 100039, China

Received:2003-03-26 Revised:2003-06-02 Published:2004-03-19

摘要/Abstract

摘要：

应急响应是维护计算机和网络系统动态安全性的关键问题.提出了基于层次化模型的计算机应急响应系统体系结构,从安全服务层、系统模块层、安全研究层的角度对系统的功能需求、模块划分和相应的技术支持给出了明确的定义,针对计算机应急响应系统所关注的事件响应、安全监控、入侵追踪、灾难恢复等问题,结合向用户提供的安全咨询、安全公告、安全状况分析等服务功能,进行了详细的阐述.

关键词: 应急响应, 计算机紧急响应小组, 体系结构

Abstract:

Emergency Response is regarded as the key problem of dynamic security of computer and network systems.In this paper, we propose the architecture of Computer Emergency Response System based on hierarchicalmodel, including security service layer, system module layer and security research layer. Explicit definitions offunctional requirements, module partitions and corresponding technical supports of this architecture are given. Severalconcerned items, such as Incident Response, Security Surveillance, Intrusion Traceback, Disaster Recovery,and other relevant security services (Security Consultation, Security Bulletin and Security Analysis),are also discussedin detail.

Key words: emergency response, computer emergency response team (CERT), architecture

中图分类号:

TP393.08

连一峰, 戴英侠. 计算机应急响应系统体系研究[J]. 中国科学院大学学报, 2004, 21(2): 202-209.

LIAN Yi-Feng, DAI Ying-Xia. Study on the Architecture of Computer Emergency Response System[J]. , 2004, 21(2): 202-209.

参考文献

[1] Nat ional Security Agency Informat ion Assurance Solut ions Technical Directors.Informat ion Assurance Technical Framework.http: www.iatf.net.2000

[2] 戴英侠, 连一峰, 王航.系统安全与入侵检测.北京: 清华大学出版社, 2002

[3] 单国栋, 戴英侠, 王航.计算机漏洞分类研究.计算机工程, 2002, 28(10)

[4] M Hsueh, T Tsai, R K Iyer.Fault inject ion techniques and tools.Computer, 1997, 30(4) :75 82

[5] D Wagner, J S Fost er, E A Brew er, A Aiken.A f irst st ep towards automat ed detection of buffer overrun vulnerabilities.In: Proceedings of 7thNetwork and Distribut ed Syst em Security Symposium.2000

[6] C Kahn, P A Porras, S St aniford-Chen, B Tung.A common intrusion det ection framework.(Submitted to Journal of Comput er Security) 1998

[7] Intrusion Det ection Working Group.Intrusion detect ionmessage exchange format dat a model and extensible markup language (XML) document typedefinition.http:www.ietf.orgint erne-t draftsdraf-t iet-f idwg-idme-f xm-l 10.txt.2003

[8] Intrusion Det ection Working Group.The intrusion detect ion exchange protocol (IDXP).http: www.ietf.orginterne-t drafts draf-t iet-f idwg-beepidxp-04.txt.2002

[9] Denning D.An int rusion detection model.IEEE transaction on S of tware Engineering, 1987, 13(2) : 222 232

[10] Wenke Lee.A Data Mining Framework for Constructing Features and Models for Intrusion Det ection Systems: [PhD Dissert ation].Columbia Un-iversit y, 1999

[11] Anup K Ghosh, Aaron Schwartzbard, Michael Schat z.Learning program behavior profiles for int rusion det ection.In: Proceedings of the 1st USENIXWorkshop on Intrusion Det ection and Network Monitoring.Sant a Clara, California, 1999

[12] S A Hofmeyr, S Forrest, A Somayaji.Intrusion detect ion using sequences of system cal ls.Journal of Computer Security, 1998, 6: 151 180

[13] Me L.Genet ic algorithms, a biologically inspired approach for security audit trails analysis, short paper, present ed at the 1996 IEEE Symposium onSecurity and Privacy.Oakland, CA, 1996

[14] Rebecca Gurley Bace.Intrusion Detect ion.U S A: Macmillan Technical Publishing, 1999

[15] Sushil Jajodia, Peng Liu, Paul Ammann.A fault tol erance approach to survivability.Symposium on Prot ecting NATO Informat ion Systems in the21st Century.Washington D C, 1999

计算机应急响应系统体系研究

Study on the Architecture of Computer Emergency Response System

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	张玉军, 田野. IPv6协议安全问题研究[J]. 中国科学院大学学报, 2005, 22(1): 30-37.
[2]	欧洁, 罗治国, 林守勋, 黄晁. 数字图书馆的数字对象体系结构[J]. 中国科学院大学学报, 2000, 17(1): 93-99.