欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2023, Vol. 40 ›› Issue (6): 843-852.DOI: 10.7523/j.ucas.2022.043

• 简报 • 上一篇    

一种密码测评工具自动化调度方法及实现

张萌, 王平建, 陈天宇   

  1. 中国科学院数据与通信保护研究教育中心, 北京 100093;中国科学院大学网络空间安全学院, 北京 100049;中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093
  • 收稿日期:2021-10-26 修回日期:2022-04-21 发布日期:2022-04-26
  • 通讯作者: 王平建,E-mail:wangpingjian@iie.ac.cn
  • 基金资助:
    国家重点研发计划(2018YFB0804303)资助

An automatic scheduling method and implementation of cryptographic evaluation tools

ZHANG Meng, WANG Pingjian, CHEN Tianyu   

  1. CAS Data Assurance & Communications Security Center, Beijing 100093, China;School of Cyberspace Security, University of Chinese Academy of Sciences, Beijing 100049, China;State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2021-10-26 Revised:2022-04-21 Published:2022-04-26

摘要: 提出一种密码测评工具自动化调度平台方案,该方案能够依据测评工具之间的依赖关系进行自动化装配,调度测评任务有序开展,归集测评中间数据并调度实时数据流转,根据模板输出报告,并支持产品接入、新建系统、系统运行3种测评场景。测评人员只需上传测评对象的应用场景拓扑图,在图中标识检查点选择所要使用的测评工具,然后通过调度平台向测评工具发送调度指令即可完成测评任务。调度平台采用网络接口调度测评工具,具有可扩展性,现有的测评工具只需依据本文提出的测评工具统一接口模型进行适配调整即可集成到调度平台中接受调度。

关键词: 密码测评工具, 自动调度, 测评工具模型, 调度平台

Abstract: In the process of cryptographic application evaluation, the evaluators complete the on-site evaluation and result analysis with the help of cryptographic evaluation tools. In practical application, the evaluators often need to use multiple evaluation tools in series. The output of one cryptographic evaluation tool needs to be used as the input of another tool to obtain further detection results. For example, when analyzing the SSL protocol, the digital certificate used for authentication should be extracted to complete the certificate format compliance verification. However, the existing evaluation tools are usually designed and developed independently for specific evaluation purposes, and they do not have the ability to work together with each other. The input and output data required by each tool still need evaluators to carry out manual collection, data conversion, import and export, which is time-consuming and labor-consuming, and it is easy to introduce manual errors in the process of processing data. This paper proposes a scheme of automatic scheduling platform for cryptographic evaluation tools. The scheme can automatically assemble according to the dependency between evaluation tools, schedule evaluation tasks in an orderly manner, collect evaluation intermediate data and schedule real-time data flow, output reports according to templates, and support three evaluation scenarios:product access, new system and system operation. Evaluators only need to upload the application scenario topology map of the evaluation object, identify checkpoints in the map, select the evaluation tool to be used, and then send scheduling instructions to the evaluation tool through the scheduling platform to complete the evaluation task. The scheduling platform adopts the network interface scheduling evaluation tool, which has scalability. The existing evaluation tools only need to be adapted and adjusted according to the unified interface model of evaluation tools proposed in this paper, and can be integrated into the scheduling platform to accept scheduling.

Key words: cypher evaluation tool, automatic scheduling, evaluation tool model, dispatching platform

中图分类号: