【作者】 皮建勇；

【导师】 刘心松；

【作者基本信息】 电子科技大学 ， 计算机系统结构， 2008， 博士

【摘要】 随着Internet的迅猛发展，电子商务与电子政务的兴起，对高性能计算的普遍需求，使得分布式并行系统得到了越来越广泛的应用。然而，任何一个分布式并行系统在构建过程中，在操作系统、网络协议、应用程序上都会因为设计缺陷带来安全漏洞，使得分布式并行计算环境下存在着大量的安全风险，包括恶意代码、网络窃听、缓冲溢出、拒绝服务等攻击形式。为了有效抵御这些安全威胁，本文研究了分布式并行系统计算环境下三种重要的安全机制：身份认证与密钥协商、分布式并行访问控制、分布式并行入侵检测。首先给出了分布式并行系统的定义、安全风险分析和安全技术需求，然后详尽而深入地分析了目前国内外研究团体在安全模型、身份认证和密钥协商算法、分布式访问控制模型、基于主机的异常入侵检测模型、分布式入侵检测模型上已有的研究结果和有待解决的问题。安全模型是构造分布式并行安全系统的基础，是指导安全策略和安全机制之间相互关联、相互协作的框架。本文遵循了动态安全模型P2DR的基本安全框架：安全策略(Policy)、防护(Protection)、检测(Detection)、响应(Response)。将身份认证与密钥协商、分布式并行访问控制、分布式并行入侵检测三者围绕分布式安全策略有机地结合在一起。身份认证(IdentityAuthentication)与密钥协商(KeyAgreement)是分布式并行计算环境下结点之间通信安全的基础，本文提出一个基于有限域上离散对数的身份认证和密钥协商体制，这个密码安全体制不仅克服了传统的基于PKI／CA密码体制的公钥管理复杂性，也消除了CA认证中心带来的通信瓶颈问题，该密码安全体制能很好地适用于AdHoc和DPLinux等完全分布式并行计算环境。对该密码安全体制进行安全分析后表明：该体制能有效地抵御网络中的消息重放攻击和中间人攻击，并有较高的运行效率。分布式并行访问控制是分布式并行系统的被动防御机制，它体现了分布式并行系统中的信息实体都处于安全策略下的可控状态。随着分布式并行系统对可伸缩性和资源动态性的要求越来越高，基于角色访问控制(Role Based Access Control，RBAC)灵活的授权特点得到了广泛的应用。为了能更加充分地表达现实世界中复杂的、动态的访问控制授权关系，提出了一个基于任务的动态角色访问控制模型——TD-RBAC(Task-based Dynamic RBAC)。本文采用扩展谓词任务模型描述并发事务逻辑，在基于任务的并发执行活动网络模型上分析出各个任务之间的动态约束关系，从而在传统RBAC模型基础上扩展了动态的角色约束关系。性能评估分析结果显示TD-RBAC模型在分布式并行计算环境下具有较好的访问控制效率。在此基础上，本文提出一个基于任务的访问控制模型(TBAC)和基于角色的访问控制模型(RBAC)相结合的，基于分布式并行计算环境的访问控制模型——DPTRBAC(Distributed Parallel Task＆Role Based Access Control)模型，DPTRBAC模型通过语义网有效地解决了分布式并行系统下安全策略的语义岐义性，将分布式并行系统中结点之间的访问控制安全策略冲突风险降至最低。分布式并行入侵检测是分布式并行系统的主动防御机制。本文首先提出一个基于空间扩维特征的入侵检测模型——SEDIDS(Spatial Expended Dimensioncharacter based Intrusion Detection System)，SEDIDS模型将访问控制模型抽象为多维安全拓扑空间，而安全漏洞是低维空间通向高维空间的通道，因此入侵攻击表现为访问细粒度的数据实体。SEDIDS模型直接检测信息系统中的数据实体的完整性，因此入侵检测效果更直观、更准确。进一步本文提出了基于访问控制的主机异常入侵检测模型ACBIDS(Access Control Based Intrusion Detection System)，首先分析了访问控制模型为了避免访问粒度过细而导致系统可用性的下降，因此访问控制在安全防御中具有宏观优势；同时异常入侵检测需要对复杂的信息系统建立正常访问轮廓，而导致与真实的访问模式偏差过大，从而使入侵检测模型的误报率(FNR)和漏报率(FPR)居高不下，因此入侵检测在安全防御中具有微观优势。基于访问控制的入侵检测有效地解决了这些问题，使得该模型具有很低的误报率和漏报率。分布式并行计算时代的到来，使得系统资源分散化，导致安全漏洞与安全风险的分散化，因此入侵攻击也演变为协同化攻击。本文提出一个完全分布式的误用入侵检测模型DPACBIDS(Distributed Parallel ACBIDS)，DPACBIDS模型基于分布式入侵攻击特征库，通过建立结点的资源关联图来决定结点ACBIDS模型捕获的异常数据发送需要发送的结点群，降低了分布式并行系统中的通信开销。同时采用改进的Wu-Manbe匹配算法应用于异常数据和入侵攻击特征库的匹配，提高了匹配效率，最后给出了算法的复杂度分析。通过实验表明，本文提出的DPACBIDS模型有效降低了结点间的通信开销，具有非常高的入侵响应效率。更多还原

【Abstract】 Along with the development of Intemet,electronic commerce and electronicgovernment affair have rapid growth,there are pervasive requirement for highperformance computing.Distributed parallel system become more and more popularthan before.Whereas in the construction process of any distributed parallel system,there are so many vulnerabilities because of the incorrect development in the operatingsystem,network protocol and application program.So the distributed parallelcomputing system is confronted with lots of security risk,including vice code,networkwiretapping,buffer overflow,deny of service attacks.In order to prevent from thesesecurity risk,the paper has proposed three main countermeasures:identityauthentication and key agreement,distributed parallel access control system,distributedparallel intrusion detection system.First present the definition of distributed parallelsystem,and analyze the security risk and security technicques requirement.And analyzethe existent research conclusion and problem in domestic and overseas research groups,which is about security model,identity authentication and key agreement,distributedaccess control model,host based anomaly intrusion detection model,distributedintrusion detection model.Security model is the infrastructure of distributed parallel security system,and isthe collaboration and association framework which comprise security policy andsecurity mechanism also.This paper according to the P2DR security model,which ispolicy,protection,detection,response,associate the identity authentication and keyagreement,distributed parallel access control,distributed parallel intrusion detectionorganically.Identity authentication and key agreement is the base of communication securitybetween nodes in distributed parallel computing system.The paper has proposedidentity authentication and key agreement scheme base on discrete logarithm to finitefield.The scheme not only overcome the complexity of public key management basedon PKI/CA cryptography,but also eliminate the bottleneck of communication from CAauthentication center.The cryptography is applicable for fully distributed parallel system environment(AdHoc,DPLinux etc.).The analysis of security for thecryptography demonstrate:the cryptography can resist the message replay attacks andman in the middle attacks,and have nice feasibility in practice.Distributed parallel access control is the passive defense mechanism.It embody allentity of distributed parallel system is controlled state under the security policy.Alongwith the more stricter in scalability and changeability,the role based access controlmodel is applied popularly for flexible authorization.In order to express thecomplicated and dynamic access control authorization relations in the real world,weproposed a novel model——TD-RBAC(Task-based Dynamic RBAC).We describe theconcurrent transaction logic by the extended predicate task model and find out thedynamic constraint relations among the tasks by analyzing the concurrent executive netof tasks.And accordingly we extend the dynamic role constraint relations based on thetraditional RBAC.The analysis result of the performance evaluating shows that theTD-RBAC has favorable access control efficiency under the distributed parallelcomputing.In addition,the paper proposed a novel access control model:DPTRBAC(Distributed Parallel Task & Role Based Access Control).DPTRBACinosculate the virtue of RBAC and TBAC,and account for different semantic meanings.The semantic net debased the risk of access control in DPTRBAC model.Distributed parallel intrusion detection is the active defense mechanism.The paperfirstly proposed a spatial expended dimension character based intrusion detectionsystem:SEDIDS,the model abstract the access control model into multiply dimensionsecurity topology space,and the vulnerability is the channels between normal andmultiply dimension space.So the intrusion attacks will access fine granularity data thannormal.SEDIDS is more intuitionistic and exact because of detection integrity of dataentity in information system.In addition,the paper proposed a RBAC based hostanomaly intrusion detection system (ACBIDS),the analysis is the following:accesscontrol performance will descend due to better fine granularity,so access control modelhave macroscopical virtue.Meanwhile,intrusion detection will construct a normalaccess profile for complex information system,which is difficult,there are high falsepositive rate(FPR) and high false negative rate(FNR),so intrusion detection model havemicrocosmic virtue.ACBIDS solve the problem,implement low FPR and FNR.The era of distributed parallel computing,the resource is distributed,which result in vulnerability and risk is scatted.Thereby the attacks evolve distributed andcoordinated attack.The paper proposed fully distributed parallel misuse intrusiondetection model:DPACBIDS(Distributed Parallel Access Control Based IntrusionDetection System).The model constructed resource associate graph for dispatchinganomalous data among nodes in distributed parallel system.Which is constructed bymisuse distributed parallel intrusion character database and anomalous data itself.Thescheme debased the overhead of nodes communication.While the paper adapt improvedWu-Manbe match algorithm for anomalous data and intrusion character database,enhance the efficiency of matching.Consequently,the paper described computationalcomplexity analysis.The experiment show the DPACBIDS model debased thecommunication overhead between nodes,and have high response efficiency.更多还原