北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2021, Vol. 44 ›› Issue (2): 40-46.doi: 10.13190/j.jbupt.2020-183

• 未来网络体系架构和关键技术专题 • 上一篇    下一篇

基于抽象原则和模型检测的网络协议安全分析

王晓楠1, 符劲轩1, 虞红芳1, 孙罡1, 陈海兵2   

  1. 1. 电子科技大学 信息与通信工程学院, 成都 611731;
    2. 中电科网络空间安全研究院有限公司, 北京 610041
  • 收稿日期:2020-09-22 出版日期:2021-04-28 发布日期:2021-04-28
  • 通讯作者: 孙罡(1979-),男,教授,博士生导师,E-mail:gangsun@uestc.edu.cn. E-mail:gangsun@uestc.edu.cn
  • 作者简介:王晓楠(1995-),女,硕士生.
  • 基金资助:
    国家重点研发计划项目(2019YFB1802800)

Network Protocol Security Analysis Based on Abstract Principle and Model Detection

WANG Xiao-nan1, FU Jin-xuan1, YU Hong-fang1, SUN Gang1, CHEN Hai-bing2   

  1. 1. School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China;
    2. CLP Network Space Security Research Institute Company with Limited Liability, Beijing 610041, China
  • Received:2020-09-22 Online:2021-04-28 Published:2021-04-28

摘要: 提出了一种可以缓解状态空间爆炸的抽象原则,对模型设计过程中的辅助变量、报文字段、自动状态机数量进行科学约简,在尽量不影响验证结果准确度的前提下,降低了模型的复杂度.在此基础上,提出了一种半自动化建模框架,只需用户提供少量必须的输入,不需要学习语法,就可以自动生成具有统一规范的模型,方便研究人员查阅和使用.实验结果表明,采用所提的抽象原则和半自动化建模框架创建的模型,可以验证网络协议的相关属性.

关键词: 模型检测, 网络协议, 抽象原则

Abstract: An abstract principle is proposed to mitigate the explosion of state space.The proposed scheme scientifically reduces the auxiliary variables, message fields and numbers of automatic state machines in the process of model design, and reduces the complexity and size of the model on the premise of minimizing the accuracy of verification results.A semi-automatic modeling framework is proposed thereafter, which can automatically generate models with uniform specifications with only a small amount of input provided by users and no need to learn grammar, which is convenient for researchers to consult and use.Experiments show that the model based on the proposed abstract principle and the semi-automatic modeling framework can verify the properties of the network protocol.

Key words: model detection, network protocol, abstract principle

中图分类号: