| With the integration of information technology and industrialization process, missioncritical systems are widely used in aerospace, military equipment, medical equipment,industrial control, automotive electronics, finance-government and many other countriesin the field of critical information. They widely adopt multi-threaded, multi-processors,distributed and other information technology to improve its handling capacity, andgradually turn to the open internet environment. Meanwhile, they also bring a number ofcomplexity, uncertainty and security issues. The mission critical systems can be vulnerableto focus and damage of external hostile forces and internal permeation, once its functionfailure will cause disastrous consequences. The security for these systems are a concern, andconstructing a model to describe and detect software behaviors is an effective solution. However,the existing behavior modeling and detection techniques have some problems, such as how toaccurately describe the concurrent behavior, how to eliminate the ambiguity behavior, and how tocut down the state space to reduce the complexity of modeling. To address these problems, themain researches are as follows.Firstly, a software behavior formalization description and mapping mechanism basedon process algebra is proposed, to solove the problem that the existing models can noteffectively describe the characteristics of concurrent behaviors. Using the executable codeanalysis and control flow reconstruction technology, the method how to collect softwarebehavior information such as control flow and data flow from the executable code is given.Based on process algebra semantic and process equivalence, the mapping method from thecollected behavior information to the process algebraic is given. That establishes thecorresponding relationship between software behaviors and process algebra semantic,providing software behaviors with a sound theoretical basis for substitution calculus ofalgebra system.Secondly, a sequential behavior analysis and detection method based on processalgebra and systems calls is proposed, to solove the problem that the existing modelsintroduce the non determinism in the function merge process. This method is used for sequential behaviors that do not exist concurrent, and gives the algorithm that combine thesingle function process expression to get global process expression according to algebraicproperties and algorithm, to avoid introducing the non determinism, effectively improve theaccuracy and efficiency of model.Thirdly, a concurrent behavior analysis and detection method for multithreading isproposed, to solove the problem that can not effectively describe and detect concurrentbehaviors in multithreaded programs. The law how to express the concurrent is given, andformally describe the relationship in multithreading. Theoretical analysis and experimentdemonstrates the accuracy and efficiency of the method.Fourthly, a concurrent behavior analysis and detection method for distributed isproposed after fully considering the distributed technology widely used in the missioncritical systems. Based on the algebraic properties of process algebra, the methodeliminates the non determinism of process expression, and adds the concurrent operation, toaccurately describe the concurrency features among the mulit-host node communicationand collaboration. The synchronization process set and running state set are structured. Themigration rules and detection algorithm are given. The experiment demonstrates thespace–time complexity of the method.Finally, based on a subway automatic control simulation system analysis, thebehavior modeling and detection steps, the overall framework of the model, deploymentscheme model, and the attack response are given. The application process of the proposedmodel in mission critical systems is illustrated. |
PDF Full Text Request