| With the development of Internet,the security of network infrastructure and basic services are becoming increasingly important, as they are the basis of other network services and applications. As a link of Internet, the security of DNS directly determines that of the entire network, so it is crucial to protect the DNS.It is so difficult to guarantee DNS security mainly because Internet is an open complex giant system essentially, with its complex structure and lack of necessary security protection which make DNS exploited by the vulnerability. Currently, DNS security has not been paid enough attention and the related research drops behind.So this paper first concisely introduced the system structure and the working principle of DNS, then detailed analysis of existing vulnerability in DNS system was given from aspects of design, implementation and operation respectively. Attacks are also introduced according to the corresponding vulnerabilities:protocol design vulnerability violates data integrity and authenticity, and the faults are widespreaded in DNS. At the same time, redundancy is substantially reduced which incurring prevalent single point of failures. As a result of system expansion, management difficulties increase dramatically.To solve the research deficiency in DNS vulnerability, this dissertation presents the concept of atomic and composite vulnerability as well as the corresponding classification, and describes DNS vulnerability in essence. Based on the extended finite state machine, this dissertation outlines the DNS vulnerability analysis model, and the resolution process of DNS is formalized integrating vulnerability classification. Based on the reliability theory, the quantitative assessment method of DNS vulnerability is presented, and the vulnerability index of DNS is evaluated according to the vulnerability classification. |
PDF Full Text Request