簡易檢索 / 詳目顯示
| 研究生: |
姜翰杰 Chiang, Han-Chieh |
|---|---|
| 論文名稱: |
數位電視平台之弱點強化與動態偵防機制 Hardened Vulnerability and Dynamic Monitoring for DVB-Multimedia Home Platform |
| 指導教授: |
侯廷偉
Hou, Ting-Wei |
| 學位類別: |
碩士 Master |
| 系所名稱: |
工學院 - 工程科學系碩士在職專班 Department of Engineering Science (on the job class) |
| 論文出版年: | 2009 |
| 畢業學年度: | 97 |
| 語文別: | 中文 |
| 論文頁數: | 77 |
| 中文關鍵詞: | 開放式服務平台 、互動式數位電視平台 、Java 安全性 、惡意攻擊 |
| 外文關鍵詞: | Malicious attacks, Java Security, MHP, OSGi |
| 相關次數: | 點閱:63 下載:1 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
MHP數位電視平台,以Java執行環境為基礎,讓服務(應用程式)得以動態的從無線電波或者網路上下載並直接安裝,提供了平台的可擴充性,使得服務更為多元化。但是在現有的Java安全機制下,仍有可能遭受惡意的程式攻擊。
Parrend 及 Frenot提出的方法,除沿用既有的Java 使用權限(Permissions)之外,對OSGi平台又補強了8種可能發生在平台上的攻擊防護,使得平台保護比,由41%提昇至66%。但此法仍然具潛在的危險,主要的因素是無偵測的能力,尤其是當惡意的程式不在定義的列表中,或者是濫用合法資源的攻擊時,無法進一步察覺並採取適當的措施。此外我們實驗室研發的“OSGi動態偵防系統也加入了偵防的能力,使得就算平台受到攻擊也可以察覺,並進行移除或隔離的保護措施。我們認為,上述的兩種方法存在著互補的關係,當兩種方法同時存在時,能夠解決兩平台彼此的缺點。在我們的研究中發現,OSGi和MHP平台對於應用程式的管理非常類似,所以在OSGi上會發生的問題也有可能發生在MHP平台上,因此本研究將上述的兩種方法整合,並應用在MHP平台上。
實驗結果顯示,雖然整合上述的兩種方法會比完全不使用任何方法的MHP平台慢99%到350%(執行期間只有慢12%到82%),但卻可以使得平台保護比由41% 提升至69%,另外,Parrend and Frenot的方法中,無法做到移除無窮迴圈的弱點,也可以獲得解決。
Multimedia Home Platform (MHP) is an open platform for DVB. An MHP platform is based on a Java execution environment, whose characteristics provide the MHP platform more extendibility and diversification. However, current Java security still has some weak points.
Parrend and Frenot proposed to use Java Permission to improve the security of OSGi platforms. Their approach improves the protection rate from 41% to 66%. Our lab also proposed another approach which not only uses the Java Permission, but also added a strategic decision to determine malicious attacks on OSGi platforms. Since OSGi and MHP have a similar model of application management, and there has not related approaches on how to harden MHP platforms, we porpose to integrate the previous two approaches to further harden MHP platforms.
The experimental result shows that the hardened MHP platform degraded form 99% to 350% (the execution time increased only 12% to 82%). Moreover, the protection ratio is also raised from 41% to 69%. Besides, our approach is able to remove the infinite-loop weakness of Parrent and Fenot’s approach.
[1] Digital Video Broadcasting (DVB); Multimedia Home Platform (MHP) Specification 1.1.1, ETSI TS 102 812 V1.2.1 (2003-06).
[2] Helayne T. Ray, Raghunath Vemuri, Hariprasad R. Kantubhukta, “Toward an Automated Attack Model for Red Teams”, IEEE Security and Privacy, VOL.3, NO.4, July-Aug 2005.
[3] James P. Anderson, “Computer Security Threat Monitoring and Surveillance”, Technical report, 1980.
[4] Ovidiu DOBRE, “Java-Security Concepts”, Advanced System Seminar, Departement of Computer Science System Architecture Group, July 2003.
[5] Sun Microsystems, “Java Security Architecture”, available from http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/security-spec.doc1.html#21150
[6] D. S.Wallach and E. W. Felten, “Understanding Java Stack Inspection”, in the Proceedings of Security and Privacy, May 1998.
[7] Sun Microsystems, ”Default Policy Implementation and Policy File Syntax”, available from http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html
[8] Sun Microsystems, ”Permissions in the Java 2 SDK”, available from http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html
[9] Steven Morris and Anthony Smith-Chaigneau, Interactive TV Standards, Focal Press, 2005.
[10] P. Parrend, S. Frenot, “Security benchmarks of OSGi platforms: Toward hardened OSGi”, Software: Practice and Experience, 2008, online available, http://www3.interscience.wiley.com/journal/121505042/abstract?CRETRY=1&SRETRY=0
[11] The MHP Knowledge Project,”The MHP-Guide”, MHP-KDB, Technical report, 2006.
[12] Steven Morris, “Interactive TV web”, 2004,available from http://www.interactivetvweb.org/index.shtml
[13] L.Gong, Ellison, G. & Dadgeforde, M., Inside Java 2 Platform Security - Architecture API Design and Implementation, Addison-Wesley, Second Edition, 2003.
[14] T.Aslam, A Taxonomy of Security Faults in the Unix Operating System, Master’s thesis, Purdue University, 1995.
[15] P. Parrend, S. Frenot, “Java Components Vulnerabilities-An Experimental Classification Targeted at the OSGi Platform”, Research Report RR-6231, INRIA, June 2007.
[16] 黃啟智, OSGi平台之動態偵防系統,碩士論文,國立成功大學工程科學系, 2007.
[17] XleTView web forum, available from http://xletview.sourceforge.net/
[18] Sun Microsystems, ”JAR Signing and Verification Tool”, available from http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/jarsigner.html
[19] Sun Microsystems, ”Key and Certificate Management Tool”, available from http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
[20] Sun Microsystems, “Virtual Machine Profiler Interface (JVMPI)”, available from http://java.sun.com/j2se/1.4.2/docs/guide/jvmpi/jvmpi.html
[21] OpenMHP web forum, available from http://www.openmhp.org/forum/
[22] MHP official website, available from http://www.mhp.org/
[23] John Corwin, David Bacon, David Grove, Chet Murthy, ”A Rational Module System for Java and its Applications”, Technical report, IBM Research, 2003.
[24] P. Parrend, S. Frenot, “Supporting the secure Deployment of OSGi Bundles”, Technical Repport, INRIA, June 2007.
[25] P. Parrend, S. Frenot, “Secure Component Deployment in the OSGi Release 4 Platform”, Technical Repport, INRIA, June 2006.
[26] Junchun Luo, “Home network application security (MHP)”, Technical report, Department of Computer Science and Engineering, Helsinki University of Technology, 2002.
[27] Sun Microsystems, ”Policy File Creation and Management Tool”, available from http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/policytool.html
校內:2010-02-11公開校外:2010-02-11公開