Software-Defined Network (SDN) is getting popular and increasingly deployed in both of academia and industry. As a result of which, its security issue is being magnified as a critical controversy, and some pioneering researchers have investigated the vulnerabilities of SDN to discover the feasibility of compromising SDN networks. Especially, they prove that a simple malicious/buggy SDN application running on an SDN controller can kill an SDN control plane because it usually has a right to access the resources of SDN controller. To address this issue, we focus on the malicious SDN application themselves (i.e., how to understand if an SDN application is malicious). In this context, we consider analyzing SDN applications before running in a static manner. We present SHIELD, a new automated framework for static analysis of SDN applications carefully considering SDN abilities. SHIELD provides the Control-Flow Graph (CFG) and critical flows of SDN applications. We evaluate the effectiveness of SHIELD with 33 real world applications (both benign and malicious applications), and from the results, we define 10 malicious behaviors of SDN applications.
{"title":"SHIELD: An Automated Framework for Static Analysis of SDN Applications","authors":"Chanhee Lee, Seungwon Shin","doi":"10.1145/2876019.2876026","DOIUrl":"https://doi.org/10.1145/2876019.2876026","url":null,"abstract":"Software-Defined Network (SDN) is getting popular and increasingly deployed in both of academia and industry. As a result of which, its security issue is being magnified as a critical controversy, and some pioneering researchers have investigated the vulnerabilities of SDN to discover the feasibility of compromising SDN networks. Especially, they prove that a simple malicious/buggy SDN application running on an SDN controller can kill an SDN control plane because it usually has a right to access the resources of SDN controller. To address this issue, we focus on the malicious SDN application themselves (i.e., how to understand if an SDN application is malicious). In this context, we consider analyzing SDN applications before running in a static manner. We present SHIELD, a new automated framework for static analysis of SDN applications carefully considering SDN abilities. SHIELD provides the Control-Flow Graph (CFG) and critical flows of SDN applications. We evaluate the effectiveness of SHIELD with 33 real world applications (both benign and malicious applications), and from the results, we define 10 malicious behaviors of SDN applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127261699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With network functions virtualization, an organization gains an ability to provide a much more agile security infrastructure. In this paper we focus on vulnerabilities and challenges created by this new flexibility itself. In particular, using Bro as a case study, we present i) a framework for testing Bro scripts using a packet traces, ii) a complementary framework for testing the performance impact of Bro scripts, iii) a continuous integration system for triggering automatic testing in response to code changes. With this system, security administrators are protected against logic errors in new and modified scripts as well as performance degradation.
{"title":"Taking the Surprise out of Changes to a Bro Setup","authors":"Matthew Monaco, Alex Tsankov, Eric Keller","doi":"10.1145/2876019.2876031","DOIUrl":"https://doi.org/10.1145/2876019.2876031","url":null,"abstract":"With network functions virtualization, an organization gains an ability to provide a much more agile security infrastructure. In this paper we focus on vulnerabilities and challenges created by this new flexibility itself. In particular, using Bro as a case study, we present i) a framework for testing Bro scripts using a packet traces, ii) a complementary framework for testing the performance impact of Bro scripts, iii) a continuous integration system for triggering automatic testing in response to code changes. With this system, security administrators are protected against logic errors in new and modified scripts as well as performance degradation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130909552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network flow classification is fundamental to network management and network security. However, it is challenging to classify network flows at very high line rates while simultaneously preserving user privacy. Machine learning based classification techniques utilize only meta-information of a flow and have been shown to be effective in identifying network flows. We analyze a group of widely used machine learning classifiers, and observe that the effectiveness of different classification models depends highly upon the protocol types as well as the flow features collected from network data.We propose vTC, a design of virtual network functions to flexibly select and apply the best suitable machine learning classifiers at run time. The experimental results show that the proposed NFV for flow classification can improve the accuracy of classification by up to 13%.
{"title":"vTC: Machine Learning Based Traffic Classification as a Virtual Network Function","authors":"Lu He, Chen Xu, Yan Luo","doi":"10.1145/2876019.2876029","DOIUrl":"https://doi.org/10.1145/2876019.2876029","url":null,"abstract":"Network flow classification is fundamental to network management and network security. However, it is challenging to classify network flows at very high line rates while simultaneously preserving user privacy. Machine learning based classification techniques utilize only meta-information of a flow and have been shown to be effective in identifying network flows. We analyze a group of widely used machine learning classifiers, and observe that the effectiveness of different classification models depends highly upon the protocol types as well as the flow features collected from network data.We propose vTC, a design of virtual network functions to flexibly select and apply the best suitable machine learning classifiers at run time. The experimental results show that the proposed NFV for flow classification can improve the accuracy of classification by up to 13%.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123697218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security vulnerability assessment is an important process that must be conducted against any system before the deployment, and emerging technologies are no exceptions. Software-Defined Networking (SDN) has aggressively evolved in the past few years and is now almost at the early adoption stage. At this stage, the attack surface of SDN should be thoroughly investigated and assessed in order to mitigate possible security breaches against SDN. Inspired by the necessity, we reveal three attack scenarios that leverage SDN application to attack SDNs, and test the attack scenarios against three of the most popular SDN controllers available today. In addition, we discuss the possible defense mechanisms against such application-originated attacks.
{"title":"The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment","authors":"Seungsoo Lee, Changhoon Yoon, Seungwon Shin","doi":"10.1145/2876019.2876024","DOIUrl":"https://doi.org/10.1145/2876019.2876024","url":null,"abstract":"Security vulnerability assessment is an important process that must be conducted against any system before the deployment, and emerging technologies are no exceptions. Software-Defined Networking (SDN) has aggressively evolved in the past few years and is now almost at the early adoption stage. At this stage, the attack surface of SDN should be thoroughly investigated and assessed in order to mitigate possible security breaches against SDN. Inspired by the necessity, we reveal three attack scenarios that leverage SDN application to attack SDNs, and test the attack scenarios against three of the most popular SDN controllers available today. In addition, we discuss the possible defense mechanisms against such application-originated attacks.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121789942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.
{"title":"Leveraging SDN to Improve the Security of DHCP","authors":"Jacob H. Cox, R. Clark, H. Owen","doi":"10.1145/2876019.2876028","DOIUrl":"https://doi.org/10.1145/2876019.2876028","url":null,"abstract":"Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125674645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wonkyu Han, Ziming Zhao, Adam Doupé, Gail-Joon Ahn
Honeynet is a collection of honeypots that are set up to attract as many attackers as possible to learn about their patterns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to circumvent attackers' detection mechanisms and enables fine-grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.
{"title":"HoneyMix: Toward SDN-based Intelligent Honeynet","authors":"Wonkyu Han, Ziming Zhao, Adam Doupé, Gail-Joon Ahn","doi":"10.1145/2876019.2876022","DOIUrl":"https://doi.org/10.1145/2876019.2876022","url":null,"abstract":"Honeynet is a collection of honeypots that are set up to attract as many attackers as possible to learn about their patterns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to circumvent attackers' detection mechanisms and enables fine-grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124305816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.
{"title":"Timing SDN Control Planes to Infer Network Configurations","authors":"J. Sonchack, Adam J. Aviv, Eric Keller","doi":"10.1145/2876019.2876030","DOIUrl":"https://doi.org/10.1145/2876019.2876030","url":null,"abstract":"In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126656677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska
Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.
NFV (Network Function Virtualization)应用是有状态的。例如,CDN (Content Distribution Network)缓存来自远程服务器的web内容,并将其提供给客户端。类似地,入侵检测系统(IDS)和入侵防御系统(IPS)同时具有单流和多流(共享)状态,以正确响应入侵。在当今的NFV基础设施中,许多安全漏洞允许攻击者窃取和操纵共享物理资源的NFV应用程序的内部状态。在本文中,我们提出了一种新的保护方案,S-NFV,它结合了英特尔软件保护扩展(英特尔SGX)来安全隔离NFV应用程序的状态。
{"title":"S-NFV: Securing NFV states by using SGX","authors":"Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska","doi":"10.1145/2876019.2876032","DOIUrl":"https://doi.org/10.1145/2876019.2876032","url":null,"abstract":"Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122014615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiang Pan, V. Yegneswaran, Yan Chen, Phillip A. Porras, Seungwon Shin
Cyber Threat Intelligence (CTI) sharing facilitates a comprehensive understanding of adversary activity and enables enterprise networks to prioritize their cyber defense technologies. To that end, we introduce HogMap, a novel software-defined infrastructure that simplifies and incentivizes collaborative measurement and monitoring of cyber-threat activity. HogMap proposes to transform the cyber-threat monitoring landscape by integrating several novel SDN-enabled capabilities: (i) intelligent in-place filtering of malicious traffic, (ii) dynamic migration of interesting and extraordinary traffic and (iii) a software-defined marketplace where various parties can opportunistically subscribe to and publish cyber-threat intelligence services in a flexible manner. We present the architectural vision and summarize our preliminary experience in developing and operating an SDN-based HoneyGrid, which spans three enterprises and implements several of the enabling capabilities (e.g., traffic filtering, traffic forwarding and connection migration). We find that SDN technologies greatly simplify the design and deployment of such globally distributed and elastic HoneyGrids.
{"title":"HogMap: Using SDNs to Incentivize Collaborative Security Monitoring","authors":"Xiang Pan, V. Yegneswaran, Yan Chen, Phillip A. Porras, Seungwon Shin","doi":"10.1145/2876019.2876023","DOIUrl":"https://doi.org/10.1145/2876019.2876023","url":null,"abstract":"Cyber Threat Intelligence (CTI) sharing facilitates a comprehensive understanding of adversary activity and enables enterprise networks to prioritize their cyber defense technologies. To that end, we introduce HogMap, a novel software-defined infrastructure that simplifies and incentivizes collaborative measurement and monitoring of cyber-threat activity. HogMap proposes to transform the cyber-threat monitoring landscape by integrating several novel SDN-enabled capabilities: (i) intelligent in-place filtering of malicious traffic, (ii) dynamic migration of interesting and extraordinary traffic and (iii) a software-defined marketplace where various parties can opportunistically subscribe to and publish cyber-threat intelligence services in a flexible manner. We present the architectural vision and summarize our preliminary experience in developing and operating an SDN-based HoneyGrid, which spans three enterprises and implements several of the enabling capabilities (e.g., traffic filtering, traffic forwarding and connection migration). We find that SDN technologies greatly simplify the design and deployment of such globally distributed and elastic HoneyGrids.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132920169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As Software-defined architectures, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), are getting popular, the necessity of software-based switch (a.k.a., software switch) is also increasing because it can adopt new functions/features without much difficulty compared with hardware-based switches. Nowadays we can easily observe that researchers devise new network functions and embed them into a software switch. However, most those proposals are highly biased at network communities, and thus it is hard to find some trials of leveraging the abilities of a software switch for security. In this paper, we consider that how we can enrich security functions/features in software-defined environments, and in this context we propose a new software switch architecture - with the name of UNISAFE - that can enable diverse security actions. Furthermore, UNISAFE provides action clustering which joins UNISAFE actions of multiple-flows together. It makes that UNISAFE can check flows synthetically, and thus a user can establish effective security policies and save system resources. In addition, we describe the design and implementation of UNISAFE and suggest some use-cases for how UNISAFE works.
{"title":"UNISAFE: A Union of Security Actions for Software Switches","authors":"Taejune Park, Yeonkeun Kim, Seungwon Shin","doi":"10.1145/2876019.2876025","DOIUrl":"https://doi.org/10.1145/2876019.2876025","url":null,"abstract":"As Software-defined architectures, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), are getting popular, the necessity of software-based switch (a.k.a., software switch) is also increasing because it can adopt new functions/features without much difficulty compared with hardware-based switches. Nowadays we can easily observe that researchers devise new network functions and embed them into a software switch. However, most those proposals are highly biased at network communities, and thus it is hard to find some trials of leveraging the abilities of a software switch for security. In this paper, we consider that how we can enrich security functions/features in software-defined environments, and in this context we propose a new software switch architecture - with the name of UNISAFE - that can enable diverse security actions. Furthermore, UNISAFE provides action clustering which joins UNISAFE actions of multiple-flows together. It makes that UNISAFE can check flows synthetically, and thus a user can establish effective security policies and save system resources. In addition, we describe the design and implementation of UNISAFE and suggest some use-cases for how UNISAFE works.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131356046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: