Yichuan Wang, He Wang, Xinhong Hei, Wenjiang Ji, Lei Zhu
{"title":"心脏出血的Petri网建模与漏洞分析","authors":"Yichuan Wang, He Wang, Xinhong Hei, Wenjiang Ji, Lei Zhu","doi":"10.1109/NaNA53684.2021.00034","DOIUrl":null,"url":null,"abstract":"In recent years, a variety of network attacks emerge in an endless stream, and network attacks gradually show the characteristics of higher secrecy and greater harm. At present, the analysis of system vulnerabilities is generally focused on the characteristics analysis and impact hazard level, and lack of formal modeling and vulnerability analysis methods. In this paper, we model the OpenSSL service’s Heartbleed vulnerability based on Petri net. We build a formal model combined with the source code and system state, analyze the vulnerability of the system running state, and propose an automatic vulnerability repair scheme. Experiments show that this model can carry out fine-grained formal analysis and simulation of the Heartbleed, which is of great significance to explore the system vulnerability modeling method.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Petri net modeling and vulnerability analysis of the Heartbleed\",\"authors\":\"Yichuan Wang, He Wang, Xinhong Hei, Wenjiang Ji, Lei Zhu\",\"doi\":\"10.1109/NaNA53684.2021.00034\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, a variety of network attacks emerge in an endless stream, and network attacks gradually show the characteristics of higher secrecy and greater harm. At present, the analysis of system vulnerabilities is generally focused on the characteristics analysis and impact hazard level, and lack of formal modeling and vulnerability analysis methods. In this paper, we model the OpenSSL service’s Heartbleed vulnerability based on Petri net. We build a formal model combined with the source code and system state, analyze the vulnerability of the system running state, and propose an automatic vulnerability repair scheme. Experiments show that this model can carry out fine-grained formal analysis and simulation of the Heartbleed, which is of great significance to explore the system vulnerability modeling method.\",\"PeriodicalId\":414672,\"journal\":{\"name\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NaNA53684.2021.00034\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Petri net modeling and vulnerability analysis of the Heartbleed
In recent years, a variety of network attacks emerge in an endless stream, and network attacks gradually show the characteristics of higher secrecy and greater harm. At present, the analysis of system vulnerabilities is generally focused on the characteristics analysis and impact hazard level, and lack of formal modeling and vulnerability analysis methods. In this paper, we model the OpenSSL service’s Heartbleed vulnerability based on Petri net. We build a formal model combined with the source code and system state, analyze the vulnerability of the system running state, and propose an automatic vulnerability repair scheme. Experiments show that this model can carry out fine-grained formal analysis and simulation of the Heartbleed, which is of great significance to explore the system vulnerability modeling method.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
