命令行接口模糊測試漏洞挖掘研究及應(yīng)用
網(wǎng)絡(luò)安全與數(shù)據(jù)治理 7期
樊志強1,王洪宇1,劉日昇2
(1.中興通訊股份有限公司南京研究所,江蘇南京210012;2.中興通訊股份有限公司上海研究所,上海201203)
摘要: 5G數(shù)據(jù)網(wǎng)絡(luò)設(shè)備是現(xiàn)代通信的基礎(chǔ)設(shè)施,其安全可靠性直接影響整個網(wǎng)絡(luò)的安全可靠程度。命令行接口作為網(wǎng)絡(luò)設(shè)備的基本操作接口,研究其存在的漏洞對提升整個網(wǎng)絡(luò)安全具有至關(guān)重要的意義。基于模糊測試提出一種命令行接口漏洞挖掘方法,并對注入點分析及界定、模糊測試漏洞挖掘數(shù)據(jù)模型處理、模糊測試算法優(yōu)化及模糊測試漏洞挖掘流程等關(guān)鍵技術(shù)及過程進行深入研究。研究成果直接運用到命令行接口模糊測試漏洞挖掘系統(tǒng)中,實現(xiàn)包含網(wǎng)絡(luò)設(shè)備信息收集、模糊測試漏洞挖掘數(shù)據(jù)建模、網(wǎng)絡(luò)設(shè)備響應(yīng)信息分析、模糊測試漏洞挖掘執(zhí)行、漏洞挖掘后分析及生成漏洞報告等關(guān)鍵功能。最后對未來提升命令行接口模糊測試漏洞挖掘系統(tǒng)的效率和有效性進行了討論和展望。
中圖分類號:TP309
文獻標(biāo)識碼:A
DOI:10.19358/j.issn.2097-1788.2023.07.010
引用格式:樊志強,王洪宇,劉日昇.命令行接口模糊測試漏洞挖掘研究及應(yīng)用[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2023,42(7):61-66,78.
文獻標(biāo)識碼:A
DOI:10.19358/j.issn.2097-1788.2023.07.010
引用格式:樊志強,王洪宇,劉日昇.命令行接口模糊測試漏洞挖掘研究及應(yīng)用[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2023,42(7):61-66,78.
Research and application of CLI vulnerability mining by fuzz testing
Fan Zhiqiang1,Wang Hongyu1,Liu Risheng2
(1.ZTE Nanjing Institute,Nanjing 210012,China; 2.ZTE Shanghai Institute,Shanghai 201203,China)
Abstract: 5G data network devices are the infrastructure of modern communications, and the security and reliability directly ensure that the entire network is secure and reliable. As the basic operating interface of network devices, the command line interface is of vital significance for improving the security of the entire network. Based on the fuzz testing, a command line interface vulnerability mining method is proposed, and the key technologies and processes such as injection point analysis and definition, fuzziness test vulnerability mining data model processing, fuzziness test algorithm optimization and fuzziness test vulnerability mining process are studied deeply. The research results are directly applied to the fuzziness vulnerability mining system of the command line interface to implement key functions such as network device information collection, fuzziness data modeling, network device response information analysis, vulnerability mining execution, analysis after vulnerability mining, and vulnerability report generation. Finally, it discusses and looks to the future to improve the efficiency and effectiveness of the fuzziness vulnerability mining system of the command line interface.
Key words : fuzz testing; command line interface; network equipment; vulnerability mining; network security
0 引言
命令行接口(Command Line Interface, CLI)是網(wǎng)絡(luò)設(shè)備最常見也是最重要的操作維護管理接口(Operation Administration and Maintenance, OAM),特別是大型的網(wǎng)絡(luò)設(shè)備,例如5G承載高端路由器和高端交換機[1-2]等。網(wǎng)絡(luò)設(shè)備運行的重要參數(shù)都是通過CLI方式錄入到網(wǎng)絡(luò)設(shè)備系統(tǒng)中。隨著網(wǎng)絡(luò)設(shè)備OAM技術(shù)的發(fā)展,網(wǎng)絡(luò)設(shè)備制造者商和操作維護軟件公司均提供了基于Web的可視化網(wǎng)絡(luò)管理工具,以方便運維人員以圖形化的方式對網(wǎng)絡(luò)設(shè)備進行維護和管理,但基于Web的網(wǎng)絡(luò)管理工具底層仍然會調(diào)用CLI接口對網(wǎng)絡(luò)設(shè)備進行操作和配置。所以CLI安全可靠性對于整個網(wǎng)絡(luò)設(shè)備的安全起著至關(guān)重要的作用。
本文詳細(xì)內(nèi)容請下載:http://m.xxav2194.com/resource/share/2000005422
作者信息:
樊志強1,王洪宇1,劉日昇2
(1.中興通訊股份有限公司南京研究所,江蘇南京210012;2.中興通訊股份有限公司上海研究所,上海201203)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。