动态异构冗余架构执行体同步算法研究与应用

doi:10.19678/j.issn.1000-3428.0253315

摘要/Abstract

摘要： 动态异构冗余架构（DHR）采用多维动态重构实现执行体的异构和冗余，基于策略裁决的闭环迭代实现系统的动态更新，赋予系统内在安全基因，使其具备天然的主动防御能力。然而，DHR通常需要执行体有较大的异构性以避免共有漏洞而造成的攻击逃逸现象，异构性带来的差异会导致执行体出现因应用程序状态转换不一致、加密输出不一致，导致的输出结果无法裁决的问题。本文针对上述问题，以分布式共识理论为基础，提出了一种隐藏领导者分布式共识算法。该算法采用基于相对时间的程序进程同步方法，解决异构执行体运行状态失步问题；采用密源归一化策略，解决异构执行体数据加密和报文中的随机数差异问题。具体介绍了算法的运行机理，给出了算法流程；最后搭建了验证平台对算法的有效性进行了对比测试。测试结果表明，在复杂进程调度应用中的不同实验场景下，该算法相较于已有的同步方法，可分别提升0.82%和5.65%的进程同步率，并能实现加密数据的正确裁决处理，吞吐量相较基于加密解密的密文裁决方法可提升大约68.38%。

Abstract: The Dynamic Heterogeneous Redundancy Architecture (DHR) uses multi-dimensional dynamic reconfiguration to achieve heterogeneity and redundancy of executors, and closed-loop iteration based on policy adjudication realizes dynamic update of the system, giving the system inherent security genes and making it have natural proactive defense capabilities. However, DHR usually requires large heterogeneity of the executor to avoid attack and escape caused by shared vulnerabilities. However, the differences caused by heterogeneity can lead to inconsistent application state transitions and inconsistent encryption output of the executor, resulting in the problem that the output results cannot be adjudicated. Aiming at the above problems, this paper proposes a hidden leader distributed consensus algorithm based on distributed consensus theory. The algorithm adopts a relative time-based program process synchronization method to solve the problem of out-of-step running state of heterogeneous executors, and adopts a secret source normalization strategy to solve the problems of data encryption and random number differences in messages of heterogeneous executors. The operating mechanism of the algorithm is introduced in detail and the algorithm flow is given. Finally, a verification platform is built to compare and test the effectiveness of the algorithm. Test results show that in complex process scheduling scenarios, compared with existing algorithms, this method can improve the process synchronization success rates by 0.82% and 5.65% respectively, and can achieve correct adjudication of encrypted data. Compared with the ciphertext adjudication method based on encryption and decryption, the throughput can be improved by approximately 68.38%.

欧阳玲, 李辉, 兰巨龙, 邬江兴. 动态异构冗余架构执行体同步算法研究与应用[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0253315.

Ouyang Ling, Li Hui, Lan Ju Long, Wu Jiang Xing. Research and Application of Executor Synchronization Algorithm for Dynamic Heterogeneous Redundant Architecture[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0253315.

参考文献

[1] 邬江兴.网络空间内生安全发展范式[J].中国科学:信息科学, 2022, 第52卷(02): 189-204. Wu J X. Development paradigms of cyberspace endogenous safety and security[J]. Scientia Sinica (Informationis), 2022, 52(02): 189-204.
[2] 邬江兴.内生安全赋能网络弹性工程[M]. 北京: 科学出版社, 2023. Wu J X. Cyber Resilience System Engineering Empowered by Endogenous Security and Safety[M]. Beijing: Science Press, 2023.
[3] 宋克, 刘勤让, 魏帅, 等. 基于拟态防御的以太网交换机内生安全体系结构[J]. 通信学报, 2020, 第41卷(5): 22-30. Song K, Liu Q R, Wei S, et al., Endogenous security architecture of Ethernet switch based on mimic defense[J]. Journal on Communications, 2020, 41(5): 22-30.
[4] 郭威, 谢光伟, 张帆, 等. 一种分布式存储系统拟态化架构设计与实现[J].计算机工程, 2020, 第46卷(6):12-19. Guo W, Xie G W, Zhang F, et al., Design and Implementation of a Mimic Architecture for Distributed Storage System[J]. Computer Engineering, 2020, 46(6):12-19.
[5] 于洪, 兰巨龙, 欧阳玲. 内生安全微控制器设计与实现[J]. 信息网络安全, 2025, 25(3): 415-424. Yu H, Lan J L, OuYang L. Endogenous Secure Microcontroller Design and Implementation[J]. Netinfo Security, 2025, 25(3): 415-424.
[6] Han Z, Yu W, Hao L, et al., Intelligent Dynamic Heterogeneous Redundancy Architecture for IoT Systems[J]. China Communications, 2024, 21(7): 291-306.
[7] Wang C, Yu H, Wei S, et al., Dynamic First Access Isolation Cache to Eliminate Reuse-Based Cache Side Channel Attacks[J]. Journal of Circuits, Systems and Computers, 2023, 32(02): 2350026:1-2350026:23.
[8] Zhang F, Chen X, Huang W, et al., Harnessing dynamic heterogeneous redundancy to empower deep learning safety and security. Security and Safety, 2024, 3(4): 2024011:1--2024011:27.
[9] 金梁,楼洋明,孙小丽,等.6G无线内生安全理念与构想[J].中国科学:信息科学, 2023, 第53卷(02): 344-364. Jin L, Lou Y M, Sun X L, et al., Concept and vision of 6G wireless endogenous safety and security[J]. Scientia Sinica (Informationis), 2023, 53(02): 344-364.
[10] Cai N, He G. Multi-cloud Resource Scheduling Intelligent System with Endogenous Security[J]. Electronic Research Archive, 2024, 32(2): 1380-1405.
[11] Ren Q, Hu T, Wu J, et al., Multipath Resilient Routing for Endogenous Secure Software Defined Networks[J]. Computer Networks, 2021, 194(2): 108-134.
[12] 郑秋华, 胡程楠, 崔婷婷, 等. 一种基于概率分析的DHR模型安全性分析方法[J]. 电子学报, 2021, 第49卷(8): 1586-1598. Zheng Q H, Hu C N, Cui T T, et al., A Security Analysis Approach for Dynamic Heterogeneous Redundancy Model Based on Probability Analysis[J]. Chinese Journal of Electronics, 2021, 49(8): 1586-1598.
[13] Xu J. Research on Cyberspace Mimic Defense Based on Dynamic Heterogeneous Redundancy Mechanism[J]. Journal of Computer and Communications, 2021, 9(07): 1-7.
[14] Ouyang L, Song K, Zhang W J, et al., Microcontroller design based on dynamic heterogeneous redundancy architecture[J]. China Communications. 2023, 20(9): 144 -159.
[15] 于洪, 刘勤让, 魏帅,等. 高可靠信息系统非相似冗余架构中的执行体同步技术[J]. 电子与信息学报, 2024, 第46卷(5): 2122-2136. Yu H, Liu Q R, Wei S, et al., Executer Synchronization in Highly Reliable Information System with Dissimilar Redundancy Architecture[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2122-2136.
[16] 杨汶佼, 刘星宇, 张奕, 等. 一种针对拟态工业控制器的裁决及调度方法[J]. 信息安全研究, 2022, 第8卷(6): 534-544. Yang W J, liu X Y, Zhang Y, et al., A Method for Arbitration and Scheduling of Mimicry Industrial Controllers[J]. Journal of Information Security Research, 2022, 8(6): 534-544.
[17] 马博林, 张铮, 邵昱文, 等. KMBox: 基于 Linux 内核改造的进程异构冗余执行系统[J]. 信息安全学报, 2023, 第8卷(1): 14-25. Ma B L, Zhang Z, Shao Y W, et al., KMBox: Linux Kernel-based Heterogeneous Redundant Execution System Designed for Processes [J]. Journal of Cyber Security, 2023, 8(1): 14-25.
[18] 易星辰, 魏恒峰, 黄宇等. PaxosStore中共识协议TPaxos的推导、规约与精化[J]. 软件学报, 2020, 第31卷(8): 2336-2361. Yi X C, Wei H F, Huang Y, et al., TPaxos Consensus Protocol in PaxosStore: Derivation, Specification, and Refinement[J]. Journal of Software, 2020, 31(8): 2336-2361.
[19] 王日宏, 周航, 徐泉清等. 用于联盟链的非拜占庭容错共识算法[J]. 计算机科学, 2021, 第48卷(9): 317-323. Wang R H, Zhou H, Xu Q Q, et al., Non-byzantine Fault Tolerance Consensus Algorithm for Consortium Blockchain[J]. Computer Science, 2021, 48(9): 317-323.
[20] 邬江兴.论网络空间内生安全问题及对策[J].中国科学:信息科学, 2022, 第52卷(10): 1929-1937. Wu J X. Cyberspace’s endogenous safety and security problem and the countermeasures[J]. Scientia Sinica (Informationis), 2022, 52(10): 1929–1937,
[21] Guo W, Wu Z X, Zhang F, et al., Scheduling Sequence Control Method Based on Sliding Window in Cyberspace Mimic Defense[J]. IEEE Access, 2020, 8:1517-1533.
[22] Guo W, Zhang F, Wu Z X, et al., Confidence Skewing Problem and Its Correction Method in Mimic Arbitration Mechanism[J].Chinese Journal of Electronics, 2020, 29(03):155-161.
[23] 欧阳玲, 贺磊, 宋克, 等. 基于编码信道理论的拟态括号设计方法[J]. 信息工程大学学报, 2021, 第22卷(4): 456-461. Ouyang L, He L, Song K, et al., Design method of mimicry brackets based on coding channel Theory[J]. Journal of Information Engineering University, 2021, 22(4): 456-461.
[24] 朱绪全,江逸茗,马海龙,等.拟态防御体系OSPF协议研究及分析[J].计算机工程与科学, 2023, 45(2):204-214. Zhu X Q, Jiang Y M, Ma H L, et al., Research and analysis of OSPF protocol in mimic defense system[J]. Computer Engineering and Science, 2023, 45(2):204-214.
[25] Hussein Z, Salama M A, El-Rahman S A. Evolution of blockchain consensus algorithms: a review on the latest milestones of blockchain consensus algorithms[J]. Cybersecurity, 2023, 6(1) : 2523-3246.
[26] Yu H, Zhu Z Z, Pei X, et al. A synchronization monitor design in dynamic heterogeneous redundancy architecture[J]. Chinese Journal of Electronics, vol. x, no. x, pp. 1–10, xxxx. DOI: 10.23919/cje.2024.00.169
[27] 刘子敬, 张铮, 席睿成, 等. CON-MVX: 一种基于容器技术的多变体执行系统[J]. 信息安全学报, 2024, 第9卷(2):47-58. Liu Z J, Zhang Z, Xi R C, et al. CON-MVX: A Multi-Variant Execution System Based on Container Technology[J]. Journal of Cyber Security, 2024, 9(2): 47-58.
[28] 周文, 董贵山, 张汝云, 等. 一种基于国产密码与拟态防御融合的一体化内生安全防护架构[J].信息安全与通信保密, 2023(1):50-59. Zhou W, Dong G S, ZHANG R Y, et al. An Integrated Endogenous Security Protection Architecture Based on the Fusion of Domestic Cryptography and Mimic Defense[J]. Information Security and Communications Privacy, 2023(1):50-59.

选择文件类型/文献管理软件名称

选择包含的内容