基于Netlogo的高校保密项目管理仿真与分析

基于复杂适应系统理论的多主体建模方法为研究影响高校保密项目管理的风险因素提供了一种新方法.在分析高校保密项目管理系统是一类复杂适应系统的基础上,基于多主体建模方法,对高校保密项目管理系统巾的主要对象即涉密人员、非直接涉密人员、保密管理人员和窃密人员的行为进行了建模,开发了基于Netlogo的高校保密项目管理系统的仿真原型,研究了科研环境和激励对高校保密项目管理系统的影响.实验结果表明高校科研环境建设对高校保密项目管理起着非常重要的作用,而完善的激励措施也是高校保密项目管理收到显著效果的霞要条件.     

涉密人员保密管理系统的设计与实现

当前涉密人员管理还不够完善,有必要开展涉密人员风险管理。本文在分析当前涉密人员管理现实的基础之上,提出了涉密人员保密管理系统的解决方案,并进行了系统需求分析、功能模块设计,同时对关键技术进行研究。涉密人员保密管理系统的研制,将大幅提高涉密人员管理的效率,改进保密工作机构的人员管理方法。     

军工科研单位涉密人员管理研究

军工科研单位保密工作任务艰巨,涉密人员管理需优先发展。本文分析了军工科研单位保密工作的涉密人员的类别、意识形态和遇到的困难,分别从领导干部、涉密人员和保密干部三者角度考虑,提出了军工科研单位要谋求长远发展的对策,从涉密人员职业化、多闭环管控机制、网络平台建设、领导表率、保密文化建设和军民保密战线建设等几个方面抓好涉密人员管理。     

涉密信息网络安全应用系统研究

针对网络化条件下涉密信息应用和管理中的保密需求,提出了一种涉密信息网络化集中应用模式,建立了相应的涉密信息网络安全应用系统框架,并对其体系结构进行了详细叙述,最后通过建立系统原型验证了该系统框架的可行性和实用性.     

渝召开涉密信息系统服务支撑体系研讨会

6月10日下午,重庆市涉密信息系统服务支撑体系建设研讨会在五洲大酒店召开。研讨会由重庆计算机安全学会涉密专业委员会、重庆市保密技术检查中心、国家保密局涉密信息系统安全保密测评中心系统测评（重庆市）分中心主办。     

复杂涉密网络高清视频会议系统的设计与实现

通过对国内外涉密视频会议系统发展现状的调查分析以及对相关音视频编解码技术、边界防护、QoS服务保障、安全策略部署等关键技术的研究,设计了一种基于涉密复杂网络的高清视频会议系统。结合摄像自动跟踪控制和高清视频编解码等技术,完成了在窄带宽、安全管控严格的涉密网环境中的高清视频会议系统的设计与实施,其满足国家涉密网络应用系统的相关接入要求。实践表明,该设计在涉密网络环境视频会议系统建设中具有一定的指导意义。     

基于多Agent的Internet信息涉密检查系统

该文给出了基于多Agent的Internet信息涉密检查系统(IISIS)的设计方案,详细论述了IISIS体系结构、Agent角色分配、能力结构以及IISIS中多Agent协作协调算法。该系统可以有力配合保密部门针对Internet信息服务器进行高效快速的涉密检查,其实用性已得到实践验证。     

保密技术检查中发现问题的思考

有效地保证网络信息环境中的国家秘密的真实性、完整性、可用性，防止涉密信息通过信息系统泄密，是国家涉密信息系统安全保护中的重中之重，通过近几年对全国党政机关和要害部门的计算机及网络进行抽查，发现保密技术的应用和保密管理体制中存在的问题还不少，然而导致这些问题产生的原因值得我们深思。     

提高保密意识、减少信息泄密

本文针对当前网络,对计算机保密现状进行分析,指明泄密主要途径、涉密计算机保密要求、涉密计算机网络保密要求、涉密移动存储介质保密要求,并明确解决方法。     

涉密信息系统安全风险评估

国家保密部门历来重视保密检查工作，传统的安全保密检查也是一种评估，只是技术含量有所不同。国家保密局2001年发布了国家保密标准BMZ3-2001《涉及国家秘密的计算机信息系统安全保密测评指南》，规定了涉密信息系统安全保密测评准则，适用于测评机构对涉密信息系统的安全保密性进行测评，以及保密部门对涉密信息系统的安全保密性进行检查，并指导用户和承建单位建设满足安全保密要求的涉密信息系统。     

Protecting Business Secrets in an EDI/CALS Environment

ABSTRACT

Communicating with confidential data requires special attention in a mobile agents environment, especially when the other hosts must be prevented from eavesdropping on the communication. We propose a communication model for secured communication between the agents belonging to publishers and consumers data. Confidentiality is ensured using our on-the-fly encryption-decryption sequence using ElGamal system to directly convert the message or plaintext into one that is encrypted directly with the public key of consumer. The scheme ensures that the data possessed by the agents is secured at all times when it is executing at any untrusted host. Our minimal implementation of the model with Aglets agent platform gives the first faithful picture of the happenings in the model. Finally, we also explain how the homomorphic property of ElGamal scheme can be integrated with our model for a Web-based application such as voting involving multiple agents.     

基于数字签名的移动代理系统安全模型研究

影响移动代理技术雅广的主要因素在于安全性、效率和标准,其中安全性是一个主要因素。移动代理安全性体现在移动代理机密数据的保护、移动代理和移动代理执行平台的验证等。目前,移动代理的各种安全技术都不能提供彻底的安全性,本文通过在一个开放环境下保护移动代理系统执行代码的验证,并在此基础上给出一个基于数字签名技术
术的移动代理和移动代理执行平台安全模型MASM02。该模型在理论上能抵抗已知的各种攻击;并且本身具有简洁性,易于实施;并经过安全性分析和攻击测试,具有可靠性。     

A privacy-preserving model for multi-agent propositional planning

Abstract

Over the last years, the planning community has formalised several models and approaches to multi-agent (MA) propositional planning. One of the main motivations in MA planning is that some or all agents have private knowledge that cannot be communicated to other agents during the planning process and the plan execution. We argue that the existing models of the multi-agent planning task do not maintain the agents’ privacy when a (strict) subset of the involved agents share confidential knowledge, or when the identity/existence of at least one agent is confidential. In this paper, first we propose a model of the MA-planning tasks that preserves the privacy of the involved agents when this happens. Then we investigate an algorithm based on best first search for our model that uses some new heuristics providing a trade-off between accuracy and agents’ privacy. Finally, an experimental study compares the effectiveness of using the proposed heuristics.     

一种强调私密性的多智能体协商模型

提出一种更具私密性的多智能体协商模型；基于经济学边际效用的概念建立了基于市场交互机制的协商算法。每个智能体不需向市场智能体发送原料需求信息，只需发送对某种原料边际效用的符号信息；市场智能体作为中间人运行定价算法和分配算法对原料进行定价和分配。仿真结果表明本文方法与已有方法性能相近，但是协商过程不会泄露商业机密信息，更符合分布式智能体的私密性要求。     

Building trustworthy software agents

As agents become more active and sophisticated, the implications of their actions become more serious. With today's GUIs, user and software errors can often be easily fixed or undone. An agent performing actions on behalf of a user could make errors that are very difficult to "undo", and, depending on the agent's complexity, it might not be clear what went wrong. Moreover, for agents to operate effectively and truly act on their users' behalf, they might need confidential or sensitive information. This includes financial details and personal contact information. Thus, along with the excitement about agents and what they can do, there is concern about the resulting security and privacy issues. It is not enough to assume that well-designed software agents will provide the security and privacy users need; assurances and assumptions about security and privacy need to be made explicit. This article proposes a model of the factors that determine agent acceptance, based on earlier work on user attitudes toward e-commerce transactions, in which feelings of trust and perceptions of risk combine in opposite directions to determine a user's final acceptance of an agent technology.     

基于JavaLucene的分级鉴权资源管理系统的研究与实现

企业内部的资料既要保密又要提供给不同的内部职员使用,这种即开放又保守的特点成为企业发展的瓶颈。研究与实现的系统改变了传统的资源共享形式,采用分级鉴权的模式,提供一个高效便利保密的资源共享管理平台。首先介绍了企业搜索引擎的特性,然后着重阐述了ESE平台的关键技术(分级鉴权、索引建立、检索和结果处理等)以及基于开源Lucene的索引企业搜索系统开发与实现。最后对企业搜索引擎的未来发展方向进行了展望。     

Protecting shared information in networks: A network security game with strategic attacks

A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to underinvest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, underinvestments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either underinvestments or overinvestments are possible, depending on the network topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These overinvestments pass on to underinvestments when information sharing is more likely (and therefore, when the risk brought by the attack is higher). In order to keep our analysis tractable, some of our results on strategic attacks make an assumption of homogeneity in the network, namely, that the network is vertex‐transitive. We complement these results with an analysis on star graphs (which are nonhomogeneous), which confirms that the essential lines of our findings can remain valid on general networks.     

监狱信息系统中权限管理的设计与实现

根据监狱信息系统功能模块多、用户数量大、人员调动频繁、信息机密性高的特点，提出了一种综合访问控制模型，给出了模型的形式化描述。该模型把MAC, RBAC, TRBAC有机地结合在一起，有可控性强和授权管理方便的特点。利用该模型，设计了权限管理子系统，给出了系统中权限管理的具体实现，解决了监狱系统中复杂的访问控制问题。     

基于文件操作阻断的系统安全加固技术

根据监狱信息系统功能模块多、用户数量大、人员调动频繁、信息机密性高的特点,提出了一种综合访问控制模型,给出了模型的形式化描述.该模型把MAC, RBAC, TRBAC有机地结合在一起,有可控性强和授权管理方便的特点.利用该模型,设计了权限管理子系统,给出了系统中权限管理的具体实现,解决了监狱系统中复杂的访问控制问题.     

基于多代理的容忍入侵体系结构

该文提出了一种基于多代理(Agent)技术的容忍入侵体系结构。通过在系统组件中引入一定的冗余度,将冗余和多样性技术相结合,利用门限秘密共享技术将秘密信息分布于多个系统组件上来达到容忍入侵的目的。通过分布在每个服务器上的多个代理,建立一个容忍入侵的安全内核,重要信息通过安全内核来传递,保证系统关键部件为合法用户提供连续和可靠的基本服务。该方案采用系统整体安全策略,将容忍入侵与多代理的入侵检测相结合,使系统具有更好的实用性和可生存性。