通信运营商带外网管系统剖析

带外网管是通过专门的网管通道实现对网络的管理,将网管数据与业务数据分开,为网管数据建立独立通道,这样可以保证重要管理数据、敏感的统计信息、占用带宽的实时计费信息在同一个网络中进行安全、可靠的传输,带外管理方式有助于提高网管的效率与可靠性,也有利于提高网管数据的安全性。     

统一身份认证体系在校园网的应用

<正>随着校园网信息化不断提高,网络固有的虚拟性和开放性也为业务应用带来巨大潜在风险,如何解决网络环境中虚拟身份的真实有效、敏感信息传输的安全保密、信息数据的准确完整,以及关键业务操作行为事后可追溯等安全问题,成为校园信息化发展面临的新的难题。校园网内信息系统通常包括有:门户系统、办公系统、综合教务、科研管理、财务查询、多媒体资源、网络教学和学生工作管理等系统。其中,     

电信运营商在云计算环境下如何保护敏感信息

作为面向广大用户提供基础网络和综合信息服务的电信运营商,做好用户信息和企业敏感信息的保护,既是企业的社会责任,也是企业战略转型、提升竞争力和保护自身商业秘密的根本需要。为了保障企业的核心生产和管理数据的安全性,必须围绕IT系统数据生命周期,从技术层面建立数据安全保障体系框架,利用相关的安全关键技术有效防范数据泄露及数据篡改,提高业务支撑应用系统的敏感数据安全保障。     

一种基于话单数据保护方案的研究

彩铃业务历经10余年发展,已成为运营商用户接受度最高,市场收入贡献最大的应用及信息服务产品之一,但现网彩铃话单的传送方式采用的是彩铃集中平台通过FTP的方式接收31省话单数据,传输协议未加密,且以明文方式存储和转发。为响应数据保护相关法律法规政策,文中对话单数据文件、数据库数据的加解密,话单数据静态脱敏,加强敏感信息保护等方案进行研究,实现管理系统对彩铃数据统一管理并配置。     

中波转播台网络化建设

本文介绍了河南省中波转播台综合业务及网络系统建设。综合业务系统涵盖了节目传输及配置使用、发射机运行管理及技术维护管理、行政办公、财务专网等各环节的多种业务数据以及信息综合传输、显示、记录、存储等全面管理工作；光纤网络搭建了联系管理中心与全省各台的信息高速通道，光纤网络的建设完成了综合业务系统中各种数据的高速互通与共享。     

是供安全的企业移动ERP应用

随着移动通信业务的高速发展,特别是在Web2.0技术的推动下,传统互联网和移动互联网应用正逐步趋向融合。移动ERP应用是一项前景广阔的移动增值业务,改变了企业原有的运营模式和管理流程。提高了企业的工作效率和核心竞争力。考虑企业移动ERP所传输的信患都是敏感信息,必须采用有效的安全机制来确保企业数据的安全性,以手机SSL VPN和加密短信为基础的企业移动ERP安全解决方案应运而生。     

流计算大数据技术在运营商实时信令处理中的应用

基于Hadoop搭建的大数据平台采用离线批处理的方式,无法满足对数据实效性敏感的业务要求。针对运营商动态数据信息开放大数据平台的实时信令处理要求,对流式计算大数据组件进行了分析,介绍了与流计算大数据相关的实时采集、汇聚和处理组件,形成了端到端实时信令处理大数据技术解决方案,并提出了融合批处理和实时计算的大数据平台解决方案,提高了网络信令数据的时效性,为业务创新提供更大空间,带来更多利益。     

提供安全的企业移动ERP应用

随着移动通信业务的高速发展，特别是在Web2.0技术的推动下，传统互联网和移动互联网应用正逐步趋向融合。移动ERP应用是一项前景广阔的移动增值业务，改变了企业原有的运营模式和管理流程。提高了企业的工作效率和核心竞争力。考虑企业移动ERP所传输的信患都是敏感信息，必须采用有效的安全机制来确保企业数据的安全性，以手机SSL VPN和加密短信为基础的企业移动ERP安全解决方案应运而生。     

面向服务架构(SOA)的无线电管理信息比对分析系统设计

为了实现各类无线电管理信息系统间接口数据资源共享和综合利用,对频率规划和台站管理等无线电管理业务实施主动管理,本文基于SOA架构与Web服务技术,对无线电管理领域常用的信息比对和统计分析业务进行深入分析,设计了无线电管理信息比对分析系统的体系结构、主要系统功能和关键服务.该系统能较好地解决目前无线电主动管理中遇到的信息比对与统计分析问题,也可灵活适应无线电管理发展需要.     

基于医院网络的交换机配置文件批量备份技术

在数据信息时代中,智能化的数据信息网络成了医院基础信息业务的重要组成部分,随着医院网络化信息建设业务的不断深化,基础数据信息的稳定性变得至关重要。医院的网络信息系统主要由交换机、汇聚交换机以及数台接入层组成,在一线的日常管理中,需要强化对基础数据信息的维护与备份,最大限度地保障医院基础业务的开展。文中首先综述了医院交换机硬件配置备份的场景,其次阐释了交换机数据处理中的SNMPv2c协议与TFTP协议,并从网络拓扑结构设计以及基于WinSock控件的配置备份的代码实现中,总结了医院网络交换机的定期自动备份方法,还给出了控制点发生错误时的应对策略,希望能为医院计算机网络的交换机优化配置与信息化管理提供参考和借鉴。     

基于属性相关性划分的多敏感属性隐私保护方法

近年来,基于l-多样性的多维敏感属性的隐私保护研究日趋增多,然而大部分多敏感属性隐私保护方法都是基于有损分解的思想,破坏了数据间的关系,降低了数据效用.为此,提出了一种面向多敏感属性的隐私模型,首先给出一种l-maximum原则用以满足多敏感属性l-多样性要求;其次,为了保护属性间的相关性,根据属性间的依赖度对属性进行划分;最后设计并实现了MSA l-maximum（Multiple Sensitive Attributes l-maximum）算法.实验结果表明,提出的模型在保护隐私不泄露的同时,减少了元组的隐匿率,并且保护了数据间的关系.     

Sensitive information leakage awareness method for big data platform based on multi-attributes decision-making and taint tracking

Based on multiple-attribute-decision-making and taint tracking,a sensitive-information leakage awareness method was proposed,some relative known vulnerabilities in big data platform was analyzed,target database was extracted and extended,multiple attribute model was built combined with operation semantic,a grey-correlation-analysis and technique for order preference by similarity to an ideal solution based sensitivity measurement was designed in combination of regular operation semantic for sensitive information.A prototype was built based on taint tracking,sensitive-information leakage vulnerabilities could be verified and discovered across big data platforms in this method.The experiment shows that verification for known bugs and discovery for unknown vulnerabilities can be accomplished based on leakage scenarios,which can be regarded as a support for protection in dynamic sensitive information data flow.     

Visible/Infrared/Microwave Agriculture Classification, Biomass, and Plant Height Algorithms

This paper describes the results of a study to determine if visible, infrared, and microwave data is correlated to crop-canopy characteristics (biomass and crop height) and can improve estimates of crop acreage. The objectives were to 1) determine if different crops can be discriminated using multifrequency microwave data, and 2) determine which visible, infrared, and microwave spectral regions can classify crops and correlate well to plant biomass, crop height, and the perpendicular vegetation index (PVI). The study was conducted at Dalhart, Texas, in 1980. Aircraft multispectral data collected during the study included visible and infrared data and active multifrequency microwave data. Ground-truth data from each field consisted of soil moisture, total plant biomass, and crop height. Results indicated that C- (4.75 GHz), L- (1.6 GHz), and P- (0.4 GHz) band active microwave data combined with visible and infrared data maintained or improved crop-discrimination accuracy compared to models using only visible and infrared data. The active microwave frequencies were more sensitive to plant height differences than total biomass differences; the K- (13.3 GHz) and C-bands were sensitive to height variations in short plants, while the P-band was sensitive to differences between tall and short plants.     

Two-dimensional micropipelines: for parallel-to-serial dataconversion

The two-dimensional micropipeline is introduced for data conversion between bit-parallel and bit-serial formats at a constant input data rate. By using micropipelines, the architecture has independent clock rates for the data input and output, and can be designed with level sensitive latches     

An Improved Algorithm of Individuation K-Anonymity for Multiple Sensitive Attributes

At present, most of privacy preserving approaches in data publishing are applied to single sensitive attribute. However, applying single-sensitive-attribute privacy preserving techniques directly into data with multiple sensitive attributes often causes leakage of large amount of private information. This paper focuses on the privacy preserving methods in data publishing for multiple sensitive attributes. It combines data anonymous methods based on lossy join with the idea of clustering. And it proposes an improved algorithm of individuation K-anonymity for multiple sensitive attributes—\( MSA(\alpha ,l) \) algorithm. By setting parameters \( \alpha \) and \( l \), it can restrain sensitive attribute values in equivalence class, to make a more balanced distribution of sensitive attributes and satisfy the demand of diversity, then this algorithm is applied to K-anonymity model. Finally, the result of experiment shows that this improved model can preserve the privacy of sensitive data, and it can also reduce the information hidden rate.     

基于密文采样分片的云端数据确定性删除方法

“确定性删除”技术旨在保障云服务器内过期或备份数据的确定性删除,使数据被彻底删除或者是永远不可解密和访问的,以保护用户的数据隐私性。但现有方案仅仅只删除了密钥,云端密文依旧完整,一旦密钥被窃取,会威胁数据隐私性,因此未实现“真正”意义上的确定性删除。针对上述问题,提出了一种基于密文采样分片的方案,来实现云端数据的确定性删除。利用密文采样分片思想,使云端存储不完整的密文,即使在密钥被泄露的情况下,也能保证数据的高机密性。而对采样密文的销毁,也实现了云端数据的即时确定性删除。理论分析以及实验结果表明,所提方法能够满足云存储系统中机密数据的确定性删除要求,并且在性能开销低的同时能提供比现有方案更高的安全性。     

面向敏感数据共享环境下的融合访问控制机制

为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性,将属性基加密机制和使用控制技术相结合,提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性,通过灵活且可扩展的访问控制策略控制敏感数据的共享范围;另一方面,通过使用控制技术实现对用户的权限控制,防止合法用户对敏感数据进行非法操作,解决共享用户中的权限滥用问题。最后,对机制的安全性和性能进行了分析,显著地降低了服务端的工作负荷,并通过实验测试了该机制的有效性。     

Inaudible Sound Covert Channel with Anti-Jamming Capability: Attacks vs. Countermeasure

When an inaudible sound covert channel (ISCC) attack is launched inside a computer system, sensitive data are converted to inaudible sound waves and then transmitted. The receiver at the other end picks up the sound signal, from which the original sensitive data can be recovered. As a forceful countermeasure against the ISCC attack, strong noise can be used to jam the channel and literally shut down any possible sound data transmission. In this paper, enhanced ISCC is proposed, whose transmission frequency can be dynamically changed. Essentially, if the transmitter detects that the covert channel is being jammed, the transmitter and receiver both will switch to another available frequency and re-establish their communications, following the proposed communications protocol. Experimental results show that the proposed enhanced ISCC can remain connected even in the presence of a strong jamming noise source. Correspondingly, a detection method based on frequency scanning is proposed to help to combat such an anti-jamming sound channel. With the proposed countermeasure, the bit error rate (BER) of the data communications over enhanced ISCC soars to more than 48%, essentially shutting down the data transmission, and thus neutralizing the security threat.     

一种基于GSM的低码率语音信息隐秘传输方法

本文描述了一种将一路低码率2．4kb／s混合激励线性预测（MELP）语音信息隐藏在另一路GSM编码的语音中,通过公共信道隐秘传输的方法。可将机密数据嵌入GSM语音中对人耳不敏感的比特,每（2L＋1）可修改比特,可嵌入2三比特数据而最多只修改其中的三比特,具有较高的嵌入率。隐藏在GSM语音中的低码率信息码率最高可达3．4kb／s。该方法,计算复杂度不高,易于硬件实现,从而可满足实时隐秘传输的要求。该方法已用微型机在局域网进行了模拟实验,获得了较好的结果。     

Modellgetriebene Entwicklung sicherer Softwaresysteme für das österreichische E-Government

E-government systems manage sensitive data from individuals, companies and government agencies. These information systems need to ensure that only authorized persons get access to the data and that this data cannot be corrupted. Based on the development of an application in the disaster management domain this paper shows how the security of e-government systems can be increased by the model-driven security concept.