Blockchain-empowered security and privacy protection technologies for smart grid

With the rapid development in society of the economy and of computational technologies, it is particularly important to build a secure, efficient and reliable smart grid architecture to provide users with high-quality electricity services. However, data collection and energy trading in public networks creates security and privacy challenges in smart grids. Blockchain technologies have the excellent characteristics of decentralization, immutability and traceability, which can resolve the security, integration and coordination problems faced by the traditional centralized networks for smart grids. The goal of this paper is to introduce and compare blockchain-based technologies in addressing the problems of privacy protection, identity authentication, data aggregation and electricity pricing for the data collection and power energy trading processes in smart grids. In addition, the existing challenges and future research directions of smart grids are discussed.     

一种面向方面的网格安全模型研究*

通过引入面向方面的核心思想,分析了网格安全实现方案GSI中存在的结构复杂和耦合度过高问题。在传统网格安全模型的基础上,利用方面机制来实现网格安全,提出了一种新的面向方面的网格安全模型(AOGSM),并对该模型进行了详细描述。仿真实验表明,面向方面的网格安全模型通过对网格安全横切特性的分离,降低了网格安全机制的复杂度和模块间的耦合度。     

A hierarchical optimization model for energy data flow in smart grid power systems

Environmental concerns and high prices of fossil fuels increase the feasibility of using renewable energy sources in smart grid. Smart grid technologies are currently being developed to provide efficient and clean power systems. Communication in smart grid allows different components to collaborate and exchange information. Traditionally, the utility company uses a central management unit to schedule energy generation, distribution, and consumption. Using centralized management in a very large scale smart grid forms a single point of failure and leads to serious scalability issues in terms of information delivery and processing. In this paper, a three-level hierarchical optimization approach is proposed to solve scalability, computational overhead, and minimize daily electricity cost through maximizing the used percentage of renewable energy. At level one, a single home or a group of homes are combined to form an optimized power entity (OPE) that satisfies its load demand from its own renewable energy sources (RESs). At level two, a group of OPEs satisfies energy requirements of all OPEs within the group. At level three, excess in renewable energy from different groups along with the energy from the grid is used to fulfill unsatisfied demands and the remaining energy are sent to storage devices.     

一种网格混合认证模型的研究

系统地分析了当前常见信任模型的优缺点,针对网格应用需求提出了一种新的混合认证模型,详细设计了新模型的框架和功能,并对三级认证子系统和域间认证子系统分别进行了仿真验证和性能分析,结果表明混合认证模型能够解决单一密钥机制存在的缺陷,提高网格认证的安全性。     

基于自治系统的多级网格安全模型研究

针对网格环境下用户和资源数量巨大所带来的管理困难、系统单点失效以及可扩展性差等问题,提出了一种基于自治系统的多级网格安全管理模型.该模型通过提取网格资源的共性进行自治系统的划分,根据用户访问资源的所属关系执行不同的安全策略.最后在软件平台下对该安全模型的性能进行了仿真和分析,测试结果表明,该模型对保障网格安全行之有效,有效地减小了管理服务器的负荷,缩短了授权时间,性能得到了提高.     

一种基于企业网格的网格安全模型

针对企业网格分布式、多层、多用户的特点,提出了一种基于企业网格的网格安全模型.该模型对用户采用混合式账户管理方式,具有高效、安全的特点;通过基于PKI体系的数字证书进行用户认证,根据网格用户种类的区别提供不同的单点登录方案;另外文中综合使用RBAC与ACL的访问控制机制,既能保证用户访问资源的安全,又能简化用户授权的管理.     

智能电网中虚拟化云计算的应用和安全技术分析

智能电网符合当前需求,意义重大。首先简单介绍了云计算和智能电网,并对云计算在智能电网中的应用做了阐述,然后主要对云计算的安全技术进行了分析。     

网格服务系统安全体系的研究与设计

网格将分散的资源聚合在一起,形成更高层次的分布式资源共享环境,安全问题一直以来都是网格环境中考虑的一个重要问题.研究并设计了网格服务系统的安全体系结构,分析了网格服务系统的特点及面临的安全问题,讨论了安全体系中涉及的技术手段,通过本地及域级用户映射机制和资源自描述的安全方案,实现了较为灵活的网格服务系统安全体系.     

智能合约安全综述

区块链为构建社会价值传递和信任机制提供了一种新的技术。区块链的快速发展促进了智能合约与人工智能、大数据、物联网等技术的深入融合,其安全性受到重点关注。近几年,区块链与智能合约安全研究取得了较大进展,基于区块链智能合约,对智能合约的运行机制、链上安全和链外安全的最新相关研究成果进行归类、分析、比较、总结和讨论,并展望了智能合约安全性的研究方向和趋势。     

一个具有强授权特性的网格安全框架

网格安全技术主要解决网格环境中实体之间的认证和授权问题。Globus网格项目中的GSI(Grid Secudty Infrastmcture)主要基于X．509技术实现身份认证以及数据的机密性、完整性和抗否认性,重点解决了认证和消息保护问题,然而在授权问题上缺乏必要的技术支撑。在分析现有安全技术的基础上,提出了将基于X．509的PKI技术和PMI技术相结合的网格安全框架,旨在实现基于安全认证基础之上网格用户和虚拟群组实体间的安全授权机制,从而构建强认证、强授权的网格安全基础设施。     

基于联盟区块链的智能电网数据安全存储与共享系统

智能电网为了实现电网可靠、安全、高效地运行,需要广泛部署无线传感网络（WSN）监控电网状态,并及时对电网异常情况进行处理。在现有的智能电网中,WSN的感知数据需要上传到可信的中心节点进行存储与共享,但是这种中心化的存储方式容易引起中心节点遭受恶意攻击而发生单点失效、数据被故意篡改等信息安全问题。针对这些信息安全问题,利用新兴的联盟区块链技术在智能电网中选定若干数据采集基站,组成智能电网数据存储联盟链（DSCB）系统。DSCB中节点间数据共享通过智能合约的方式来完成,数据拥有者设定数据共享的约束条件,使用计算机语言代替法律条款来规范数据访问者行为,从而实现以去中心化的方式集体维护一个安全可靠的数据存储数据库。安全分析表明所提数据存储联盟链系统能实现安全、有效的数据存储与共享。     

基于智能电网的安全密钥共享算法

针对多数密钥建立协议存在中间参数泄露和私钥泄露问题,提出新的公钥共享的对称加密(PKS-SE)算法,进而维护智能电表与服务商间通信的安全.PKS-SE算法以双线性映射、超奇异曲线为基础,构建智能电表与服务商通信的通信密钥,避免密钥托管问题.同时,PKS-SE算法减少了认证过程中交互的消息数,进而控制了 PKS-SE算法...     

基于移动代理的网络安全审计策略*

针对普通审计策略在网格环境下实施的各种问题,以及网格环境下审计系统设计和实现的困难,提出了一种基于移动代理的网格安全审计策略,介绍了该策略的基本结构和实现过程,通过在实验平台下实施该策略并与普通审计策略进行比较,证明了基于移动代理的网格安全审计策略的可行性和高效性。     

A baseline security policy for distributed healthcare information systems

In this paper, the need for identifying and analyzing the generic security characteristics of a healthcare information system is, first, demonstrated. The analysis of these characteristics is based upon a decision-support roadmap. The results from this profiling work are then analyzed in the light of the fact that more than 1000 accidental deaths happened due to computer system failures. As a result of this analysis, a set of recommendations is drawn up, leading to the development of a baseline security policy for healthcare institutions. Such a policy should be flexible enough to reflect the local needs, expectations and user requirements, as well as strict enough to comply with international recommendations. An example of such a baseline policy is then provided. The policy refers to a given security culture and has been based upon an abstract approach to the security needs of a healthcare institution.     

Web安全性测试技术综述

对Web应用程序进行有效彻底的测试是及早发现安全漏洞、提高Web应用安全质量的一种重要手段。首先介绍了Web应用安全威胁分类,总结了常见的Web应用安全漏洞;然后对当前Web安全性测试技术的研究进行了全面概述,比较了静态技术和动态技术各自的优缺点,同时对在Web安全性测试中新兴涌现的模糊测试技术进行了详细的介绍和总结;最后指出了Web安全测试中有待解决的问题以及未来的研究方向。     

The amplification effects of procedural justice on a threat control model of information systems security behaviours

Organisations are increasingly impacted by employee failures to implement readily available systems security countermeasures that result in security lapses. An area where this is most intriguing is among those organisational members who know how to implement security measures but do not do so. Important suggestions have been made, but despite them, the problem continues, and even grows worse. Most of the research into these security behaviours have been either purely self-report perceptions (many with low response rates) or have consisted of theory and model building and testing. In addition, the extant research has concentrated on either individual or organisational factors. With our research, we were interested in addressing two literature gaps: (1) to determine how well perceptions of security behaviours translated into the world of practice, and (2) to understand the relationships between individual and organisational factors. Our study found that individual factors outlined in the threat control model amplified with high perceptions of organisational procedural justice on taking specified security countermeasures. Consequently, we make recommendations for research and practice.     

制造网格资源调度及安全性管理

根据制造网格发展的现状和方向,分析了网格资源调度的主要方法,并对Globus环境下的GSI体系结构做了深入研究,分析讨论了其任务提交执行过程和架构特点,对现有的GSI架构基础做了相关改进,构建了一个满足制造网格下部分特性的安全体系结构M-GSI,实现了实时认证和强授权功能,满足了制造网格部分安全需求。     

网格实体行为可信度评估模型

面对网格环境的动态性和不确定性,网格安全因素变得尤为重要。提出了一种基于信任度的模型来评估网格环境中实体之间的信任关系。仿真结果表明,这种信任模型能更加准确地评估实体之间的信任关系,从而更加有效地解决网格环境中存在的安全问题。     

500kV鸭溪变电站接地网安全性状态评估

做好引外金属水管、通信线路和电源等的隔离措施，在靠近围墙的220kV设备场地区域采取加密水平地网网格的措施，在靠近围墙的设备区域地面铺设高阻砾石或高阻层，或在设备构架或设备外壳喷涂高阻层（到2m高度）将主控楼场地附近距离较近的避雷针移远一段距离     

基于Globus的网格安全机制研究及扩展

随着网格应用的发展,网格安全问题日渐突出。为解决此问题,Globus项目组作了大量工作。讨论网格环境下的安全问题,分析Globus的安全机制,结合虚拟组织技术和基于角色的访问控制方法,探讨基于Globus安全基础设施的扩展的安全技术——社区授权服务机制,并对网格环境下的安全技术的基本问题进行了总结。