计算机网络的一实体安全体系结构

提出了计算机网络的一种实体安全体系结构（ESA）。文中描述了计算机网络的组成实体,并讨论了各实体的安全功能分配。基于ESA,提出了基于政策的安全管理（PBSM）的概念,其中包括三层安全政策的定义：组织抽象安全政策、全局自动完全政策、局部可执行安全政策,并提出了PBSM的三个管理环节：制定、实施与验证,把网络作为一个整体来管理,实现安全管理的系统化和自动化。应用实体安全体系结构,分析了现有网络安全服务的不足和安全管理中存在的问题,指出了实现ESA的进一步研究工作。     

OASSF：一个灵活的Web应用服务器安全框架*

安全框架OASSF是在安全参考模型OASSRM的基础上提出来的一个分层结构的框架,它通过各种可配置的安全策略提供WAS（Web应用服务器）的安全服务,为在WAS中集成和管理不同的安全机制提供了高度的灵活性和扩展性。该框架在中科院软件所自主研制的OnceAS应用服务器中得到了实现。     

An Automata Based Approach for Verifying Information Flow Properties

We present an automated verification technique to verify trace based information flow properties for finite state systems. We show that the Basic Security Predicates (BSPs) defined by Mantel in [Mantel, H., Possibilistic Definitions of Security – An Assembly Kit, in: Proceedings of the 13th IEEE Computer Security Foundations Workshop (2000), pp. 185–199], which are shown to be the building blocks of known trace based information flow properties, can be characterised in terms of regularity preserving language theoretic operations. This leads to a decision procedure for checking whether a finite state system satisfies a given BSP. Verification techniques in the literature (e.g. unwinding) are based on the structure of the transition system and are incomplete in some cases. In contrast, our technique is language based and complete for all information flow properties that can be expressed in terms of BSPs.     

DGSA、SSAF和CDSA安全体系结构比较与分析

该文介绍了美国国防目标安全体系结构(DGSA)、美国国防基础设施公共操作环境(DIICOE)安全服务体系结构框架(SSAF)和Intel公司开发的公共数据安全体系结构(CDSA),并对它们进行了比较和分析。     

基于免疫的防火墙系统安全技术研究

针对各种网络攻击技术,特别是对防火墙的攻击技术进行了系统的研究,在分析典型的网络攻击技术的基础上,提出了一个防火墙安全技术模型:基于免疫的防火墙系统安全模型和基于协议的防火墙安全策略模型,并详细介绍了采用的安全策略。     

信息安全技术发展趋势分析

信息时代信息安全越来越重要。信息安全技术的发展为信息安全提供了有力保障。本文介绍了信息安全技术的分类以及主要信息安全技术的现状、发展趋势,其中主要介绍了密码学、安全操作系统、网络隔离技术、网络安全行为监管技术、容灾与应急处理技术、身份认证技术及可信计算技术的现状与发展趋势。     

Developing non-interactive MPC with trusted hardware for enhanced security

International Journal of Information Security - Secure multiparty computation (MPC) is a promising technology for supporting privacy-preserving computation between multiple untrusted parties....     

National Security Agency releases Army Security Agency histories covering 1945–1963

The National Security Agency (NSA) will release approximately 5,000 pages of Army Security Agency (ASA) histories from the period 1945–1963.     

A new strong security model for stateful authenticated group key exchange

International Journal of Information Security - Stateful authenticated group key exchange (stAGKE) represents an important class of authenticated group key exchange (AGKE) such as tree-based AGKE....     

TWIC request for proposals raises cheers

A loud cheer could be heard from systems integrators at a recent US trade show, as the US Transportation Security Administration (TSA) issued the much-delayed Request for Proposals (RFP) to begin the prototype phase of the Transportation Worker Identification Credential (TWIC) programme.     

A context-centered methodology for IoT forensic investigations

International Journal of Information Security - The weakness of the security measures implemented on Internet of Things (IoT) devices, added to the sensitivity of the data that they handle, has...     

基于APDR信息系统安全防护体系模型的分级防护策略研究

本文在提出APDR信息系统安全防护体系模型的基础上，对信息系统中信息价值级别及其可能面临的最大威胁强度进行了划分，并针对相应的安全防护强度等级和安全防护技术等级制定出了相应的安全防护策略，这对信息系统进行安全防护体系设计具有非常重要的意义。     

Error reduction of SRAM-based physically unclonable function for chip authentication

International Journal of Information Security - SRAM-based physically unclonable function (PUF) is an attractive security primitive for cryptographic protocol and security architecture because SRAM...     

DFTMicroagg: a dual-level anonymization algorithm for smart grid data

International Journal of Information Security - The introduction of advanced metering infrastructure (AMI) smart meters has given rise to fine-grained electricity usage data at different levels of...     

Distributed access control for information-centric networking architectures using verifiable credentials

International Journal of Information Security - Information-Centric Networking (ICN) is an emerging paradigm that allows users to retrieve content items securely, independently of their location....     

基于角色的工作流系统访问控制模型

工作流技术在办公自动化、电子商务、电子政务等领域得到广泛关注，工作流系统的安全问题变得日益突出．访问控制是工作流系统安全机制的重要环节．本文在NIST推荐的标准RBAC模型的基础上，结合实际情况，提出一种基于角色的工作流系统访问控制模型WRBAC．该模型描述了用户、角色、许可、活动等要素之间的关系，给出了静态和动态授权约束规则，能有效防止重要信息的泄漏和商业欺诈，满足工作流系统对访问控制的需求．     

Causal effect analysis-based intrusion detection system for IoT applications

International Journal of Information Security - Intrusion detection systems (IDSs) are employed at various levels in the network to either detect or prevent an intrusion that could cause...     

TENET: a new hybrid network architecture for adversarial defense

International Journal of Information Security - Deep neural network (DNN) models are widely renowned for their resistance to random perturbations. However, researchers have found out that these...     

Processes for producing secure software

Summarizes work initiated at the National Cybersecurity Summit, held 2-3 December 2003 in Santa Clara, California. Attendees representing industry, academia, and the US Department of Homeland Security (DHS) formed five task forces to focus on specific topic areas. This report describes, the key problems and recommendations identified by the Software Process subgroup of the "Security Across the Software Development Lifecycle" task force. Producing secure software is a multifaceted problem of software engineering, security engineering, and management. Thus, producing secure software starts with outstanding software engineering practices, augmented with sound technical practices, and supported by management practices that promote secure software development. We discuss these practices.     

A comprehensive Blockchain-oriented secure framework for SDN/Fog-based IoUT

International Journal of Information Security - In recent years, the Internet of Underwater Things (IoUT) has emerged as a promising technology to facilitate underwater exploration and enable to...