缓冲区溢出脆弱性检测和预防技术综述

利用缓冲区溢出脆弱性进行攻击，是网络攻击中最常见和最危险的攻击方法。为解决缓冲区溢出脆弱性问题，在研究和商业领域提出了各种各样的方案。本文首先将缓冲区溢出脆弱性检测和预防技术划分成9大类；然后研究了每一类技术的原理、特性、适用范围和优缺点等；最后分析讨论了整个缓冲区溢出脆弱性检测和预防技术。     

软件脆弱性分类法研究

软件脆弱性是系统安全受到各种威胁的根本原因，对软件脆弱性进行科学、合理、有实用价值的分类是研究软件脆弱性的基础。分析了软件脆弱性的本质，说明了分类法的基本原理，并重点分析了各种典型的软件脆弱性分类法的不足，提出了一种新的多维的软件脆弱性分类法的设计思路。     

设计类脆弱性研究

对目前的软件脆弱性分类方法进行了分析,针对Unix/Linux操作系统,提出了基于软件脆弱性所在部件和引入原因的二维度的脆弱性分类法,并简要说明了对引入原因的进一步分类的方法。设计类脆弱性是一类重要的软件脆弱性,但在已知的各种脆弱性分类中对设计脆弱性的分类几乎是空白。本文重点对其中的设计类脆弱性进行了研究,提出了将设计类脆弱性的划分方法,分成限制脆弱性、需求无法实现脆弱性、安全设计脆弱性、异常处理脆弱性、功能局限脆弱性和随机结果脆弱性等几类,并给出了每一类设计脆弱性的定义和典型的实例。     

计算机脆弱性分类的研究

脆弱性是复杂网络系统的固有本性，是网络攻防的焦点。通过对计算机脆弱性分类的研究，有助于增强人们对脆弱性本质的理解并加以消除。介绍了计算机脆弱性研究的现状及常见的几种分类法，阐述了一种综合了前人研究成果的多维度的脆弱性分类方法。     

软件脆弱性分类方法研究

分析了在分类标准、分类规则、框架结构以及分类视角等方面具有特色的软件脆弱性分类方法;在此基础上,提炼出脆弱性分类的要素,并对经典的分类法进行多角度的比较分析,总结出每个分类法的特点和主要问题,讨论了现今脆弱性分类研究的关键问题和发展趋势。     

软件脆弱性影响模式研究初步

软件脆弱性是威胁系统安全的根本原因，当软件脆弱性被利用时，会造成各种危害系统安全的影响。本文说明了软件脆弱性的本质，分析了与脆弱性造成影响相关的典型软件脆弱性分类性，提出了基于脆弱性造成的直接和间接影响、受脆弱性影响的对象、实施影响的方法等方面的脆弱性影响模式框架。     

基于Unix/Linux系统的软件脆弱性分类法

对目前的软件脆弱性分类方法进行了分析,说明了软件脆弱性的研究现状,提出了引入原因、所在部件、影响、修复、验证、检测和攻击等描述软件脆弱性的关键属性,针对Unix/Linux操作系统,提出了基于软件脆弱性所在部件和引入原因的二维度的脆弱性分类法,对分类法属性的选择进行了说明,详细描述了分类方法,并对设计脆弱性进行了重点说明.     

格式串脆弱性的原理、利用、检测和预防

利用格式串脆弱性进行攻击是网络攻击中新起的和危险的攻击方法.为解决格式串脆弱性问题,在研究和商业领域提出了各种各样的方案.从格式串函数堆栈布局等角度剖析了格式串脆弱性的原理;研究了利用格式串脆弱性进行任意读写等技巧;系统地分析了各种格式串脆弱性检测和预防技术的机制、特性、优点和不足.     

计算机网络脆弱性评估技术研究

计算机网络安全脆弱性评估是网络安全领域的研究热点。该文提出了计算机网络脆弱性评估的研究目标，指出了在研究过程中存在的若干问题。从总体上分析了近年来针对计算机网络脆弱性评估的若干研究方法和技术，包括从网络连通性进行网络评估、基于入侵路径的网络安全性评估、基于图的网络脆弱性分析、网络脆弱性分析工具、基于Agent的网络脆弱性分析、运用层次分析法的网络脆弱性评估以及基于漏洞依赖关系图的网络脆弱性评估等，同时指出了每种方法的可取之处及存在问题。     

软件脆弱性影响分析模型

软件脆弱性的本质是利用该脆弱性可以影响系统的安全。每个软件脆弱性对系统安全造成的影响及其危害程度是不同的。基于此,在研究软件脆弱性影响相关分类存在的问题的基础上,分析脆弱性的直接影响和最终影响及其关系,指出确定软件脆弱性直接影响的原则,设计出基于影响广度和深度的脆弱性直接影响的分析模型。分析系统级、用户级和文件级的脆弱性直接影响模式,并给出模型在大规模特定域网主动防御系统中的相关设计与实现。     

无线传感器网络密钥管理的方案和协议

以提供安全、可靠的保密通信为目标的密钥管理方案和协议的设计是无线传感器网络安全最为重要、最为基本的研究领域.无线传感器网络固有的特性使得密钥管理研究面临许多新挑战.介绍了密钥管理的安全评价和性能评价指标体系;还介绍了密钥管理的方案和协议的分类方法;着重综述和比较了典型的密钥管理方案和协议;最后指出了存在的开放问题及解决思路.目前的研究进展表明,全分布式、自组织性、容错容侵性、与地理信息相结合等研究问题将是下一步的重点研究方向.     

IP多播组密钥管理方案分类体系研究

IP多播组密钥管理问题是IP多播安全的核心问题。本文通过对现有组密钥管理方案和密钥管理本身规律的研究，给出了组密钥管理方案的详细分类，该分类对分析和改进已有方案、设计新的方案具有重要的指导意义。     

Cloud resource allocation schemes: review,taxonomy, and opportunities

Cloud computing has emerged as a popular computing model to process data and execute computationally intensive applications in a pay-as-you-go manner. Due to the ever-increasing demand for cloud-based applications, it is becoming difficult to efficiently allocate resources according to user requests while satisfying the service-level agreement between service providers and consumers. Furthermore, cloud resource heterogeneity, the unpredictable nature of workload, and the diversified objectives of cloud actors further complicate resource allocation in the cloud computing environment. Consequently, both the industry and academia have commenced substantial research efforts to efficiently handle the aforementioned multifaceted challenges with cloud resource allocation. The lack of a comprehensive review covering the resource allocation aspects of optimization objectives, design approaches, optimization methods, target resources, and instance types has motivated a review of existing cloud resource allocation schemes. In this paper, current state-of-the-art cloud resource allocation schemes are extensively reviewed to highlight their strengths and weaknesses. Moreover, a thematic taxonomy is presented based on resource allocation optimization objectives to classify the existing literature. The cloud resource allocation schemes are analyzed based on the thematic taxonomy to highlight the commonalities and deviations among them. Finally, several opportunities are suggested for the design of optimal resource allocation schemes.     

QoS-driven metaheuristic service composition schemes: a comprehensive overview

Services Oriented Architecture provides Web Services (WSs) as reusable software components that can be applied to create more complicate composite services for users according to the specified QoS limitations. However, considering many WSs that may be appropriate for each task of a user-submitted workflow, finding the optimal WSs for a composite WS to maximize the overall QoS is an NP-hard problem. As a result, numerous composition schemes have been suggested in the literature to untangle this problem by using various metaheuristic algorithms. This paper presents a comprehensive survey and taxonomy of such QoS-oriented metaheuristic WS composition schemes provided in the literature. It investigates how metaheuristic algorithms are adapted for the WS composition problem and highlight their main features, advantages, and limitations. Also, in each category of the studied composition schemes, a comparison of their applied QoS factors, evaluated metrics, exploited simulators, and properties of the applied metaheuristic algorithms are explained. Finally, the concluding remarks and future research directions are summarized to help researchers in working in this area.

     

面向对象的概念化个体分类结构的设计和实现

概念化个体的分类层次结构是智能信息处理系统中模型化问题域的一种有效方法。中探讨如何把概念化个体的分类层次结构与面向对象的程序设计风格和多种知识表示方法相结合，给出在面向对象环境下概念化个体的分类层次结构的设计及其实现算法。     

传感器网络安全研究综述

新的无线传感器网络正在兴起。结点环境、无线通信方式、结点有限的资源使得其安全问题尤其突出。本文对无线传感器网络的安全问题及其解决方案作分类和综述。首先从多个维度对WSN安全攻击进行分类,并总结不同协议层次的攻击方法;然后讨论目前的解决方案并分类归纳密钥分配算法,重点分析随机密钥分配算法;提出一种新的研究思路。     

Learning a taxonomy from a set of text documents

We present a methodology for learning a taxonomy from a set of text documents that each describes one concept. The taxonomy is obtained by clustering the concept definition documents with a hierarchical approach to the Self-Organizing Map. In this study, we compare three different feature extraction approaches with varying degree of language independence. The feature extraction schemes include fuzzy logic-based feature weighting and selection, statistical keyphrase extraction, and the traditional tf-idf weighting scheme. The experiments are conducted for English, Finnish, and Spanish. The results show that while the rule-based fuzzy logic systems have an advantage in automatic taxonomy learning, taxonomies can also be constructed with tolerable results using statistical methods without domain- or style-specific knowledge.     

Evolution of faceted taxonomies and CTCA expressions

A faceted taxonomy is a set of taxonomies each describing the application domain from a different (preferably orthogonal) point of view. CTCA is an algebra that allows specifying the set of meaningful compound terms (meaningful conjunctions of terms) over a faceted taxonomy in a flexible and efficient manner. However, taxonomy updates may turn a CTCA expression e not well-formed and may turn the compound terms specified by e to no longer reflect the domain knowledge originally expressed in e. This paper shows how we can revise e after a taxonomy update and reach an expression e′ that is both well-formed and whose semantics (compound terms defined) is as close as possible to the semantics of the original expression e before the update. Various cases are analyzed and the revising algorithms are given. The proposed technique can enhance the robustness and usability of systems that are based on CTCA and allows optimizing several other tasks where CTCA can be used (including mining and compressing). Yannis Tzitzikas is Assistant Professor in the Computer Science Department at University of Crete (Greece) and Associate Researcher in Information Systems Lab at FORTH-ICS (Greece). Before joining UofCrete and FORTH-ICS, he was postdoctoral fellow at the University of Namur (Belgium) and ERCIM postdoctoral fellow at ISTI-CNR (Pisa, Italy) and at VTT Technical Research Centre of Finland. He conducted his undergraduate and graduate studies (MSc, PhD) in the Computer Science Department at University of Crete. In parallel, he was a member of the Information Systems Lab of FORTH-ICS where he conducted basic and applied research around semantic-network-based information systems within several EU-founded research projects. His research interests fall in the intersection of the following areas: information systems, information indexing and retrieval, conceptual modeling, knowledge representation and reasoning, and collaborative distributed applications. His current research revolves around faceted metadata and semantics (theory and applications), the P2P paradigm (focusing on conceptual modeling issues, query evaluation algorithms and automatic schema integration techniques), and flexible interaction schemes for information bases. The results of his research have been published in more than 40 papers in refereed international conferences and journals, and he has received one best paper award (CIA'2003).     

Processor- and memory-based checkpoint and rollback recovery

Several hardware-based techniques that support checkpoint and rollback recovery are presented. The focus is on hardware schemes for uniprocessors, shared-memory multiprocessors, and distributed virtual-memory systems. A taxonomy for processor and memory techniques based on the memory hierarchy is presented. This provides a basis for understanding subtle differences among the various schemes. Processor-based schemes that handle transient faults by using processor-based transparent rollback techniques and memory-based schemes that roll back data instead of instructions and can be integrated with the processor techniques or can be exploited by higher levels of software are discussed     

Model‐based security testing: a taxonomy and systematic classification

Model‐based security testing relies on models to test whether a software system meets its security requirements. It is an active research field of high relevance for industrial applications, with many approaches and notable results published in recent years. This article provides a taxonomy for model‐based security testing approaches. It comprises filter criteria (i.e. model of system security, security model of the environment and explicit test selection criteria) as well as evidence criteria (i.e. maturity of evaluated system, evidence measures and evidence level). The taxonomy is based on a comprehensive analysis of existing classification schemes for model‐based testing and security testing. To demonstrate its adequacy, 119 publications on model‐based security testing are systematically extracted from the five most relevant digital libraries by three researchers and classified according to the defined filter and evidence criteria. On the basis of the classified publications, the article provides an overview of the state of the art in model‐based security testing and discusses promising research directions with regard to security properties, coverage criteria and the feasibility and return on investment of model‐based security testing. Copyright © 2015 John Wiley & Sons, Ltd.