吉比特数据链路层协议的设计与实现

针对利用DDR接口进行互联的网络系统,设计了一种吉比特（Gbps）数据链路协议,详细描述了协议如何解决数据链路协议必需解决的一般性问题和该特定网络系统所带来的新问题,介绍了协议是如何帮助系统完成数据通信的,并给出了该协议采用FPGA技术的实现方法以及系统的测试结果。     

The Process Enactment Tool Framework—Transformation of software process models to prepare enactment

Rich development process models contain information about structures for project organization and also for concrete outcomes of a project. However, rich processes are hard to implement. They often contain hundreds of pages of documentation. Development teams tend to be skeptical about rich processes in fear of additional effort, risking the benefits of rich tool support for enactment. Process enactment is a challenging task. There is no common methodology to quickly “implement” a development process in a tool or a set of tools. Often specialized tools are used to provide assistance during the project and it is the project manager’s task to consolidate the information with the rest of the team.The Process Enactment Tool Framework (PET) is a software tool that supports the transformation of a given formal development process into a format that project tools can work with. PET is an instrument to import processes based on a metamodel and provide exports for a specific project environment. PET takes an input software development process model and transforms it into an intermediate format that serves as the basis for a second transformation step into data formats of tools such as office suites or comprehensive ALM platforms. In this paper we present the tool framework and show how metamodel-based processes can be transformed into an environment that is ready to use for a project team. We show how PET is applied for the German V-Modell XT and for SPEM-based processes to generate, e.g., process templates for the Team Foundation Server or work product document templates.     

一种基于WebGIS的网络拓扑管理技术

将地理信息系统与网络拓扑管理结合,能够实现对网络设备故障快速直接的地理定位,赋予网管系统清晰直观、易于监控和管理的特性。提出了一种基于网络地理信息系统的层次化拓扑发现和拓扑显示技术,有效地实现了网络拓扑和地理信息系统的结合,实现了网络设备的对象化管理,实现了网络设备故障的快速直接的地理定位,为网络管理提供了新型的地理化的操作界面,为网络故障管理的研究应用提供了新的有效手段,并且可以使网络管理员随时随地对网络进行管理。     

Performance evaluation of wireless sensor network protocols for industrial applications

Recently, distributed wireless microsensor systems have provided more flexible leverage to emerging industrial applications. The tiny distributed wireless microsensor network systems, however, should be designed to overcome various constraints such as limited energy, bandwidth limit, and unexpected failure of communication under disturbances. In addition, their network topologies need to be managed with designated communication protocols. Thus, design of microsensor network protocols still needs to be application-specific. It should be also evaluated through designated tools at each level of networking characteristics. This research describes essential factors that affect the performance of sensor network systems in the design of wireless microsensor network protocols, and presents effective time-based network protocol and performance evaluation tool which are applicable for various protocols in industrial applications. The developed network evaluation tool, called TIE/MEMS, also includes functional comparison with recent protocols proposed for wireless microsensor networks, and provides design guidelines for multi-sensor network systems needed for emerging industrial applications.     

基于校园网的网络测量系统设计与实现

随着校园网日益规模化和复杂化,以及校园网和公网之间互访时会出现严重的瓶颈问题,如何提高校园网用户的服务质量和发现校园网中存在的不足是网络管理人员面临的重要问题.而要发现、分析和解决这些问题最根本的方法是进行网络测量.在分析了网络测量方法和网络测量工具的基础上,设计实现了一个基于校园网络的网络测量系统,从而为网络管理人员进行网络优化和网络部署等提供有效的辅助作用.     

计算机网络拓扑发现相关问题探讨

讨论常用的拓扑发现协议和工具,包括SNMP、ICMP、DNS以及ARP等其他工具．说明网络自动拓扑发现的基本工具各有利弊,在使用时,要根据网络的具体情况选择适当的发现工具,或者将多种工具结合起来使用．并且对于网络层拓扑发现提出改进算法。     

健康最重要 防辐射机箱该怎么选

讨论常用的拓扑发现协议和工具,包括SNMP、ICMP、DNS以及ARP等其他工具,说明网络自动拓扑发现的基本工具各有利弊,在使用时,要根据网络的具体情况选择适当的发现工具,或者将多种工具结合起来使用,并且对于网络层拓扑发现提出改进算法.     

E-pSyLon: a synchronous e-learning platform for staff training in large corporations

Synchronous e-learning is becoming increasingly popular as a tool for developing human resource training plans in large corporations. A synchronous e-training platform has been designed and implemented to explore the possibilities of synchronous e-training in a large corporation. The client tool is used by learners and instructors to collaborate in real-time during e-training activities. It is based on standard protocols also used in voice over IP, which makes it inter-operable with other software and hardware devices. The functionalities offered by the client tool have been chosen based on those provided by commercial tools, but focusing on the specific characteristics of users and network conditions of corporate environments. This facilitates highly interactive synchronous e-training activities. Multimedia configuration of activities is flexible, so participants with different network link capabilities can join activities. The e-training platform has been tested in real e-training activities in ArcelorMittal Spain. The opinions of the users reflect an enhanced learning experience when using the client tool.     

Improving the security of industrial networks by means of formal verification

Computer networks are exposed to serious security threats that can even have catastrophic consequences from both the points of view of economy and safety if such networks control critical infrastructures, such as for example industrial plants. Security must then be considered as a fundamental issue starting from the earlier phases of the design of a system, and suitable techniques and tools should be adopted to satisfy the security-related requirements. The focus of this paper is on how formal methods can help in analysing the standard cryptographic protocols used to implement security-critical services such as authentication and secret keys distribution in critical environments. The analysis of the 802.11 shared key authentication protocol by S³A, a fully automatic software tool that is based on a formal approach, is illustrated as a case study, which also highlights the peculiarities of analysing protocols based on wireless channels.     

Understanding Risk

Abstract

Over an extremely short period of our history, computer systems and the Internet have become a critical element in our social and economic infrastructure. Most would agree that information systems and, dare I say, information security, have evolved into the most critical elements of our economic infrastructure. Security has been charged with a simple task: to plan, implement, and manage an integrated, heterogeneous security environment across hardware, operating systems, middleware, network protocols, applications, and databases. There is just one small problem. Security technology is relatively immature. Security tools are weak or lacking. The tools that are available are product based — not enterprisewide, which leads to many uncommon and unworkable solutions.     

应用于网间互联控制协议的轻量级认证方法

针对天地一体化网络对网间互联安全控制的需求以及有限资源不能采用高计算复杂度认证方法的问题,提出了一种应用于网间互联控制协议的轻量级认证方法,在公钥加解密算法和签名算法中,采用了随机填充的思想,通过有限资源的计算,在网间互联控制协议中实现实体认证,采用形式化分析工具 Scyther 对协议进行安全性分析,并通过仿真实验和其他安全通信协议做性能比较,结果表明该方法可以满足网络有限资源计算的要求,且保证了安全性。     

Configuring policies in public health applications

Public health is a complex practice due to the requirements of different jurisdictions. These requirements present a challenging environment in which to develop public health applications; software must be flexible in order to adapt to the complexities of different jurisdictions. One approach is to integrate policy management. Policies that define the rules governing an application can be created, modified, or deleted based on the deployment of that application. This paper describes a software architecture and expert system implementation of a policy manager designed to address jurisdictional requirements in public health applications. We define our policy requirements and policy model, the components of the architecture, and how the architecture has been used to implement our policy manager. Finally, we present examples of how the policy manager has configured policies used in three public health applications.     

SPA:新的高效安全协议分析系统

研制高效的自动分析系统是密码协议安全性分析的一项关键任务,然而由于密码协议的分析非常复杂,存在大量未解决的问题,使得很多现有分析系统在可靠性和效率方面仍存在许多局限性．该文基于一种新提出的密码协议代数模型和安全性分析技术,设计并实现了一个高效的安全协议安全性自动分析系统(Security Protocol Analyzer,SPA)．首先对协议安全目标进行规范,然后从初始状态出发,采用有效的搜索算法进行分析证明,试图发现针对协议的安全漏洞．使用该系统分析了10多个密码协议的安全性,发现了一个未见公开的密码协议攻击实例．实验数据显示,该系统与现有分析工具相比,具有较高的分析可靠性和效率,可作为网络系统安全性评测以及密码协议设计的有效辅助工具．     

Extending Security Protocol Analysis: New Challenges

We argue that formal analysis tools for security protocols are not achieving their full potential, and give only limited aid to designers of more complex modern protocols, protocols in constrained environments, and security APIs. We believe that typical assumptions such as perfect encryption can and must be relaxed, while other threats, including the partial leakage of information, must be considered if formal tools are to continue to be useful and gain widespread, real world utilisation. Using simple example protocols, we illustrate a number of attacks that are vital to avoid in security API design, but that have yet to be modelled using a formal analysis tool. We seek to extract the basic ideas behind these attacks and package them into a wish list of functionality for future research and tool development.     

Windows补丁管理

现在每周都能发现许多新漏洞，打补丁已经成了一项繁重的任务。如何高效率地打补丁已成为网络管理人员非常关心的问题。本文叙述了补丁管理的重要性，介绍了Windows操作系统下多种补丁管理工具及多种安全漏洞扫描工具的选择、使用。     

Windows补丁管理

现在每周都能发现许多新漏洞,打补丁已经成了一项繁重的任务。如何高效率地打补丁已成为网络管理人员非常关心的问题。本文叙述了补丁管理的重要性,介绍了Windows操作系统下多种补丁管理工具及多种安全漏洞扫描工具的选择、使用。     

A MAS-based infrastructure for negotiation and its application to a water-right market

This paper presents a MAS-based infrastructure for the specification of a negotiation framework that handles multiple negotiation protocols in a coherent and flexible way. Although it may be used to implement one single type of agreement mechanism, it has been designed in such a way that multiple mechanisms may be available at any given time, to be activated and tailored on demand (on-line) by participating agents. The framework is also generic enough so that new protocols may be easily added. This infrastructure has been successfully used in a case study to implement a simulation tool as a component of a larger framework based on an electronic market of water rights.     

基于TCL的IPsec协议一致性测试

IPsec协议体系是IETF制定的新一代网络安全协议标准，用于在IP层为IPv4和IPv6提供可交互操作的、高质量的、基于加密的安全．针对协议一致性测试的要求和IPsec协议体系的特点，设计了一种基于Tcl的IPv6协议体系中的IPsec协议一致性测试系统，并给出一个实例说明如何使用该系统进行测试例的开发,实践表明，该系统具有方便、灵活、模块独立性好等优点，基于Tel的一致性测试是一种有效的协议一致性测试技术．     

基于PROFIBUS总线技术的工业网络的设计与实现

本文主要介绍了运用PROFIBUS现场总线技术构建企业的控制网络，实现数据采集与远程监控；并运用OPC接口技术实现总线控制网络和管理信息网络的无缝连接．提高了企业的综合自动化水平，管理水平。     

Tools for cryptographic protocols analysis: A technical and experimental comparison

The tools for cryptographic protocols analysis based on state exploration are designed to be completely automatic and should carry out their job with a reasonable amount of computing and storage resources, even when run by users having a limited amount of expertise in the field. This paper compares four tools of this kind to highlight their features and ability to detect bugs under the same experimental conditions. To this purpose, the ability of each tool to detect known flaws in a uniform set of well-known cryptographic protocols has been checked. Results are also given on the relative performance of the tools when analysing several known-good protocols with an increasing number of parallel sessions.