Integrated smart grid systems security threat model

The smart grid (SG) integrates the power grid and the Information and Communication Technology (ICT) with the aim of achieving more reliable and safe power transmission and distribution to the customers. Integrating the power grid with the ICT exposes the SG to systems security threats and vulnerabilities that could be compromised by malicious users and attackers. This paper presents a SG systems threats analysis and integrated SG Systems Security Threat Model (SSTM). The reference architecture of the SG, with its components and communication interfaces used to exchange the energy-related information, is integrated with the results of SG systems security threat analysis to produce a comprehensive, integrated SG SSTM. The SG SSTM in this paper helps better depict and understand the vulnerabilities exploited by attackers to compromise the components and communication links of the SG. The SG SSTM provides a reference of the systems security threats for industrial security practitioners, and can be used for design and implementation of SG systems security controls and countermeasures.     

电信运营商信息安全管控架构及集中策略研究

本文对运营商信息安全集中管控架构演进和信息安全管控策略面临的问题进行了深入分析，提出了信息安全集中管控架构的演进方向建议及对信息安全监控策略工作优化的若干意见。     

基于边缘和局部熵融合的视觉安全性评估方法

针对基于局部熵进行加密图像视觉安全性评估存在块效应的局限性，引入图像的边缘特征，通过共有边缘来衡量加密图像与原始图像的边缘相似度，消除了块效应。由于局部熵对加密等级低的图像不敏感，边缘相似度对加密等级高的图像不敏感，将两个评估方法进行自适应融合，提出[SLEES]（Local Entropy and Edge Similarity，[SLEES]）指标。通过改变图像像素位置和图像像素值的加密方式处理图像和视频帧进行测试，实验结果表明，[SLEES]指标相比传统评估指标有更好的鲁棒性，评估范围更广。     

Interventions for long-term software security: Creating a lightweight program of assurance techniques for developers

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team's motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. We tested the interventions in a participatory action research field study where we delivered the workshops to three software development organizations and evaluated their effectiveness through interviews beforehand, immediately afterwards, and after twelve months. We found that the interventions can be effective with teams with limited or no security experience and that improvement is long-lasting. This approach and the learning points arising from the work here have the potential to be applied in many development teams, improving the security of software worldwide.     

PLC与单片机之间的串行通信及应用

在工业自动化控制领域,较为重要的内容就是PLC和单元机之间的远距离控制,并且在自控系统设计过程中,经常遇到的难题就是PLC和单片机之间远距离通信,基于PLC和单片机两者优势充分发挥的基础上,能够确保PLC和单片机之间串行通信的良好实现。本文基于实际情况的基础上,通过对现阶段较为常见且应用较为广泛的单片机进行分析探讨。     

增强现实中基于位置安全性的LBS位置隐私保护方法

为了解决基于位置的服务(LBS)和增强现实(AR)技术快速发展带来的用户位置隐私泄露的隐患,分析了现有的位置隐私保护方法的优缺点,提出基于位置安全性的位置隐私保护方法。将区域安全度和伪装区域引入该方法中,将提示某区域是否需要保护这一度量标准定义为区域安全度,非安全区域(即需要给予保护的区域)的区域安全度设置为1,安全区域(即不需要保护的区域)设置为0,通过扩大区域安全度和识别等级来计算位置安全度。实验结果表明,该方法与未引入位置安全性的方法相比降低了平均定位误差,提高了平均安全性,从而有效地保护了用户的位置隐私,提高了LBS的服务质量。     

面向物联网的隐私数据安全问题研究

随着社会的发展,物联网已成为社会发展的重要新兴产业,在各个领域中广泛应用。物联网是基于互联网技术产生的,在物联网的运行过程中势必会产生大量数据,这些数据都是客户的隐私,切实保护好客户隐私是物联网进一步发展的首要条件。在面向物联网的隐私数据安全问题时,相关技术人员一定要清楚威胁物联网隐私数据安全的主要途径,加大安全防护力度,保护人们的隐私。文章从信息获取、信息传输以及信息处理3个途径,对隐私数据安全问题进行探讨,并提出一些加大隐私安全防护的举措。     

A Proposal for Addressing Security Issues Related to Dynamic Code Loading on Android Platform

One of the constant challenges faced by the Android community, when it comes to the safety of the end users, is the ability of applications to load code dynamically. This mechanism may be used for both legitimate and malicious purposes. A particular problem is the fact that remote code is not analyzed during the verification process because it doesn’t have to be present in the application package at the publishing time. Previous research has shown that using this concept in an insecure way can cause serious consequences for the user and his device. Solving this problem has proved to be a big challenge that many have tried to address in different ways. This paper deals with the problem of dynamic code loading on Android platform. For the purpose of this paper, an application that demonstrates the abuse of the dynamic code loading concept has been developed and published in the Google Play Store. Also, a proposal of the modified Android ecosystem that should address this problem and improve the security of the whole platform is given.     

我国现状能源与水纽带关系定量识别

以省级行政区为研究对象,以2017年为研究时段,分析我国社会水循环过程耗能及电力生产耗水。结果显示:2017年我国社会水循环过程耗电总量为10 828.1亿kW·h,占当年我国全社会用电总量的17.2%,终端用水是最大的耗能环节;2017年我国电力生产过程耗水量为65.7亿m~3,占当年全社会耗水总量的2%;火电是我国最耗水的电源,其耗水量占全国电力开发耗水总量的78%。基于计算结果,提出了实现能源-水协同安全的相关建议。     

风电扭矩限制器性能测控系统设计

扭矩限制器是风力发电机组中用于过载保护的关键部件，但目前对其打滑扭矩、疲劳寿命等性能的测试存在流程复杂、自动化程度低、功能单一等缺点，为此设计了一种风电扭矩限制器性能测控系统。根据测控系统的功能要求，首先进行了硬件结构设计，选用PLC为下位机主控单元，工控机作为上位机管理及监控单元。随后采用组态软件设计了人机交互界面，并编写PLC控制程序，实现了对测控系统的控制和管理。经过现场应用证明，该测控系统具有运行稳定、方便快捷的特点，能够满足扭矩限制器的测试要求。