Interventions for long-term software security: Creating a lightweight program of assurance techniques for developers

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team's motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. We tested the interventions in a participatory action research field study where we delivered the workshops to three software development organizations and evaluated their effectiveness through interviews beforehand, immediately afterwards, and after twelve months. We found that the interventions can be effective with teams with limited or no security experience and that improvement is long-lasting. This approach and the learning points arising from the work here have the potential to be applied in many development teams, improving the security of software worldwide.     

增强现实中基于位置安全性的LBS位置隐私保护方法

为了解决基于位置的服务(LBS)和增强现实(AR)技术快速发展带来的用户位置隐私泄露的隐患,分析了现有的位置隐私保护方法的优缺点,提出基于位置安全性的位置隐私保护方法。将区域安全度和伪装区域引入该方法中,将提示某区域是否需要保护这一度量标准定义为区域安全度,非安全区域(即需要给予保护的区域)的区域安全度设置为1,安全区域(即不需要保护的区域)设置为0,通过扩大区域安全度和识别等级来计算位置安全度。实验结果表明,该方法与未引入位置安全性的方法相比降低了平均定位误差,提高了平均安全性,从而有效地保护了用户的位置隐私,提高了LBS的服务质量。     

面向物联网的隐私数据安全问题研究

随着社会的发展,物联网已成为社会发展的重要新兴产业,在各个领域中广泛应用。物联网是基于互联网技术产生的,在物联网的运行过程中势必会产生大量数据,这些数据都是客户的隐私,切实保护好客户隐私是物联网进一步发展的首要条件。在面向物联网的隐私数据安全问题时,相关技术人员一定要清楚威胁物联网隐私数据安全的主要途径,加大安全防护力度,保护人们的隐私。文章从信息获取、信息传输以及信息处理3个途径,对隐私数据安全问题进行探讨,并提出一些加大隐私安全防护的举措。     

A Proposal for Addressing Security Issues Related to Dynamic Code Loading on Android Platform

One of the constant challenges faced by the Android community, when it comes to the safety of the end users, is the ability of applications to load code dynamically. This mechanism may be used for both legitimate and malicious purposes. A particular problem is the fact that remote code is not analyzed during the verification process because it doesn’t have to be present in the application package at the publishing time. Previous research has shown that using this concept in an insecure way can cause serious consequences for the user and his device. Solving this problem has proved to be a big challenge that many have tried to address in different ways. This paper deals with the problem of dynamic code loading on Android platform. For the purpose of this paper, an application that demonstrates the abuse of the dynamic code loading concept has been developed and published in the Google Play Store. Also, a proposal of the modified Android ecosystem that should address this problem and improve the security of the whole platform is given.     

我国现状能源与水纽带关系定量识别

以省级行政区为研究对象,以2017年为研究时段,分析我国社会水循环过程耗能及电力生产耗水。结果显示:2017年我国社会水循环过程耗电总量为10 828.1亿kW·h,占当年我国全社会用电总量的17.2%,终端用水是最大的耗能环节;2017年我国电力生产过程耗水量为65.7亿m~3,占当年全社会耗水总量的2%;火电是我国最耗水的电源,其耗水量占全国电力开发耗水总量的78%。基于计算结果,提出了实现能源-水协同安全的相关建议。     

Better safe than sorry? Stated preferences and the precautionary principle for securing drinking water quality in an Italian district

We apply Contingent Valuation (CV) to investigate individuals’ preferences concerning an alleged contaminant – asbestos contained in fibrolite pipes – which, although not identified so far as a major threat to drinking water, is raising public concern. In the district of Gorizia in Northern Italy, though contrary to the recommendations of experts, mean WTP is high enough to justify an accelerated replacement of pipes as a precautionary measure. However, interviews reveal a strong polarization, and still provide inconclusive recommendations for policy. Our analysis contributes to the debate on the applicability of stated-preference techniques to choices concerning the precautionary principle when highly emotional topics are under discussion.     

Towards secure cyber-physical information association for parts

Counterfeiting is a significant problem for safety-critical systems, since cyber-information, such as a quality control certification, may be passed off with a flawed counterfeit part. Safety-critical systems, such as planes, are at risk because cyber-information cannot be provably tied to a specific physical part instance (e.g., impeller). This paper presents promising initial work showing that using piezoelectric sensors to measure impedance identities of parts may serve as a physically unclonable function that can produce unclonable part instance identities. When one of these impedance identities is combined with cyber-information and signed using existing public key infrastructure approaches, it creates a provable binding of cyber-information to a specific part instance. Our initial results from experimentation with traditionally and additively manufactured parts indicate that it will be extremely expensive and improbable for an attacker to counterfeit a part that replicates the impedance signature of a legitimate part.     

基于一种云计算数据保护的多级加密算法的应用研究

云计算是分布式计算技术的一种,其最基本的概念是透过网络将庞大的计算处理程序自动分拆成无数个较小的子程序,再交由多部服务器所组成的庞大系统经搜寻、计算分析之后将处理结果回传给用户。云计算中的数据泄漏已经成为云计算的巨大威胁,据不完全统计数据,仅在2019年1年,大约有超40亿条信息被泄露。这些信息涵盖科技、医疗、政府、金融、教育、制造等十几个领域数百个行业,数据泄露已经成为云计算中数据安全的巨大威胁。主要提出了一种多级加密算法,能更好地保护云计算中的数据,并能以极小的成本在云计算中得到应用。     

Internet use and farm households food and nutrition security nexus: The case of rural Ghana

The impact of internet use on food and nutrition security of rural households in Ghana is investigated in this study. To offset the potential challenge of selection bias, an endogenous treatment regression (ETR) technique is utilized for the analysis.. The results reveal that Internet use can improve smallholder farmers’ food and nutrition security. Internet usage has a profound positive effect on the food security of households with off-farm work and larger size of landholding. Our results suggest the intensification of efforts to enhance Internet connectivity across the nation by the government and policymakers is essential since it can go a long way to affect household welfare. The findings also highlight the importance of information and communication technologies (ICTs), the Internet, patronization to improve rural household welfare.