高校网络安全建设的探索与思考

The construction of cybersecurity is an important part of the information construction in university. It is an indispensable condition to help the information construction and a strong guarantee to serve the information support of teachers and students in uni- versity. The cybersecurity environment, atmosphere and guarantee ability of university need to be improved. Based on the related work and achievements of cybersecurity construction, some general schemes are put forward to provide reference for cybersecurity construction in university.     

“双一流”背景下专业基础课程培养创新人才

在“双一流”背景下,结合我校“工学并举”的办学特色,于电子技术基础专业课程中探索创新人才培养方法。根据“双一流”建设要求,更新教师和学生的观念,引导学生自主学习、主动实践、主动探索；采用“互联网+课堂”的教学模式,利用“课前(预习+问题)+课上(讲授+讨论)+课后(复习+举例)+课余(大作业+竞赛)”的互动模式；引入相关科技前沿,注重启发式教学,应用案例教学法,创设问题情境,开阔学生视野,培养学生的创新意识。通过科技竞赛等活动,促进学生的自主学习能力和实践能力,培养他们敢于尝试不怕失败的创新精神。     

Interventions for long-term software security: Creating a lightweight program of assurance techniques for developers

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team's motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. We tested the interventions in a participatory action research field study where we delivered the workshops to three software development organizations and evaluated their effectiveness through interviews beforehand, immediately afterwards, and after twelve months. We found that the interventions can be effective with teams with limited or no security experience and that improvement is long-lasting. This approach and the learning points arising from the work here have the potential to be applied in many development teams, improving the security of software worldwide.     

新工科背景下食品类专业人才创新实践能力培养模式的构建与实践

食品类专业人才的创新实践能力培养是食品产业的行业需求,该行业仍存在产业规模巨大而创造能力不足的矛盾问题。文章立足于新工科时代背景,结合高校食品学院在教学中存在的问题,从课程体系、资源整合、师资配置3个方面探究食品类专业人才创新实践能力培养模式的构建与实践,以期为增强食品类人才的创新能力和实践能力提供改革思路。     

广西水利电力职教集团在基层水利人才队伍建设中的作用

分析了广西水利行业职工队伍的结构及其存在的问题,介绍了广西水利电力职业教育集团的基本情况,论述了该集团的运作方式及其在基层水利人才队伍建设中进行的有益的探索,探讨了集团今后的发展思路。     

“中国制造2025”背景下“班组长型”人才培养的挑战与应对

"班组长型"人才正是实现"中国制造2025"宏伟蓝图的基层驱动力量之一,"班组长型"人才的培养是当前相关职业院校重要任务,分析了"中国制造2025"对当前高职教育的新挑战以及对企业班组长的新要求,并提出了"中国制造2025"背景下"班组长型"人才培养的应对措施。     

Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis

Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as the most representative cases. Thus, cybersecurity for PLCs is considered essential, and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks. In this study, a vulnerability analysis was conducted on the XGB PLC. Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack, memory modulation attack, and FTP/Web service account theft for the verification of the results. Based on the results, the attacks were proven to be able to cause the PLC to malfunction and disable it, and the identified vulnerabilities were defined.     

洛克希德·马丁公司网络军工产业研究

洛克希德·马丁公司(以下简称“洛马”)是美国一家拥有百年历史的国防承包商,在百年发展历程中,洛马以美国国家安全需求为牵引,逐渐成长为世界最大军工集团。伴随网络时代的来临和新安全威胁的涌现,洛马加大网络空间作战技术的研发力度和资金投入,为美国加强网络国防能力建设铸剑护航。研究以洛马网络军工产业发展为脉络,对其网络安全全谱能力进行了综合梳理;同时,多角度分析了其创新的发展路径。     

论教育创新与创新人才培养

论述了当前教育创新的必要性,指出教育必须要寻找创新切入点和主攻方向,并对培养创新人才途经作了探讨。     

高师院校工科院系人才培养的优化研究

针对高师院校工科院系的人才培养优化问题,从人才综合素质、创新能力、终身学习能力、竞争意识合作精神等方面的培养对其进行了阐述,以使大学生能够紧跟时代步伐,适应社会发展的需要。