Goal-oriented dynamic test generation

ContextMemory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice.ObjectiveThis paper presents a goal-oriented testing approach for effectively and efficiently exploring security vulnerability errors. A goal is a potential safety violation and the testing approach is to automatically generate test inputs to uncover the violation.MethodWe use type inference analysis to diagnose potential safety violations and dynamic symbolic execution to perform test input generation. A major challenge facing dynamic symbolic execution in such application is the combinatorial explosion of the path space. To address this fundamental scalability issue, we employ data dependence analysis to identify a root cause leading to the execution of the goal and propose a path exploration algorithm to guide dynamic symbolic execution for effectively discovering the goal.ResultsTo evaluate the effectiveness of our proposed approach, we conducted experiments against 23 buffer overflow vulnerabilities. We observed a significant improvement of our proposed algorithm over two widely adopted search algorithms. Specifically, our algorithm discovered security vulnerability errors within a matter of a few seconds, whereas the two baseline algorithms failed even after 30 min of testing on a number of test subjects.ConclusionThe experimental results highlight the potential of utilizing data dependence analysis to address the combinatorial path space explosion issue faced by dynamic symbolic execution for effective security testing.     

Integrated smart grid systems security threat model

The smart grid (SG) integrates the power grid and the Information and Communication Technology (ICT) with the aim of achieving more reliable and safe power transmission and distribution to the customers. Integrating the power grid with the ICT exposes the SG to systems security threats and vulnerabilities that could be compromised by malicious users and attackers. This paper presents a SG systems threats analysis and integrated SG Systems Security Threat Model (SSTM). The reference architecture of the SG, with its components and communication interfaces used to exchange the energy-related information, is integrated with the results of SG systems security threat analysis to produce a comprehensive, integrated SG SSTM. The SG SSTM in this paper helps better depict and understand the vulnerabilities exploited by attackers to compromise the components and communication links of the SG. The SG SSTM provides a reference of the systems security threats for industrial security practitioners, and can be used for design and implementation of SG systems security controls and countermeasures.     

城市给水系统地震风险分析及震后供水

汶川地震导致重灾区绵竹市给水系统严重受损,供水中断数日后逐渐恢复供水,结合数次地震对供水系统震损统计和经验,总结了城市给水系统各组成部分主要的震损形式.以西部大城市地表水给水系统为例,对水源水库、输水管渠、净水厂及给水管网进行了地震脆弱性分析;针对汶川地震后应急供水经验,提出了临时应急供水和系统恢复供水技术措施;震后居民临时安置房建设及用水具有明显的特殊性,确定了给水及消防设计方案.     

TCP/IP协议的脆弱性与相应的对策

TCP/IP是目前网络环境中广泛采用的联网协议。分析了TCP/IP协议存在的安全隐患和具体实现中的一些弱点,介绍了利用相应的弱点进行攻击的方法。最后,给出一些防止攻击者利用这些弱点进行攻击的方法。     

软件结构脆弱性分析

文章首先应用系统工程定性定量的方法,以语言性质为基础,通过语义关系量化软件的动态运行过程,在整体上以软件元素及其关系架构起软件的系统关系结构,其次对软件结构的脆弱性进行数学建模,以变异S-粗集的演算对软件运行过程的迁移特性进行分析,建立软件元素运行过程的迁移方程式组,通过推导得到软件结构的随机概率特征值,度量出软件结构的脆弱性,然后给出了软件脆弱度的主动控制方法,以及软件攻击面和可信性的计算方法,并提出制定完备编程规范的工程规则.最后测试了两个开源软件对该方法进行验证,并系统地分析了实验过程和相关数据.     

基于补丁引发新漏洞的防攻击方法研究

文章针对漏洞补丁的修补方法进行了深入研究,分析了漏洞补丁后可能引入新的安全隐患,提出了基于漏洞补丁引发新漏洞的漏洞挖掘方法,并进行了方法论证.最后以使用此方法发现的Windows操作系统未知漏洞案例验证了该方法的有效性.     

Standardising vulnerability categories

Each vulnerability scanner (VS) represents, identifies and classifies vulnerabilities in its own way, thus making the different scanners difficult to study and compare. Despite numerous efforts by researchers and organisations to solve the disparity in vulnerability names used in the different VSs, vulnerability categories have still not been standardised. This paper highlights the importance of having a standard vulnerability category set. It also outlines an approach towards achieving this goal by generating a standard set of vulnerability categories. A data-clustering algorithm that employs artificial intelligence is used for this purpose. The significance of this research results from having an intelligent technique that aids in the generation of standardised vulnerability categories in a relatively fast way. In addition, the technique is generic in the sense that it allows one to accommodate any VS currently known on the market to create such vulnerability categories. Another benefit is that the approach followed in this paper allows one to also compare various VSs currently available on the market. A prototype is presented to verify the concept.     

计算机网络安全问题及防范措施

随着计算机技术和网络技术的高速发展,我国的计算机信息化建取得了可观的成绩,计算机渗入人们的生产生活中,成为工业、农业和国防等方面的重要信息交换手段。但是随着计算机网络技术的发展,网络安全也受到前所未有的威胁,所以本文对计算机网络安全问题进行较详细的研究。首先对网络安全问题的研究发展做出了简单的介绍,然后详细的介绍了网络中常见的安全威胁,最后阐述了针对计算机网络安全管理的措施。     

基于校园Web服务安全策略的应用与研究

文章在分析了校园web信息系统安全现状、Web应用安全威胁产生的原因等基础上,提出了Web信息系统的安全防护策略,重点阐述了Web应用防火墙和IPS入侵保护系统在Web信息应用系统中的应用。实际使用表明,Web应用防火墙的使用,有效地解决了Web服务器群在网络运行中的安全性问题,阻断了黑客绕过网络层的防护,对Web应用系统的恶意攻击和篡改。     

Unipolar Depression, Life Context Vulnerabilities, and Drinking to Cope.

This study followed baseline samples of 424 unipolar depressed patients and 424 community controls across 10 years to investigate the association between depression and alcohol-related coping and to examine how life context vulnerabilities underlie the risk for depressed individuals to rely on drinking to cope. Findings supported all hypotheses. Depressed patients engaged in more drinking to cope than did community controls. Within individuals, more negative life events and less family support were associated with more drinking to cope across the 4 observations. Depressed patients experienced more negative life events and less family support than did community controls. These underlying life context vulnerabilities explained the relationship between depressed patient status and drinking to cope. (PsycINFO Database Record (c) 2010 APA, all rights reserved)