工业控制系统中的安全隐患分析

随着工业控制系统自动化水平的不断提高,工业自动化与信息化的融合程度也日益加深,在给企业带来巨大效益的同时,工业控制系统的安全面临严重威胁。通过分析工业控制系统中安全的主要特征以及存在的安全隐患,寻找切实可行的安全治理方法。借鉴国内外的技术和经验,应从加强对工业控制系统的安全性研究、采用安全的通信协议、建立完善的安全监督和保障体系、加强针对新型APT攻击技术的防范研究等方面着手,切实保障工业控制系统的安全平稳运行。     

Prototypes in the wild lessons from three ubicomp systems

As we mentioned earlier, testing ubicomp applications in field settings is particularly important. And although the approaches we discussed here can help, it's still difficult to field test and maintain a fully implemented system. Thus, a need exists for tools that allow researchers to rapidly deploy ubicomp applications in field settings. These tools should have paper prototyping's positive characteristics (ease of creation and deployment) but should also be scalable and interactive. While some tools are emerging for rapid field testing much work remains to be done.     

缓冲区溢出的安全隐患

本文主要介绍缓冲区溢出和输入检查漏洞利用技术,还介绍了计算机病毒是如何利用这些技术。     

Managing software security risks

Most organizations manage computer security risk reactively by investing in technologies designed to protect against known system vulnerabilities and monitor intrusions as they occur. However, firewalls, cryptography, and antivirus protection address the symptoms, not the root cause, of most security problems. Buying and maintaining a firewall, for example, is ineffective if external users can access remotely exploitable Internet-enabled applications through it. Because hackers attack software, improving computer security depends on proactively managing risks associated with software and software development. The current "penetrate and patch" approach of fixing broken software only after it has been compromised is insufficient to control the problem     

An economic mechanism to manage operational security risks for inter-organizational information systems

As organizations increasingly deploy Inter-organizational Information Systems (IOS), the interdependent security risk they add is a problem affecting market efficiency. Connected organizations become part of entire networks, and are subject to threats from the entire network; but members’ security profile information is private, members lack incentives to minimize impact on peers and are not accountable. We model the problem as a signaling-screening game, and outline an incentive mechanism that addresses these problems. Our mechanism proposes formation of secure communities of organizations anchored by Security Compliance Consortium (SCC), with members held accountable to the community for security failures. We study the interconnection decisions with and without the mechanism, and characterize conditions where the mechanism plays roles of addressing moral hazard and hidden information issues by screening the organizations’ security types and/or by providing them incentives to improve. We also discuss the welfare gains and the broad impact of the mechanism.     

Understanding privacy regulation in ubicomp interactions

Ubiquitous computing contains a huge promise for more intelligent services that are available anywhere and are able to dynamically adapt to the users’ current context. However, what necessarily follows such an environment is the compromising of the users’ privacy. We aim at analyzing this complex issue by applying and extending Altman’s theoretical privacy framework, well known in social sciences, to privacy in ubicomp. Altman understands privacy as a two-way interactive process, which makes the approach promising in analyzing ubicomp where people, devices and the environment interact with each other. We point out similarities between the existing model and the features of ubicomp environment, and verify the results by applying and analyzing the resulting extended framework to typical ubicomp use cases. Based on the analysis, we argue that privacy in ubicomp can be modeled similarly to privacy in general by extending the model to cover such factors as mediation and non-human actors.

浅析企业信息安全风险与对策

当前越来越多的企业已经把信息安全看做影响业务发展的核心因素之一,信息安全管理已经成为企业管理的重点。本文对当前企业信息安全风险的现状展开了探讨,并就信息安全政策,安全管理手段等方面进行了剖析,为企业做好、做强信息安全管理体系给出了一些通用性的标准,对企业构建信息安全管理体系,消除信息安全隐患,避免信息安全事件造成的损失,确保信息系统安全、稳定运行具有探索意义。     

云计算的安全风险及对策研究

云计算是在分布式计算、网络计算、并行计算等模式发展的基础上出现的一种新型的计算模型。文中介绍了云计算的发展现状,分析了云计算在其发展中存在的安全问题及其相应的相关对策和建议,分多种情况对云计算服务的安全问题进行了研究。     

Minimizing evolution-communication P systems and automata

Evolution-communication P systems are a variant of P systems allowing both rewriting rules and symport/antiport rules, thus having separated the rewriting and the communication. The purpose of this paper is to solve an open problem stated in Reference,¹⁾ namely generating the family of Turing computable sets of vectors of natural numbers instead of the family of Turing computable sets of natural numbers. The same construction also reduces the 3-membrane non-cooperative case and the 2-membrane 1-catalyst case to the 2-membrane non-cooperative case. Also, EC P automata are introduced and it is proved that 2-membrane EC P automata with a promoter can accept all recursively enumerable languages. Finally, a definition of an extended system is given, and its universality is proved using the rules of more restricted types. Artiom Alhazov: He has graduated from Mathematics and Computer Science, State University of Moldova in 2001, and is currently a Ph.D. student in Chişinăm, Moldova, and Tarragona, Spain. He has won prizes at 3 National Olympiads in Informatics and in Mathematics (1995 and 1996), participated at 8th International Olympiad in Informatics (Veszprem, Hungary, 1996). He has experience in programming and teaching, and has published 18 papers, mostly in Membrane Computing. His interests are Origami, Mathematics, Programming, Theoretical Computer Science, Formal Linguistics and Biocomputing.     

Privacy risks in recommender systems

Recommender system users who rate items across disjoint domains face a privacy risk analogous to the one that occurs with statistical database queries     

金融计算机网络安全隐患及防范措施

信息化时代的飞速发展给人们的生活带来了很大便利,人们已经从一个传统金融模式时代迈向了由网络作为基础的网络经济时代,金融计算机网络已经逐渐的渗入到了我们的日常生活.大数据、物联网和移动支付的兴起推动了金融计算机网络发展,同时越来越多的安全隐患暴露了出来.本文通过系统分析,旨在为广大金融IT产品用户找到一种规避风险的安全服务.     

The subtle security risks of web services

Web Services have helped many organizations revitalize their legacy applications by offering a simple, language and platform independent way for applications to communicate. There are, however, many common mistakes made when implementing Web Services that create infrastructure vulnerabilities and leave applications exposed. This paper takes a look, from the developer perspective, at some of the more insidious vulnerabilities that may come bundled with web services with a view towards prevention.     

Privacy security in control systems

Science China Information Sciences -     

Minimizing delivery cost in scalable streaming content distribution systems

Recent scalable multicast streaming protocols for on-demand delivery of media content offer the promise of greatly reduced server and network bandwidth. However, a key unresolved issue is how to design scalable content distribution systems that place replica servers closer to various client populations and route client requests and response streams so as to minimize the total server and network delivery cost. This issue is significantly more complex than the design of distribution systems for traditional Web files or unicast on-demand streaming, for two reasons. First, closest server and shortest path routing does not minimize network bandwidth usage; instead, the optimal routing of client requests and server multicasts is complex and interdependent. Second, the server bandwidth usage increases with the number of replicas. Nevertheless, this paper shows that the complex replica placement and routing optimization problem, in its essential form, can be expressed fairly simply, and can be solved for example client populations and realistic network topologies. The solutions show that the optimal scalable system can differ significantly from the optimal system for conventional delivery. Furthermore, simple canonical networks are analyzed to develop insights into effective heuristics for near-optimal placement and routing. The proposed new heuristics can be used for designing large and heterogeneous systems that are of practical interest. For a number of example networks, the best heuristics produce systems with total delivery cost that is within 16% of optimality.