共查询到20条相似文献,搜索用时 15 毫秒
1.
2.
《Information Security Journal: A Global Perspective》2013,22(1):1-7
ABSTRACT Adversary threats to critical infrastructures have always existed during times of conflict, but threat scenarios now include peacetime attacks from anonymous computer hackers. Current events, including examples from Israel and Estonia, prove that a certain level of real-world disorder can be achieved from hostile data packets alone. The astonishing achievements of cyber crime and cyber espionage – to which law enforcement and counterintelligence have found little answer – hint that more serious cyber attacks on critical infrastructures are only a matter of time. Still, national security planners should address all threats with method and objectivity. As dependence on IT and the Internet grow, governments should make proportional investments in network security, incident response, technical training, and international collaboration. 相似文献
3.
为保障网络空间安全,需要加强网络空间安全人才队伍建设,实训是把学生培养成为高素质复合型人才的重要手段。通过分析我国网络空间安全人才队伍建设现状,构建实训课程体系和实训平台,设计实训大纲和实训竞赛平台,形成了校企合作、教学与竞赛相结合的实训体系。实践证明,此网络空间安全实训设计能有效提高学生的网络空间安全技术能力,具有一定的推广价值,为高校培养应用型、复合型人才提供了新思路。 相似文献
4.
“云计算”(CloudComputing)作为崭新的互联网应用模式,被称为科学技术领域里的又一次革命,具有超大规模、虚拟化、高可靠性、通用性和成本低廉等特点,它的出现彻底改变了旧有的互联网应用模式。“云计算”在带来诸多便利的同时,也给国家的信息安全带来新的挑战。本文介绍了“云计算”的概念,并讨论了“云计算”对国家信息安全的影响。 相似文献
5.
6.
A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks 总被引:2,自引:0,他引:2
A comprehensive network security management system must coordinate detection and scanning tools for converged networks; derive fully-integrated attack and network models; perform vulnerability and multi-stage attack analysis; support large-scale attack visualization; and possibly orchestrate strategic responses to unwarranted actions that cross network boundaries. We present an architecture that embodies these principles. The unified network security management system described in this paper gleans data from a suite of detection tools for various networking domains. Aggregate real-time network data supplies a comprehensive modeling framework used for further analysis, correlation, and visualization. The resulting system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.Jerald Dawkins is Founder and Chief Scientist of Digital Enterprise Security Associates, LLC located in Tulsa, Oklahoma. His academic and professional endeavors have provided him with a background in computer security, attack management, risk analysis, and software engineering. He received his B.S. (Computer Science) degree from Fort Lewis College in 1999 and his M.S. and Ph.D. (Computer Science) from the University of Tulsa in 2003 and 2005, respectively.Kevin Clark is a Masters student at the University of Tulsa. He has been involved with research focusing on Security Risk Metrics, Automated Attack Generation and Analysis, and Attack Visualization.Gavin Manes is a Research Assistant Professor at the Center for Information Security and the University of Tulsa. His research interests are information assurance, digital forensics, telecommunications security, and critical infrastructure protection. 相似文献
7.
基于BGP的域间路由系统是下一代互联网的关键基础设施.本文系统地分析了下一代互联网域间路由系统的脆弱性,建立了下一代互联网域间路由的攻击模型对各种攻击目标和攻击方式进行描述,并从多个层次对BGP-4和BGP4+的安全能力进行分析与比较.此外,我们给出了路由攻击检测系统方案,该方法可有效实现域间路由系统的安全控制 相似文献
8.
网络靶场是用于网络空间安全研究,利用计算机仿真技术创建的高度近似于真实网络空间运行机制的可信、可控、可定制的重要基础设施.结合网络空间安全发展态势,归纳分析并重新定义了网络靶场的概念,提出了网络靶场的基本服务能力.立足体系结构、实现技术和功能需求等属性特征,选择目前具有代表性的典型网络靶场进行了分析.在此基础上,重点从... 相似文献
9.
针对当前自动机模型对系统状态表达不完整,单一视角建模无法满足网络攻防行为刻画需求的问题,本文提出一种视角可变的变焦有限自动机(Zooming Finite Automata,ZFA)结构。ZFA使用完整的参量集合取值对状态进行标示,设置观测系数增强模型对于多角度分析系统行为过程的能力。结合ZFA结构给出了网络攻防模型和安全性能分析方法,分析揭示了传统安全手段的天然劣势以及移动目标防御技术的局限性。最后,讨论了网络空间拟态防御(Cyberspace Mimic Defense,CMD)技术中核心部件——异构执行体的实现结构,从理论上证明了构建“多参数”不确定性可获得超线性增益。 相似文献
10.
为了提高并行程序中共享内存数据的读写访问性能,事务内存机制于1993年被提出。因为事务内存机制直接涉及内存数据的读写控制,所以也得到了系统安全研究人员的极大关注。2013年,Intel公司开始支持TSX(Transactional Synchronizatione Xtension)特性,第一次在广泛使用的计算机硬件中支持事务内存机制。利用事务内存机制的内存访问跟踪、内存访问信号触发和内存操作回滚,以及Intel TSX特性的用户态事务回滚处理、在Cache中执行所有操作和硬件实现高效率,研究人员完成了各种的系统安全研究成果,包括:授权策略实施、虚拟机自省、密钥安全、控制流完整性、错误恢复和侧信道攻防等。本文先介绍了各种基于事务内存机制的研究成果;然后分析了现有各种系统安全研究成果与事务内存机制特性之间的关系,主要涉及了3个角度:内存访问的控制、事务回滚处理、和在Cache中执行所有操作。我们将已有的研究成果的技术方案从3个角度进行分解,与原有的、不基于事务内存机制的解决方案比较,解释了引入事务内存机制带来的技术优势。最后,我们总结展望了将来的研究,包括:硬件事务内存机制的实现改进,事务内存机制(尤其是硬件事务内存机制)在系统安全研究中的应用潜力。 相似文献
11.
近年来,随着关键基础设施控制系统的标准化、智能化、网络化发展,针对关键基础设施的网络攻击日益增多.电力、石化、轨道交通等涉及国计民生的关键基础设施一旦被攻击,很可能造成灾难性后果.关键基础设施信息安全成为悬在各国政府头上的达摩克利斯之剑,采取措施加强其信息安全保障能力势在必行.本文首先介绍了关键基础设施的基本概念以及关键基础设施中应用的典型工业控制系统,分析了关键基础设施信息安全事件的特点,阐述了工业控制系统面临的信息安全挑战,并针对这些挑战提出了相应的措施建议. 相似文献
12.
Almost everyone recognizes the salience of cyberspace as a fact of daily life. Given its ubiquity, scale, and scope, cyberspace has become a fundamental feature of the world we live in and has created a new reality for almost everyone in the developed world and increasingly for people in the developing world. This paper seeks to provide an initial baseline, for representing and tracking institutional responses to a rapidly changing international landscape, real as well as virtual. We shall argue that the current institutional landscape managing security issues in the cyber domain has developed in major ways, but that it is still “under construction.” We also expect institutions for cyber security to support and reinforce the contributions of information technology to the development process. We begin with (a) highlights of international institutional theory and an empirical “census” of the institutions-in-place for cyber security, and then turn to (b) key imperatives of information technology-development linkages and the various cyber processes that enhance developmental processes, (c) major institutional responses to cyber threats and cyber crime as well as select international and national policy postures so critical for industrial countries and increasingly for developing states as well, and (d) the salience of new mechanisms designed specifically in response to cyber threats. 相似文献
13.
In this paper, the security issues of cyber‐physical systems under undetectable attacks are studied. The geometric control theory is used to investigate the design, implementation, and impact evaluation of undetectable attacks. First, a feedforward‐feedback structure for undetectable attacks is proposed, which provides a designable form for an attack to be undetectable. The corresponding attack strategy is designed via pole placement in the weakly unobservable subspace of the attacked system. Then, the security analysis of several common undetectable attacks injected from actuators, sensors, and the coordinated of the two is discussed. Finally, the simulations on the quadruple‐tank process demonstrate the effectiveness of the proposed methods. 相似文献
14.
ABSTRACT The objective of a financial audit is to detect any “material” misstatement in financial records and reports. On the surface, that objective seems to be unrelated to information security. The relationship between the two sets of activities may also seem to be insignificant. In fact, there is a significant relationship and one that is mutually beneficial. Entities that are subject to financial audits and employ best practices of information security should improve the efficiency and effectiveness of the financial audit. It is also possible that the financial audit of such an entity would uncover any existing relevant gaps in the entity's application of information security best practices which, when remediated, should improve the effectiveness of information security function. 相似文献
15.
人工智能已经渗透到生活的各个角落,给人类带来了极大的便利.尤其是近年来,随着机器学习中深度学习这一分支的蓬勃发展,生活中的相关应用越来越多.不幸的是,机器学习系统也面临着许多安全隐患,而机器学习系统的普及更进一步放大了这些风险.为了揭示这些安全隐患并实现一个强大的机器学习系统,对主流的深度学习系统进行了调查.首先设计了一个剖析深度学习系统的分析模型,并界定了调查范围.调查的深度学习系统跨越了4个领域——图像分类、音频语音识别、恶意软件检测和自然语言处理,提取了对应4种类型的安全隐患,并从复杂性、攻击成功率和破坏等多个维度对其进行了表征和度量.随后,调研了针对深度学习系统的防御技术及其特点.最后通过对这些系统的观察,提出了构建健壮的深度学习系统的建议. 相似文献
16.
5G是未来网络空间的核心基础设施,因而5G安全是网络空间安全的重要组成部分。5G安全技术应打破以往移动通信系统成型后打补丁式的升级演进模式,与5G移动通信技术同步演进,实现系统安全内生与安全威胁标本兼治的目标。为了有的放矢的推动安全技术同步演进,应首先解决两个基本问题:5G安全需求是什么和5G安全体系架构是什么。针对这两个问题,本文首先从业务、网络、无线接入、用户与终端、系统五个视角梳理了5G通信与计算融合演进的技术特点,并基于这些特点系统的分析了5G安全需求;然后,面向5G安全需求,设计了5G安全总体架构;最后,总结归纳出了5G安全技术的三个发展趋势,即,面向服务的安全安全虚拟化与增强用户隐私与数据保护。本文希望为5G安全技术的同步演进提供有益的参考。
17.
We analysed the role of industry in determining the diffusion and business value created by IT. Data was collected for this purpose by surveying 192 large enterprises in Italy. Our research revealed three findings. First, in the material services and non-hi-tech manufacturing industries, firms had a relatively limited adoption of IT, resulting in little business impact. Second, firms’ IT spending behaviour depended on their industry type and not on their IT capabilities. However their capabilities were more important than industry in explaining why firms achieved benefits from IT adoption that depended on the previous accumulation of IT resources and other capabilities. Third, industry type determined the degree to which IT affected profitability and its effectiveness in helping firms to defend their competitive advantage. Specifically, the slower the adoption of IT in an industry, the greater its impact on the firm's profitability.The implications of these findings for managers and policy-makers are discussed. 相似文献
18.
Order-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted databases (EDBs). In this work, we study the leakage of OPE and ORE and their forward security. We propose generic yet powerful file-injection attacks (FIAs) on OPE/ORE, aimed at the situations of possessing order by and range queries. Our FIAs only exploit the ideal leakage of OPE/ORE (in particular, no need of data denseness or frequency). We also improve their efficiency with the frequency statistics using a hierarchical idea such that the high-frequency values will be recovered more quickly. We conduct some experiments on real datasets to test the performance, and the results show that our FIAs can cause an extreme hazard on most of the existing OPEs and OREs with high efficiency and 100%recovery rate. We then formulate forward security of ORE, and propose a practical compilation framework for achieving forward secure ORE to resist the perniciousness of FIA. The compilation framework can transform most of the existing OPEs/OREs into forward secure OREs, with the goal of minimizing the extra burden incurred on computation and storage. We also present its security proof, and execute some experiments to analyze its performance. The proposed compilation is highly efficient and forward secure. 相似文献
19.
《Information Security Journal: A Global Perspective》2013,22(1-3):57-71
ABSTRACTThe number of vulnerabilities discovered and reported during the recent decades is enormous, making an improved ranking and prioritization of vulnerabilities’ severity a major issue for information technology (IT) management. Although several methodologies for ranking and scoring vulnerabilities have been proposed, the Common Vulnerability Scoring System (CVSS) is the open standard with wide acceptance from the information security community. Recently, the Weighted Impact Vulnerability Scoring System (WIVSS) has been proposed as an alternative scoring methodology, which assigns different weights to impact factors of vulnerability in order to achieve higher diversity of values and thus improvement in flexibility of ranking in comparison to CVSS. The purpose of this paper is to expand the idea of WIVSS by defining the sets of weights which provide higher diversity of values. For this reason, an algorithm that finds all the possible combinations of optimal weights within a specified range and under certain constrains is presented. The algorithm results in 14 different combinations of impact weights that are applied to a sample of 20,496 vulnerabilities and statistically analyzed for associations among impact factors. The results suggest that one specific combination of impact weights can achieve highest diversity of values. 相似文献