基于J2ME的金融POS应用安全方案设计

传统金融POS作为一种嵌入式设备,在符合PCIPOS-PED安全标准上面临困难。J2ME是适合于嵌入式设备的Java平台,在此基础上扩展POS应用基础类库实现的POS应用方案,综合运用类属性、类编译、类控件和下载管理等安全策略,满足PCIPOS—PED安全标准的各项要求。此方案已在NL8320金融POS上试用并通过安全测试。     

基于开源JVM的安全策略强制实施

 非信任代码的安全执行是移动代码安全的重要问题之一.携带模型代码(Model Carrying Code)方法同时考虑了移动代码生产者和使用者对安全性的支持和需求,建立了以模型为中心的安全执行非信任代码的理论框架,其中安全策略的定义和强制实施是MCC方法的重要组成部分之一.本文针对已被广泛使用的Java移动代码,以开源JVM Kaffe和Linux操作系统为研究载体,提出了基于开源JVM的安全策略实施模型,并实现从安全策略定义到实施的整个过程.本文在安全策略规范描述,可强制实施的扩展有限自动机(EFSA)模型和进程级监视以捕获系统调用等方面都做了有益的尝试,为完善MCC方法和实现安全策略的强制实施提供很好的方案.     

有线数字电视讲座第五讲数字电视中间件系统(2)

(上接第05期) 四中间件的运行引擎--Java 1 Java技术 Java于1991年由美国SUN公司提出,1995年真正得到发展.目前Java语言越来越受到开发人员的欢迎,这与Java的一些特性有着密切的关系,例如Java的开放性、平台无关性、安全性等,其中最大的特色在于它从语言本身这个层次上提供安全性.SUN公司从一开始就将Java定位成一个开放型的编程语言,任何个人和组织都可以免费得到SUN公司的JDK以及一系列相关规范,同时任何个人或者组织开发的JVM(Java Virtual Machine:Java虚拟机),只要符合JVM规范,并经过SUN测试认可即可推向市场.Java本身的JVM虚拟机使得Java可以运行于目前几乎所有的系统平台上,这就形成了"写一次代码,到处可以运行"的优势,对用户来说非常方便.Java的一系列安全机制可防止系统资源的非法调用和浪费.     

JaVa Applet编程技巧

1 Java Applet概述 Java程序分为两类:Java小程序(Applet)和Java应用程序(Application).Java Applet嵌入WWW的页面,作为页面的组成部分被下载,并能运行在实现Java虚拟机(JVM)的Web浏览器中.     

Java性能优化的策略研究

随着Java的广泛应用,越来越多的关键企业系统也使用Java构建。作为Java核心运行环境的Java虚拟机JVM被广泛地部署在各种系统平台上。对Java应用的性能优化也越来越受到关注;谈到Java应用的性能问题就不得不涉及到两个方面：一是Java应用的构造是否是最优化的;二是对JVM的微调。本文将从对Java性能的优化做一些探讨与研究。     

Java性能优化的策略研究

随着Java的广泛应用,越来越多的关键企业系统也使用Java构建。作为Java核心运行环境的Java虚拟机JVM被广泛地部署在各种系统平台上。对Java应用的性能优化也越来越受到关注;谈到Java应用的性能问题就不得不涉及到两个方面:一是Java应用的构造是否是最优化的;二是对JVM的微调。本文将从对Java性能的优化做一些探讨与研究。     

利用Java编程实现网络功能

类库是Java语言的重要组成部分,Java.net包是Java语言用来实现网络功能的类库。文章结合实例分析了如何用Java.net包中的URL类访问网上资源及用URLConnection类访问网上资源和进行CGI网关调用。     

密码技术在Java类文件保护技术中的新应用

针对编译后Java类文件能被轻而易举的反编译以及目前Java类文件保护技术存在局限性的问题,讨论了一种新的Java美文件保护技术,它是通过引入密码技术,加密源文件代码以及改写虚拟机JVM中Zip压缩算法,来实现一种全新的Java类文件保护,从而有效避免利用其他接口或工具进行破解,解决了传统保护技术中的问题.这样,企业或个人通过该技术方法就可实现对Java源文件代码的有效保护.     

1J2ME中CLDC的安全性机制的研究

J2ME为移动无线设备带来了Java语言的平台无关性,能够动态地、安全地以各种类型的网络向移动无线设备传送交互内容和应用程序,并可以按用户的需求定制应用程序。连接限制设备配置(CLDC)将基本运行时环境定义为一组核心类和一个运行在特定设备上的特定JVM。然而,J2SE中所能提供的安全机制远远超过了支持CLDC的Java虚拟机(JVM)所能够承受的内存负荷,因此CLDC的安全模型采取了某些折中的措施,而且模型简单,允许以后的进一步扩充。首先介绍了J2ME平台,接着介绍了CLDC,最后对CLDC的安全机制进行了详细的研究。     

实现将java技术移植到JVM上运行的方法

完整的计算机体系结构实质上就是Java虚拟机在目标系统上通过软件模拟实现的,JVM是Java技术的重要组成部分,它是抽象设计出来的计算机的软件实现.本文设计完成了实现应用程序和目标平台分离的实例,成功地将java代码移植到JVM平台上。     

基于Hotspot的虚拟机加密方法研究

Java语言的跨平台特性使得Java源代码被编译为一种中间代码——字节码。根据Java虚拟机规范,字节码文件很容易被反编译成可读性很高的源代码。本方案基于Hotspot开源虚拟机,研究通过定制Java虚拟机和加密字节码文件的方式,实现对Java程序的保护,大大提升了反编译的难度,更有效的保护程序代码安全。     

Crafting a Java virtual machine in silicon

The aJile family of low-power, single-chip, embedded Java microcontrollers provides an efficient platform for embedded and real-time Java execution. The aJile CPU hardware provides direct support for the entire JVM instruction set and thread model, obviating the need for a Java interpreter or just-in-time compiler, as well as the traditional RTOS. aJile's hardware technology also supports multiple JVM contexts executing on the same CPU, enhancing safety and security by guaranteeing space and time allotments for multiple Java applications. Combined with a Java 2 Micro Edition (J2ME) runtime and a back-end target build tool, these technologies allow the development of real-time embedded applications entirely in Java     

Design of a system software based on a Java SoC processor

Java technology is spreading rapidly all over the world in recent years. It is a popular application development language for its well-encapsulation, platform-independent and high security. There are great amounts of Java games and other gadgets on mobile platforms, as well as on set-up-box systems. As Java applications become more sophisticated, the Java Virtual Machine (JVM) middle-wares in embedded systems are not satisfying, Java-specific chips extend in the market. All existing Java-based system software or Operating System (OS) are used on JVM, they cannot be used on Java processors. It is important to develop a pure Java system software or OS so that embedded systems using Java processors will have great performance in Java applications. This paper presents a set of system software designed for a Java-specified processor VP6K, which is also a System-on-Chip (SoC). This system software includes real-time multitask dispatching, file management, device management, hardware drivers, and infrastructural Application Programming Interface (APIs). According to experimental results, the system software provides interfaces for Java programs to fully handle CPU resource, so that all applications can be executed properly and efficiently. VP6K embedded platform shows its good performance for Java applications when the system software is implemented.     

Spout: a transparent proxy for safe execution of Java applets

The advent of executable contents such as Java applets exposes World Wide Web (WWW) users to a new class of attacks that were not possible before. Despite an array of security checking, detection, and enforcement mechanisms built into the language model, the compiler, and the run-time system of Java, serious security breach incidents due to implementation bugs still arose repeatedly in the past several years. Without a provably correct implementation of Java's security architecture specification, it is difficult to make any conclusive statements about the security characteristic of current Java virtual machines. The Spout project takes an alternative approach to address Java's security problems. Rather than attempt a provable secure implementation, we aim to confine the damages of malicious Java applets to selective machines, thus, preventing the machines behind an organization's firewall from being attacked by malicious or buggy applets. More concretely, Spout is a distributed Java execution engine that transparently decouples the processing of an incoming applet's application logic from that of graphical user interface (GUI), such that the only part of an applet that is actually running on the requesting user's host is the harmless GUI code. A unique feature of the Spout architecture that does not exist in other similar systems, is that it is completely transparent to and does not require any modifications to WWW browsers or class libraries on the end hosts. This paper describes the detailed design, implementation, and performance measurements of the first Spout prototype, which also incorporates run-time resource monitoring mechanisms to counter denial-of-service attacks.     

基于数据仓库审计信息安全的方法

采用Syslog标准协议及基于正则表达式的模式匹配方法实时收集日志信息,借助于数据仓库采用信息安全多维模型的建模方法,对各个审计分析主题通过共同的分析维进行关联;通过数据仓库中的多维模型,采用联机在线分析处理方法、数据挖掘方法进行多维分析、挖掘,发现网络中潜在的安全漏洞和问题,根据分析结果生成审计分析报表,进而提高审计系统的扩展性、开放性以及审计分析的效率。     

Hardware Realization of a Java Virtual Machine for High Performance Multimedia Applications

This paper describes a new architecture for JAVA-based, interactive multimedia applications. A hardware implementation of a Java Virtual Machine (JVM) is proposed, which allows the direct execution of Java bytecode. In a single clock cycle, up to 3 bytecode instructions can be decoded and executed in parallel using a RISC pipeline. A splitable 64-bit ALU implementation addresses demanding processing requirements of typical multimedia signal processing schemes. The on-chip caches are adapted to the specific data structures of the JVM. The proposed architecture supports execution of multiple Java threads in parallel. An implementation of basic building blocks of the processor with a standard-cell library provides an estimate of 150 MHz clock-speed for a 0.35 m 3 metal layer CMOS process. With a size of less than 10 mm² needed for the core logic, it is possible to integrate multiple JVMs together with larger cache memories on a single chip. Based on these results, we discuss various performance aspects of JAVA for use in future multimedia terminals.     

基于分层设计思路实现易扩展的PKCS#11库

随着信息化和信息安全技术的迅猛发展,PKCS#11标准的应用越来越广泛。因此,有必要对PKCS#11库的可扩展性进行研究。简要介绍了PKCS#11标准,分析了Cryptoki的通用模型和逻辑结构,同时,分析了实现PKCS#11库时,不进行分层设计的缺陷,并针对不分层设计的缺陷,提出了一种基于分层设计思路实现易扩展的PKCS#11库的方法,指出了设计和实现过程中应注意的事项。采用分层设计方式实现的PKCS#11库在实践中被证明具有良好的可扩展性。