RFID中间件及安全解决方案

伴随着RFID技术的流行,RFID中间件在完成数据的遴选、时间过滤和管理方面起着非常重要的作用,但中间件只提供业务接口,很难自行提升安全性能。该文作者设计了一款灵活的RFID中间件,除了实现和完善基本的RFID中间件功能外,还针对当前RFID安全威胁,提供了灵活的安全架构。安全架构整体和每一模块都是集中管理的,为安全性能的提高提供了极大的便利,同时隐藏了复杂性,保证了系统和标签数据的安全。     

计算机网络安全漏洞及解决方案初探

随着Computer Science和IT技术的迅速发展,计算机及网络技术已经逐步渗透进入人们的日常生活,但是目前由于网络具有的开放性和共享性,也导致了木马、黑客、计算机病毒等恶意程序的入侵,给计算机安全甚至计算机使用者的人身安全、财产安全都带来了极大地威胁,因此应对计算机网络安全漏洞势在必行.本文就目前计算机网络安全问题进行了分类并分析了其成因,还探讨了一些针对计算机网络安全问题的解决方案,为大家提供一定的借鉴意义.     

计算机安全漏洞及防范研究

结合实际工作发现的安全漏洞,从访问控制、防火墙技术、病毒防范和入侵检测4个方面探讨了计算机网络安全防范措施.通过安全防范措施,保证了网络环境的安全,减少了被黑客攻击的可能性.     

A pluggable middleware architecture for developing context-aware mobile applications

The proliferation of powerful smartphone devices provides a great opportunity for context-aware mobile applications becoming mainstream. However, we argue that conventional software development techniques suffer because of the added complexity required for collecting and managing context information. This paper presents a component-based middleware architecture which facilitates the development and deployment of context-aware applications via reusable components. The main contribution of this approach is the combination of a development methodology with the middleware architecture, which together bring significant value to developers of context-aware applications. Further contributions include the following: The methodology utilizes separation of concerns, thus decreasing the developmental cost and improving the productivity. The design and implementation of context-aware applications are also eased via the use of reusable components, called context plug-ins. Finally, the middleware architecture facilitates the deployment and management of the context plug-ins in a resource-aware manner. The proposed methodology and middleware architecture are evaluated both quantitatively and qualitatively.     

A SCADA testbed for investigating cyber security vulnerabilities in critical infrastructures

Supervisory Control and Data Acquisition (SCADA) systems are widely used in critical infrastructures such as water distribution networks, electricity generation and distribution plants, oil refineries, nuclear plants, and public transportation systems. However, the increased use of standard protocols and interconnectivity has exposed SCADA systems for potential cyber-attacks. In recent years, the cyber-security of SCADA systems has become a hot issue for governments, industrial sectors and academic community. Recently some security solutions have been proposed to secure SCADA systems. However, due to the critical nature of SCADA systems, evaluation of such proposed solutions on real system is im-practical. In this paper, we proposed an easily scalable and reconfigurable virtual SCADA security testbed, which can be used for developing and evaluating SCADA specific security solutions. With Distributed Denial of Service (DDoS) and false data injection attack scenarios, we demonstrated how attackers could disrupt the normal operation of SCADA systems. Experimental results show that, the pro-posed testbed can be effectively used for cyber security assessment and vulner-ability investigation on SCADA systems. One of the outcomes of this work is a labeled dataset, which can be used by researchers in the area of SCADA security.     

SDSN@RT: A middleware environment for single-instance multitenant cloud applications

With the single-instance multitenancy (SIMT) model for composite Software-as-a-Service (SaaS) applications, a single composite application instance can host multiple tenants, yielding the benefits of better service and resource utilization and reduced operational cost for the SaaS provider. An SIMT application needs to share services and their aggregation (the application) among its tenants while supporting variations in the functional and performance requirements of the tenants. The SaaS provider requires a middleware environment that can deploy, enact, and manage a designed SIMT application, to achieve the varied requirements of the different tenants in a controlled manner. This paper presents the SDSN@RT (software-defined service networks at runtime) middleware environment that can meet the aforementioned requirements. SDSN@RT represents an SIMT composite cloud application as a multitenant service network, where the same service network simultaneously hosts a set of virtual service networks, one for each tenant. A service network connects a set of services and coordinates the interactions between them. A virtual service network realizes the requirements for a specific tenant and can be deployed, configured, and logically isolated in the service network at runtime. SDSN@RT also supports the monitoring and runtime changes of the deployed multitenant service networks. We show the feasibility of SDSN@RT with a prototype implementation and demonstrate its capabilities to host SIMT applications and support their changes with a case study. The performance study of the prototype implementation shows that the runtime capabilities of our middleware incur little overhead.     

On the capability of static code analysis to detect security vulnerabilities

Context: Static analysis of source code is a scalable method for discovery of software faults and security vulnerabilities. Techniques for static code analysis have matured in the last decade and many tools have been developed to support automatic detection.Objective: This research work is focused on empirical evaluation of the ability of static code analysis tools to detect security vulnerabilities with an objective to better understand their strengths and shortcomings.Method: We conducted an experiment which consisted of using the benchmarking test suite Juliet to evaluate three widely used commercial tools for static code analysis. Using design of experiments approach to conduct the analysis and evaluation and including statistical testing of the results are unique characteristics of this work. In addition to the controlled experiment, the empirical evaluation included case studies based on three open source programs.Results: Our experiment showed that 27% of C/C++ vulnerabilities and 11% of Java vulnerabilities were missed by all three tools. Some vulnerabilities were detected by only one or combination of two tools; 41% of C/C++ and 21% of Java vulnerabilities were detected by all three tools. More importantly, static code analysis tools did not show statistically significant difference in their ability to detect security vulnerabilities for both C/C++ and Java. Interestingly, all tools had median and mean of the per CWE recall values and overall recall across all CWEs close to or below 50%, which indicates comparable or worse performance than random guessing. While for C/C++ vulnerabilities one of the tools had better performance in terms of probability of false alarm than the other two tools, there was no statistically significant difference among tools’ probability of false alarm for Java test cases.Conclusions: Despite recent advances in methods for static code analysis, the state-of-the-art tools are not very effective in detecting security vulnerabilities.     

Rule-driven service coordination middleware for scientific applications

With the proliferation of Web services, scientific applications are more and more designed as temporal compositions of services, commonly referred to as workflows. To address this paradigm shift, different workflow management systems have been proposed. While their efficiency has been established over centralized static systems, it is questionable over decentralized failure-prone platforms.Scientific applications recently started to be deployed over large distributed computing platforms, leading to new issues, like elasticity, i.e., the possibility to dynamically refine, at runtime, the amount of resources dedicated to an application. This raised again the demand for new programming models, able to express autonomic self-coordination of services in a dynamic platform.Nature-inspired, rule-based computing models recently gained a lot of attention in this context. They are able to naturally express parallelism, distribution, and autonomic adaptation. While their high expressiveness and adequacy for this context has been established, such models severely suffer from a lack of proof of concepts. In this paper, we concretely show how to leverage such models in this context. We focus on the design, the implementation and the experimental validation of a chemistry-inspired scientific workflow management system.     

An adaptive middleware framework for context-aware applications

We describe a middleware framework for the adaptive delivery of context information to context-aware applications. The framework abstracts the applications from the sensors that provide context. Further applications define utility functions on the quality of context attributes that describe the context providers. Then, given multiple alternatives for providing the same type of context, the middleware applies the utility function to each alternative and choose the one with maximum utility. By allowing applications to delegate the selection of context source to the middleware, our middleware can implement autonomic properties, such as self-configuration when new context providers appear and resilience to failures of context providers.

---

     

A methodology for engineering collaborative and ad-hoc mobile applications using SyD middleware

Today’s web applications are more collaborative and utilize standard and ubiquitous Internet protocols. We have earlier developed System on Mobile Devices (SyD) middleware to rapidly develop and deploy collaborative applications over heterogeneous and possibly mobile devices hosting web objects. In this paper, we present the software engineering methodology for developing SyD-enabled web applications and illustrate it through a case study on two representative applications: (i) a calendar of meeting application, which is a collaborative application and (ii) a travel application which is an ad-hoc collaborative application. SyD-enabled web objects allow us to create a collaborative application rapidly with limited coding effort. In this case study, the modular software architecture allowed us to hide the inherent heterogeneity among devices, data stores, and networks by presenting a uniform and persistent object view of mobile objects interacting through XML/SOAP requests and responses. The performance results we obtained show that the application scales well as we increase the group size and adapts well within the constraints of mobile devices.     

校园网络的安全漏洞及其技术防范

进入新世纪以来,我国教育事业取得较大的发展,其中校园网络作为现阶段国内教育事业的重要组成部分,在很大程度上促进了我国教育事业的发展.但是,随着校园网的不断普及,其内部的安全问题也越来越受到人们的重视.本文中笔者结合自身多年的校园网络安全维护经验,简要分析了现阶段的网络安全技术在校园网的应用,供各位网络安全维护人员参考.     

支持上下文感知应用程序的动态自适应中间件框架

上下文感知计算是当前开发和部署智能应用不可或缺的关键技术之一。上下文能否在计算中真正发挥其作用,主要取决于两方面：一是如何连续稳定地从动态交互环境中获取高质量上下文,二是如何推理上下文并制定适应决策。为了实现上述目标,设计了一个分层的中间件框架,该中间件能够根据上下文质量参数,动态地选择能提供高质量上下文的信息源,并对这些原始上下文进行预处理和推理,进而自动地制定适应决策为用户提供合适的服务。实验测试了平台的性能,并与同类系统进行了比较,结果表明该中间件能够快速有效地支持上下文感知应用的开发部署,并且在计算性能方面有显著提高。     

Design and implementation of S-MARKS: A secure middleware for pervasive computing applications

As portable devices have become a part of our everyday life, more people are unknowingly participating in a pervasive computing environment. People engage with not a single device for a specific purpose but many devices interacting with each other in the course of ordinary activity. With such prevalence of pervasive technology, the interaction between portable devices needs to be continuous and imperceptible to device users. Pervasive computing requires a small, scalable and robust network which relies heavily on the middleware to resolve communication and security issues. In this paper, we present the design and implementation of S-MARKS which incorporates device validation, resource discovery and a privacy module.     

A security framework for reflective Java applications

The advent of component‐based reflective applications raises the issue of protecting baselevel components from the actions performed by metalevel components. However, by their very nature, reflective applications are far more difficult to secure than non‐reflective applications, which certainly explains why the problem has received very little attention so far. In this paper we present a security framework for enforcing access control between metalevel components and the baselevel components they reflect on. Rather than designing a new security architecture from scratch, we extend the standard security architecture of Java to provide security for a fully‐functional proxy‐based MOP for Java. We implement a number of well‐known meta‐level behaviors and study their security requirements, the results of which support our design choices. Copyright © 2003 John Wiley & Sons, Ltd.     

A cloud middleware for assuring performance and high availability of soft real-time applications

Applications are increasingly being deployed in the cloud due to benefits stemming from economy of scale, scalability, flexibility and utility-based pricing model. Although most cloud-based applications have hitherto been enterprise-style, there is an emerging need for hosting real-time streaming applications in the cloud that demand both high availability and low latency. Contemporary cloud computing research has seldom focused on solutions that provide both high availability and real-time assurance to these applications in a way that also optimizes resource consumption in data centers, which is a key consideration for cloud providers. This paper makes three contributions to address this dual challenge. First, it describes an architecture for a fault-tolerant framework that can be used to automatically deploy replicas of virtual machines in data centers in a way that optimizes resources while assuring availability and responsiveness. Second, it describes the design of a pluggable framework within the fault-tolerant architecture that enables plugging in different placement algorithms for VM replica deployment. Third, it illustrates the design of a framework for real-time dissemination of resource utilization information using a real-time publish/subscribe framework, which is required by the replica selection and placement framework. Experimental results using a case study that involves a specific replica placement algorithm are presented to evaluate the effectiveness of our architecture.     

Hierarchical task analysis: developments, applications, and extensions

Hierarchical task analysis (HTA) is a core ergonomics approach with a pedigree of over 30 years continuous use. At its heart, HTA is based upon a theory of performance and has only three governing principles. Originally developed as a means of determining training requirements, there was no way the initial pioneers of HTA could have foreseen the extent of its success. HTA has endured as a way of representing a system sub-goal hierarchy for extended analysis. It has been used for a range of applications, including interface design and evaluation, allocation of function, job aid design, error prediction, and workload assessment. Ergonomists are still developing new ways of using HTA which has assured the continued use of the approach for the foreseeable future.     

计算机网络安全漏洞及解决措施分析

随着高科技信息技术的普遍推广和运用,人们的生活方式变得越来越方便和快捷,计算机网络的迅速发展使得我国社会生产力不断创新,对于推动我国社会主义现代化建设具有重要现实意义。在现代化建设中,计算机网络技术的广泛应用,使人们的沟通和联系方式变得更加智能化和自动化,大大提高了现代办公效率,对于促进我国经济快速发展起着重要推动作用。本文就计算机网络常见安全漏洞进行分析,提出相应的解决措施,以提高计算机网络运行的安全性,促进我国计算机网络技术水平不断提升。     

基于EFL中间件平台的嵌入式灵活安全系统

随着嵌入式系统的广泛应用,系统安全问题已经成为一个急需解决的问题。针对嵌入式系统功耗和性能均衡等方面的特点,基于EFL中间件平台实现了自适应的灵活安全中间件。该系统基于EFL中间件技术和和欣操作系统,提供了一个可灵活配置的构件化安全系统来解决嵌入式系统的安全问题。