Inside SSL: the secure sockets layer protocol

As enterprises conduct more and more of their business activities online, the need for security becomes more crucial. Organizations must implement protocols to address a variety of security-related tasks. An e-business would want to allow an easy access to its site but still provide data security and authentication for e-commerce transactions. For this level of need, one security protocol SSL, the secure sockets layer, has been widely implemented and is now the de facto standard for providing secure e-commerce.     

Correctness criteria for multilevel secure transactions

The benefits of distributed systems and shared database resources are widely recognized, but they often cannot be exploited by users who must protect their data by using label-based access controls. In particular, users of label-based data need to read and write data at different security levels within a single database transaction, which is not currently possible without violating multilevel security constraints. The paper presents a formal model of multilevel transactions which provide this capability. We define four ACIS (atomicity, consistency, isolation, and security) correctness properties of multilevel transactions. While atomicity, consistency and isolation are mutually achievable in standard single-site and distributed transactions, we show that the security requirements of multilevel transactions conflict with some of these goals. This forces trade-offs to be made among the ACIS correctness properties, and we define appropriate partial correctness properties. Due to such trade-offs, an important problem is to design multilevel transaction execution protocols which achieve the greatest possible degree of correctness. These protocols must provide a variety of approaches to making trade-offs according to the differing priorities of various users. We present three transaction execution protocols which achieve a high degree of correctness. These protocols exemplify the correctness trade-offs proven in the paper, and offer realistic implementation options     

Visa launches new initiative to secure e-commerce transactions

Four and half thousand Visa-affiliated banks across Europe have agreed a programme to step up security for cardholders making transactions across the Internet.     

移动自组网中多级安全事务的并发控制

为满足移动自组网(MANETS)多级事务处理的安全性和并发性要求,将多版本两段锁协议运用到MANETS多级事务中。该协议有效地解决了由于竞争产生的错误的事务调度以及安全问题。模拟仿真结果表明,多版本两段锁协议在延迟截至时间率和重启动率方面比单一的多版本协议或者单一的两段锁协议都要低。     

Array Networks SSL VPN解决方案中标中石油

近日,全球领先的应用优化和全局安全访问解决方案的提供商ArrayNetworks宣布,在全球500强企业——中国石油天然气股份有限公司(以下简称中石油)的SSLVPN项目招标中一举中标。中石油将采购九台ArraySSLVPN——SPX3000和两台智能负载均衡设备。ArrayNetworks将通过由这九台高端SSLVPN网关和两台智能负载均衡设备构成的分布式远程安全访问(DRSA)的解决方案,为中石油打造一个高效、安全、扩展性极佳的企业应用延展系统。确保企业员工通过统一域名,可以在任何时间,使用任何访问方式,经由设立的九大VPN接入点均可就近接入其内部核心…     

E-commerce transactions in a virtual environment: virtual transactions

E-commerce is a fundamental method of doing business, such that for a firm to say it is trading at all in the modern market-place it must have some element of on-line presence. Coupled with this is the explosion of the “population” of Massively Multiplayer On-line Role Playing Games and other shared virtual environments. Many suggest this will lead to a further dimension of commerce: virtual commerce. We discuss here the issues, current roadblocks and present state of an e-commerce transaction carried out completely within a virtual environment; a virtual transaction. Although technically such transactions are in a sense trivial, they raise many other issues in complex ways thus making V-transactions a highly interesting cross-disciplinary issue. We also discuss the social, ethical and regulatory implications for the virtual communities in these environments of such v-transactions, how their implementation affects the nature and management of a virtual environment, and how they represent a fundamental merging of the real and virtual worlds for the purpose of commerce. We highlight the minimal set of features a v-transaction capable virtual environment requires and suggest a model of how in the medium term they could be carried out via a methodology we call click-through, and that the developers of such environments will need to take on the multi-modal behavior of their users, as well as elements of the economic and political sciences in order to fully realize the commercial potential of the v-transaction.     

Atomic delegation: object-oriented transactions

Atomic delegation, an object-oriented linguistic mechanism that allows the creation of dynamically defined classes of atomic actions is presented. When a type is modified, atomic delegation updates functionalities of the the types that delegate to the modified type. This mechanism permits dynamic binding and code reuse in atomic actions. The Sina language is used to illustrate the utility of atomic delegation in the modeling of a real-world problem, involving an office with a number of departments, using object-oriented techniques. Implementation issues are discussed     

Translating object-oriented database transactions into relational transactions

In this paper, we present methods of translating transactions from object-oriented database (OODB) to relational database (RDB). The process involves schema mapping in data definition language and transaction translation in data manipulation language. They include scheme definition, data query and transaction operation of insert, update, and deletion. We also discuss the object-oriented features in OODB operations that are not supported by RDB, such as class hierarchy, class composition hierarchy, and set attribute, and provide a general solution to realize those mechanisms by traditional relation operations. The result of the transaction translation can be applied into adding object-oriented interface into relational database management system and to the interoperability between OODB and RDB.     

Distributed snapshot isolation: global transactions pay globally,local transactions pay locally

Modern database systems employ Snapshot Isolation to implement concurrency control and isolationbecause it promises superior query performance compared to lock-based alternatives. Furthermore, Snapshot Isolation never blocks readers, which is an important property for modern information systems, which have mixed workloads of heavy OLAP queries and short update transactions. This paper revisits the problem of implementing Snapshot Isolation in a distributed database system and makes three important contributions. First, a complete definition of Distributed Snapshot Isolation is given, thereby extending existing definitions from the literature. Based on this definition, a set of criteria is proposed to efficiently implement Snapshot Isolation in a distributed system. Second, the design space of alternative methods to implement Distributed Snapshot Isolation is presented based on this set of criteria. Third, a new approach to implement Distributed Snapshot Isolation is devised; we refer to this approach as Incremental. The results of comprehensive performance experiments with the TPC-C benchmark show that the Incremental approach significantly outperforms any other known method from the literature. Furthermore, the Incremental approach requires no a priori knowledge of which nodes of a distributed system are involved in executing a transaction. Also, the Incremental approach can execute transactions that involve data from a single node only with the same efficiency as a centralized database system. This way, the Incremental approach takes advantage of sharding or other ways to improve data locality. The cost for synchronizing transactions in a distributed system is only paid by transactions that actually involve data from several nodes. All these properties make the Incremental approach more practical than related methods proposed in the literature.     

COAT: COnstraint-based anonymization of transactions

Publishing transactional data about individuals in an anonymous form is increasingly required by organizations. Recent approaches ensure that potentially identifying information cannot be used to link published transactions to individuals’ identities. However, these approaches are inadequate to anonymize data that is both protected and practically useful in applications because they incorporate coarse privacy requirements, do not integrate utility requirements, and tend to explore a small portion of the solution space. In this paper, we propose the first approach for anonymizing transactional data under application-specific privacy and utility requirements. We model such requirements as constraints, investigate how these constraints can be specified, and propose COnstraint-based Anonymization of Transactions, an algorithm that anonymizes transactions using a flexible anonymization scheme to meet the specified constraints. Experiments with benchmark datasets verify that COAT significantly outperforms the current state-of-the-art algorithm in terms of data utility, while being comparable in terms of efficiency. Our approach is also shown to be effective in preserving both privacy and utility in a real-world scenario that requires disseminating patients’ information.     

Automatic multi-business transactions

The Tentative Hold Protocol (THP) helps automate the coordination of multi-business interactions, providing cost savings and enabling new business models in the process. Automating the exchange of critical information using this protocol prior to a transaction decreases the effect of outdated data, reduces the potential for cancellations, and improves the odds of successfully completing transactions. This article describes THP, explains how to use it synergistically with other technologies, describes some scenarios from different industries in which it could be applied, and provides greater technical detail about its components and limitations.     

Unenforced E-commerce transactions

Electronic commerce currently relies on traditional third party enforcement mechanisms that don't necessarily translate well to cyberspace. Chunking algorithms offer one possibility for unenforced transactions between self motivated agents. This method enables transactions in settings where the parties cannot identify each other, or where litigation is not viable. It also allows computational agents to be more autonomous by not requiring them to be strictly tied to the real world parties they represent. In cases where this type of unenforced exchange is possible, it is preferable to the strictly enforced mode of exchange because it saves enforcement costs (for example, litigation costs or operations costs of trusted third party intermediaries) and it is insensitive to enforcement uncertainties. The method is based on managing the exchange between two agents-a supplier and a demander-so that the gains from completing the exchange (cooperating according to a contract) at any point are larger for both agents than the gains from terminating it (defecting the exchange prematurely by vanishing)     

SSL协议及其安全分析

本文讨论了在IP网上应用非常广泛的SSL(TLS)协议以及其安全缺陷,并针对存在的缺陷介绍了相应的解决办法,为用户使用SSL协议提供了很好的建议和参考。     

SSL加密流量管理

在当今高度多样化的威胁环境中,总会有某种恶意行为试图利用企业或用户工作环境中的漏洞。加密通信有助于最大限度降低风险并减轻这些威胁,但是它不只是在网站或应用上添加一个功能那么简单,企业同时还需要全面了解运行在其网络上的加密SSL流量。毋庸置疑,Blue Coat公司的流量加密管理（ETM）解决方案就可以有效的提供对 SSL 加密流量的全面、基于政策的可见性,保障企业能够及时看到隐藏在加密流量中的威胁。