罪与罚——也谈网游实名制

网络实名制、博客实名制、手机实名制等等．一时间互联网和通信行业“实名制”无所不在。互联网和通信作为IT业最最活跃的领域、IT业与人们日常生活最贴近的层面．“实名制”必然吸引了人们的目光。     

互联网实名制来啦……

“在网上，没有知道你是一条狗。”这是一句脍炙人口的网络新语。最近，关于互联网实名制的争论一时间成为热点新闻，支持得说韩国互联网实名制产施得非常成功，而反对者则认为实名制有违互联网的开放与自由。尽管还在争论中，腾讯已经被选为试点网站，腾讯就向用户发布了一条信息，QQ群的群主都必须通过实名制登记。     

开往春天的实名制——现实生活中的实名制

网络该不该实行实名制管理方法？这种方法是否适合手机的管理？现实生活中的实名制是否适合互联网环境？     

新闻集萃

网络实名制:虚拟社会装上安全阀在刚刚结束的全国两会上,网络实名制问题受到了不少人的关注。全国人大代表、工信部部长李毅中表示:网络实名制是个方向,也是世界各国共同加强网络管理的措施。     

我国网络实名制立法方向和实现模式初探

实行网络实名制问题在于从法律层面和技术层面是否已经提供了基础和前提。本文试图从网络实名制的涵义、如何从立法上保障网民权益、实现网民隐私权的法律保护、网络实名制的法律目的与法律依据以及我国网络实名制的立法思考。对如何实行网络实名制从技术层面以及实现模式进行论述和探讨,并从互联网安全监管实际出发提出切实可行的解决方案。     

一种改进的基于OpenID机制的网络实名制方案设计

越来越多不规范的网络行为给互联网的监管带来前所未有的挑战,网络行为的匿名性需求与网络监管的可追踪性需求形成了越来越明显的矛盾.为了解决对网络用户进行有效监管的问题,设计一种改进的基于OpenID机制的用户网络实名制方案,实现了分布式模式下用户发帖行为的监控,通过由Gateway Proxy执行认证功能,提高了系统的整体安全性能.基于证书机制,构造了Web Server与Gateway Proxy之间的认证交互流程,避免了OpenID规范中Web Server站点与OpenID服务器之间的中间人攻击和注册服务器欺骗攻击.通过本机制,保障了用户访问Internet的匿名性和可追溯性,实现了对网络中用户发帖行为可控,发帖事件可查的管理目标,对网络实名制的构建具有较大参考价值.     

声音

网络“实名制”的准确说法是“真实身份信息的注册”。这也不是在所有互联网的应用中进行,主要是在微博中进行。——1月18日,中共中央对外宣传办公室、国务院新闻办公室、国家互联网信息办公室主任王晨解读微博客网络“实名制”时表示。     

从法学角度谈网络实名制

随着计算机技术的迅速发展,网络成为人们日常生活必不可少的工具,但因其网络的独特性,也给人们带来了很多的不方便,因此,网络实名制是依据人们对网络空间中一定社会事实的要求应运而生。它的存在虽然有一定的法理根据,但从它一出现就遭到了各方的反对与抵制,因此,它非常值得在法学领域内作进一步的研究和讨论。网络实名制牵涉到隐私权的保护和言论自由保护以及行政权力行为滥用等法律问题。这些问题的解决需要通过相关法律监察制度的制定和完善来实现,同时还需要依靠人们法治理念的提高来实现。本文主要阐述了建立网络实名制的必要性,并从法学的角度进行剖析,对网络实名制的实施计划提出了一些看法。     

网络实名制应当缓行

随着网络舆论的兴起,网络控制也成为人们日渐关注的话题.但是在中国实行网络实名制,仍然有许多限制,网络实名制应当缓行.     

互联网图片验证码的实现与验证

该文讲述使用ASP.NET技术实现当今互联网登陆模块中流行的验证码,简述验证码的原理、作用、产生方式、并对该验证码进行有效验证.通过该文的阐述,可以帮助网络用户加强互联网安全性的意识,为网站编程爱好者提供技术的参考,防止非法用户使用注册机批量注册、登陆网站.     

How Australia can catch up to U.S. cyber resilience by understanding that cyber survivability test and evaluation drives defense investment

The cyber threat to Australia’s Department of Defense (DoD) is not only information security, but includes preventing its platforms from being crippled. This threat is increasing and Australia is not keeping pace with its allies. Since 2009, the United States has used test and evaluation (T&E) policy and practice to inculcate the threat posed by cyber warfare into the development, acquisition, and fielding of all of its DoD platforms. As a result, U.S. defense chiefs understood early the operational vulnerability of their systems to cyber warfare, and of the necessity of designing more cyber-resilient systems. Australia has not required such cyber-security T&E and therefore may be blind to the operational vulnerabilities of its major platforms to cyber attack and is therefore likely to continue to underinvest in the cyber resilience of its capabilities. This article argues that the Australian DoD needs to urgently conduct operationally-focused cyber-survivability trials that leverage its alliance with the United States. In studying the growing divide in cyber security between these two close allies, this article’s contribution is concluding that representative cyber threats in operational T&E is a crucial first step for any country to gain understanding and appropriate investment in DoD cyber security.     

一种基于图模型的网络攻击溯源方法

随着信息技术的飞速发展,网络攻击事件频发,造成了日益严重的经济损失或社会影响.为了减少损失或预防未来潜在的攻击,需要对网络攻击事件进行溯源以实现对攻击者的挖掘追责.当前的溯源过程主要依赖于人工完成,效率低下.面对日益增加的海量溯源数据和日趋全面的溯源建模分析维度,亟需半自动化或自动化的网络攻击者挖掘方法.提出一种基于图...     

A Survey of Cyber Attacks on Cyber Physical Systems: Recent Advances and Challenges

A cyber physical system (CPS) is a complex system that integrates sensing, computation, control and networking into physical processes and objects over Internet. It plays a key role in modern industry since it connects physical and cyber worlds. In order to meet ever-changing industrial requirements, its structures and functions are constantly improved. Meanwhile, new security issues have arisen. A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems, and thus has gained increasing attention from researchers and practitioners. This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems. First, as typical system models are employed to study these systems, time-driven and event-driven systems are reviewed. Then, recent advances on three types of attacks, i.e., those on availability, integrity, and confidentiality are discussed. In particular, the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders. Namely, both attack and defense strategies are discussed based on different system models. Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.      

How Can We Deter Cyber Terrorism?

ABSTRACT

In order to deter cyber terrorism, it is important to identify the terrorists, since punishment may not deter them. The identification probability relies heavily on tracking cyber terrorists. However, there are legal and technical challenges to tracking terrorists. This paper proposes suggestions and insights on overcoming these challenges. Three types of infrastructures must be present in order to deter cyber terrorism: technical, policy, and legal. We list some of the key items that academics as well as practitioners need to focus on to improve cyber-terrorism deterrence.     

Institutions for Cyber Security: International Responses and Global Imperatives

Almost everyone recognizes the salience of cyberspace as a fact of daily life. Given its ubiquity, scale, and scope, cyberspace has become a fundamental feature of the world we live in and has created a new reality for almost everyone in the developed world and increasingly for people in the developing world. This paper seeks to provide an initial baseline, for representing and tracking institutional responses to a rapidly changing international landscape, real as well as virtual. We shall argue that the current institutional landscape managing security issues in the cyber domain has developed in major ways, but that it is still “under construction.” We also expect institutions for cyber security to support and reinforce the contributions of information technology to the development process. We begin with (a) highlights of international institutional theory and an empirical “census” of the institutions-in-place for cyber security, and then turn to (b) key imperatives of information technology-development linkages and the various cyber processes that enhance developmental processes, (c) major institutional responses to cyber threats and cyber crime as well as select international and national policy postures so critical for industrial countries and increasingly for developing states as well, and (d) the salience of new mechanisms designed specifically in response to cyber threats.     

关于国际网络犯罪的思考

本文介绍了国际社会及各国政府在反网络犯罪方面的立法及实践,分析并总结了制约反网络犯罪实践的若干问题,并对现有的相关观点进行了评析,提出建立一体化的国际反网络犯罪框架的设想,呼吁应从国际合作和国内努力内外两方面对此框架进行完善。     

定向网络攻击追踪溯源层次化模型研究

定向网络攻击对网络空间安全构成了极大的威胁，甚至已经成为国家间网络对抗的一种主要形式。本文认为定向网络攻击难以避免，传统的以识别并阻断攻击为核心的防御体系不能很好地应对复杂先进的定向网络攻击，遂提出将追踪溯源作为威慑性防御手段。本文给出了定向网络攻击追踪溯源的形式化定义和分类；充分借鉴了网络欺骗等领域的研究成果，提出通过构建虚实结合的网络和系统环境，采用主被动相结合的方式，追踪溯源定向网络攻击；构建了包括网络服务、主机终端、文件数据、控制信道、行为特征和挖掘分析六个层次的定向网络攻击追踪溯源模型，并系统阐述了模型各层次的内涵及主要技术手段；以此模型为基础，建立了以"欺骗环境构建"、"多源线索提取"、"线索分析挖掘"为主线的追踪溯源纵深体系，多维度追踪溯源定向网络攻击；结合现有攻击模型、追踪溯源理论和典型溯源案例，论证了所建立的模型的有效性。     

Proposed Methodology for Cyber Criminal Profiling

ABSTRACT

Criminal profiling is an important tool employed by law enforcement agencies in their investigations. Criminal profiling is much more than an educated guess; it requires a scientific-based methodology. Cyber crimes are occurring at an alarming rate globally. Law enforcement agencies follow similar techniques to traditional crimes. As is the case in traditional criminal investigation, cyber criminal profiling is a key component in cyber crime investigations as well. This paper examines cyber criminal profiling techniques prevalent today, including inductive and deductive profiling, and the need for employing a hybrid technique that incorporates both inductive and deductive profiling. This paper proposes a cyber criminal profiling methodology based on the hybrid technique. Criminal behavior and characteristics are identified by analyzing the data against a predefined set of metrics.     

优化网络资源配置提高网络安全性

随着人们对网络信息资源要求的逐渐增高,加强网络资源的优化配置已经成为一个重大的课题.通过NRM系统来解决电信网络资源的优化和配置问题,使对网络资源的管理更加合理化、科学化、高效化,同时也大大改善网络环境,提高网络的安全性.本文就对网络资源配置的优化措施进行探讨.     

Cyber Capabilities and Intent of Terrorist Forces

ABSTRACT

This article defines and explores the utilization of cyber capabilities in order to achieve traditional terrorism goals while investigating the unprecedented role of nonstate actors in both offensive and defensive capabilities. Included in this article are the results of investigation into the Websites and Web-based services of identified terrorist groups as well as several interviews with hackers in order to determine capability and intent.