主流操作系统安全弱点的综合量化评估

在前期研究工作的基础上,将基于指数的微观分析和基于风险和的宏观分析相结合,提出了一种综合量化评估主流操作系统安全弱点的方法,并对Windows NT、Redhat Linux和Solaris等3大主流操作系统6个版本的1081个弱点实施了评估.该方法能够有效地分析各操作系统版本的演进对其安全性的影响,以及横向比较操作系统在不同层次、不同方面的安全状况.     

基于弱点相关性的网络安全分析方法

随着计算机网络技术的发展,网络的安全性越来越受到相关领域的重视。对于网络的安全性分析,不能够仅仅局限在对单个弱点的利用攻击方面,还需要对多个弱点的组合利用攻击进行充分的考虑。攻击图方法是当前最常用的网络安全分析方法,但也存在着一定的问题,加强对弱点相关性的网络安全分析成为当前的重要研究课题。从弱点相关性的角度,严网络安全分析方法进行深入的研究。     

网络安全及网络安全评估的脆弱性分析

随着计算机网络技术的迅速发展,在共享网络信息的同时,不可避免存在着安全风险,网络安全问题已成为当前网络技术研究的重点.网络安全风险评估技术能够检测网络系统潜在的安全漏洞和脆弱性,评估网络系统的安全状况,是实现网络安全的重要技术之一.     

基于模糊灰关联分析的通信网运行可靠性评估

基于模糊灰关联度理论，提出了通信网运行可靠性评估的方法，通过实例验证，该方法有效。     

搭建企业网络安全管理中心——进行统一的安全监测、安全评估、安全审计和安全加固

由于网络安全措施需要进行分布式部署、层次式防御，如果在每一个地方都进行分布式管理，一方面会浪费大量的人力、物力和财力，另一方面对系统管理员的技能要求也非常高。而且，分布式的分散策略设置还有可能造成安全策略的不一致性问题，从而产生安全上的漏洞和冲突。     

基于数字水印原理和安全的讨论

本研究主要是分析了数字水印的原理,特点和类型,对于数字作品安全方面存在的问题和解决方案进行了阐述。     

基于遗传算法的图关联着色算法

图的着色算法是一种典型的NP-完全问题。给出了一种用于图的关联着色的遗传算法。遗传算法用于进行全局搜索,从而有效的查找解空间。文中对关联色数为6的一个图进行了仿真实验,给出了该图的关联色数以及4种6-关联着色。用本文提出的算法,得到了完全图、完全多部图的关联色数。实验结果表明,本文设计的遗传算法可以很好的对关联着色猜想进行求解,获得问题的高质量的解。     

舰船拖带安全评估的故障树方法

提出了一种从故障树分析的角度进行舰船拖带安全评估的方法。采用专家评估和模糊集理论相结合的原理得到故障树中基本事件发生的模糊概率，然后进行故障树定性和定量分析。该方法能合理和有效地预测作业系统的安全性及其薄弱环节。以断缆事件分析为例，对该安全评估方法做了概要阐述。     

谈数据库的安全技术需求

数据库安全就是指保护数据库以防止非法使用所造成的信息泄露、更改或破坏。数据库已经在社会上和人们E1常生活中占据了十分重要的地位。该文首先简要介绍了数据库安全的重要性及安全需求,然后对数据库的安全策略和安全技术进行了探讨。     

基于主机安全组划分的网络安全性分析

随着科技的发展,网络对人们的影响是巨大的,它改变了我们的生活方式,无论是工作、还是购物甚至娱乐。大量的个人信息充斥着网络,个人信息泄露事件屡见不鲜,网络安全问题也越来越受到人们的关注,网络安全性分析势在必行,目前的网络分析方法中存在攻击图规模庞大、生产算术法效率低等问题,针对这些问题主机攻击图的生产模型和算法被提出,在此方法的基础上,主机安全组的概念及其划分方法应运而生,此方法的原理是通过对网络中的主机划分安全组,从而对网络安全性进行分析,此方法使网络安全情况更为清晰、明确,便于网络管理员对整个网络安全状况的掌握,对提升网络安全性大有裨益。     

Network security situation prediction based on scene shift

针对网络安全态势序列复杂多变,蕴含各种各样的演化规律,传统网络安全态势预测方法难以处理的问题,提出了一种专用的预测算法,该算法从长程相关的视角辨识态势序列蕴含的规律,依据事发迹象推断延续效应,经相似度、普遍性、对比度和缩放比加权后,合成预测序列.继而引入进化算法,依据预测效果调节相关参数,通过在线反馈式学习强化泛例的作用、弱化特例的干扰,提升预测算法的适应性.实验表明,该预测算法从超长态势序列中辨识多种类远距离相关性的能力很强,能对复杂多变的趋势保持自适应,预测结果更为精准可信.     

Assessment of human reliability based on evaluation of plant experience: requirements and implementation

A major problem in assessment of human failures in probabilistic safety assessment is the lack of empirical data needed for human reliability analysis (HRA). This problem is aggravated by the fact that different HRA methods use different parameters for the assessment and that HRA is currently enforced to provide data and methods for assessment of human reliability in new technical environments such as computerized control rooms, in accident management situations, or in low-power and shut down situations. Plant experience is one source to deal with this problem. In this paper, a method is presented that describes how plant experience about human failures and human performance may be used to support the process of analyzing and assessing human reliability. Based on considerations of requirements of HRA, a method is presented first which is able to describe and analyze human interactions that were observed within events. Implementation of the approach as a database application is outlined. Second, the main results of the application of the method to 165 boiling water reactor events are presented. Observed influencing factors on human performance are discussed; estimates for probabilities are calculated and compared with the data tables of the THERP handbook. An outline is given for using the presented method for the analysis of cognitive errors or organizational aspects.     

基于信誉评测机制的WSN安全路由协议研究

针对无线传感器网络(WSN)路由协议存在的安全问题,考虑到WSN节点能量低、资源有限的缺陷,提出了一种新型的WSN安全路由协议——VH-GEAR协议。VH-GEAR协议在地理位置能量感知路由(GEAR)协议的基础上引入了纵向(vertocal,V)和横向(horizontal,H)分析相结合的WSN节点信誉评测模型来提高路由协议的安全性,同时通过改进路由协议的信誉更新机制来减小能耗。基于NS2的仿真实验表明,VH-GEAR路由协议能有效识别网络中的恶意节点,减小对合法节点的误判,降低网络能耗,从而加强了网络的安全性,延长了网络的生命周期,提高了网络的整体性能。     

A unified framework for risk and vulnerability analysis covering both safety and security

Recently, we have seen several attempts to establish adequate risk and vulnerability analyses tools and related management frameworks dealing not only with accidental events but also security problems. These attempts have been based on different analysis approaches and using alternative building blocks. In this paper, we discuss some of these and show how a unified framework for such analyses and management tasks can be developed. The framework is based on the use of probability as a measure of uncertainty, as seen through the eyes of the assessor, and define risk as the combination of possible consequences and related uncertainties. Risk and vulnerability characterizations are introduced incorporating ideas both from vulnerability analyses literature as well as from the risk classification scheme introduced by Renn and Klinke.     

基于结构构形易损性理论的桁架结构分析

介绍基于结构构形的易损性理论,具体分析了几种桁架结构的易损性,详细表述了结构集簇解簇过程,得到各种失效模式,验证了基于结构构形的易损性理论,为结构易损性分析提供范例。发现结构应力较大的杆件与易损性分析的失效杆件有对应关系,为结构易损性分析提供了新的思路;通过分析结构在集中力作用下极限荷载与易损性分析特征参数,发现如果结构形式相同、集簇过程类似,那么随着连接能力的增大结构临界荷载增大。     

基于顾客需求的业务过程分析

 应用QFD的思想,建立了顾客需求一绩效指标关系矩阵、绩效指标一过程关系矩阵,以此为基础获得了顾客需求过程关系矩阵从而建立了顾客需求与实现需求的过程的直接联系.提出了计算待改进过程优先度的方法,为识别出那些主要影响顾客需求的过程、确定过程管理的方向提供了可靠的依据.最后开展了案例研究.     

基于用户需求的构件行为测试

针对基于构件的软件开发过程中构件的使用者难以验证构件的动态行为这一问题,提出了一种基于用户需求的构件行为测试方法。用接口自动机为构件的行为建模,研究如何根据模型和用户需求对构件进行测试的问题。首先通过对行为模型的分析,确定出构件中不同接口之间的关系,进而用一组相关的接口序列来表示构件的动态行为;然后再根据用户在使用时的具体要求,确定出实际要运行的测试序列。文中介绍的方法能够从整体上检验构件的行为并且可以根据构件模型和使用要求自动生成测试序列,便于用户对构件的验证和测试。     

Development of a security vulnerability assessment process for the RAMCAP chemical sector

The Department of Homeland Security (DHS), Directorate of Information Analysis & Infrastructure Protection (IAIP), Protective Services Division (PSD), contracted the American Society of Mechanical Engineers Innovative Technologies Institute, LLC (ASME ITI, LLC) to develop guidance on Risk Analysis and Management for Critical Asset Protection (RAMCAP). AcuTech Consulting Group (AcuTech) has been contracted by ASME ITI, LLC, to provide assistance by facilitating the development of sector-specific guidance on vulnerability analysis and management for critical asset protection for the chemical manufacturing, petroleum refining, and liquefied natural gas (LNG) sectors. This activity involves two key tasks for these three sectors: Development of a screening to supplement DHS understanding of the assets that are important to protect against terrorist attack and to prioritize the activities. Development of a standard security vulnerability analysis (SVA) framework for the analysis of consequences, vulnerabilities, and threats. This project involves the cooperative effort of numerous leading industrial companies, industry trade associations, professional societies, and security and safety consultants representative of those sectors. Since RAMCAP is a voluntary program for ongoing risk management for homeland security, sector coordinating councils are being asked to assist in communicating the goals of the program and in encouraging participation. The RAMCAP project will have a profound and positive impact on all sectors as it is fully developed, rolled-out and implemented. It will help define the facilities and operations of national and regional interest for the threat of terrorism, define standardized methods for analyzing consequences, vulnerabilities, and threats, and describe best security practices of the industry. This paper will describe the results of the security vulnerability analysis process that was developed and field tested for the chemical manufacturing sector. This method was developed through the cooperation of the many organizations and the individuals involved from the chemical sector RAMCAP development activities. The RAMCAP SVA method is intended to provide a common basis for making vulnerability assessments and risk-based decisions for homeland security. Mr. Moore serves as the coordinator for the chemical manufacturing, petroleum refining, and LNG sectors for the RAMCAP project and Dr. Jones is the chief technology officer for ASME-ITI, LLC for RAMCAP.     

基于BOX-COX变换的桥梁结构地震易损性分析

云图法作为理论易损性曲线计算的主要方法之一,其为简化计算所作的线性、正态性和同方差性假设很多时候与实际存在偏差.为此,引入BOX-COX变换,并结合蒙特卡洛抽样,提出了一种既不需增加非线性时程分析次数,又不受云图法三个基本假设限制的易损性分析方法.并以一座预应力混凝土三跨连续梁桥为例,分别以决定系数、核密度估计曲线以及...