共查询到20条相似文献,搜索用时 30 毫秒
1.
动态异构冗余结构是拟态防御技术的常用工程模型.然而,目前尚缺乏对该结构实施形式化分析的手段,因为该结构缺乏形式化建模方法.针对此问题,使用有穷状态自动机及其并行组合自动机为一些拟态攻防行为建立计算模型.首先,使用单个有穷状态自动机为单个执行体建模;其次,使用有穷状态自动机的并行组合为执行体组合建模;再次,修改状态迁移规则,得到可描述攻防行为的拟态防御自动机模型;最后,根据该自动机模型的状态条件,分析动态异构冗余结构上拟态攻防行为的安全性.此外,也可使用交替自动机为拟态攻防建模,并把安全性自动分析规约为交替自动机模型检测问题. 相似文献
2.
目前针对DNS服务器的恶意攻击频发,如DNS缓存投毒攻击,而DNS安全拓展协议(DNSSEC)在大规模部署时仍面临许多难题.本文提出一种简单易部署的,具有入侵容忍能力的主动防御架构--拟态DNS(Mimic DNS,M-DNS)--保证DNS安全.该架构由选调器和包含多个异构DNS服务器的服务器池组成.首先选调器动态选取若干服务器并行处理请求,然后对各服务器的处理结果采用投票机制决定最终的有效响应.实验仿真表明,相比当前传统架构,M-DNS可以降低缓存投毒攻击成功率约10个数量级. 相似文献
3.
Aiming at the unknown vulnerabilities and unknown backdoor security threats faced by Ethernet switches,a switch endogenous security architecture based on mimicry defense theory was proposed.The theoretical basis,construction mode and security mechanism of the architecture ware introduced,the algorithm strategy and security improvement effect of TAMA algorithm were proposed and analyzed,a prototype of mimic switch was designed and implemented,and the security tests of white box stuffing and attack chain were carried out.Theoretical analysis and test results show that the architecture has good unknown vulnerabilities and unknown backdoor defense capabilities in various attack scenarios. 相似文献
4.
网络空间拟态防御技术是应对信息系统未知漏洞后门攻击的有效手段,其安全性与执行体的数量、异构化程度以及具体的裁决调度策略紧密相关。然而在工业控制领域,工业应用的生态资源相对封闭,可实现的异构执行体个数受限。针对上述问题,提出一种适用于有限异构资源约束条件下的工业控制拟态调度算法。算法通过引入执行体上线保护寄存器、周期清洗定时器等,能够根据运行环境自适应选择合适的执行体上线,可有效防范N-1模与N模攻击。实验结果表明,所提出的三余度工业控制拟态调度算法,可自适应根据环境特性选择合适的执行体上线,即使在高强度攻击环境下,依然能保持99.24%的高可用概率。 相似文献
5.
6.
The scheduling of heterogeneous redundancies is one of the key lines of mimic security defense,but the existing scheduling strategies are lack of consideration about the similarity among redundancies and the scheduling algorithms are incomprehensive.A new scheduling algorithm called random seed & minimum similarity (RSMS) algorithm was proposed,which combined dynamics and reliability by determining a scheduling scheme with minimum global-similarity after choosing a seed-redundancy randomly.Theoretical analysis and simulation results show that RSMS algorithm possessed a far longer scheduling cycle than maximum dissimilarity algorithm,as well as a far lower failure rate than random scheduling algorithm,which represents an effective balance between dynamics and reliability. 相似文献
7.
云环境下拟态应用行为预测方法研究 总被引:1,自引:0,他引:1
面对一些成熟的商业云,装配拟态服务组件可以为云上应用赋能内生安全。为了能够提供多应用与拟态服务组件集群的协同,文中首先提出并设计了拟态调度管理组件,通过高效调度拟态服务组件集群来满足拟态服务组件与云平台的融合协同需求。为了进一步优化所提出的拟态调度管理组件,文中同时研究了拟态调度管理组件中的预测算法,使用擅于处理线性关系的ARI-MA模型与擅于处理非线性关系的RBF模型组合,通过离线方式实现对云上应用行为预测。经过大量仿真实验,证明采用的组合模型的预测性能优于单个预测模型使用,能够以较高的准确率进行预测。 相似文献
8.
With the increasing global demand for satellite communications,the problem of entity authentication and access control of the satellite communication network needs to be solved urgently.To solve this problem,a new multiple center-based entity authentication and cross-domain access control scheme was proposed.The scheme divided the multiple centers into two layers for entity authentication,and maped the authorization of the multiple domains to achieve access control.Simulation experiments show that the proposed scheme support the entity authentication for 100 million users.Furthermore,it also allows 1 million users to access in parallel. 相似文献
9.
10.
针对高校校园计算机网络的网络安全和准入控制,通过在二层交换机上配置MAC地址+端口的批量绑定和在三层交换机上启动网关Portal重定向认证的双重准入控制,有效地控制了非法用户的接入,防止了ARP病毒的入侵,实现了校园宿舍区域网络终端用户的安全准入控制.本文以北电和华三的设备配置为例介绍了具体的设计和配置. 相似文献
11.
随着云计算技术的普遍应用,云环境下云资源的安全性问题也受到了信息安全技术领域研究人员的普遍关注.传统的访问控制方法不能适应云计算环境下的数据存储和处理的安全需要,属性加密访问控制方法在云计算环境下的应用,可以有效的保证云环境下数据的安全性.本文对云安全进行了简单的分析,对基于属性的访问控制方法进行了研究,结合云计算环境数据处理的实际情况,提出了基于属性加密访问控制方法在云计算环境下应用的方案,并进行了研究. 相似文献
12.
13.
For the problem of secure data sharing and access control in mobile cloud,the drawback of traditional cryptographic access control schemes was deeply analyzed.Considering the truth that mobile devices were usually equipped with limited resources,an optimized attribute-based cryptographic access control scheme was proposed in this study.In the proposed scheme,a third party proxy was introduced into the system model,and the two-layer encryption method was applied.Combining traditional attribute-based encryption (ABE) algorithm with multi-secret sharing and split measurement of ABE encryption,the scheme could greatly reduce the cost of mobile users in terms of data publish and access management.Theoretical and experimental analysis shows that the contribution can well meet the requirements of mobile cloud in terms of security,computational complexity and communication cost,which means that it is promising for future applications. 相似文献
14.
With the development of cloud computing technology, smart city and mobile office and emergence of mobile smart devices, the resources' environment is increasing complex. The traditional access control model has been difficult to meet the diverse access control requirements and the dynamic and adaptive access control policy. A dynamic and adap-tive access control model combining the resource life cycle management based on ABAC was proposed. The model fo-cused on resource life cycle management considering the relevance of the resource life cycle management and access control policy. In this model, the policy can be changed as the resource life cycle states' change, so the applicability has been improved. In addition, the user access behavior history management function was added in this model, which can adapt the environment better by considering history of user access behavior. At last, the model in general and cloud com-puting access control system was implemented and verified. 相似文献
15.
Fábio Renan Durand 《Optical Switching and Networking》2012,9(1):52-60
In this work, the performance of the hybrid system that combines the distributed power control algorithm (DPCA) with the random access protocol as a novel and simple scheme of achieving a high performance in decentralized optical code division multiple access (OCDMA) networks has been investigated. The multiple access interference (MAI) and the near-far problem effects have been considered. The DPCA’s advantage lies in its characteristics being effectively implemented to each node, since only local parameters are necessary. The principal results have shown that the network throughput and delay are strongly affected by the near-far problem and the DPCA works to solve this problem. Hence, the introduction of a certain level of the power control to the random access temporally coded (1D) or the time-wavelength coded (2D) OCDMA networks has demonstrated profitability of the throughput increase and the delay reduction. As a consequence, the proposed system configuration with the DPCA using a very low number of iterations has resulted in a better throughput and simultaneously in a delay decrease when compared to the system without power control mechanisms. 相似文献
16.
为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性,将属性基加密机制和使用控制技术相结合,提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性,通过灵活且可扩展的访问控制策略控制敏感数据的共享范围;另一方面,通过使用控制技术实现对用户的权限控制,防止合法用户对敏感数据进行非法操作,解决共享用户中的权限滥用问题。最后,对机制的安全性和性能进行了分析,显著地降低了服务端的工作负荷,并通过实验测试了该机制的有效性。 相似文献
17.
A Femtocell hybrid access control algorithm assisted with relay note was proposed to supply higher performance for the Femtocell neighboring users (NUE) in heterogeneous network.Deploying relay outside the Femtocell networks was used and amplify-and-forward (AF) relaying protocol or direct link protocol was alternated to use for the data transmission of Femtocell NUE.An optimization problem was formulated with the constraints of the required transmission rates thresholds of Femtocell registered users (FUE),the thresholds of the cross-tier interferences to the macrocell users (MUE),and total transmit powers of the Femtocell base station (FBS).By using the dual decomposition method,a Femtocell hybrid access control algorithm was given based on the combination of the direct mode and relay mode.Simulation results have shown that the scheme can not only protect the QoS required by the FUE,but also decrease the cross-tier interferences suffered by the MUE.It also illustrates the better performance of the NUE through the dynamic and flexible access mechanism.Furthermore,based on the last simulation the relay link would help the NUE obtain about 25% more performance than the traditional direct link in some regions. 相似文献
18.
19.
一种基于国密算法CPU卡的门禁系统方案的设计 总被引:1,自引:0,他引:1
为了提高门禁系统的安全便利性,提出了一种基于国密算法的CPU卡的门禁系统的解决方案。首先对门禁系统的组成进行了介绍,接着论述了非接触CPU卡的相对于非接触逻辑加密卡的特点及优势;基于国密算法SM1的特点以及配合落实住建部重要门禁系统密码应用安全管理工作要求,提出了一种基于国密SM1算法CPU卡的门禁系统解决方案。基于国密算法CPU卡的门禁系统解决方案能够满足最新门禁系统市场需求,具有安全、灵活多样等多种的特点。 相似文献
20.
Xiaowen Chu Kai Ouyang Hsiao‐Hwa Chen Jiangchuan Liu Yixin Jiang 《Wireless Communications and Mobile Computing》2009,9(9):1287-1300
The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine‐grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two‐layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two‐layer access control mechanism. Copyright © 2008 John Wiley & Sons, Ltd. 相似文献