基于Peer to Peer网络的安全邮件系统设计*

集中式C/S模式的邮件系统存在严重的存储与处理压力,其抗攻击能力也较差。针对这些缺陷,利用对等的思想,设计出一种基于PeertoPeer网络的安全邮件系统。通过随机均匀分散选择实现了邮件服务器的随机性、分散性,解决了邮件系统的存储与处理压力。通过多重RSA加密签名实现了邮件服务器的匿名性,并确保了邮件交互的保密性与不可抵赖性。对邮件系统结构、邮件收发机制进行了详尽的安全性分析。最后结果表明,该邮件系统能彻底分散存储和处理压力,能抵抗拒绝服务、身份冒充、恶意邮件、邮件窃取等攻击,却也存在影响网络资源消耗     

分布式数据库邮件服务器模型的研究与实现

针对传统邮件系统的不足,提出了一种完全基于数据库存储的邮件服务器模型:结合分布式数据库技术与JavaRMI构建邮件服务器,从而将邮件系统转换为信息系统;以JRMP协议和DBMS专用协议完成邮件的发送。该系统与基于文件结构的传统邮件系统相比较,在可维护性、安全性等方面都有很大的提高。     

一种新型电子邮件系统的研究与仿真

分析当前邮件系统中的问题,提出一种基于数据库存储的新型邮件系统.将邮箱映射为关系数据库中的表,邮件映射为表中的行,从而邮件发送转换为数据库操作.以分布式数据库操作仿真邮件服务器,基于Java远程交换协议JRMP(Jaa Remote Messaging Protocol)和DBMS专用协议完成信息传送,实现了广义的邮件系统.结果表明新系统扩展了用户功能,管理高效、实用.     

企业邮件服务器搭建技术

随着信息技术的快速发展,邮件系统逐渐成为了信息交换和信息沟通中的重要工具,企业要实现内部和外部之间的信息交流都需要电子邮件。电子邮件和一般意义上的信件一样需要通过邮局来传送,在网络中电子邮件需要相应的邮件服务器来完成信息的提交、存储和转发等功能。企业邮件服务器作为企业信息化建设的重要组成部分,对于企业的形象以及发展具有重要的现实意义,加强对邮件服务器搭建技术的研究是非常必要的。     

可扩展的分布式邮件系统的研究与实现

提出了一种可扩展、分布式的邮件系统设计方案.通过远程过程调用和负载的动态分配,可以将邮件储存在多个服务器上,解决了单台服务器CPU、磁盘I/O性能不足的问题;通过邮件的同步备份实现了故障冗余.通过用户映射表结构,可以将用户分配到各个服务器上,当系统中有服务器发生故障或者新增加服务器时,能够对用户进行重新分配,动态地维持每一个服务器的管理责任.实际的测试结果表明,系统性能随着服务器数量的增加基本呈线性增长,邮件服务不会由于部分服务器发生故障而终止.     

利用机群邮件服务器构建的Web邮件系统

基于电子邮件系统结构的分析和作为邮件传输代理(MTA)———邮件服务器的选择和配置,该文在Linux操作系统上设计实现了一种能够提供SMTP、POP3和Web邮件服务的邮件系统,整个系统运行的优化主要取决于机群邮件服务器的性能。在实验室环境中,在单节点或二至三个节点上对邮件系统进行配置和运行的结果表明:这种基于机群邮件服务器构建的邮件系统功能完善、可靠性较高、配置工作量较小、易于管理和扩展。     

嵌入式系统下的邮件服务器的设计

目前Linux作为一种源码开放、安全可靠的系统平台,已成为嵌入式系统的首选操作系统。文中主要介绍嵌入式系统Linux下邮件收发系统的设计与开发。该邮件系统按照SMTP和POP3协议的规范,实现邮件系统的收发功能,包括邮件服务器和邮件客户端两部分。邮件服务器实现邮件的保存和传送功能。客户端可以执行邮件编辑、发送邮件和接收邮件等操作。该系统的设计坚持以方便用户为原则,它的逻辑清晰、界面简单友好,便于使用。     

LDAP在邮件系统中的应用

本文介绍了LDAP及其工作原理,并在邮件系统中用OpenLDAP建立起LDAP服务器,将邮件用户的基本信息存储在LDAP目录中。     

Coremail邮件系统稳定获厦门航空青睐

项目背景厦门航空计划搭建一套支持内、外网功能的邮件系统,经过多方比较和反复测试,Coremail凭借15年的技术积累,以及与蓝凌OA系统实现完美对接,获得厦门航空信息部门的肯定。解决方案Coremail邮件系统为大型分布式系统,包含多个服务模块。同一邮件服务器可以运行多个模块,充分发挥硬件性能。同一模块也可分布到不同服务器上,并发处理。     

Coremail邮件系统稳定获厦门航空青睐

正项目背景厦门航空计划搭建一套支持内、外网功能的邮件系统,经过多方比较和反复测试,Coremail凭借15年的技术积累,以及与蓝凌OA系统实现完美对接,获得厦门航空信息部门的肯定。解决方案Coremail邮件系统为大型分布式系统,包含多个服务模块。同一邮件服务器可以运行多个模块,充分发挥硬件性能。同一模块也可分布到不同服务器上,并发处理。     

大型SMTP服务器的设计与实现

给出了一种大型SMTP服务器系统的分布式结构、SMTP服务器扩展的方法以及MIME格式的电子邮件解析方式，同时给出了邮件的存储方式、邮件列表的结构和邮件列表的处理方式以及系统核心模块的实现代码。在系统实现中采用了面向对象技术和多线程技术，系统完全由标准C 语言实现。该SMTP系统适于大型电子邮件系统应用，它能够同时处理大量并发邮件操作，运行在各种操作系统与硬件平台上。     

改进的一分类支持向量机的邮件过滤研究

服务器端存在多个用户,且人们对邮件内容的理解和认可程度不同,因此邮件过滤中涉及到不确定信息的处理。就邮件内容来看,邮件过滤通常涉及到隐私,不利于大量收集样本并评价打分。因此提出了一种基于改进的一分类支持向量机的邮件过滤方法。该方法优点在于：（1）用户只需为不确定性很强的待区分邮件给出隶属度;（2）只需收集和训练一类邮件样本,便可以建立邮件分类模型;（3）把隶属度首次引入到1-SVM中,并且由隶属度的值的大小来确定惩罚因子的值。通过仿真实验验证了该方法的有效性。     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

一种基于移动Agent的分布式应用系统架构

拒绝服务（Dos）攻击对分布式应用系统的安全威胁日益严重。文章提出了一种基于移动Agent的分布式应用系统架构,用以保护系统中的应用服务器,提高其抗DoS攻击的能力。为进一步改善系统抗DoS攻击性能,提出了一种基于遗传算法的代理主机分组算法。最后定性评估了系统的抗DoS攻击能力。     

A practical password-based two-server authentication and key exchange system

Most password-based user authentication systems place total trust on the authentication server where cleartext passwords or easily derived password verification data are stored in a central database. Such systems are, thus, by no means resilient against offline dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders subjects all user passwords to exposure and may have serious legal and financial repercussions to an organization. Recently, several multiserver password systems were proposed to circumvent the single point of vulnerability inherent in the single-server architecture. However, these multiserver systems are difficult to deploy and operate in practice since either a user has to communicate simultaneously with multiple servers or the protocols are quite expensive. In this paper, we present a practical password-based user authentication and key exchange system employing a novel two-server architecture. Our system has a number of appealing features. In our system, only a front-end service server engages directly with users while a control server stays behind the scene; therefore, it can be directly applied to strengthen existing single-server password systems. In addition, the system is secure against offline dictionary attacks mounted by either of the two servers.     

On the effectiveness of secure overlay forwarding systems under intelligent distributed DoS attacks

In the framework of a set of clients communicating with a critical server over the Internet, a recent approach to protect communication from distributed denial of service (DDoS) attacks involves the usage of overlay systems. SOS, MAYDAY, and I3 are such systems. The architecture of these systems consists of a set of overlay nodes that serve as intermediate forwarders between the clients and the server, thereby controlling access to the server. Although such systems perform well under random DDoS attacks, it is questionable whether they are resilient to intelligent DDoS attacks which aim to infer architectures of the systems to launch more efficient attacks. In this paper, we define several intelligent DDoS attack models and develop analytical/simulation approaches to study the impacts of architectural design features of such, overlay systems on the system performance in terms of path availability between clients and the server under attacks. Our data clearly demonstrate that the system performance is indeed sensitive to the architectural features and the different features interact with each other to impact overall system performance under intelligent DDoS attacks. Our observations provide important guidelines in the design of such secure overlay forwarding systems.     

基于Web的地形匹配系统设计与开发

文章分析了当前图像匹配的应用领域以及地形匹配处理相关应用,提出了构建基于Web的地形匹配系统体系。地形匹配系统整个体系架构统由web网站、消息调度服务器、文档服务器、匹配处理服务四部分组成,其中网站系统、消息调度服务器、文档服务器托管在阿里云服务器中,匹配处理服务部署在另一台GPU服务器上面,web网站通过消息传递机制与匹配处理服务进行通信,实现GPU地形匹配计算与地图网站的功能分离。文章对系统实现所依赖的软件环境进行了介绍,实现了对匹配算法的封装,并描述了地形匹配处理流程,并对系统页面进行了设计,并结合实例对系统地形匹配应用结果进行了分析。     

Improving virus protection with an efficient secure architecture with memory encryption, integrity and information leakage protection

Malicious software and other attacks are a major concern in the computing ecosystem and there is a need to go beyond the answers based on untrusted software. Trusted and secure computing can add a new hardware dimension to software protection. Several secure computing hardware architectures using memory encryption and memory integrity checkers have been proposed during the past few years to provide applications with a tamper resistant environment. Some solutions, such as HIDE, have also been proposed to solve the problem of information leakage on the address bus. We propose the CRYPTOPAGE architecture which implements memory encryption, memory integrity protection checking and information leakage protection together with a low performance penalty (3% slowdown on average) by combining the Counter Mode of operation, local authentication values and MERKLE trees. It has also several other security features such as attestation, secure storage for applications and program identification. We present some applications of the CRYPTOPAGE architecture in the computer virology field as a proof of concept of improving security in presence of viruses compared to software only solutions.     

A spam rejection scheme during SMTP sessions based on layer-3 e-mail classification

This paper proposes a scheme that rejects spam e-mails during their simple mail transfer protocol (SMTP) sessions. This scheme utilizes a layer-3 e-mail classification technique, which allows e-mail classes to be estimated before the end of SMTP sessions at receiving e-mail servers. We analyze the proposed scheme using discrete-time Markov chain analysis under varying e-mail traffic loads and service capacities. This paper also considers the effects of e-mail retransmission and illegal spam relaying by zombie systems on the performance of the proposed scheme. Results from our analysis show that e-mail server loading decreases by using the proposed technique. This allows the reduction in non-spam e-mail queuing delays and loss probability. Our scheme also protects e-mail servers from being overloaded by spam traffic and, if performed collectively over the Internet, it is capable of performing outbound spam control.     

USN安全研究与设计

With the development of networked storage, the USN converging NAS and SAN appears, USN has many virtues: high performance, low lost and so on, but its security becomes more complex. Considering the situation,with making a deeply research on the performance, characteristic, and the architecture of the USN, the paper designs and implements a USN-based security algorithm, in which, the encryption and decryption are performed on the clien-t. and the USN server only provides identity authentication for user and the integrity verification for data. The test result indicates the algorithm can prevent many kinds invalid attacks, and make few influences on performance of the USN.