Java对象的安全迁移研究

该文分析了Java对象动态迁移中存在的安全性问题,提出利用RSA加密与数字签名算法保护Java对象中秘密信息的方案,有效地解决了秘钥分配问题,实现了Java对象的安全迁移,确保了Java对象迁移过程中秘密信息的隐秘性、完整性和可认证性。     

基于风格迁移过程的彩色图像信息隐藏算法

针对基于神经风格迁移的信息隐藏算法没有解决彩色图像的嵌入这一问题,提出了一种基于风格迁移过程的彩色图像信息隐藏算法。首先,利用卷积神经网络（CNN）特征提取的优势,分别提取载体图像的语义信息、风格图像的风格信息以及彩色图像的特征信息;然后,将图像的语义内容和不同风格融合在一起;最后,在通过解码器对载体图像进行风格迁移的同时完成彩色图像的嵌入。实验结果表明,所提算法可以将秘密图像有效融入到生成的风格化图像中,使得秘密信息嵌入行为与风格变换的行为不可区分,在保持算法安全性的前提下,所提算法的隐藏容量提高到24 bpp,峰值信噪比（PSNR）和结构相似性（SSIM）的平均值分别达到了25.29 dB和0.85,有效解决了彩色图像的嵌入问题。     

Java多线程编程中数据安全的应用研究

通过分析Java多线程并发机制的基本特征,着重针对Java多线程程序中的数据安全问题作深入探讨研究．指出在利用Java多线程技术进行实际编程过程中容易出现的数据安全问题以及相应解决方法．并结合实例说明数据安全在Java多线程编程中的具体实现。     

基于Java移动代理系统的恶意代理问题解决方案

移动代理是一种新的分布式计算模式，安全是其必须解决的问题。针对基于Java移动代理系统的恶意代理问题，尝试提出一种解决方案。该方案主要包括两个方面内容：利用Java2安全机制保护主机资源；采用一种基于证书的移动代理迁移协议，拒绝不合法代理迁移至主机的要求。该方案可以防止移动代理重放攻击。     

空间几何对象相对位置判定中的私有信息保护

保护私有信息的计算几何是一类特殊的安全多方计算问题，它是指在一个互不信任的多用户网络中，几个用户基于各自输入的几何信息共同协作来完成某项可靠的计算任务，但任何一个用户都不愿意向其他用户暴露自己的输入，该问题在协作进行太空开发等领域有着重要的应用前案．秘密判定两组数据是否对应成比例是安全多方计算的一个基本问题，在判定空间几何对象相对位置关系中起着重要作用．设计了判断两组数据是否对应成比例的秘密判定协议；分析了该协议的正确性、安全性及复杂性；在保护用户私有输入信息的条件下，解决了空间中点、直线、平面等几何对象之间的相对位置判定问题．     

Java编码过程中的技巧研究

在Java的编码过程中，有许多技巧可以利用，如使继承链尽可能短、合并类、创建的对象越少越好、使用线程等。充分利用好Java这些固有特点，就可以提高它的性能。     

基于跨语言对象迁移策略的复合本地对象模型

Java本地调用接口(Java native interface,JNI)机制被广泛应用在移动应用开发领域.JNI机制中JNI接口函数被用于在本地代码中解析和转换Java端的数据类型和Java对象.然而,JNI接口函数的调用开销影响了程序运行的效率,其复杂的使用规范也是集成与复用第三方本地组件时的主要障碍.提出一种基于跨语言对象迁移策略的复合本地对象模型,能够实现有效减少本地调用程序中的JNI接口函数调用开销和有效利用已有本地组件的目的.详细讨论了复合本地对象的语言特性及其具体实现,并给出跨语言对象迁移规范以及开发实例.在Dalvik虚拟机中实现了该模型,通过实验证明该策略和模型能够有效改善JNI机制的不足.     

Serviet异构数据库对象网关(一)

Java对象的迁移技术,结合Java对象序列化和Java的服务器端Servlet技术,实现了一个Servlet对象网关,通过该网关,可以访问远程主机及其不同类型的数据库。     

方案的设计与分析*

基于一个经典的插值定理和e次方根的难解问题设计了一类新型的秘密分享方案。该方案把用户间所分享的秘密作为插值多项式最高项的系数,在恢复秘密时各用户只需公布其所拥有子秘密的屏蔽信息,而且在秘密恢复阶段引入了可验证加密的方法以防止用户间的欺诈行为。该方案的另一个显著的特点是能够安全地分享多个秘密：它不需要安全传输信道,整个过程所需的计算量小,是高效安全的。     

基于Shamir秘密共享的安全取证服务器方案

为解决计算机取证系统现有方案中没有考虑到取证信息可能在传输过程中及取证服务器中被破坏这一安全性问题,提出了基于Shamir秘密共享的安全取证服务器方案。方案首次将Shamir秘密共享的思想引入计算机取证中,利用Shamir(n,t)算法共享取证信息m成n份,然后将n份信息传输并分别储存于n个独立的服务器,从而有效提高了取证信息在传输过程、存储过程及存储区内的安全性。n个独立的取证存储区使系统可以在取证存储区的破坏数不超过n-t时仍能完成取证审计,提高了取证信息在取证服务器中的安全性,增强了系统的容错、容侵性能。     

Case Studies in Security and Resource Management for Mobile Object Systems

Mobile objects have gained a lot of attention in research and industry in the recent past, but they also have a long history. Security is one of the key requirements of mobile objects, and one of the most researched characteristics related to mobility. Resource management has been somewhat neglected in the past, but it is being increasingly addressed, in both the context of security and QoS. In this paper we place a few systems supporting mobile objects in perspective based upon how they address security and resource management. We start with the theoretical model of Actors that supports concurrent mobile objects in a programming environment. Then we describe task migration for the Mach microkernel, a case of mobile objects supported by an operating system. Using the OMG MASIF standard as an example, we then analyze middleware support for mobile objects. Mobile Objects and Agents (MOA) system, is an example of middleware level support based on Java. The active networks project, Conversant, supports object mobility at the communication protocol level. We summarize these projects, comparing their security and resource management, and conclude by deriving a few general observations on how security and resource management have been applied and how they might evolve in the future.     

Solving the Java object storage problem

Today's Internet driven view of information systems is helping to popularize Java as an application development language. Developers are beginning to use Java to create multi tier application architectures that often integrate relational data stores with new data types, in order to package information in easier to use, dynamic ways. Java's object oriented nature is ideally suited to this new world. Using objects, Java developers can encapsulate both data and data manipulation methods to give applications a runtime dynamism and self-contained intelligence that is difficult to achieve using other methods. Java application developers need to be able to store these Java objects-technically, to give them persistence-in order to take advantage of these capabilities. We examine the development issues surrounding Java object storage, including a brief overview of the ODMG Java binding, a standard that adds object persistence to Java. We compare this with the much greater level of effort required to implement the same application using the lower level JDBC interface, which supports Java object storage in relational databases. The ODMG binding for Java and JDBC are not competitive specifications: ODMG interfaces can be built on top of JDBC     

Babylon: middleware for distributed,parallel, and mobile Java applications

Babylon is a collection of tools and services that provide a 100% Java‐compatible environment for developing, running and managing parallel, distributed and mobile Java applications. It incorporates features such as object migration, asynchronous method invocation, and remote class loading, while providing an easy‐to‐use interface. Additionally, Babylon enables Java applications to seamlessly create and interact with remote objects, while protecting those objects from other applications by implementing access restrictions and separate namespaces. The implementation of Babylon centers around dynamic proxies, a feature first available in Java 1.3, that allow proxy objects to be created at runtime. Dynamic proxies play a key role in achieving the goals of Babylon. The potential cluster computing benefits of the system are demonstrated with experimental results, which show that sequential Java applications can achieve significant performance benefits from using Babylon to parallelize their work across a cluster of workstations. Copyright © 2008 John Wiley & Sons, Ltd.     

Filter objects for Java

Filtering is an emerging abstraction in object‐oriented systems. Filtering can be characterized by an ability to filter messages in transit and perform intermediate actions. Filters can be used for carrying out intermediate tasks such as encryption, load balancing, caching, security checks and add‐on computations. A few filtering approaches have been proposed earlier and some commercial implementations with specialized filtering capabilities are available. This paper discusses a model for transparent and dynamically pluggable first class filter objects for object‐oriented systems based on the Java programming language. The filter object model is based on an interclass filter relationship. The model is realized through extensions to the Java programming language. Filter objects can be injected into message paths during execution time and they are transparent to both clients and servers. The properties of filter objects enable them to be employed as a mechanism for evolution promoting reuse of existing code. A method of evolution through filter objects is discussed. A translator for Java filters (TJF) has been designed and implemented. TJF translates an extended Java program involving filter constructs into an equivalent Java code. The translation scheme is presented and the performance of the translated code is analyzed. A brief survey of existing approaches related to filtering in object‐oriented systems has also been presented. Copyright © 2003 John Wiley & Sons, Ltd.     

Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things

Internet of Things (IoT) is a technology in which for any object the ability to send data via communications networks is provided. Ensuring the security of Internet services and applications is an important factor in attracting users to use this platform. In the other words, if people are unable to trust that the equipment and information will be reasonably safe against damage, abuse and the other security threats, this lack of trust leads to a reduction in the use of IoT-based applications. Recently, Tewari and Gupta (J Supercomput 1–18, 2016) have proposed an ultralightweight RFID authentication protocol to provide desired security for objects in IoT. In this paper, we consider the security of the proposed protocol and present a passive secret disclosure attack against it. The success probability of the attack is ‘1’ while the complexity of the attack is only eavesdropping one session of the protocol. The presented attack has negligible complexity. We verify the correctness of the presented attack by simulation.     

Timing Aware Information Flow Security for a JavaCard-like Bytecode

Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to secret information are not prevented from leaking this to the world. Information-flow aware analyses track the flow of information through the program to prevent such leakages, but often ignore information flows through covert channels even though they pose a serious threat. A typical covert channel is to use the timing of certain events to carry information. We present a timing-aware information-flow type system for a low-level language similar to a non-trivial subset of a sequential Java bytecode. The type system is parameterized over the time model of the instructions of the language and over the algorithm enforcing low-observational equivalence, used in the prevention of implicit and timing flows.     

基于CLDC的无线JAVA安全研究

系统探讨了基于CLDC的无线Java的安全并得出有关结论,指出了基于CLDC的无线Jaya安全中的不足之处,并以一个Java游戏为例给出了一种解决基于MIDP1．0的无线Java在基于客户机／服务器的应用中的安全问题的方案：利用第三方加密包加密通信内容,密钥从用户密码和一个会话参数中产生;采用与HTTP摘要验证相似的方法验证用户身份。对给出的解决方案进行了讨论并指出其实用性。     

基于版本标识技术的Java对象的演化

在实际应用中,大型软件往往需要不断地改进,系统中的对象也处于不断演化的过程中,这可能会引起系统中各个部分之间的不兼容性问题。该文主要讨论了如何利用Ｊａｖａ中的版本标识技术来解决对象演化中的兼容性问题,并把该技术应用于Ｊａｖａ的对象串行化过程,使得不同的对象之间不会出现不兼容的关系,保证兼容的对象能利用串行化机制共享信息。     

A Design for Type-Directed Programming in Java

Type-directed programming is an important and widely used paradigm in the design of software. With this form of programming, an application may analyze type information to determine its behavior. By analyzing the structure of data, many operations, such as serialization, cloning, adaptors and iterators may be defined once, for all types of data. That way, as the program evolves, these operations need not be updated—they will automatically adapt to new data forms. Otherwise, each of these operations must be individually redefined for each type of data, forcing programmers to revisit the same program logic many times during a program's lifetime.The Java language supports type directed programming with the instanceof operator and the Java Reflection API. These mechanisms allow Java programs to depend on the name and structure of the run-time classes of objects. However, the Java mechanisms for type-directed programming are difficult to use. They also do not integrate well with generics, an important new feature of the Java language.In this paper, we describe the design of several expressive new mechanisms for type-directed programming in Java, and show that these mechanisms are sound when included in a language similar to Featherweight Java. Basically, these new mechanisms pattern-match the name and structure of the type parameters of generic code, instead of the run-time classes of objects. Therefore, they naturally integrate with generics and provide strong guarantees about program correctness. As these mechanisms are based on pattern matching, they naturally and succinctly express many operations that depend on type information. Finally, they provide programmers with some degree of protection for their abstractions. Whereas instanceof and reflection can determine the exact run-time type of an object, our mechanisms allow any supertype to be supplied for analysis, hiding its precise structure.