Access right management by extended password capabilities

With reference to a classic protection system featuring active subjects that reference protected objects, we approach the problem of identifying the objects that each subject can access, and the operations that the subject can carry out on these objects. Password capabilities are a classical solution to this problem. We propose a new form of password capability, called extended password capability (or e-capability, for short). An e-capability can specify any combination of access rights. A subject that holds a given e-capability can generate new e-capabilities for reduced sets of access rights. Furthermore, a subject that created a given object is in a position to revoke the access permissions granted by every e-capability referencing this object, completely or in part. The size of an e-capability is comparable to that of a traditional password capability. The number of passwords that need to be stored in memory permanently is kept to a minimum, and is equal to a single password for each object.     

C＋＋对象的持久化中的问题和解决方案

多媒体智能数据库系统ＭＩＤＳ（ｍｕｌｔｉｍｅｄｉａｉｎｔｅｌｌｉｇｅｎｔｄａｔａｂａｓｅｓｙｓｔｅｍ）是一个对象数据库管理系统．它的数据库编程语言是Ｐ＋＋，Ｐ＋＋个语言是一种基于Ｃ＋＋的语言．作者在Ｐ＋＋的实现过程中遇到了以下问题：首先，Ｃ＋＋的指针有二义性，它无法在语义上区分成员指针和引用指针，以及易失性指针和持久性指针，从而给事务管理中的对象加锁及其它方面带来问题．其次，具有虚拟函数或虚拟基类的对象中含有指向内存中的指针，而这些指针不是由程序员定义的．如果Ｃ＋个对象被持久化，这些指针在不同的程序调用中有可能无效．最后，如果作者用文件系统调用来存储对象，那么必须要设计复杂的Ｃａｃｈｅ系统和做大量对象的格式转化工作，这需要大量的空间和时间，所以他们采用了另外的一种方法──基于虚拟内存空间映射的存储方案．     

Memory protection in embedded systems

With reference to an embedded system featuring no support for memory management, we present a model of a protection system based on passwords. At the hardware level, our model takes advantage of a memory protection unit (MPU) interposed between the processor and the complex of the main memory and the input-output devices. The MPU supports both concepts of a protection context and a protection domain. A protection context is a set of access rights for the memory pages; a protection domain is a set of one or more protection contexts. Passwords are associated with protection domains. A process that holds a given password can take advantage of this password to activate the corresponding domain. A small set of protection primitives makes it possible to modify the composition of the domains in a strictly controlled fashion.The proposed protection model is evaluated from a number of important viewpoints, which include password distribution, review and revocation, the memory requirements for storage of the information concerning protection, and the time necessary for password validation.     

Adaptable pointer swizzling strategies in object bases: design,realization, and quantitative analysis

In this article, different techniques for pointer swizzling are classified and evaluated for optimizing the access to main-memory resident persistent objects. To speed up the access along inter-object references, the persistent pointers in the form of unique object identifiers (OIDs) are transformed (swizzled) into main-memory pointers (addresses). Pointer swizzling techniques can be divided into two classes: (1) those that allow replacement of swizzled objects from the buffer before the end of an application program, and (2) those that rule out the displacement of swizzled objects. The first class (i.e., techniques that take precautions for the replacement of swizzled objects) has not yet been thoroughly investigated. Four different pointer swizzling techniques allowing object replacement are investigated and compared with the performance of an object manager employing no pointer swizzling. The extensive qualitative and quantitative evaluation—only part of which could be presented in this article—demonstrate that there is noone superior pointer swizzling strategy forall application profiles. Therefore, an adaptable object base run-time system is devised that employs the full range of pointer swizzling strategies, depending on the application profile characteristics that are determined by, for example, monitoring in combination with sampling, user specifications, and/or program analysis.     

Access privilege management in protection systems

We consider the problem of managing access privileges on protected objects. We associate one or more locks with each object, one lock for each access right defined by the object type. Possession of an access right on a given object is certified by possession of a key for this object, if this key matches one of the object locks. We introduce a number of variants to this basic key–lock technique. Polymorphic access rights make it possible to decrease the number of keys required to certify possession of complex access privileges that are defined in terms of several access rights. Multiple locks on the same access right allow us to exercise forms of selective revocation of access privileges. A lock conversion function can be used to reduce the number of locks associated with any given object to a single lock. The extent of the results obtained is evaluated in relation to alternative methodologies for access privilege management.     

处理指针相等关系不确定的指针逻辑

为类C小语言PointerC设计的指针逻辑是Hoare逻辑的一种扩展,可用来对指针程序进行精确的指针分析,以支持指针相等关系确定的程序的安全性验证.通过增加相等关系不确定的指针类型访问路径集合,可扩展这种指针逻辑,使得扩展后的指针逻辑可以应用于有向图等指针相等关系不确定的抽象数据结构上的指针程序性质　证明.     

Reference count analysis with shallow aliasing

Reference counting is a commonly used technique for resource management. One key correctness criterion in the use of reference counts is that increment and decrement operations must be well-matched. In this paper we consider the problem of statically verifying that a given (sequential) program uses reference counts correctly: that is, that the program performs an equal number of increment and decrement operations on every object. We present a polynomial time algorithm for verifying this property when the program is allowed to have only shallow pointers: that is, the program may contain pointers to reference count objects, but the program does not contain pointers to pointers. We show that the problem is intractable if general (non-shallow) pointers are allowed. Our polynomial time algorithm, for the case of shallow pointers, works by reducing the problem to that of an affine-relation analysis problem.     

Reference count analysis with shallow aliasing

Reference counting is a commonly used technique for resource management. One key correctness criterion in the use of reference counts is that increment and decrement operations must be well-matched. In this paper we consider the problem of statically verifying that a given (sequential) program uses reference counts correctly: that is, that the program performs an equal number of increment and decrement operations on every object. We present a polynomial time algorithm for verifying this property when the program is allowed to have only shallow pointers: that is, the program may contain pointers to reference count objects, but the program does not contain pointers to pointers. We show that the problem is intractable if general (non-shallow) pointers are allowed. Our polynomial time algorithm, for the case of shallow pointers, works by reducing the problem to that of an affine-relation analysis problem.     

Accessing Nearby Copies of Replicated Objects in a Distributed Environment

Consider a set of shared objects in a distributed network, where several copies of each object may exist at any given time. To ensure both fast access to the objects as well as efficient utilization of network resources, it is desirable that each access request be satisfied by a copy ``close' to the requesting node. Unfortunately, it is not clear how to achieve this goal efficiently in a dynamic, distributed environment in which large numbers of objects are continuously being created, replicated, and destroyed. In this paper we design a simple randomized algorithm for accessing shared objects that tends to satisfy each access request with a nearby copy. The algorithm is based on a novel mechanism to maintain and distribute information about object locations, and requires only a small amount of additional memory at each node. We analyze our access scheme for a class of cost functions that captures the hierarchical nature of wide-area networks. We show that under the particular cost model considered (i) the expected cost of an individual access is asymptotically optimal, and (ii) if objects are sufficiently large, the memory used for objects dominates the additional memory used by our algorithm with high probability. We also address dynamic changes in both the network and the set of object copies. Received December 19, 1997, and in final form October 16, 1998.     

Making Pointers Safe in System Programming Languages

System programming languages usually provide pointers so as to permit efficient and understandable programs to be written. Some higher level languages either avoid pointers altogether or greatly circumscribe pointers to guarantee safety, i.e., so that programs cannot gain access to storage in an inappropriate way. By combining the ideas of 1) pointer scope front Algol 68, 2) tombstones for invalidating dangling references, and 3) freezing which permits freeable objects to have scoped pointers, we solVe the problem of providing convenient and efficient pointers while simultaneously guaranteeing safety.     

Application of redundant computation in program debugging

Programmers spend most of their time and resources in localizing program defects. On the other hand, they commit many errors by manipulating dynamic data improperly, which may produce dynamic memory problems, such as dangling pointer, memory leaks, and inaccessible objects. Dangling pointers can occur when a function returns a pointer to an automatic variable, or when trying to access a deleted object. Inaccessible objects occur when a pointer is assigned to point to another object, leaving the original object inaccessible, either by using the new operator or regular assignment operator. Memory leaks occur when a dynamic data is allocated but never de-allocated. The existence of such dynamic memory problems causes the programs to behave incorrectly. Improper usage of dynamic data is a common defect that is easy to commit, but is difficult to diagnose and discover. In this paper, we propose a dynamic approach that detects different types of program defects including those that occur as a result of misusing the dynamic data in computer programs. Our approach uses the notion of redundant computation to identify the suspicious locations in the program that may contain defects. Redundant computation is an execution of a program statement(s) that does not contribute to the program output. The notion of redundant computation is introduced as a potential indicator of defects in programs. We investigate the application of redundant computation in debugging programs. The detection of redundant computation indicates deficiency that may represent a bug in the program. The results of the experiment show that, the redundant computation detection can help the debuggers to localize the source(s) of the program defects.     

面向对象程序设计语言的绑定时间分析技术

为了实现面向对象语言的部分求值,提出了一种绑定时间分析技术.该技术通过针对引用类型变量和指针变量的上下文敏感分析,能够比较精确地分析面向对象语言中诸如对象元素、数组元素等复杂数据结构元素的绑定时间,进而扩大了部分求值的作用范围.这种方法采用两层BTA环境来保存静态变量和局部变量的BTA状态,设置一种专用句柄来表示不同程序点创建的对象,进而采用这种句柄的集合表示引用类型变量的BTA状态.在为面向对象语言程序标注绑定时间信息的过程中,采用一个正向分析和一个反向分析过程,借助于BTA环境来跟踪和设定各种变量、对象和引用变量的绑定时间.该技术已经用于实现Java程序的绑定时间分析,能够有效地分析大多数单线程的Java程序,为实现高性能Java程序部分求值提供了必要的手段.     

一种基于智能卡的口令认证方案

给出了一个基于智能卡的远程访问口令认证方案，它能够对登录口令进行检验而不需要检索口令表。它利用了公钥密码系统的签名特性，其安全性依赖于离散对数问题和因数分解问题。特点是网络用户可以自由选择其口令，通过对口令增加时间戳还可抵抗重放攻击。     

水利部密码基础设施建设实践

密码作为信息安全防护的重要手段,在关键信息系统和基础网络防护中发挥着不可替代的重要作用。提出密码基础设施总体设计思路,阐述水利基础设施建设方案,描述系统各组成模块的功能。通过建设水利部密码基础设施,为水利信息系统和网络提供统一的密码服务,有效解决水利行业密码设备分散管理,应用支撑能力薄弱,管控力度不足等问题,同时指出后续工作开展方向。     

Specific object retrieval based on salient regions

In this paper, we present an image retrieval technique for specific objects based on salient regions. The salient regions we select are invariant to geometric and photometric variations. Those salient regions are detected based on low level features, and need to be classified into different types before they can be applied on further vision tasks. We first classify the selected regions into four types including blobs, edges and lines, textures, and texture boundaries, by using the correlations with the neigbouring regions. Then, some specific region types are chosen for further object retrieval applications. We observe that regions selected from images of the same object are more similar to each other than regions selected from images of different objects. Correlation is used as the similarity measure between regions selected from different images. Two images are considered to contain the same object, if some regions selected from the first image are highly correlated to some regions selected from the second image. Two data sets are employed for experiment: the first data set contains human face images of a number of different people and is used for testing the retrieval algorithm on distinguishing specific objects of the same category; and the second data set contains images of different objects and is used for testing the retrieval algorithm on distinguishing objects of different categories. The results show that our method is very effective on specific object retrieval.     

C语言中多维数组指针和递归的教学实践

多维数组指针和递归是C语言教学中的难点.通过引入面指针、行指针和列指针,并与相应级别的指针相关联,阐述了应用指针访问多维数组的方法.借助做游戏的方式展开递归的教学,使教学难点变得有趣和易于被学生接受.     

基于信息客体统一化描述的安全标记绑定研究

安全标记与信息客体绑定,一直是制约多级安全走向网络实用化的关键问题。针对这一问题,提出了一种基于信息客体统一化描述的安全标记绑定方法。通过分析客体类型,给出了基于数据树的多类型客体的统一表示模型,据此基于数据树遍历给出了客体与安全标记绑定算法,并讨论了客体的相关操作及其访问控制机制的实施。该方法不仅可提高安全标记绑定的灵活性,实现多类型信息客体与安全标记绑定的统一,而且可实施更为细粒度的访问控制,解决系统间异构数据交换控制难的问题。     

A scalable P2P platform for the knowledge grid

The knowledge grid needs to operate with a scalable platform to provide large-scale intelligent services. A key function of such a platform is to efficiently support various complex queries in a dynamic large-scale network environment. This paper proposes a platform to support index-based path queries by incorporating a semantic overlay with an underlying structured P2P network that provides object location and management services. Various distributed indexing structures can be dynamically formed by publishing, semantic objects as indexing nodes. Queries are forwarded along the chains of semantic object pointers to search for objects. We investigate the deployment of a scalable distributed trie index for broadcast queries on key strings, propose a decentralized load balancing method for solving the problem of uneven load distribution incurred by heterogeneity of loads and node capacities and by the distributed trie index, and give an approach for improving the availability of the semantic overlay and its trie index. Experiments demonstrate the scalability of the proposed platform.     

结合语义辅助和边缘特征的显著对象检测

目的 现有的显著对象检测模型能够很好地定位显著对象,但是在获得完整均匀的对象和保留清晰边缘的任务上存在不足。为了得到整体均匀和边缘清晰的显著对象,本文提出了结合语义辅助和边缘特征的显著对象检测模型。方法 模型利用设计的语义辅助特征融合模块优化骨干网的侧向输出特征,每层特征通过语义辅助选择性融合相邻的低层特征,获得足够的结构信息并增强显著区域的特征强度,进而检测出整体均匀的显著对象。通过设计的边缘分支网络以及显著对象特征得到精确的边缘特征,将边缘特征融合到显著对象特征中,加强特征中显著对象边缘区域的可区分性,以便检测出清晰的边缘。同时,本文设计了一个双向多尺度模块来提取网络中的多尺度信息。结果 在4种常用的数据集ECSSD （extended complex scene saliency dataset）、DUT-O （Dalian University of Technology and OMRON Corporation）、HKU-IS和DUTS上与12种较流行的显著模型进行比较,本文模型的最大F值度量（max F-measure,MaxF）和平均绝对误差（mean absolution error,MAE）分别是0.940、0.795、0.929、0.870和0.041、0.057、0.034、0.043。从实验结果看,本文方法得到的显著图更接近真值图,在MaxF和MAE上取得最佳性能的次数多于其他12种方法。结论 本文提出的结合语义辅助和边缘特征的显著对象检测模型十分有效。语义辅助特征融合和边缘特征的引入使检测出的显著对象更为完整均匀,对象的边缘区分性也更强,多尺度特征提取进一步改善了显著对象的检测效果。     

基于渐进式嵌套特征的融合网络

显著目标检测是指通过引入人类视觉注意力机制,使计算机能检测视觉场景中人们最感兴趣的区域或对象.针对显著性目标检测中存在检测边缘不清晰、检测目标不完整及小目标漏检的问题,文中提出基于渐进式嵌套特征的融合网络.网络采用渐进式压缩模块,将较深层特征不断向下传递融合,在降低模型参数量的同时也充分利用高级语义信息.先设计加权特征融合模块,将编码器的多尺度特征聚合成可访问高级信息和低级信息的特征图.再将聚合的特征分配到其它层,充分获取图像上下文信息及关注图像中的小目标对象.同时引入非对称卷积模块,进一步提高检测准确性.在6个公开数据集上的实验表明文中网络取得较优的检测效果.