一种新颖的Web服务安全性测试方法

针对传统的Web服务安全性测试方法存在的低效、缺乏灵活性、不适应复杂安全功能测试及难以实现异常测试等问题,本文提出一种基于WSDL文件动态解析和安全功能分解的Web服务安全性测试方法。该方法采用运行时动态解析WSDL文件的方式解决了传统测试方法与被测Web服务紧耦合的问题,将复杂安全功能分解为7类原子安全处理类型,使其能够有效适应复杂安全功能测试的需要,采用故障注入机制生成错误的SOAP消息使其支持异常测试。实验结果表明,该方法具有灵活性、高效性和先进性。     

User preference of cyber security awareness delivery methods

Operating systems and programmes are more protected these days and attackers have shifted their attention to human elements to break into the organisation's information systems. As the number and frequency of cyber-attacks designed to take advantage of unsuspecting personnel are increasing, the significance of the human factor in information security management cannot be understated. In order to counter cyber-attacks designed to exploit human factors in information security chain, information security awareness with an objective to reduce information security risks that occur due to human related vulnerabilities is paramount. This paper discusses and evaluates the effects of various information security awareness delivery methods used in improving end-users’ information security awareness and behaviour. There are a wide range of information security awareness delivery methods such as web-based training materials, contextual training and embedded training. In spite of efforts to increase information security awareness, research is scant regarding effective information security awareness delivery methods. To this end, this study focuses on determining the security awareness delivery method that is most successful in providing information security awareness and which delivery method is preferred by users. We conducted information security awareness using text-based, game-based and video-based delivery methods with the aim of determining user preferences. Our study suggests that a combined delivery methods are better than individual security awareness delivery method.     

Security and Controls for EDI

During the many years in which I have been involved in building client/server systems, I have often been asked if there is any real difference between the security of client/server systems and that of traditional, mainframe-based systems. The simple though seldom heard answer is yes—adoption of such a new architectural paradigm has a direct impact on security. It does not significantly affect existing security objectives; in most cases, security objectives remain constant. However, a new systems architecture does require that existing security methods and tools be either changed or replaced with new security techniques and tools. In short, what has to be done remains constant; how it is done changes depending on the new systems architecture.

This column addresses a number of the unique security issues that are raised by adoption of client/server technologies.     

Autonomous security for autonomous systems

The Internet’s interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather than force centralized control in a distributed network, this paper examines distributed security methods that are amenable to incremental deployment. Typically, such methods are less comprehensive and not provably secure. The paper describes a distributed anomaly detection and response system that provides comparable security to cryptographic methods and has a more plausible adoption path. Specifically, the paper makes the following contributions: (1) it describes pretty good BGP (PGBGP), whose security is comparable (but not identical) to secure origin BGP; (2) it gives theoretical proofs on the effectiveness of PGBGP; (3) it reports simulation experiments on a snapshot of the Internet topology annotated with the business relationships between neighboring networks; (4) it quantifies the impact that known exploits could have on the Internet; and (5) it determines the minimum number of ASes that would have to adopt a distributed security solution to provide global protection against these exploits. Taken together these results explore the boundary between what can be achieved with provably secure centralized security mechanisms for BGP and more distributed approaches that respect the autonomous nature of the Internet.     

安全协议的形式化描述和分析

Security protocols use cryptography system to complete the tasks of principal identity authentication and seccion key distribution. The correctness of security protocols is of vital importance to ensure the security of the Inter-net application. Formal methods have been proved to be a valid approach to analyze and verify security protocols. This paper briefly introduces the three main styles in the field of security protocol analysis and their representative work.After that,it points out the future deveopment direction.     

基于iSCSI协议的IP网络安全存储结构设计探讨

iSCSI协议定义了在IP网络上传输SCSI命令、数据和状态的规则和方法,使得基于iSCSI协议的安全存储结构比传统的基于FC协议的存储在多方面都有明显的优势。设计新的基于iSCSI协议的安全存储结构时,要在能够发挥该网络存储优势的同时兼顾保护IP网络的安全,以便新系统能够应用于需要构建基于iSCSI协议的安全存储结构并且对安全性较高的企业单位。研究采用外挂式存储虚拟化结构,实现IP网络安全存储要求。     

无线传感器网络中的跨层安全设计

无线传感器网络(WSNs)发展迅速,可广泛应用于军事、工业及科学等领域。传感器网络在无线信道中工作,其节点有限的能源、计算能力、存储能力使得其面临着严重的安全问题。已提出的许多安全方法都基于分层设计的概念。分析了分层安全设计的局限性,回顾了现存的W SNs的安全设计方案,提出了一些新的跨层解决办法,并指出了传感器网络中跨层安全的研究方向。     

Reusable knowledge in security requirements engineering: a systematic mapping study

Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements.     

System security assurance: A systematic literature review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber–physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.     

Why ROI and similar financial tools are not advisable for evaluating the merits of security projects

During the last 30 years, the period in which information security has become a widespread concern, many people have attempted to evaluate information security projects with traditional financial analysis tools (ROI, NPV, IRR, Payback, etc.). The results have been unsatisfying because information security does not lend itself to the same type of analysis, as for example could be readily performed on the upgrade of a server used for production processing. In this article, we discuss some of the reasons why this is the case, as well as several other evaluation methods that can instead be used to make justifiable and relevant decisions about information projects.     

一种面向攻击效果的网络安全态势评估方法

基于攻击和威胁的网络安全态势评估模型已经成为研究热点,攻击数量和攻击造成的影响效果是两个重要的确定态势值的因素。利用攻击数量因素来确定态势值已经得了良好的效果。但是从攻击对系统影响角度来确定态势值方面,仍然考虑不够。本文首先基于层次化网络安全态势评估模型,介绍利用攻击数量来计算网络安全态势值的公式。然后分析攻击对系统造成影响,利用攻击影响对公式修正,推导出充分考虑攻击数量和影响效果的公式。通过实验证明修正后的公式更加能反映实际情况。     

Harmonized taxonomies for security and resilience

ABSTRACT

Security is an enduring priority for both individuals and communities. Methods such as locks, fences, identity cards, and passbooks have been used for many years to provide security against physical attack, crime, espionage, and terrorism. As a result, many national governments, standards organizations, think tanks, and commentators have proposed security methods. None of these methods provides enduring and effective responses to the serious security challenges faced today. Shortfalls in effectiveness derive from terminology that is inconsistent, incomplete, confusing, or contains language that is specific to the physical, personnel, or electronic domains.

This article presents harmonized taxonomies for security and resilience that can be applied across the physical, personnel, and electronic domains. These taxonomies provide an ordered set of terms to organize thinking, and facilitate data and information sharing throughout the security discipline.

Functional decomposition is used to derive the new taxonomies of security and resilience. Case studies that span the physical, personnel, and electronic security domains are used to provide the experimental context to test the utility of the new taxonomies, using an established security risk assessment framework. The utility of the new taxonomies is further validated by the results of a survey of senior security experts.     

A method for predicting the network security situation based on hidden BRB model and revised CMA-ES algorithm

It is important to establish the forecasting model of the network security situation. But the network security situation cannot be observed directly and can only be measured by other observable data. In this paper the network security situation is considered as a hidden behavior. In order to predict the hidden behavior, some methods have been proposed. However, these methods cannot use the hybrid information that includes qualitative knowledge and quantitative data. As such, a forecasting model of network security situation is proposed on the basis of the hidden belief rule base (BRB) model when the inputs are multidimensional. The initial parameters of the hidden BRB model given by experts may be subjective and inaccurate. In order to train the parameters, a revised covariance matrix adaption evolution strategy (CMA-ES) algorithm is further developed by adding a modified operator. The revised CMA-ES algorithm can optimize the parameters of the hidden BRB model effectively. The case study shows that compared with other methods, the proposed hidden BRB model and the revised CMA-ES algorithm can predict the network security situation effectively to improve the forecasting precision by making full use of qualitative knowledge.     

基于结构特征的二进制代码安全缺陷分析模型

针对现有方法检测复杂结构二进制代码安全缺陷的不足,提出新的分析模型,并给出其应用方法。首先以缺陷的源代码元素集合生成特征元素集合,抽取代码结构信息,构建分析模型。然后依据各类中间表示（IR,intermediate representation）语句的统计概率计算分析模型,查找满足特征模型的IR代码组,通过IR代码与二进制代码的转换关系,实现对二进制程序中代码安全缺陷的有效检测。分析模型可应用于二进制单线程程序和并行程序。实验结果表明,相对于现有方法,应用该分析模型能够更全面深入地检测出各类结构复杂的二进制代码安全缺陷,且准确率更高。     

Survey and analysis on Security Requirements Engineering

Security Requirements Engineering is a new research area in software engineering, with the realization that security must be analyzed early during the requirements phase. Many researchers are working in this area; however, there is a lack in security requirements treatment. The security requirements are one of the non-functional requirements, which act as constraints on functions of the system. Organizations are depending on information systems for communicating and sharing information. Thus, IT security is becoming central in fulfilling business goals, to guard assets and to create trustworthy systems. To develop systems with adequate security features, it is essential to capture the security requirements. In this paper, we present a view on Security Requirements, issues, types, Security Requirements Engineering (SRE) and methods. We analyzed and compared different methods and found that SQUARE and Security Requirements Engineering Process methods cover most of the important activities of SRE. The developers can adopt these SRE methods and easily identify the security requirements for software systems.     

Utilizing Binary Rewriting for Improving End-Host Security

Conventional methods supporting Java binary security mainly rely on the security of the host Java Virtual Machine (JVM). However, malicious Java binaries keep exploiting the vulnerabilities of JVMs, escaping their sandbox restrictions and allowing attacks on end-user systems. Administrators must confront the difficulties and dilemmas brought on by security upgrades. On the other hand, binary rewriting techniques have been advanced to allow users to enforce security policies directly on the mobile code. They have the advantages of supporting a richer set of security policies and a self-constrained written code. However, the high administrative and performance overhead caused by security configuration and code rewriting have prevented rewriters from becoming a practical security tool. In this paper, we address these problems by integrating binary code rewriters with Web caching proxies and build the security system called PB-JARS, a Proxy-based JAva Rewriting System. PB-JARS works as a complimentary system to existing JVM security mechanisms by placing another line of defense between users and their end-user systems. It gives system administrators centralized security control and management for the mobile code and security policies. We evaluated PB-JARS using a real Java binary traffic model derived from analyzing real Web trace records. Our results show that adding binary rewriting to a Web caching system can be very efficient in improving end-host security at a low cost.     

Generating optimized gate level information flow tracking logic for enforcing multilevel security

Vulnerabilities such as design flaws, malicious codes and covert channels residing in hardware design are known to expose hard-to-detect security holes. However, security hole detection methods based on functional testing and verification cannot guarantee test coverage or identify malicious code triggered under specific conditions and hardware-specific covert channels. As a complement approach to cipher algorithms and access control, information flow analysis techniques have been proved to be effective in detecting security vulnerabilities and preventing attacks through side channels. Recently, gate level information flow tracking (GLIFT) has been proposed to enforce bittight information flow security from the level of Boolean gates, which allows detection of hardware-specific security vulnerabilities. However, the inherent high complexity of GLIFT logic causes significant overheads in verification time for static analysis or area and performance for physical implementation, especially under multilevel security lattices. This paper proposes to reduce the complexity of GLIFT logic through state encoding and logic optimization techniques. Experimental results show that our methods can reduce the complexity of GLIFT logic significantly, which will allow the application of GLIFT for proving multilevel information flow security.     

Flexible and fast security solution for wireless LAN

The great promise of wireless LAN will never be realized unless they have an appropriate security level. From this point of view, various researches have proposed many security protocols for wireless LAN. This is in order to handle WLAN security problems which are mostly due to the lack of physical protection in WLAN or because of the transmission on the radio link. In this paper, we propose a security protocol named FFTLS (flexible and fast transport layer security), an EAP authentication method that enables secure communication between a client and an authentication server in a powerful and flexible way. Unlike existing EAP authentication methods, FFTLS protocol has the ability to combine between shared secrets and certificate-based infrastructures and to natively ensure additional security services such as identity protection, non-repudiation and perfect forward secrecy. Moreover, it efficiently optimizes the computational time and the message flows needed to open secure sessions for both clients and authentication servers.     

处理器微体系结构安全研究综述

在CPU指令流水线中,为了提高计算机系统的执行效率而加入的Cache、TLB等缓存结构是不同进程共享的,因此这些缓存以及相关执行单元在不同进程之间的共享在一定程度上打破了计算机系统中基于内存隔离实现的安全边界,进而打破了计算机系统的机密性和完整性。Spectre和Meltdown等漏洞的披露,进一步说明了处理器微体系结构所采用的乱序执行、分支预测和推测执行等性能优化设计存在着严重的安全缺陷,其潜在威胁将涉及到整个计算机行业的生态环境。然而,对于微体系结构的安全分析,到目前为止尚未形成较为成熟的研究框架。虽然当前针对操作系统内核及上层应用程序的漏洞检测和安全防护方面已经有较为成熟的方法和工具,但这些方法和工具并不能直接应用于对微体系结构漏洞的安全检测之中。一旦微体系结构中出现了漏洞将导致其危害更加广泛并且难以修复。此外,由于各个处理器厂商并没有公布微体系结构的实现细节,对于微体系结构安全研究人员来说,微体系结构仍然处于黑盒状态,并且缺少进行辅助分析的工具。这也使得微体系结构的安全分析变得十分困难。因此本文从当前处理器微体系结构设计中存在的安全威胁入手,分析了其在设计上导致漏洞产生的主要原...     

软件安全性测试方法与工具

软件的应用越来越广泛,规模和复杂度不断提高,软件中的安全缺陷与漏洞也在不断增多,软件安全性问题日益突出.软件安全性测试是保证软件安全性、降低软件安全风险的重要手段.论述了软件安全性测试的特点、内容,重点研究了国内外软件安全性测试的主要方法与工具,分析了各种方法的优缺点与适用范围,提出了一种安全性测试工具的分类方法,总结了当前研究工作并指出了未来软件安全性测试技术的研究重点与发展方向.