计算机系统信息的安全保护方法

信息系统是以计算机及外部设备为基础，进行信息的收集、传输、存储、加工处理的系统，它的大量应用给人类创造了巨大的财富，同时也成为威胁、攻击和破坏的目标和对象。为了保证计算机系统的安全，必须系统深入地学习和研究计算机系统安全技术与方法。本文给出了一种计算机系统信息的安全保护方法。     

打印机安全风险分析与信息防护框架研究

打印机作为办公业务系统的重要组成，连接着计算机系统和信息网络，是打印作业信息汇聚节点，面临着安全威胁和失泄密隐患。结合打印机内置通信模块、主控模块等国产化软硬件安全防护需求，开展打印机通信协议栈、嵌入式操作系统等安全风险分析，构建基于可信计算技术的打印机平台安全防护模型，能够提升打印作业信息传输、存储等环节的安全防护水平，进而增强办公业务系统抵御网络攻击的能力。     

车流量测量仪串口通信的设计与实现

针对用于高速公路的车流量测量仪的实际要求，采用RS-232标准异步串行通信接口，设计并实现了车流量测量仪控制软件中的串口通信模块。该控制软件的串口通信模块主要完成车流量的数据接收存储，以及通过测量仪内置Modem传送数据文件和接收控制命令。模拟环境下的调测试结果表明，文中所提出的串口通信方案能较好地满足车流量测量仪控制软件的实际应用要求。     

Secure Enclave安全体系技术分析与研究

在移动互联网时代,移动智能终端已经成为人们随身携带、随时使用的重要设备。应对移动应用环境中面临的安全威胁,成为业界面临的重要问题。Apple公司设计了一套安全体系,依靠Secure Enclave模块来实现密码运算和敏感数据的存储,在实际的应用中取得了很好的效果。从硬件、系统和通信机制方面分析了Secure Enclave模块的组成结构,进而对系统进行了安全性分析,最后,对模块进行了总结和展望。     

便携式轨迹记录与Google Earth再现系统

以MSP430F148单片机为控制核心,E580为GPS接收模块,设计了一套能在Google Earth中显示目标移动轨迹的平台,阐述了平台的硬件电路及其软件流程。该硬件平台通过串口接收GPS信息,实时显示在LCD上并存储在Flash存储器中。通过USB接口把存储器的坐标信息上传给PC,然后转化为KML格式文件,Google Earth识别该文件即可显示目标的轨迹。该平台功耗低,操作简单,可以非常灵活地应用到物流跟踪、公交查询等工程项目中。     

嵌入式实时内核的串口通信模块设计

针对51系列单片机与智能模块的串口通信,研究嵌入式实时内核的串口通信方案。讨论了实时操作系统下消息队列功能正确配置方法,利用系统中断和内核提供的消息队列功能,实现了串口通信和数据存储,对通信协议、消息队列功能配置、驱动程序任务分解、数据存储方式作了重点论述,为设计使用智能模块与单片机串口通信的控制系统应用领域提供了良好的升级解决方案。     

基于ARM的抗恶劣环境移动终端设计

为了满足抗恶劣环境领域对小型化计算机产品的使用需求,提出一种基于ARM的抗恶劣环境移动终端设计方法。该移动终端在硬件设计上以ARM9系列CPU为核心,通过在嵌入式模块内实现数据处理及存储功能,集成串口、LCD、VGA、CAN等接口和GPS功能,大大提高了移动终端的使用范围和可扩展性;在结构设计上采用新材料、新工艺降低移动终端的体积和重量,同时保证移动终端的温度适应性、抗振动冲击性能和电磁兼容性能。该方法已经投入应用,效果良好。     

移动互联网安全终端的设计与实现

在行业部门、金融等特殊应用中,针对移动互联网通信过程中存在的数据窃取、数据篡改和移动互联网终端面临的网络攻击、隐私数据泄密等问题,设计了一套移动互联网安全通信终端设备,旨在保障敏感信息的传输安全,终端系统安全和数据存储安全.     

车流量测量仪串口通信的设计与实现

针对用于高速公路的车流量测量仪的实际要求,采用RS-232标准异步串行通信接口,设计并实现了车流量测量仪控制软件中的串口通信模块。该控制软件的串口通信模块主要完成车流量的数据接收存储,以及通过测量仪内置Mo-dem传送数据文件和接收控制命令。模拟环境下的调测试结果表明,文中所提出的串口通信方案能较好地满足车流量测量仪控制软件的实际应用要求。     

基于QEMU的虚拟可信平台模块的设计与实现

针对可信计算机系统信任链传递过程中的安全性缺陷,提出了在虚拟机中进行信任链传递的虚拟机穿越技术,并在QEMU虚拟机中实现了虚拟可信平台模块。虚拟可信平台模块通过采用信息代理的实现方式并利用虚拟机的封闭性和隔离性为可信计算机系统信任链传递提供了一个安全、高效和透明环境。通过KnoppixLinux分析和比较了QEMU虚拟机中实现的虚拟可信平台模块和Xen中基于可信平台模拟器的虚拟可信平台模块。     

U盘唯一性标识信息的构建与识别方法

根据涉密存储介质保密管理的要求,以U盘为例,提出一种新颖的、以USB协议和大容量存储类协议为基础的移动存储介质管理架构。存储介质的唯一性标识由VID、PID和硬件序列号组成。同时还提出了基于CY7C67300嵌入式主机控制器的USB总线介质管理方案。通过USB总线枚举方式,逐一识别介质唯一性标识并通过超级终端显示。测试结果证明,该标识和识别方法可以用于移动存储介质安全管理系统,从而使涉密移动存储介质处于实时监控状态下,大大减少了泄密风险。     

Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI

In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.     

Enhanced dynamic credential generation scheme for protection of user identity in mobile-cloud computing

To improve the resource limitation of mobile devices, mobile users may utilize cloud-computational and storage services. Although the utilization of the cloud services improves the processing and storage capacity of mobile devices, the migration of confidential information on untrusted cloud raises security and privacy issues. Considering the security of mobile-cloud-computing subscribers’ information, a mechanism to authenticate legitimate mobile users in the cloud environment is sought. Usually, the mobile users are authenticated in the cloud environment through digital credential methods, such as password. Once the users’ credential information theft occurs, the adversary can use the hacked information for impersonating the mobile user later on. The alarming situation is that the mobile user is unaware about adversary’s malicious activities. In this paper, a light-weight security scheme is proposed for mobile user in cloud environment to protect the mobile user’s identity with dynamic credentials. The proposed scheme offloads the frequently occurring dynamic credential generation operations on a trusted entity to keep minimum processing burden on the mobile device. To enhance the security and reliability of the scheme, the credential information is updated frequently on the basis of mobile-cloud packets exchange. Furthermore, the proposed scheme is compared with the existing scheme on the basis of performance metrics i.e. turnaround time and energy consumption. The experimental results for the proposed scheme showed significant improvement in turnaround time and energy consumption as compared to the existing scheme.     

面向智能安全物流应用的无线传感器网络设计

传感器节点主要由CC2530射频模块、温湿度传感器DHT21、GSM模块以及串口上位机组成。以CC2530射频模块为系统的控制核心,在发送端模块负责采集温湿度传感器信号,通过RF射频端把现场的信息传送到接收端的CC2530模块,接收模块把接收到的温湿度数据通过串口通信把数据传送到上位机中,从而实现现场温湿度数据曲线的显示。GSM模块通过串口直接与上位机通信,该模块能通过手机通信网络把温湿度以短信的形式发送到指定用户的手机中,从而实现物流货品信息的远程监控。     

云存储环境下移动终端信息隐匿方法研究

为了提高云存储环境下移动终端信息存储的安全性,需要进行信息隐匿算法设计,提出一种基于双曲椭圆线性编码加密的云存储环境下移动终端信息隐匿方法。构建移动终端信息编码数字密钥,采用双线性映射方法进行云存储环境下移动终端信息隐匿编码的统计量设计,采用比特序列分块匹配方法构建移动终端信息加密协议,结合混沌编码方案进行信息隐写过程中的块内频数检测设计,采用双曲椭圆线性编码加密方法提高云存储环境下移动终端信息隐匿的深度,根据随机性检测结果实现云存储环境下移动终端信息连续码元隐匿设计。仿真结果表明,采用该方法进行云存储环境下移动终端信息隐匿的加密性能较好,抗攻击能力较强,提高了数据存储的安全性。     

Multi-robot-based intelligent security system

This article describes a multiple security module-based intelligent security system that has multiple communication interfaces which can be applied in home automation. The interfaces of the intelligent security system contain wired RS485, wireless RF, and Internet. The detection modules of the system have both active and passive security modules. The passive security modules contain wired security modules and wireless security modules. The control unit of all security modules is a HOLTEK microchip. Each security module has two different interfaces. They use voice modules to alarm users of an event, and to transmit real-time event signals to the supervising computer via the wired RS485 or wireless RF interface. If an event occurs, the supervising computer calculates its belief values using Dempster-Shafter evidence theory according to the passive wired and wireless security modules. If the belief value is over a set threshold, the supervising computer commands the mobile robot to move to the event location, and receives a signal from the mobile robot via the wireless RF interface. The supervising computer recognizes the final decision output using Dempster-Shafter evidence theory, and displays the detection and decision output values on the monitor of the user interface. Finally, we present some experimental results using wired passive security modules, wireless passive security modules, and active security modules for fire detection and gas leakage detection using the experimental platform of the intelligent security system.     

可信移动平台身份管理框架

针对网络用户身份管理难题及现有的身份管理方案存在的不足,基于可信移动平台完整性校验、保护存储、域隔离和访问控制以及远程平台校验等安全特性,提出了可信移动平台身份管理方案和协议;构建了对应于口令、证书、指纹等认证方式的身份矩阵;实现了多种方式的身份认证、身份认证审计记录,主密钥、审计密钥、平台AIK私钥的加密存储,以及移动平台的可信验证、加密身份的还原和服务提供者身份标志的查找定位,并实现了身份信息和认证数据的加密传输;进行了安全性分析,结果表明该方案在保护用户身份信息安全的前提下,大大减轻了用户身份管理的     

Path planning of a multiple mobile robot system

We present path-planning techniques for a multiple mobile robot system. The mobile robot has the shape of a cylinder, and its diameter, height, and weight are 8 cm, 15 cm, and 1.5 kg, respectively. The controller of the mobile robot is an MCS-51 chip, and it acquires detection signals from sensors through I/O pins. It receives commands from the supervising computer via a wireless RF interface, and transmits the status of the robots to the supervising computer via a wireless RF interface. The mobile robot system is a module-based system, and contains a controller module (including two DC motors and drivers), an obstacle detection module, a voice module, a wireless RF module, an encoder module, and a compass detection module. We propose an evaluation method to arrange the position of the multiple mobile robot system, and develop a path-planning interface on the supervising computer. In the experimental results, the mobile robots were able to receive commands from the supervising computer, and to move their next positions according to the proposed method.     

基于Simulink以太网通信模块及数据采集卡构建半实物仿真系统

随着信息科学技术的发展,在控制工程领域,传统的串口通信渐渐无法满足当前移动化、多样化的通信需求.提出了一种基于Simulink以太网通信模块及数据采集卡构建半实物仿真系统的实现方法,系统由以C8051F020单片机为核心设计的硬件板卡和上位机软件组成,上位机软件为MATLAB/Simulink,计算机与数据采集卡之间采...     

基于DSP的移频电码化模块的设计与实现

介绍一种以DSP技术为核心实现铁路信号移频发送设备电子化的方案,该模块是现场原有的移频设备与车站计算机联锁系统的接口设备,以满足新的电码化技术要求。该模块技术先进,无维修,工作稳定可靠,具有故障-安全性能,进一步提高了系统的可靠性。详细叙述了模块的原理和软硬件设计,并且给出采用CAN总线技术与联锁机通信的方案。