移动群智感知中原始数据隐私保护算法

随着移动智能设备的普及，移动群智感知（MCS）得到广泛应用的同时面临着严重的隐私泄露问题。针对现有的移动群智感知中的原始数据隐私保护方案不能抵御共谋攻击，降低了感知数据可用性的情况，提出一种基于移动节点的数据隐私保护算法（DPPMN）。首先，使用DPPMN中的节点管理器建立在线节点列表并将其发送给源节点，源节点通过列表构建数据传输的匿名路径；然后，使用paillier加密方案加密数据；接着，将密文沿路径上传至应用服务器；最后，服务器解密密文得到所需的感知数据。在数据传输时使用加解密操作，确保了攻击者不能窃听感知数据的内容，且无法沿路径追溯数据的来源。DPPMN能保证应用服务器在不侵犯节点隐私的情况下访问原始数据。理论分析和实验结果表明，DPPMN在增加适当通信量的情况下，具有较高的数据安全性，可以在抵御共谋攻击的同时不影响数据的可用性。     

Boolean functions of an odd number of variables with maximum algebraic immunity

In this paper, we study Boolean functions of an odd number of variables with maximum algebraic immunity. We identify three classes of such functions, and give some necessary conditions of such functions, which help to examine whether a Boolean function of an odd number of variables has the maximum algebraic immunity. Further, some necessary conditions for such functions to have also higher nonlinearity are proposed, and a class of these functions are also obtained. Finally, we present a sufficient and necessary condition for Boolean functions of an odd number of variables to achieve maximum algebraic immunity and to be also 1-resilient.     

A Method for Patching Interleaving-Replay Attacks in Faulty Security Protocols

The verification of security protocols has attracted a lot of interest in the formal methods community, yielding two main verification approaches: i) state exploration, e.g. FDR [Gavin Lowe. Breaking and fixing the needham-schroeder public-key protocol using FDR. In TACAs'96: Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems, pages 147–166, London, UK, 1996. Springer-Verlag] and OFMC [A.D. Basin, S. Mödersheim, and L. Viganò. An on-the-fly model-checker for security protocol analysis. In D. Gollmann and E. Snekkenes, editors, ESORICS'03: 8th European Symposium on Research in Computer Security, number 2808 in Lecture Notes in Computer Science, pages 253–270, Gjøvik, Norway, 2003. Springer-Verlag]; and ii) theorem proving, e.g. the Isabelle inductive method [Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal in Computer Security, 6(1-2):85–128, 1998] and Coral [G. Steel, A. Bundy, and M. Maidl. Attacking the asokan-ginzboorg protocol for key distribution in an ad-hoc bluetooth network using coral. In H. König, M. Heiner, and A. Wolisz, editors, IFIP TC6 /WG 6.1: Proceedings of 23rd IFIP International Conference on Formal Techniques for Networked and Distributed Systems, volume 2767, pages 1–10, Berlin, Germany, 2003. FORTE 2003 (work in progress papers)]. Complementing formal methods, Abadi and Needham's principles aim to guide the design of security protocols in order to make them simple and, hopefully, correct [M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6–15, 1996]. We are interested in a problem related to verification but far less explored: the correction of faulty security protocols. Experience has shown that the analysis of counterexamples or failed proof attempts often holds the key to the completion of proofs and for the correction of a faulty model. In this paper, we introduce a method for patching faulty security protocols that are susceptible to an interleaving-replay attack. Our method makes use of Abadi and Needham's principles for the prudent engineering practice for cryptographic protocols in order to guide the location of the fault in a protocol as well as the proposition of candidate patches. We have run a test on our method with encouraging results. The test set includes 21 faulty security protocols borrowed from the Clark-Jacob library [J. Clark and J. Jacob. A survey of authentication protocol literature: Version 1.0. Technical report, Department of Computer Science, University of York, November 1997. A complete specification of the Clark-Jacob library in CAPSL is available at http://www.cs.sri.com/millen/capsl/].     

What predicts psychological resilience after disaster? The role of demographics, resources, and life stress.

A growing body of evidence suggests that most adults exposed to potentially traumatic events are resilient. However, research on the factors that may promote or deter adult resilience has been limited. This study examined patterns of association between resilience and various sociocontextual factors. The authors used data from a random-digit-dial phone survey (N = 2,752) conducted in the New York City area after the September 11, 2001, terrorist attack. Resilience was defined as having 1 or 0 posttraumatic stress disorder symptoms and as being associated with low levels of depression and substance use. Multivariate analyses indicated that the prevalence of resilience was uniquely predicted by participant gender, age, race/ethnicity, education, level of trauma exposure, income change, social support, frequency of chronic disease, and recent and past life stressors. Implications for future research and intervention are discussed. (PsycINFO Database Record (c) 2010 APA, all rights reserved)     

SecMR – a secure multipath routing protocol for ad hoc networks

Multipath routing in ad hoc networks increases the resiliency against security attacks of collaborating malicious nodes, by maximizing the number of nodes that an adversary must compromise in order to take control of the communication. In this paper, we identify several attacks that render multipath routing protocols vulnerable to collaborating malicious nodes. We propose an on-demand multipath routing protocol, the secure multipath routing protocol (SecMR), and we analyze its security properties. Finally, through simulations, we evaluate the performance of the SecMR protocol in comparison with existing secure multipath routing protocols.     

抵御SYN洪水攻击早期阶段的检测方法

Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious. In this paper an early stage detecting method （ESDM） is proposed. The ESDM is a simple but effective method to detect SYN flooding attacks at the early stage. In the ESDM the SYN traffic is forecasted by autoregressive integrated moving average model, and non-parametric cumulative sum algorithm is used to find the SYN flooding attacks according to the forecasted traffic. Trace-driven simulations show that ESDM is accurate and efficient to detect the SYN flooding attacks.     

Preventing injection attacks with syntax embeddings

Software written in one language often needs to construct sentences in another language, such as SQL queries, XML output, or shell command invocations. This is almost always done using unhygienic string manipulation, the concatenation of constants and client-supplied strings. A client can then supply specially crafted input that causes the constructed sentence to be interpreted in an unintended way, leading to an injection attack. We describe a more natural style of programming that yields code that is impervious to injections by construction. Our approach embeds the grammars of the guest languages (e.g. SQL) into that of the host language (e.g. Java) and automatically generates code that maps the embedded language to constructs in the host language that reconstruct the embedded sentences, adding escaping functions where appropriate. This approach is generic, meaning that it can be applied with relative ease to any combination of context-free host and guest languages.     

Young children in the aftermath of the World Trade Center attacks.

The attacks of September 11, 2001, on the World Trade Center were unprecedented acts of terrorism on U.S. soil. The disaster provides an opportunity to understand the responses of young children to a traumatic event of this proportion. This retrospective study took place within a year of the attacks and examined the relationship of levels of exposure to the World Trade Center disaster and family level predictors to trauma symptoms in a highly exposed sample of 180 young children in New York City. Data were collected through interviews with parents of children five years or younger at the time of the attacks. Primary variables included direct exposure and post 9/11 child and parent functioning, including trauma symptoms. Child trauma symptoms were related to direct exposure to the disaster, previous trauma, negative changes in parenting, and increased couple tension. Findings support the conceptualization that children's responses to traumatic events must be addressed within the caregiving context of family relationships. Clinical and preventive intervention for young children should be aimed at multiple levels of the social ecology. (PsycINFO Database Record (c) 2011 APA, all rights reserved)     

"医药合谋"内在机理的数理分析

对我国“医药合谋”的内在机理进行了数理分析，结果表明：医疗机构可以从药品更高的回扣率中荻利，但是回扣率的提高会减少药商的利润，两者在回扣率上不存在共同利益。因此医疗机构不去要求药商提供更大的回扣率，而是与药商达成多开药、开高价药的“双赢”合谋模式。并在此基础上提出了进一步深化改革的建议。     

TCP／IP协议的漏洞分析及防范

本文针对TCP／IP在安全领域的应用展开论述，详细分析了TCP／IP在几个关键地方存在的问题．对其安全漏洞进行了研究，给出了一些建设性的解决办法，为今后的进一步研究奠定了基础。