新一代银行网点终端管控平台

分析了采用Windows图形化终端后所存在的管理难度大、复杂度高、监控不到位等问题,提出了针对银行业的网点终端管控安全框架,强调从终端管理安全策略、标准入手,结合终端管控平台系统的建设,在流程规范的指导下完成相关的安全任务操作,实现终端安全管理的集约化、标准化、自动化.重点介绍了终端管控平台系统及其参考的建设方案.实践证明,新一代银行网点图形化终端管控平台可以对网点终端进行全方位的管理与监控,有效地支撑了银行业务创新能力.     

基于电子病历的三甲精神专科医院管理平台应用

根据精神专科医院的实际情况提出了以电子病历为核心,整合现有资源、统一集成、信息共享,服务患者的医院综合信息管理解决方案.也为未来实现医疗信息的区域共享打下基础.     

基于通用知识的软件设计安全性评估

安全性作为软件系统的重要属性,越来越受到人们的重视．在软件开发的早期对安全性进行评估,对软件的质量控制和成本控制有着重要意义．当前的软件安全性评估主要依靠专家评审,结果的客观性及准确性常常受到专家主观意见的影响．通过使用通用知识作为评估依据,提出一种可以对UML顺序图形式的软件设计文档进行自动化分析的方法,可以发现软件设计中潜在的安全性漏洞．该方法可以减少结果中的主观性,同时,通过基于该方法的辅助工具的使用,可以大大提高评估效率．     

一种面向物流网监控的物联网技术

目前物流运输配送安全管理主要依靠GPS技术进行管理, 缺乏整体安全管理技术手段. 提出了一种物流物联网监控技术. 该技术实现了物联网传感器系统、视频监控系统、单兵可视通话指挥系统、司乘人员终端、通讯系统等技术的综合应用. 通过实际项目应用, 验证了该技术可以广泛应用于实现保障运输安全、提高运输效率、管理运输绩效、处理应急情况等.     

云计算安全及应用探析

随着云计算的普及和越来越多的云计算产品投入使用,频频爆发的安全事件也呈现在人们眼前,安全问题更加重要并且已经严重制约了其发展。首先对云计算的概念和发展进行了概述,分析了云计算面临的安全威胁,对提出了应对风险的云计算安全防范关键技术,最后对云计算环境下少数民族文化知识服务进行了探讨。     

基于进程控制的企业终端管理系统

企业专用信息系统对终端环境安全及软件运行安全有着极高的要求,但现阶段多数企业在使用软件系统时几乎没有采取任何防范措施.为此综合分析了企业内部软件的应用特点,总结了信息安全需求,依据企业信息系统的常规运行模式,提出了一种基于网络进程控制的终端软件安全管理方案,实现了对企业信息系统的安全管理和控制.该方案结合进程控制技术实现了一种切实、有效的安全管理机制,杜绝了非法用户拷贝内部系统而造成的危害,提升了软件使用的安全性以及企业软件所在终端的安全性.     

P2P soft security: On evolutionary dynamics of P2P incentive mechanism

This paper thoroughly investigates the evolutionary dynamics of soft security mechanism, namely, reciprocity-based incentive mechanism, in P2P systems based on Evolutionary Game Theory (EGT). By soft security mechanism, it means social control mechanisms to overcome peers’ selfish (rational) behaviors, and encourage cooperation in P2P systems. Specifically, there exist three strategies in P2P systems: always cooperative (ALLC), always defect (ALLD) and reciprocator (R). Instead of existing work which take it for granted that, like ALLC users, R users did not bear any information-seeking cost, we assume small reciprocation cost, and study generalized mutation-selection dynamics. Our contributions are threefold: firstly, we prove and illustrate that, in a well-mixed P2P structure, ALLD is the only strict Nash equilibrium; secondly, we infer the specific condition under which evolution dynamics exhibits rock-scissors-paper oscillation in a structured P2P population. That is, the population cycles from ALLD to R to ALLC and back to ALLD; finally, we theoretically illustrate that the intensity of selection plays an important role in the evolutionary dynamics of P2P incentive mechanism. That is, when the intensity of selection is relatively weak and reciprocation cost limits to zero, the time average can be mostly concentrated on reciprocator. In brief, considering the existence of reciprocation cost and the small mutation in P2P incentive mechanisms, unlike existing work, it is impossible to simply achieve the “absolute cooperative” in P2P incentive mechanisms. On the other hand, stochastic evolution in P2P incentive mechanism with finite population and network structure still favor reciprocation.     

Separating computation and storage with storage virtualization

Recent advances of hardware, software, and networks have made the management and security issues increasingly challenging in PC usage. Due to the tight coupling of hardware and software, each one of the hundreds or thousands of PCs connected in a networked environment has to be managed and administrated individually, leading to a high Total Cost of Ownership (TCO). We argue that a centralized storage of software and data, while distributed computation in clients, i.e., transparent computing, can address these challenges potentially and reduce the complexity with reduced software maintenance time, improved system availability, and enhanced security.This paper presents a novel approach, named StoreVirt, to realize transparent computing, which separates computation and storage from inside a single physical machine to different machines with a storage virtualization mechanism. With virtualization, all the OSes, applications, and data of clients are centered on the servers and scheduled on demand to run on different clients in a “block-streaming” way. Therefore, due to the central storage of OSes and applications, the installation, maintenance, and management are also centralized, leaving the clients light-weighted. Further, due to timely patching and upgrading, the system security can be improved. Experimental and real-world experiences demonstrate that this approach is efficient and feasible for real usages.     

Decision support for Cybersecurity risk planning

Security countermeasures help ensure the confidentiality, availability, and integrity of information systems by preventing or mitigating asset losses from Cybersecurity attacks. Due to uncertainty, the financial impact of threats attacking assets is often difficult to measure quantitatively, and thus it is difficult to prescribe which countermeasures to employ. In this research, we describe a decision support system for calculating the uncertain risk faced by an organization under cyber attack as a function of uncertain threat rates, countermeasure costs, and impacts on its assets. The system uses a genetic algorithm to search for the best combination of countermeasures, allowing the user to determine the preferred tradeoff between the cost of the portfolio and resulting risk. Data collected from manufacturing firms provide an example of results under realistic input conditions.