Damage assessment and repair in attack resilient distributed database systems

Preventive measures sometimes fail to defect malicious attacks. With attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. The main objective of such systems is to detect attacks, and to assess and repair the damage in a timely manner. This paper focuses on efficient damage assessment and repair in distributed database systems. The complexity caused by data partition, distributed transaction processing, and failures makes intrusion recovery much more challenging than in centralized database systems. This paper identifies the key challenges and presents an efficient algorithm for distributed damage assessment and repair.     

Design of DL-based certificateless digital signatures

Public-key cryptosystems without requiring digital certificates are very attractive in wireless communications due to limitations imposed by communication bandwidth and computational resource of the mobile wireless communication devices. To eliminate public-key digital certificate, Shamir introduced the concept of the identity-based (ID-based) cryptosystem. The main advantage of the ID-based cryptosystem is that instead of using a random integer as each user’s public key as in the traditional public-key systems, the user’s real identity, such as user’s name or email address, becomes the user’s public key. However, all identity-based signature (IBS) schemes have the inherent key escrow problem, that is private key generator (PKG) knows the private key of each user. As a result, the PKG is able to sign any message on the users’ behalf. This nature violates the “non-repudiation” requirement of digital signatures. To solve the key escrow problem of the IBS while still taking advantage of the benefits of the IBS, certificateless digital signature (CDS) was introduced. In this paper, we propose a generalized approach to construct CDS schemes. In our proposed CDS scheme, the user’s private key is known only to the user himself, therefore, it can eliminate the key escrow problem from the PKG. The proposed construction can be applied to all Discrete Logarithm (DL)-based signature schemes to convert a digital signature scheme into a CDS scheme. The proposed CDS scheme is secure against adaptive chosen-message attack in the random oracle model. In addition, it is also efficient in signature generation and verification.     

Decision support for Cybersecurity risk planning

Security countermeasures help ensure the confidentiality, availability, and integrity of information systems by preventing or mitigating asset losses from Cybersecurity attacks. Due to uncertainty, the financial impact of threats attacking assets is often difficult to measure quantitatively, and thus it is difficult to prescribe which countermeasures to employ. In this research, we describe a decision support system for calculating the uncertain risk faced by an organization under cyber attack as a function of uncertain threat rates, countermeasure costs, and impacts on its assets. The system uses a genetic algorithm to search for the best combination of countermeasures, allowing the user to determine the preferred tradeoff between the cost of the portfolio and resulting risk. Data collected from manufacturing firms provide an example of results under realistic input conditions.     

无线传感器网络中影响能源消耗的因素的研究

在传感器网络中,电源能量是各个节点最宝贵的资源。为了使传感器网络的使用时间尽可能地长,必须合理有效地利用能量。该文从无线传感器网络的体系结构出发,对影响网络能源消耗的因素进行了研究。     

入侵检测系统研究分析

入侵检测是保障现代网络安全的关键技术之一。对于像军队这样对安全要求很高的网络,入侵检测技术以及系统将会起到至关重要的作用。本文对入侵检测的基本概念、方法以及发展趋势进行了分析与研究。     

计算机使用安全的解决方案的探索

该文针对大多数没有计算机专业知识的使用者,探讨了计算机安全问题的原因,并给出计算机安全使用、避免损失的方法。     

探讨数据库加密技术

从数据库安全需求着手,提出数据库加密要实现的目标,分析了数据库加密技术中几项关键技术并进行比较,最后对加密后系统产生的影响进行总结。     

浅谈防火墙在网络安全中的作用

本文介绍网络安全相关技术特性。     

WEB应用系统安全分析与设计

Web应用系统的安全对整个网络的安全至关重要。积极运用各种安全技术、认真研究防范措施,是Web应用系统建设中的关键问题之一。该文阐述了Web安全相对于网络安全的特殊之处,总结了常用的Web安全技术,对通用体系结构的Web应用系统安全性进行了分析,并给出了各环节应采用的安全技术。     

电脑黑客与网络安全

叙述了黑客对网络安全的破坏作用,说明了黑客对网络进行病毒攻击的手段和信息轰炸的攻击方法,并利用敌方网络系统进行情报窃取、情报欺骗。对网络安全的防护技术进行了探讨。