网络空间安全技术体系研究

随着网络空间对抗形式的日趋严峻,网络空间安全、尤其是网络基础设施安全得到世界各国的普遍重视.网络空问安全呈现出从基于特征“辨伪”向基于身份“识真”的发展趋势.通过对网络空间安全的发展现状、防护需求、防护技术的研究,提出“以信任为基础,网络与安全一体化设计”的设计理念,并给出网络空间安全防护技术体系的架构设计,形成覆盖主机-网络-应用的纵深防护体系.     

蓝牙安全研究

蓝牙是一种短距离射频（RF）通信开放标准。蓝牙技术主要用于建立无线个人局域网（WPAN）,并已被集成到多种类型的企业和消费者电子设备。本文介绍了蓝牙的技术特点、安全功能、存在的脆弱性和面临的威胁,并给出了蓝牙安全风险缓解对策建议。     

企业网的安全管理与对策探讨

为推动企业进一步发展,促进企业在激烈的市场竞争中占据先驱地位,越来越多的企业开始重视企业网络的建设。而由于网络的开放性,必然导致企业在进行网络建设的过程中会带来一系列安全问题。网络安全成为企业网络建设过程中必然考虑的因素。     

一种强制访问控制机制的审计方法

目前的安全操作系统模型有很多,以SELinux安全模型,AppArmor安全模型等为大家所熟知,基于这些强制访问控制模型的审计机制也更有不同。本文提供了一种基于轻量级DTE安全模型的审计机制,该机制中的审计信息采用固定大小格式,这样方便对其进行操作。该审计机制有效的监控了系统中主体对客体的所有访问,包括作法用户的操作和合法用户的误操作等。在系统自带的审计机制中,审计信息是系统中所有的审计记录的集合,数量相当庞大,不利于进行分析。本文提出审计开关,对审计记录中的数据进行分类处理,大大提高了检索和查找的速度。     

基于云计算的网络安全的探析

随着云计算的快速的发展,越来越多的用户将应用和数据托管到了云端。但是由于云计算具有的虚拟化、多用户、可伸缩等新特性,使得传统的安全技术并不能保证云计算的安全,云计算中的安全问题成了阻碍云计算发展的最主要的问题之一。因此,云计算的安全性成为了当前研究云计算的重点。     

商业银行如何有效保障网上银行的信息安全

随着互联网技术的发展,金融信息化程度越来越高,网上银行这种高效快捷的金融服务也得到了快速发展。由于互联网的不安全性,网上银行容易受到不法分子的攻击,严重威胁了用户的个人隐私和资金安全。近年来,针对网上银行的安全事件一直持续不断。本文针对这种情况,对商业银行如何有效保障网上银行的信息安全提出了一些建议。     

Using task migration to improve non-contiguous processor allocation in NoC-based CMPs

In this paper, a processor allocation mechanism for NoC-based chip multiprocessors is presented. Processor allocation is a well-known problem in parallel computer systems and aims to allocate the processing nodes of a multiprocessor to different tasks of an input application at run time. The proposed mechanism targets optimizing the on-chip communication power/latency and relies on two procedures: processor allocation and task migration. Allocation is done by a fast heuristic algorithm to allocate the free processors to the tasks of an incoming application when a new application begins execution. The task-migration algorithm is activated when some application completes execution and frees up the allocated resources. Task migration uses the recently deallocated processors and tries to rearrange the current tasks in order to find a better mapping for them. The proposed method can also capture the dynamic traffic pattern of the network and perform task migration based on the current communication demands of the tasks. Consequently, task migration adapts the task mapping to the current network status. We adopt a non-contiguous processor allocation strategy in which the tasks of the input application are allowed to be mapped onto disjoint regions (groups of processors) of the network. We then use virtual point-to-point circuits, a state-of-the-art fast on-chip connection designed for network-on-chips, to virtually connect the disjoint regions and make the communication latency/power closer to the values offered by contiguous allocation schemes. The experimental results show considerable improvement over existing allocation mechanisms.     

Large scale wireless sensor networks with multi-level dynamic key management scheme

Cyber-Physical Systems (CPSs) have emerged as a promising approach to facilitate the integration of the cyber and physical worlds in highly interconnected and complex ways. CPSs consist of several components, such as sensors, actuators, controllers, etc., and their structures are being complicated, and their scales are increasing day by day. Therefore, the data reliability and security have emerged as critical challenges between physical and virtual components of these systems. Wireless Sensor Networks (WSNs) are accepted as one of the most crucial technologies for building future CPSs. Because of their wireless and dynamic nature, WSNs are more vulnerable to security attacks than wired networks. The main solution for this problem is the usage of signed messages with symmetric or asymmetric key cryptography. Although, asymmetric key cryptography increases network security, it also causes severe computational, memory, and energy overhead for sensor nodes. On the other hand, symmetric key cryptography has the difficulty of providing high-level security and efficient key management scheme; however, it is better in terms of speed and low energy cost. In this paper, it is aimed to build a multi-level dynamic key management system for WSNs with the aid of an Unmanned Aerial Vehicle (UAV), which is a key distribution and coordination center for asymmetric keys. After that, each sensor node constructs different symmetric keys with its neighbors, and communication security is achieved by data encryption and mutual authentication with these keys. Evaluation results show the proposed system is scalable, and its performance is significantly better than asymmetric key management systems.     

Backscatter from the data plane – Threats to stability and security in information-centric network infrastructure

Information-centric networking (ICN) raises data objects to first class routable entities in the network and changes the Internet paradigm from host-centric connectivity to data-oriented delivery. However, current approaches to content routing heavily rely on data-driven protocol events and thereby introduce a strong coupling of the control to the data plane in the underlying routing infrastructure. In this paper, threats to the stability and security of the content distribution system are analyzed in theory, simulations, and practical experiments. We derive relations between state resources and the performance of routers, and demonstrate how this coupling can be misused in practice. We further show how state-based forwarding tends to degrade by decorrelating resources. We identify intrinsic attack vectors present in current content-centric routing, as well as possibilities and limitations to mitigate them. Our overall findings suggest that major architectural refinements are required prior to global ICN deployment in the real world.