"震网"引发网络安全新思考

本文概述了近期发生的"震网"事件.同时分析了"震网"的特点和行为特征.并根据我国的具体情况给出了安全警示和安全防范建议.     

政府网站运行的安全性问题研究

本文以政府部门计算机网络和网站在运行中碰到的安全问题,阐述了如何建设相对安全的网控中心,并对因特网上发布信息的网站所受到的各种攻击作出了说明,以及如何采用各种技术方法和措施填补漏洞、防范攻击,保障网站安全。     

军工企业涉密网络统一化安全防护

军工企业涉密网络安全是军工涉密网络系统建设和使用中面临的重大课题．该文从用户终端安全的角度出发．阐述了统一安全防护的思路,并对其具体内容做了较为详细的论述。     

搜索引擎与个人信息安全

搜索引擎的发展给我们的工作和生活带来了便利,同时给我们的个人信息安全带来了威胁。该文从搜索引擎的原理出发,简要分析了个人信息泄露的途径,并提出了避免信息泄露的思路和方法。     

Damage assessment and repair in attack resilient distributed database systems

Preventive measures sometimes fail to defect malicious attacks. With attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. The main objective of such systems is to detect attacks, and to assess and repair the damage in a timely manner. This paper focuses on efficient damage assessment and repair in distributed database systems. The complexity caused by data partition, distributed transaction processing, and failures makes intrusion recovery much more challenging than in centralized database systems. This paper identifies the key challenges and presents an efficient algorithm for distributed damage assessment and repair.     

Design of DL-based certificateless digital signatures

Public-key cryptosystems without requiring digital certificates are very attractive in wireless communications due to limitations imposed by communication bandwidth and computational resource of the mobile wireless communication devices. To eliminate public-key digital certificate, Shamir introduced the concept of the identity-based (ID-based) cryptosystem. The main advantage of the ID-based cryptosystem is that instead of using a random integer as each user’s public key as in the traditional public-key systems, the user’s real identity, such as user’s name or email address, becomes the user’s public key. However, all identity-based signature (IBS) schemes have the inherent key escrow problem, that is private key generator (PKG) knows the private key of each user. As a result, the PKG is able to sign any message on the users’ behalf. This nature violates the “non-repudiation” requirement of digital signatures. To solve the key escrow problem of the IBS while still taking advantage of the benefits of the IBS, certificateless digital signature (CDS) was introduced. In this paper, we propose a generalized approach to construct CDS schemes. In our proposed CDS scheme, the user’s private key is known only to the user himself, therefore, it can eliminate the key escrow problem from the PKG. The proposed construction can be applied to all Discrete Logarithm (DL)-based signature schemes to convert a digital signature scheme into a CDS scheme. The proposed CDS scheme is secure against adaptive chosen-message attack in the random oracle model. In addition, it is also efficient in signature generation and verification.     

Word level bitwidth reduction for unbounded hardware model checking

In this paper we present a word-level model checking method that attempts to speed up safety property checking of industrial netlists. Our aim is to construct an algorithm that allows us to check both bounded and unbounded properties using standard bit-level model checking methods as back-end decision procedures, while incurring minimum runtime penalties for designs that are unsuited to our analysis. We do this by combining modifications of several previously known techniques into a static abstraction algorithm which is guaranteed to produce bit-level netlists that are as small or smaller than the original bitblasted designs. We evaluate our algorithm on several challenging hardware components.     

基于监控器时间开销的虚拟机发现方法

针对传统方法只能发现单一类型虚拟机的缺陷,提出基于虚拟机监控器时间开销的虚拟机发现方法。特定指令能使监控器运行时产生显著的额外开销,该方法能利用监控器执行不同指令序列产生的相对时间开销对虚拟机进行判别。实验结果表明,该方法能够准确发现目前3类主流虚拟机。     

整体检测门限秘密共享欺诈者方案

对门限秘密共享欺诈者的检测,目前很少有整体检测法。利用线性方程组解的性质,在能获得比门限个数多一个参与者的条件下,不需其他任何信息,只需执行一次运算,就可整体判断有无欺诈者。该方案是一个完备的秘密共享方案,信息率为1,1个欺诈者欺诈成功的概率为0,2个及多个欺诈者欺诈成功的概率不超过1/p（p为大素数）。     

面向用户的IMS媒体层统一安全框架

针对IMS媒体层安全保护机制存在的问题,提出一个面向用户的IMS媒体层统-安全框架,在此基础上设计了具体的实现方案,该方案能为用户提供灵活的媒体层安全保护机制,实现媒体层加密算法与密钥的安全协商,保证用户之间端到端的通信安全。实验结果证明了该方案的有效性。