政府网站运行的安全性问题研究

本文以政府部门计算机网络和网站在运行中碰到的安全问题,阐述了如何建设相对安全的网控中心,并对因特网上发布信息的网站所受到的各种攻击作出了说明,以及如何采用各种技术方法和措施填补漏洞、防范攻击,保障网站安全。     

军工企业涉密网络统一化安全防护

军工企业涉密网络安全是军工涉密网络系统建设和使用中面临的重大课题．该文从用户终端安全的角度出发．阐述了统一安全防护的思路,并对其具体内容做了较为详细的论述。     

搜索引擎与个人信息安全

搜索引擎的发展给我们的工作和生活带来了便利,同时给我们的个人信息安全带来了威胁。该文从搜索引擎的原理出发,简要分析了个人信息泄露的途径,并提出了避免信息泄露的思路和方法。     

Damage assessment and repair in attack resilient distributed database systems

Preventive measures sometimes fail to defect malicious attacks. With attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. The main objective of such systems is to detect attacks, and to assess and repair the damage in a timely manner. This paper focuses on efficient damage assessment and repair in distributed database systems. The complexity caused by data partition, distributed transaction processing, and failures makes intrusion recovery much more challenging than in centralized database systems. This paper identifies the key challenges and presents an efficient algorithm for distributed damage assessment and repair.     

Design of DL-based certificateless digital signatures

Public-key cryptosystems without requiring digital certificates are very attractive in wireless communications due to limitations imposed by communication bandwidth and computational resource of the mobile wireless communication devices. To eliminate public-key digital certificate, Shamir introduced the concept of the identity-based (ID-based) cryptosystem. The main advantage of the ID-based cryptosystem is that instead of using a random integer as each user’s public key as in the traditional public-key systems, the user’s real identity, such as user’s name or email address, becomes the user’s public key. However, all identity-based signature (IBS) schemes have the inherent key escrow problem, that is private key generator (PKG) knows the private key of each user. As a result, the PKG is able to sign any message on the users’ behalf. This nature violates the “non-repudiation” requirement of digital signatures. To solve the key escrow problem of the IBS while still taking advantage of the benefits of the IBS, certificateless digital signature (CDS) was introduced. In this paper, we propose a generalized approach to construct CDS schemes. In our proposed CDS scheme, the user’s private key is known only to the user himself, therefore, it can eliminate the key escrow problem from the PKG. The proposed construction can be applied to all Discrete Logarithm (DL)-based signature schemes to convert a digital signature scheme into a CDS scheme. The proposed CDS scheme is secure against adaptive chosen-message attack in the random oracle model. In addition, it is also efficient in signature generation and verification.     

Decision support for Cybersecurity risk planning

Security countermeasures help ensure the confidentiality, availability, and integrity of information systems by preventing or mitigating asset losses from Cybersecurity attacks. Due to uncertainty, the financial impact of threats attacking assets is often difficult to measure quantitatively, and thus it is difficult to prescribe which countermeasures to employ. In this research, we describe a decision support system for calculating the uncertain risk faced by an organization under cyber attack as a function of uncertain threat rates, countermeasure costs, and impacts on its assets. The system uses a genetic algorithm to search for the best combination of countermeasures, allowing the user to determine the preferred tradeoff between the cost of the portfolio and resulting risk. Data collected from manufacturing firms provide an example of results under realistic input conditions.     

入侵检测系统研究分析

入侵检测是保障现代网络安全的关键技术之一。对于像军队这样对安全要求很高的网络,入侵检测技术以及系统将会起到至关重要的作用。本文对入侵检测的基本概念、方法以及发展趋势进行了分析与研究。     

计算机使用安全的解决方案的探索

该文针对大多数没有计算机专业知识的使用者,探讨了计算机安全问题的原因,并给出计算机安全使用、避免损失的方法。     

探讨数据库加密技术

从数据库安全需求着手,提出数据库加密要实现的目标,分析了数据库加密技术中几项关键技术并进行比较,最后对加密后系统产生的影响进行总结。     

浅谈防火墙在网络安全中的作用

本文介绍网络安全相关技术特性。