嵌入式操作系统进程监测器的设计与实现

为避免嵌入式操作系统的进程受到恶意软件的修改破坏,提出一种适合于嵌入式操作系统的进程监测器。监测器周期性地对系统进程控制块进行检测恢复,通过设置进程检查点为系统提供恢复操作进程,并在Linux上进行实现,给出主要的数据结构和实现过程。实验结果表明,监测器的运行对系统性能影响小,能对系统进程进行有效的检测恢复。     

HCAA:一种哈希冲突过度的动态解决算法

HASH表作为一种快速查询的数据结构,在防火墙等网络安全应用中得到了广泛的应用。然而,攻击者可能通过一些手段对这些应用发动HASH攻击使其失去响应,从而使某些恶意的数据流能够逃脱网络安全应用的管理和控制。提出一种动态的哈希冲突过度的解决算法—HCAA(Hash Collision-Acceptable Algorithm)算法,该算法在哈希冲突过于集中时通过动态申请HASH表并使用不同哈希函数来对冲突数据流进行处理,使冲突在可接受的范围内。实验结果表明,与已有方法相比,HCAA算法能在使用更少HASH表项的情况下获得更均衡的HASH效果,从而能对数据流进行更快的HASH操作。     

基于SNMP的校园网ARP攻击检测方法研究

防范地址解析协议ARP(Address Resolution Protocol)欺骗攻击的难点是:攻击源可以隐藏在网段内任何一个主机中,即使发现了攻击的存在,也难以迅速定位攻击源。结合校园网络的特点,提出了一种新的ARP攻击检测方案:检测服务器通过SNMP协议定期读取核心交换机的ARP、VLAN等信息和接入交换机的MAC-PORT信息,利用综合检测算法,及时发现攻击现象,迅速定位攻击源,并根据网络实际情况采用不同的技术措施进行处理。实践证明,该方法能够有效保障校园网络安全。     

CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles

Up to now, it is still an open question of how to construct a chosen-ciphertext secure unidirectional proxy re-encryption scheme in the adaptive corruption model. To address this problem, we propose a new unidirectional proxy re-encryption scheme, and prove its chosen-ciphertext security in the adaptive corruption model without random oracles. Compared with the best known unidirectional proxy re-encryption scheme proposed by Libert and Vergnaud in PKC’08, our scheme enjoys the advantages of both higher effi...     

Parallel crypto-devices for GF(p) elliptic curve multiplication resistant against side channel attacks

All elliptic curve cryptographic schemes are based on scalar multiplication of points, and hence its faster computation signifies faster operation. This paper proposes two different parallelization techniques to speedup the GF(p) elliptic curve multiplication in affine coordinates and the corresponding architectures. The proposed implementations are capable of resisting different side channel attacks based on time and power analysis. The 160, 192, 224 and 256 bits implementations of both the architectures have been synthesized and simulated for both FPGA and 0.13μ CMOS ASIC. The final designs have been prototyped on a Xilinx Virtex-4 xc4vlx200-12ff1513 FPGA board and performance analyzes carried out. The experimental result and performance comparison show better throughput of the proposed implementations as compared to existing reported architectures.     

Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered to be a possible successor to bar-code with added functionalities. In RFID-based applications where RFID tags are used to identify and track tagged objects, an RFID tag emits its EPC in plaintext. This makes the tag inevitably vulnerable to cloning attacks as well as information leakage and password disclosure. In this paper, we propose a novel anti-cloning method in accordance with the EPCglobal Class-1 Generation-2 (C1G2) standard. Our method only uses functions that can be supported by the standard and abides by the communication flow of the standard. The method is also secure against threats such as information leakage and password disclosure.     

基于进程执行轮廓的缓冲区溢出攻击效果检测

缓冲区溢出攻击效果检测对缓冲区溢出安全防御工作具有重要意义,该文分析进程与Windows NativeAPI的关系,以Windows NativeAPI为数据源进行攻击效果检测。提出执行轮廓的概念及其建立方法,在分析缓冲区溢出攻击效果的基础上,提出基于进程执行轮廓的缓冲区溢出攻击效果检测方法,实验结果表明该方法的有效性。     

面向攻击图构建的网络连通性分析

针对目前网络攻击图构建系统的需求,设计网络连通性分析算法。通过对网络拓扑及防火墙规则进行离线分析,可以判断网络中由若干台过滤设备分隔的任意2台主机间的连通性。引入关键实体集的概念,结合经典的Apriori算法提出一种快速有效的获取关键实体集的方法。分析对比表明,关键实体集可以在连通性分析过程中为网络中各节点的重要性评估提供有力依据。     

eMule协议的安全性研究

研究eMule协议在安全性设计方面所存在的缺陷和不足,指出eMule软件在用户隐私泄露、用户积分欺诈和恶意代码攻击3个方面对用户造成的风险,给出改进方案。针对eMule协议在Ed2k链接格式上的2个漏洞提出一种新的攻击方式,设计攻击流程,并进行模拟攻击实验,实验结果表明该攻击方式的成功率达到100％。