L Cai,Xh Yang

DOI: https://doi.org/10.1109/ICSMC.2005.1571196

2005-01-01

Abstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL AN stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratory's model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped It can greatly improve the database security by introducing self-controlled authentication principal mapping, object mapping, and mandatory access control modules.

Xuesong QUE,Yuming Yao,Shanping LI,Ming GUO,Xiaoqiang Dong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.01.010

2001-01-01

Abstract:This paper presents the design and implementation of a Web-based 3-tiered computer aided quality (CAQ) System OL-CAQ, as a sub-system of a CIMS system OL-CIMS. The cons and pros of those tranditional Client/Server architectures vs. 3-tiered Client/Server architectures are also presented, and the implementation of the Web-based 3-tiered OL-CAQ system is outlighted.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Cai E. Xu,Feng Xu,Xiaohua Li,Dongming Lu,Yanqi Cheng

DOI: https://doi.org/10.3969/j.issn.1000-436x.2013.z2.027

2013-01-01

Abstract:Considering access control with more card, scattered access flow data and poor scalability in current university building multi-system, the campus integrated access management platform triple frame design with the core of perception layer, transport layer and application layer was proposed. Campus card access control applications based on a unified data processing were realized, by method of Media and unified campus card authorization, implementing hierarchical management and access networking, comprehensively regulate access standards and centralized storage of data water. The design not only facilitates the management of school access control applications, but also carries out data mining based access control and lay the foundation for leadership decision-making support.

潘巨龙,李善平,吴震东,张道远

DOI: https://doi.org/10.3969/j.issn.1004-1699.2009.06.016

2009-01-01

Abstract:A design of secure community healthcare monitoring system based on wireless sensor networks is presented.To address the issues of system security and be resilient to diverse attacks,the system protects sensitive data from being attacked by using Elliptic Curve Cryptography and digital signature scheme in those resource-constrained sensor nodes.A secure architecture of community healthcare monitoring system is proposed.Experiment result shows that the system can resist some outer attacks(such as eavesdropping) and inner attacks.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Wang Jian,Liu Xu,Ji Xiaoyong

DOI: https://doi.org/10.1109/ICEE.2010.898

2010-01-01

Abstract:Information security is a necessary safeguard for mobile e-commerce and a secure communication system to obtain high quality secure communication in wireless environment is introduced, which is integrating three kinds of encryption algorithms including AES, RSA and CPRS chaos encryption. Secure communication framework based on three-layer encryption model is proposed: (1) AES layer of system code decrypt, system boot and the system self-destruct; (2) RSA layer of authentication, key negotiation and key management functions; (3) CPRS layer of communication data stream encryption and decryption. The implementation and optimization of the above-mentioned three kinds of algorithms are discussed. The experiments show the three kinds of encryption algorithms are safe and reliable to achieve a high degree of secure communication.

杨家海

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.12.020

2003-01-01

Abstract:After an overview of existing security control methods in CSCW systems, the paper proposes a new security control model which introduced the X.509 certificate-based authentication method into CSCW systems. Based on this model, the design and implementation of a secure multimedia conference system prototype, MCS/CA are discussed. In contrast to conventional conference system, MCS/CA enhanced integrated security control mechanism with certificate application, certificate-based authentication, session key negotiation, and data encryption/decryption.

WU Zhen,CUI Jian,ZHOU Chang-ling,ZHANG Bei

DOI: https://doi.org/10.3969/j.issn.1001-7445.2011.z1.030

2011-01-01

Abstract:By means of researching and analyzing the reports of multiple security organizations,consortiums and corporations,we discover that web application security is becoming more vital in campus network.Based on the OWASP and the WASC,we designed a multidimension web application security architecture,and used the firewall,web application firewall,intrusion detection system,intrusion prevention system,vulnerability scan system,bastion host and auditing system to implement the architecture.We chose 50 representative web applications from Peking University campus network to study and analyze the logs from these web applications and security devices,and the results prove the validity of the multidimension web application security architecture.

谭湘融,司天歌,戴一奇

DOI: https://doi.org/10.3321/j.issn:1000-0054.2004.01.019

2004-01-01

Abstract:Certification authorities (CA) can be classified as standalone CA and hierarchical CA. Most large-scale security systems use hierarchical CA. A standalone CA model was developed to utilize the advantages of standalone CA for application in large-scale security systems. This paper analyzes the advantages and disadvantages of two models to design the core protocol in the model and analyze its security and load. Compared to hierarchical CA, the standalone CA has simple verification and easy maintenance, while avoiding the standalone CA's limitations in scale and flexibility. The CA can issue certificates across zones and implement multilevel management. The prototype is suitable for large-scale security systems.

LONG Xin-zheng,XING Cheng-jie,OUYANG Rong-bin,WANG Qian-yi,LI Li,LIU Yun-feng

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.z1.034

2014-01-01

Abstract:Aiming at the university management information system security threats and challenges, a security architec-ture named 1C4GS was proposed. First connotation and function of five important components of 1C4GS was expounded, which named security management center, security communication network, security region boundary, security comput-ing environment and security application. Then we used “basic personal data reporting system” as an example to con-struct the management information system security arrangement application based on 1C4AS, this arrangement applica-tion integrated a variety of security technologies and strategies such as transparent data encryption, user Identify, form edit cache as a whole to, and achieved the management information system’s network security, border security, computing environment security and application security.

Zhou Yi,Li Ying,Li Yang,Wu Zhaohui

DOI: https://doi.org/10.1109/icnsc.2006.1673131

2006-01-01

Abstract:In the Internet computing environment, clients usually invoke remote components to accomplish computation. As a result, many security problems are raised. Traditional network component architecture model focuses on business logic. It takes into little consideration the security problems when business logic is invoked. This paper proposes secure network component architecture model (SNCAM) to address them. It classifies clients according to their credibility levels on the component side. Next, we discuss the main idea of this paper, which is the security domain. To reduce the overhead introduced by the security mechanisms, a method called security agent is proposed. Finally, it quantitatively determines the performance cost introduced by the security mechanisms, and when to use the security agent

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Zhendong Ma,Paul Smith,Florian Skopik

DOI: https://doi.org/10.48550/arXiv.1211.3908

2012-11-16

Abstract:Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.

Cryptography and Security

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

Xin Lu,Ruochen Dong,Qing Wang,Lizhe Zhang

DOI: https://doi.org/10.3390/electronics12071665

IF: 2.9

2023-04-01

Electronics

Abstract:With the continuous expansion of air traffic flow, the increasingly serious aviation network security threats have a significant and far-reaching impact on the safe operation of the aviation industry. The networked air traffic management (ATM) system is an integrated space–air–ground network integrating communication, network, satellite, and data chain technology, which adopts a network-centric structure to provide network-enabled services and applications for the air transportation system. In view of the serious network threats faced by networked ATM, this paper studies the basic theories and key technologies of ATM information security assurance and designs a credible security architecture to provide comprehensive and systematic security assurance for networked ATM. Starting from the problems and development trend of ATM security assurance, this paper investigates the dynamic and complex data processing process of ATM system, analyzes the complex interaction between its cyber and physical system, and then constructs the networked ATM cyber–physical fusion system model and threat model. Furthermore, the causal relationship between ATM security threat alert information is mapped into a Bayesian network, and the game model of networked ATM is proposed using Bayesian Nash equilibrium strategy. At last, the information security assurance architecture of networked ATM system based on blockchain technology is formed by establishing a distributed co-trust mechanism and multi-chain storage structure. We expect this paper to bring some inspiration to the related research in academia and aviation so as to provide useful reference for the construction of ATM safety and security system and the development of technology.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mei Hong,Hui Guo,Bin Luo

DOI: https://doi.org/10.1109/FGCN.2008.25

2008-01-01

Abstract:A multi-service smart card system enables users to access different services over an open network with a single smart card. Due to its highly economic and social benefits, the multi-service smart card system has drawn much attention in industrial and academic areas. However, the big hindrance to its wide employment is the risk of breaching user service confidentiality and privacy across different service systems. This paper proposes a secure multi-service system model to overcome such a problem. The model allows users to access different services with a single password. The privacy and service confidentiality are achieved through a set of protections-password protection, user identity protection, and service transaction protection-to guarantee the user¿s anonymity to all service systems and ensure high unlinkability between different services.

Yue Fu,Rong Du,Dagang Li

DOI: https://doi.org/10.1007/978-3-030-00018-9_25

2018-01-01

Abstract:Under some applications, identity-authentication must be involved into block-chain systems. However, the introduction of traditional PKI mechanism in block-chain systems is not proper for 3 reasons: (1) a centralized certification authority (CA) represents a single point of failure in the network; (2) the numbers and locations of nodes vary in time; (3) it introduces additional centralized factors in the block-chain system that is already decentralized. For the sake of decentralization multi-CA scenario is considered to distribute CA-functionality to nodes. Further, armed with secret sharing scheme, a practical distributed CA-based PKI scheme is proposed that is well-associated with existed mechanisms (such as POW) in the original system. Finally, solutions of verification and multi-level assigning issues are constructed via verifiable secret sharing and multilevel secret sharing tools.

Guihai Chen,Victoria C. Yan,Qing Li,Zengzhi,Liao,Zhigang

2005-01-01

Abstract:The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.