Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

WANG Hui-fang,HE Ben-teng,SHI Hong-yu

DOI: https://doi.org/10.3969/j.issn.1006-6047.2007.03.027

2007-01-01

Abstract:Multi-Agent technology and its applications in protection system are introduced and its application prospects are researched in two aspects.The conception of aggregate protection is presented as transverse application,which regards each protective device as an Agent and aggregates these protective device Agents together to share information and cooperate with each other.These protective aggregations are the base units of system protection.Aggregate protection can improve the performance of protection system without damaging the independence of protective device and distinguish the transmission line overload from the faults to prevent improper cascading trips.The longitudinal application is researched in detail.A microcomputer protection is treated as an intelligent protective device composed of many Agents,which analyzes and synthesizes results of different protection principle to improve its reliability,selects the best protective settings according to fault type and dorsal-system impedance,and carries out harmonic calculation to improve the sense of faulty area.A scheme to implement intelligent protection is given.

陶照平,黄皓

2012-01-01

Abstract:Through analysis of the data management of windows operating system and the technology of hardware assist virtualization,a data protection model is developed to protect the sensitive data of the application program.Then a sensitive data protection system based on hypervisor is developed.The attacks for static data are effectively blocked by pretreatment encryption technology and the physical page frame encryption technology.Hiding the plaintext of the application is achieved by double shadow page table and data execution protection technology.The system monitors the access control of page table to prevent protected area of application to be maliciously modified.

Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

Hongjun Zhu,Hao Chen,Baojian Hua,Ye Liu,Yu Guo

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.03.074

2016-01-01

Abstract:Android platform-based applications are easily to be attacked by viruses or malware.Apart from the causes of the platforms being open source and opening and so on,the weaker protection ability of the mobile applications code itself is also a main factor.For this problem,in the paper we take Android platform applications as the research objects,analyse the security threats model and the codes security demands of the mobile applications,study the mechanisms of code protection techniques,such as code obfuscation,code-behind,code encryption and code signature,and describe their advantages and disadvantages;Then,we design and implement an Android application code protection technology analysis engine,and analyse and summarise the experimental data.Result shows that all the samples in different sizes and types have the Android applications to certain proportion,their code protection strengths are not strong;in particular,the smaller the scale of the applications,the weaker the code protection strength,and this results in such class of applications being maliciously attacked much easier.

Zhu Hongjun,Chen Yaoguang,Hua Baojian,Chen Hao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.11.067

2016-01-01

Abstract:Nowadays,the problem of Android application security is increasingly prominent.A large number of Android applications encounter the attacks such as reverse,illegal copy and malicious code injection,etc.We studied the security mechanism of Android applications,based on analysing static reverse and dynamic reverse attacks principle,we put forward a reinforcement protection scheme for mobile applications.The scheme comprehensively uses the application reinforcement technologies of shelling,anti-debugging,signature verification and anti-decompiling,etc.,to reinforce target applications.Through a series of tests,it is proved that this scheme can well resist common reverse attacks of static analysis and dynamic analysis.

ZHENG Yu,HE Da-ke,MEI Qi-xiang

DOI: https://doi.org/10.3969/j.issn.0258-2724.2006.01.013

2006-01-01

Journal of Southwest Jiaotong University

Abstract:With the help of the key technologies in trusted computing(TC) including integrity measurement,access control and seal storage,a TC-based secure model for software protection was proposed.A trusted platform module(TPM),which is an extention of current USB port,is employed in this model to prevent software from illegal copying,unauthorized modification and implementation of software.The technologies,such as dynamic password-based authentication,role-based access control,code transformation and channel encryption.Compared with traditional schemes,the proposed model implements mutual identification between user and software via TPM,and authentication mechanism via role-based access control(RBAC).

Xie Haiguang,Liu Gongshen,Li Xiang

DOI: https://doi.org/10.3969/j.issn.1005-9679.2005.06.014

2005-01-01

Abstract:Based on a three-tier system model, a new resolution to protect the software is proposed. This method spurns the shortcomings of traditional method and implements the un-private function of commercial software with Internet. As analysis shows, this method has many advantages:low cost, implement easily, convenience to user, high security and so on.

Yue Li,Teng Zhang,Xue Li,Ting Li

DOI: https://doi.org/10.1007/978-981-13-6621-5_10

2019-01-01

Abstract:AbstractThe targets of Advanced Persistent Threat (APT) are mainly concentrate on national key information infrastructure, key research institutes, and large commercial companies, for the purpose of stealing sensitive information, trade secrets or destroying important infrastructure. Traditional protection system is difficult to detect the APT attack, due to the method of the APT attack is unknown and uncertain. And the persisted evolution ability destroyed the traditional protection methods based on feature detection. Therefore, this paper based on the theory of red-blue confrontation, to construct the game model of attack and defense. And then combined the APT offense and defense experience, presents a model based on cyber threat detection to deal with APT attacks.

Xie Jun

2005-01-01

Abstract:Many secure operating systems have some privileged processes or trusted processes which are always at risk of being hijacked by various attacks such as the buffer overflow attack.Once they are hijacked,the security of the whole system would be damaged.In this paper,a multi-protection domains process model is described which provides fine-grained kernel level protection for codes and data within process address space.The fine-grained internal protection of process can effectively prevent attackers from hijacking the whole process by damaging the process's data or codes.This paper offers two designs for this model and a prototype implementation of one of them.

MA Yuan,LUO Yong-long,LIU Fei,HUANG Liu-sheng

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.12.004

2013-01-01

Abstract:This paper introduces P2P applications and its definition at first, and presents the security problem due to the P2P anonymity and dynamic characters, and then leads to the concept of security mechanism. On this basis, the main security problems are summarized in this paper; in addition this paper presents corresponding security protection mechanisms combined with the research results at home and abroad and proposes some possible problems through the analysis and explanation to these protection mechanisms. At last, this paper presents some guidelines for future research.

Hung-Min Sun,Hsun Wang,King-Hang Wang,Chien-Ming Chen

DOI: https://doi.org/10.1109/tc.2011.46

IF: 3.183

2011-01-01

IEEE Transactions on Computers

Abstract:As new vulnerabilities on Windows systems are reported endlessly, it is more practical to stop polymorphic malicious code from exploiting these vulnerabilities by building an behavior-based monitor, rather than adopting a signature-based detection system or fixing these vulnerabilities. Many behavior-based monitors have been proposed for Windows systems to serve this purpose. Some of them hook high-level system APIs to detect the suspicious behaviors of code. However, they cannot detect malicious code that directly invokes Native APIs. In this paper, we present a novel security scheme that hooks Native APIs in the kernel mode. This method effectively prevents malicious code calling Native APIs directly. It introduces an average eight percent computation overhead into the system. Analyses and a series of experiments are given in the paper to support our claims.

Xiaohua Li,Gang Wang,Lin Xiao,Maosheng Ding

DOI: https://doi.org/10.1109/TDC.2005.1547134

2005-01-01

Abstract:This paper gives a new more practical software reliability model based on architectures of software components. This model uses semi-Markov chain and can give the quantitative evaluation about the digital protection's software. It analyzes the relation between the material architecture of software's modules and the reliability of software, then changes the model into a semi-Markov one based on the architecture of software's modules. Besides having the characters of the former model, this one have the ability to emulate the reliability in the situation which is the software having complex architecture or the system having the capability about paratactic calculating. Furthermore, the variable parameter method is used to study the sensitivity in order to find the vital factors of reliability. An example is given to demo the proposed techniques. The calculation results prove that the algorithm is viable. © 2005 IEEE.

Lin Sun,ShuTao Huang,YunWu Wang,MeiMei Huo

DOI: https://doi.org/10.1109/hpcc.2012.258

2012-01-01

Abstract:This article describes the basic structure of the Android and mobile devices on the application environment. A preliminary analysis of the Android security control structure and sandbox model are presented. We describe the features of Java security model. Mobile code security enhancements in Java are also discussed briefly. The policy-based sandbox code access security is designed to apply special policy on application individually in runtime.

韦科,范磊,李建华

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.05.026

2008-01-01

Abstract:As the last barrier to protect the user's information in computer,the file protection has become a hot topic in information security.This paper,based on analysis of the characters of file protection and the weakness of the traditional RBAC model in file protection,proposes a modified RBAC model for protection of the file in the system.Finally,an example to implement the model for a case in Windows NT operation system is given.

DAI Wei,ZHENG Tao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.09.074

2012-01-01

Abstract:The privacy mode in Android has some defects and is lack of effective mechanisms to prevent loss of privacy between applications.This paper proposed a new privacy protection model by using the fine-grained permissions and privacy data tainting.Firstly the method could prevent loss of privacy from a single application by dynamically configuring the permissions in a fine-grained manner.By leveraging the track of the tainted privacy data it could prohibit the propagation of the privacy data between applications which had different permissions on the accordingly privacy tag.Repeatly experimental tests show the model is able to effectively protect the privacy of data within the Android application,and to detect the privilege escalation attacks between applications so as to isolate the private data.As a result,the full range of private data within Android is in protection,and leads a new direction for related research in the future.

Yuqing Li,Wenkuan Dai,Jie Bai,Xiaoying Gan,Jingchao Wang,Xinbing Wang

DOI: https://doi.org/10.1109/TIFS.2018.2847671

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Combined with many different attack forms, advanced persistent threats (APTs) are becoming a major threat to cyber security. Existing security protection works typically either focus on one-shot case, or separate detection from response decisions. Such practices lead to tractable analysis, but miss key inherent APTs persistence and risk heterogeneity. To this end, we propose a Lyapunov-based secur...

Zhen-yu ZHANG,Dong-lai ZHU,Zhe-min YANG,Min YANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2019.08.037

2019-01-01

Abstract:Anti-analysis techniques refers to a series of mechanisms to evade program analysis. Benign application authors use anti-a-nalysis techniques to protect their application from cracking by other developers,while malware authors use anti-analysis techniques to evade detection. However,there isn′t any systematic study on the influence of anti-analysis techniques on the security of Android eco-system. To conduct this study,we design and implement AATPacker,which can apply dynamic code loading,anti-emulator,anti-debug and integrity check techniques to APK files automatically. We are the first to evaluate the anti-anti-analysis ability of the commercial packing services. We conduct our experiment on 239 application samples which are hardened from 31 original samples with different combinations of anti-analysis techniques by AATPacker. We observed that current anti-anti-analysis researches are not fully used,and using anti-analysis techniques will dramatically hinder the security check in Android ecosystem. By applying anti-analysis techniques, the detection rate of malware significantly decreased;on the other side,benign application was falsely detected. Among all the anti-a-nalysis techniques,dynamic code loading has the greatest impact on the security of Android ecosystem.