黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1155/2016/4147251

2016-01-01

Journal of Control Science and Engineering

Abstract:With the development of industrial informatization, the industrial control network has gradually become much accessible for attackers. A series of vulnerabilities will therefore be exposed, especially the vulnerability of exclusive industrial communication protocols (ICPs), which has not yet been attached with enough emphasis. In this paper, stochastic game theory is applied on the vulnerability analysis of clock synchronization protocol (CSP), one of the pivotal ICPs. The stochastic game model is built strictly according to the protocol with both Man-in-the-Middle (MIM) attack and dependability failures being taken into account. The situation of multiple attack routes is considered for depicting the practical attack scenarios, and the introduction of time aspect characterizes the success probabilities of attackers actions. The vulnerability analysis is then realized through determining the optimal strategies of attacker under different states of system, respectively.

Zhou Gu,Ju H. Park,Dong Yue,Zheng-Guang Wu,Xiangpeng Xie

DOI: https://doi.org/10.1109/tsmc.2019.2960115

2021-01-01

Abstract:This article studies the security of networked interconnected systems (NISs) subject to cyber-attacks based on a new event-triggered mechanism (ETM). NISs with spatially distributed subsystems are vulnerable to cyber-attacks. With a new concept of security control, attention is focused on designing a novel ETM together with a decentralized output feedback control (DOFC) scheme such that the NIS subject to cyber-attacks is stable in secure sense. Under the proposed ETM, the average data-releasing rate over the whole operating period can be extremely decreased, thereby reducing the burden of network bandwidth, computation, and battery-supply. Moreover, during the system with external disturbance or attack on the communication network, more transmission-events can be generated than other periods. As a result, the desired control performance can be achieved. By using stochastic analysis techniques and Lyapunov stability theory, sufficient conditions are derived to obtain both the controller gains and the parameters of the ETM. Numerical simulation of chemical reactor systems is given to illustrate the advantages and effectiveness of the proposed theories and design techniques.

杨仕平,桑楠,吴新勇,熊光泽

DOI: https://doi.org/10.3321/j.issn:1001-506x.2004.02.038

2004-01-01

Abstract:To improve the dependability of safety critical systems, after analyzing status quo of high dependable safeguard mechanism, an integrated high dependable safeguard systematic framework where several subsystems share the same system resources is proposed. However, the deleterious interferences among subsystems with different level of criticality must be avoided, for example, the residual design faults in low criticality software can not corrupt high criticality components. To resolve this problem, the multilevel security safeguard mechanisms used in information security domain are firstly analyzed. Following this, some safety access control rules abided by subsystems cooperating each another are proposed. To implement these rules, the reflective technology based on metaobject is adopted. About how to apply reflective technology to implement these rules is analyzed in details. At last, the result of experiment is supplied, and the related work and future trends of research in this field are listed.

Peng Qian-la,Zhitang Li

2003-01-01

Abstract:Vulnerability exists in distributed systems for their loosely-coupled structures in physical distribution. Within the system, membership is dynamic and data transfer is insecure. Thus the security problem of a distributed system itself occurs. In the case of a distributed firewall system, this paper presents a secure framework and a practical mechanism, which finally implements the security of the system itself.

杨仕平,熊光泽,桑楠

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.08.028

2003-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:After analyzing status quo of high dependability safeguard mechanism, an integrated high dependability safeguard systematic framework supporting multilevel criticality in which several subsystems share the same system resources is brought forward. In order to avoid deleterious interferences between subsystems with different criticality, a kind of high dependability temporal isolation mechanism based on two level scheduling approach is brought forward. In order to realize this mechanism, integrated high dependability safeguard mechanism supporting multilevel criticality based on single node computer is emphatically researched. The scheduling model is constructed. The schedulability of tasks and subsystems are analyzed. The correctness of time isolation mechanism is proved by several samples. The conclusion of researching on high dependability safeguard may be applied to the other no safety-related areas, and has great practicability.

黎忠文,熊光泽,李乐民

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.04.020

2003-01-01

Abstract:Security and safety are important and related factors that baffle the development and practicality of modern distributed system.However,most of researches on distributed system focus on security.Unfortunately,since software is being used largely in the complex distributed systems,the possibility of serious damage resulting from a software defect is considerable and growing,and then the complex distributed systems are plunging into safety crisis.In fact,distributed systems are in urgent need of new safety assurance technologies.After analyzing security and safety requirements of distributed system,we put forward new ideas for setting up the security and safety assurance structure of distributed system.We also analyze characteristics,designing aims for this structure.Since there are a lot of shortcomings in the current methods of realizing safety kernel (that is a new concept of safety assurance) in distributed system,we advance a program for RTOS to supply safety kernel mechanism.Based on all of these,we set up SADS (security and safety assurance structure of distributed system).At last,taking the control system in the traffic lights as example,prototype experiment of SADS has been done on the RT-Linux platform in the lab,and this experiment has proved the validity of SADS.

LI Jiang-hai,HUANG Xiao-jin

2012-01-01

Abstract:The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control,operation and maintenance.However,the highly digitalized control system also introduces additional security vulnerabilities.Moreover,the replacement of conventional proprietary systems with common protocols,software and devices makes these vulnerabilities easy to be exploited.Through the interaction between control systems and the physical world,security issues in control systems impose high risks on health,safety and environment.These security issues may even cause damages of critical infrastructures and threaten national security.The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years.Several key difficulties in addressing these security issues were described.Finally,existing researches on control system security and propose several promising research directions were reviewed.

余冬梅,刘密霞,冯涛

DOI: https://doi.org/10.3969/j.issn.1673-629x.2004.02.041

2004-01-01

Abstract:The greater the availability of the network, the greater its vulnerability to threats from within and outside the organization. To an organization, an enterprise, constructing an appropriate network security system is very necessary. Based on a framework for network security system design put forwarded in, detailed analysis of the phase of network security design is made in this paper, and architecture model and policy management implemented model are given, which hangs security architecture, security policy implement and the enforced mechanism of network security together, and insures the transition between high-level security requirement analysis and the low-level system implementation smoothly.

Haiguang Chen,Huafeng Wu,Jinchu Hu,Chuanshan Gao

DOI: https://doi.org/10.1109/nas.2008.33

2008-01-01

Abstract:The security of wireless sensor networks is ever more important nowadays. Most of the proposed security protocols in wireless sensor networks are based on authentication and encryption. But all of them only address part of the problem of security in wireless sensor networks. Recently, the use of reputation and trust systems has become an important secure mechanism in wireless sensor networks. In this paper we propose a new protocol ETSN to construct a trust framework model in wireless sensor networks. The ETSN will be more suitable than ATSN and RFSN in wireless sensor networks. The simulation results and analysis show that our scheme not only can fast detect the malicious nodes and scale well for wireless sensor networks, but also can distinguish trust rating with different event.

XU You-fu,ZHANG Jin-han,WEN Wei-ping

DOI: https://doi.org/10.3969/j.issn.1671-1122.2009.05.019

2009-01-01

Abstract:SEH(Structured Exception Handling) , a mechanism which is provided by Windows operating system to handle errors or exceptions. However, because of the limitations in SEH 's design, the attacker can make use of SEH exception handling chain to sucessfully attack the system when there is a buffer overflow bug. Therefore, changes of SEH implementation mechanism were made in accordance with different versions of Microsoft Windows operating system. As a result, two improved mechanisms-SafeSEH and SEHOP appeared. Nevertheless, different degrees of defects still exist in these improved mechanisms. This paper provides a profound research on the implementation of and security defects in different versions of the SEH mechanisms through technologies afforded by Microsoft, such as GS, ASLR. Also provided are some improvement advices of the corresponding security defects.

Wei Wang,Guangsong Li,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1002/CPE.6035

2022-01-01

Concurrency and Computation: Practice and Experience

Abstract:With the development and popularization of Internet technology, network security has become the focus of attention. Vulnerabilities and back doors are regarded as two of the main reasons of network security problems. Dynamic heterogeneous redundant (DHR) architecture is a typical framework of cyberspace mimic defense. It can make use of untrusted hardware and software components to construct a high reliable and high security information system. In this article, a mathematical model is set up for the DHR architecture, and the system security is characterized by vulnerability consistency rate and success rate of system attack. The antiattack ability of the DHR system is analyzed using the mathematical model.

Tao Zhang,Mingzeng Hu,Xiaochun Yun,Yongzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-31979-5_26

2005-01-01

Abstract:For analyzing computer system security, the system visitor could be classified into five kinds by his privilege to access system resource, and presented the model base on privilege escalation. The attacker can enhance his privilege by exploiting vulnerability, according to distribution of vulnerabilities privilege set, we could construct fault tree to reflect distinctly potential attack path, and so this method could quantificational express security state at different security policy via analyzing fault tree.

WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.04.031

2010-01-01

Computer Science

Abstract:In order to analyze vulnerabilities in executable programs,a vulnerability analysis framework for binaries based upon model checking was proposed.Firstly,the abstract model of binary was defined,and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described.Then,the model checking based vulnerability analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked.After that,the prototype of vulnerability analysis tool was designed and implemented based upon the framework.The illustrative sample program was analyzed to show in detail the principles of the framework,and the experimental results show the effectiveness of the analysis method.

Xiao LIU,Long-biao ZHANG,W ZHANG,Y TU

DOI: https://doi.org/10.3321/j.issn:1007-9807.2009.06.012

2009-01-01

Abstract:Critical infrastructure(CI)safety system is a complex and highly inter-dependent and networked social-technical system which,if disrupted or destroyed,would have a serious impact on the health,safety,security,or economic well-being of people and/or the effective functioning of governments.This paper is devoted to the study of the architecture of the CI safety system and problems in its management.We present the architecture of the networked CI system along with its disaster management system,in which the system is described with the notion of view,and the generic process of the disaster management.Also,it discusses how to apply the systems engineering approach to analyze and simulate the networked CI system,and how to find the underlying weak parts and efficient ways to improve them.Finally,we show the usefulness of the architecture by outlining a general procedure for disaster management which is systematic and rational.

ZOU Zu-jun,YANG Fan

DOI: https://doi.org/10.3969/j.issn.1671-0428.2013.06.011

2013-01-01

Abstract:Security of database system as the base of information system is an emphases that can't be wriggled in the process of information.This paper briefly introduce the structure,constitutes of one database system and its existing design of security,and analyses the demand of safety control in actual,then bring forward the measure improved by adding system security control mechanism,improving system hardware configuration,establishing feasible backup policy,and perfecting administer system.

William Wu,Frederick Yip,Eunice Yiu,Pradeep Ray

DOI: https://doi.org/10.1109/EEE.2005.83

2005-01-01

Abstract:The number of vulnerabilities in enterprise networks has greatly increased recently as seen from frequent vulnerability reports from organizations, such as Microsoft and the CERT. Researchers in a number of organizations are currently working to develop and deploy frameworks to comprehensively manage these network vulnerabilities. This paper examines the existing attempts to solve this problem and the gaps in the existing methodologies. The paper presents our proposed integrated vulnerability management (IVM) framework based on open software standards.

Han Jin,Zang Binyu

DOI: https://doi.org/10.3969/j.issn.1000-386X.2010.09.086

2010-01-01

Abstract:Principal working theory of mainstream intrusion detection system is that to compare the outcomes of two softwares with similar functions when tackling the same input and to determine one of them has or has not been intruded by malicious software based on the differences of their outcomes.When these replicas are constructed using off-the-shelf software products,it is assumed that they are sufficiently diverse and will not be compromised simultaneously under the attack from same malicious software.In this paper,we analyzed 6000 or more vulnerabilities published in 2007 to evaluate the validity of this assumption.Analytical results demonstrate that about 98% or more application software with same functions can be used to form the intrusion detection system of such kind effectively,and almost half of these applications can be run on multiple operating system platform simultaneously for improving system security effectually.

Shengwei An,Xiaoxing Ma,Chun Cao,Ping Yu,Chang Xu

DOI: https://doi.org/10.1109/QRS.2015.33

2015-01-01

Abstract:Dynamic Software Update (DSU) is a technique to upgrade running programs without shutting them down. DSU can improve system availability and maintenance flexibility. However, its adoption in practice is still limited due to the risk of system misbehavior that careless DSU may bring. To reduce this risk we propose a formal framework for the specification and verification of DSU. Different from previous approaches where DSU is described from the viewpoint of program's internal state transitions, our framework focuses on program's external behavior and its effect on its environment. This more abstract view avoids over specification of DSU and allows for better DSU flexibility. Based on this framework, we also devise a mechanism that automatically synthesizes runtime monitors to improve DSU timeliness without compromising its safety.