Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Qing Yang,Yixin Jiang,Aidong Xu,Hong Wen,Feng Wang,LiuFei Chen,Kai Ouyang,Xiping Zhu

DOI: https://doi.org/10.1109/cns.2017.8228663

2017-01-01

Abstract:With the progress of the network and technology, the perfect combination of mobile intelligent terminal and internet, people are increasingly dependent on intelligent terminals. So, it was very necessary of a model for assessing the security performance of mobile intelligent terminals, especially to establish the objective model of the security performance of mobile intelligent terminal. In this paper, we propose a model that classification intelligent terminal security risk based on SVM algorithm, and it can achieve the classification of mobile intelligent terminal security level objectivity and accurately. Such that users have an intuitive understanding for the intelligent mobile terminal security, by which the security needs can be met.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

WANG Xiaodong,ZHU Miaoliang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.055

2005-01-01

Abstract:This paper puts forward an intellective network safe guard system based on a multi-agent system structure. The purpose of the system is to defend the intrusion of campus-wide network. It is based on IDXP and the focus is blackboard. This system can deal with multi-levels and many ways of anti-intrusions, which has self-determination. It is proved to have a good performance by spot tests.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Zhang Xiaojun,Li Yingcai,Zhang Fuqiang,Zhang Qian,Han Li

DOI: https://doi.org/10.1145/3469213.3471388

2021-05-28

Abstract:With the continuous development of network technology, global informatization has become a reality. While the openness and interconnection of IP network protocols bring convenience to data communication, it also provides space for network intruders to enter the void. In particular, the terminal system design is fragile, the software running on the terminal is becoming more and more complicated, and its various components are interdependent, and vulnerabilities are prone to occur in the process of development and maintenance. 0day vulnerabilities emerge endlessly, and static protection methods have exposed deficiencies.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Yi Wang,Yang Gao,Bing-Bing Luo

DOI: https://doi.org/10.1088/1742-6596/1651/1/012044

2020-01-01

Journal of Physics Conference Series

Abstract:This paper proposes a security protection model based on end-to-end information hopping to meet the actual needs of enterprise intranet protection. The problem has enhanced the proactive protection capability of the intranet.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

2016-01-01

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, e.g., smart hardware, wearable devices, mobile devices. Typically, these devices use universal hardware and software to connect with public network by internet, and are probably open to security threats from Trojan, virus and other malware. As a result, not only personal sensitive data is threatened, economic interests in industry are also compromised. To address the run-time security problems efficiently, first a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Last, both analytical and experimental evaluations are given in the end. The experimental results demonstrate that the proposed security scheme is effective and feasible.

Fan Yan,Yang Jian-Wen,Cheng Lin

DOI: https://doi.org/10.1109/icmtma.2015.77

2015-06-01

Abstract:The rapid development of computer network system brings both a great convenience and new security threats for users. Network security problem generally includes network system security and data security. Specifically, it refers to the reliability of network system, confidentiality, integrity and availability of data information in the system. Network security problem exists through all the layers of the computer network, and the network security objective is to maintain the confidentiality, authenticity, integrity, dependability, availability and audit-ability of the network. This paper introduces the network security technologies mainly in detail, including authentication, data encryption technology, firewall technology, intrusion detection system (IDS), antivirus technology and virtual private network (VPN). Network security problem is related to every network user, so we should put a high value upon network security, try to prevent hostile attacks and ensure the network security.

LI Jiang-hai,HUANG Xiao-jin

2012-01-01

Abstract:The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control,operation and maintenance.However,the highly digitalized control system also introduces additional security vulnerabilities.Moreover,the replacement of conventional proprietary systems with common protocols,software and devices makes these vulnerabilities easy to be exploited.Through the interaction between control systems and the physical world,security issues in control systems impose high risks on health,safety and environment.These security issues may even cause damages of critical infrastructures and threaten national security.The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years.Several key difficulties in addressing these security issues were described.Finally,existing researches on control system security and propose several promising research directions were reviewed.

XING Zhi

DOI: https://doi.org/10.3969/j.issn.1008-2077.2009.02.026

2009-01-01

Abstract:Network information security has been a threat of modern society security.Different level of threats to social security consists in campus network,email,e-government,and so on.The paper explains the problem and the countermeasure of network Information security.The government management,formulated lash-up draft is to be reinforced so as to continuously increase the information security awareness and guarantee.

Yongjia Liu,Yu Jiang,Ning Ge

DOI: https://doi.org/10.23919/jcin.2021.9549121

2021-01-01

Journal of Communications and Information Networks

Abstract:As one of the most important Internet infrastructures, domain name system (DNS) is vulnerable to various attacks, and the issue of DNS security has received critical attention. However, most of the existing DNS security enhancements have encountered great difficulties in the process of popularization. The main reason is that these enhancement measures usually focus on the server side, thus requiri...

S. Zhou,Guanghui Ren,Yaling Liu,Xinyu Yang

2018-02-07

Abstract:In recent years, the Internet as a symbol of the computer network protocols, standards and application technology development is extremely rapid. But the Internet is like a sharp double-edged sword, it is for the convenience of people at the same time, but also for computer viruses and computer crime to provide the soil, for systems, network protocols and databases, whether it is its own design flaws, or due to human factors caused by a variety of security vulnerabilities, may be some of the other attempts to use hackers and attack, so the establishment of an effective network security system is even more urgent. To ensure network security, reliable, you must be familiar with the general process of hacker network attacks. The only way to do before the hacker attack the necessary precautions is to ensure that the network is safe and reliable operation. This article comprehensively analyzes the steps, methods and common attack tools of network attack, and tells the concrete precautionary measures from several aspects, so that readers have a comprehensive network of knowledge, in the treatment of network threats are well prepared.

Computer Science,Engineering

Guihai Chen,Victoria C. Yan,Qing Li,Zengzhi,Liao,Zhigang

2005-01-01

Abstract:The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

Aidong Xu,Lingzhi Fei,Qianru Wang,Hong Wen,Sihui Wu,Peiyao Wang,Yunan Zhang,Yixin Jiang

DOI: https://doi.org/10.1109/ICAA53760.2021.00063

2021-01-01

Abstract:By taking advantages of graphs and potential functions, a security reinforcement method for edge computing terminals is proposed in this paper. A risk graph of the terminal security protection system is constructed, and importance of the security protection and risks of the terminals is evaluated according to the topological potential of the graph nodes, and the weak points of the terminal are loc...

Qianru Wang,Aidong Xu,Yunan Zhang,Minggui Cao,Jianfang Song,Yixin Jiang,Hong Wen

DOI: https://doi.org/10.1088/1742-6596/1673/1/012072

2020-01-01

Journal of Physics Conference Series

Abstract:Abstract It is an important task of system security management to configure terminal security policy reasonably in edge computing (EC) to implement necessary security protection for terminals and EC system. Therefore, this paper analyses the security goals and requirements of terminal access for multi-service EC systems under the power grid, conducts terminal security risk assessment based on the AHP algorithm, and proposes an edge computing platform terminal security configuration optimization strategy, creatively using the OS-ELM algorithm. A framework for cloud training and edge-side online learning to meet the real-time and lightweight communication needs of edge platforms.

侯天凤

DOI: https://doi.org/10.3969/j.issn.1009-3044.2008.27.012

2008-01-01

Abstract:In this paper,the security issues that exist in computer network information systems are made an depth and detailed analysis,To win2000 server as an example,debugging the network technology,and putting forward the corresponding security measures and countermeasures in network layer and the server.