TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Cai E. Xu,Feng Xu,Xiaohua Li,Dongming Lu,Yanqi Cheng

DOI: https://doi.org/10.3969/j.issn.1000-436x.2013.z2.027

2013-01-01

Abstract:Considering access control with more card, scattered access flow data and poor scalability in current university building multi-system, the campus integrated access management platform triple frame design with the core of perception layer, transport layer and application layer was proposed. Campus card access control applications based on a unified data processing were realized, by method of Media and unified campus card authorization, implementing hierarchical management and access networking, comprehensively regulate access standards and centralized storage of data water. The design not only facilitates the management of school access control applications, but also carries out data mining based access control and lay the foundation for leadership decision-making support.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

LONG Xin-zheng,XING Cheng-jie,OUYANG Rong-bin,WANG Qian-yi,LI Li,LIU Yun-feng

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.z1.034

2014-01-01

Abstract:Aiming at the university management information system security threats and challenges, a security architec-ture named 1C4GS was proposed. First connotation and function of five important components of 1C4GS was expounded, which named security management center, security communication network, security region boundary, security comput-ing environment and security application. Then we used “basic personal data reporting system” as an example to con-struct the management information system security arrangement application based on 1C4AS, this arrangement applica-tion integrated a variety of security technologies and strategies such as transparent data encryption, user Identify, form edit cache as a whole to, and achieved the management information system’s network security, border security, computing environment security and application security.

潘巨龙,李善平,吴震东,张道远

DOI: https://doi.org/10.3969/j.issn.1004-1699.2009.06.016

2009-01-01

Abstract:A design of secure community healthcare monitoring system based on wireless sensor networks is presented.To address the issues of system security and be resilient to diverse attacks,the system protects sensitive data from being attacked by using Elliptic Curve Cryptography and digital signature scheme in those resource-constrained sensor nodes.A secure architecture of community healthcare monitoring system is proposed.Experiment result shows that the system can resist some outer attacks(such as eavesdropping) and inner attacks.

顾国飞,沈建莉,王鹏,张世永

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.z1.060

2002-01-01

Abstract:Campus network security is an important problem now, and it comprises many different security levels. This paper presents a six-layer network security architecture, which consists of physical security, link security, network level security, information security, application security and user security. Then a multi-layer, comprehensive and distributed campus network security solution is presented based on it. This solution covers comprehensive aspects from low level to high level, from static passive prevention to dynamic active prevention ,from before ,between to after the intrusion ,from system to desktop and from host to network. It can give max security to the campus network and can also be used in other kind of LANs.

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

ZHAO Chuanlin,WU Wenchuan,ZHANG Boming,SUN Hongbin

DOI: https://doi.org/10.3321/j.issn:1000-1026.2007.22.002

2007-01-01

Abstract:To make the online transient early warning and security protecting system easy to reuse and maintain,a software development is proposed.Several advanced methods,such as architecture analysis,design pattern,framework and unit testing,are used in this to enhance the development efficiency and software quality.A layered architecture is introduced during the design process and a strategy pattern is used to adapt to the changing requirement for the dynamic model of the component concerned.An open framework for distributed task dispatching is also presented.A subscriber/publisher is used to implement message exchange between the server and clients,which is adaptive to the hardware configuration changes.An online transient early warning and security protecting system based on the methods proposed has been developed and put into actual operation in a provincial power system.

Guihai Chen,Victoria C. Yan,Qing Li,Zengzhi,Liao,Zhigang

2005-01-01

Abstract:The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

吴海燕,戚丽,沈立强

DOI: https://doi.org/10.3969/j.issn.1002-4956.2008.08.001

2008-01-01

Abstract:Sound information security system is the powerful guarantee for e-campus's sustainable development.This paper performs security risk analysis on the e-campus information integration stage.The e-campus will be divided into several security domains,and security technology will be deployed accordingly.Under the guidance of this thought,Tsinghua University built its information security system.The practice of work is introduced finally.

高国柱,吴海燕

2010-01-01

Abstract:Attacks towards web applications evolve rapidly,traditional web protecting system based on static rules is difficult adapt to the new situation of web application security.A new idea and method are proposed to protecting web application security,which uses unsupervised learning algorithm and legal rule detecting model.Web application security detecting algorithm based on the structure and progress analysis of web application is designed and implemented.The system has been used on detecting of Tsinghua web learning system,done well on filtering the abnormal web accesses out.

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2000.05.008

2000-01-01

Abstract:The definitions of some concepts related to security architecture for computer networks are presented firstly in this paper, and then, a framework is proposed from the aspect of security requirements. Based on the analysis of dependence among security services, a method is presented for classifying and rating network security according to se curity services and mechanisms. After the analysis of security mechanisms in TCP/IP protocol including IPSec and SSL, a protocol layered entity model is presented for implementation of security services and security management. From the aspect of entity unit, all kinds of security technologies are organized into to four layers. The place of security management in the architecture and content of management activities for large networks are described. At the end of this paper, further research directions are pointed about the security architecture.

Rui Zheng,Hao Ma,Qiuyun Wang,Jianming Fu,Zhengwei Jiang

DOI: https://doi.org/10.3390/s21010306

IF: 3.9

2021-01-05

Sensors

Abstract:The network security situation of campus networks on CERNET (China Education and Research Network) has received great concern. However, most network managers have no complete picture of the network security because of its special management and the rapid growth of network assets. In this investigation, the security of campus networks belonging to seven universities in Wuhan was investigated. A tool called “WebHunt” was designed for campus networks, and with its help, the network security risks were found. Differently from existing tools for network probing, WebHunt can adopt the network scale and special rules of the campus network. According to the characteristics of campus websites, a series of functions were integrated into WebHunt, including reverse resolution of domain names, active network detection and fingerprint identification for software assets. Besides, WebHunt builds its vulnerability intelligence database with a knowledge graph structure and locates the vulnerabilities through matching knowledge graph information. Security assessments of seven universities presents WebHunt’s applicability for campus networks. Besides, it also shows that many security risks are concealed in campus networks, such as non-compliance IP addresses and domain names, system vulnerabilities and so on. The security reports containing risks have been sent to the relevant universities, and positive feedback was received.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhendong Ma,Paul Smith,Florian Skopik

DOI: https://doi.org/10.48550/arXiv.1211.3908

2012-11-16

Abstract:Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.

Cryptography and Security

Chen Zhao,Yang Chen,Dawei Xu,NuerMaimaiti Heilili,Zuoquan Lin

DOI: https://doi.org/10.1007/11563952_54

2005-01-01

Abstract:In enterprise environment, security becomes increasingly important and costly. Enterprises are struggling to protect the increasing amount of disparate resources. Simple patchwork of security controls no longer suffices. Enterprises require a comprehensive solution that provides centralized security management, from authentication, to authorization and to auditing. To this end, we present a design and implementation of an integrative security management solution for Web-based enterprise applications, WebDaemon. It provides Single Sign-On to multiple Web applications. It also provides restricted access to Web-based content, portals, and Web applications based on Role-Based Access Control (RBAC) policies. The WebDaemon can help enterprises secure all Web resources with consistency of policy management and reduced administrative costs.

Dan Wei,Wenwu Yu,Nan Li

DOI: https://doi.org/10.1109/iccnea.2019.00031

2019-01-01

Abstract:In order to ensure the security of multi-dimensional information, this paper proposes a research on key technologies of multi-dimensional information security risk assessment based on big data framework. According to the characteristics of multi-dimensional information security data, security division is carried out, intrusion data impact parameters are collected, and intrusion risk budget is carried out according to different impact parameter values and divided security levels, so as to realize accurate evaluation of multi-dimensional information security risks. Finally, the experiment proves that the key technology of multidimensional information security risk assessment based on big data framework has higher practicability and accuracy, and meets the research requirements.

Jiaxuan Fei,Jieying Zhou,Qigui Yao,Xiaojian Zhang,Mingyan Li

DOI: https://doi.org/10.1109/ispec53008.2021.9735632

2021-12-23

Abstract:In order to ensure the power industrial control system security control in the “unification” and “dynamics”, this paper has designed 3d spatial coordinate axes including safety protection technology dimension (X axis-T), safety emergency response dimension (Y axis-E), comprehensive safety management dimension (Z axis-M) and one dimensional security defense scenarios coordinate axis (T axis-A), which makes up four dimensional space-time stereoscopic defense system architecture. On the one hand, in the technical dimension, the real-time monitoring of the system itself, the security techniques and defensive measures can be strengthened, so as to guarantee the comprehensive and effective implementation of the security techniques and management measures dynamically and in a closed loop, thus to ensure the robustness of the protection system architecture. On the other hand, to adapt to the power industrial control system of the overall “cloud + network + terminal” structure, this paper forms systematic power defense architecture in power industrial control system by multi-chain protection compromised technology and system and different business scenarios “cloud + network + terminal” linkage and synergy between multi-level security defense line. Finally, this study provides effective guidance for technical selection, deployment and application of defense model.

CHU Qingjun,WU Haiyan,JIANG Dongxing

2008-01-01

Abstract:National Education Examinations Authority will build"digital Examinations Authority"during the"11~(th)five-year plan",which put more higher requirements on information security.Based on security risk analysis,this paper presented an information security architecture building method,which include security domain distinction and association analysis,performing information security management measures as a whole. Furthermore,it designed a multilayered information security architecture including user,application,system, data,network and physical layers' technical and management control means.

Cuihong Wu

DOI: https://doi.org/10.1109/indusis.2010.5565862

2010-07-01

Abstract:In the Age of Information, network education pays more attention to the application of IT technology and the training of talents, which makes learning more of customization and of opening up. In order to better enable learners to go beyond the limitations of space and time to acquire knowledge; in order to provide excellent learning environment for greater freedom and greater choice of learning activities space, the project to building campus network has become the basis of all university building work. It is directly related to the quality and level of their teaching and scientific research work. The campus network has a number of tasks such as teaching, research, management and communication with the outside. Therefore, the issue of network security has become a priority to campus network management. Obviously, the current Internet is convenient but at the same time it is unsafe. As part of the Internet and the unique attributes of campus network, it is more easily attacked when enjoying the service provided by the Internet. This paper starts from the current security status of the campus network, analyzing threatens to campus network security and strategies to maintenance of network security, so as to establish a suitable campus network security system, and introduce some current popular campus network information security solutions.