Based on the principle of information theory, a novel scheme of unequal-interval frequency-hopping (FH) systems was proposed. For cases of spectrum overlapping systems and non-overlapping systems, the implementation m...Based on the principle of information theory, a novel scheme of unequal-interval frequency-hopping (FH) systems was proposed. For cases of spectrum overlapping systems and non-overlapping systems, the implementation methods were presented and the security performances were discussed theoretically. Firstly, the definitions of absolute and relative key amounts of FH systems, equal-interval and unequal-interval FH systems were given. Then, the absolute key amount and relative key amount were analyzed for equal-interval and unequal-interval FH systems. The results indicated that the absolute key amount had become the key point in improving the security and secrecy of FH systems, especially in today's epoch of highly developed computer science and IC design technology. Theoretical analysis and practical examples showed that the absolute key amount of unequal-interval FH systems was generally over two orders larger than that of equal-interval ones when spectrum overlapping was allowable. Therefore, there was great superiority in enhancing the security and secrecy for the scheme mentioned.展开更多
With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system securit...With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.展开更多
No matter whether a system is operated manually or automatically controlled by computer, the system’s vulnerability always exists. Earthquake Disaster Reduction System (EDRS) belongs to the category of information sy...No matter whether a system is operated manually or automatically controlled by computer, the system’s vulnerability always exists. Earthquake Disaster Reduction System (EDRS) belongs to the category of information system. According to the features of security for EDRS, the steps and the methods on how to build the EDRS security were analyzed. The EDRS security features, security strategies and security measures were also given through a distributed EDRS skeleton that has been applied. Because there was still no appointed and authoritative agency or organization to certify and test EDRS security in China, a national information technology security certification center was introduced and suggested for the certification of the EDRS security. Finally, several discussions and tendencies for the EDRS development were presented.展开更多
In this paper, a robust digital watermarking method against shearing based on Haar orthogonal function system was introduced. The proposed method adopted the complete generalized orthogonal properties of Haar ortbogon...In this paper, a robust digital watermarking method against shearing based on Haar orthogonal function system was introduced. The proposed method adopted the complete generalized orthogonal properties of Haar ortbogonal function system to achieve the piece-based orthogonal transform on the image. The significant middle frequency coefficients in the transformation matrix are picked up, based on characteristics of the image visual system and the Haar orthogonal transform. The watermark is adoptively weighed to the middle frequency matrix. The method improves the validity of watermarking and shows excellent advantage against shearing attack. Experimental results show that the Haar orthogonal function system based watermark approach can provide an excellent protection under geometric attacks.展开更多
How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, dat...How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST' s firewall reference model by adding a transmission unit modification function and an attribute value mapping function,describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.展开更多
This paper deals with the synchronization of chaotic systems with structure or parameters difference. Nonlinear differential geometry theory was applied to transform the chaotic discrepancy system into canonical form....This paper deals with the synchronization of chaotic systems with structure or parameters difference. Nonlinear differential geometry theory was applied to transform the chaotic discrepancy system into canonical form. A feedback control for synchronizing two chaotic systems is proposed based on sliding mode control design. To make this controller physically realizable, an extended state observer is used to estimate the error between the transmitter and receiver. Two illustrative examples were carried out: (1) The Chua oscillator was used to show that synchronization was achieved and the message signal was recovered in spite of parametric variations; (2) Two second-order driven oscillators were presented to show that the synchronization can be achieved and that the message can be recovered in spite of the strictly different model.展开更多
Security assessment can help understand the security conditions of an information system and yield results highly conducive to the solution of security problems in it. Taking the computer networks in a certain univers...Security assessment can help understand the security conditions of an information system and yield results highly conducive to the solution of security problems in it. Taking the computer networks in a certain university as samples, this paper, with the information system security assessment model as its foundation, proposes a multi-attribute group decision-making (MAGDM) security assessment method based on a variable consistency dominance-based rough set approach (VC-DRSA). This assessment method combines VC-DRSA with the analytic hierarchy process (AHP), uncovers the inherent information hidden in data via the quality of sorting (QoS), and makes a synthetic security assessment of the information system after determining the security attribute weight. The sample findings show that this method can effectively remove the bottleneck of MAGDM, thus assuming practical significance in information system security assessment.展开更多
Discuss the problem of infinite increasing coin list in anonymous E-cash systems, which reduce the efficiency of whole system greatly. Though some methods are suggested, no one can solve the problem with high efficien...Discuss the problem of infinite increasing coin list in anonymous E-cash systems, which reduce the efficiency of whole system greatly. Though some methods are suggested, no one can solve the problem with high efficiency and flexibility. Here, we use the technique of adding information in blind signatures to deal with this problem. Through adding timestamp in signatures, we can separate the valid period of all used coins into pieces. Only the coins in the last stage are recorded. So the scale of the coins list is controlled. We also analyze the anonymity of these data, and add some indispensable restrictions to them. These restrictions can ensure that the imported data don’t break the anonymity of the customers. In order to fulfill these qualifications, we lead to the concept of restricted common data (RCD). Furthermore, we propose two schemes to add RCD in the blind signature. The simple one is easy to implement, while the complex one can note the value of the coin. The usage of RCD leads to little additional cost, as well as maintaining the anonymity of customers. This method fits for most kinds of anonymous E-cash systems.展开更多
According to the randomness and uncertainty of information in the safety diagnosis of coal mine production system (CMPS), a novel safety diagnosis method was proposed by applying fuzzy logic inference method, which co...According to the randomness and uncertainty of information in the safety diagnosis of coal mine production system (CMPS), a novel safety diagnosis method was proposed by applying fuzzy logic inference method, which consists of safety diagnosis fuzzifier, defuzzifier, fuzzy rules base and inference engine. Through the safety diagnosis on coal mine roadway rail transportation system, the result shows that the unsafe probability is about 0.5 influenced by no speed reduction and over quick turnout on roadway, which is the most possible reason leading to the accident of roadway rail transportation system.展开更多
Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated infor...Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.展开更多
The NPP (nuclear power plant) being vital objects of an energy infrastructure must be protected against malicious actions affecting their safety, and cyber security plays a key part in attaining this goal. The paper...The NPP (nuclear power plant) being vital objects of an energy infrastructure must be protected against malicious actions affecting their safety, and cyber security plays a key part in attaining this goal. The paper considers, implemented by the authors within the project of advanced digital control system for NPP with the reactor VVER-1000, a system of unauthorized access protection, partially built up on the technology of AA (active audit) and expert system. The AA technology is based on response of the system on deviation of current signature of the automated process control system from stable state rather than on a certain signature of attack and relies on the estimation of the behavioral models of the particular digital control system. The advent of active audit reflects the current situation in the digital control systems where complex distributed platforms are used to construct automated process control system. The active audit allows one to make the digital control system functionally closed, provided that it is determinate. The methodology of the active audit does not give u external (barrier) and traditional (password, antivirus) methods of unauthorized access protection. These methods can be used when it is appropriate to achieve a required protection level.展开更多
Due to rapidly development of information systems, risk and security issues have increased and became a phenomenon that concerns every organization, without considering the size of it. To achieve desired results, mana...Due to rapidly development of information systems, risk and security issues have increased and became a phenomenon that concerns every organization, without considering the size of it. To achieve desired results, managers have to implement methods of evaluating and mitigating risk as part of a process well elaborated. Security risk management helps managers to better control the business practices and improve the business process. An effective risk management process is based on a successful IT security program. This doesn't mean that the main goal of an organization's risk management process is to protect its IT assets, but to protect the organization and its ability to perform their missions. During this process, managers have to take into consideration risks that can affect the organization and apply the most suitable measures to minimize their impact. The most important task is choosing the best suited method for analyzing the existing risk properly. Several methods have been developed, being classified in quantitative and qualitative approaches of evaluating risk. The purpose of this paper is to present the advantages and disadvantages of each approach taking current needs and opportunities into consideration.展开更多
In order to understand the security conditions of the incomplete interval-valued information system (IllS) and acquire the corresponding solution of security problems, this paper proposes a multi-attribute group dec...In order to understand the security conditions of the incomplete interval-valued information system (IllS) and acquire the corresponding solution of security problems, this paper proposes a multi-attribute group decision- making (MAGDM) security assessment method based on the technique for order performance by similarity to ideal solution (TOPSIS). For IllS with preference information, combining with dominance-based rough set approach (DRSA), the effect of incomplete interval-valued information on decision results is discussed. For the imprecise judgment matrices, the security attribute weight can be obtained using Gibbs sampling. A numerical example shows that the proposed method can acquire some valuable knowledge hidden in the incomplete interval-valued information. The effectiveness of the proposed method in the synthetic security assessment for IIIS is verified.展开更多
There are many business needs for implementing delegation in IT (Information Technology) systems. However, existing approaches to delegation in IT systems are limited in their usability, flexibility, and capability ...There are many business needs for implementing delegation in IT (Information Technology) systems. However, existing approaches to delegation in IT systems are limited in their usability, flexibility, and capability to implement least privilege. The result is that delegation is either not implemented or is implemented informally (e.g., by sharing credentials [passwords or hardware tokens] between users), resulting in serious security concerns and a lack of accountability. This paper describes a methodology for delegation based on the persona concept. A persona is a special category of user that embodies only delegated privileges, and which is explicitly assumed only after the "real" human user taking on that persona explicitly chooses it, This paper describes the persona delegation framework in the context of a large enclave-based architecture currently being implemented by a major enterprise. The creation of a persona solves a lot of downstream problems by allowing the persona to be treated like any other entity in the system. That is, identity, authentication, authorization, and other security processes already know how to handle an entity of this type. Benefits of the framework include increased flexibility to handle a number of different delegation business scenarios, decreased complexity of the solution, and greater accountability with only a modest amount of additional infrastructure required.展开更多
The thesis researches the safety infonnation and control system (SICS) design principle and introduces engineering application in CPR1000 nuclear power station in China. The SICS provides sufficient control and moni...The thesis researches the safety infonnation and control system (SICS) design principle and introduces engineering application in CPR1000 nuclear power station in China. The SICS provides sufficient control and monitoring means to bring and maintain the plant in a safe state as a backup of main computerized control mean (MCM), in any plant conditions that are probable during a planed or unplanned unavailability of the MCM. The successful engineering applications of SICS in different digital I&C system platform are introduced in the paper. The thesis gives the research conclusion for new general SICS of digital I&C system.展开更多
In this paper, the operating performances of the main commercial banks' information security management system applications are empirically researched using the DEA method of operating efficiency's multi-stage super...In this paper, the operating performances of the main commercial banks' information security management system applications are empirically researched using the DEA method of operating efficiency's multi-stage super efficiency. The DEA model of multi-stage super efficiency is established for the commercial bank information security system applications of China's banks using data envelopment analysis (DEA), and then output efficiency, taxation efficiency, and comprehensive efficiency are analyzed by choosing eight banks such as Industrial and Commercial bank of China as sample data, and finally the operating performance of Chinese commercial banks' information security management system is concluded.展开更多
文摘Based on the principle of information theory, a novel scheme of unequal-interval frequency-hopping (FH) systems was proposed. For cases of spectrum overlapping systems and non-overlapping systems, the implementation methods were presented and the security performances were discussed theoretically. Firstly, the definitions of absolute and relative key amounts of FH systems, equal-interval and unequal-interval FH systems were given. Then, the absolute key amount and relative key amount were analyzed for equal-interval and unequal-interval FH systems. The results indicated that the absolute key amount had become the key point in improving the security and secrecy of FH systems, especially in today's epoch of highly developed computer science and IC design technology. Theoretical analysis and practical examples showed that the absolute key amount of unequal-interval FH systems was generally over two orders larger than that of equal-interval ones when spectrum overlapping was allowable. Therefore, there was great superiority in enhancing the security and secrecy for the scheme mentioned.
文摘With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.
文摘No matter whether a system is operated manually or automatically controlled by computer, the system’s vulnerability always exists. Earthquake Disaster Reduction System (EDRS) belongs to the category of information system. According to the features of security for EDRS, the steps and the methods on how to build the EDRS security were analyzed. The EDRS security features, security strategies and security measures were also given through a distributed EDRS skeleton that has been applied. Because there was still no appointed and authoritative agency or organization to certify and test EDRS security in China, a national information technology security certification center was introduced and suggested for the certification of the EDRS security. Finally, several discussions and tendencies for the EDRS development were presented.
文摘In this paper, a robust digital watermarking method against shearing based on Haar orthogonal function system was introduced. The proposed method adopted the complete generalized orthogonal properties of Haar ortbogonal function system to achieve the piece-based orthogonal transform on the image. The significant middle frequency coefficients in the transformation matrix are picked up, based on characteristics of the image visual system and the Haar orthogonal transform. The watermark is adoptively weighed to the middle frequency matrix. The method improves the validity of watermarking and shows excellent advantage against shearing attack. Experimental results show that the Haar orthogonal function system based watermark approach can provide an excellent protection under geometric attacks.
文摘How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST' s firewall reference model by adding a transmission unit modification function and an attribute value mapping function,describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.
基金Project (No. 20040146) supported by Zhejiang Provincial Edu-cation Department Foundation, China
文摘This paper deals with the synchronization of chaotic systems with structure or parameters difference. Nonlinear differential geometry theory was applied to transform the chaotic discrepancy system into canonical form. A feedback control for synchronizing two chaotic systems is proposed based on sliding mode control design. To make this controller physically realizable, an extended state observer is used to estimate the error between the transmitter and receiver. Two illustrative examples were carried out: (1) The Chua oscillator was used to show that synchronization was achieved and the message signal was recovered in spite of parametric variations; (2) Two second-order driven oscillators were presented to show that the synchronization can be achieved and that the message can be recovered in spite of the strictly different model.
基金Supported by the High Technology Research and Development Programme of China (No. 2007AA01Z473)
文摘Security assessment can help understand the security conditions of an information system and yield results highly conducive to the solution of security problems in it. Taking the computer networks in a certain university as samples, this paper, with the information system security assessment model as its foundation, proposes a multi-attribute group decision-making (MAGDM) security assessment method based on a variable consistency dominance-based rough set approach (VC-DRSA). This assessment method combines VC-DRSA with the analytic hierarchy process (AHP), uncovers the inherent information hidden in data via the quality of sorting (QoS), and makes a synthetic security assessment of the information system after determining the security attribute weight. The sample findings show that this method can effectively remove the bottleneck of MAGDM, thus assuming practical significance in information system security assessment.
文摘Discuss the problem of infinite increasing coin list in anonymous E-cash systems, which reduce the efficiency of whole system greatly. Though some methods are suggested, no one can solve the problem with high efficiency and flexibility. Here, we use the technique of adding information in blind signatures to deal with this problem. Through adding timestamp in signatures, we can separate the valid period of all used coins into pieces. Only the coins in the last stage are recorded. So the scale of the coins list is controlled. We also analyze the anonymity of these data, and add some indispensable restrictions to them. These restrictions can ensure that the imported data don’t break the anonymity of the customers. In order to fulfill these qualifications, we lead to the concept of restricted common data (RCD). Furthermore, we propose two schemes to add RCD in the blind signature. The simple one is easy to implement, while the complex one can note the value of the coin. The usage of RCD leads to little additional cost, as well as maintaining the anonymity of customers. This method fits for most kinds of anonymous E-cash systems.
基金Project(2006BAK04B0302)supported by the National Science and Technology Pillar Program during the 11th Five-year Plan of China
文摘According to the randomness and uncertainty of information in the safety diagnosis of coal mine production system (CMPS), a novel safety diagnosis method was proposed by applying fuzzy logic inference method, which consists of safety diagnosis fuzzifier, defuzzifier, fuzzy rules base and inference engine. Through the safety diagnosis on coal mine roadway rail transportation system, the result shows that the unsafe probability is about 0.5 influenced by no speed reduction and over quick turnout on roadway, which is the most possible reason leading to the accident of roadway rail transportation system.
文摘Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.
文摘The NPP (nuclear power plant) being vital objects of an energy infrastructure must be protected against malicious actions affecting their safety, and cyber security plays a key part in attaining this goal. The paper considers, implemented by the authors within the project of advanced digital control system for NPP with the reactor VVER-1000, a system of unauthorized access protection, partially built up on the technology of AA (active audit) and expert system. The AA technology is based on response of the system on deviation of current signature of the automated process control system from stable state rather than on a certain signature of attack and relies on the estimation of the behavioral models of the particular digital control system. The advent of active audit reflects the current situation in the digital control systems where complex distributed platforms are used to construct automated process control system. The active audit allows one to make the digital control system functionally closed, provided that it is determinate. The methodology of the active audit does not give u external (barrier) and traditional (password, antivirus) methods of unauthorized access protection. These methods can be used when it is appropriate to achieve a required protection level.
文摘Due to rapidly development of information systems, risk and security issues have increased and became a phenomenon that concerns every organization, without considering the size of it. To achieve desired results, managers have to implement methods of evaluating and mitigating risk as part of a process well elaborated. Security risk management helps managers to better control the business practices and improve the business process. An effective risk management process is based on a successful IT security program. This doesn't mean that the main goal of an organization's risk management process is to protect its IT assets, but to protect the organization and its ability to perform their missions. During this process, managers have to take into consideration risks that can affect the organization and apply the most suitable measures to minimize their impact. The most important task is choosing the best suited method for analyzing the existing risk properly. Several methods have been developed, being classified in quantitative and qualitative approaches of evaluating risk. The purpose of this paper is to present the advantages and disadvantages of each approach taking current needs and opportunities into consideration.
基金Supported by the National Natural Science Foundation of China(No.60605019)
文摘In order to understand the security conditions of the incomplete interval-valued information system (IllS) and acquire the corresponding solution of security problems, this paper proposes a multi-attribute group decision- making (MAGDM) security assessment method based on the technique for order performance by similarity to ideal solution (TOPSIS). For IllS with preference information, combining with dominance-based rough set approach (DRSA), the effect of incomplete interval-valued information on decision results is discussed. For the imprecise judgment matrices, the security attribute weight can be obtained using Gibbs sampling. A numerical example shows that the proposed method can acquire some valuable knowledge hidden in the incomplete interval-valued information. The effectiveness of the proposed method in the synthetic security assessment for IIIS is verified.
文摘There are many business needs for implementing delegation in IT (Information Technology) systems. However, existing approaches to delegation in IT systems are limited in their usability, flexibility, and capability to implement least privilege. The result is that delegation is either not implemented or is implemented informally (e.g., by sharing credentials [passwords or hardware tokens] between users), resulting in serious security concerns and a lack of accountability. This paper describes a methodology for delegation based on the persona concept. A persona is a special category of user that embodies only delegated privileges, and which is explicitly assumed only after the "real" human user taking on that persona explicitly chooses it, This paper describes the persona delegation framework in the context of a large enclave-based architecture currently being implemented by a major enterprise. The creation of a persona solves a lot of downstream problems by allowing the persona to be treated like any other entity in the system. That is, identity, authentication, authorization, and other security processes already know how to handle an entity of this type. Benefits of the framework include increased flexibility to handle a number of different delegation business scenarios, decreased complexity of the solution, and greater accountability with only a modest amount of additional infrastructure required.
文摘The thesis researches the safety infonnation and control system (SICS) design principle and introduces engineering application in CPR1000 nuclear power station in China. The SICS provides sufficient control and monitoring means to bring and maintain the plant in a safe state as a backup of main computerized control mean (MCM), in any plant conditions that are probable during a planed or unplanned unavailability of the MCM. The successful engineering applications of SICS in different digital I&C system platform are introduced in the paper. The thesis gives the research conclusion for new general SICS of digital I&C system.
文摘In this paper, the operating performances of the main commercial banks' information security management system applications are empirically researched using the DEA method of operating efficiency's multi-stage super efficiency. The DEA model of multi-stage super efficiency is established for the commercial bank information security system applications of China's banks using data envelopment analysis (DEA), and then output efficiency, taxation efficiency, and comprehensive efficiency are analyzed by choosing eight banks such as Industrial and Commercial bank of China as sample data, and finally the operating performance of Chinese commercial banks' information security management system is concluded.
