Netinfo Security

Research on An Efficient and Practical Cloud-based Digital Signature Scheme

Yongqiang ZHANG, Weilong LU, Chunming TANG

2016, 16 (7): 1-6. doi: 10.3969/j.issn.1671-1122.2016.07.001

Abstract ( 455 )

HTML ( 2 )

PDF (1447KB) ( 146 )

With the rapid development of cloud computing, models of cloud-based digital signature become practical. More enthusiastic responses from enterprises confirm that cloud computing plays an important role in many fields of IT with its features of reliable, convenient, on-demand network access to security infrastructures that perform cryptographic operations. This paper proposes a scheme of generating digital signature in the cloud. The scheme achieves centralized management of certificates and their private keys, and ensures the security of certificates and their private keys by using the combination of distributed processing with key segmentation. Meanwhile, the scheme presents lower performance requirements of cryptographic operations for cloud signature service platform, which meet the need of simultaneous processing from a large number of users.

Figures and Tables | References | Related Articles | Metrics

RSSP-II Protocol Security Analysis Based on Communicating Sequential Process Method

Debiao LU, Shengjiao HE, Jian WANG

2016, 16 (7): 7-8. doi: 10.3969/j.issn.1671-1122.2016.07.002

Abstract ( 676 )

HTML ( 8 )

PDF (2780KB) ( 471 )

Nowadays, the increasing number of cyber security events in industry control system (ICS) are emerged. Railway Signalling System as a specific application of the industrial control system, including reliability and completeness, the transmission network security is also the stringent task to be focused on. This paper analysed the RSSP-II protocol as the security protocol for railway signalling system, the Communication Sequential Processes (CSP) method was introduced. CSP is one of the model checking method, this method using discrete event to describe the system, the process and its environment were described by algebraic operations in formal language. Each CSP process can be converted into equivalent state. The processes of the key service and peer entity authenticating are analysed through CSP. At last the model checking tool Casper-FDR was applied to verify the confidentiality and authenticity properties of the protocol. The result showed that the parameters are acceptable, and the reverse item number is 0, thus verified RSSP-II in key service and peer entity authenticating.

Figures and Tables | References | Related Articles | Metrics

Research on Trust Model for Security Strength Evaluation of Cloud Computing

Ziyuan LIAO, Wei WANG, Mingzhi CHEN

2016, 16 (7): 15-19. doi: 10.3969/j.issn.1671-1122.2016.07.003

Abstract ( 569 )

HTML ( 0 )

PDF (1700KB) ( 178 )

The application of cloud computing is becoming more and more popular, but the security strength of cloud computing system is always difficult to be accurately evaluated. This paper proposes a trust model which can objectively evaluate the security strength of cloud computing system. The model uses a trust value to describe the overall security strength of the cloud computing system, and the trust value is generated by a list of parameters that cover the multidimensional securities. Trust model can help users to choose the appropriate cloud services effectively, and can help service providers to find their deficiencies. The experimental results show that the trust model has good completeness and accuracy for the evaluation of the security strength of cloud computing system.

Figures and Tables | References | Related Articles | Metrics

Research Survey on Security Issues in Cyber-Physical Systems

Kunlun PENG, Wei PENG, Dongxia WANG, Qianqian XING

2016, 16 (7): 20-28. doi: 10.3969/j.issn.1671-1122.2016.07.004

Abstract ( 1399 )

HTML ( 10 )

PDF (1589KB) ( 449 )

A cyber-physical system (CPS) is a complex system which integrates information systems with physical systems. It realizes the function of real-time sensing and dynamical control of the physical world by environment perception and the integration of computing, communication and control process. CPS is viewed as the next information revolution after the Internet and security problem is one of the key issues affecting the wide application of CPS. This paper introduces the requirements and goals of CPS security, as well as security challenges that a CPS faces. Attacks on a CPS from physical layer, transport layer and application layer are also discussed in detail. By analyzing current research on techniques of anti-attack, identity authentication, privacy preservation and risk assessment in CPS, the paper discusses the future research trends in this area.

Figures and Tables | References | Related Articles | Metrics

Research and Design of Remote Control System of Host Resources

Jian ZHAO, Chang ZHANG, Xiangdong WEN

2016, 16 (7): 29-34. doi: 10.3969/j.issn.1671-1122.2016.07.005

Abstract ( 482 )

HTML ( 0 )

PDF (1576KB) ( 145 )

Nowadays, the security and controllability of the host resources are getting more attention. Especially when the host is out of control, how to ensure the sensitive information to be security by the remote control system is a problem which should be solved. After analyzed current research situation of remote control and secure deletion of the host files, a remote control system of host resources is designed, and the system architecture and workflow are proposed. The realization method of the hardware platform based on a remote communication module and the control software including control instruction transmission, security authentication, and host resources control and so on. Finally, the system functions are tested and analyzed. The remote control system is designed based on mobile communication module and control agent software. The communication module will be put in the protected computer, and the agent software run in it. The manager controls the protected computer by the command message. To enhance the security of the system, only these command messages which are identified can be carried out, in order to delete the sensitive information, shut down the endpoint and so on. The experiments show that the system can improve the management of the protected computer, and reduce the security risk when the computer is out of control.

Figures and Tables | References | Related Articles | Metrics

A Binary Code Analysis of Vulnerability Scanning Method for SDN Smart Power Grid

Yingcong CHEN, Guangqing CHEN, Zhiming CHEN, Neng WAN

2016, 16 (7): 35-39. doi: 10.3969/j.issn.1671-1122.2016.07.006

Abstract ( 653 )

HTML ( 3 )

PDF (4529KB) ( 159 )

Software defined network provides smart power grid with virtual network control and compatible capability. However, security vulnerabilities are also brought in. A binary code analysis of vulnerability scanning method is proposed for SDN smart power grid. Code lexical analysis rules and code to vulnerability reflection database are built to scan the vulnerabilities from SDN smart power grid. Ignored specific service characteristics, new method improves the security. Simulations and tests demonstrate the improved performance of new method.

Figures and Tables | References | Related Articles | Metrics

Research on Method of Android System Malware Behavior Monitoring Based on Multi-level and Cross-view Analysis

Jingya YANG, Senlin LUO, Shuai ZHU, Lewei QU

2016, 16 (7): 40-46. doi: 10.3969/j.issn.1671-1122.2016.07.007

Abstract ( 591 )

HTML ( 1 )

PDF (1750KB) ( 273 )

The existing methods applying to behavior monitoring of Android system need to either recompile the system or alter the applications which is monitored. Most of them are not comprehensive enough and cannot identify the hidden behaviors of malicious codes. According to the problems raised before, this paper proposes a method of Android system malware behavior monitoring which bases on multi-level and cross-view analysis. The paper uses the technology of process injection and loadable kernel, which monitors malware behavior in Java level, Native level and Kernel level. Then this paper obtains the result of behavior monitoring and identifies the hidden behaviors by cross-view analysis. Under Android simulator environment, the experiment uses 12 kinds of malware which can cover most of the malware behaviors. The results shows that the monitoring accuracy rate of malicious behavior reaches to 91.43%, and the method can detect the hidden behaviors effectively. So it has fine audit granularity and strong practicality.

Figures and Tables | References | Related Articles | Metrics

Research on ASLR Bypass Technology Based on Arbitrary Function Address

Xin XU, Songnian ZHANG, Jianwei HU

2016, 16 (7): 47-52. doi: 10.3969/j.issn.1671-1122.2016.07.008

Abstract ( 781 )

HTML ( 4 )

PDF (7599KB) ( 147 )

For many years buffer overflow vulnerability has been the most important and harmful mean of the field of network attacks. In Microsoft and other vendors did not use the DEP and ASLR on buffer overflow protection technology, the attackers use EIP to jump to the required position to complete the exploits. However, with the application of DEP and ASLR technology, during the current exploit, bypass the ASLR, Address Space Layout Randomization, protection mechanism is an essential part . Almost all of the vulnerabilities mining practitioners and attackers, both in the study through the way to bypass DEP and ASLR. From the content of ASLR protection mechanism, this paper mainly analyzes the current commonly used ASLR bypass technology of the Microsoft’s Windows system. Then, this paper puts forward a through relative offset bypass ASLR protection mechanism, and focuses on the analysis of the cve-2013-2551 vulnerabilities principles and details, and through the use of loopholes in the cve-2013-2551 demonstration in Microsoft's Windows 8 application this method successfully bypass ASLR protection mechanism of the Microsoft. The shortcoming of the method that proposed in this paper is that the attacker must be able to bypass the ASLR to read the memory, and its advantage is that the attacker can obtain the address of any function in the system.

Figures and Tables | References | Related Articles | Metrics

A Performance Testing Framework of Virtual Desktop Based on User Motion Controlling Language

Jingxuan ZHANG, Jinda CHANG, Dong GUO, Wei WANG

2016, 16 (7): 53-60. doi: 10.3969/j.issn.1671-1122.2016.07.009

Abstract ( 674 )

HTML ( 0 )

PDF (2576KB) ( 110 )

There are several known challenges about performance analysis. The traditional methods just care about parts of system, yet the performance of the whole system. The existed methods often only measure the metrics of operating system, but not the experience perceived by users. To solve above problems, this paper proposes a novel method to measure the performance of virtual desktop system. This method need to use user motion controlling language, which allow the tester to simulate the user behaviors on embedded thin client directly. A test framework has been implemented in this method, with a serial of real test on a simple embedded thin client. The basic availability of this method has been proved through some qualitative and quantitative analysis.

Figures and Tables | References | Related Articles | Metrics

Security Supervisory Scheme for Industrial Control Networks

Xiaobing CHEN, Kai CHEN, Zhen XU, Liming WANG

2016, 16 (7): 61-70. doi: 10.3969/j.issn.1671-1122.2016.07.010

Abstract ( 559 )

HTML ( 1 )

PDF (4209KB) ( 122 )

Security events, represented by one nuclear power station of Iran attacked by the “Stuxnet” virus, ring the alarm bell of the industrial control system security situation. The supervision of industrial control system is imperative. Considering the state-of-the-art research, there exists the problems of restraint of the range of data acquisition, the inadequate consideration of the features of industrial control systems and lack of effective detection measures to identify APT attacks, such as “Stuxnet” and “Havex”. Thus, the article propose a supervisory frame for industrial control networks. The frame acquire data from different layers of industrial control networks, utilizing flexible data acquisition strategies, and correlate data acquired from different layers of industrial control networks and analyze abnormal operation behavior. The flexible data acquisition strategies perform preference to the availability of industrial control system, while the correlation and analysis of data acquired from different layers improved the ability of the system to detect some APT attacks.

Figures and Tables | References | Related Articles | Metrics

esearch on Access Control Model Based on the Trust Value Assessment of Cloud Computing

Yundong FAN, Xiaoping WU, Xiong SHI

2016, 16 (7): 71-77. doi: 10.3969/j.issn.1671-1122.2016.07.011

Abstract ( 527 )

HTML ( 0 )

PDF (3477KB) ( 142 )

To reduce the possible threats of users’ behavior, improve the security of cloud computing system, and ensure the dynamic access control, this paper proposes an access control model based on the trust value assessment of cloud computing. The model determines the level of trust and completes the authorization process by dynamically computing the integrated trust value of the user’s behavior. Considering the interaction characteristics of user behavior factors, the model introduces the theory of analytic network process on the basis of establishing the complete trust value evaluation model, which can realize the objective weight distribution of user behavior factor and improve the reliability and objectivity of the model. The attenuation factor is added in the model to further ensure the dynamic change of the integrated trust value of users’ behavior, so that the user can gain the dynamic access and this improves the security of cloud environment. This paper expounds the structure of model, composition elements, implementation process and strategies of access control. And at last the experimental results show that the model can achieve dynamic, secure and reliable access control in cloud environment.

Figures and Tables | References | Related Articles | Metrics

Research on Trusted Security Host Architecture Based on Trusted Computing Base

Qiang HUANG, Le CHANG, Dehua ZHANG, Lunwei WANG

2016, 16 (7): 78-84. doi: 10.3969/j.issn.1671-1122.2016.07.012

Abstract ( 623 )

HTML ( 1 )

PDF (1983KB) ( 112 )

Starting from the host computer security architecture studying background and the requirement of designing actual high-security computer, we discuss trusted & security union architecture here to fuse trusted computing mechanism with legacy security mechanism like access control or authentication. First, the relationship between trusted computing and legacy security architecture is discussed. The TCG architecture and China trusted computing architecture is also compared with their differences in data integrity and system integrity. At last, we make the conclusion that trusted computing mechanism can enhance the security architecture and assurance the TCB’s characters. Several critical mechanisms are discussed to help for realizing and supporting this architecture: authentication with trusted computing devices and other legacy methods, data protecting mechanism supported by trusted computing and file execution control mechanism combining trusted validation control and mandatory access control.

Figures and Tables | References | Related Articles | Metrics

Table of Content