The World Wide Web has been an environment with many security threats and lots of reported cases of security breaches. Various tools and techniques have been applied in trying to curb this problem, however new attacks...The World Wide Web has been an environment with many security threats and lots of reported cases of security breaches. Various tools and techniques have been applied in trying to curb this problem, however new attacks continue to plague the Internet. We discuss risks that affect web applications and explain how network-centric and host-centric techniques, as much as they are crucial in an enterprise, lack necessary depth to comprehensively analyze overall application security. The nature of web applications to span a number of servers introduces a new dimension of security requirement that calls for a holistic approach to protect the information asset regardless of its physical or logical separation of modules and tiers. We therefore classify security mechanisms as either infrastructure-centric or application-centric based on what asset is being secured. We then describe requirements for such application-centric security mechanisms.展开更多
With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an impor...With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an important aspect of future audit that cannot be ignored.However,the existing code security audit ismainly based on source code,which is difficult to meet the audit needs of more and more programming languages and binary commercial software.Based on the idea of normalized transformation,this paper constructs a cross language code security audit framework(CLCSA).CLCSA first uses compile/decompile technology to convert different highlevel programming languages and binary codes into normalized representation,and then usesmachine learning technology to build a cross language code security audit model based on normalized representation to evaluate code security and find out possible code security vulnerabilities.Finally,for the discovered vulnerabilities,the heuristic search strategy will be used to find the best repair scheme from the existing normalized representation sample library for automatic repair,which can improve the effectiveness of code security audit.CLCSA realizes the normalized code security audit of different types and levels of code,which provides a strong support for improving the breadth and depth of code security audit.展开更多
Nowadays, China has entered the aging countries sequence, reform and development of the social insurance system is facing more opportunities and challenges, which give the social insurance audit work of the new requir...Nowadays, China has entered the aging countries sequence, reform and development of the social insurance system is facing more opportunities and challenges, which give the social insurance audit work of the new requirements. In practice, the social insurance audit work has encountered new conflicts and problems. Due to the socio-economic composition, organizational forms, forms of employment, interest, distribution relations have had a dramatic and profound change, labor relations was diversified, contract, complex features, social insurance premium is difficult, concealed drain Daily contribution base, have occurred impersonator false and social insurance benefits behavior. Loss of the social insurance fund is now urgently containment dike, to further regulate the social insurance audit work has become an important issue in the New Social Insurance Development. Therefore, we must establish a sound social security audit system, and promote the integration of social security audits, and thus be able to maintain the smooth progress of China's social insurance work.展开更多
Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy a...Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.展开更多
With the rapid development of blockchain technology,the Chinese government has proposed that the commercial use of blockchain services in China should support the national encryption standard,also known as the state s...With the rapid development of blockchain technology,the Chinese government has proposed that the commercial use of blockchain services in China should support the national encryption standard,also known as the state secret algorithm GuoMi algorithm.The original Hyperledger Fabric only supports internationally common encryption algorithms,so it is particularly necessary to enhance support for the national encryption standard.Traditional identity authentication,access control,and security audit technologies have single-point failures,and data can be easily tampered with,leading to trust issues.To address these problems,this paper proposes an optimized and application research plan for Hyperledger Fabric.We study the optimization model of cryptographic components in Hyperledger Fabric,and based on Fabric's pluggable mechanism,we enhance the Fabric architecture with the national encryption standard.In addition,we research key technologies involved in the secure application protocol based on the blockchain.We propose a blockchain-based identity authentication protocol,detailing the design of an identity authentication scheme based on blockchain certificates and Fabric CA,and use a dual-signature method to further improve its security and reliability.Then,we propose a flexible,dynamically configurable real-time access control and security audit mechanism based on blockchain,further enhancing the security of the system.展开更多
Oracle数据库系统通过 REDO L OG技术来管理数据操作和事务 ,如何分析跟踪 REDO L OG文件 ,实现对数据库操作的监控 ,在数据库审计、数据库复制和数据库安全等方面具有重要的实用价值 .本文对 ORACL E REDO L OG文件进行了详尽的分析 ,...Oracle数据库系统通过 REDO L OG技术来管理数据操作和事务 ,如何分析跟踪 REDO L OG文件 ,实现对数据库操作的监控 ,在数据库审计、数据库复制和数据库安全等方面具有重要的实用价值 .本文对 ORACL E REDO L OG文件进行了详尽的分析 ,给出了 REDO L OG文件头、文件体块结构和文件数据结构的 C语言描述 ,以及 REDO L OG事务控制机制的分析 。展开更多
随着Internet和网络应用系统的发展和普及,网络攻击行为不断升级,严重影响了系统的正常运行,系统安全问题已引起人们的高度重视。多数应用系统通常采用Linux作为服务器操作系统,日志是Linux系统重要的安全特性,对于系统安全极为重要。...随着Internet和网络应用系统的发展和普及,网络攻击行为不断升级,严重影响了系统的正常运行,系统安全问题已引起人们的高度重视。多数应用系统通常采用Linux作为服务器操作系统,日志是Linux系统重要的安全特性,对于系统安全极为重要。通过它可以方便地查找出系统错误或受到的攻击。基于对Linux Red Hat9.0的研究,文中对syslog协议、日志服务器的建立以及使用logrotate对日志进行轮循管理进行了详细说明,还对Syslog日志管理系统的安全性进行了简要分析,提出了现有Syslog机制存在的问题和未来的发展方向。展开更多
With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.Howe...With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.展开更多
Remote audit is a way of management system audit. Its advantage is to achieve effective and efficient audit purpose by means of information and communication technology (ICT). However, remote audit usually requires IC...Remote audit is a way of management system audit. Its advantage is to achieve effective and efficient audit purpose by means of information and communication technology (ICT). However, remote audit usually requires ICT, and related information security issues also arise. This paper analyzes the related information security problems from the perspective of the information security problems and countermeasures in the process of remote audit, and puts forward the countermeasures to solve the problems, in order to provide reference for controlling the information security risks in the process of remote audit and ensuring the effective and efficient audit purpose.展开更多
Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a pu...Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.展开更多
Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers...Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.展开更多
文摘The World Wide Web has been an environment with many security threats and lots of reported cases of security breaches. Various tools and techniques have been applied in trying to curb this problem, however new attacks continue to plague the Internet. We discuss risks that affect web applications and explain how network-centric and host-centric techniques, as much as they are crucial in an enterprise, lack necessary depth to comprehensively analyze overall application security. The nature of web applications to span a number of servers introduces a new dimension of security requirement that calls for a holistic approach to protect the information asset regardless of its physical or logical separation of modules and tiers. We therefore classify security mechanisms as either infrastructure-centric or application-centric based on what asset is being secured. We then describe requirements for such application-centric security mechanisms.
基金This work was supported by the Universities Natural Science Research Project of Jiangsu Province under Grant 20KJB520026the Natural Science Foundation of Jiangsu Province under Grant BK20180821.
文摘With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an important aspect of future audit that cannot be ignored.However,the existing code security audit ismainly based on source code,which is difficult to meet the audit needs of more and more programming languages and binary commercial software.Based on the idea of normalized transformation,this paper constructs a cross language code security audit framework(CLCSA).CLCSA first uses compile/decompile technology to convert different highlevel programming languages and binary codes into normalized representation,and then usesmachine learning technology to build a cross language code security audit model based on normalized representation to evaluate code security and find out possible code security vulnerabilities.Finally,for the discovered vulnerabilities,the heuristic search strategy will be used to find the best repair scheme from the existing normalized representation sample library for automatic repair,which can improve the effectiveness of code security audit.CLCSA realizes the normalized code security audit of different types and levels of code,which provides a strong support for improving the breadth and depth of code security audit.
文摘Nowadays, China has entered the aging countries sequence, reform and development of the social insurance system is facing more opportunities and challenges, which give the social insurance audit work of the new requirements. In practice, the social insurance audit work has encountered new conflicts and problems. Due to the socio-economic composition, organizational forms, forms of employment, interest, distribution relations have had a dramatic and profound change, labor relations was diversified, contract, complex features, social insurance premium is difficult, concealed drain Daily contribution base, have occurred impersonator false and social insurance benefits behavior. Loss of the social insurance fund is now urgently containment dike, to further regulate the social insurance audit work has become an important issue in the New Social Insurance Development. Therefore, we must establish a sound social security audit system, and promote the integration of social security audits, and thus be able to maintain the smooth progress of China's social insurance work.
文摘Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.
基金supported by Fujian Provincial Social Science Foundation Public Security Theory Research Project(FJ2023TWGA004)Education and Scientific Research Special Project of Fujian Provincial Department of Finance(Research on the Application of Blockchain Technology in Prison Law Enforcement Management),under National Key R&D Program of China(2020YFB1005500)。
文摘With the rapid development of blockchain technology,the Chinese government has proposed that the commercial use of blockchain services in China should support the national encryption standard,also known as the state secret algorithm GuoMi algorithm.The original Hyperledger Fabric only supports internationally common encryption algorithms,so it is particularly necessary to enhance support for the national encryption standard.Traditional identity authentication,access control,and security audit technologies have single-point failures,and data can be easily tampered with,leading to trust issues.To address these problems,this paper proposes an optimized and application research plan for Hyperledger Fabric.We study the optimization model of cryptographic components in Hyperledger Fabric,and based on Fabric's pluggable mechanism,we enhance the Fabric architecture with the national encryption standard.In addition,we research key technologies involved in the secure application protocol based on the blockchain.We propose a blockchain-based identity authentication protocol,detailing the design of an identity authentication scheme based on blockchain certificates and Fabric CA,and use a dual-signature method to further improve its security and reliability.Then,we propose a flexible,dynamically configurable real-time access control and security audit mechanism based on blockchain,further enhancing the security of the system.
文摘Oracle数据库系统通过 REDO L OG技术来管理数据操作和事务 ,如何分析跟踪 REDO L OG文件 ,实现对数据库操作的监控 ,在数据库审计、数据库复制和数据库安全等方面具有重要的实用价值 .本文对 ORACL E REDO L OG文件进行了详尽的分析 ,给出了 REDO L OG文件头、文件体块结构和文件数据结构的 C语言描述 ,以及 REDO L OG事务控制机制的分析 。
文摘随着Internet和网络应用系统的发展和普及,网络攻击行为不断升级,严重影响了系统的正常运行,系统安全问题已引起人们的高度重视。多数应用系统通常采用Linux作为服务器操作系统,日志是Linux系统重要的安全特性,对于系统安全极为重要。通过它可以方便地查找出系统错误或受到的攻击。基于对Linux Red Hat9.0的研究,文中对syslog协议、日志服务器的建立以及使用logrotate对日志进行轮循管理进行了详细说明,还对Syslog日志管理系统的安全性进行了简要分析,提出了现有Syslog机制存在的问题和未来的发展方向。
基金This work was supported by the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province(Grant No.SKLACSS-202101)NSFC(Grant Nos.62176273,61962009,U1936216)+3 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(No.2019BDKFJJ010,2019BDKFJJ014)the Fundamental Research Funds for Beijing Municipal Commission of Education,Beijing Urban Governance Research Base of North China University of Technology,the Natural Science Foundation of Inner Mongolia(2021MS06006)Baotou Kundulun District Science and technology plan project(YF2020013)Inner Mongolia discipline inspection and supervision big data laboratory open project fund(IMDBD2020020).
文摘With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.
文摘Remote audit is a way of management system audit. Its advantage is to achieve effective and efficient audit purpose by means of information and communication technology (ICT). However, remote audit usually requires ICT, and related information security issues also arise. This paper analyzes the related information security problems from the perspective of the information security problems and countermeasures in the process of remote audit, and puts forward the countermeasures to solve the problems, in order to provide reference for controlling the information security risks in the process of remote audit and ensuring the effective and efficient audit purpose.
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)the National Natural Science Foundation of China(51378350)
文摘Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.
基金supported by National Natural Science Foundation of China(No.62172436)Additionally,it is supported by Natural Science Foundation of Shaanxi Province(No.2023-JC-YB-584)Engineering University of PAP’s Funding for Scientific Research Innovation Team and Key Researcher(No.KYGG202011).
文摘Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.
