Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematica...Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematical and computer modeling of a novel two-dimensional(2D)chaotic system for secure key generation in quantum image encryption(QIE).The proposed map employs trigonometric perturbations in conjunction with rational-saturation functions and hence,named as Trigonometric-Rational-Saturation(TRS)map.Through rigorous mathematical analysis and computational simulations,the map is extensively evaluated for bifurcation behaviour,chaotic trajectories,and Lyapunov exponents.The security evaluation validates the map’s non-linearity,unpredictability,and sensitive dependence on initial conditions.In addition,the proposed TRS map has further been tested by integrating it in a QIE scheme.The QIE scheme first quantum-encodes the classic image using the Novel Enhanced Quantum Representation(NEQR)technique,the TRS map is used for the generation of secure diffusion key,which is XOR-ed with the quantum-ready image to obtain the encrypted images.The security evaluation of the QIE scheme demonstrates superior security of the encrypted images in terms of statistical security attacks and also against Differential attacks.The encrypted images exhibit zero correlation and maximum entropy with demonstrating strong resilience due to 99.62%and 33.47%results for Number of Pixels Change Rate(NPCR)and Unified Average Changing Intensity(UACI).The results validate the effectiveness of TRS-based quantum encryption scheme in securing digital images against emerging quantum threats,making it suitable for secure image encryption in IoT and edge-based applications.展开更多
With the rapid advancement of ICT and IoT technologies,the integration of Edge and Fog Computing has become essential to meet the increasing demands for real-time data processing and network efficiency.However,these t...With the rapid advancement of ICT and IoT technologies,the integration of Edge and Fog Computing has become essential to meet the increasing demands for real-time data processing and network efficiency.However,these technologies face critical security challenges,exacerbated by the emergence of quantum computing,which threatens traditional encryption methods.The rise in cyber-attacks targeting IoT and Edge/Fog networks underscores the need for robust,quantum-resistant security solutions.To address these challenges,researchers are focusing on Quantum Key Distribution and Post-Quantum Cryptography,which utilize quantum-resistant algorithms and the principles of quantum mechanics to ensure data confidentiality and integrity.This paper reviews the current security practices in IoT and Edge/Fog environments,explores the latest advancements in QKD and PQC technologies,and discusses their integration into distributed computing systems.Additionally,this paper proposes an enhanced QKD protocol combining the Cascade protocol and Kyber algorithm to address existing limitations.Finally,we highlight future research directions aimed at improving the scalability,efficiency,and practicality of QKD and PQC for securing IoT and Edge/Fog networks against evolving quantum threats.展开更多
Chaos-based encryption schemes have been studied extensively, while the security analysis methods for them are still problems to be resolved. Based on the periodic orbit theory, this paper proposes a novel security an...Chaos-based encryption schemes have been studied extensively, while the security analysis methods for them are still problems to be resolved. Based on the periodic orbit theory, this paper proposes a novel security analysis method. The periodic orbits theory indicates that the fundamental frequency of the spiraling orbits is the natural frequency of associated linearized system, which is decided by the parameters of the chaotic system. Thus, it is possible to recover the plaintext of secure communication systems based on chaotic shift keying by getting the average time on the spiraling orbits. Analysis and simulation results show that the security analysis method can break chaos shift keying secure communication systems, which use the parameters as keys.展开更多
Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when ...Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.展开更多
Using the theory and method of the ecological footprint, and combining the changes of regional land use, resource environment, population, society and economy, this paper calculated the ecological footprint, ecologica...Using the theory and method of the ecological footprint, and combining the changes of regional land use, resource environment, population, society and economy, this paper calculated the ecological footprint, ecological carrying capacity and ecological surplus/loss in 1986-2002 on the Loess Plateau in northern Shaanxi Province. What is more, this paper has put forward the concept of ecological pressure index, set up ecological pressure index models, and ecological security grading systems, and the prediction models of different ecological footprints, ecological carrying capacity, ecological surplus and ecological safety change, and also has assessed the ecological footprint demands of 10,000 yuan GDE The results of this study are as follows: (1) the ecological carrying capacity in northern Shaanxi shows a decreasing trend, the difference of reducing range is the fastest; (2) the ecological footprint appears an increasing trend; (3) ecological pressure index rose to 0.91 from 0.44 during 1986-2002 on the Loess Plateau of northern Shaanxi with an increase of 47%; and (4) the ecological security in the study area is in a critical state, and the ecological oressure index has been increasing rapidlv.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
As one of the Special Economic Zones since the reform and opening up, Zhuhai has developed during the past 30 years. Its economic development, industrial structure and ecological environment have undergone great chang...As one of the Special Economic Zones since the reform and opening up, Zhuhai has developed during the past 30 years. Its economic development, industrial structure and ecological environment have undergone great changes. Research on changes in Zhuhai’s land ecological security is of great significance. Using relevant data from 2007-2012, this study established a land ecological security assessment system based on the PSR conceptual framework model. The system contained 18 indicators from 3 aspects according to the concrete features of Zhuhai. Then we used the matterelement analysis and the improved entropy weight to analyze and evaluate the land ecological security of Zhuhai. The results showed that: from 2007 to 2012, the levels of the land ecological security of Zhuhai were “secure”, and the value increased year by year;as the land ecological security response value increased, Zhuhai was capable of solving land ecosystem problems. However, it should be noted that the structure of land ecosystem in Zhuhai has not formed and that rapid expansion of construction land has caused the shortage of cultivated land and other issues. Measures should be taken to control the construction area, improve land intensive utilization and improve the land ecological security.展开更多
Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network har...Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade,but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network(HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.展开更多
Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are...Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.展开更多
China is the world’s largest consumer of pork and grains.However,African swine fever(ASF)and the COVID-19 outbreak have greatly impacted the pork supply and food security in China.How can food security and the pork s...China is the world’s largest consumer of pork and grains.However,African swine fever(ASF)and the COVID-19 outbreak have greatly impacted the pork supply and food security in China.How can food security and the pork supply be ensured under the dual impacts of COVID-19 and ASF?This is a major problem to be urgently solved by the Chinese government.This study indicated that the main pork production and sales areas in China were separated,which reflected the spatial imbalance between the supply and demand.The total area of suitable selected sites for pig farms in China is 21.5 million ha.If only the areas with levels of high and moderate suitability are considered as potential sites for pig farms,the potential pork production can reach 56.1 million tons in China,which is slightly lower than demand.Due to the impact of the ASF epidemic,the food consumed by pigs has been reduced by 34.7 million tons.However,with increasing pork productivity in the future,the self-sufficiency rate of grains may further decline.On the premise that the quality of people’s life is not affected,the diversification of meat supply channels should be realized in an orderly and sustainable way,which might alleviate the pressure on food supply.This study provides a theoretical reference for the spatiotemporal layout of the swine industry and addresses the issue of food security in China under the influence of ASF and the COVID-19 outbreak.展开更多
To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, a...To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.展开更多
Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particu...Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particular importance for developing economies. This study intends to verify the relative status of SLS of the 30 districts in Odisha, which is a backward state in eastern India. In this study, a total of 22 relevant indicators relating to the three components of SLS—ecological security, social equity, and economic efficiency have been taken, based on various kinds of government reports. The principal component analysis(PCA) was used to ascertain the indicators and the importance of each of them to the corresponding component of SLS. The ecological security index(ESI), social equity index(SEI), economic efficiency index(EEI), and composite sustainable livelihood security index(CSLSI) of each district of Odisha were calculated through the min-max normalization technique. The results revealed that there are wide variations in SLS among the districts of Odisha. In this study, the districts are categorized into four levels based on the scores of ESI, SEI, EEI, and CSLSI as very low(<0.400), low(0.400–0.549), medium(0.550–0.700), and high(>0.700). According to the classification result of CSLSI, 2 districts are found to be in the very low category, 20 districts are under the low sustainability category, 8 districts are in the medium category, and none of the districts are found to be in the high sustainability category. The district of Sambalpur ranks the highest with a CSLSI score of 0.624. The bottom five districts are Gajapati, Bolangir, Nabarangpur, Kandhamal, and Malkangiri, having the CSLSI scores of 0.438, 0.435, 0.406, 0.391, and 0.344, respectively. The result of this study suggests that region-specific, systematic, and proactive approaches are desirable for balanced development in Odisha. Further, policy intervention is required to implement more inclusive tribal welfare policies.展开更多
The assessment of water security is an important content in the security management of water resources due to the fact that the state of water security directly affects both the sustainable development of regional eco...The assessment of water security is an important content in the security management of water resources due to the fact that the state of water security directly affects both the sustainable development of regional economy and the improvement on the living quality of mankind. Grey associative analysis is introduced and applied to assessment of water security on the basis of grey characteristics of the assessment index system of water security. As a case study shows, grey associative analysis is used for evaluating water security of some provinces in China, and the satisfactory assessment results are obtained. The sequence of provinces in China with regard to water security from good to poor is obtained and, moreover, the water security level of each region is also confirmed. The results obtained accord with the actual state of each region. They are of practical significance and can be used to guide the management of regional water security and a sustainable development of the economy therein. At the same time, the results demonstrate that grey associative analysis provides a new method for assessing water展开更多
In this paper, we lower the upper bound of the number of solutions of oracletransformation polynomial F(x) over GF(q) So one can also recover all the secrete keys with fewercalls We use our generalized ' even-and-...In this paper, we lower the upper bound of the number of solutions of oracletransformation polynomial F(x) over GF(q) So one can also recover all the secrete keys with fewercalls We use our generalized ' even-and-odd test' method to recover the least significant p-adic'bits' of representations of the Lucas Cryptosystem secret keys x Finally, we analyze the EfficientCompact Subgroup Trace Representation (XTR) Diffic-Hellmen secrete keys and point out that if theorder of XIR-subgroup has a specialform then all the bits of the secrete key of XIR ean be recoveredform any bit of the exponent x.展开更多
The paper analyzes the theory and application of Markowitz Mean-Variance Model and CAPM model. Firstly, it explains the development process and standpoints of two models and deduces the whole process in detail. Then 3...The paper analyzes the theory and application of Markowitz Mean-Variance Model and CAPM model. Firstly, it explains the development process and standpoints of two models and deduces the whole process in detail. Then 30 stocks are choosen from Shangzheng 50 stocks and are testified whether the prices of Shanghai stocks conform to the two models. With the technique of time series and panel data analysis, the research on the stock risk and effective portfolio by ORIGIN and MATLAB software is conducted. The result shows that Shanghai stock market conforms to Markowitz Mean-Variance Model to a certain extent and can give investors reliable suggestion to gain higher return, but there is no positive relation between system risk and profit ratio and CAPM doesn't function well in China's security market.展开更多
In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept an...In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept and next generation smart living. Various case examples have been studied and a brief summary has been provided.Furthermore, a statistical analysis has been provided in terms of security management in smart living where it is found that young technocrats give the highest importance to security management in smart living. Last but not the least, current limitation, constraints, and future scope of security implementation have been discussed in terms of crowd energy clustered with next generation smart living.展开更多
In this paper security of the quantum key distribution scheme using correlations of continuous variable Einstein- Podolsky-Rosen (EPR) pairs is investigated. A new approach for calculating the secret information ra...In this paper security of the quantum key distribution scheme using correlations of continuous variable Einstein- Podolsky-Rosen (EPR) pairs is investigated. A new approach for calculating the secret information rate △I is proposed by using the Shannon information theory. Employing an available parameter F which is associated with the entanglement of the EPR pairs, one can detect easily the eavesdropping. Results show that the proposed scheme is secure against individual bearn splitter attack strategy with a proper squeeze parameter.展开更多
This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world sof...This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.展开更多
Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable ...Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.展开更多
基金funded by Deanship of Research and Graduate Studies at King Khalid University.The authors extend their appreciation to the Deanship of Research and Graduate Studies at King Khalid University for funding this work through Large Group Project under grant number(RGP.2/556/45).
文摘Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematical and computer modeling of a novel two-dimensional(2D)chaotic system for secure key generation in quantum image encryption(QIE).The proposed map employs trigonometric perturbations in conjunction with rational-saturation functions and hence,named as Trigonometric-Rational-Saturation(TRS)map.Through rigorous mathematical analysis and computational simulations,the map is extensively evaluated for bifurcation behaviour,chaotic trajectories,and Lyapunov exponents.The security evaluation validates the map’s non-linearity,unpredictability,and sensitive dependence on initial conditions.In addition,the proposed TRS map has further been tested by integrating it in a QIE scheme.The QIE scheme first quantum-encodes the classic image using the Novel Enhanced Quantum Representation(NEQR)technique,the TRS map is used for the generation of secure diffusion key,which is XOR-ed with the quantum-ready image to obtain the encrypted images.The security evaluation of the QIE scheme demonstrates superior security of the encrypted images in terms of statistical security attacks and also against Differential attacks.The encrypted images exhibit zero correlation and maximum entropy with demonstrating strong resilience due to 99.62%and 33.47%results for Number of Pixels Change Rate(NPCR)and Unified Average Changing Intensity(UACI).The results validate the effectiveness of TRS-based quantum encryption scheme in securing digital images against emerging quantum threats,making it suitable for secure image encryption in IoT and edge-based applications.
基金supported by the National Research Foundation of Korea(NRF)funded by theMinistry of Science and ICT(2022K1A3A1A61014825)。
文摘With the rapid advancement of ICT and IoT technologies,the integration of Edge and Fog Computing has become essential to meet the increasing demands for real-time data processing and network efficiency.However,these technologies face critical security challenges,exacerbated by the emergence of quantum computing,which threatens traditional encryption methods.The rise in cyber-attacks targeting IoT and Edge/Fog networks underscores the need for robust,quantum-resistant security solutions.To address these challenges,researchers are focusing on Quantum Key Distribution and Post-Quantum Cryptography,which utilize quantum-resistant algorithms and the principles of quantum mechanics to ensure data confidentiality and integrity.This paper reviews the current security practices in IoT and Edge/Fog environments,explores the latest advancements in QKD and PQC technologies,and discusses their integration into distributed computing systems.Additionally,this paper proposes an enhanced QKD protocol combining the Cascade protocol and Kyber algorithm to address existing limitations.Finally,we highlight future research directions aimed at improving the scalability,efficiency,and practicality of QKD and PQC for securing IoT and Edge/Fog networks against evolving quantum threats.
文摘Chaos-based encryption schemes have been studied extensively, while the security analysis methods for them are still problems to be resolved. Based on the periodic orbit theory, this paper proposes a novel security analysis method. The periodic orbits theory indicates that the fundamental frequency of the spiraling orbits is the natural frequency of associated linearized system, which is decided by the parameters of the chaotic system. Thus, it is possible to recover the plaintext of secure communication systems based on chaotic shift keying by getting the average time on the spiraling orbits. Analysis and simulation results show that the security analysis method can break chaos shift keying secure communication systems, which use the parameters as keys.
基金supported by the National Nature Science Foundation of China(Grant No.71401052)the National Social Science Foundation of China(Grant No.17BGL156)the Key Project of the National Social Science Foundation of China(Grant No.14AZD024)
文摘Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.
基金National Natural Science Foundation of China, No.40371003 Ministry of Education of China, No.01158 Master Research Project of Shaanxi Normal University
文摘Using the theory and method of the ecological footprint, and combining the changes of regional land use, resource environment, population, society and economy, this paper calculated the ecological footprint, ecological carrying capacity and ecological surplus/loss in 1986-2002 on the Loess Plateau in northern Shaanxi Province. What is more, this paper has put forward the concept of ecological pressure index, set up ecological pressure index models, and ecological security grading systems, and the prediction models of different ecological footprints, ecological carrying capacity, ecological surplus and ecological safety change, and also has assessed the ecological footprint demands of 10,000 yuan GDE The results of this study are as follows: (1) the ecological carrying capacity in northern Shaanxi shows a decreasing trend, the difference of reducing range is the fastest; (2) the ecological footprint appears an increasing trend; (3) ecological pressure index rose to 0.91 from 0.44 during 1986-2002 on the Loess Plateau of northern Shaanxi with an increase of 47%; and (4) the ecological security in the study area is in a critical state, and the ecological oressure index has been increasing rapidlv.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
文摘As one of the Special Economic Zones since the reform and opening up, Zhuhai has developed during the past 30 years. Its economic development, industrial structure and ecological environment have undergone great changes. Research on changes in Zhuhai’s land ecological security is of great significance. Using relevant data from 2007-2012, this study established a land ecological security assessment system based on the PSR conceptual framework model. The system contained 18 indicators from 3 aspects according to the concrete features of Zhuhai. Then we used the matterelement analysis and the improved entropy weight to analyze and evaluate the land ecological security of Zhuhai. The results showed that: from 2007 to 2012, the levels of the land ecological security of Zhuhai were “secure”, and the value increased year by year;as the land ecological security response value increased, Zhuhai was capable of solving land ecosystem problems. However, it should be noted that the structure of land ecosystem in Zhuhai has not formed and that rapid expansion of construction land has caused the shortage of cultivated land and other issues. Measures should be taken to control the construction area, improve land intensive utilization and improve the land ecological security.
基金supported by the Jiangsu Provincial Natural Science Foundation of China(no.BK20150721)the 2017 National Key Research and Development Program of China(no.2017YFB0802900)
文摘Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade,but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network(HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.
基金Supported by the National Natural Science Foun-dation of China (60573047)
文摘Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.
基金funded by the National Natural Science Foundation of China(Grant No.41625001,31660233).
文摘China is the world’s largest consumer of pork and grains.However,African swine fever(ASF)and the COVID-19 outbreak have greatly impacted the pork supply and food security in China.How can food security and the pork supply be ensured under the dual impacts of COVID-19 and ASF?This is a major problem to be urgently solved by the Chinese government.This study indicated that the main pork production and sales areas in China were separated,which reflected the spatial imbalance between the supply and demand.The total area of suitable selected sites for pig farms in China is 21.5 million ha.If only the areas with levels of high and moderate suitability are considered as potential sites for pig farms,the potential pork production can reach 56.1 million tons in China,which is slightly lower than demand.Due to the impact of the ASF epidemic,the food consumed by pigs has been reduced by 34.7 million tons.However,with increasing pork productivity in the future,the self-sufficiency rate of grains may further decline.On the premise that the quality of people’s life is not affected,the diversification of meat supply channels should be realized in an orderly and sustainable way,which might alleviate the pressure on food supply.This study provides a theoretical reference for the spatiotemporal layout of the swine industry and addresses the issue of food security in China under the influence of ASF and the COVID-19 outbreak.
基金Supported by the National Natural Science Foundation of China under Grant Nos 61472048,61402058,61272511,61472046,61202082 and 61370194the Beijing Natural Science Foundation under Grant No 4152038the China Postdoctoral Science Foundation Funded Project under Grant No 2014M561826
文摘To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.
基金the Odisha State Higher Education Council for providing a Ph.D.fellowship under Odisha University Research and Innovation Incentivization Plan(OURIIP)2020(278/83/OSHEC)。
文摘Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particular importance for developing economies. This study intends to verify the relative status of SLS of the 30 districts in Odisha, which is a backward state in eastern India. In this study, a total of 22 relevant indicators relating to the three components of SLS—ecological security, social equity, and economic efficiency have been taken, based on various kinds of government reports. The principal component analysis(PCA) was used to ascertain the indicators and the importance of each of them to the corresponding component of SLS. The ecological security index(ESI), social equity index(SEI), economic efficiency index(EEI), and composite sustainable livelihood security index(CSLSI) of each district of Odisha were calculated through the min-max normalization technique. The results revealed that there are wide variations in SLS among the districts of Odisha. In this study, the districts are categorized into four levels based on the scores of ESI, SEI, EEI, and CSLSI as very low(<0.400), low(0.400–0.549), medium(0.550–0.700), and high(>0.700). According to the classification result of CSLSI, 2 districts are found to be in the very low category, 20 districts are under the low sustainability category, 8 districts are in the medium category, and none of the districts are found to be in the high sustainability category. The district of Sambalpur ranks the highest with a CSLSI score of 0.624. The bottom five districts are Gajapati, Bolangir, Nabarangpur, Kandhamal, and Malkangiri, having the CSLSI scores of 0.438, 0.435, 0.406, 0.391, and 0.344, respectively. The result of this study suggests that region-specific, systematic, and proactive approaches are desirable for balanced development in Odisha. Further, policy intervention is required to implement more inclusive tribal welfare policies.
基金This project is supported by the Hubei Key Laboratory Hydropower Construction and Management Project,China Three Gorges University,and Center of China Central Economic Development in Nanchang University
文摘The assessment of water security is an important content in the security management of water resources due to the fact that the state of water security directly affects both the sustainable development of regional economy and the improvement on the living quality of mankind. Grey associative analysis is introduced and applied to assessment of water security on the basis of grey characteristics of the assessment index system of water security. As a case study shows, grey associative analysis is used for evaluating water security of some provinces in China, and the satisfactory assessment results are obtained. The sequence of provinces in China with regard to water security from good to poor is obtained and, moreover, the water security level of each region is also confirmed. The results obtained accord with the actual state of each region. They are of practical significance and can be used to guide the management of regional water security and a sustainable development of the economy therein. At the same time, the results demonstrate that grey associative analysis provides a new method for assessing water
文摘In this paper, we lower the upper bound of the number of solutions of oracletransformation polynomial F(x) over GF(q) So one can also recover all the secrete keys with fewercalls We use our generalized ' even-and-odd test' method to recover the least significant p-adic'bits' of representations of the Lucas Cryptosystem secret keys x Finally, we analyze the EfficientCompact Subgroup Trace Representation (XTR) Diffic-Hellmen secrete keys and point out that if theorder of XIR-subgroup has a specialform then all the bits of the secrete key of XIR ean be recoveredform any bit of the exponent x.
基金Supported by Zhejiang Provincial Natural Science Foundation (Y604137)Student Research Training Program in Zhejiang University
文摘The paper analyzes the theory and application of Markowitz Mean-Variance Model and CAPM model. Firstly, it explains the development process and standpoints of two models and deduces the whole process in detail. Then 30 stocks are choosen from Shangzheng 50 stocks and are testified whether the prices of Shanghai stocks conform to the two models. With the technique of time series and panel data analysis, the research on the stock risk and effective portfolio by ORIGIN and MATLAB software is conducted. The result shows that Shanghai stock market conforms to Markowitz Mean-Variance Model to a certain extent and can give investors reliable suggestion to gain higher return, but there is no positive relation between system risk and profit ratio and CAPM doesn't function well in China's security market.
基金the support provided by the University of Asia Pacific and Institute for Energy, Environment, Research and Development (IEERD)
文摘In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept and next generation smart living. Various case examples have been studied and a brief summary has been provided.Furthermore, a statistical analysis has been provided in terms of security management in smart living where it is found that young technocrats give the highest importance to security management in smart living. Last but not the least, current limitation, constraints, and future scope of security implementation have been discussed in terms of crowd energy clustered with next generation smart living.
基金Project supported by the National Natural Science Foundation of China (Grant No 60472018).
文摘In this paper security of the quantum key distribution scheme using correlations of continuous variable Einstein- Podolsky-Rosen (EPR) pairs is investigated. A new approach for calculating the secret information rate △I is proposed by using the Shannon information theory. Employing an available parameter F which is associated with the entanglement of the EPR pairs, one can detect easily the eavesdropping. Results show that the proposed scheme is secure against individual bearn splitter attack strategy with a proper squeeze parameter.
基金This work is the result of commissioned research project supported by the Affiliated Institute of ETRI(2022-086)received by Junho AhnThis research was supported by the National Research Foundation of Korea(NRF)Basic Science Research Program funded by the Ministry of Education(No.2020R1A6A1A03040583)this work was supported by Korea Institute for Advancement of Technology(KIAT)Grant funded by the Korea government(MOTIE)(P0008691,HRD Program for Industrial Innovation).
文摘This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.
基金The publication is produced within the framework of Ramon Alcarria y Borja Bordel’s research projects on the occasion of their stay at Argonne Labs(Jose Castillejo’s 2021 grant)supported by the Ministry of Science,Innovation andUniversities through the COGNOS project.
文摘Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.
