Based on the status of land ecological resources in Hohhot, 20 indexes covering nature, resource environment, economy and society were selected and the evaluation index system was established. With the principal compo...Based on the status of land ecological resources in Hohhot, 20 indexes covering nature, resource environment, economy and society were selected and the evaluation index system was established. With the principal component analysis, the land ecological security of Hohhot from 2009 to 2015 was analyzed. The results showed that the land ecological security of Hohhot was declining year by year in 2009-2015. Besides, per capital GDP and public green area, the proportion of in- dustry and the price index of agricultural and animal husbandry production materials were the key factors influencing the land ecological security of Hohhot. The key for protection of the land ecological security may lie in the protection of land quality and prevention of land degradation in farming and stock-breeding areas.展开更多
In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions t...In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.展开更多
A fault injection model-oriented testing strategy was proposed for detecting component vulnerabilities.A fault injection model was defined,and the faults were injected into the tested component based on the fault inje...A fault injection model-oriented testing strategy was proposed for detecting component vulnerabilities.A fault injection model was defined,and the faults were injected into the tested component based on the fault injection model to trigger security exceptions.The testing process could be recorded by the monitoring mechanism of the strategy,and the monitoring information was written into the security log.The component vulnerabilities could be detected by the detecting algorithm through analyzing the security log.Lastly,some experiments were done in an integration testing platform to verify the applicability of the strategy.The experimental results show that the strategy is effective and operable.The detecting rate is more than 90%for vulnerability components.展开更多
With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQ...With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.展开更多
This paper reviews the history and lessons of global oil crises while exploring the establishment of a quantitative evaluation model for oil security with Chinese characteristics.Using principal component analysis,it ...This paper reviews the history and lessons of global oil crises while exploring the establishment of a quantitative evaluation model for oil security with Chinese characteristics.Using principal component analysis,it constructs an oil security evaluation indicator system for China with two main-level indicators:foreign oil dependency and its impacts,and market intervention and security assurance.展开更多
Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed too...Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed tool outputs.When dealing with technical language,the coexistence of structured and unstructured data poses serious issues for traditional BERT-based techniques.We introduce a three-phase approach for improved NER inmulti-source cybersecurity data that makes use of large language models(LLMs).To ensure thorough entity coverage,our method starts with an identification module that uses dynamic prompting techniques.To lessen hallucinations,the extraction module uses confidence-based self-assessment and cross-checking using regex validation.The tagging module links to knowledge bases for contextual validation and uses SecureBERT in conjunction with conditional random fields to detect entity boundaries precisely.Our framework creates efficient natural language segments by utilizing decoderbased LLMs with 10B parameters.When compared to baseline SecureBERT implementations,evaluation across four cybersecurity data sources shows notable gains,with a 9.4%–25.21%greater recall and a 6.38%–17.3%better F1-score.Our refined model matches larger models and achieves 2.6%–4.9%better F1-score for technical phrase recognition than the state-of-the-art alternatives Claude 3.5 Sonnet,Llama3-8B,and Mixtral-7B.The three-stage architecture identification-extraction-tagging pipeline tackles important cybersecurity NER issues.Through effective architectures,these developments preserve deployability while setting a new standard for entity extraction in challenging security scenarios.The findings show how specific enhancements in hybrid recognition,validation procedures,and prompt engineering raise NER performance above monolithic LLM approaches in cybersecurity applications,especially for technical entity extraction fromheterogeneous sourceswhere conventional techniques fall short.Because of itsmodular nature,the framework can be upgraded at the component level as new methods are developed.展开更多
Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particu...Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particular importance for developing economies. This study intends to verify the relative status of SLS of the 30 districts in Odisha, which is a backward state in eastern India. In this study, a total of 22 relevant indicators relating to the three components of SLS—ecological security, social equity, and economic efficiency have been taken, based on various kinds of government reports. The principal component analysis(PCA) was used to ascertain the indicators and the importance of each of them to the corresponding component of SLS. The ecological security index(ESI), social equity index(SEI), economic efficiency index(EEI), and composite sustainable livelihood security index(CSLSI) of each district of Odisha were calculated through the min-max normalization technique. The results revealed that there are wide variations in SLS among the districts of Odisha. In this study, the districts are categorized into four levels based on the scores of ESI, SEI, EEI, and CSLSI as very low(<0.400), low(0.400–0.549), medium(0.550–0.700), and high(>0.700). According to the classification result of CSLSI, 2 districts are found to be in the very low category, 20 districts are under the low sustainability category, 8 districts are in the medium category, and none of the districts are found to be in the high sustainability category. The district of Sambalpur ranks the highest with a CSLSI score of 0.624. The bottom five districts are Gajapati, Bolangir, Nabarangpur, Kandhamal, and Malkangiri, having the CSLSI scores of 0.438, 0.435, 0.406, 0.391, and 0.344, respectively. The result of this study suggests that region-specific, systematic, and proactive approaches are desirable for balanced development in Odisha. Further, policy intervention is required to implement more inclusive tribal welfare policies.展开更多
We investigate the weight-based food self-sufficiency ratio (WSSR) for Japan over a 50-year period (1961-2011) by applying factorial component analysis technique in order to measure the changes of the WSSR quantitativ...We investigate the weight-based food self-sufficiency ratio (WSSR) for Japan over a 50-year period (1961-2011) by applying factorial component analysis technique in order to measure the changes of the WSSR quantitatively. Quantitative data analysis is employed to determine the drivers of those changes. Numerical results show that Japan experienced a drastic decline in its food self-sufficiency ratio (FSSR) during the above period. The factorial component analysis shows that such a decline was caused by the changes in the FSSR of the food groups/items, not in the quantity of the food supply. A number of characteristics of those changes are presented and a list of major food groups that have major impacts on the changes is constructed. The findings in this paper reiterate the alarming food security problem in Japan and provide clear insight into the causes of this problem. The findings in this study pick up where previous studies have left off, aid the food-related policy-making process and identify new ideas for future food research.展开更多
Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code err...Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual <span style="font-family:Verdana;">assumptions bugs</span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">,</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> etc. Most existing security practices in e-Commerce are</span></span></span><span><span><span style="font-family:;" "=""><span style="font-family:Verdana;"> dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but </span><span style="font-family:Verdana;">also fail to find vulnerabilities, which have been established in complianc</span><span style="font-family:Verdana;">e </span><span style="font-family:Verdana;">with application logic. In this paper, we will investigate the problem of business</span><span style="font-family:Verdana;"> logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for compo</span><span style="font-family:Verdana;">nent-based e-commerce application, based on security requirement of</span><span style="font-family:Verdana;"> e-business </span><span style="font-family:Verdana;">process and security assurance logical component behaviour specification</span><span style="font-family:Verdana;"> ap</span><span style="font-family:Verdana;">proach to formulize and design a solution for business logic vulnerability</span><span style="font-family:Verdana;"> phenomena.</span></span></span></span>展开更多
Security testing is a key technology for software security.The testing results can reflect the relationship between software testing and software security,and they can help program designers for evaluating and improvi...Security testing is a key technology for software security.The testing results can reflect the relationship between software testing and software security,and they can help program designers for evaluating and improving software security.However,it is difficult to describe by mathematics the relationship between the results of software functional testing and software nonfunctional security indexes.In this paper,we propose a mathematics model(MSMAM)based on principal component analysis and multiattribute utility theory.This model can get nonfunctional security indexes by analyzing quantized results of functional tests.It can also evaluate software security and guide the effective allocation of testing resources in the process of software testing.The feasibility and effectiveness of MSMAM is verified by experiments.展开更多
The security assurance of computer-based systems that rely on safety and security</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="fon...The security assurance of computer-based systems that rely on safety and security</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This target</span><span style="font-family:Verdana;">s</span><span style="font-family:Verdana;"> the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">system. This research addresses security and information assurance for safety-critical systems, where security and safety </span><span style="font-family:Verdana;">are</span><span style="font-family:Verdana;"> addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.展开更多
Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keywor...Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.展开更多
Sensitive data leak can cause significant loss for some organizations, especially for technology intensive companies and country security departments. Traditional mandatory access control (MAC) can only control whethe...Sensitive data leak can cause significant loss for some organizations, especially for technology intensive companies and country security departments. Traditional mandatory access control (MAC) can only control whether the user can access the sensitive data or not, and cannot prevent the user to leak or spread the data. So even designed impeccable access control policies, we still cannot prevent inside leak. A nature solution is using physical isolation to prevent sensitive data from being leaked outside network;however inside the physical isolated network, data still can be spread from one subnet to another. We present Secure Subnet System, a BLP model base security system that can provide more strong access control, which is called mandatory action control. In our system after a user read sensitive data, system will dynamically change security policies to prevent the user to leak these data or spread the data outside to another subnet. We use a state machine model to describe our system, and use secure transfer equations to dynamically calculate the system policies for each new state. Our model can be proved to be secure by formal methods. We implemented a demon of our system. In this paper we also show the design details of the demon and evaluate the demon both from security and performance. The evaluation results show that the output of the security tests case are under expected;and the performance test case show that, for the 64KB IO chunk size, IO read loss can be improved to 6.6%, IO write loss can be improved to 1.2% after optimization.展开更多
基金Supported by the Funding Project for the Youth of Education Ministry for the Development of Liberal Arts and Social Sciences(12YJC790058)the Guidance Plan Project for the Natural Science Foundation of Hubei(2013CFC089)the Open-end Fund of Hubei Ecological Culture Research Center,China University of Geosciences(Wuhan)~~
文摘Based on the status of land ecological resources in Hohhot, 20 indexes covering nature, resource environment, economy and society were selected and the evaluation index system was established. With the principal component analysis, the land ecological security of Hohhot from 2009 to 2015 was analyzed. The results showed that the land ecological security of Hohhot was declining year by year in 2009-2015. Besides, per capital GDP and public green area, the proportion of in- dustry and the price index of agricultural and animal husbandry production materials were the key factors influencing the land ecological security of Hohhot. The key for protection of the land ecological security may lie in the protection of land quality and prevention of land degradation in farming and stock-breeding areas.
基金supported by National Natural Science Foundation of China (NSFC grant number:61202110,61401180 and 61502205)the Postdoctoral Science Foundation of China (Grant number:2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province(KYLX15_1079 and KYLX16_0900)
文摘In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.
基金Project(513150601)supported by the National Pre-Research Project Foundation of China
文摘A fault injection model-oriented testing strategy was proposed for detecting component vulnerabilities.A fault injection model was defined,and the faults were injected into the tested component based on the fault injection model to trigger security exceptions.The testing process could be recorded by the monitoring mechanism of the strategy,and the monitoring information was written into the security log.The component vulnerabilities could be detected by the detecting algorithm through analyzing the security log.Lastly,some experiments were done in an integration testing platform to verify the applicability of the strategy.The experimental results show that the strategy is effective and operable.The detecting rate is more than 90%for vulnerability components.
基金supported in part by the National Key R&D Program of China under Grant 2019YFB2102400,2016YFF0204001in part by the BUPT Excellent Ph.D.Students Foundation under Grant CX2019117.
文摘With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.
文摘This paper reviews the history and lessons of global oil crises while exploring the establishment of a quantitative evaluation model for oil security with Chinese characteristics.Using principal component analysis,it constructs an oil security evaluation indicator system for China with two main-level indicators:foreign oil dependency and its impacts,and market intervention and security assurance.
文摘Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed tool outputs.When dealing with technical language,the coexistence of structured and unstructured data poses serious issues for traditional BERT-based techniques.We introduce a three-phase approach for improved NER inmulti-source cybersecurity data that makes use of large language models(LLMs).To ensure thorough entity coverage,our method starts with an identification module that uses dynamic prompting techniques.To lessen hallucinations,the extraction module uses confidence-based self-assessment and cross-checking using regex validation.The tagging module links to knowledge bases for contextual validation and uses SecureBERT in conjunction with conditional random fields to detect entity boundaries precisely.Our framework creates efficient natural language segments by utilizing decoderbased LLMs with 10B parameters.When compared to baseline SecureBERT implementations,evaluation across four cybersecurity data sources shows notable gains,with a 9.4%–25.21%greater recall and a 6.38%–17.3%better F1-score.Our refined model matches larger models and achieves 2.6%–4.9%better F1-score for technical phrase recognition than the state-of-the-art alternatives Claude 3.5 Sonnet,Llama3-8B,and Mixtral-7B.The three-stage architecture identification-extraction-tagging pipeline tackles important cybersecurity NER issues.Through effective architectures,these developments preserve deployability while setting a new standard for entity extraction in challenging security scenarios.The findings show how specific enhancements in hybrid recognition,validation procedures,and prompt engineering raise NER performance above monolithic LLM approaches in cybersecurity applications,especially for technical entity extraction fromheterogeneous sourceswhere conventional techniques fall short.Because of itsmodular nature,the framework can be upgraded at the component level as new methods are developed.
基金the Odisha State Higher Education Council for providing a Ph.D.fellowship under Odisha University Research and Innovation Incentivization Plan(OURIIP)2020(278/83/OSHEC)。
文摘Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particular importance for developing economies. This study intends to verify the relative status of SLS of the 30 districts in Odisha, which is a backward state in eastern India. In this study, a total of 22 relevant indicators relating to the three components of SLS—ecological security, social equity, and economic efficiency have been taken, based on various kinds of government reports. The principal component analysis(PCA) was used to ascertain the indicators and the importance of each of them to the corresponding component of SLS. The ecological security index(ESI), social equity index(SEI), economic efficiency index(EEI), and composite sustainable livelihood security index(CSLSI) of each district of Odisha were calculated through the min-max normalization technique. The results revealed that there are wide variations in SLS among the districts of Odisha. In this study, the districts are categorized into four levels based on the scores of ESI, SEI, EEI, and CSLSI as very low(<0.400), low(0.400–0.549), medium(0.550–0.700), and high(>0.700). According to the classification result of CSLSI, 2 districts are found to be in the very low category, 20 districts are under the low sustainability category, 8 districts are in the medium category, and none of the districts are found to be in the high sustainability category. The district of Sambalpur ranks the highest with a CSLSI score of 0.624. The bottom five districts are Gajapati, Bolangir, Nabarangpur, Kandhamal, and Malkangiri, having the CSLSI scores of 0.438, 0.435, 0.406, 0.391, and 0.344, respectively. The result of this study suggests that region-specific, systematic, and proactive approaches are desirable for balanced development in Odisha. Further, policy intervention is required to implement more inclusive tribal welfare policies.
文摘We investigate the weight-based food self-sufficiency ratio (WSSR) for Japan over a 50-year period (1961-2011) by applying factorial component analysis technique in order to measure the changes of the WSSR quantitatively. Quantitative data analysis is employed to determine the drivers of those changes. Numerical results show that Japan experienced a drastic decline in its food self-sufficiency ratio (FSSR) during the above period. The factorial component analysis shows that such a decline was caused by the changes in the FSSR of the food groups/items, not in the quantity of the food supply. A number of characteristics of those changes are presented and a list of major food groups that have major impacts on the changes is constructed. The findings in this paper reiterate the alarming food security problem in Japan and provide clear insight into the causes of this problem. The findings in this study pick up where previous studies have left off, aid the food-related policy-making process and identify new ideas for future food research.
文摘Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual <span style="font-family:Verdana;">assumptions bugs</span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">,</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> etc. Most existing security practices in e-Commerce are</span></span></span><span><span><span style="font-family:;" "=""><span style="font-family:Verdana;"> dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but </span><span style="font-family:Verdana;">also fail to find vulnerabilities, which have been established in complianc</span><span style="font-family:Verdana;">e </span><span style="font-family:Verdana;">with application logic. In this paper, we will investigate the problem of business</span><span style="font-family:Verdana;"> logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for compo</span><span style="font-family:Verdana;">nent-based e-commerce application, based on security requirement of</span><span style="font-family:Verdana;"> e-business </span><span style="font-family:Verdana;">process and security assurance logical component behaviour specification</span><span style="font-family:Verdana;"> ap</span><span style="font-family:Verdana;">proach to formulize and design a solution for business logic vulnerability</span><span style="font-family:Verdana;"> phenomena.</span></span></span></span>
基金Supported by the National Natural Science Foundation of China (91018008,61003268,61103220,91118003)the National Natural Science Foundation of Hubei Province (2010cdb08601)the Fundamental Research Funds for the Central Universities (3101038)
文摘Security testing is a key technology for software security.The testing results can reflect the relationship between software testing and software security,and they can help program designers for evaluating and improving software security.However,it is difficult to describe by mathematics the relationship between the results of software functional testing and software nonfunctional security indexes.In this paper,we propose a mathematics model(MSMAM)based on principal component analysis and multiattribute utility theory.This model can get nonfunctional security indexes by analyzing quantized results of functional tests.It can also evaluate software security and guide the effective allocation of testing resources in the process of software testing.The feasibility and effectiveness of MSMAM is verified by experiments.
文摘The security assurance of computer-based systems that rely on safety and security</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This target</span><span style="font-family:Verdana;">s</span><span style="font-family:Verdana;"> the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">system. This research addresses security and information assurance for safety-critical systems, where security and safety </span><span style="font-family:Verdana;">are</span><span style="font-family:Verdana;"> addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.
基金supported by the National Natural Science Foundation of China (Nos.61202110 and 61502205)the Postdoctoral Science Foundation of China (Nos.2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province (No.KYLX15 1079)
文摘Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.
文摘Sensitive data leak can cause significant loss for some organizations, especially for technology intensive companies and country security departments. Traditional mandatory access control (MAC) can only control whether the user can access the sensitive data or not, and cannot prevent the user to leak or spread the data. So even designed impeccable access control policies, we still cannot prevent inside leak. A nature solution is using physical isolation to prevent sensitive data from being leaked outside network;however inside the physical isolated network, data still can be spread from one subnet to another. We present Secure Subnet System, a BLP model base security system that can provide more strong access control, which is called mandatory action control. In our system after a user read sensitive data, system will dynamically change security policies to prevent the user to leak these data or spread the data outside to another subnet. We use a state machine model to describe our system, and use secure transfer equations to dynamically calculate the system policies for each new state. Our model can be proved to be secure by formal methods. We implemented a demon of our system. In this paper we also show the design details of the demon and evaluate the demon both from security and performance. The evaluation results show that the output of the security tests case are under expected;and the performance test case show that, for the 64KB IO chunk size, IO read loss can be improved to 6.6%, IO write loss can be improved to 1.2% after optimization.
