Table of Content

    15 August 2016, Volume 2 Issue 8
    “Internet +”Power: Overview of AsiaInfo Secruity’s Cyber Security
    2016, 2(8):  670-684. 
    Asbtract ( )   PDF (1873KB) ( )  
    Related Articles | Metrics
    An Overview of Hadoop Security Framework
    2016, 2(8):  684-698. 
    Asbtract ( )   PDF (12399KB) ( )  
    References | Related Articles | Metrics
    Hadoop has become the most popular analysis framework which is used to open source of cloud computing and big data , at the same time,its security mechanism has also been treated as a critical item. This paper first gives an overview on Hadoop design principle, architecture, major threat, security mechanism, and design challenge which include the security solutions of enterprise and the security mechanism of Hadoop. The research on security mechanism of Hadoop are active, which present trusted platform, encryption algorithm,mixed encryption algorithm,TDEA and parallel encrypt algorithm and so on. Since Hadoop ecosystem involves many components, and different components have different security mechanisms, the current research focus is to enhance finegrained, highly modular, expandability and other aspects, while taking the performance, cost, usability and other issues into account.
    A High Code Coverage Static and Dyamic Combined Fuzzing Method
    2016, 2(8):  699-705. 
    Asbtract ( )   PDF (6669KB) ( )  
    References | Related Articles | Metrics
    AbstractFuzzing testing is the mainstream automation solution to browser software vulnerabilities discovery, but those methods usually dont pay attention to the code coverage, which may lead to the same execution path covered by many test cases without being noticed, and make the overall code coverage low and ineffective. To achieve high code coverage, this paper discussed a code coverage directed fuzzing test method, which makes advantage of both static and dynamic test cases generation. First, a basic sample collection is constructed for static mutation, and then the results of static mutation are inserted into the dynamic random engine. Second, the dynamic engine loads and executes the test cases, and code path coverage is collected though the monitoring engine, which is fed back to the static mutation engine to aid its test cases producing more effectively. Finally potential vulnerabilities are detected by dynamic monitoring engine. The experiment result of prototype system called DASFuzzer shows that the method proposed can effectively improve the code coverage of the testing process, and can accurately detect the unknown vulnerabilities.
    Consistency of Two Code Links
    2016, 2(8):  706-711. 
    Asbtract ( )   PDF (3168KB) ( )  
    References | Related Articles | Metrics
    Consistency of two operations means the error generated in substituting one with the other, or in changing the location and order of two variables in equations that contains both of them. Addition modulo 2n+1 and addition modulo 2n-1 are two code links which are used in cryptography algorithms. This paper analyzed the consistency of addition modulo 2n+1 and addition modulo 2n-1 under equality, distributive law and associative law. According to these three case, the probability formulas of equality, equality under distributive law and equality under associative law are presented. Finally, the consistency characters in different case are given with respect to probability formulas.
    The Research on Cyberspace Security Countermeasures Simulation Model
    2016, 2(8):  0-0. 
    Asbtract ( )   PDF (6359KB) ( )  
    References | Related Articles | Metrics
    Facing more and more serious Internet security problems and the shortage of network security professionals, the problem of how to cultivate professionals rapidly must be urgently resolved. Cyberspace security confrontation simulation is a method that can cultivate security professionals efficiently and improve the ability of security technology. Currently, network security competitions mainly consist of four models, namely pointtopoint confrontation, oneway attack, public positional interattack and private positional interattack, whose notion and boundaries between each other, however, are ambiguous and confusing. This paper classified these models according to characteristics of the athletes and the target network. They can be classified as single role and dual role model, based on the athletes character; the single level and multilevel model, based on the target network. A dual role of multilevel network confrontation simulation model is proposed and constructed. A cyberspace security confrontation simulation system based on cloud computing and virtualization is designed. This system has been stably used in the Information Security and Countermeasures Contest in 2015, whose deployment efficiency and system stability has been tested with results showing that this system was highly reliable and suitable.
    Research on Cryptographic Access Control and Its Applications
    2016, 2(8):  721-728. 
    Asbtract ( )   PDF (7726KB) ( )  
    References | Related Articles | Metrics
    Cryptographic access control is a hot topic in recent years and has wide promising applications. This paper firstly analysed new threats and challenges for traditional access control methods in cloud computing. The cryptographic access control was categorized into symmetrickey cryptography based and public key cryptography based mechanisms, and main schemes of the two types were discussed later. Its application in encrypted file systems and securing cloud storage was introduced as well. Finally, this paper analysed main problems, challenges and further research directions for future discussion about cryptographic access control.
    A Review on Image Reversible Data Hiding
    2016, 2(8):  729-734. 
    Asbtract ( )   PDF (5707KB) ( )  
    References | Related Articles | Metrics
    Reversible data hiding (RDH) is a special data hiding technique in which the original cover medium can be exactly extracted from the marked content. By this technique, besides the embedded secret data, the cover medium can be recovered from the marked data as well. Unlike the conventional data hiding techniques such as digital watermarking and steganography, the specific property of RDH is the perfect recovery of both of the cover medium and embedded secret data. In general, RDH is a fragile technique and it poses no robustness against any possible attack. For a desired embedding capacity and a cover data such as uncompressed digital image, to achieve better embedding performance, the encoder expects to minimize the embedding distortion (measured by PSNR in dB) to obtain a good marked image quality. This technique has attracted considerable interests from the data hiding community in the past two decades, and there is a rapid increase of applications that utilize RDH including image authentication, medical image processing, and stereo image coding, etc. In this paper, current RDH techniques for digital images are briefly reviewed by introducing the following four types of schemes: lossless compression based schemes, integertointeger transform based schemes, expansion and shifting based schemes, and content adaptive schemes.
    Spread Spectrum Information Hiding with PN Sequence Mask
    2016, 2(8):  735-740. 
    Asbtract ( )   PDF (6121KB) ( )  
    References | Related Articles | Metrics
    Data hiding has attracted increasing attention as an important research field in information security. Conventional additive spreadspectrum (SS) data embedding has a dangerous security flaw that unauthorized receivers can blindly extract hidden information without the knowledge of carrier. In this paper, pseudonoise (PN) masking technique is adopted as an efficient security measure against illegitimate data extraction. The proposed PNsequence masked SS embedding can offer efficient security against current SS embedding analysis without introducing any additional distortion to host nor notable recovery performance loss. To further improve the recovery performance, optimal carrier design for PNmasked SS embedding is also developed. With any given host distortion budget, we aim at designing a carrier to maximize the output signaltointerferenceplusnoise ratio (SINR) of the corresponding maximumSINR linear filter. The extensive experimental studies confirm our analytical performance predictions, illustrate the benefits of the designed PN masked optimal SS embedding and verify the resistance of this spreadspectrum information hiding against blind detection.
    Analysis and Research for Technical Risk of the Users in Cloud Computing
    2016, 2(8):  741-746. 
    Asbtract ( )   PDF (4516KB) ( )  
    References | Related Articles | Metrics
    Assess the possible risks for the various areas of information security is a very important part, and it runs through the entire process of building information systems in the environment of cloud computing. With the progress of the times, to protect the users data security and to prevent risk related technology is already a very important research topic at the present. And, improving risk analysis and research for technology users are very necessary for the security of critical information systems, and the development of cloud computing and security industry. Firstly, make a brief summary to the assets of the cloud computing environment, threats and vulnerabilities, and lead to definitions and categories about technical risk for users, and propose solutions to avoid the risk.
    Protection Against ZeroDay Exploit Struts2 S2-032 with Dynamic Morphism Technology
    2016, 2(8):  747-753. 
    Asbtract ( )   PDF (5548KB) ( )  
    References | Related Articles | Metrics
    With the development of enterprise informatization and the internetenabled application system,the threats of cyber security are changing rapidly in quantity and variety. Traditional protection technology is showing obvious drawbacks in response to the emerging security threats, especially in the areas of zeroday attacks and automated attacks which are also called ‘Bots’. This article uses Struts2 S2032 vulnerability as an example to analyze the innovation of dynamic morphism technology and the effectiveness of its protection mechanism against Struts2 and other widespread cyber threats.
    The Research and Practice of the Encryption Algorithm Promotion for the Financial Information System
    2016, 2(8):  754-759. 
    Asbtract ( )   PDF (4727KB) ( )  
    References | Related Articles | Metrics
    The characters of financial information system and the encryption algorithms are described. In addition, the encryption application of financial information system is analyzed. Basing on the above contents, the technical points and implementation method of the encryption algorithm promotion for financial information system is proposed. In addition, the practice of encryption algorithm promotion for financial information system is taken into account. It is proved that encryption algorithm promotion for financial information system is feasible and the engineering can drive the whole industry to promote.
    Defense the Evolutionary of Cyber Threats to Build a Cyber Security of Smart City
    2016, 2(8):  760-764. 
    Asbtract ( )   PDF (946KB) ( )  
    Related Articles | Metrics
    当前,智慧城市、智慧生活已成为移动互联网、物联网、云计算等技术与 O2O、C2C、共享经 济等商业模式交叉融合的产物,也是科技巨擘争相布局的创新热土和现代城市发展演化的重要方 向。在智慧城市建设过程中,智慧应用与网络安全密不可分,二者往小处说有可能涉及个人隐私 泄露,往大处说,事关危机处理、决策判断。因此,在与不断演化的网络威胁对抗中,就需要将 网络安全防护系统纳入到智慧城市管理系统之中,建立和建成“网络平安城市”。