Journal of Information Security Reserach

Research of the Index of National Cybersecurity

Lv Xin

2016, 2(9): 766-773.

Asbtract ( )

PDF (1086KB) ( )

Related Articles | Metrics

The Overview of Cyber Securty Legislation in China

2016, 2(9): 775-780.

Asbtract ( )

PDF (5435KB) ( )

References | Related Articles | Metrics

The Legislation of Data Localization and the International Rules of Digital Trade

2016, 2(9): 781-786.

Asbtract ( )

PDF (5292KB) ( )

References | Related Articles | Metrics

The international rules of digital trade is one of the most important issues in the international trade field, and data localization is one of the focus. After the Snowden event in 2013, the legislation number of data localization in the world has increased rapidly. “Localization” contains the following meanings:“service localization”, “facilities localization” and “data localization”, which are contained in the Chapter 10 and 14 of TransPacific Partnership Agreement. For countries which adopt measures of data localization. There are three kinds of legislation and policies:data is stored in their data center,and they also prevent data from being sent outside the country; they require the prior consent of the data subject before data is transferred across borders; they require the copies of data to be stored domestically and so on. In the future, reducing the rules of data localization and making reasonable limits to the crossborder data will be one of the most important issues in bilateral and multilateral field. For the national legislators and regulators, how to coordinate the international rules and domestic legislation and more effectively promote the development of the digital economy is one of their main missions.

The Analysis of CrossBorder Data Flows from Perspective of Sovereignty

2016, 2(9): 787-791.

Asbtract ( )

PDF (4561KB) ( )

References | Related Articles | Metrics

The concept of data sovereignty derives from national sovereignty theory, emphasizing on the exclusive rights of the nation. The data has some attributes of the “thing”, and thus the utilization of data is similar as that of thing. All these can attribute the exclusive control of the subject on the application of data. The broad concept of data sovereignty includes the national data power and personal data rights. The crossborder data flows have brought challenges to national sovereignty and posed issues regarding data retention, private relief and enterprise's compliance. The legislation of Cybersecurity Law in our country should provide the principle of data sovereignty, enhance the consciousness of national sovereignty, strengthen the national exclusive power on data and clarify the boundaries between the national power and the private rights regarding data, which can be helpful to deal with the challenge and issues posed by crossborder data flows.

Study on Release Risks and Protecting Strategies of Privacy During Government's Open Data

2016, 2(9): 792-801.

Asbtract ( )

PDF (8054KB) ( )

References | Related Articles | Metrics

The Tort Liability of Network Platform System Vulnerability

2016, 2(9): 802-808.

Asbtract ( )

PDF (5949KB) ( )

References | Related Articles | Metrics

AbstractIn recent years，the network platforms are showing a characteristic of prosperity andcompetition. However，more new system security problems, more new requirements for existing laws. There are more and more cases happened that user legal rights have been infringed. In fact，it is impossible to find judicial adjudicative document having legal force for this type of case of judicial judging．Network platforms should take actions for its information security obligations. Based on the principle of equitable liability of tort liability act，network platformsshould be liable for the damage of tort that system vulnerability caused within a reasonable range.

The Strategic Positioning of Cyber Security Legislation from the Perspective of Cyber Governance Modernization

2016, 2(9): 809-814.

Asbtract ( )

References | Related Articles | Metrics

Through the analysis of institutionalization and legalization in the modernization of national governance system, the rule of law requires that the cyber security law is in the dominant position in promoting the modernization of network governance. Think: modern network management requires the construction of constitution first, delimits the boundary of all subject , makes sure the citizens enjoy free internet access and constructs the coordinated,balanced and ordered informational security law, In additon, through the implementation of the law in national deployment, the network into the orbit of rule of law,and the build of network order to promote the modernization of network governance,informational security law can provide environment for the rule of law, protection of privacy and data security, and can establish legal thinking to promote the modernization of network governance.

Analysis on the Trend of Cybersecurity Legislation in the Era of Big Data

2016, 2(9): 815-820.

Asbtract ( )

PDF (5093KB) ( )

References | Related Articles | Metrics

In the era of big data, the cyber security legislation is challenged by the development of technology and showing diversified trends—from “invasion” regulation to “attack” governance, from “three properties of cyber security” to “trusted key element”, from “IT security” to “CPS security”, from cyber security “content governance” to “stereoscopic” governance. In the content of legislation, we should pay attention to establish the allwave situational awareness of cyber security early warning, rational design of data localization legislative and cyber security review system and information sharing system for guard against network attack, establish the state of emergency strategic contingency plan, adjust the content security mode of thinking, guide the system design of cyber security legislation by “stereoscopic” mode of thinking.

Mismatch Steganalysis Method Based on Hybrid Dictionary Learning

2016, 2(9): 821-826.

Asbtract ( )

PDF (4987KB) ( )

References | Related Articles | Metrics

Steganalysis technology is more and more close to machine learning in recent years. Dictionary learning, as a crucial research domain in machine learning, shows the unique advantages in solving numerous practical problems, but its research results in steganalysis domain are limited. To address the mismatch of steganography and embedding rate which are needed to be solved in steganalysis domain, we propose a steganalysis algorithm based on hybrid dictionary learning. In order to encode the differences between cover images and stego images, our algorithm learns specific subdictionaries for two kinds of images, at the same time, a shared dictionary is learned for representing the common content. Except it, we learn a synthesis dictionary for data reconstruction, and an analysis dictionary for classification. The experimental results demonstrate the steganalysis based on hybrid dictionary learning has high performance.

Research on the Framework of Smart City Cyber Security

2016, 2(9): 827-833.

Asbtract ( )

PDF (7095KB) ( )

References | Related Articles | Metrics

In order to ensure the healthy and orderly development of smart city, the government issued the Guidance on Promoting the Healthy Development of Smart City. The guidance clearly puts forward the need to ensure longterm security of smart city network, establish urban cyber security guarantee system and management system, achieve security controllability of basic network and key information system, guarantee the security of important information resources, and effectively protect the information of residents, enterprises and government. This paper analyzes the characteristics and cyber security demands of smart city. Based on system engineering method, this paper adopts model abstract and AHP method to put forward the smart city cyber security reference framework. According to the functions of assurance, smart city cyber security assurance system can be divided into smart city cyber security strategic assurance subsystem, smart city cyber security organizational assurance subsystem, smart city cyber security technical assurance subsystem, smart city cyber security management procedural subsystem, and smart city cyber security operational assurance subsystem. By building a complete and systemic smart city cyber security assurance system, a manageable, controllable and credible smart city network can be realized. The assurance system will boost the healthy development of smart city. In addition, this paper also studies the process model of smart city cyber security assurance, which will provide technical reference for the establishment of sustainable smart city cyber security assurance capability.

Research on Trusted Computing Technology and Its Development

2016, 2(9): 834-844.

Asbtract ( )

PDF (8392KB) ( )

References | Related Articles | Metrics

Trusted computing is an important application and research branch of the information security field, it is an effective mechanism to solve the current information security from the view of system. This paper describes the concept of trusted computing technology, and mainly analyzes the system of key management and the type of certificate in the trusted computing domain, and discusses the trusted platform module (TPM) and trusted computing platform (TCP). Based on the research of basic theory and realization method in the trusted computing domain,this paper summarizes the research progress of trusted computing and put forward the research direction of trusted computing.

Research on Network Genetic Map

2016, 2(9): 844-849.

Asbtract ( )

PDF (5746KB) ( )

References | Related Articles | Metrics

With the increasing deeply fusion of the mancyberphysical ternary world, human activities have already surged the boundary of original real space and is showing the linkage of online and offline . This provides convenient conditions for behavior anomie, network crime and engaging in activities endangering state security and so on. Whats more, the anonymity, encrypted communication and mobility and other network characteristics may increase the difficulty of law enforcement for administrative department. Inspired by biological gene, this paper puts forward the concept of “Network Genetic Map” for the first time. It covers the biological, social and network attributes and can break through two technical problems, namely identity authentication is easy to forge and the mapping between virtual and real world is difficult to create. The new concept has the following merits: firstly, it can give a unique identification for an entity; secondly, able to reflect ones essence; thirdly, have the ability to calculate, for example, to infer, to complete, to forecast and so on. Network Genetic Map may provide a new technical support for making an allround cognition on an entity, identifying entities in crossdomain, preventing or cracking down entity crime and so on, which is of great theoretical and practical significance.

Smart Grid Application Systems Lifecycle Security Framework

2016, 2(9): 850-855.

Asbtract ( )

PDF (4920KB) ( )

References | Related Articles | Metrics

AbstractWith the advance of smart grid construction, the number of users increases, and the twoway interactive communication is stronger and stronger, application system is more integrated, and there are risks that the system integrity, confidentiality and availability of business system integrity is destroyed and smart devices, intelligent terminals and users' terminals are illegally fraudulent, illegally remotely controlled and illegally operated. The lifecycle security framework of smart grid applications is proposed, which defines seven aspects of security requirements including the planning, requirements, designment, development, testing, online operation and maintenance and the abandoned part, making information security technology and management measures cover the entire software life cycle.

Cyberspace Sovereignty: The Essence of the Second Draft of Cybersecurity Law

2016, 2(9): 856-860.

Asbtract ( )

PDF (762KB) ( )

Table of Content