Table of Content

    15 December 2016, Volume 2 Issue 12
    SURFILTER, Insisting on the Road of Independent Innovation of Information Security -- Review of the Information and Network Security Strategy of SURFILTER
    2016, 2(12):  1054-1067. 
    Asbtract ( )   PDF (5217KB) ( )  
    Related Articles | Metrics
    A Review on Cross-Site Scripting
    Sun Wei
    2016, 2(12):  1068-1080. 
    Asbtract ( )   PDF (9483KB) ( )  
    References | Related Articles | Metrics
    XSS(cross-site scripting) is a type of computer security vulnerability typically found in Web applications. Attackers usually inject malicious scripts into Web pages viewed by other users, and expect the script to be executed. Because of the high flexibility of HTML encoding schemes offering the attacker many possibilities for circumventing input filters, XSS attacks are difficult to detect and prevent. In order to make effective prevention for XSS vulnerabilities, firstly we carefully analyzed and compared the characteristics and principles of Reflected XSS, Stored XSS and DOM-based XSS, then combed the large number of XSS attack vectors with different shapes, and illustrated the common use of XSS vulnerabilities, such as stealing, session hijacking and phishing. Finally, we sorted out the basic means of defense XSS, and summarized the main methods of automatic XSS vulnerability detection including static analysis, dynamic analysis and machine learning.
    Formal Verification Method of Smart Contract
    2016, 2(12):  1080-1089. 
    Asbtract ( )   PDF (7621KB) ( )  
    References | Related Articles | Metrics
    Smart contract is a code contract and algorithm contract and will become the basis of future agreements in digital society. Smart Contract utilizes protocols and user interfaces to facilitate all steps of the contracting process. This paper summarized the main technical characteristics of smart contract and existing problems such as trustworthiness and security and proposed that formal method is applied to the smart contract modeling, model checking and model verification to support the large-scale generation of smart contract. In this paper, a formal verification framework and verification method for smart contract in the whole life circle of smart contract has been proposed. The paper presented a smart shopping scene, in which Promela language is used for modeling a SSC(smart shopping contract) and SPIN is used to simulate and model checking to verify the effect of formal method on smart contract.
    Security Architecture and Key Technologies of Blockchain
    Yan Zhu
    2016, 2(12):  1090-1097. 
    Asbtract ( )   PDF (6838KB) ( )  
    References | Related Articles | Metrics
    Blockchain, both the cryptocurrency and the underlying Bitcoin technology, have attracted significant attention around the world. The reason is that blockchain is a decentralization technology with Consensus Trust Mechanism (CTM), which is obviously different from the traditional centralization system with Outer Trust Mechanism (OTM). This has made a great influence on the trust mechanism of people and promoted the usage of security technology in the blockchain. In this paper, we present the security architecture and key technologies of the blockchain, and explain how the blockchain ensure the integrity, non repudiation, privacy, consistency for the stored data through P2P network, distributed ledger, asymmetric encryption, consensus mechanism and smart contracts. Moreover, we analyze some new security threats and measures, for example, the preventing technology of Denial of Service (DoS) attack against the Transaction Storm (TS), the cryptographic access control (CAC) technology to enhance the data privacy, the key management technology against losing and stealing of digital asset, and so on. We also discuss the future security problems and technologies that might be discovered after the blockchain syncretizes new technologies, including, AI, Big Data, IOT, cloud computing, mobile Internet technologies.
    Research and Application of Security Data Space Construction Method
    Sun Wei
    2016, 2(12):  1098-1104. 
    Asbtract ( )   PDF (6721KB) ( )  
    References | Related Articles | Metrics
    In recent years, the rapid development of E-government generated a series of data security risks: data cannot be accurately mapped to the user and workflow, E-gov system cannot cope with new data security risks. To confront with these problems, a Security Data Space method(including 2D, 3D Security Data Space method) is presented in this paper. 2D Security Data Space build an area which has clear data ownership and boundary by sorting out the relationship between data, workflow, and user. 3D Security Data Space introducing data protection technology into 2D Security Data Space, can protect data ownership and boundary while accurately control the data flow. The Security Data Space method is applied in E-gov system and work effectively. The Security Data Space method can also be extended to other field to enhance the security of data.
    Information Security Events Discovery Based on News Flow
    2016, 2(12):  1105-1109. 
    Asbtract ( )   PDF (3929KB) ( )  
    References | Related Articles | Metrics
    With the popularity of the Internet, people can more easily obtain information from the network and interact with the outside world via the Web in anytime or anywhere. With the access to information easily, security issues come out, such as information disclosure, account passwords stolen and so on, which rise more and more public concern on information security. Nowadays Web news is one of main social media, which contains a large number of public concerning issues, such as information security events. However, security information is often buried in the mass of Web documents, making it inconvenient to quickly obtain recent information security events for readers. Therefore, establishing a method to automatic extracting information security events is significant. In this paper, we regard single sentence as “information security” unit, applying machine learning algorithm to determine whether a sentence containing “information security events” or not. Sentences containing “information security events” are extracted from news documents as the desired results. Via manual training data construction, sentence feature designing and support vector machine (SVM) model training, we propose an automatic method to extract “information security” related sentences from news documents. Experiment result show that, the method discussed in this paper get high precision and recall in information security events discovery, which verify the effectiveness of proposed method.
    The Research of Governance Path of Social Network Based on the Key Node
    Li Yang
    2016, 2(12):  1110-1113. 
    Asbtract ( )   PDF (3391KB) ( )  
    References | Related Articles | Metrics
    With the advent of the internet plus era, social network has been given new functions and meanings, in which the key nodes occupy a crucial position in the topology, and bear significant functions in the social network. With the increase of data scale in social network, the holding data in the key nodes contains a great value, standing on the mining of key nodes and playing an oriented role of key nodes in social network which can help us to understand the operating mechanism and regularity of social network, further govern social network with innovativeness, and serve our economic society effectively.
    Ansafety Authentication Design Based on HTTP Digest for Video Monitoring System
    2016, 2(12):  1114-1121. 
    Asbtract ( )   PDF (4859KB) ( )  
    References | Related Articles | Metrics
    The construction of safe city, it is the key ofsecurity authentication forclien in video monitoring system. In order to make up for the lack of security of SIP, an authentication scheme has been designed based on HTTP digest. Firstly, the principle of SIP and HTTP protocol is analyzed, and it designs the whole structure of video monitoring system, and defines the function of each main component. Then, it designs the scheme of login-Ncancellation and achieving the property list of equipment. Finally, it designs the implementation scheme which include scertification process, chcallenge message header of AG, response message header of MC and parameter of Response. The design idea, in the paper, has a certain reference significance for improving the security of SIP protocol.
    Research on Information Security Risk and Protection Measures of Smart Phone
    2016, 2(12):  1122-1128. 
    Asbtract ( )  
    References | Related Articles | Metrics
    Mobile internet information security issues have become increasingly complex in the past two years. The mobile phone system suffered a serious virus infection and malicious software to steal users information in the face of the grims situation of information security of smart phones, information security protection is of great significance. This paper first analyzes the safety status of intelligent mobile phone and common leak, and the from the system security application security and user security awareness of the three aspects of intelligent mobile phone security measures discussed, finally put forward the design framework of mobile phone anti-theft system based on Android platfoom.
    Surging Cloud Technology -- The Analysis of Cloud Security Issues
    2016, 2(12):  1128-1132. 
    Asbtract ( )   PDF (1658KB) ( )  
    References | Related Articles | Metrics