Table of Content

    16 May 2017, Volume 3 Issue 5
    Microsoft China: The Implementation of Information Security and Cooperative Strategy
    2017, 3(5):  386-397. 
    Asbtract ( )   PDF (1668KB) ( )  
    Related Articles | Metrics
    Privacy Preserving Cloud Computing—With a Focus on Multimedia Applications
    2017, 3(5):  400-411. 
    Asbtract ( )   PDF (11157KB) ( )  
    References | Related Articles | Metrics
    Cloud computing has been a trend that increasing data and application have been moved to cloud, including multimedia data and applications. Loss of control of the data in cloud computing is a critical hurdle for many to adopt public cloud computing. In this article, we review privacy preserving cloud computing technologies, with a focus on multimedia cloud computing, to address the hurdle. These enabling technologies protect user data yet allow the cloud to perform desired computations.
    Secure Operation Platform for Cloud Service
    2017, 3(5):  412-417. 
    Asbtract ( )   PDF (5505KB) ( )  
    References | Related Articles | Metrics
    Cloud Service is a very popular IT service in the past years. The service quality of Cloud Service typically depends largely on the quality of Cloud Service Operation. How to provide reliable, trusted and secure Cloud Service to customer, will crucially rely on a secure operation platform. In this article, transformation from traditional IT operation to Cloud operation and its differences are briefed. The secure operation platform model and core content are elaborated. And then all components of secure operation platform are analyzed and explained. Meanwhile, Cloud security and compliance are elaborated.
    Promoting Information Security Is the Responsibility of the Enterprise
    2017, 3(5):  427-431. 
    Asbtract ( )   PDF (476KB) ( )  
    Related Articles | Metrics
    Study of Security Protection System in Desktop Cloud
    2017, 3(5):  432-439. 
    Asbtract ( )   PDF (7176KB) ( )  
    References | Related Articles | Metrics
    PC is a widely used typical fat terminal, but its drawbacks are gradually emerging, so it needs downsizing. Cloud computing is a new technology in recent years, and desktop cloud is a typical application of cloud computing, and also a downsizing program of traditional fat terminal in the future. Aiming at the security problem of desktop cloud, firstly, it briefly introduces the system architecture and network structure of desktop cloud. Then, it designs an end-to-end security framework, and explains the function of each component using the idea of layered defense and defense in depth. Finally, it analyzes the principle and characteristics of main safety measures of desktop cloud. In the paper, the security protection system of desktop cloud is very practical in practical application, and the effect is obvious, but it still needs to be improved and perfected.
    Trusted Computing: Constructing a New Architecture for Cloud Security
    2017, 3(5):  440-450. 
    Asbtract ( )   PDF (9099KB) ( )  
    References | Related Articles | Metrics
    In the cloud, trust issue is particularly important due to the high concentration and sharing of resources.Meanwhile trusted computing as a new type of security mechanism, can protect the user's data security, and provide users with a trusted computing environment. Therefore, the combination of the trusted computing and cloud computing technology is the novel idea for the study of cloud security. The traditional trusted computing needs to proceed from the physical trusted root and construct a complete trusted chain in the system, however the user application is running in a virtual computing environment for cloud computing, so the construction of trusted roots and the transmission of trusted chains are the challenges of trusted computing in cloud environments. In view of the above challenges, firstly, by analyzing existing mechanisms of cloud virtualization security, this paper point out the data security risks from untrusted cloud services and corresponding countermeasures. Then propose cloud security framework based on trusted computing from the research of construction of virtual trusted roots ,the trust chain transmission, active monitoring, reliable isolation, and secure access for trusted cloud mechanism. At last, it is pointed out that it is necessary to start from the top to design a trusted cloud architecture that must possess the characteristics of cooperative engagement, active immunity and autonomy control for future research.
    A Review on the Technology of Legal Software Protection
    Sun Wei
    2017, 3(5):  451-461. 
    Asbtract ( )   PDF (8338KB) ( )  
    References | Related Articles | Metrics
    In the field of computer security, software protection has been a popular research content, because the software piracy technology and cracking technology emerge in endlessly, in order to protect the software from being damaged, software protection technology is also continuous progress. Therefore, we have proposed code obfuscation, digital watermarking, software tampering and other techniques for the attacking agents on the destruction of the legal subject. This paper starts with the attack and defense of the software legal subject, focuses on the code obfuscation technology, and makes a detailed classification of the code obfuscation research, and points out the advantages and disadvantages of various technologies, the effectiveness of code obfuscation. Finally, the future development directions of software legitimacy protection technology are summarized and prospected.
    A Formal Analysis Method with Forward Reasoning for Cryptographic Protocols
    2017, 3(5):  462-468. 
    Asbtract ( )   PDF (5238KB) ( )  
    References | Related Articles | Metrics
    In the highly informative society, cryptographic protocols are necessary techniques to ensure the security of many applications in networks. As flaws of cryptographic protocols will bring serious security problems to the cyberspace application, and even cause the immeasurable loss, formal analysis of the cryptographic protocols become an important issue. Formal analysis method is the most reliable and effective method, in which theorem proving method and the model checking method to be widely used as formal analysis method with proving. In these methods, analysts have to enumerate the security properties at first, and then prove or check whether the cryptographic protocol satisfies these security properties. However, if not all the security properties have been enumerated before formal analysis, some flaws will be missing. As an alternative way, formal analysis method with reasoning for cryptographic protocols do not need to enumerate security properties but perform forward reasoning to find out flaws. This paper presents a concrete formal analysis method with reasoning. We formalize cryptographic protocols and intruder’s behaviors according to the features of cryptographic protocols, then perform forward reasoning with the results of formalization. At last, we find out flaws by analyzing the result of forward reasoning.
    Analysis of Host Anomaly Behavior Based on Stream Data Feature Matchinge
    Mei-Rong Mei-rongWEI
    2017, 3(5):  469-476. 
    Asbtract ( )   PDF (6181KB) ( )  
    References | Related Articles | Metrics
    Network traffic is an important factor to analyze the state of host network. On the basis of analyzing the flow characteristics of the normal and abnormal state of the host, the result of the abnormal network behavior flow characteristics are deposited in the matching library. Based on the analysis and contrast of two states, the method of multilevel host flow analysis based on the characteristic matching of stream data is designed. In order to do early warning work for the host users, we design the host flow statistical analysis system. Firstly, the classification of host traffic is based on the process application type method, referring to the host traffic characteristics and the common attack types. By simulating attack experiments, the abnormal flow characteristics of the host are deposited into the matching library. The experimental results show that the multilevel host flow statistical analysis system based on the characteristic matching of stream data can effectively prevent the Trojans and Ddos attacks.
    Talking About the Application of the Commercial Cryptography
    2017, 3(5):  477-480. 
    Asbtract ( )   PDF (723KB) ( )  
    Related Articles | Metrics