Loading...

Table of Content

    15 November 2018, Volume 4 Issue 11
    Rising Security, Independent Core Technology to Promote Network Security
    2018, 4(11):  966-973. 
    Asbtract ( )   PDF (3074KB) ( )  
    Related Articles | Metrics
    Introduction to Software Security and Reliability Issue
    Sun Wei
    2018, 4(11):  974-976. 
    Asbtract ( )   PDF (781KB) ( )  
    Related Articles | Metrics
    Research on security audit method of source code
    2018, 4(11):  977-986. 
    Asbtract ( )   PDF (1764KB) ( )  
    References | Related Articles | Metrics
    The security problem in software has always been a puzzle for the development of software industry. In order to find out the security vulnerabilities in the software, various of security testing methods have been invented. However, only source code testing can dig deep security problems in software. This paper starts with the common software testing methods, Compared the difference of quality audit and security audit. And then studies the method of code security audit from two aspects: artificial walkthrough and static analysis of code security tools. Finally, makes a prospect of source code security audit.
    Cloud Computing Security Requirements and Measurement Practices in the Classified Protection 2.0 Era
    2018, 4(11):  987-992. 
    Asbtract ( )   PDF (1216KB) ( )  
    References | Related Articles | Metrics
    Since the Ministry of Public Security of the People's Republic of China issued the “Information security technology— Baseline for classified protection of information system security” (GB/T 22239-2008) in 2008, the standard has been widely used in various industries and fields. However, with the development of new technologies and new applications, the timeliness, ease of use, and operability of the standard need to be further improved. Therefore, the National Safety Standards Committee revised the standards. New standards have proposed special security requirements for the technologies such as cloud computing, big data, the mobile interconnection, Internet of Things and industrial control system. This article analyzes the technical security requirements in the security special requirements for cloud computing, and analyzes the security protection objects, security responsibility entities, and security protection requirements in the cloud computing system from the perspective of classified protection. In this article, the author takes an e-government cloud platform as an example, to share the testing and evaluation experience of cloud computing security, point out the problems in the testing and evaluation of the cloud computing systems, and make suggestions for the next stage of work.
    Risk Assessment Algorithm of Software Vulnerability Based on Sigmoid Function
    2018, 4(11):  993-996. 
    Asbtract ( )   PDF (1604KB) ( )  
    References | Related Articles | Metrics
    In the process of software development, developers usually pay less attention to code security. At the same time, the existing security testing and penetration testing also lack overall security analysis, which makes hard to control the risk of software vulnerability. If there is a security vulnerability in the software, it will seriously affect the system security. This article focusing on the background of the national network security, the independent and controllable strategy of the basic software and hardware, and the shortcomings of the existing software vulnerability risk assessment, propose the risk assessment algorithm of Software vulnerability based on Sigmoid function in order to evaluate the risk of software. The algorithm can help developers quickly locate the worst security code modules, repair it or select more secure and excellent code, so that improve the general security level of the software.
    Research Summary of Security Issue in Blockchain Technology
    2018, 4(11):  997-1001. 
    Asbtract ( )   PDF (1178KB) ( )  
    References | Related Articles | Metrics
    With the increasingly widespread application of blockchain technology, the research of blockchain technology has gradually become more and more important. Blockchain technology is a combination of multiple technology that use consensus mechanisms to solve the Byzantine general problem and prevent malicious attacks. It also uses digital signatures, hash calculations, and other cryptographic methods to ensure transaction security. Blockchain technology is therefore known for the trusted machine. This paper first elaborates on the typical blockchain technology architecture, then analyzes the security of blockchain technology in terms of block data structure, hash algorithm, digital signature, smart contract, etc. finally, it concludes the blockchain technology still faced security issues.
    Research on Software Reliability Engineering Integrated Application Modeling Technology
    2018, 4(11):  1002-1010. 
    Asbtract ( )   PDF (2236KB) ( )  
    References | Related Articles | Metrics
    tSoftware reliability engineering, as a technology to ensure and improve software reliability, plays an important role in software development. But because of software reliability engineering activities is put in bigger difference, the purpose and process in engineering practice to the software reliability engineering technology organically unifies in together, and it's easy to have a software reliability engineering process from the situation of the software development process, seriously affected the application and promotion of software reliability engineering. This article through to the software reliability engineering activities and the development process, and the reliability engineering activity data analysis of the interactive relationship between data-driven software reliability engineering process model is put forward, the model in the form of a workflow implementation information interaction between the software reliability engineering activities, realize the whole process of the software reliability engineering of software development technical support, reliability is conducive to the realization of the software reliability engineering integrated environment.
    Knowledge Measurement of Software Reliability Model
    2018, 4(11):  1011-1016. 
    Asbtract ( )   PDF (2229KB) ( )  
    References | Related Articles | Metrics
    Software knowledge plays an important role in software testing and software reliability model. Based on the theoretical analysis and derivation on the Weibull distribution of defect density, this paper proposes that the knowledge is closely related to the morphological of the Weibull distribution, and proof that the software knowledge impacts the changes of the morphological of the distribution mainly from the changes of the scale parameter c, while c can be expressed as a quantitative expression of software knowledge amount. In this paper, software testing engineering experiment is carried out to verify the proposed conclusion, which shows that more knowledge testers have, the smaller the scale factor c of Weibull distribution becomes. Furthermore, according to the degree of the software knowledge, the trend of the problems found in testing can be guessed, so as to predict the reliability of the software.?
    Information Security Capability Requirements and Evaluation Methods for Smart Wearable Product
    2018, 4(11):  1017-1024. 
    Asbtract ( )   PDF (1850KB) ( )  
    References | Related Articles | Metrics
    In recent years, the smart wearable industry has developed rapidly and gradually became a hot spot in the “Internet+” era. However, the level of product quality is uneven, the leakage of user privacy and other information security risks are prominent, and Information security problems occur frequently. Therefore, how to evaluate and evaluate the security protection capabilities and security levels of smart wearable products has become the most concerned issue for consumers. This paper presents the technical methods that smart wearable products should possess to prevent security threats through security capability requirements. And defined a classification method for smart wearable products in terms of wearable device security capabilities, data processing terminal application software security capabilities, back-end computing and service system security capabilities, and user data protection security capabilities. In order to instruct manufacturers to improve the security protection capabilities of smart wearable products and provide reference for consumers to purchase products.?
    Key Techniques of Software Security Testing on ICV
    2018, 4(11):  1025-1028. 
    Asbtract ( )   PDF (1146KB) ( )  
    References | Related Articles | Metrics
    The main differences between intelligent connected vehicle (ICV) and conventional vehicle crucially exist in softwarebased intelligent applications and services, software is the core and key of ICV, the quality of automobile software is the guarantee of healthy development of ICV industry. Based on a brief analysis of information security risk on ICV, surrounding the problems about software quality of ICV, this paper lays special stress on aiming at bus and gateway system, vehicle operating system and applications, V2X network and applications, and demonstrates the key technology and method of carrying out the security evaluation, and proposes the corresponding solution.
    Research on E-government Big Data Security Sharing Based on Blockchain
    2018, 4(11):  1029-1033. 
    Asbtract ( )   PDF (1904KB) ( )  
    References | Related Articles | Metrics
    In the era of big data, the sharing of big data can effectively solve the phenomenon of “data islands”, data resources can be effectively integrated, and the natural characteristics of blockchain technology such as decentralization, openness, autonomy, anonymity, and information cannot be falsified. Promote the sharing of big data security. Moreover, the big data of government affairs contains huge economic value and social value. The safe sharing of government big data has great significance for the transformation of the government and the transformation of the social demand pattern. In this paper, it takes government big data as an example, analyzes the feasibility study of big data security sharing based on blockchain, proposes a big data security sharing demand model based on blockchain and guarantee scheme, and finally gives the based area. The characteristics of big data security sharing of blockchain technology are expected to provide a useful reference for the government e-government big data security sharing
    A Remote Authentication Scheme Based on CPK
    2018, 4(11):  1034-1039. 
    Asbtract ( )   PDF (1663KB) ( )  
    References | Related Articles | Metrics
    With broadband network access and the rise of enterprise mobile office models, there are problems such as the leakage of the client's private key and the middle-man attack of the ECDH protocol, an improved CPK authentication scheme is proposed to solve the problem of client private key leakage effectively and realize the simultaneous login of multiple users.The proposed improvement scheme is CPK algorithm based on random numbers,this algorithm improves the key protocol based on the original CPK, and binds the user id with a random number.Different private keys have different random numbers and there is no linear relationship.Through the comparison of performance, it is proved that the scheme has strong security and computational efficiency.
    Research on Web Attack Traffic Detection Based on TF-IDF and Random Forest Algorithm
    2018, 4(11):  1040-1045. 
    Asbtract ( )   PDF (2589KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of network and application technology, Web server became the main attack target of hackers. However, the traditional Web intrusion detection system based on regular feature matching has some problems, such as difficult maintenance of rule base and bloated feature base. Some detection models based on machine learning algorithm must also be extracted by human hands, and still the recognition rate is not high. Aiming at these problems, this paper proposed a new model to train words and characters based on TF-IDF algorithm, which combines the word frequency matrices obtained by the two training methods as feature vectors, and classifies the vector sets by using random forest algorithm to identify malicious traffic and normal traffic. From the experiments we can found that our model's detection rate reached 98.7%. And the experimental results also showed that our model can realize automatic feature extraction and simplifies the detection method. It is very suitable for detecting malicious Web traffic.
    Research and Implementation of New Email Encryption System Based on National Commercial Cryptograph Algorithm
    2018, 4(11):  1046-1051. 
    Asbtract ( )   PDF (1958KB) ( )  
    References | Related Articles | Metrics
    Chain encryption technology is a kind of email encryption technology, combining symmetric key algorithm and asymmetric key algorithm. Identitybased encryption is an encryption technique that uses users identity as public key. In order to achieve the secure transmission of emails in the network, a new email encryption system NMES based on national commercial cryptograph algorithm is designed, which combines the SM4 grouping algorithm of national commercial cryptograph algorithm with SM3 hash algorithm of national commercial cryptograph algorithm.It is designed on the basis of the identitybased signcryption technology and the chain encryption technology. The system achieves the absolute security of onetime pad (OTP), improves security and communication efficiency, and effectively solves the problem of certificate management and revocation, which has a wide range of application prospects.
    A New Design and Implementation of Digital Watermark Algorithm based on Histogram
    2018, 4(11):  1052-1058. 
    Asbtract ( )   PDF (2689KB) ( )  
    References | Related Articles | Metrics
    The histogram digital watermark can resist local or global geometric attacks, and it has strong robustness. And it is a hotspot in digital watermarking. In this paper, a new digital watermarking algorithm based on histogram is proposed, and the watermark information composed of “-1,0, 1” is embedded in two bins of histogram (the histogram is composed of multiple bins). In the watermark embedding process, the following embedding rules should be followed. When the first bin is higher than the second bin, the embedded information is 1. When the difference between two bin is less than or equal to 1, the embedded information is 0. When the first bin is lower than the second bin, the embedded information is -1. The experimental results show that the new algorithm can increase the capacity of watermark information by 60% and had a high robustness.
    Four Major Network Security Threats for Enterprises
    2018, 4(11):  1059-1060. 
    Asbtract ( )   PDF (741KB) ( )  
    Related Articles | Metrics