基于推理的安全数据库审计框架

信息技术的发展给安全数据库带来了新的挑战，各种安全策略明确以法律条文形式颁布，这要求采用有效的手段证实，对数据库的访问与安全策略的一致性，审计访问数据库的各种查询正好能实现这一目标，但常规的审计方法只能对单个查询的查询结果进行审计，而蓄意破坏的用户可能利用多个查询的查询结果进行推理采访问敏感信息，这就要求审计的同时也应具备基本的推理能力，提出了切实可行的安全数据库推理审计框架，该框架具有①MVD推理审计能力；②FFD推理审计能力；③FD推理审计能力，而且具有审计方法快速、准确、细粒度等特点．     

Predicting Cyber Risks through National Vulnerability Database

ABSTRACT

Software vulnerabilities are the major cause of cyber security problems. The National Vulnerability Database (NVD) is a public data source that maintains standardized information about reported software vulnerabilities. Since its inception in 1997, NVD has published information about more than 43,000 software vulnerabilities affecting more than 17,000 software applications. This information is potentially valuable in understanding trends and patterns in software vulnerabilities so that one can better manage the security of computer systems that are pestered by the ubiquitous software security flaws. In particular, one would like to be able to predict the likelihood that a piece of software contains a yet-to-be-discovered vulnerability, which must be taken into account in security management due to the increasing trend in zero-day attacks. We conducted an empirical study on applying data-mining techniques on NVD data with the objective of predicting the time to next vulnerability for a given software application. We experimented with various features constructed using the information available in NVD and applied various machine learning algorithms to examine the predictive power of the data. Our results show that the data in NVD generally have poor prediction capability, with the exception of a few vendors and software applications. We suggest possible reasons for why the NVD data have not produced a reasonable prediction model for time to next vulnerability with our current approach, and suggest alternative ways in which the data in NVD can be used for the purpose of risk estimation.     

IT Prints 13,360 Lines per Minute

Abstract

In today's network infrastructures, you need to be mindful of security and the possibility of exploitation and attack. Although this has always been a threat, it seems that security analysis on network systems and devices has been moved to the forefront of importance and attention, especially with the new emphasis on homeland security and defense. This article shows you how to set up basic auditing on a Windows XP or 2003 Server system.     

Hacking the Nation-State: Security,Information Technology and Policies of Assurance∗

ABSTRACT

The transmission and storage of information in digital form coupled with the widespread proliferation of networked computers has created new issues for policy. An indispensable business tool and knowledge-sharing device, the networked computer is not without vulnerability, including the disruption of service and the theft, manipulation, and destruction of electronic data. This paper seeks to identify frame analysis of the security of information resources. Historical review of security issues presented by electronic communication since the inception of the telegraph is conducted so as to produce salient points for study regarding the security of more recently developed computer networks. The authors aim to inform the blossoming area of study falling under the label information security with a primer on the key pieces of what may be considered a theory of digital statecraft, drawing back to the nineteenth century.     

计算机网络及政府网站的安全性探讨

随着计算机信息技术的高速发展,人们的生活、工作越来越依赖互联网上的信息发布和信息获取,但是人们却时刻被信息网络的安全隐患所困扰,越来越多的人也开始了关于网络、网站的安全性管理研究。本文以政府部门计算机网络和网站在运行中碰到的安全问题,阐述了如何建设相对安全的网控中心,并对互联网上发布信息的网站所受到的各种攻击作出了说明,以及如何采用各种技术方法和措施填补漏洞、防范攻击,保障网站安全。     

Cyber crime risk awareness in Kyrgyz Republic

ABSTRACT

In this paper we present the information security awareness rate of students in Kyrgyz Republic, where there is a rapid pace of formation and development of the information society. The survey was conducted with a sample of 172 students from different departments of the university. Our research study showed that despite the huge number of reports about computer crimes in the web, the knowledge about cybercrime is quite low and students are mostly not aware of many aspects of computer crime. Analysis was done to determine dependence of information security awareness rate on computer literacy rate and the education field of students. We conclude that although information technology is of wide usage, the information security topics need to be taught to prevent them from becoming victims of cyber crime.     

Meeting the Enemy

Abstract

My idea is that talking to the computer security underground is a good thing for security practitioners to do. It has been problematic, though. The theory is that understanding vulnerabilities, the threats of exploiting them, the risks that these threats pose, and the appropriate countermeasures to use against them includes talking to the “enemy” (the computer security underground). After all, the enemy includes those who freely trade vulnerability information — often well before it becomes known to the legitimate security community. Despite the obvious appeal of this approach, the road to a forum for the exchange of information with the enemy has not been a smooth one. Therein lies a tale.     

Information Security Tradeoffs: The User Perspective

Abstract

When taking a typical approach to computer security, one could make the following relatively extreme statements: A piece of data can be rendered completely secure with 100 percent assurance. Simply write the data on a piece of paper, burn the paper, and scatter the ashes. No one will be able to read or alter that data ever again. Of course, this exercise and the underlying premise are a trick. Understanding the deception is the key to understanding information security: Data that is being “protected” has to remain available to legitimate users. There is a strong tendency for information security researchers and practitioners to focus on “securing” data by preventing attacks and loss of data. An IS practitioner's job might depend on preventing and recovering from security-related problems. However, increased monitoring and enhanced use of security controls can easily lead to interference and delays of information usage for legitimate users.     

Building Enterprisewide Alliances

Abstract

Those who have ever watched the television show MythBusters know that many of the popular beliefs most people hold to be true crumble under investigation. The same holds true in the information technology world. Most myths investigated by the mythbusters are harmless and fun, but in information security, the unexamined myth can be both dangerous and costly. It is imperative that the InfoSec professional not take security trends and myths at face value, but instead thoroughly investigate every statement to make an informed decision about the veracity of individual security ideas. This is especially true in the area of wireless networking, which is the newest, most immature, and potentially insecure of all of the currently existing networking methods.     

Information Security Policy Development and Implementation

ABSTRACT

Development of the information security policy is a critical activity. Credibility of the entire information security program of an organization depends upon a well-drafted information security policy. Most of the stakeholders do not have time or inclination to wade through a lengthy policy document. This article tries to formulate an approach to the information security policy development that will make the policy document capture the essentials of information security as applicable to a business. The document will also convey the urgency and importance of implementing the policy, not only in letter but also in spirit.     

具有超分辨率行为伪装效果的可逆图像隐藏

目的 图像隐藏已成为计算机视觉领域的一个重要课题,其目的是以难以察觉的方式将秘密图像隐藏在载体图像中,同时要求接收端能够恢复秘密图像。尽管该技术发展迅速,但目前的图像隐藏技术大多是从内容层面进行伪装,追求载密图像与载体图像的不可区分性。其实,图像隐藏的本质是对行为安全的追求,因此不仅可以在内容层面进行伪装,还可以在行为层面进行伪装。方法 本文从行为安全的角度出发,提出了一种基于超分辨率行为伪装的可逆图像隐藏方法。与传统的图像隐藏技术不同,本文首先将秘密图像可逆地隐藏到载体图像中,生成载密图像,然后通过可逆的超分辨率处理创建与普通超分辨率图像处理操作无法区分的伪装图像。最后,允许接收方从伪装图像中恢复秘密图像和载体图像。结果 在图像隐藏和超分辨率两个任务中,本文方法均取得了优异的结果。在相同的数据集下,测试结果显示恢复秘密图像的峰值信噪比(peak signal-to-noise ratio, PSNR)值达到47+dB,较对比方法提升了2%以上,结构相似度(structure similarity index measure, SSIM)值也达到0.99+,超分辨率图像与Bicubic、SRCNN(super-resolution convolutional neural network)方法的结果相比,峰值信噪比(PSNR)提升了2+dB,感知指数(perceptual index, PI)值降低了2.02+。结论 本文提出的图像隐藏框架利用可逆超分辨率处理操作实现了行为安全角度的图像隐藏,在容量、安全性和精度上都具有优势。     

移动Agent安全措施与实现

移动Agent的应用日益广泛,移动Agent系统的安全问题突出,如何解决移动Agent安全问题是非常关键的。本文提出了基于密码学和计算机网络安全的移动Agent的安全措施,同时给出了实现的方法,并提出可以采用的其他新型的安全措施。这些措施的核心问题是既要保证移动Agent通信的安全和移动Agent执行环境的安全,同时又要保证移动Agent能够应用的更为广泛。     

Comment on “Privacy-preserving public auditing for non-manager group shared data”

Using cloud storage, users can remotely store their data without the burden on complicated local storage management and maintenance. However, users will no longer physically possess the storage of their data after they upload the data to the cloud. It is very natural for users to suspect whether their data stored in the cloud is intact. To help users efficiently check the integrity of the outsourced data, many public auditing schemes have been proposed. Recently, Huang et al. have proposed a privacy-preserving public auditing scheme for non-manager group shared data. In this paper, we find a security flaw in their auditing scheme. Even if the cloud has deleted or polluted the whole outsourced data, it still can pass the verification of the verifier. And then, we overcome this shortcoming by improving their scheme, which prevents the cloud forging a valid proof to pass the integrity auditing. Last, we perform the concrete implementation of our improved scheme and Huang et al. ’s scheme.

     

基于无损水印的医学图像篡改检测和高质量恢复

目的 采用无损数字水印算法对医学图像进行篡改检测和恢复是一个重要的研究领域。针对现有方法在区域划分和块特征值选取上的不足,提出一种新的基于四叉树分解和线性加权插值技术的无损水印算法。方法 首先对原始的医学图像进行四叉树分解,得到非固定尺寸且具有高同质性的图像块;然后利用线性加权插值方法计算每个图像块的特征值作为水印信息,最后采用基于混沌的简单可逆整数变换进行水印嵌入。结果 在提取端当水印图像没有受到篡改时,原始的图像能被无损恢复;当受到篡改时,算法能精确定位篡改区域并能高质量恢复,采用本文算法恢复的图像质量较现有方法高出20 dB左右。另外,在水印图像遭到较大程度篡改时,本文算法的正检率和负检率均优于现有方法。结论 实验结果表明,本文算法相比现有方法具有更高的嵌入容量、篡改检测精确性、恢复图像质量。算法适用于医学图像的完整性认证和篡改检测中。     

Policing as a Service in the Cloud

ABSTRACT

Security and privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for end users. However, the existing security and privacy issues in the cloud still present a strong barrier for users to adopt cloud computing solutions. This paper investigates the security and privacy challenges in cloud computing in order to explore methods that improve the users’ trust in the adaptation of the cloud. Policing as a Service can be offered by the cloud providers with the intention of empowering users to monitor and guard their assets in the cloud. This service is beneficial both to the cloud providers and the users. However, at first, the cloud providers may only be able to offer basic auditing services due to undeveloped tools and applications. Similar to other services delivered in the cloud, users can purchase this service to gain some control over their data. The subservices of the proposed service can be Privacy as a Service and Forensics as a Service. These services give users a sense of transparency and control over their data in the cloud while better security and privacy safeguards are sought.     

Apple's Leopard Versus Microsoft's Windows XP: Experimental Evaluation of Apple's Leopard Operating System with Windows XP-SP2 under Distributed Denial of Service Security Attacks

ABSTRACT

Apple's iMac computers are promoted by Apple Inc. to be secure, safe, virus free, and fast computers. In this experimental paper, we evaluate the security offered by the iMac with its usual Leopard Operating System, against different Distributed Denial of Service (DDoS) attacks in a Gigabit LAN environment. We compared the effect of DDoS attacks on Leopard OS against those on the Window's XP-SP2 when installed on the same iMac platform under the same network attack environment. DDoS-based flooding attacks can originate in a LAN environment or can be from the Internet, which can have an impact on a victim computer with a barrage of Denial of Service (DoS) packet requests, thereby exhausting the resources of the victim computer in processing these requests. To study the impact on iMac computers, we created the corresponding DDoS traffic in a controlled lab environment to test against iMac computer that first deployed Leopard OS. Later, the same iMac platform was made to use Window's XP OS. We compared the behavior of Apple's Leopard OS with Windows's XP-SP2 OS under Ping Flood, ICMP Land, TCP-SYN, Smurf Flood, ARP Flood, and UDP Flood attacks. It was found that the Apple's iMac computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac computer. Interestingly, when compared with Microsoft's Windows XP-SP2 operating system, deployed on the same iMac platform, the computer was able to sustain the attack and did not crash. Our discovery of this vulnerability shows that Apple's popular operating systems, namely Leopards, commonly deployed on iMacs are prone to crash under ARP-based security attacks. Also in other attacks Windows XP-SP2 was found to have a better performance than Leopard in terms of resource consumption.     

Detecting inappropriate access to electronic health records using collaborative filtering

Many healthcare facilities enforce security on their electronic health records (EHRs) through a corrective mechanism: some staff nominally have almost unrestricted access to the records, but there is a strict ex post facto audit process for inappropriate accesses, i.e., accesses that violate the facility’s security and privacy policies. This process is inefficient, as each suspicious access has to be reviewed by a security expert, and is purely retrospective, as it occurs after damage may have been incurred. This motivates automated approaches based on machine learning using historical data. Previous attempts at such a system have successfully applied supervised learning models to this end, such as SVMs and logistic regression. While providing benefits over manual auditing, these approaches ignore the identity of the users and patients involved in a record access. Therefore, they cannot exploit the fact that a patient whose record was previously involved in a violation has an increased risk of being involved in a future violation. Motivated by this, in this paper, we propose a collaborative filtering inspired approach to predicting inappropriate accesses. Our solution integrates both explicit and latent features for staff and patients, the latter acting as a personalized “fingerprint” based on historical access patterns. The proposed method, when applied to real EHR access data from two tertiary hospitals and a file-access dataset from Amazon, shows not only significantly improved performance compared to existing methods, but also provides insights as to what indicates an inappropriate access.     

The implementation guidance for practicing network isolation by referring to ISO-17799 standard

In these years, the company budgets are raised dramatically for eliminating the security problems or mitigating the security risks in companies, but the numbers of incidents happening on computer systems in intranet or internet are still increasing. Many researchers proposed the way–to isolate the computers storing sensitive information for preventing information on these computers revealed or vulnerability on these computers exploited. However, there are few materials available for implementing network isolation. In this paper, we define ways of network isolation, “physical isolation” and “logical isolation”. In ISO-17799, there is no implementation guidance for practicing network logical isolation but auditing network physical isolation. This paper also provides the implementation guidance of network isolation in two aspects. One is for the technique viewpoints. The other aspect is for management viewpoints. These proposed implementation outlines and security measures will be considered in revising the security plan, “The Implementation Plan for Information Security Level in Government Departments” [“The implementation plan for information security level in government departments,” National Information and Communication Security Taskforce, Taiwan R.O.C., Programs, Jul. 20 2005].