基于可信计算的动态完整性度量架构

该文提出一种基于可信计算的操作系统动态度量架构(DIMA),帮助管理员动态地检查系统中进程和模块的完整性。相对于以往的各种操作系统度量架构,该架构能按需对系统中活动的进程或模块进行动态实时的完整性度量与监控,基本解决了其他架构难以避免的TOC-TOU问题,特别是针对某些直接对运行中的进程的攻击有很好的效果。另外,DIMA实现了对对象细粒度度量由度量整个文件实体细分为度量代码、参数、堆栈等等。最后给出了基于Linux操作系统的动态度量原型实现,在实现中使用了基于可信平台模块(TPM)作为架构的信任源点,测试结果表明DIMA能够实现预定目标且有良好的性能。     

基于实体行为依赖关系的完整性度量方案

针对由于交互行为而导致的安全威胁,以及现有完整性度量方案在度量范围和度量内容上的不足,从实体行为的角度出发,分析了实体行为之间的依赖关系,构建了实体行为依赖集合。提出了一种基于实体行为依赖关系的完整性度量方案,在实体行为依赖集合上定义了实体行为完整性度量函数,以及实体行为预期符合函数,最后给出了交互行为之间进行完整性度量和验证的具体过程。该方案从实体行为的实体完整性和数据完整性两个方面进行度量,改进了现有完整性度量方案的不足,增加了完整性验证的灵活性。     

进程运行时完整性度量的体系结构设计

针对当前进程完整性度量方法存在的不足,提出一个基于TPM安全芯片的进程运行时完整性度量的体系结构及其原型系统Patos-RIP,用以度量进程从创建到死亡的整个生命周期中的完整性.Patos-RIP不再局限于静态检测能力,它能检测出在进程运行过程中篡改进程完整性的攻击事件,提高了系统的安全性,同时保持了系统的灵活性和兼容性.     

基于VHDL语言与PCI接口的完整性度量算法实现

可信的计算机终端平台要求安全的数据存储、文件加密、远程访问要建立在计算机终端平台配置完整性不被破坏的基础上,一旦系统软硬件配置或环境被改变,特定的可信操作将被拒绝.完整性度量就是用来检验平台配置的.因此,鉴于当前安全保密措施的不足,在深入研究了PCI协议总线原理和SHA-1散列函数算法的基础上,使用VHDL语言编写并仿真了基于PCI接口的完整性度量算法.     

可信计算密码支撑平台完整性度量和密码机制的研究

国家密码管理局发布可信计算密码支撑平台功能与接口规范,用于指导我国可信计算平台的研究与应用。研究可信计算密码支撑平台和TCM（可信密码模块）的组成结构,分析密码算法的支撑作用和可信计算密码支撑平台的完整性度量机制。从而发现可信计算密码支撑平台和TCG（可信计算组织）的可信计算平台在完整性度量和密码机制方面的差异,得出可信计算密码支撑平台的优越性。     

基于攻击识别的网络安全度量方法研究

文章讨论网络攻击与安全度量,基于重点研究网络安全的度量方法,分别从度量机理、静态评估、动态评估、动静融合以及风险评估五个角度展开,以期能提高对网络攻击风险的识别准确度。     

基于TCM的安全Windows平台设计与实现

为了解决Windows系统的完整性度量与证明问题,提出了一种基于可信密码模块TCM (trusted cryptography module)的安全Windows平台方案。通过扩展Windows内核实现了2种安全模式：在度量模式下,所有加载的可执行程序都会被度量,度量值由TCM提供保护和对外认证;在管控模式下,度量值会进一步与管理员定制的白名单进行匹配,禁止所有不在白名单中的程序执行。实验分析表明,该方案可以增强Windows系统的安全性,抵抗一些软件攻击行为;同时,系统平均性能消耗在20~30 ms之间,不会影响Windows的正常运行。     

空中航迹质量度量方法研究

战术数据链是C4ISR系统的基本组成部分,用于实现战场空间内各平台的网络互联,为平台间提供实时的信息交换,并将在未来网络中心战中发挥重要作用,最终大大提高作战效能。为了研究数据链的作战效能,针对战术数据链的应用,以防空作战为背景,提出了空中航迹质量度量的概念,建立了空中航迹完整性、清晰性、连续性和精确性的度量方法,为数据链作战应用的效能评估提出了一种解决途径。     

动态对抗下捷变频对雷达检测性能的影响及其抗干扰性能度量研究

分析研究了动态对抗情况下捷变频对雷达检测性能的影响,提出了一种雷达捷变频抗干扰性能的度量方法.     

软件质量度量技术浅谈

软件质量度量技术从过去的模糊、深奥已经发展为好的软件工程的核心技术。介绍了软件度量的历史、解释了软件度量的基本概念、并按产品、过程、资源进行度量分类,最后给出了软件质量度量一般过程。     

Security-enhanced live migration based on SGX for virtual machine

The virtual machine may face the problem of information leakage in live migration.Therefore,a dynamic memory protection technique SGX was introduced and a security enhancement live migration method based on KVM environment was proposed.Firstly,on both sides of migration,a hardware-isolated secure execution environment centered SGX was built.It guaranteed the security of operations like encryption and integrity measurement and also ensured the security of private data.An encrypted channel to transfer migration data based on the remote attestation between the secure execution environments of both migration sides was constructed.And the mutual authentication of both sides’ platform integrity was realized.Finally,the security enhancement effect and did the experiment was analyzed.The results shows that the introduction of SGX won’t cause much negative effect to the migration performance.     

Symbiotic Dynamic Memory Balancing for Virtual Machines in Smart TV Systems

Smart TV is expected to bring cloud services based on virtualization technologies to the home environment with hardware and software support. Although most physical resources can be shared among virtual machines (VMs) using a time sharing approach, allocating the proper amount of memory to VMs is still challenging. In this paper, we propose a novel mechanism to dynamically balance the memory allocation among VMs in virtualized Smart TV systems. In contrast to previous studies, where a virtual machine monitor (VMM) is solely responsible for estimating the working set size, our mechanism is symbiotic. Each VM periodically reports its memory usage pattern to the VMM. The VMM then predicts the future memory demand of each VM and rebalances the memory allocation among the VMs when necessary. Experimental results show that our mechanism improves performance by up to 18.28 times and reduces expensive memory swapping by up to 99.73% with negligible overheads (0.05% on average).     

Robust Rotor Fault Detection by Means of the Vienna Monitoring Method and a Parameter Tracking Technique

The Vienna Monitoring Method (VMM) is a model-based rotor fault detection method that utilizes the voltage and current models for the computation of a fault indicator. So far, the VMM was investigated with fixed rotor parameters only. In this paper, the parameters of the current model are provided by a parameter tracking technique. For this advanced rotor fault detection method, measurement results are presented for steady-state and varying load torque operations.      

Quick System-Level DDR3 Signal Integrity Simulation Research

Double data rate synchronous dynamic random access memory (DDR3) has become one of the most mainstream applications in current server and computer systems. In order to quickly set up a system-level signal integrity (SI) simulation flow for the DDR3 interface, two system-level SI simulation methodologies, which are board-level S-parameter extraction in the frequency-domain and system-level simulation assumptions in the time domain, are introduced in this paper. By comparing the flow of Speed2000 and PowerSI/Hspice, PowerSI is chosen for the printed circuit board (PCB) board-level S-parameter extraction, while Tektronix oscilloscope (TDS7404) is used for the DDR3 waveform measurement. The lab measurement shows good agreement between simulation and measurement. The study shows that the combination of PowerSI and Hspice is recommended for quick system-level DDR3 SI simulation.     

Highly linear high-density vector quantiser and vector-matrixmultiplier

Simplicity is a key factor in the development of high-density systems. The authors discuss a balanced, four-quadrant, fully-analogue vector-matrix multiplier (VMM) and a vector quantiser (VQ) which require very small silicon area for their implementations, while presenting high linearity, a totally flexible input dynamic range, a symmetric power consumption behaviour, and are inherently suitable for parallel operation. The circuits require only four transistors per synapse in the VMM and two in the VQ, plus two (small) refresh transistors     

动态测量的普适计算

传感器测量物体属性并由数字系统对测量的原始数据进行处理获得需要的信息。在动态测量中存在数据量大及严重的随机性等特点。测量数据的处理方法将对测量系统的性能产生重要影响。现在，计算机和嵌入式系统在刺量系统中获得广泛应用，则普适计算模式成为具有优势的选择。基于热量测量系统，给出了拓扑原理及应用分析。特别是在动态测量的测量数据处理中，普适计算性能优越。     

动态雷达目标RCS测量及分析

根据动态雷达目标RCS测量原理，结合RCS测量雷达外场试验，确定了动态测量方法、飞行航线、测量参数和数据处理方法，给出了对某飞行目标的实测结果，并与仿真结果进行了对比分析，为内场精确仿真动态飞行目标的RCS提供了依据。     

A secure electric energy management in smart home

We formulate and study an intelligent and secure house electricity system on the basis of the Internet of Things. The security of sensitive data collected and transmitted by sensor nodes installed in home appliances and household electrical devices is critical, since the transmitted data can be easily manipulated by different types of attacks. The confidentiality and integrity of household electrical devices information must be assured to insure appropriate and timely response. Providing a secure aggregation mechanism is thus very essential to protect the integrity and the privacy of data aggregation. In this paper, we propose a secure data aggregation scheme that exploits compressed sensing (CS) to reduce the communication overhead of collected electrical power measurement. Then, the data will be encrypted by each sensor node after the compressing phase, and a cryptography hash algorithm is used to ensure data integrity. Finally, we apply an aggregation function for data priorities and then send the data for diagnosis. Then, we will present simulation results for the evaluation of the proposed electric energy management system.