一种面向BitTorrent的文件快速安全分发方案*

提出了一种能够很好利用BitTorrent快速传输特性的同时,也能增加文件下载安全控制的方案。BitTorrent是一种流行的快速传输分发文件的方式,但它存在一定的安全问题,如通过BitTorrent分发文件时,很容易被非法用户窃取获得明文文件。在面向BitTorrent协议基础上,结合使用对称加密技术和身份认证机制对其进行了改进：文件在提供下载前进行对称加密,然后通过BitTorrent进行传输分发;用户成功下载文件后需要进行身份认证,合法用户可以安全获得文件加密密钥,解密得到明文文件。实验结果表明该方     

双连接文件安全传输的设计与实现

针对文件传输存在的安全性缺陷,提出了一种基于转发模式的双连接文件安全传输方法。采用转发隔离思想设计了双连接结构,对文件存储服务器和客户端进行隔离,通过文件安全传输协议栈实现数据的全程加密和可靠传输,并讨论和解决了双连接结构的数据传输引起的流量控制问题。实验结果表明,基于转发模式的双连接文件安全传输在确保服务器安全性和数据密文传输的同时,保障了文件传输的速度和效率。     

基于PKI的安全文件传输系统的设计与实现

阐述了基于PKI（公开密钥基础设施）的安全文件传输系统的设计过程与实现细节。分析了安全文件传输系统所要达到的目标,引入了PKI技术,利用数字证书对文件进行数字签名、加密等安全处理,并在接收端进行相应的解密、验证签名等安全处理,以保障传输的文件的机密性、完整性并验证文件的来源,从而实现文件的安全传输。     

Two secure file servers

In this paper, we describe the design and implementation of a two secure file servers which allow a trusted computer network to be built from untrusted computing bases. We begin with a brief review of recent results in the use of partial orderings for protection and administration of information networks, and introduce limited functionality, trusted computing base file servers as a means for allowing restricted information flow. We show the means by which such a server may be made provably secure. We consider the practicality of implementation and describe two prototype implementations for personal computers. We then summarizes results and point out possible extensions of this work.     

A secure file sharing service for distributed computing environments

Distributed cryptographic file systems enable file sharing among their users and need the adoption of a key management scheme for the distribution of the cryptographic keys to authorized users according to their specific degree of trust. In this paper we describe the architecture of a basic secure file sharing facility relying on a multi-party threshold-based key-sharing scheme that can be overlaid on top of the existing stackable networked file systems, and discuss its application to the implementation of distributed cryptographic file systems. It provides flexible access control policies supporting multiple combination of roles and trust profiles. A proof of concept prototype implementation within the Linux operating system framework demonstrated its effectiveness in terms of performance and security robustness.     

有源RFID标签安全文件系统的设计

针对有源RFID标签应用中对微型文件系统的需求,围绕标签内存小和大量标签盘点过程中要求文件读写速度快的特点,展开对有源RFID标签安全文件系统的研究。最终通过选用高速存储器件和对FAT文件系统进行改进（实现灵活的数据缓冲层、精简文件目录项、增加文件访问控制）,实现了简洁高效安全的文件系统设计,并在实验中展现了文件系统良好的性能。     

一种二维防护的安全文件系统体系结构

对传统安全文件系统的特征进行了分析,指出现有安全文件系统在数据可用性、系统性能上存在的问题,并基于堆栈文件系统设计了一个二维防护的安全文件系统体系结构,将存储系统应提供的安全服务进行集成。实验结果表明,新系统在安全和性能上达到了良好平衡。     

一种改进的轻量级嵌入式安全文件系统模型

有效保护各种移动设备中的数据安全是当前嵌入式系统的关键技术之一。针对各种移动设备,特别是资源受限设备,在通用文件系统的基础上,采用适合嵌入式系统的安全访问控制策略,以及对存储器的设备驱动层代码优化,研究并实现了一个轻量级嵌入式安全文件系统。实际应用表明：该模型能够满足嵌入式安全文件系统的性能要求。     

Advanced transaction processing in multilevel secure file stores

The concurrency control requirements for transaction processing in a multilevel secure file system are different from those in conventional transaction processing systems. In particular, there is the need to coordinate transactions at different security levels avoiding both potential timing covert channels and the starvation of transactions at higher security levels. Suppose a transaction at a lower security level attempts to write a data item that is being read by a transaction at a higher security level. On the one hand, a timing covert channel arises if the transaction at the lower security level is either delayed or aborted by the scheduler. On the other hand, the transaction at the high security level may be subjected to an indefinite delay if it is forced to abort repeatedly. This paper extends the classical two-phase locking mechanism to multilevel secure file systems. The scheme presented here prevents potential timing covert channels and avoids the abort of higher level transactions nonetheless guaranteeing serializability. The programmer is provided with a powerful set of linguistic constructs that supports exception handling, partial rollback, and forward recovery. The proper use of these constructs can prevent the indefinite delay in completion of a higher level transaction, and allows the programmer to trade off starvation with transaction isolation     

SDMP: A secure detector for epidemic disease file based on DNN

In the era of intelligent office, reading and processing PDF files by mobile devices have become important parts of various businesses. However, due to the universality of mobile device and PDF file, they are also often used by attackers to disguise malicious codes, which makes users in danger. Especially in medical field, once computer virus invades medical experts’ devices, a large number of data with high medical research value will face huge damage and irreparable loss. Therefore, how to ensure the security when users make use of PDF files is a challenging and meaningful task. In this paper, we design an secure detector of malicious PDF file for epidemic disease file based on Deep Neural Network to solve the problem of privacy and security in handling epidemic disease file. Experiment shows that the detection accuracy of our detector can achieve up to 99.3%. Moreover, the time cost on raining and forecasting of the proposed DNN model is extremely low, less than 1s per epoch.     

文件流转系统解决方案设计

对传统文件流转方式进行了分析,研究了现有计算机环境下文件管理的现状及问题,并设计出一套行之有效、方便灵活并能适应企事业单位职能转变、机构重组、政务透明的文件流转解决方案。该设计充分体现了文件的多样性、安全性、有效性并重;系统实现了状态跟踪、到达提醒、任务督办、多部门签批等功能。     

Shield: A stackable secure storage system for file sharing in public storage

With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13%$7\%\sim 13\%$ performance degradation when compared with eCryptfs but provides enhanced security for user’s data.     

文件过滤驱动在网络安全终端中的应用

设计并实现了一个运行于Windows系统的网络终端设备信息防泄漏系统。系统通过文件系统过滤驱动的运用,实现了对网络终端机密文件的实时监控和动态加解密,既具有文件加密的安全性,又具有访问控制的方便性,有效地防止了网络终端机密信息的泄漏。     

Scalable, secure, and highly available distributed file access

A summary of and historical perspective on work done to implement easy-to-share distributed file systems based on the Unix model are presented. Andrew and Coda are distributed Unix file systems that embody many of the recent advances in solving the problem of data sharing in large, physically dispersed workstation environments. The Andrew architecture is presented, the scalability and security of the system are discussed. The Coda system is examined, with emphasis on its high availability     

基于CORBA的安全文件共享服务的设计与实现

文件共享服务是企业网络应用环境中一项不可缺少的基本服务。提出了一种基于CORBA的安全文件共享服务模型,介绍了管理服务与共享服务的对象结构、代理机制及它们之间的互操作性,对模型进行了实现,并针对实际使用效果分析了本模型在功能、灵活性及安全性方面的特点。实际结果表明,该模型实现了共享资源的统一管理以及安全灵活的文件访问方法,弥补了传统方法的不足,可以实际应用于大规模的企业网。     

自适应文件传输与策略研究

针对目前网络中存在多种数据传输协议,并且各个协议不能或不能很好地兼容其他协议的现状,提出了将文件与文件传输协议进行分离的思想,提出了支持多协议的自适应文件传输的体系结构,提出了针对非局域网的三种文件传输策略：对于大文件依据文件类型采用冗余校验传输或者分片并行传输的策略,对于普通文件采用基于平均服务质量的传输策略,对于小文件采用通道复用的传输策略,而由于局域网的文件传输速率比较高,对于所有文件采用基于平均服务质量的传输策略。在此基础上,提出了自适应文件传输算法AFTA。实验证明其可以依据文件属性等因素,从协议库中选择合适的协议来传输文件,从而有效提高了文件传输的灵活性、高效性,同时保证了可靠性。     

Mosquitto大文件传输方式的研究与改进

针对Mosquitto当前传输方式在消息推送时占用内存随消息订阅者个数的增加而上升的问题,设计并实现了一种适用于大文件类型消息传输并降低服务器内存消耗的传输方式。实验结果显示,当存在100个消息订阅者、消息长度为25 MB左右时,与Mosquitto的传输方式相比,新的传输方式的内存消耗仅为前者的6%左右。这表明该传输方式有效控制了消息订阅者增加对内存消耗造成的影响。