基于元素树的数据转换系统探讨

文章探讨了基于XML文档的数据转换算法和模型、使用DTD元素树来刻画XML文档结构,并在此基础上建立XML文档与其他格式数据的结构映射关系,完成数据转换的方法.提出了基于元素树实现一个XML文档与关系数据库数据相互转换的系统XWrapper.该系统为用户指定的DTD自动生成其对应的元素树,然后在元素树的基础上,根据用户定义的或系统自动生成的元素与数据库字段的映射关系,实现XML文档与关系型数据的相互转换.     

安全协议的一种CSP开发框架

论文基于系统的API平台提出安全协议的一种CSP开发框架,将形式化方法与高级语言有机结合起来,实现了协议由形式化说明转换为可执行代码处理过程的自动化,有利于快捷准确地将已完成CSP验证的安全协议翻译为可执行代码,避免了在将CSP描述转换为可执行代码预处理过程中引入安全隐患的可能性。     

一种将XML模式转化为编程语言的算法

为设计与实现XML通用数据编辑框架中编辑数据的验证,提出一种将XML Schema文档转化为Java代码的算法。研究XML Schema的元素和元素间嵌套关系的定义规则,在此基础上定义元素到Java代码的转换规则和转换算法。该算法以Schema元素为根元素,采用深度优先搜索算法遍历XML Schema文档的每个元素,保证对XML Schema文档转换的完整性。算法实现了XML Schema定义的28种元素和12种限定元素到Java代码的转换,并且元素间的嵌套关系也得到完整的保存。最后通过转换实例验证了该算法的正确性和有效性。     

自动生成XML测试脚本的类测试

针对手工编写测试脚本工作量大且容易出错的问题，提出了以XML文档描述测试脚本，利用DOM技术自动生成测试脚本的方法。在此基础上，设计了一个类测试框架，并用一个实例描述了其具体的流程。     

基于身份的电子文档域密钥分发算法及协议

为了实现电子文档安全管理环境中域间用户的通信安全,采用双线性对构造了一个适用于大数量、动态域组的基于身份的域密钥分发算法,该算法实现了域环境下用户的动态加入与离开,通过广播加密的方式使域用户获得更新后的域密钥,避免了复杂的密钥更新协商协议.另外,提出基于共享域的电子文档管理协议,实现域内用户共享,不同域之间安全分发电子文档.在该协议工作下,共享域内每个用户合法获得的电子文档可以在域中各设备间无缝地流动,实现资源共享.不同的域之间电子文档的传输有严格的限制,需要经服务器认证,确保电子文档的安全管理与防泄密.     

一种基于Perl的Verilog代码自动生成的EDA工具

在大规模IC设计中越来越多地使用Verilog语言描述硬件功能并采用模块化设计方法，随着设计规模的增大，设计中的项目管理越来越重要和复杂。本文介绍了一个作者在工作实践中开发的基于Perl的EDA工具，方便地从设计文档中自动生成Verilog代码，确保设计文档和Verilog代码的一致性，提高工作效率并保障设计质量。     

基于Web应用界面的代码自动生成软件设计

为了提高Web应用界面的代码自动生成能力,在Linux内核源代码中进行代码自动生成软件的开发设计,提出基于代码驱动自动配置和交叉编译路径多线程加载的Web应用界面的代码自动生成软件设计方法。首先进行软件开发的总体设计描述,建立虚拟文件系统接口,由网络驱动、协议、防火墙等部分组成代码自动生成软件的网络管理系统,建立操作系统负责管理和存储Web应用界面的文件信息,在代码的输出层为用户建立可视化的操作界面,实现对代码的存入、读出、修改。通过代码驱动自动配置在交叉编译路径下实现软件优化开发设计。软件测试结果表明,采用该系统进行Web应用界面的代码自动生成设计,具有较好的可靠性和交互性。     

基于DOM的XML解析技术在构件描述中的应用

在Visual C#中,解析器可将代码中的扩展标记语言(eXtensible Markup Language,XML)注释处理为外部XML文档。文档对象模型(Document Object Model,DOM)定义了一个独立于平台和语言的标准接口,应用程序通过它访问和修改XML文档数据。介绍了DOM的特点和功能,并在ASP.NET平台下通过封装的DOM类库解析和存取XML文档,完成了对XML文档数据提取,将解析出的数据导入数据库作为构件描述信息的应用实例。     

基于VC＋＋的报表自动生成技术

在VC＋＋平台上,采用COM技术调用OLE自动化对象,结合XML的DOM树结构,对Word操作,实现了报表的自动生成。通过遍历XML文档节点,运用书签定位和Word中的智能指针,实现界面的动态加载,并在自动生成的Word报表中精确插入了文字、图片、表格等。     

基于XML的代码自动生成工具

代码自动生成作为一种程序自动化技术,可有效解决现代大规模软件开发过程中遇到的重复编写代码问题,提高了软件开发的效率和质量。文中介绍了一种基于XML的代码生成技术,并以XML转换技术为基础,给出了XML的代码生成工具的结构设计,及其实现框架和关键步骤。以该工具在雷达建模仿真过程中的应用实例,验证了基于XML的代码生成工具可减少重复代码编写,降低因手工编写带来的编码错误,从而提高了代码的编写质量及效率,使大规模软件开发和维护更简便。     

基于三维球体模型的XML通信协议安全评估方法

针对XML通信协议的安全评估问题,提出了一种基于三维球体模型的协议安全评估方法。首先利用评估指标在球体外壳层的坐落位置构建XML通信协议的三维安全评估指标体系,以该坐标系投影面积为度量标准,运用层次分析法(AHP, analytic hierarchy process)、球体半径以及开合角度获取一、二级评估指标的权值。从XML协议的内容、通信载荷、安全隐患3个层面计算XML通信协议各安全分量的量化评估值,通过量化计算和综合分析得到XML通信协议的安全性评估结果。仿真结果表明该方法能有效地评估协议的安全性并可满足对XML通信协议的安全性评估需要。     

Password-based three-party authenticated key exchange protocol from lattices

Password-based three-party authenticated key exchange protocol allow clients to establish a protected session key through a server over insecure channels.Most of the existing PAKE protocols on lattices were designed for the two parties,which could not be applied to large-scale communication systems,so a novel three-party PAKE protocol from lattices was proposed.The PAKE protocol was constructed by using a splittable public-key encryption scheme and an associated approximate smooth projective Hash function,and message authentication mechanism was introduced in the protocol to resist replay attacks.Compared with the similar protocols,the new protocol reduces the number of communication round and improves the efficiency and the security of protocol applications.     

HHT-Based Security Enhancement Approach with Low Overhead for Coding-Based Reprogramming Protocols in Wireless Sensor Networks

Coding-based reprogramming protocols can effectively and remotely disseminate a new code image to all sensor nodes via wireless channels in wireless sensor networks. However, security service is crucial to these protocols when sensor nodes are deployed in adversarial environments. Existing security schemes can resist Pollution Attack, but the overheads are excessive. In this paper, a security enhancement approach with low overhead based on Hierarchical Hash Tree is proposed to enhance the security of the protocols. Our scheme is composed of two layers of Merkle Tree based on the ideas of hierarchy and aggregation. Then, the security of proposed approach is proven and the overheads of that are analyzed. Furthermore, our scheme is used to implement page authentication of Sreluge protocol, which is a representative reprogramming protocol based on random linear codes. Experimental results show that our scheme can cut authentication overhead by at least 43 % that of Merkle Tree and other overheads have been reduced markedly with the size of code image growing.     

认证密钥协商协议

Key agreement and identification protocols are much applicable among current protocols in cryptography. These protocols are used for a secure communication through an insecure channel in a network like Internet. Challenge-response identification protocol is an important identification method. In this paper, by making some slight changes in the public-key-based challenge-response identification protocol, we have introduced a new scheme in which the users in addition to authenticating each other can also agree on multiple keys. Then, this protocol'es security from both aspects regarding the identification and key agreement will be analyzed. At the end, we will prove our scheme has a high security and efficiency in comparison with some famous and similar protocols.     

Confidential communication scheme based on uncertainty of underwater noisy channels

Aiming at the influence of the uncertainty of underwater noise on information transmission and the security problem of the communication over noisy channels,a confidential communication scheme based on the uncertainty of underwater noisy channels was proposed.The proposed scheme was composed of an interactive key extraction protocol based on Godel’s code and a privacy amplification protocol based on r-circulant Toeplitz matrix.During the process of key extraction,the key sequence comparing number was reduced through the Godel’s code.When calculating the key length after privacy amplification,the uncertainty of underwater noise was considered to make the proposed scheme more practical.Experimental results show that under the condition of satisfying protocol security,it takes 11.99 s to transmit 119 940 bit string where the lower bound of the generated secret key length is 117 331 bit after privacy amplification and the upper bound of the adversary’s information about the secret key is 2 609 bit.Moreover,the proposed scheme (nt+s)×(nt+s)-order r-circulant Toeplitz matrix decreases(nt+s)-1 bit memory space compared to the traditional Toeplitz matrix with the same order.     

WLAN security processor

A novel wireless local area network (WLAN) security processor is described in this paper. It is designed to offload security encapsulation processing from the host microprocessor in an IEEE 802.11i compliant medium access control layer to a programmable hardware accelerator. The unique design, which comprises dedicated cryptographic instructions and hardware coprocessors, is capable of performing wired equivalent privacy, temporal key integrity protocol, counter mode with cipher block chaining message authentication code protocol, and wireless robust authentication protocol. Existing solutions to wireless security have been implemented on hardware devices and target specific WLAN protocols whereas the programmable security processor proposed in this paper provides support for all WLAN protocols and thus, can offer backwards compatibility as well as future upgrade ability as standards evolve. It provides this additional functionality while still achieving equivalent throughput rates to existing architectures.     

面向安全协议的虚拟化可编程数据平面

随着网络安全技术的发展,越来越多网络安全协议出现,因此需要网络转发设备对网络安全协议提供支持。可编程数据平面由于其协议的无关性,能够实现安全协议的快速部署。但当前可编程数据平面存在包头多次解析、独占数据平面和密码算法实现难的问题。针对上述问题,该文提出一种面向安全协议的虚拟化可编程数据平面(VCP4),其通过引入描述头降低包头解析次数,提高包头解析效率。使用控制流队列生成器和动态映射表实现可编程数据平面的虚拟化,实现多租户下数据平面的隔离,解决独占数据平面问题。在VCP4的语言编译器中添加密码算法原语,实现密码算法可重用。最后针对VCP4资源利用率,虚拟化性能和安全协议性能进行实验评估,结果显示在实现功能的基础上带来较小的性能损失,且能降低50%的代码量。     

A Provably Secure General Construction for Key Exchange Protocols Using Smart Card and Password

Key exchange protocols using both smart card and password are widely used nowadays since they provide greater convenience and stronger security than protocols using only a password. Most of these protocols are often limited to simple network systems, and they may have security risks. We propose a general construction for key exchange protocols using smart card and password to avoid these flaws. The constructed protocol from the gen-eral construction has only one additional communication round than the original public encryption scheme. This construction is proven secure under random oracle model, so it can resist several common types of attacks. It is also adapted well to various networks. Compared with related protocols, the proposed key exchange protocol generated from the general construction has better secure proper-ties and good computational efficiency in storage cost and operation time.     

一种验证非否认协议的新方法

为了描述非否认协议中的各种不确定因素,在Kailar逻辑系统中引入了表示缺省信息的否定词,以及相应的推理机制。提出了安全协议验证的新方法,主要特点是:可以直接对协议的动态运行过程进行推理;推理具有非单调性;避免过多的理想化假设;可以分析含有多个子协议的非否认协议,以及协议的可追究性和公平性。文中以一种基于离线TTP方式的非否认协议为例,验证了该协议在运行一次时具有可追究性,但多次运行时存在攻击。     

Secure Distributed Key Generation for Discrete-Log Based Cryptosystems

A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = g^k). In this paper we show that a widely used dlog-based DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated keys: we describe an efficient active attacker controlling a small number of parties which successfully biases the values of the generated keys away from uniform. We then present a new DKG protocol for the setting of dlog-based cryptosystems which we prove to satisfy the security requirements from DKG protocols and, in particular, it ensures a uniform distribution of the generated keys. The new protocol can be used as a secure replacement for the many applications of Pedersen's protocol. Motivated by the fact that the new DKG protocol incurs additional communication cost relative to Pedersen's original protocol, we investigate whether the latter can be used in specific applications which require relaxed security properties from the DKG protocol. We answer this question affirmatively by showing that Pedersen's protocol suffices for the secure implementation of certain threshold cryptosystems whose security can be reduced to the hardness of the discrete logarithm problem. In particular, we show Pedersen's DKG to be sufficient for the construction of a threshold Schnorr signature scheme. Finally, we observe an interesting trade-off between security (reductions), computation, and communication that arises when comparing Pedersen's DKG protocol with ours.