检索结果-南通市图书馆

KubeFuzzer:Automating RESTful API Vulnerability Detection in Kubernetes

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2024年第10期81卷 1595-1612页

作者： Tao Zheng Rui Tang Xingshu Chen changxiang shen School of Cyber Science and Engineering Sichuan UniversityChengdu610065China Cyber Science Research Institute Sichuan UniversityChengdu610065China Key Laboratory of Data Protection and Intelligent Management(Sichuan University) Ministry of EducationChengdu610065China

RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes *** tools struggle with generating lengthy,high-semantic request sequences that can pass Kubernetes API gateway *** address this,we propose KubeFuzzer,a black-box fuzzing tool designed for Kubernetes RESTful *** utilizes Natural Language Processing(NLP)to extract and integrate semantic information from API specifications and response messages,guiding the generation of more effective request *** evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86%to 36.34%,increases the successful response rate by 6.7%to 83.33%,and detects 16.7%to 133.3%more bugs compared to three leading *** identified over 1000 service crashes,which were narrowed down to 7 unique *** tested these bugs on 10 real-world Kubernetes projects,including major providers like AWS(EKS),Microsoft Azure(AKS),and Alibaba Cloud(ACK),and confirmed that these issues could trigger service *** have reported and confirmed these bugs with the Kubernetes community,and they have been addressed.

关键词： Kubernetes RESTful APIs API fuzzing black-box fuzzing

Energy-Theft Detection Issues for Advanced Metering Infrastructure in Smart Grid

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Tsinghua Science and Technology 2014年第2期19卷 105-120页

作者： Rong Jiang Rongxing Lu Ye Wang Jun Luo changxiang shen Xuemin(Sherman) shen School of Computer National University of Defense Technology Department of Electrical and Computer Engineering University of Waterloo School of Electrical and Electronics Engineering Nanyang Technological University Communication Engineering Research Center Harbin Institute of Technology Shenzhen Graduate School Computing Technology Institute of China Navy

With the proliferation of smart grid research, the Advanced Metering Infrastructure （AMI） has become the first ubiquitous and fixed computing platform. However, due to the unique characteristics of AMI, such as complex network structure, resource-constrained smart meter, and privacy-sensitive data, it is an especially challenging issue to make AMI secure. Energy theft is one of the most important concerns related to the smart grid implementation. It is estimated that utility companies lose more than S25 billion every year due to energy theft around the world. To address this challenge, in this paper, we discuss the background of AMI and identify major security requirements that AMI should meet. Specifically, an attack tree based threat model is first presented to illustrate the energy-theft behaviors in AMI. Then, we summarize the current AMI energy-theft detection schemes into three categories, i.e., classification-based, state estimation-based, and game theory-based ones, and make extensive comparisons and discussions on them. In order to provide a deep understanding of security vulnerabilities and solutions in AMI and shed light on future research directions, we also explore some open challenges and potential solutions for energy-theft detection.

关键词： smart grid Advanced Metering Infrastructure (AMI) security energy-theft detection

Survey of information security

在线全文

学校读者我要写书评

暂无评论

Science in China(Series F) 2007年第3期50卷 273-298页

作者： shen changxiang ZHANG HuangGuo FENG DengGuo CAO ZhenFu HUANG JiWu Computing Technology Institute of China Navy Beijing 100841 China School of Computer Wuhan University Wuhan 430072 China Institute of Software Chinese Academy of Sciences Beijing 100080 China Department of Computer Science and Technology Shanghai Jiaotong University Shanghai 200030China Information Technology Institute Zhongshan University Guangzhou 510275 China

The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of information security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

关键词： information security cryptology trusted computing network security information hiding

Security Architecture of Trusted Virtual Machine Monitor for Trusted Computing

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2007年第1期12卷 13-16页

作者： HUANG Qiang shen changxiang FANG Yanxiang College of Electric Engineering Naval University ofEngineering Wuhan 430072 Hubei China Naval Institute of Computing Technology Beijing 100841China College of Information Technical Science Nankai UniversityTianjin 300071 China

With analysis of limitations Trusted Computing Group （TCG） has encountered, we argued that virtual machine monitor （VMM） is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented ＂thin＂ virtual machine （VM）, Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base （TCB）. It provides isolation and integrity guarantees based on which general security requirements can be satisfied.

关键词： trusted computing virtual machine monitor(VMM) separation kernel trusted computing base (TCB)

Formal Compatibility Model for Trusted Computing Applications

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2009年第5期14卷 388-392页

作者： ZHU Lu YU sheng ZHANG Xing shen changxiang School of Computer Wuhan University Wuhan 430072 Hubei China Institute of Electronic Technology Information Engineering University Zhengzhou 450004 Henan China Trusted Computing Laboratory Beijing University of Technology Beijing 100022 China

The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group （TCG）, has adopted a different cryptography scheme. Applications designed for the TCG specifications cannot directly function on platforms complying with Chinese specifications because the two cryptography schemes are not compatible with each other. In order to transplant those applications with little to no modification, the paper presents a formal compatibility model based on Zaremski and Wing＇s type system. Our model is concerned not only on the syntactic compatibility for data type, but also on the semantic compatibility for cryptographic attributes according to the feature of trusted computing. A compatibility algorithm is proposed based on the model to generate adapters for trusted computing applications.

关键词： trusted computing compatibility trusted cryptography module (TCM) TCM service module (TSM)

Remote Attestation-Based Access Control on Trusted Computing Platform

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2010年第3期15卷 190-194页

作者： LIU Xian'gang ZHANG Xing FU Yingfang shen changxiang Institute of Computer Science and Technology Beijing University of Technology Beijing 100022 China

Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller （RABAC）, which is based on a combination of techniques, such as random number, Bell-La Padula （BLP） model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.

关键词： trusted computing remote attestation access control security model

A Trusted Measurement Scheme Suitable for the Clients in the Trusted Network

在线全文

学校读者我要写书评

暂无评论

China Communications 2014年第4期11卷 143-153页

作者： GONG Bei ZHANG Jianbiao YE Xiaolie shen changxiang College of Computer Science Beijing University of Technology Beijing 100124 P. R. China Beijing Business Intelligence and Communications Tech Co. Ltd.

The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted *** the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity *** order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the *** scheme presented in this paper supports both static and dynamic ***,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.

关键词： trusted computing trusted network authentication state measurement real-time measurement

Behavior Measurement Model Based on Prediction and Control of Trusted Network

在线全文

学校读者我要写书评

暂无评论

China Communications 2012年第5期9卷 117-128页

作者： Gong Bei Zhang Jianbiao shen changxiang Zhang Xing Beijing Univ Technol Coll Comp Sci Beijing 100124 Peoples R China Beijing Jiaotong Univ Sch Comp & Informat Technol Beijing 100044 Peoples R China Fujian Normal Univ Key Lab Network Secur & Cryptol Fuzhou 350007 Peoples R China

In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is *** using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its *** with traditional measurement model,the model considers different characteristics of various *** trusted measurement policies established according to different network environments have better *** constructing trusted group,the threats to trusted group will be reduced *** trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and *** simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.

关键词： trusted network behavioral predic-tive control similarity trust measurement

基于PostgreSQL的强制访问控制的实现

在线全文

学校读者我要写书评

暂无评论

计算机工程 2006年第2期32卷 50-52页

作者：刘欣沈昌祥海军工程大学4系武汉430074 海军计算技术研究所北京100004

讨论一个基于公开源码数据库PostgreSQL的安全数据库原型系统中强制访问控制机制的实现。详细阐述了原型系统对PostgreSQL系统原有数据字典的更改及对DDL、DML语言的改造,并介绍了多级关系的分解与恢复算法。

关键词：安全数据库 BLP模型强制访问近控制