检索结果-南通市图书馆

A Trusted Mobile Payment Environment Based on Trusted Computing and Virtualization Technology

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2014年第5期19卷 379-384页

作者： WANG Juan LIN Wutao LI Haoyu DU Bianxia MENG Ke WANG Jiang School of Computer Wuhan University Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education

In this paper, we propose a trusted mobile payment environment （TMPE） based on trusted computing and virtualization technology. There are a normal operating system （OS） and a trusted OS （TOS） in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module （TPM）. TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.

关键词： trusted computing mobile payment virtualization mobile platform

Research on Android Malware Detection and Interception Based on Behavior Monitoring

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2012年第5期17卷 421-427页

作者： PENG Guojun SHAO Yuru WANG Taige ZHAN Xian ZHANG Huanguo Key Laboratory of Aerospace Information Security and Trust Computing Ministry of Education Wuhan 430072 Hubei China School of Computer Wuhan University Wuhan 430072Hubei China

Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.

关键词： Android software behavior smartphone security malware detection

MSMAM:Testing Resources Allocation,Obtaining Non-Functional Indexes Based on Functional Testing Results,and Evaluating Security

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2012年第6期17卷 504-510页

作者： CAO Hui ZHANG Huanguo YAN Fei School of Computer Wuhan UniversityWuhan 430072HubeiChina Key Laboratory of Aerospace Information Security and Trust Computing Ministry of EducationWuhan 430072HubeiChina

Security testing is a key technology for software *** testing results can reflect the relationship between software testing and software security,and they can help program designers for evaluating and improving software ***,it is difficult to describe by mathematics the relationship between the results of software functional testing and software nonfunctional security *** this paper,we propose a mathematics model（MSMAM） based on principal component analysis and multiattribute utility *** model can get nonfunctional security indexes by analyzing quantized results of functional *** can also evaluate software security and guide the effective allocation of testing resources in the process of software *** feasibility and effectiveness of MSMAM is verified by experiments.

关键词： software testing software security principal component analysis multi-attribute theory security evaluation

Effect:An Operational View Mechanism for Decentralized Information Flow Control

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2012年第5期17卷 435-440页

作者： YAN Fei TANG Jingya XIONG Shengchao WANG Juan Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education Wuhan 430072 Hubei China School of Computer Wuhan University Wuhan 430072 Hubei China

Flume, which implements decentralized information flow control （DIFC）, allows a high security level process to ＂pre-create＂ secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations （create, delete, and rename a file） on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems.

关键词： decentralized information flow control precreate operational view file access virtual layer

An Unknown Trojan Detection Method Based on Software Network Behavior

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2013年第5期18卷 369-376页

作者： LIANG Yu PENG Guojun ZHANG Huanguo WANG Ying School of Computer/Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education Wuhan University Law School Renmin University of China

Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat （APT） attack intents： besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.

关键词： targeted attack unknown Trojan detection software network behavior machine learning

在线全文

学校读者我要写书评

暂无评论

Flume系统的隐蔽信道搜索问题研究

计算机研究与发展 2013年第11期50卷 2367-2374页

作者：曹珲熊胜超张焕国严飞武汉大学计算机学院武汉430072 空天信息安全与可信计算教育部重点实验室(武汉大学) 武汉430072

Flume系统不仅可以为处于不同安全级别的进程传输信息提供安全保障,还可以通过显式标签机制解决在隐式标签系统中进程间通信连接超时导致的隐蔽信道问题.但是其系统中的部分不合理标签分配机制可能会导致信息在传递过程中同样存在泄露问... 详细信息

Flume系统不仅可以为处于不同安全级别的进程传输信息提供安全保障,还可以通过显式标签机制解决在隐式标签系统中进程间通信连接超时导致的隐蔽信道问题.但是其系统中的部分不合理标签分配机制可能会导致信息在传递过程中同样存在泄露问题.针对这个问题提出一种隐蔽信道搜索模型(covert channel detection model,CCDM),将隐蔽信道的搜索问题抽象为有向图联通问题.最后结合回溯算法的思想提出IniaPathSearch算法和QuickPathSearch算法来对隐蔽信道进行自动搜索.实验结果表明,IniaPathSearch算法和QuickPathSearch算法可以正确有效地对Flume系统中隐蔽信道进行检测,并能为信息传递提供合法最短路径,其结果可以用于指导提高系统的安全性.

关键词： Flume系统隐蔽信道隐蔽信道搜索模型有向图安全性

基于动态协同双向映射的相似执行路径生成方法

在线全文

学校读者我要写书评

暂无评论

电子学报 2014年第11期42卷 2168-2173页

作者：郭曦王盼华中农业大学信息学院计算机科学系湖北武汉430070 武汉电力职业技术学院湖北武汉430079 武汉大学电气工程学院湖北武汉430072

相似执行路径的生成是代码分析和检测的基础性工作之一,现有的方法通常以程序的行为序列或结构为分析对象,通过改变关键谓词的取值等方法来进行分析,但由于缺乏必要的引导信息导致生成的相似路径的有效性较低,另外由于路径的谓词集合较... 详细信息

相似执行路径的生成是代码分析和检测的基础性工作之一,现有的方法通常以程序的行为序列或结构为分析对象,通过改变关键谓词的取值等方法来进行分析,但由于缺乏必要的引导信息导致生成的相似路径的有效性较低,另外由于路径的谓词集合较长而难以求解也降低了分析的精度.提出基于动态协同双向映射的分析方法,通过对程序控制流图的表示形式进行扩展,结合后向符号分析的方法生成候选路径的最弱前置条件,并以此为引导信息使用编辑距离的方法通过改变距离因子的取值来生成有针对性的相似路径集合.实验结果表明,与现有的方法相比,该方法的准确性和效率有明显的优势.

关键词：静态分析控制流图最弱前置条件相似执行路径

基于无干扰理论的并发程序隐私性分析模型研究

在线全文

学校读者我要写书评

暂无评论

武汉大学学报（理学版） 2012年第6期58卷 508-514页

作者：曹珲张焕国严飞武汉大学计算机学院/空天信息安全与可信计算教育部重点实验室湖北武汉430072

基于无干扰理论和Hoare公理方法,针对并发进程中不可信代码带来的信息泄露问题,提出一种隐私性分析模型CPNIAM,一方面把并发程序功能正确性证明分化为对程序中所有并发进程的形式化验证,以达到复杂程序简单化证明的目的;另一方面,可以... 详细信息

基于无干扰理论和Hoare公理方法,针对并发进程中不可信代码带来的信息泄露问题,提出一种隐私性分析模型CPNIAM,一方面把并发程序功能正确性证明分化为对程序中所有并发进程的形式化验证,以达到复杂程序简单化证明的目的;另一方面,可以在进程的功能正确性验证的基础上进行并发进程间的无干扰性分析.实例分析表明,相对于传统的无干扰模型,本文提出的模型可以在程序设计及实现阶段的形式化验证过程中,对由不可信代码导致的进程间隐私泄露问题进行分析,分析结果可指导程序设计者用于不可信代码定位和修改.

关键词：隐私保护无干扰理论 Hoare公理方法并发程序形式化验证

在线全文

学校读者我要写书评

暂无评论

一种基于对抗的安全软件安全性分析方法

华中科技大学学报（自然科学版） 2014年第11期42卷 68-73页

作者：彭国军周英骥王泰格刘从刚武汉大学计算机学院湖北武汉430072 武汉大学空天信息安全与可信计算教育部重点实验室湖北武汉430072 中国人民大学法学院北京100872

为了检验安全软件的自身安全性,提出了一套安全软件安全性评价指标,包括进程保护、文件保护、网络通信保护、Rootkit深度检测、免杀对抗、文件重定向攻击和驱动加载防御等.首先对每一项标准进行了实际的分析证明,确定了标准对于安全软... 详细信息

为了检验安全软件的自身安全性,提出了一套安全软件安全性评价指标,包括进程保护、文件保护、网络通信保护、Rootkit深度检测、免杀对抗、文件重定向攻击和驱动加载防御等.首先对每一项标准进行了实际的分析证明,确定了标准对于安全软件的重要性,然后制定了具体的安全性定量计算方法,通过对六款反病毒软件进行了实际测试和结果分析,论证了本方法的有效性.

关键词：恶意软件对抗安全性保护评估