Trust Model Based on Structured Protection for High Level Security System

In order to ensure the security of information systems, it's essential to make sure that system behaviors are trusted. By analyzing threats that exist in executing procedures, a trust model based on structured protection is proposed. We consider that functional components, system actions and message flows between components are three key factors of information systems. Structured protection requirements on components, connections and action parameters are also provided. Four trusted properties of the model are deducted through formal analysis, and trusted system behavior is defined based on these properties. Furthermore, decision theorem of trusted system behavior is proved. The developed prototype system indicates the model is practical. It is a general theory model built on logic deduction and independent on specific environment and the behaviors of the system designed and implemented following the model are trusted.

Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems

Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce are dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but also fail to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will investigate the problem of business logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for component-based e-commerce application, based on security requirement of e-business process and security assurance logical component behaviour specification approach to formulize and design a solution for business logic vulnerability phenomena.

A Data Assured Deletion Scheme in Cloud Storage

In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.

Pervasive Dependability in Wireless Cloud Networking: a BlueGreen Topological Control Approach

The future Wireless Cloud Networks (WCNs) are required to satisfy both extremely high levels of service resilience and security assurance (i.e., Blue criteria) by overproviding backup network resources and cryptographic protection on wireless communication respectively, as well as minimizing energy consumption (i.e., Green criteria) by switching off unnecessary resources as much as possible. There is a contradiction to satisfy both Blue and Green design criteria simultaneously. In this paper, we propose a new BlueGreen topological control scheme to leverage the wireless link connectivity for WCNs using an adaptive encryption key allocation mechanism, named as Shared Backup Path Keys (SBPK). The BlueGreen SBPK can take into account the network dependable requirements such as service resilience, security assurance and energy efficiency as a whole, so as trading off between them to find an optimal solution. Actually, this challenging problem can be modeled as a global optimization problem, where the network working and backup elements such as nodes, links, encryption keys and their energy consumption are considered as a resource, and their utilization should be minimized. The case studies confirm that there is a trade-off optimal solution between the capacity efficiency and energy efficiency to achieve the dependable WCNs.

Safe Olympics Beijing's top police officers offer security assurances to 2008 Olympic Games

With a formidable antiterrorism team, Beijing's top cops are ready to deal with any security incidents that might take place during the 2008 Olympics. This assurance was given by Lu Shimin, Deputy Director General of the Beijing Public Security Bureau, at a