The Design of an Intelligent Security Access Control System Based on Fingerprint Sensor FPC1011C

This paper deals with the design of an intelligent access control system based on the fingerprint sensor FPC- 1011C. The design uses the S3C2410 and TMS320VC5510A as the system processor. A fingerprint acquisition module and a wireless alarm module were designed by using the fingerprint sensor FPC1011C and GPRS module SIM100 respectively. The whole system was implemented wireless alarm through messages and GPRS-Internet in the GSM/GPRS web. In order to achieve the simple and high Real-time system, the μC-Linux system migration was also implemented.

Fault detection for networked systems subject to access constraints and packet dropouts

This paper addresses the problem of fault detection（FD） for networked systems with access constraints and packet dropouts.Two independent Markov chains are used to describe the sequences of channels which are available for communication at an instant and the packet dropout process,respectively.Performance indexes H∞ and H_ are introduced to describe the robustness of residual against external disturbances and sensitivity of residual to faults,respectively.By using a mode-dependent fault detection filter（FDF） as residual generator,the addressed FD problem is converted into an auxiliary filter design problem with the above index constraints.A sufficient condition for the existence of the FDF is derived in terms of certain linear matrix inequalities（LMIs）.When these LMIs are feasible,the explicit expression of the desired FDF can also be characterized.A numerical example is exploited to show the usefulness of the proposed results.

Combinatory Spread－Spectrum Multiple－Access Based on Residue Number System：System and Performance

ＣｏｍｂｉｎａｔｏｒｙＳｐｒｅａｄ－ＳｐｅｃｔｒｕｍＭｕｌｔｉｐｌｅ－ＡｃｃｅｓｓＢａｓｅｄｏｎＲｅｓｉｄｕｅＮｕｍｂｅｒＳｙｓｔｅｍ：ＳｙｓｔｅｍａｎｄＰｅｒｆｏｒｍａｎｃｅＹａｎｇＬｉｅｌｉａｎｇ；ＬｉＣｈｅｎｇｓｈｕ（ＮｏｒｔｈｅｒｎＪｉａｏｔ...

Ensuring Security, Confidentiality and Fine-Grained Data Access Control of Cloud Data Storage Implementation Environment

With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.

Linux中System V进程通信机制安全性形式化验证

基于Linux开发安全操作系统是提高计算机安全的重要途径 ,而形式化验证则是开发过程的重要和必要的环节。我们从Linux的各个子系统着手进行验证 ,逐步搭建起整个操作系统的验证模型。考虑到访问控制机制是实现操作系统安全性的关键 ,本文主要讨论使用SPIN模型检验器对IPC子系统中的SystemV进程通信机制进行形式化验证的过程与方法 ,查找安全漏洞并改进现有的机制 ,为开发工作提供理论上的保证。

基于Access数据库的WinCC组态软件报表系统的研究

研究了MicrosoftAccess与SIEMENS的上位机监控软件WinCC之间数据流的过程,结合生产实际,介绍了基于Access的工控组态软件报表数据库管理系统的设计与开发,实现了对数据的查询、分析与统计,为企业的生产管理提供辅助决策。

An Improved Real-Time Face Recognition System at Low Resolution Based on Local Binary Pattern Histogram Algorithm and CLAHE

This research presents an improved real-time face recognition system at a low resolution of 15 pixels with pose and emotion and resolution variations. We have designed our datasets named LRD200 and LRD100, which have been used for training and classification. The face detection part uses the Viola-Jones algorithm, and the face recognition part receives the face image from the face detection part to process it using the Local Binary Pattern Histogram (LBPH) algorithm with preprocessing using contrast limited adaptive histogram equalization (CLAHE) and face alignment. The face database in this system can be updated via our custom-built standalone android app and automatic restarting of the training and recognition process with an updated database. Using our proposed algorithm, a real-time face recognition accuracy of 78.40% at 15 px and 98.05% at 45 px have been achieved using the LRD200 database containing 200 images per person. With 100 images per person in the database (LRD100) the achieved accuracies are 60.60% at 15 px and 95% at 45 px respectively. A facial deflection of about 30° on either side from the front face showed an average face recognition precision of 72.25%-81.85%. This face recognition system can be employed for law enforcement purposes, where the surveillance camera captures a low-resolution image because of the distance of a person from the camera. It can also be used as a surveillance system in airports, bus stations, etc., to reduce the risk of possible criminal threats.

A Priority-aware Frequency Domain Polling MAC Protocol for OFDMA-based Networks in Cyber-physical Systems

Wireless networking in cyber-physical systems (CPSs) is characteristically different from traditional wireless systems due to the harsh radio frequency environment and applications that impose high real-time and reliability constraints. One of the fundamental considerations for enabling CPS networks is the medium access control protocol. To this end, this paper proposes a novel priority-aware frequency domain polling medium access control (MAC) protocol, which takes advantage of an orthogonal frequency-division multiple access (OFDMA) physical layer to achieve instantaneous priority-aware polling. Based on the polling result, the proposed work then optimizes the resource allocation of the OFDMA network to further improve the data reliability. Due to the non-polynomial-complete nature of the OFDMA resource allocation, we propose two heuristic rules, based on which an efficient solution algorithm to the OFDMA resource allocation problem is designed. Simulation results show that the reliability performance of CPS networks is significantly improved because of this work. © 2014 Chinese Association of Automation.

新型电力系统面向云边端架构的安全访问控制技术研究

新型电力系统的建设正朝着云边端一体化方向发展,云边端架构带来灵活性和可扩展性的同时,也带来了数据隐私安全、非法操作、缺乏标准化集成方案等问题。基于此,文章提出一种结合云边端架构特点的基于属性的安全访问控制方案(cloud-edge-device attribute-based access control,CED-ABAC),方案通过边缘融合终端进行重加密,既保护数据安全,又减轻终端设备的通信开销,在策略授权方面,使用可扩展的访问控制标记语言(extensible access control markup language,XACML)设计授权策略和策略匹配算法,实现对多终端访问控制策略的同时下发,更高效地解决标准化集成问题。同时通过实验仿真,证明CED-ABAC方案的效率和性能相比于已有方案具有明显优势。

基于分区操作系统的文件系统设计

研究涉及一种基于分区操作系统的文件系统设计方法,解决分区操作系统下文件的安全访问问题。分区操作系统资源、空间彼此隔离,文件系统用于管理分区数据,不能违背数据资源的隔离需求。为此,通过将文件系统部署在分区操作系统的分区;分区内和分区外采用两层分区安全访问控制;采用快照管理实现文件系统自身对并行文件访问需求,实现文件系统设计。通过测试表明,该方法能够在满足分区操作系统设计约束下,实现文件的安全访问。

基于6LoWPAN的智慧校园公共安全异常监控系统设计

在智慧校园网络中,监控系统无法准确捕获异常人员信息,是造成公共安全事件的主要原因;为提高智慧校园公共安全性,设计基于6LoWPAN的智慧校园公共安全异常监控系统;建立6LoWPAN网络,并在其中规范协议栈堆叠形式,完成基于6LoWPAN的智慧校园监控协议栈开发;利用6LoWPAN协议栈,划分功能性模块,以此为基础,建立人员信息采集模块、环境监测模块、门禁控制模块之间的连接关系,实现异常监控系统的应用部件设计;采用监控系统上位机节点,设置各级部件结构的模块运行条件,并联合相关应用部件,实现基于6LoWPAN的智慧校园公共安全异常监控系统设计;实验结果表明,在同一帧图像中,设计系统可以全部提取异常人员信息,且不会出现错误提取的情况,监控准确率高达100%,能够有效提高智慧校园公共安全性和异常监控准确性。

基于人脸识别技术的门禁系统应用

当前,人脸识别技术被应用在门禁系统中,大大提高了门禁管理效率与质量。密集型产业员工生活配套区(配套入住小区)是基于人脸识别技术的门禁系统的一大应用方向。基于此,本文探讨了基于人脸识别技术的门禁系统在密集型产业员工生活配套区(配套入住小区)的应用,旨在更好地做好基于人脸识别技术的门禁系统构建,强化小区门禁管理效果。

具有访问约束和数据丢包的网络化系统H_(∞)鲁棒控制

针对同时存在访问约束和数据丢包的网络化控制系统,研究了H_(∞)鲁棒控制方法的设计问题.首先,采用Bernoulli随机过程来描述系统的数据丢包过程,并根据介质访问约束的随机访问机制建立了离散时间马尔可夫跳变系统模型;其次,通过Lyapunov稳定性理论和LMI技术导出闭环系统随机稳定的充分条件,并设计了相应的H_(∞)鲁棒控制器,使得闭环系统随机稳定并具有给定的H_(∞)性能;最后,通过仿真算例验证了所提控制方案的正确性和有效性.

具有介质访问约束的网络化控制系统H∞状态估计

研究了一类存在介质访问约束和信号量化的网络化控制系统的H∞状态估计问题。首先,考虑到介质访问约束和信号量化的影响,将信号量化误差转化为扇形有界的不确定性,对由于访问约束而未获得网络传输的系统输出采用加权补偿策略,根据网络介质的随机访问机制将网络化系统建模为具有不确定性的马尔可夫跳跃系统。然后,在此基础上借助李雅普诺夫稳定性理论和H∞性能约束条件,利用线性矩阵不等式(linear matrix inequality,LMI)方法给出状态估计器存在的充分条件,所设计的状态估计器使得估计误差系统渐近稳定且具有给定的H∞性能。最后,通过仿真实例验证了该设计方法的有效性。

变电所门的设计要点简析

梳理变电所门的主要作用和设置要点;介绍变电所门的常见的“机械锁”和“门禁”两种形式的管理方式;结合气体灭火系统的特点,分别对两种管理方式下变电所的外门和相邻变电所之间双向开启弹簧门的特点进行分析,提出一种验证灭火剂喷射时能否顶开变电所门的公式,并结合气体灭火系统的要求提出合理建议;最后,分析低压柜长度对门设置的影响并提出建议。

面向异常行为的邮件访问控制网关的设计与实现

高校邮件系统平均每月面临数万次的暴力破解认证攻击,攻击者会使用简单邮件传输协议(Simple Mail Transfer Protocal,SMTP)认证的方式对高校师生邮件账号进行暴力破解认证,尤其是分布式暴力破解和低频慢速暴力破解难以识别检测,是导致邮件服务器面临资源消耗及账户安全问题的巨大威胁。因此,有必要设计一种面向异常行为的邮件访问控制网关,通过分析邮件日志捕获异常攻击行为,动态阻断恶意互联网协议(Internet Protocal,IP)攻击。测试结果表明,该网关通过分析邮件日志、抽取安全事件、捕获异常行为特征,构建了特征规则;基于漏桶算法捕获低频、分布式暴力破解的恶意IP,联动防火墙实现了对恶意IP的动态封禁及解除;设计、实现访问控制网关并应用于校园网,成功阻断了62%的攻击流量。

基于QAR数据的飞行控制系统故障研究综述

为系统梳理国内外对民用飞机飞行控制系统故障分析的研究历程和现状,针对基于快速存取记录器(QAR)数据分析的飞行控制系统典型故障类型,首先,总结QAR数据预处理、特征提取等使用过程;然后,根据故障分析可达到的性能指标,提出4个故障研究阶段,分别为故障监测、故障识别、故障诊断和故障预测;最后,综合国内外研究进度与深度,得出飞行控制系统典型故障类型,包括方向舵液压泄漏、升降舵指示不一致、襟翼动作耗时等,建模常用QAR数据项包括飞机主舵面位置、飞行姿态、飞机性能、左右襟翼角度、襟翼位置等,计算方法包括物理模型、多变量统计、逻辑推理、机器学习等。结果表明:系统分析方向舵、升降舵、襟翼等子系统最新研究进展,发现在故障类型、参数选择和计算方法的改进等方面取得了一定的成果,故障研究阶段基本处于故障诊断或非实时预测水平,但仍需加强面向安全保障与实际维修方面的需求,以实现故障实时预测技术。

基于主从多链的数据分类分级访问控制模型

为解决数据混合存储导致精准查找速度慢、数据未分类分级管理造成安全治理难等问题,构建基于主从多链的数据分类分级访问控制模型,实现数据的分类分级保障与动态安全访问。首先,构建链上链下混合式可信存储模型,以平衡区块链面临的存储瓶颈问题;其次,提出主从多链架构,并设计智能合约,将不同隐私程度的数据自动存储于从链;最后,以基于角色的访问控制为基础,构建基于主从多链与策略分级的访问控制(MCLP-RBAC)机制并给出具体访问控制流程设计。在分级访问控制策略下,所提模型的吞吐量稳定在360 TPS(Transactions Per Second)左右。与BC-BLPM方案相比,发送速率与吞吐量之比达到1∶1,具有一定优越性;与无访问策略相比,内存消耗降低35.29%;与传统单链结构相比,内存消耗平均降低52.03%;与数据全部上链的方案相比,平均存储空间缩小36.32%。实验结果表明,所提模型能有效降低存储负担,实现分级安全访问,具有高扩展性,适用于多分类数据的管理。

基于多模态生物特征识别的高校门禁系统设计与实现

为解决传统门禁系统对实体校园卡的过度依赖、数据应用能力差、无法形成精细化管理等问题,在已有门禁系统架构基础上,基于一卡通专网,采用分布式架构设计了一种基于多模态生物特征识别的高校智慧门禁系统。该系统集采集管理、生物数据库、算法服务、校门口出入管理、访客出入管理、公寓管理、设备管理和出入权限管理等功能于一体,实现了校园出入口的智慧化管理,提升了校园安全管理效率,为下一步的智慧校园建设奠定了应用基础。