With the improvement of network,security becomes more importable. In market,firewall is one of the importable security products. Firewall can prevent your network from being attacked,for example IP snoop,mail-spm etc....With the improvement of network,security becomes more importable. In market,firewall is one of the importable security products. Firewall can prevent your network from being attacked,for example IP snoop,mail-spm etc. But firewall can not prevent itself from the action which attacks the firewall's code and firewall system. So we add integrity services into firewall system. In firewall system,every module does self-check integrity before it is loaded by system. A bilateral authentication procedure is designed for two modules which call each other to establish trust in the identity and integrity of each other. And it is still necessary to ensure secure linkage between the two parties. Firewall system establishes on the security data architecutre.展开更多
Modem network security devices employ packet classification and pattern matching algorithms to inspect packets. Due to the complexity and heterogeneity of different search data structures, it is difficult for existing...Modem network security devices employ packet classification and pattern matching algorithms to inspect packets. Due to the complexity and heterogeneity of different search data structures, it is difficult for existing algorithms to leverage modern hardware platforms to achieve high performance. This paper presents a Structural Compression (SC) method that optimizes the data structures of both algorithms. It reviews both algorithms under the model of search space decomposition, and homogenizes their search data structures. This approach not only guarantees deterministic lookup speed but also optimizes the data structure for efficient implementation oi1 many-core platforms. The performance evaluation reveals that the homogeneous data structure achieves 10Gbps line-rate 64byte packet classification throughput and multi-Gbps deep inspection speed.展开更多
Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing ...Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields,and every field could be identified by reversing its corresponding data structure.In details,we use a finegrained dynamic taint analysis to monitor the propagation of inputs.By identifying base pointers for each input byte,we could reverse data structures and conversely identify fields based on their referencing data structures.We construct several experiments to evaluate the effectiveness.Experiment results show that our approach could effectively reverse precise input formats,and provide unique benefits to two representative security applications,exploit diagnosis and malware analysis.展开更多
Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethe...Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.展开更多
文摘With the improvement of network,security becomes more importable. In market,firewall is one of the importable security products. Firewall can prevent your network from being attacked,for example IP snoop,mail-spm etc. But firewall can not prevent itself from the action which attacks the firewall's code and firewall system. So we add integrity services into firewall system. In firewall system,every module does self-check integrity before it is loaded by system. A bilateral authentication procedure is designed for two modules which call each other to establish trust in the identity and integrity of each other. And it is still necessary to ensure secure linkage between the two parties. Firewall system establishes on the security data architecutre.
文摘Modem network security devices employ packet classification and pattern matching algorithms to inspect packets. Due to the complexity and heterogeneity of different search data structures, it is difficult for existing algorithms to leverage modern hardware platforms to achieve high performance. This paper presents a Structural Compression (SC) method that optimizes the data structures of both algorithms. It reviews both algorithms under the model of search space decomposition, and homogenizes their search data structures. This approach not only guarantees deterministic lookup speed but also optimizes the data structure for efficient implementation oi1 many-core platforms. The performance evaluation reveals that the homogeneous data structure achieves 10Gbps line-rate 64byte packet classification throughput and multi-Gbps deep inspection speed.
基金the National Natural Science Foundation of China,the foundation of State Key Lab.for Novel Software Technology in Nanjing University,the foundation of Key Laboratory of Information Assurance Technology
文摘Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields,and every field could be identified by reversing its corresponding data structure.In details,we use a finegrained dynamic taint analysis to monitor the propagation of inputs.By identifying base pointers for each input byte,we could reverse data structures and conversely identify fields based on their referencing data structures.We construct several experiments to evaluate the effectiveness.Experiment results show that our approach could effectively reverse precise input formats,and provide unique benefits to two representative security applications,exploit diagnosis and malware analysis.
文摘Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.
