Today companies and organizations are using the Web as the main informationdissemination means both at internal and external level. Information dissemination often takes theform of XML documents that are made availabl...Today companies and organizations are using the Web as the main informationdissemination means both at internal and external level. Information dissemination often takes theform of XML documents that are made available at Web servers, or that are actively broadcasted byWeb servers to interested clients. These documents often contain information at different degrees ofsensitivity, therefore a strong XML security platform and mechanism is needed. In this paper wedeveloped CIT/XML security platform and take a close look to syntax and processing of CIT/digitalsignature model, CIT/encryption model, CIT/smart card crypto and SPKI interface security models.Security services such as authentication, integrity and confidentiality to XML documents and non-XMLdocuments, which exchanged among various servers, are provided.展开更多
Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trad...Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.'s scheme shows that Lee et al's protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.'s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.展开更多
This paper proposes an Authentication Interworking Protocol (AIP) based on IEEE 802.21 Medi Independent Handover (MIH) in the heterogeneous networks. The proposed AIP with the RSA-based proxy signature reduces han...This paper proposes an Authentication Interworking Protocol (AIP) based on IEEE 802.21 Medi Independent Handover (MIH) in the heterogeneous networks. The proposed AIP with the RSA-based proxy signature reduces handover delay time and communication message overhead when the mobile node moves between the heterogeneous networks. It defines new AlP Type Length Value (AlP TLV) in MIH frame format and uses the MIH Information Server (MIHIS) for issuing signature. The MIHIS can generate a signature on behalf of the AAA server and then the signature can he used by mobile node for a pre-authentication. For low handover delay, the proposed AIP performs pre-authentication processes with MIP protocol before layer 2 handover. Also, this paper analyses the performance of the handover and compares with the non-secure MIH.展开更多
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this...with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.展开更多
This study empirically investigates the impact of managerial entrenchment on firm financial performance of Chinese firms initial public offerings (IPOs). Using 142 firms listed in the Shenzhen Stock Exchange (SZSE...This study empirically investigates the impact of managerial entrenchment on firm financial performance of Chinese firms initial public offerings (IPOs). Using 142 firms listed in the Shenzhen Stock Exchange (SZSE), which was collected from the Guotaian Research Service Center (GTA-RSC) databases, this study uses two proxies to measure firm performance and three proxies to measure managerial entrenchment. The two proxies for firm performance are Tobins' Q and return on assets (ROA), and the three proxies for managerial entrenchment are entrenchment 1, entrenchment 2, and entrenchment 3. These three entrenchment proxies are derived from the principal component analysis (PCA). Though previous studies of managerial entrenchment and firm performance variables suffer from endogeneity, with respect to the corporate governance it is unclear as to which variables are endogenous and which are exogenous. This study confirms that the data are linear and no endogeneity issue should be address in this study, but only heteroskedasticity, non-normality for Tobins' Q are a problem, therefore, the regression method employed for Tobins' Q is the generalised least square (GLS) and the ordinary least square (OLS) between estimators for ROA. The regression result for Tobins' Q reveals that managerial entrenchment is negatively impact on firm performance. The results are in contradiction to the stewardship theory for new firms whereas the managerial entrenchment for new firms is positive. Furthermore, only one entrenchment proxy yields a significant coefficient. In conclusion, the negative results of entrenchment proxies were caused by the different institutional structures and legal systems which are the Chinese corporations that are still largely owned and controlled by a state and hence the centralised state controlled was responsible for all managerial actions.展开更多
文摘Today companies and organizations are using the Web as the main informationdissemination means both at internal and external level. Information dissemination often takes theform of XML documents that are made available at Web servers, or that are actively broadcasted byWeb servers to interested clients. These documents often contain information at different degrees ofsensitivity, therefore a strong XML security platform and mechanism is needed. In this paper wedeveloped CIT/XML security platform and take a close look to syntax and processing of CIT/digitalsignature model, CIT/encryption model, CIT/smart card crypto and SPKI interface security models.Security services such as authentication, integrity and confidentiality to XML documents and non-XMLdocuments, which exchanged among various servers, are provided.
基金supported by the Key Program of NSFC-Guangdong Union Foundation under Grant No.U1135002Young Foundation of Humanities and Social Sciences of MOE (Ministry of Education in China) of under Grant No.11YJCZH160Foundation for Young Scientists of Jiangxi Province of China under Grant No.20133BCB23016
文摘Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.'s scheme shows that Lee et al's protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.'s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.
基金supported by the Korea Science and Engineering Foundation(KOSEF)grant funded by the Korea government(MEST)(No.2010-0000100)the Ubiquitous Computing and Network(UCN)project,knowledge and economy frontier R&D program of the Ministry of Knowledge Economy(MKE)in Korea and a result of subproject10C2-C1-20S
文摘This paper proposes an Authentication Interworking Protocol (AIP) based on IEEE 802.21 Medi Independent Handover (MIH) in the heterogeneous networks. The proposed AIP with the RSA-based proxy signature reduces handover delay time and communication message overhead when the mobile node moves between the heterogeneous networks. It defines new AlP Type Length Value (AlP TLV) in MIH frame format and uses the MIH Information Server (MIHIS) for issuing signature. The MIHIS can generate a signature on behalf of the AAA server and then the signature can he used by mobile node for a pre-authentication. For low handover delay, the proposed AIP performs pre-authentication processes with MIP protocol before layer 2 handover. Also, this paper analyses the performance of the handover and compares with the non-secure MIH.
基金Supported by the National Natural Science Foundation of China under Grant No. 61370068
文摘with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.
文摘This study empirically investigates the impact of managerial entrenchment on firm financial performance of Chinese firms initial public offerings (IPOs). Using 142 firms listed in the Shenzhen Stock Exchange (SZSE), which was collected from the Guotaian Research Service Center (GTA-RSC) databases, this study uses two proxies to measure firm performance and three proxies to measure managerial entrenchment. The two proxies for firm performance are Tobins' Q and return on assets (ROA), and the three proxies for managerial entrenchment are entrenchment 1, entrenchment 2, and entrenchment 3. These three entrenchment proxies are derived from the principal component analysis (PCA). Though previous studies of managerial entrenchment and firm performance variables suffer from endogeneity, with respect to the corporate governance it is unclear as to which variables are endogenous and which are exogenous. This study confirms that the data are linear and no endogeneity issue should be address in this study, but only heteroskedasticity, non-normality for Tobins' Q are a problem, therefore, the regression method employed for Tobins' Q is the generalised least square (GLS) and the ordinary least square (OLS) between estimators for ROA. The regression result for Tobins' Q reveals that managerial entrenchment is negatively impact on firm performance. The results are in contradiction to the stewardship theory for new firms whereas the managerial entrenchment for new firms is positive. Furthermore, only one entrenchment proxy yields a significant coefficient. In conclusion, the negative results of entrenchment proxies were caused by the different institutional structures and legal systems which are the Chinese corporations that are still largely owned and controlled by a state and hence the centralised state controlled was responsible for all managerial actions.
