The area,the scope as well as some ecological environment questions in Three Gorges Reservoir was briefly introduced. Then its early warning-system frame was preliminarily constructed,which includes ecological securit...The area,the scope as well as some ecological environment questions in Three Gorges Reservoir was briefly introduced. Then its early warning-system frame was preliminarily constructed,which includes ecological security dynamic monitoring,ecological security appraisal,ecological security forecast and ecological security decision-making management. The synthetic evaluation indicator system of the ecological security quality were initially established,which includes ecological environment pollution,land use and land cover change,geological hazard and epidemic outbreaks. At the same time,29 evaluating indicators were selected,divides into the basic factors,response factors and inducing factors,which need to be Real-time monitored.展开更多
As a critical Internet infrastructure,domain name system(DNS)protects the authenticity and integrity of domain resource records with the introduction of security extensions(DNSSEC).DNSSEC builds a single-center and hi...As a critical Internet infrastructure,domain name system(DNS)protects the authenticity and integrity of domain resource records with the introduction of security extensions(DNSSEC).DNSSEC builds a single-center and hierarchical resource authentication architecture,which brings management convenience but places the DNS at risk from a single point of failure.When the root key suffers a leak or misconfiguration,top level domain(TLD)authority cannot independently protect the authenticity of TLD data in the root zone.In this paper,we propose self-certificating root,a lightweight security enhancement mechanism of root zone compatible with DNS/DNSSEC protocol.By adding the TLD public key and signature of the glue records to the root zone,this mechanism enables the TLD authority to certify the self-submitted data in the root zone and protects the TLD authority from the risk of root key failure.This mechanism is implemented on an open-source software,namely,Berkeley Internet Name Domain(BIND),and evaluated in terms of performance,compatibility,and effectiveness.Evaluation results show that the proposed mechanism enables the resolver that only supports DNS/DNSSEC to authenticate the root zone TLD data effectively with minimal performance difference.展开更多
基金funded by National Natural Science Foundation Project (40801077)Ministry of Education Key Project (209100)+1 种基金Natural Science Foundation of Chongqing ( CSTC, 2008BB7367 )Chongqing Municipal Education Commission of Science and Technology Research Grant Project (KJ070811)~~
文摘The area,the scope as well as some ecological environment questions in Three Gorges Reservoir was briefly introduced. Then its early warning-system frame was preliminarily constructed,which includes ecological security dynamic monitoring,ecological security appraisal,ecological security forecast and ecological security decision-making management. The synthetic evaluation indicator system of the ecological security quality were initially established,which includes ecological environment pollution,land use and land cover change,geological hazard and epidemic outbreaks. At the same time,29 evaluating indicators were selected,divides into the basic factors,response factors and inducing factors,which need to be Real-time monitored.
基金This work is partially supported by the National Key Research and Development Program(2018YFB1800702).
文摘As a critical Internet infrastructure,domain name system(DNS)protects the authenticity and integrity of domain resource records with the introduction of security extensions(DNSSEC).DNSSEC builds a single-center and hierarchical resource authentication architecture,which brings management convenience but places the DNS at risk from a single point of failure.When the root key suffers a leak or misconfiguration,top level domain(TLD)authority cannot independently protect the authenticity of TLD data in the root zone.In this paper,we propose self-certificating root,a lightweight security enhancement mechanism of root zone compatible with DNS/DNSSEC protocol.By adding the TLD public key and signature of the glue records to the root zone,this mechanism enables the TLD authority to certify the self-submitted data in the root zone and protects the TLD authority from the risk of root key failure.This mechanism is implemented on an open-source software,namely,Berkeley Internet Name Domain(BIND),and evaluated in terms of performance,compatibility,and effectiveness.Evaluation results show that the proposed mechanism enables the resolver that only supports DNS/DNSSEC to authenticate the root zone TLD data effectively with minimal performance difference.
