Table of Content

    20 September 2011
    Volume 46 Issue 9
    Chaotic secure communication based on parameter estimation of particle filter
    LI Hui, FENG Si-feng
    J4. 2011, 46(9):  1-4. 
    Abstract ( 639 )   PDF (909KB) ( 1168 )   Save
    Related Articles | Metrics

    The extended Kalman filter algorithm and unscented Kalman filter algorithm have a bad estimation performance of chaotic system state and parameter in secure communication based on chaotic parameter modulation.To solve this problem,the particle filter algorithm was used to estimate the state and parameter. The sent binary symbols were used to modulate the parameters of chaotic systems in transmitter. The corresponding parameters of chaotic systems were estimated through particle filter with received signal in receiver. The simulations show that in comparison with extended Kalman filter and unscented Kalman filter, particle filter algorithm in chaotic parameter estimation has shorter convergence time and lower estimation error, and the secure communication can be realized more effectively.

    A chaos synchronization secure communication system based on a new Lorenz-like attractor
    ZHU Cong-xu1, SUN Ke-hui2
    J4. 2011, 46(9):  5-8. 
    Abstract ( 670 )   PDF (1365KB) ( 1186 )   Save
    Related Articles | Metrics

     A simple synchronization method by only transmitting a single driving variable for a new Lorenz-like attractor is proposed. Furthermore, based on the chaotic synchronization method, a secure communication system is proposed. Since chaos synchronization can be achieved by transmitting only one channel information contains a single variable from driving system to response system, this method is more practical. Theoretical deduction and computer simulation show the effectiveness of the proposed method.

    Secure quantum voting protocol
    WEN Xiao-jun1,2, CAI Xue-jun1
    J4. 2011, 46(9):  9-13. 
    Abstract ( 656 )   PDF (452KB) ( 1343 )   Save
    Related Articles | Metrics

     Based on the actual demand for labor vote, a model and a protocol of quantum voting was proposed. This protocol overcomed the limitations of calculation security in the classic electronic voting protocol, and had unconditional security. With the existing quantum vote protocol, the realtime monitoring was used to instead of post audit to oversee the verifier’s behavior. The security and efficiency of our protocol were improve by reducing the technical difficulty.

    The linear orthomorphisms and orthomorphic matrix on the ring Zn
    HAN Hai-qing1, LI Qin2, LIU Xiu-sheng1, ZHANG Huan-guo3
    J4. 2011, 46(9):  14-17. 
    Abstract ( 691 )   PDF (317KB) ( 1422 )   Save
    Related Articles | Metrics

    Linear orthomorphisms have the good diffusibility, which can be used to design the P-permutation in the cryptography. The concept of the linear orthomorphisms and orthomorphic matrix on the residue class ring Zn was proposed, and counting formulas of the linear orthomorphisms and orthomorphic matrix on the residue class modulo-n ring. It has provided a theoretical basis for the cryptographic research.

    The research of security in grouping based on geographical area of  vehicular Ad hoc network
    SHUAI Lue, LIU Zhi-jie*, XIE Xiao-yao
    J4. 2011, 46(9):  18-21. 
    Abstract ( 670 )   PDF (725KB) ( 1492 )   Save
    Related Articles | Metrics

    There might be some potential security problem according to the features of Vehicle Ad hoc networks(VANET), including wireless, shift, scatter, developments and bandwidth limitations. The security analysis shows that the program proposed in this paper can better meet the security requirements of VANET. The advice is that the VANET is divided into several subnets based on geographic region, and the traffics in the same subnet communicate with each other through the CA (certificate authority) authentication mechanism while the communications among the subnets need the establishment of CA recommendation trust model.

    The formal description of software correctness based on environment
    MA Yan-fang1, ZHANG Min2,3, CHEN Yi-xiang2,3
    J4. 2011, 46(9):  22-27. 
    Abstract ( 631 )   PDF (361KB) ( 1305 )   Save
    Related Articles | Metrics

    Correctness is a key attribution for software trustworthiness. Abstractly, it can be represented by whether or not the implementations of the software satisfys its specification. Meanwhile, the correctness is also related to its execution environment. On the other hand, the correctness is a course of modifying implementation, i.e., the software is more and more close to correctness. In order to describe the dynamic correctness of software, the abstract characterization of dynamic correctness is proposed based on two-third bisimulation. Firstly, two-thirds limit bi-simulation is defined which reflects the course of modification implementation. Secondly, two-third bisimulation limit is presented which means that the specification of a software is the limit of its implementations. Finally, some algebraic properties are proved.

    Security assurance method based on non-interference
    SUN Yu1, CHEN Ya-sha2, ZHANG Xing1, LIU Yi1
    J4. 2011, 46(9):  28-34. 
    Abstract ( 596 )   PDF (904KB) ( 1432 )   Save
    Related Articles | Metrics

    In recent years, more and more researchers have taken attention to security assurance as an important aspect of operating system security. For high level secure operating system, structuration of architecture level must be met as security assurance requirements, which is the essential characteristics from the low level secure system. Firstly, the lacks of the traditional information flow model on solving the problem of security are analyzed, and the description and reflect of the security assurance in non-interference model are studied. Then structural rules are raised that can match reference monitor hypothesis. Secondly, the concept of the trusted pipeline is applied to the structural assurance of non-interference model, and security of the new model is proven. Finally, an implementation scheme of structured information flow control based on trusted pipeline is proposed.

    A resilient and distributed scheme of data security
    WANG Kan1, WU Lei2,3, HAO Rong4
    J4. 2011, 46(9):  39-42. 
    Abstract ( 671 )   PDF (327KB) ( 945 )   Save
    Related Articles | Metrics

    How to guarantee the security of private data is a very important problem in electronic commerce. A resilient and distributed scheme of data security was proposed in this paper. The scheme introduced additive sharing and secret sharing technologies to improve the security of information content. The information data was stored among the total servers distributedly by additive sharing. At the same time, each information share was backed up among the servers set. Therefore, if an adversary could not corrupt more than quorum number of servers, he could not obtain the information data. The scheme has a nice resilient ability. It means servers can join or leave the servers group freely and the threshold value can be changed dynamically, which is especially useful in the circumstance where the ability of attacker is alterable.

    Design and implementation of component stack overflow vulnerability detection system
    CHEN Jin-fu1,2, ZHANG Chao2, LU Yan-sheng2, WANG Huan-huan1
    J4. 2011, 46(9):  43-47. 
    Abstract ( 595 )   PDF (1183KB) ( 1466 )   Save
    Related Articles | Metrics

    Problems with buffer overflow security exposed by the COM component are more and more with the COM component technology widely used. The system CSDS (component stack overflow detecting system), which can detect buffer-overflow vulnerability of COM component, is designed and implemented in this paper. The CSDS system contains four modules, such as interface analysis module, function position module, stack-overflow static analysis module and result output module. The detail information of objects, interfaces and functions of the COM component is obtained through the interface analysis module. The linear address that the userwritten function corresponded in the assembly code of the component is analyzed and obtained through function position module. COM component assembly codes are implemented and stack-overflow vulnerability is analyzed through stackoverflow static analysis module. Test results can be expressed by the form of XML through result output module. The implemented prototype system CSDS has good effect on stack buffer-overflow vulnerability of the COM component.

    Research on modular reasoning of aspect-oriented programming
    XIE Gang1,2, YANG Bo1,3
    J4. 2011, 46(9):  48-52. 
    Abstract ( 592 )   PDF (352KB) ( 778 )   Save
    Related Articles | Metrics

    Modular reasoning is discussed and applied widely in program analysis and verification fields, including static analysis, program evolution, program verification, and so on. Aspect-oriented programming (AOP) is quantifiable and oblivious, and it violates the traditional modular principle.So, its the modular reasoning of AOP becomes more difficult, which seriously affected its application prospects The objectives and type of reasoning about the aspect-oriented program are described in this paper.Several different approaches were introduced. The research shows that there are some unresolved problems about the modular reasoning. Finally, the potential research directions of modular reasoning of aspect-oriented programs are discussed.

    Measure model for trusted Web services
    ZHENG Xiao-rong
    J4. 2011, 46(9):  53-56. 
    Abstract ( 629 )   PDF (492KB) ( 1042 )   Save
    Related Articles | Metrics

    Aimed at the problem that there is short of effective methods to measure trustworthiness of Web services, the main idea of ontology is introduced to describe Web services in field of intelligent architecture. The measure model for trusted Web services (MM-TWS) is put forwards with the ontology of Web services in intelligent building and the basic metrics flow. Fuzzy description logics is used to design the model algorithm to calculate the trusted degree of Web services for Intelligent building system integration. In order to validate the feasibility and validity, MM-TWS is applied to measure an intelligent building system integration based on paroxysmal affair management.

    Research on privilege control mechanism and modeling of  high level information system
    CHEN Ya-sha1,3, ZHAO Yong2, LIU Yan2, SHEN Chang-xiang2
    J4. 2011, 46(9):  57-60. 
    Abstract ( 590 )   PDF (746KB) ( 1300 )   Save
    Related Articles | Metrics

     In order to satisfy the least privilege requirement of high level information system,a mandatory access control model EPMM was proposed. The privilege of system is divided into three parts: system manager, security manager and audit manager, and none of the manager can destroy the whole system. Formal description for authorization division is presented, and the main theorems of EPMM were proven, so it can reduce the system loss caused by disabled users and abnormal operations.

    An ARQ error control scheme based on RSSI in wireless sensor networks
    YAO Wu-jun1, DING Yi1,WEI Li-xian1, YANG Xiao-yuan1,2
    J4. 2011, 46(9):  61-66. 
    Abstract ( 595 )   PDF (931KB) ( 1317 )   Save
    Related Articles | Metrics

    In wireless sensor networks(WSN), FEC error control strategy cannot overcome the problem of package loss,and it is also low in energy effiency when transmitting long data. The main indicator of the traditional ARQ error control strategy is bandwidth-delay product, rather than the energy efficiency. An ARQ error control strategy is presented based on the received signal strength indicator(RSSI) in this paper, which adjusts the maxRetries and retryDelay of ARQ dynamicly. The sender extracts the present channel RSSI value from data request frame when the data request is accepted. If the RSSI value is overhead the threshold,it adopts small maxRetries and retryDelay, else, it increases the maxRetries and selects a larger retryDelay randomly. Therefore, it can avoid the sender getting into busy waiting and enhance the probability of correctly received package of the receiver. Experimental results show that the proposed scheme can decrease the package loss probability effectively and is better in energy efficiency.

    Universally composable self-updating hash chain authentication model
    ZHANG Hao-jun, QI Qing-lei, ZHAO Bao-peng
    J4. 2011, 46(9):  67-70. 
    Abstract ( 749 )   PDF (445KB) ( 991 )   Save
    Related Articles | Metrics

     An ideal function of self-updating Hash chain authentication was proposed by using the framework of universal composable. A real protocol based on one time signature ideal function was designed. It proved that the protocal can realize the ideal function with secure pseudorandom function and cryptographic secure Hash function.

    Research on bandwidth allocation of the space station transport link
    HE Ning
    J4. 2011, 46(9):  71-76. 
    Abstract ( 558 )   PDF (1106KB) ( 1433 )   Save
    Related Articles | Metrics

    Considering the limits of on-board resource, the multi-nodes bandwidth allocation algorithm of space station transport link was put forward. First, regenerative relay satellite is equivalent to a basic SFM node with limited buffer capacity and service rate, establish serial SFM node chain model SMSFM (serial multi-nodes SFM) built up with space station node and relay satellite node with on-board processing capacity; on this basis, a bandwidth cross-layer allocation model is established; IPA method and SA theory are used to introduce corresponding bandwidth resource cross-layer allocation method; at last, validate performance of the algorithm introduced in this paper through a simulation example, and analyze the influence of limited on-board processing resources on system performance through simulations. Simulation results show that the bandwidth allocation algorithm introduced in this paper can better approximate actual bandwidth demand of service flows and effectively improve network bandwidth utilization.

    Honesty-rate measuring based distributed intrusion detection system
    CHEN Pei-Jian1, YANG Yue-Xiang2, TANG Chuan2
    J4. 2011, 46(9):  77-80. 
    Abstract ( 605 )   PDF (881KB) ( 821 )   Save
    Related Articles | Metrics

    A novel honesty-rate measuring based approach is proposed to improve the security and trust of distributed intrusion detection systems. All the cooperative nodes join the system with an initial value of 1 for an honesty rate. The honesty rate of a node dynamically increases or decreases depending on its status and behavior. The proposed approach compares the honesty rate of each node to eliminate or reduce the impact of harmful information from the malicious nodes, and then reduces the false positives and false negatives of the intrusion systems. The experiments and analyses of a representative case confirm the ability of the proposed approach improves detection accuracy and detection capability.

    The research of SOA-based tourism e-commerce system security model
    XIAO Xue-mei1, ZHANG Ren-jin1,2*
    J4. 2011, 46(9):  81-84. 
    Abstract ( 602 )   PDF (1475KB) ( 1013 )   Save
    Related Articles | Metrics

    SOA architecture in e-commerce system does well in solving business collaboration and information sharing and other issues, but it also makes the whole system  faces new security challenge. A SOA-based tourism e-commerce system security model is presented to resolve the security problems of SOA architecture in e-commerce. The main research way is to extend existing security technology based on conventional security solutions, which realizes security needs in three levels to ensure message transport safe and reliable between service requester and provider.

    A  PPM probabilistic packet marking improving scheme
    JIANG Hua, LI Ming-zhen, WANG Xin
    J4. 2011, 46(9):  85-88. 
    Abstract ( 594 )   PDF (485KB) ( 1240 )   Save
    Related Articles | Metrics

     Aiming at how to improve the packet marking markup information and the efficiency and accuracy of path reconstruction, an improved scheme is proposed based on PPM. The proposed scheme records routing information into the option of IP header to improve the packet marking markup information. A TTL1 field and a filling coefficient α were increased to respectively record the hops from the first router of mark packets to victim and identify authenticity of marked packets. Experiments show that improved packet marking algorithm greatly decreases the number of desired marked packets. When victim reconstructs path, it can effectively identify the authenticity of marked packets and improve the efficiency and accuracy of path reconstruction.

    Study on formal modeling method for survivability of mission-critical systems
    WANG Jian1,2, GUO Li-li1, LI Yang2
    J4. 2011, 46(9):  89-94. 
    Abstract ( 553 )   PDF (965KB) ( 1130 )   Save
    Related Articles | Metrics

     By analyzing the essential characters affecting survivability, service request and server, intruder and server are described as different components. Namely survivability model which accurately depicts system behaviors and properties is constructed from perspectives of users’ service requests and attack impact respectively with PEPA, and then similarities and differences are compared. Theoretical analysis and experimental results show that the model can exactly reflect key attributes of survivability and Theoreticallydirect the designation of survivable systems.

    Based on integrated fuzzy-neural network intrusion detection model
    JIANG Jia-tao, LIU Zhi-jie*, XIE Xiao-yao
    J4. 2011, 46(9):  95-98. 
    Abstract ( 673 )   PDF (845KB) ( 1055 )   Save
    Related Articles | Metrics

    With increasing serious situation of network security and network defects in the agreement itself, it’s incompetent to use the traditional way of firewall. Fuzzy neural network model of integrated intrusion detection is proposed to improve the ability of intrusion prevention in network. First, the data stream is obtained from network, and the fuzzy approach is used to perform data pre-processing on characteristics of invasion. Then, the training and testing data is received by the integrated fuzzy neural network module from the data pre-processing module. Through repeated training and learning, the weights of nodes in the sub-trees converge to determine values. When training is completed, the model is used to detect the network data. The response module receives the results of fuzzy neural network module and makes the appropriate response. In the experiment, the network intrusion detection datasets, a part of KDDCUP99, are used to evaluate integrated fuzzy neural network, and compared to a single neural network model. On the whole,the result shows that fuzzy neural network ensemble method results is more stable. It was slightly reduced on false alarm rate, false negative rate and false positive rate and significantly improved on accuracy and ability of datasets generalization.

    Strong and weak compatibility of services interacting under specific environment and its reachable analysis
    CHEN Bo
    J4. 2011, 46(9):  99-105. 
    Abstract ( 559 )   PDF (1134KB) ( 1016 )   Save
    Related Articles | Metrics

    analysis and verification of composite services interacting with interface is an important issue in service computing. The interface automata are taken as the model of composite services interacting in this paper. By introducing environment factor into analysis, the concept of strong and weak compatibility of service interacting under specific environment is proposed, and the expression of criterion for compatibility checking is presented. In order to check the compatibility of service interfaces, the interacting model of composite services is traversed with the reachable analysis, and the compatibility of service with environment has been checked.

    Dynamic multi-swarm particle swarm optimizer for constrained optimization problems
    LIU Yan-min
    J4. 2011, 46(9):  106-111. 
    Abstract ( 661 )   PDF (350KB) ( 1295 )   Save
    Related Articles | Metrics

    In order to solve constrained optimization problem, a dynamic multi-swarm particle swarm optimizer (DMCPSO) is proposed. In DMCPSO, dynamic multi-swarms and comprehensive learning strategy are applied to improve the swarm diversity. On the basis of the idea “no talent is to be wasted” from human society, each sub-swarm selects its member to the maximum utility of each particle, and the dynamic mutation operator is adopted for best performing particle (Gbest) to improve the ability of escaping from local optima. Experimental simulation results of benchmark functions show that DMCPSO achieves better solutions than other algorithms.

    Whittle type inequality for demimartingales and its applications
    GONG Xiao-bing1,2
    J4. 2011, 46(9):  112-116. 
    Abstract ( 681 )   PDF (283KB) ( 849 )   Save
    Related Articles | Metrics

    A Whittle type inequality for demimartingales which contains the Hajek-Renyi type inequality is  derived, and a strong law of large numbers for functions of demimartingales is obtained by applying this inequality.

    Finite-time ruin probability for risk model with negatively dependence heavily-tailed potential claims
    XIAO Hong-min, LIU Jian-xia
    J4. 2011, 46(9):  117-121. 
    Abstract ( 563 )   PDF (324KB) ( 1339 )   Save
    Related Articles | Metrics
    Optimal inspection and replacement policy for a shock model with preventive repair
    LI Ling1, CHENG Guo-qing1, TANG Ying-hui2
    J4. 2011, 46(9):  122-126. 
    Abstract ( 712 )   PDF (458KB) ( 810 )   Save
    Related Articles | Metrics

     Considering a shock model with inspection and preventive repair, and assuming that the repair of the system is not as good as new, the system average cost rate C(T,N) is obtained by using geometric process and renewal process, where T is the time interval of inspections and N is the number of system failure before replacement. Finally, the optimal policy is derived by using numerical method.