SIP安全机制研究

会话初始协议(SIP)是IETF制订的多媒体通信系统框架协议之一,也是3GPP的IP多媒体子系统(IMS)的重要组成部分。面对复杂、开放的因特网环境,SIP协议自身缺乏有力的安全机制,使其在安全性方面显得较为薄弱。该文从分析SIP的安全威胁入手,针对SIP协议报文明文传送、缺乏有力的身份认证这两大脆弱性,从数据加密和身份鉴定两方面研究了相应的安全解决方案,讨论了如何利用现有技术和手段改善SIP的安全性,并提出了进一步改善SIP安全性的一些思路。     

Guiding Resource Allocations Based on Terrorism Risk

Establishing tolerable levels of risk is one of the most contentious and important risk management decisions. With every regulatory or funding decision for a risk management program, society decides whether or not risk is tolerable. The Urban Area Security Initiative (UASI) is a Department of Homeland Security (DHS) grant program designed to enhance security and overall preparedness to prevent, respond to, and recover from acts of terrorism by providing financial assistance for planning, equipment, training, and exercise needs of large urban areas. After briefly reviewing definitions of terrorism risk and rationales for risk-based resource allocation, this article compares estimates of terrorism risk in urban areas that received UASI funding in 2004 to other federal risk management decisions. This comparison suggests that UASI allocations are generally consistent with other federal risk management decisions. However, terrorism risk in several cities that received funding is below levels that are often tolerated in other risk management contexts. There are several reasons why the conclusions about terrorism risk being de minimis in specific cities should be challenged. Some of these surround the means used to estimate terrorism risk for this study. Others involve the comparison that is made to other risk management decisions. However, many of the observations reported are valid even if reported terrorism risk estimates are several orders of magnitude too low. Discussion of resource allocation should be extended to address risk tolerance and include explicit comparisons, like those presented here, to other risk management decisions.     

How a System Backfires: Dynamics of Redundancy Problems in Security

Increasing attention is being paid to reliability, safety, and security issues in social systems. Scott Sagan examined why more security forces (a redundancy solution) may lead to less security.⁽ 1 ⁾ He discussed how such a solution can backfire due to three major issues (i.e., “common‐mode error,”“social shirking,” and “overcompensation”). In this article, using Sagan's hypotheses, we simulate and analyze a simple and generic security system as more guards are added to the system. Simulation results support two of Sagan's hypotheses. More specifically, the results show that “common‐mode error” causes the system to backfire, and “social shirking” leads to an inefficient system while exacerbating the common‐mode error's effect. Simulation results show that “overcompensation” has no effect of backfiring, but it leads the system to a critical state in which it can easily be affected by the common‐mode error. Furthermore, the simulation results make us question the importance of the initial power of adversaries (e.g., terrorists) as the results show that, for any exogenous level of adversary power, the system endogenously overcompensates to a level that makes the system more susceptible to being attacked.     

计算机网络安全与防火墙技术

计算机网络的不断发展,加快了我国企业和全社会信息化的脚步,同时网络安全问题已成为信息时代人类共同面临的挑战,网络安全问题也日益突出。全面分析了目前计算机网络安全问题,探讨了网络安全策略,通过主要的防火墙技术来分析如何提高网络安全性能,从而保证网络的安全。     

基于AHP的网络银行交易安全评估模型

本文探讨了网络银行安全的影响因素及其安全控制要求,构建了网络银行交易安全的评价指标体系,运用AHP方法建立了交易安全等级评价模型,以此为网络银行安全管理提供依据。     

社会保障政策效应、偏好显示与公共选择

在中国社会保障制度运行中,诸多现象说明必须高度重视偏好显示制度缺位的问题。在现有社会保障体制下,政府对经济主体的偏好进行人为抑制(或者压制)是完全可能的,这种抑制会导致经济主体偏好显示的障碍。社会保障公共选择机制包含初级政治市场、政策供给市场、政策执行市场。社会保障公共选择机制是指在国家社会保障体系中,广义公共选择主体(包括居民、企业、中介组织、政府等)的权责分配结构和围绕社会保障政策的提出(投票规则)、审议、制定、执行、监督、评价等所涉及的程序、规则的总和。推进中国社会保障听证制度建设,使社会保障听证制度法规化和规范化,使社会保障听证制度成为沟通政府与居民、企业的偏好信息、沟通中央政府①与行业部门、地方政府的偏好信息的有效路径,将极大地推进中国社会保障公共选择制度建设,提高中国社会保障公共选择机制的效率。     

入侵检测技术中Apriori算法的应用与改进

采用关联规则挖掘网络数据包可以发现数据包中各属性字段间的频繁关系，通过模式的学习与训练可以发现网络用户的异常行为模式。采用作用度的Apriori-lift算法削减了Apriori算法的挖掘结果规则，使网络入侵检测系统可以快速的发现用户的行为模式，而且能够快速的锁定攻击者。Apnori—li蹲法提高了基于关联规则的入侵检测系统的检测性能。     

USOs研究及其对中国创业研究的启示

简要介绍了USOs的概念，分析了USOs的衍生过程，探讨了促进USOs成功的保障机制，最后提出了USOs对中国创业研究的启示。     

论信息时代的国家安全战略

信息时代的国家安全从内涵到外延、从理念到实践都发生了根本性变化。其核心理念是:优先保障信息安全的重点安全理念,国防与经济建设协调发展的互动安全理念,以信息安全为基础的综合安全理念,以及相互尊重、平等互利的合作安全理念。我国在整体上应确立以信息安全为基础、以经济安全为核心、以政治安全为前提、以军事安全为后盾、以合作安全为途径、以综合安全为标志的新的国家安全观,构建适应未来中国发展的十大安全战略。     

信息系统的安全模型

为了综合利用口令、日志审计、权限管理等机制,建立一个相对严密并具有一定实用性的安全体系,以实现对信息系统的安全保护,该文在总结工程经验的基础上,提出了一个包括界面逻辑、业务逻辑和异常探测的信息系统安全模型。介绍了对模型中的主要组成部分的工作流程和实现的功能,同时针对涉及信息系统安全的异常行为进行分析,并说明异常探测机的工作方式和一种实用化的日志数据格式以及对日志文件的保护方法。