一种大数据平台敏感数据安全共享的框架

 大数据平台存储了海量的用户敏感数据,这些敏感数据的共享有助于企业降低为用户提供个性化服务的成本,实现数据增值,而数据的安全共享是一个亟待解决的问题.通过分析敏感数据安全现状,提出了一个大数据平台敏感数据安全共享系统框架,包括数据平台上敏感数据的安全提交、存储、使用和销毁;研究了基于密文异构转化的代理重加密算法和基于虚拟机监控器的用户进程保护方法等关键技术,为系统功能的实现提供了支撑.该框架能够保护用户敏感数据的安全性,有效实现这些数据的安全共享,同时使数据拥有者完全掌握自身数据的控制权,从而有利于营造现代互联网信息安全的良好环境.     

谈智能手机的安全措施

随着时代的发展,手机作为一款通讯工具已成为当今社会生活中的必须品。同时,随着发展,更多轻巧,功能丰富的手机被越来越多的人所追求,智能手机(smartphone)的广泛应用更是当前的流行趋势。手机作为通讯和数据存贮的载体,其安全问题也是不可忽视的,即使再简单的手机在违法分子的手里都是危险的,对于功能强大,装载更多敏感数据的智能手机安全问题更是越来越受到广大用户的关注。     

数字签名技术在网络安全中的应用

网络安全在网络经济中占据着重要的地位，本从对网络安全的需求分析出发，论述了数字签名的技术基础和实现过程，给出了用公开密钥密码技术和常规密码技术实现电子签名的实例。     

浅谈无纸化办公中敏感数据的保护

随着计算机的普及和信息化的迅猛发展,传统的办公方式正在被自动化办公方式渐渐替代,无纸化办公中数据特别是敏感数据保护,已经成为所有办公室人员必须注意的问题。     

大规模数值型数据库中敏感数据的加密算法研究

针对大规模数值型数据库中敏感数据的加密,传统算法无法解决当前行、列数据间加密密钥的干扰问题,导致安全性能较差,效率降低。为此,提出一种新的大规模数值型数据库中敏感数据加密算法,对大规模数值型数据库中的数据进行聚类处理,以过滤无价值数据,得到对用户有价值的数值型数据,降低计算量。给出大规模数值型数据库中敏感数据加密原理,进行大规模数值型数据库的元素级加密,使所有字段的密钥均不相同。介绍了一种只在加密和解密的过程中产生密钥的密钥生成方式,依据得到的密钥对大规模数值型数据库中敏感数据进行加密和解密处理,从而实现敏感数据的加密。实验结果表明,采用所提算法对敏感数据进行加密,不仅能够保证安全性,而且有很高的效率和存储性能。     

浅谈Web软件的安全策略

从Web软件开发的角度出发,分别从四个方面分析了Web软件在开发过程中可能存在的漏洞,阐述了提升网站安全性的策略.首先,要过滤,检查用户传递的内容;其次,要保持异常信息的私有性;第三,要谨慎保管敏感数据,最后,要合理选择数据库的操作方式.     

Formal analysis of TPM2.0 key management APIs

The trusted platform module （TPM）, a system component implemented on physical resources, is designed to enable computers to achieve a higher level of security than the security level that it is possible to achieve by software alone. For this reason, the TPM provides a way to store cryptographic keys and other sensitive data in its memory, which is shielded from access by any entity other than the TPM. Users who want to use those keys and data to achieve some security goals are restricted to interact with the TPM through its APIs defined in the TPM speci- fication. Therefore, whether the TPM can provide Pro- tected Capabilities it claimed depends to a large extent on the security of its APIs. In this paper, we devise a formal model, which is accessible to a fully mechanized analysis, for the key management APIs in the TPM2.0 specification. We identify and formalize security properties of these APIs in our model and then successfully use the automated prover Tamarin to obtain the first mechanized analysis of them. The analysis shows that the key management subset of TPM APIs preserves the secrecy of non-duplicable keys for unbounded numbers of fresh keys and handles. The analysis also reports that the key duplication mechanism, used to duplicate a key between two hierarchies, is vul- nerable to impersonation attacks, which enable an adver- sary to recover the duplicated key of the originating hierarchy or import his own key into the destination hier- archy. Aiming at avoiding these vulnerabilities, we proposean approach, which restricts the originating and destination TPMs to authenticate each other＇ s identity during duplication. Then we formally demonstrate that our approach maintains the secrecy of duplicable keys when they are duplicated.     

一种基于数据敏感度的混合型数据库加密策略

该策略首先改进了AES加密算法的密钥扩展方法Key Expansion,并根据实际需求将数据库信息划分为敏感数据、非敏感数据、敏感关键字和非敏感关键字;然后通过改进的AES算法对敏感数据进行二次嵌套加密,对敏感关键字使用改进的AES算法加密以保证数据库的安全性;使用DES算法对非敏感数据和非敏感关键字进行加密保证了数据库操作的高效性能;最后通过java语言实现了该策略的加密软件并投入实际应用.在应用中证明了该策略在安全性、高效性及易实现性方面的优势.     

Novel Privacy Preserving Method of Countering the Threats from Priori Knowledge

Recently,many data anonymization methods have been proposed to protect privacy in the applications of data mining.But few of them have considered the threats from user's priori knowledge of data patterns.To solve this problem,a flexible method was proposed to randomize the dataset,so that the user could hardly obtain the sensitive data even knowing data relationships in advance.The method also achieves a high level of accuracy in the mining process as demonstrated in the experiments.