一种可证明安全的消息认证码

消息认证码是保证消息完整性的重要工具,它广泛应用于各种安全系统中.随着可证明安全理论的逐渐成熟,具备可证明安全的消息认证码无疑成为人们的首选.本文基于XOR MAC和PMAC的构造方法,使用分组密码构造了一种确定性、可并行的消息认证码-DXOR MAC(Deterministic XOR MAC).在底层分组密码是伪随机置换的假设下,本文使用Game-Playing技术量化了攻击者成功伪造的概率,从而证明了其安全性.

基于访问控制空间的多策略安全体系结构

为解决LSM在策略重用和策略共存方面存在的问题，提出了一个新的安全体系结构ELSM，它引入一个模型组合器作为主模块实施模块堆栈管理和模块决策管理，其中模块决策的实施采用了访问控制空间的策略规范方法，可支持通用性，ELSM的设计及其在安胜OS安全操作系统中的实例分析表明其有效性。

基于UML和模型检测的安全模型验证方法

安全策略的形式化分析与验证随着安全操作系统研究的不断深入已成为当前的研究热点之一.文中在总结前人工作的基础上,首次提出一种基于UML和模型检测器的安全模型验证方法.该方法采用UML将安全策略模型描述为状态机图和类图,然后利用转换工具将UML图转化为模型检测器的输入语言,最后由模型检测器来验证安全模型对于安全需求的满足性.作者使用该方法验证了DBLP和SLCF模型对机密性原则的违反.

RSA-Based Password-Authenticated Key Exchange, Revisited

The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.

Continuous speech research based on HyperSausage Neuron

In this paper, we presents HyperSausage Neuron based on the High-Dimension Space(HDS), and proposes a new algorithm for speaker independent continuous digit speech recognition. At last, compared to HMM-based method, the recognition rate of HyperSausage Neuron method is higher than that of in HMM-based method.

Continuous speech research based on HyperSausage Neuron

In this paper, we presents HyperSausage Neuron based on the High-Dimension Space(HDS), and proposes a new algorithm for speaker independent continuous digit speech recognition. At last, compared to HMM-based method, the recognition rate of HyperSausage Neuron method is higher than that of in HMM-based method.

Layered Architecture for Secure E-Commerce Applications

We present a layered architecture for secure e-commerce applications and protocols with fully automated dispute-resolution process, robust to communication failures and malicious faults. Our design is modular, with precise yet general-purpose interfaces and functionalities, and allows usage as an underlying secure service to different e-commerce, e-banking and other distributed systems. The interfaces support diverse, flexible and extensible payment scenarios and instruments, including direct buyer-seller payments as well as (the more common) indirect payments via payment service providers (e.g. banks). Our design is practical, efficient, and ensures reliability and security under realistic failure and delay conditions.

a flexible negotiation model for an agent-based software process modelling

Our Agent-based Software Process Modelling (ASPM) approach describes a software process as a set of cooperative agents. Negotiation is the way in which the agents construct their cooperative relations, and thus the software process. Currently, most negotiation models use a fixed negotiation protocol and fixed strategies. In order to achieve the flexibility that the negotiation of the agents in ASPM requires, we propose a negotiation model NM-PA. NM-PA mainly includes a generic negotiation protocol and some rules, which possibly change in different negotiation processes. By changing the rules, the model can support multi-protocols and multi-decision-making strategies at a lower cost.

基于双层ID空间的Peer-to-Peer文件系统设计与实现

提出并实现了一种建立在Peer-to-Peer 搜索策略上的自组织、自适应、高效和可靠的文件系统DISPFS(Double ID Space basedPeer-to-peer File System)。它在双层ID 空间中构造虚拟存储节点,不仅有效地取得了文件系统内的负载均衡、提高系统利用率,而且保证了动态环境中文件的可靠、快速获取。试验数据表明,DISPFS 在系统接近满负荷运行和文件插入/删除操作频繁的双重压力下依然保持优良的性能。