IBC模型在Web安全体系中的应用研究

针对目前基于公钥证书的PKI体系所固有的网络开销大,证书往来过于频繁等缺点,提出并分析了基于身份加密体系(IBC体系)的认证架构和互动模型,说明了IBC模型相对于PKI体系结构的优缺点。针对XML签名和XML加密这两个Web-Security核心协议,比较了使用X.509公钥证书体系和IBC无证书方式在SOAP协议中的实现方式。证明了在保证信息安全的同时,使用IBC模型可以大幅降低网络传输内容,提高了SOA体系的效率和可扩展性。

a state-adaptive access control model for web-based idrs system

Huazhong Univ Sci & Technol, Natl Tech Univ Ukraine, Huazhong Normal Univ, Harbin Inst Technol, IEEE Ukraine Sect, I& M/CI Joint Chapter

Transfer, distribution and bioaccumulation of microcystins in the aquatic food web in Lake Taihu, China, with potential risks to human health

In this paper, accumulation and distribution of microcystins (MCs) was examined monthly in six species of fish with different trophic levels in Meiliang Bay, Lake Taihu, China, from June to November 2005, Microcystins were analyzed by liquid chromatography electrospray ionization mass spectrometry (LC-ESI-MS). Average recoveries of spiked fish samples were 67.7% for MC-RR, 85.3% for MC-YR, and 88.6% for MC-LR. The MCs (MC-RR+MC-YR+MC-LR) concentration in liver and gut content was highest in phytoplanktivorous fish, followed by omnivorous fish, and was lowest in carnivorous fish; while MCs concentration in muscle was highest in omnivorous fish, followed by phytoplanktivorous fish, and was lowest in carnivorous fish. This is the first study reporting MCs accumulation in the gonad of fish in field. The main uptake of MC-YR in fish seems to be through the gills from the dissolved MCs. The WHO limit for tolerable daily intake was exceeded only in common carp muscle. (C) 2008 Elsevier B.V. All rights reserved.

Food web of benthic macro invertebrates in a large Yangtze River-connected lake: the role of flood disturbance

This Study was conducted in Lake Dongtinghu, a large river-connected lake on the Yangtze River flood-plain, China. Our goal was to determine trophic relationships among benthic macroinvertebrates, as well as the effects of flood disturbance on the benthic food web of a river-connected lake. Macroinvertebrates in the lake fed mainly on detritus and plankton (both zooplankton and phytoplankton). Food web Structure in Lake Dongtinghu was characterized by molluscs as the dominant group, low connectance, high level of omnivory. based oil detritus and primary production, and most ingestion concentrating on a few links. Our analyses showed that flood disturbance is an important factor affecting the benthic food web in Lake Dongtinghu. The numbers of species and functional feeding groups (FFGs), and the density and biomass of macroinvertebrates decreased significantly during flooding. Connectance was higher during the flood season than in other seasons, indicating that floods have a strong effect on connectance in this Yangtze River-connected lake. Flood effects on the benthic web were also evident in the decrease of niche overlaps within and anion, FFGs. Our results provide useful information regarding biodiversity conservation on the Yangtze floodplain. Reconstructing and maintaining natural and regular flow regimes between Yangtze lakes and the river is essential for restoration of macroinvertebrates on the floodplain.

Food web of macroinvertebrate community in a Yangtze shallow lake: trophic basis and pathways

No detailed food web research on macroinvertebrate community of lacustrine ecosystem was reported in China. The present study is the first attempt on the subject in Lake Biandantang, a macrophytic lake in Hubei Province. Food webs of the macroinvertebrate community were compiled bimonthly from March, 2002 to March, 2003. Dietary information was obtained from gut analysis. Linkage strength was quantified by combining estimates of energy flow (secondary production) with data of gut analysis. The macroinvertebrate community of Lake Biandantang was based heavily on detritus. Quantitative food webs showed the total ingestion ranged from 6930 to 36,340 mg dry mass m(-2) bimonthly. The ingestion of macroinvertebrate community was higher in the months with optimum temperature than that in other periods with higher or lower temperature. Through comparison, many patterns in benthic food web of Lake Biandantang are consistent with other detritus-based webs, such as stream webs, but different greatly from those based on autochthonous primary production (e.g. pelagic systems). It suggests that the trophic basis of the web is essential in shaping food web structure.

Studies on the food web structure of Lake Donghu using stable carbon and nitrogen isotope ratios

Food web structure was studied by using carbon and nitrogen isotope ratios in a hypereutrophic subtropical Chinese lake, Lake Donghu. High external nutrient loading and the presence of abundant detritus from submersed macrophytes were responsible for the high sediment delta(15)N and delta(13)C, respectively. C-13 was significantly higher in submersed macrophytes than in other macrophytes. The similar delta(13)C values in phytoplankton, zooplankton, zoobenthos, and planktivorous fish indicate that phytoplankton was the major food source for the consumers. By using a delta(15)N mass balance model, we estimate that the contributions of zooplankton to the diet of silver carp and bighead carp were 54% and 74%, respectively, which is in agreement with previous microscopic observations on intestinal contents of these fishes.

Practical Evaluation of Security against Generalized Interpolation Attack

Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.

Web Services Workflows—Composition, Co-Ordination, and Transactions in Service-Oriented Computing

Web services can be seen as a newly emerging research area for Service-oriented Computing and their implementation in Service-oriented Architectures. Web services are self-contained, self-describing modular applications or components providing services. Web services may be dynamically aggregated, composed, and enacted as Web services Workflows. This requires frameworks and interaction protocols for their co-ordination and transaction support. In a Service-oriented Computing setting, transactions are more complex, involve multiple parties (roles), span many organizations, and may be long-running, consisting of a highly decentralized service partner and performed by autonomous entities. A Service-oriented Transaction Model has to provide comprehensive support for long-running propositions including negotiations, conversations, commitments, contracts, tracking, payments, and exception handling. Current transaction models and mechanisms including their protocols and primitives do not sufficiently cater for quality-aware and long running transactions comprising loosely-coupled (federated) service partners and resources. Web services transactions require co-ordination behavior provided by a traditional transaction mechanism to control the operations and outcome of an application. Furthermore, Web services transactions require the capability to handle the co-ordination of processing outcomes or results from multiple services in a more flexible manner. This requires more relaxed forms of transactions—those that do not strictly have to abide by the ACID properties—such as loosely-coupled collaboration and workflows. Furthermore, there is a need to group Web services into applications that require some form of correlation, but do not necessarily require transactional behavior. The purpose of this paper is to provide a state-of-the-art review and overview of some proposed standards surrounding Web services composition, co-ordination, and transaction. In particular the Business Process Execution Language for Web services (BPEL4WS), its co-ordination, and transaction frameworks (WS-Co-ordination and WS-Transaction) are discussed.

an improved smart card based password authentication scheme with provable security

Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.

一种基于SSL／TLS的Web安全代理的设计与实现

SSL Web代理能有效保护Internet上数据传输和存有敏感信息的Web服务器的安全。但是SSL协议中大量的数据处理带来的性能瓶须和协议实现中受到的安全威胁将严亚影响SSL Web代理的效用。该文在分析SSL/TLS协议性能和安全的基础上，设计并实现了一种高效的、安全的SSL-TLS Web代理。

一种基于BLP模型的安全Web服务器系统

针对基于Web的通信存在的弱点，提出了安全Web服务器的概念，并以此为目标，提出并实现了一种基于BLP形式化模型的安全Web服务器系统。

cryptanalysis of the end-to-end security protocol for mobile communications with end-user identification/authentication

IEEE Computer Society