短消息指标新定义及在事务信道限制中的应用

短消息指标可以度量隐蔽信道的短消息传输能力,是信道容量的必要补充.但指标现有定义中还存在着以下问题:消息长度参数在普通信息系统中不能定量分析;信道限制机制难以同时满足传输时间和保真度两个约束;没有包含消息的敏感度信息.针对这些问题,首先通过引入短消息传输价值的概念,给出了短消息指标的新定义.在该定义中,利用价值阈值统一表示系统对信道短消息传输能力的容忍程度,并且在所采用的价值函数中引入了消息的敏感度因素.其后,基于安全实时数据库应用场景给出了结合短消息指标和信道容量的事务隐蔽信道度量和限制机制.理论分析和模拟结果表明,基于短消息指标的新定义,系统可以对隐蔽信道威胁实施全面的度量和可调节的限制.

Secure Concurrency Control in Firm Real-Time Database Systems

Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue. Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel "dual-CC" approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.

使用容量指标的安全实时数据库信道限制方法

依据可信计算机系统评测标准(TCSEC)要求,提出一种使用信道容量指标的安全实时数据库中数据竞争信道的限制方法(CUCCMM),给出了限制过程中信道容量度量算法和限制参数计算方法。为了保证系统的信道容量限制标准的准确执行,提出了一种基于多概率的并发控制协议选择策略(MPBPSP)。实验结果证明CUCCMM方法可以有效地、准确地实施对隐蔽信道容量的限制,并且通过使用MPBPSP策略显著降低了信道限制操作对系统实时性能的影响。

安全实时数据库隐蔽信道度量和处理技术研究

军事和经济等关键领域的数据应用需要安全实时数据库（SRTDB）提供安全和实时保障，但是隐蔽信道严重威胁着安全实时数据库的表现。如何有效地限制隐蔽信道威胁，同时保障系统的实时性能，是这类数据库迫切需要解决的问题。本文从信道限制、信道容量度量、多种度量指标结合以及信道检测四个方面入手，对安全实时数据库中数据冲突信道（DC信道）度量和处理领域出现的若干关键问题展开研究，取得了以下四个方面的主要成果： 第一，已有的SRTDB系统DC信道处理方法中，基于相对安全目标的信道限制方法能够支持安全和实时需求的均衡，比基于绝对安全目标的消除方法更灵活。在信道限制方法中，基于概率的限制方法降低了满足安全标准时信道限制操作所附加的实时性能损失，但是仍然存在实时性能的额外浪费。针对这一不足，提出了基于多概率的信道限制策略（MPBPSP），能够根据系统安全标准针对每个信道实例施加适当干扰，进一步减少了实时性能的损失。 第二，信道威胁的准确度量是对信道施加适当限制的基础。依据安全评测标准要求，提出了一种使用容量指标的DC信道威胁限制方法（CUCCMM）。该方法克服了已有信道容量限制方法在信道模型描述和度量指标上的缺陷，采用Z信道模型描述MPBPSP方法下DC信道的传输特性，并选择时间单位的容量指标。方法中以定理形式分别给出了干扰下信道容量度量算法，以及根据容量限制标准计算限制措施参数的算法。基于CUCCMM，系统能够准确地实施信道容量限制标准，并对限制下信道的实际容量进行监测。 第三，多种因素共同决定着信道威胁的程度，这些因素对应的度量指标也各有偏重，只有结合多种指标才能全面的度量和限制信道威胁。提出了综合多个指标的DC信道威胁度量和限制方法CMMA，它结合容量和短消息指标度量信道传输能力，并利用消息价值概念在短消息指标中同时包含被传输数据的长度和敏感度属性。实验证明，利用MPBPSP策略，CMMA方法能够同时对信道传输长文件和传输短消息这两方面能力施加限制，并且方法中多个指标的运用并不会带来实时性能损失的成倍增长。 第四，为了威慑入侵者并为限制信道威胁提供准确的依据，需要对信道的实际使用进行审计和检测。提出了对事务冲突信息的审计标准，并且按照用户和数据两种单位划分审计记录，有效地防止入侵者通过分散冲突记录的方式逃避检测。提出了一种基于冲突间隔时间的信道检测方法CTIBDA，方法中将冲突间隔时间的规律性作为检测的依据，并结合两种规律性指标提高了检测方法的健壮性。由于检测方法中没有复杂的学习和运算过程，因此方法还具有实施代价低的优点。

Millimeter-Wave Soldier-to-Soldier Communications for Covert Battlefield Operations

Mobile ad hoc networking of dismounted combat personnel is expected to play an important role in the future of network-centric operations. High-speed, short-range, soldier-to-soldier wireless communications will be required to relay information on situational awareness, tactical instructions, and covert surveillance related data during special operations reconnaissance and other missions. This article presents some of the work commissioned by the U. K. Ministry of Defence to assess the feasibility of using 60 GHz millimeter-wave smart antenna technology to provide covert communications capable of meeting these stringent networking needs. Recent advances in RF front-end technology, alongside physical layer transmission schemes that could be employed in millimeter-wave soldier-mounted radio, are discussed. The introduction of covert communications between soldiers will require the development of a bespoke directive medium access layer. A number of adjustments to the IEEE 802.11 distribution coordination function that will enable directional communications are suggested. The successful implementation of future smart antenna technologies and direction of arrival-based protocols will be highly dependent on thorough knowledge of transmission channel characteristics prior to deployment. A novel approach to simulating dynamic soldier-to-soldier signal propagation using state-of-the-art animation-based technology developed for computer game design is described, and important channel metrics such as root mean square angle and delay spread for a team of four networked infantry soldiers over a range of indoor and outdoor environments is reported.

Faces and emotions: brain electric field sources during covert emotional processing

Covert brain activity related to task-free, spontaneous (i.e. unrequested), emotional evaluation of human face images was analysed in 27-channel averaged event-related potential (ERP) map series recorded from 18 healthy subjects while observing random sequences of face images without further instructions. After recording, subjects self-rated each face image on a scale from “liked” to “disliked”. These ratings were used to dichotomize the face images into the affective evaluation categories of “liked” and “disliked” for each subject and the subjects into the affective attitudes of “philanthropists” and “misanthropists” (depending on their mean rating across images). Event-related map series were averaged for “liked” and “disliked” face images and for “philanthropists” and “misanthropists”. The spatial configuration (landscape) of the electric field maps was assessed numerically by the electric gravity center, a conservative estimate of the mean location of all intracerebral, active, electric sources. Differences in electric gravity center location indicate activity of different neuronal populations. The electric gravity center locations of all event-related maps were averaged over the entire stimulus-on time (450 ms). The mean electric gravity center for disliked faces was located (significant across subjects) more to the right and somewhat more posterior than for liked faces. Similar differences were found between the mean electric gravity centers of misanthropists (more right and posterior) and philanthropists. Our neurophysiological findings are in line with neuropsychological findings, revealing visual emotional processing to depend on affective evaluation category and affective attitude, and extending the conclusions to a paradigm without directed task.

Micropolar flow in a porous channel with high mass transfer

Two dimensional flow of a micropolar fluid in a porous channel is investigated. The flow is driven by suction or injection at the channel walls, and the micropolar model due to Eringen is used to describe the working fluid. An extension of Berman's similarity transform is used to reduce the governing equations to a set of non-linear coupled ordinary differential equations. The latter are solved for large mass transfer via a perturbation analysis where the inverse of the cross-flow Reynolds number is used as the perturbing parameter. Complementary numerical solutions for strong injection are also obtained using a quasilinearisation scheme, and good agreement is observed between the solutions obtained from the perturbation analysis and the computations.