Dai Yiqi

A new micro-payment protocol based on P2P networks

Introducing micro-payment mechanism into P2P systems will bring economic incentives to various P2P applications and encourage peers to share their resources. In this paper, we present a new micro-payment protocol, CPay, which exploits unique characteristics of P2P systems. The protocol establishes dynamic consistent hashing map between the set of all peers in the system and its subset of high performance peers. In each transaction, the payers corresponding high performance peer checks the transaction to make sure that any illegal use of the e-coin would be timely detected. The protocol effectively exploits the heterogeneity of the P2P system and can achieve load balance

National Critical Infrastructure Modeling and Analysis Based on Complex System Theory

National critical infrastructure is a typical complex system with the characteristics of self-organized criticality. In this paper, we firstly analyze the basic concepts of national critical infrastructure and the associated complex system characteristics, and then construct the model of national critical infrastructure based on complex system theory. This model abstracts the nodes of national critical infrastructure network and their connectivity relationships, and supports the measurements of national critical infrastructures attributes, therefore reflects the dynamics of national critical infrastructure. The occurrence and propagation mechanism of national critical infrastructures cascade failure behavior is analyzed based on this model, which preliminary validates effectiveness of the proposed model.

Symmetric Encryption Solutions to Millionaire's Problem and Its Extension

Millionaires problem is the base of secure multiparty computation, and its solutions have become basic blocks of many secure multi-party computation solutions. Unfortunately, most solutions to millionaires problem are based on public key cryptography, and thus are inefficient. Furthermore, all solutions are designed to solve millionaires problem for natural number case to privately determine which natural number is larger. If the numbers are real, these solutions do not directly work. In this paper, we first propose a symmetric key cryptographic solution to millionaires problem for natural numbers case, and then generalize it to the case of real numbers, that is to privately determine which real number is larger. We further prove, by simulation paradigm, that these solutions are private. These solutions are really efficient.

A software vulnerability analysis environment based on virtualization technology

The accurate identification and effective analysis of software vulnerabilities depends on flexible and extensible analysis environment. However, current research work cannot provide highly available environment supporting for different types of vulnerabilities. Aiming at the problem, this paper proposes a novel method for constructing software vulnerability analysis environment based upon virtualization technique, defines the system level simulation model for vulnerability analysis, and describes the simulation model based vulnerability analysis method. Based upon the simulation model and analysis method, we have designed and implemented the Virtualization-based Vulnerability Analysis Environment (VirtualVAE), which can examine the operation behaviors of guest operation system and applications at hardware level, and analyze the operation process of sensitive data in the whole system. Therefore, it can accurately simulate a wide variety of system behaviors, and provide dynamic analysis capabilities for different types of vulnerabilities. The experimental results show that it provides a flexible environment for accurately identifying and analyzing the vulnerabilities of software systems.

Semi-fragile watermarking for image content authentication

In this paper, we propose a quantization-based semi-fragile watermarking algorithm for content authentication. The watermark can be blindly extracted. The formulation of judge threshold is given from the point of probability theory. The tempered areas of watermarked image can be distinguished by the predefined threshold. Our scheme is robust to incidental manipulations while fragile to malicious distortions, and can distinguish the distortions caused by great incidental processing with the malicious tempering. The advantage of our scheme is compared with other algorithms in the last.

Network Survivability Analysis Based on Stochastic Game Model

With the increase of network complexity and continuous development of network attack techniques, it is unrealistic to prevent network from attacks or intrusion threats absolutely, a large number of critical network services require that they can provide adequate qualities of services in the face of suffering intrusions or even certain parts of network system be destroyed. Therefore, network survivability technologies in open environment are becoming a research focus in network security field. This paper proposes network threat evolution model based on threat evolutionary behaviors and threat propagations. Then, network survivability is abstracted as a dynamic game process among network attacker, network defender and normal user, thereafter network survivability stochastic game model is established and network survivability analysis algorithm is proposed based on the game model. Finally, the proposed network survivability analysis model and approach are experimented in a typical network environment. The results show that the analysis model and approach proposed are feasible and effective.

Towards a Unified Framework for Network Survivability Measurement

The survivability of network is of vital importance with respect to the normal operation of information infrastructure. The current research works in the area of network survivability generally aimed at the definitions and quantifications of specific survivability attributes for distinct network objects. Unfortunately, there is a lack of research concerning how to model, measure and analyze the survivability of network in a consistent manner, and it is helpful to the unification of network survivability measurement and the promotion of related research works in the area of network survivability. Furthermore, the requirements for network survivability measurement are variable among different application domains. Therefore, a flexible mechanism to support the customizable measurement of network survivability is needed. In this paper, we propose a unified framework for network survivability measurement which is extensible and customizable. The customization method of network survivability measurement model and the process of network survivability measurement are analyzed in detail. The analysis result shows the generality and practicability of the framework.

An efficient control flow security analysis approach for binary executables

This paper proposes a control flow based security analysis approach for binary executables. Through deeply investigating the theory of control flow security, we develop the Control Flow Security Model (CFSM) which includes the formal definitions for program semantics and security properties for control flow. CFSM specifies that program execution dynamically follows only certain paths, in accordance with a statically declared security properties specified as Control Flow Constraint Specification (CFCS). We have proposed an efficient control flow security analysis algorithm for verifying that a particular control flow model satisfies the associated security properties. Our work contributes to bridging the gap between abstract specifications of control flow security properties and actual control flow security analysis for binary executables. The effectiveness and the practical usefulness of the approach are exemplified by an illustrative analysis of heap overflow vulnerability.

An information search interface with soft real-time guarantee

We propose an innovative solution to design the search interfaces of search engines with soft real-time guarantee. Our solution presents a new scheduling model to enable flexible relative deadline and a time prediction algorithm to overcome the uncertainty of varied execution time. The time prediction algorithm is also proved to be optimal if the elements of sampling vectors are independent. The results of the experiment show that this new model can fully utilize the processor with a very low ratio of task abortion.

An Enterprise Computing System Based on Software-Enrollment Strategy

This paper aims at the problem of software’s abuse in the computer system, and puts forward the “Software Registration” strategy in the context of enterprise networks and the computer systems within. Based on this strategy we have designed a computing system that is fit for internal use in enterprise networks by taking control of the use of computer software. The paper analyzes the system’s security and proves that the mechanism could guarantee the validity and chastity of the software in the computing system, thus greatly reduces the risk caused by software abusing. Finally, the paper prospects the future of the “Software Registration” mechanism.