[1]王 群,李馥娟,周 倩.网络空间安全体系结构及其关键技术研究[J].南京理工大学学报(自然科学版),2019,43(04):495-504.[doi:10.14177/j.cnki.32-1397n.2019.43.04.017]
 Wang Qun,Li Fujuan,Zhou Qian.Architecture and key technologies of cyberspace security[J].Journal of Nanjing University of Science and Technology,2019,43(04):495-504.[doi:10.14177/j.cnki.32-1397n.2019.43.04.017]
点击复制

网络空间安全体系结构及其关键技术研究()
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
43卷
期数:
2019年04期
页码:
495-504
栏目:
出版日期:
2019-08-24

文章信息/Info

Title:
Architecture and key technologies of cyberspace security
文章编号:
1005-9830(2019)04-0495-10
作者:
王 群1李馥娟1周 倩2
1.江苏警官学院 计算机信息与网络安全系,江苏 南京 210031; 2.南京邮电大学 现代邮政学院; 江苏 南京 210003
Author(s):
Wang Qun1Li Fujuan1Zhou Qian2
1.Department of Computer Information and Cybersecurity,Jiangsu Police Institute,Nanjing 210031,China; 2.School of Modern Posts,Nanjing University of Posts and Telecommunications,Nanjing 210003,China
关键词:
网络空间安全 体系结构 信息安全 网络安全 隐私保护
Keywords:
cyberspace security architecture information security network security privacy protection
分类号:
TP393
DOI:
10.14177/j.cnki.32-1397n.2019.43.04.017
摘要:
网络空间是信息社会赖以存在和发展的基础,是信息本身以及信息赖以依附的一切载体与环境的集合。随着人、机、物互联后相互作用的不断加深,网络空间安全在应对传统威胁的同时,还要面对新的安全挑战。对比分析了网络空间安全的相关概念,提出了网络空间安全“3+2”研究体系结构,将网络空间安全按功能域不同自底向上依次划分为物理层、传送层和应用层3个层次,同时还包括分别贯穿于各层的安全理论和方法支撑以及数据和信息安全。在此基础上,对涉及的关键技术进行了重点阐述。
Abstract:
Cyberspace is the basis of the information society,as well as the set of information itself,all of the information carrier,and all of the information environment. With the deepening interaction of human,machines and things after interconnection,Cyberspace Security is facing new security challenges as well as traditional threats. In this paper,some concepts of cyberspace security were analyzed,put forward the cyberspace security“3+2”research system structure. According to the different functional domains from bottom to up,Cyberspace Security is divided into three layers in this structure. They are physical layer,transport layer and application layer. At the same time,it also includes the security theory,method support,data and Information Security that run through each layer respectively. On this basis,the key technologies involved are emphasized.

参考文献/References:

[1] 刘刚,张宏,李千目. 基于博弈模型的网络安全最优攻防决策方法[J]. 南京理工大学学报,2014,38(1):12-21.
Liu Gang,Zhang Hong,Li Qianmu. Network security optimal attack and defense decision-making method based on game model[J]. Journal of Nanjing University of Science and Technology,2014,38(1):12-21.
[2]沈昌祥,张焕国,冯登国,等. 信息安全综述[J]. 中国科学E辑:信息科学,2007,37(2):129-150.
Shen Changxiang,Zhang Huangguo,Feng Dengguo,et al. Survey on information security[J]. Science in China Ser. E Information Sciences,2007,37(2):129-150.
[3]张焕国,韩文报,来学嘉,等. 网络空间安全综述[J]. 中国科学:信息科学,2016,46(2):125-164.Zhang Huanguo,Han Wenbao,Lai Xuejia,et al. Survey on cyberspace security[J]. Scientia Sinica Informationis,,2016,46(2):125-164.
[4]National Cyber Security Strategies:An Implementation Guide[EB/OL].(2012-12-19)[2017-01-16]. https://www. enisa. europa. eu/publications/national-cyber-security-strategies-an-implementation-guide.
[5]National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity[EB/OL]. https://www. nist. gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214. pdf.
[6]方滨兴. 从层次角度看网络空间安全技术的覆盖领域[J]. 网络与信息安全学报,2015,1(1):2-7.
Fang Bingxing. A hierarchy model on the research fields of cyberspace security technology[J]. Chinese Journal of Network and Information Security,2015,1(1):2-7.
[7]罗军舟,杨明,凌振,等. 网络空间安全体系与关键技术[J]. 中国科学:信息科学,2016,46(8):939-968.
Luo Junzhou,Yang Ming,Ling Zhen,et al. Architecture and key technologies of cyberspace security[J]. Scientia Sinica Informationis,2016,46(8):939-968.
[8]张应辉,郑东,马春光. 网络空间安全体系及关键技术[J]. 中兴通讯技术,2016,22(1):10-13,18.
Zhang Yinghui,Zheng Dong,Ma Chunguang. Security architecture and Key techniques of cyberspace[J]. ZTE Technology Journal,2016,22(1):10-13,18.
[9]沈昌祥. 建好网络空间一级学科 加快安全可信体系建设[J]. 中国信息安全,2016,12:50-51.
Shen Changxinag. We will build a new level of cyberspace to accelerate the construction of a secure and trusted system[J]. China Information Security,2016,12:50-51.
[10]李晖,张宁. 网络空间安全学科人才培养之思考[J]. 网络与信息安全学报,2015,1(1):18-23.
Li Hui,Zhang Ning. Suggestions on cyber security talents cultivation[J]. Chinese Journal of Network and Information Security,2015,1(1):18-23.
[11]杨良斌,周新丽,刘思涵,等. 大数据背景下网络空间安全人才培养机制与模式研究[J]. 情报杂志,2016,35(12):81-89.
Yang Liangbin,Zhou Xinli,Liu Sihan. Cyber security talents cultivation mechanism and mode in the big data era[J]. Journal of Intelligence,2016,35(12):81-89.
[12]Alnifie G,Simon R. A multi-channel defense against jamming attacks in wireless sensor networks[C]//Proceedings of the 3rd ACM workshop on QoS and Security for Wireless and Mobile Networks. NY,USA:ACM Press,2007:95-104.
[13]Al-kahtani. Survey on security attacks in Vehicular Ad hoc Networks(VANETs)[C]//Proceeding of the 2012 6th International Conference on Signal Processing and Communication Systems(ICSPCS). QLD,Australia:IEEE Press,2012:1-9.
[14]沈昌样,张焕国,王怀民,等. 可信计算的研究与发展[J]. 中国科学:信息科学,2010,40(2):139-166.
Shen Changxiang,Zhang Huanguo,Wang Huiming,et al. Research and development of trusted computing[J]. Science in China Ser. E Information Sciences,2010,40(2):139-166.
[15]Xu W,Omar H A,Zhuang W,et al. Delay analysis of in-vehicle internet access via on-road WiFi access points[J]. IEEE Access,2017,5:2736-2746.
[16]Granlund D,AHlund C,Holmlund P. EAP-swift:an efficient authentication and key generation mechanism for resource constrained WSNs[J]. International Journal of Distributed Sensor Networks,2015:1-12.
[17]Perrig A,Szewczyk R,Tygar J D,et al. SPINS:security protocols for sensor networks[J]. Wireless Networks,2002,8(5):521-534.
[18]Zhang Y,Xie F,Dong Y W,et al. High fidelity virtualization of cyber-physical systems[J]. International Journal of Modeling,Simulation,and Scientific Computing,2013,4(2):1340005(26 pages).
[19]Janz C,Ong L,Selhuraman K,et al. Emerging transport SDN architecture and use cases[J]. IEEE Communications Magazine,2016,54(10):116-121.
[20]李凤华,史国振,马建峰,等. 访问控制模型研究进展及发展趋势[J]. 电子学报,2012,40(4):805-813
Li Fenghua,Su Mang,Shi Guozhen,et al. Research status and development trends of access control model[J]. Acta Electronica Sinica,2012,40(4):805-813.
[21]Sandhu R,Coyne E,Feinstein H,et al. Role-based access control models[J]. IEEE Computer,1996,29(2):38-47
[22]Thomas R,Sandhu R. Task-based authorization controls(TBAC):A Family of models for active and enterprise oriented authorization management[C]//Proceedings of the 11th IFIP WG11. 3 Conference on Database Security. Lake Tahoe:[s.n.],1997,8:166-181.
[23]Sejong O,Seog P. Task-role-based access control model[J]. Information System,2003(28):533-562.
[24]Zhang C N,Yang C G. An object-oriented RBAC model for distributed system[C]//Proceedings of the Working IEEE/IFIP Conference on Software Architecture(WICSA’01). Amsterdam,Netherlands:IEEE Press,2001,8:24-32.
[25]Freudenthal E,Pesin T,Port L,et al. dRBAC:Distributed role based access control for dynamic coalition environments[C]//Proceedings of the 22nd International Conference on Distributed Computing Systems(ICDCS’02). Vienna,Austria:IEEE Computer Society,2002,7:411-420.
[26]Bertino E,Bonatti P,Ferrari E. TRBAC:a temporal role-based access control model[J]. ACM Transactions on Information and System Security,2001,4(3):191-223.
[27]王小明,付红,张立臣. 基于属性的访问控制研究进展[J]. 电子学报,2010,38(7):1660-1667.
Wang Xiaoming,Fu Hong,Zhang Lichen. Research progress on attribute-based access control[J]. Acta Electronica Sinica,2010,38(7):1660-1667.
[28]李凤华,王巍,马建峰,等. 基于行为的访问控制模型及其行为管理[J]. 电子学报,2008,36(10):1881-1890.
Li Fenghua,Wang Wei,Ma Jiangfeng,et al. Action-based access control model and administration of actions[J]. Acta Electronica Sinica,2008,36(10):1881-1890.
[29]Almutairi A,Sarfraz M,Basalamah S,et al. A distributed access control architecture for cloud computing[J]. IEEE Software,2012,29(2):36-44.
[30]Bossert G,Hiet G. Towards automated protocol reverse engineering using semantic information[C]//ACM Symposium on Information,Computer and Communications Security. [S.l.]:ACM,2014:51-62.
[31]Narayan J,Shukla S K,Clancy T C. A survey of automatic protocol reverse engineering tools[J]. ACM Comput Surv,2015,48:1-26.
[32]罗军舟,吴文甲,杨明. 移动互联网:终端、网络与服务[J]. 计算机学报,2011,34(11):2029-2051.
Luo Junzhou,Wu Wenjia,Yang Ming. Mobile internet:terminal devices,networks and services[J]. Chinese Journal of Computers,2011,34(11):2029-2051.
[33]李益发,沈昌祥. 一种新的操作系统安全模型[J]. 中国科学E辑:信息科学,2006,36(4):347-356.
Li Yifa,Shen Changxiang. A new operating system security model[J]. Science in China Ser E Information Sciences,2006,36(4):347-356.
[34]訾小超,姚立红,曾庆凯,等. 操作系统安全增强技术研究进展[J]. 高技术通讯,2003(7):106-110
Zi Xiaochao,Yao Lihong,Zeng Qingkai,et al. A survey of security-enhanced techniques for operating systems[J]. Chinese High Technology Letters,2003(7):106-110.
[35]方滨兴,陆天波,李超. 软件确保研究进展[J]. 通信学报,2009,30(2):106-117.
Fang Binxing,Lu Tianbo,Li Chao. Survey of software assurance[J]. Journal on Communications,2009,30(2):106-117.
[36]Salaun M. Practical overview of a Xen covert channel[J]. Journal in Computer Virology,2010,6(4):317-328.
[37]Price M. The paradox of security in virtual environments[J]. Computer,2008,41(11):22-28.
[38]Hadziosmanovic D,Bolzoni D,Etalle S,et al. Challenges and opportunities in securing industrial control systems[C]//Proceedings of 2012 IEEE Workshop on Complexity in Engineering. [S.l.]:IEEE,2013:1-6.
[39]张焕国,王丽娜,杜瑞颖,等. 信息安全学科体系结构研究[J]. 武汉大学学报(理学版),2010,56(5):614-620.
Zhang Huanguo,Wang Lina,Du Ruiying,et al. Research on information security discipline[J]. Journal of Wuhan University(Natural Science Edition),2010,56(5):614-620.
[40]曹珍富. 密码学的新发展[J]. 四川大学学报(工程科学版),2015,47(1):1-12.
Cao Zhenfu. New development of cryptography[J]. Journal of Sichuan University(Engineering Science Edition),2015,47(1):1-12.
[41]教育部高等学校信息安全专业教学指导委员会. 高等学校信息安全专业指导性专业规范[M]. 北京:清华大学出版社,2014.
[42]张玉清,王晓菲,刘雪峰,等. 云计算环境安全综述[J]. 软件学报,2016,27(6):1328-1348.
Zhang Yuqing,Wang Xiaofei,Liu Xuefeng,et al. Survey on cloud computing security[J]. Journal of Software,2016,27(6):1328-1348.
[43]Lu T,Yao P,Zhao L,et al. An analysis of attacks against anonymous communication networks[C]//International Conference on Security Technology. [S.l.]:IEEE,2015:38-40.
[44]Kulik L. Privacy for real-time location-based services[J]. Sigspatial Special,2009,1(2):9-14.
[45]Molina-Gil J. Providing k-anonymity and revocation in ubiquitous VANETs[J]. Ad Hoc Networks,2016,36:482-494.
[46]Dwork C. Defferential privacy[C]//Proceedings of the 33rd International Colloquium on Automata,Languages and Programming. Venice,Italy:[s.n.],2006:1-12.
[47]Bethencourt J,Sahai A,Waters B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 28th International Symposium on Security and Privacy. Berkeley,CA,USA:[s.n.],2007:321-334.
[48]吕志泉,洪澄,张敏,等. 面向社交网络的隐私保护方案[J]. 通信学报,2014,35(8):23-32.
Lv Zhiquan,Hong Cheng,Zhang Min,et al. Privacy-perserving scheme for social networks[J]. Journal on Communications,2014,35(8):23-32.
[49]Zhang X. Reversible data hiding in encrypted image[J]. IEEE Signal Processing Letters,2011,18(4):255-258.
[50]Tripathy B K,Mitra A. An algorithm to achieve k-anonymity and l-diversity anonymization in social networks[C]//International Conference on Computational Aspects of Social Networks. [S.l.]:IEEE,2013:126-131.
[51]Dede E,Fadika Z,Hartog J,et al. MARISSA:MapReduce implementation for streaming science applications[C]//Proceedings of the IEEE 8th International Conference on E-Science. Chicago,USA:[s.n.],2012:1-8.

相似文献/References:

[1]杨晓飞,吴晓蓓,黄锦安.无线传感器网络多代理平台中间件设计[J].南京理工大学学报(自然科学版),2011,(01):11.
 YANG Xiao-fei,WU Xiao-bei,HUANG Jin-an.Multi-agent Platform Middleware Design in Wireless Sensor Networks[J].Journal of Nanjing University of Science and Technology,2011,(04):11.
[2]韩祥兰,吴慧中,陈圣磊,等.武器装备论证综合集成研讨厅系统[J].南京理工大学学报(自然科学版),2005,(04):446.
 HAN Xiang-lan,WU Hui-zhong,CHEN Sheng-lei,et al.Hall for Workshop of Meta-synthetic Engineering for Demonstration of Weapon and Equipment[J].Journal of Nanjing University of Science and Technology,2005,(04):446.
[3]张岳新,邹修明.决策支持系统结构的安全性研究[J].南京理工大学学报(自然科学版),2000,(06):494.
 ZhangYuexin ZouXiuming.The Security Research of DSS Structure[J].Journal of Nanjing University of Science and Technology,2000,(04):494.

备注/Memo

备注/Memo:
收稿日期:2018-06-06 修回日期:2019-02-24
基金项目:江苏高校“青蓝工程”优秀教学团队(网络安全与执法)资助项目; 江苏省第五期“333工程”科研资助项目(BRA2017443); 江苏高校优势学科建设工程资助项目(PAPD); “十三五”江苏省重点学科项目(2016-0838); 江苏高校哲学社会科学研究基金项目(2018SJA0456)
作者简介:王群(1971-),男,博士,教授,主要研究方向:网络体系结构与协议、物联网、信息安全等,E-mail:wqun@jspi.edu.cn
引文格式:王群,李馥娟,周倩. 网络空间安全体系结构及其关键技术研究[J]. 南京理工大学学报,2019,43(4):495-504.
投稿网址:http://zrxuebao.njust.edu.cn
更新日期/Last Update: 2019-09-30