Loading...
首页
期刊介绍
期刊订阅
联系我们
快速检索
引用检索
图表检索
高级检索
最新录用
|
预出版
|
当期目录
|
过刊浏览
|
阅读排行
|
下载排行
|
引用排行
|
百年期刊
ISSN 1000-0585
CN 11-1848/P
Started in 1982
About the Journal
»
About Journal
»
Editorial Board
»
Indexed in
»
Rewarded
Authors
»
Online Submission
»
Guidelines for Authors
»
Templates
»
Copyright Agreement
Reviewers
»
Guidelines for Reviewers
»
Online Peer Review
Office
»
Editor-in-chief
»
Office Work
»
Production Centre
Table of Content
, Volume 56 Issue 5
Previous Issue
Next Issue
For Selected:
View Abstracts
Download Citations
EndNote
Reference Manager
ProCite
BibTeX
RefWorks
Toggle Thumbnails
INFORMATION SECURITY
Select
Assessment of Android application's risk behavior based on a sandbox system
LI Zhoujun, WU Chunming, WANG Xiao
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 453-460. DOI: 10.16511/j.cnki.qhdxxb.2016.25.001
Abstract
PDF
(1508KB) (
1269
)
Android has become the most popular operating system on mobile devices. However, the Android is an open source system with billions of applications. More users are choosing Android, so Android security problems are receiving much attention in the industry. Android of malware is already a major problem and cannot be avoided in the Android ecosystem. This paper describes a sandbox system based on Android 4.1.2 which can dynamically monitor and record application behavior. A risk assessment approach based on behavior analysis is given so that users can get an explicit risk prognosis for an application to improve their safety. Tests on malware and normal application samples verify the effectiveness of this risk assessment approach.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Android application security vulnerability analysis framework based on feature matching
DONG Guowei, WANG Meilin, SHAO Shuai, ZHU Longhua
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 461-467. DOI: 10.16511/j.cnki.qhdxxb.2016.25.002
Abstract
PDF
(1303KB) (
1329
)
The number of Android applications is growing rapidly, which is bringing more and more vulnerabilities. However, most existing tools use only simple API scanning with data flow analysis tools rarely used, so some vulnerabilities cannot be found. This paper presents a static analysis framework for Android applications based on common vulnerability patterns. The analysis can detect 7 kinds of vulnerability patterns in Android apps using detection rules. Tests on 323 Android applications show that the framework can detect more than 70% of the vulnerabilities with less than 30% false positives, which shows that it can effectively detect common security vulnerabilities in Android apps.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Android malicious AD threat analysis and detection techniques
HAN Xinhui, DING Yijing, WANG Dongqi, LI Tongxin, YE Zhiyuan
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 468-477. DOI: 10.16511/j.cnki.qhdxxb.2016.25.003
Abstract
PDF
(1774KB) (
971
)
Android third-party advertising frameworks are deployed in almost every Android app. The vulnerabilities of the Android OS and these advertising frameworks greatly impact the security of the Android market. The attacker can get the users' private data, trigger sensitive operations and execute arbitrary code on the device. This paper summarizes four classes of attacks in Android third-party advertising frameworks and gives two detection algorithms to discover these four classes of vulnerabilities. The first detection algorithm statically analyzes the advertising frameworks using a backward slicing algorithm and a static forward tainting analysis. The second algorithm dynamically detects malicious behavior in advertising frameworks using API hooking and targeted API tracing. An Android malicious ad security threat analysis and detection system is designed and implemented based on these two algorithms. Tests show that this system effectively discovers potential vulnerabilities in advertising frameworks and dynamically detects malicious behavior in advertisements.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Improved fuzzy analysis methods
MA Jinxin, ZHANG Tao, LI Zhoujun, ZHANG Jiangxiao
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 478-483. DOI: 10.16511/j.cnki.qhdxxb.2016.25.004
Abstract
PDF
(965KB) (
757
)
Fuzzing testing is one of the most widely used and most effective methods for vulnerability detection. However, the traditional fuzzy analysis method is inefficient and works blindly. This paper describes a refining method that reduces the test sample size with the same code coverage. A weighted testing time model is used to give the better sample more time. A taint based exception analysis method is used to evaluate the severity of exceptions and to improve the vulnerability analysis efficiency. Comparisons with Peach show that this method improves the traditional fuzzy analysis method.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Malware algorithm recognition based on offline instruction-flow analyse
ZHAO Jingling, CHEN Shilei, CAO Mengchen, CUI Baojiang
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 484-492. DOI: 10.16511/j.cnki.qhdxxb.2016.25.005
Abstract
PDF
(1148KB) (
1342
)
Binary program algorithm identification is widely used for malware detection, software analyse, network encryption analyse and computer system protection. This paper describes a malware algorithm recognition method using offline instruction-flow analyses using binary instrumentation, taint traces, and loop recognition. The algorithm features are described including the behavior semantics and key constants extracted from the instruction-flow algorithm. Two machine learning models trained by these features are merged into one accurate recognition algorithm.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Analyse of the security architecture and policy model in the Common Criteria
SHI Hongsong, GAO Jinping, JIA Wei, LIU Hui
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 493-498. DOI: 10.16511/j.cnki.qhdxxb.2016.25.006
Abstract
PDF
(1113KB) (
950
)
The Common Criteria (CC) does not adequately explain the security architecture and policy model requirements which hinders security evaluations. This paper classifies the requirements through a general CC evaluation model based on design decomposition. The analysis then categorizes the TOE security functionality (TSF) as the TSF meta-functionality and the TSF obligatory functionality to demonstrate the need for justifying the security properties in the architecture design. Then, security architecture description and evaluation approaches are described for vulnerability analysis activity. Then, this paper describes the need for formalizing the security policy model based on observations of the logical gap between the security target (ST) and the functional specification (FSP) requirements. A (semi-) formalization of the security functional requirements is given to bridge the gap. The national standard GB/T18336 (the Chinese version of CC v3.1) will be adopted soon in China, so the analysis in this paper is needed to improve security evaluation activities.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Evaluating side-channel information leakage in 3DES using the
t
-test
CHEN Jiazhe, LI Hexin, WANG Yanan, WANG Yuhang
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 499-503. DOI: 10.16511/j.cnki.qhdxxb.2016.25.007
Abstract
PDF
(1224KB) (
978
)
The
t
-test is a hypothesis test that deals with two Gaussian samples with unknown variances. When the two samples have unequal variances and unequal sample sizes, the Welch
t
-test is more reliable than the Student's
t
-test. This paper evaluates the 1st order side-channel information leakage of 3DES with an AES type
t
-test. Welch
t
-tests suitable for evaluating 3DES are given with tests on three different devices that show this method is effective.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
LBT-based cloud data integrity verification scheme
LI Yong, YAO Ge, LEI Linan, ZHANG Xiaofei, YANG Kun
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 504-510. DOI: 10.16511/j.cnki.qhdxxb.2016.25.008
Abstract
PDF
(1097KB) (
1259
)
With the rapid growth of cloud storage, more and more users are choosing to store their data in the cloud to reduce storage costs. However, users then lose control of the data and the data integrity cannot be ensured. Thus, cloud service providers (CSP) need to provide proof to users that their data is secure through an efficient integrity verification protocol. A number of feasible schemes have been proposed, but they have trouble supporting fully dynamic operations including insert, modify, and delete and they have large computing, storage and communication costs. This paper presents a data integrity verification scheme based on a large branching tree (LBT). The scheme supports fully dynamic updates and simplifies the dynamic update process by constructing a simple authentication tree. Tests show that the scheme reduces the computation of burden of the entities so that the method can be efficiently applied in the cloud environment to verify data integrity with frequent update operations.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Similarity measures and polymerization to identity threats in complex networks
DENG Hui, LIU Hui, ZHANG Baofeng, MAO Junjie, GUO Ying, XIONG Qi, XIE Shihua
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 511-516. DOI: 10.16511/j.cnki.qhdxxb.2016.25.009
Abstract
PDF
(1327KB) (
731
)
The huge structures and the complex behavior of threat models in complex networks are given too much computing effort for threat analyse. This paper presents an algebraic framework for threat modeling using algebraic theory to describe the object and its threats which are all implemented in a C program. An algebraic function measures the similarities among different threats and then expands the analysis using matrixes or nonlinear constraint theory. Finally, an equivalence relation for the concurrent theoretical is used to established a threat polymerization rule for similar threats to optimize the threat model and reduce the threat analysis complexity.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Mixed-index information system security evaluation
WANG Danchen, XU Yang, LI Bin, HE Xingxing
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 517-521,529. DOI: 10.16511/j.cnki.qhdxxb.2016.25.010
Abstract
PDF
(1005KB) (
759
)
A mixed-index evaluation method is given to evaluate the security of system operations using a business effectiveness index. The business effectiveness index was established in
Q
·
S
, with real type, interval data and language types using BECM. A complete information system security evaluation then uses a general consideration of both the business effectiveness index and other security indexes. The uncertainty of the overall system security due to incomparable attribute characteristics, such as the security risk and stable operating descriptions is improved by a comprehensive model to evaluate linguistic terms using lattice implication algebra. Examples demonstrate that this method gives intuitive, credible evaluations for decision analyse.
Figures and Tables
|
References
|
Related Articles
|
Metrics
NUCLEAR AND NEW ENERGY ENGINEERING
Select
Temporal and spatial characteristics of offshore wind resources
FENG Yu, HE Yan, ZHU Qihao, GUO Chen, FENG Xiaodan, HUANG Biqing
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 522-529. DOI: 10.16511/j.cnki.qhdxxb.2016.25.011
Abstract
PDF
(1180KB) (
1037
)
Offshore wind energy resources are more abundant than on land. However, sea and land winds have different meteorological elements so offshore wind resource assessments need to take the impact of the temporal and spatial characteristics of the offshore wind resources into consideration. Data from an offshore wind measurement mast was used to study offshore wind distributions at different time scales. The EM (expectation-maximization) algorithm was used to study the differences in offshore wind distributions between day and night, which is normally not considered in traditional wind assessment methods. The spatial characteristics of offshore winds will than analyzing using a machine learning algorithm, Monin-Obukhov similarity theory, and a parameter replacement scheme in discrete calculations and in an ocean surface aerodynamic roughness model. This method efficiently reflects the impact of ocean surface aerodynamic roughness changes on the vertical variations of the wind speed that is not considered in traditional wind shear formula. The results show the temporal and spatial characteristics of the offshore wind resources as a basis for better offshore wind assessments for planning offshore wind farms.
Figures and Tables
|
References
|
Related Articles
|
Metrics
Select
Fault diagnostics using DUCG incomplex systems
ZHAO Yue, DONG Chunling, ZHANG Qin
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 530-537,543. DOI: 10.16511/j.cnki.qhdxxb.2016.25.012
Abstract
PDF
(1202KB) (
959
)
The status of nuclear reactors in commercial nuclear power plants needs to be closely monitored to maintain normal operations. When a failure occurs, rapid and effective fault diagnostics and proper handling of failures is extremely important. This paper applies dynamic uncertain causality graph (DUCG) theory to fault diagnostics of nuclear power plants. The method was applied to a model with 8 typical second and loop faults based on the Ningde Nuclear Power Plant Unit 1 CPR1000 of the China Guangdong Nuclear Power Group (CGNPC) to verify the fault diagnostics and initial progression forecasts. Simulations were used to test each fault 20 times. The method and stimulator tests both showed that DUCG can accurately, quickly and efficiently diagnose faults.
Figures and Tables
|
References
|
Related Articles
|
Metrics
ENGINEERING PHYSICS
Select
Student-teacher networks in university research institutes
MA Xun, SHEN Shifei, NI Shunjiang, YONG Nuo
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 538-543. DOI: 10.16511/j.cnki.qhdxxb.2016.25.013
Abstract
PDF
(1781KB) (
740
)
Student-teacher relationships in a university were analyzed using contact data from surveillance videos to calculate distributions, clustering coefficients,
k
-cores and community structures. The results show that the contact networks have some characteristics of ER random networks and WS small world networks, but with many more
k
-cores and communities. The relationships between the teachers and students play an important role in the network structure. The results provide empirical data for building contact network models in workplaces and for the study of information and epidemic spreading in workplaces.
Figures and Tables
|
References
|
Related Articles
|
Metrics
INDUSTRIAL ENGINEERING
Select
Code structure and information modeling for health intervention classifications
WANG Tingyan, YU Ming, YANG Lan, NING Wenxin, KONG Dehua
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 544-552. DOI: 10.16511/j.cnki.qhdxxb.2016.25.014
Abstract
PDF
(2404KB) (
1340
)
Health Intervention Classifications (CHI) request efficient coding information systems, various information models have better developed for CHI, including a conceptual ontology model, an Object-Oriented UML (unique modeling language) model, and an ER (entity-relationship) model. This work describes a multi-level CHI information model used to create a database with a large amount of data from the various prevailing standards. A mapping mechanism among the standards within the database is also given. The results of this study can assist CHI coding procedures and provide a base for the final IT system implementation that focuses on supporting decision-making in medical management.
Figures and Tables
|
References
|
Related Articles
|
Metrics
AUTO MATION
Select
Vector distance direction information for spatio-temporal Kriging
CHEN Dingxin, LU Wenkai, LIU Daizhi
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 553-557. DOI: 10.16511/j.cnki.qhdxxb.2016.25.015
Abstract
PDF
(1193KB) (
586
)
The spatio-temporal Kriging method can be significantly improved by extending the variogram definition to the space-time domain. The key step in constructing the spatio-temporal variogram is to calculate the vector distances between the time slices and the space slices. This study analyzes the influence of the vector distance on the spatio-temporal variogram construction and presents a vector distance model that includes both the magnitude and the direction information. The algorithm was evaluated using magnetic field data with the evaluations based on the L1 norm and the L2 norm. The results show that the model with the additional direction information in the vector distance, more effectively represented the data characteristics which improved the spatio-temporal Kriging interpolation accuracy.
Figures and Tables
|
References
|
Related Articles
|
Metrics
HYDRAULIC ENGINEERING
Select
Stakeholder cooperation management in hydropower development projects
WANG Shuli, TANG Wenzhe, SHEN Wenxin, LEI Zhen
Journal of Tsinghua University(Science and Technology). 2016,
56
(5): 558-564. DOI: 10.16511/j.cnki.qhdxxb.2016.25.016
Abstract
PDF
(1222KB) (
615
)
There are various stakeholders in hydropower development projects, among which the owners play a key role in managing all the resources involving the stakeholders during the hydropower project lifecycle. This study focuses on the stakeholder cooperation management in hydropower development projects from the perspective of the owners. Ranking, correlation analysis and social network analysis showed the importance of stakeholder cooperation management, inter-organizational linking and the social network relationships of the stakeholders. The results provide guidance for owners to enhance inter-organizational linking and improve stakeholder cooperation management according to different roles.
Figures and Tables
|
References
|
Related Articles
|
Metrics
News
More
»
aaa
2024-12-26
»
2023年度优秀论文、优秀审稿人、优秀组稿人评选结果
2023-12-12
»
2022年度优秀论文、优秀审稿人、优秀组稿人评选结果
2022-12-20
»
2020年度优秀论文、优秀审稿人评选结果
2021-12-01
»
aa
2020-11-03
»
2020年度优秀论文、优秀审稿人评选结果
2020-10-28
»
第十六届“清华大学—横山亮次优秀论文奖”暨2019年度“清华之友—日立化成学术交流奖”颁奖仪式
2020-01-17
»
a
2019-01-09
»
a
2018-12-28
»
a
2018-01-19
Links
More
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd