Letter to the editor

The purpose of homeland security is to protect a nation from harm. A specific government agency called the Department of Homeland Security was established in the United States just after the September 11, 2001, attacks. The scope of this department is varied with emphasis on efforts to prevent terrorist attacks, reduce vulnerability, and maximize response capabilities. It also handles preparedness and responsiveness for natural disasters. Border security, both land and maritime, is clearly an important and interesting area of focus for homeland security.     

IP@SS - Integrated Passenger Security Solutions

Integrated Passenger Security Solutions (IP@SS) was developed to meet the present challenge faced by the aviation security industry, particularly in view of the audacious, unprecedented terrorist attacks carried out in the USA on September 11, 2001, which have changed aviation security threats beyond recognition. IP@SS is an integrated system which comprises several innovative technological sensors, databases, and advanced analysis methods aimed at accelerating passenger processing transactions and enhancing the level of security.     

Where does human factors fit in R&D organizations?

It is argued that human factors professionals in large R&D organizations should have a centralized human factors group (or department) with a manager sensitive to human factors organizational issues. This arrangement permits these professionals to maximize their contributions to the design, development, and testing of a product or service. Managers of human factors groups and departments can help educated project managers about the value of human factors. Human factors groups, departments, and managers provide benefits to the company by resolving project conflicts concerning user-oriented designs. They help foster a sense of a behavioral sciences community within the R&D organization and aid in recruiting job candidates. They are good for the product or service, the company, and the human factors profession     

基于贝叶斯网络的民航安全分析研究

安全在民用航空领域占有举足轻重的地位,直接影响民航企业的生存和发展。科学合理的安全分析便于及时发现民航领域存在的安全问题,预防航空事故诱发因素的萌生,提高民航安全管理的科学性和可操作性。根据民航安全的特点,建立了基于故障树的多态贝叶斯网络系统安全分析模型,综合运用诊断推理和因果推理形式,实现了定性与定量相结合的民航安全分析,通过航空灾难的实例验证了方法的有效性。在此基础上,提出采用区间型贝叶斯网络进行民航安全分析,克服了其他方法只能分析计算单点概率值的局限性,比传统的安全评估更客观,更有说服力。     

基于神经网络的民航安检系统风险评价研究

随着民航事业的快速发展,民航安全问题引起了广泛的关注.民航安全检查是民航管理安全重要的组成部分,如何建立一个合理的风险评价模型,指导民航安全检查的管理工作,已成为民航管理者的迫切需求.将BP神经网络模型引入民航安全管理,在分析民航安检系统的基础上,建立了安检系统的风险评价模型.通过实际应用验证了该模型的可行性.     

Countermeasures of command and control (C2) capabilities in a hostile environment

For a military airborne platform to survive in a hostile battlefield environment, the rapid detection and geo-location of an enemy (or terrorist) gunner is highly desirable. One approach is to develop an electronic countermeasure system against the gunner's command and communication (C2) capabilities, specifically the usage of modern wireless phones. Such a countermeasure system conducts a quick detection and geo-location of the targeted (hostile) mobile wireless subscriber, allows the airborne platform to make appropriate decisions: 1) to divert and avoid potential military conflicts; 2) to cue artillery supports and prepare for attack; or 3) to relay the coordinates of the potential threat to his own command and control units. In this paper, we discuss the technical approach of the countermeasure system, especially in two design areas: 1) detection and tracking of enemy C2 signals; and 2) geo-location of a targeted communication link.     

3D visualization to support airport security operations

In the summer of 2000, the National Safe Skies Alliance awarded a project to the Applied Visualization Center at the University of Tennessee to develop a 3D computer tool to assist the US Federal Aviation Administration security group, now the Transportation Security Administration, in evaluating new equipment and procedures to improve airport checkpoint security. At the time of this writing, numerous detection equipment models, three specific airports, and a placement and passenger flow simulation tool for airport security planners have been developed. Similar tools have been constructed for simulating cargo/baggage inspection and other airport security operations. An extension of the original effort to consolidate the tools is currently underway.     

On measurement of operational security

Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of “the ability of the system to resist attack.” That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit “more secure behavior” in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behavior will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working toward measures of “operational security” similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches, or the probability that a specified “mission” can be accomplished without a security breach. This new approach is based on the analogy between system failure and security breach, but it raises several issues which invite empirical investigation. We briefly describe a pilot experiment that we have conducted to judge the feasibility of collecting data to examine these issues     

Quality and security, they work together

The importance of considering computer security as part of the software quality assurance practice is discussed. Issues that point to the need for integration of quality assurance and computer security disciplines are raised. To address some of these issues, the NASA Automated Information Security (AIS) program is presented as a model that may be used for improving interactions between the quality assurance and computer security community of professionals. The information presented does not comprise an answer to documenting all computer security interactions with quality assurance, but it does present a currently working baseline model and can serve as a basis for future research and discussion     

Security Systems Research and Testing Laboratory at Edith Cowan University

The testing and evaluation of sophisticated security systems has remained in the domain of governments in national facilities and the commercial security industry through manufacturers and engineering consultants. As well, the production of testing protocols and industry standards has been developed by national organisations, professional security, and engineering bodies in the appropriate security fields. The Security Systems Research and Testing Laboratory in the School of Engineering and Mathematics at Edith Cowan University (ECU), Perth, Western Australia has commenced operations in research, testing, and evaluation of security systems. This paper wir describe the first year of operation of the Security Systems Research and Testing Laboratory, and will describe the role that testing and evaluation of security systems plays in the education and training of Security Science graduates, as well as the benefits that the Laboratory brings to the security industry through its testing programme.     

平台本体的可靠性评估及其应用

平台本体的可靠性评估是用来验证其抽样数据是否符合其指标要求的一种方法。本文就平台本体的可靠性指标验证问题,进行了威布尔寿命型产品可靠性的讨论,阐述了新的可靠性评估方法的理论推导,它对比原始的可靠性评估方法更加准确和充分。最后将其应用在某型号平台本体的可靠性试验数据上并计算出结果,能够验证该平台本体满足控制系统的指标要求。     

Security intrusion process: an empirical model

This paper describes a security model developed from empirical data collected from a realistic intrusion experiment in which a number of undergraduate students were invited to attack a distributed computer system. Relevant data, with respect to their intrusion activities, were recorded continuously. We have worked out a hypothesis on typical attacker behavior based on experiences from this and other similar experiments. The hypothesis suggests that the attacking process can be split into three phases: the learning phase, the standard attack phase and the innovative attack phase. The probability for successful attacks during the learning phase is expected to be small and, if a breach occurs, it is rather a result of pure luck than deliberate action. During the standard attack phase, this probability is considerably higher, whereas it decreases again in the innovative attack phase. The collected data indicates that the breaches during the standard attack phase are statistically equivalent. Furthermore, the times between breaches seem to be exponentially distributed, which means that traditional methods for reliability modelling of component failures may be applicable     

中国证监会职能的定位：监管与发展

《证券法》将证监会的职能明确为“依法对证券市场实行监督管理,维护证券市场秩序,保障其合法运行”。由此,证监会背负着监管与发展证券市场的重任。在监管中求发展,通过发展促进监管是证监会履行职能的最高境界,但如何平衡二者的关系,并使之相互促进仍然任重道远。     

应用神经网络模型评价社保基金运营效果方法研究

社会保障基金是社会成员普遍关注的资金,他的利用关系到全社会成员的公共利益。因此,社会保障基金运用效果的评价问题一直是社会各界争论的焦点,正确评价其运用效果是值得学术界探讨的问题。运用神经网络模型对社会保障基金运用效果进行评价是对神经网络模型的应用及对社会保障基金运用效果的评价进行尝试和探讨。     

Oracle 9i数据库的安全性策略

存储在数据库中的数据必须具有安全保证.为此,DBMS提供了安全管理技术.安全性策略是DBMS实现安全管理的基本技术.文章较详细地介绍了Oracle 9i数据库管理系统的安全管理技术中的安全性策略.这些策略涉及系统安全性策略、数据安全性策略和用户安全性策略.进一步地介绍了数据库验证、外部验证、企业验证和并发许可等用户验证和许可限制.上述安全技术构成了Oracle 9i数据库安全管理技术的基础,也是DBA必须掌握的基本技术.文章最后给出Oracle 9i安全策略的优点.     

人-机系统飞行安全可靠性问题的研究

在分析飞机电传操纵系统（FBW）特点的基础上，建立了习行器和电传操纵系统的数学模型，建立了电传操纵系统故障及飞行员干预的概率模型。应用马尔可夫链建立了人－机产行安全可靠性的数学模型，采用伊万诺夫法评估了某型第三代飞机在电传操纵系统故障报的排除的条件概率，并计算了电传操纵系统故障后该型飞机的飞行风险，最后提出了使用建议及技术改进建议。     

多飞行器动态目标追踪协同控制研究

多飞行器追踪动态目标是一个协同控制问题,需要根据目标飞行状态,协同各个追踪飞行器的飞行状态,最终能够在某动态的最佳点实现同时到达。考虑到目标具有较强的机动性,轨迹通常为非线性的,设计了一种基于非线性轨迹预测的、以剩余时间为控制变量的一致性控制方案。仿真结果表明,提出的控制方案能够实现空间位置相距较远的多飞行器动态追踪,具有较好的灵活性和收敛性,目标轨迹的预测结果与实际轨迹误差较小,恰当的轨迹估计有助于缩短追踪时间,提高追踪效率。     

提高应急撤离地面演示参试者安全性的研究

应急撤离地面演示试验是民用飞机适航取证工作中一项重大的全机性适航验证试验。从提高演示试验参试者安全性角度,解读了相关的适航规章要求。结合某型号的实践经验,在不影响试验结果的情况下,从完善应急撤离地面演示程序、应急预案、增加旅客保护措施、寻求替代程序几方面给出建议,使得演示参试者得到保护以免受伤。     

基于J2EE平台的安全性研究与实现

对于一个成功的J2EE应用来说安全是必不可少的。本文主要研究基于J2EE平台下的安全性方案,并提出在BEAWeblogicPlatform下电子交易系统的交易安全的具体实现,有效地解决了基于J2EE平台下的交易安全问题。     

SQL Server 2000的安全配置

介绍了操作系统和微软SQL Server2000数据库的安全配置的方法,以及在相关的安全和使用方面需注意的问题,其中数据库的安全配置包括了使用安全的密码策略、使用安全的账号策略和管理扩展存储过程等九个方面.