开放式环境下敏感数据安全的关键技术研究
|
摘要
随着信息技术和通讯技术的高速发展,在开放式互连计算网络中共享、存储和管理的敏感数据规模和复杂度以指数级规模增长,敏感程度也达到前所未有的水平,这些敏感数据与我国诸如食物供应、水、能源、金融交易、运输、卫生、应急甚至国防军工等重要的基础服务息息相关,因此在互连互通的开放式环境下对敏感数据安全也就提出了更高的要求。
保障开放式环境中敏感数据安全是实现敏感信息资源共享的基本功能。本论文试图对这一主题中热点及关键技术问题进行系统性的研究。本论文的研究内容和主要贡献如下:
开放式环境下敏感数据安全模型的研究
首先结合开放式环境下的安全特征,全面分析了敏感数据安全的威胁因素,提出开放式环境下敏感数据安全的威胁模型。详细阐述了与之相对的对抗策略,创新性地给出理想的对抗模型。
启发式的快速信任链发现的研究
信任链发现是信任管理和协商的核心技术,但是现有的信任链发现算法复杂度非常高,无法适应大规模的信任管理和协商的性能需求。针对上述不足,创新性提出一种启发式的快速信任链发现方法。首先结合开放式环境下授权认证和访问控制的特点,给出基于角色的信任委托模型RBTDM的定义,并在基于角色的信任图的构建基础上,提出了基于信任图的启发信息计算方法,分别给出启发式的向后搜索算法、启发式的向前搜索算法和启发式的双向搜索算法,从理论上证明了该算法具有较低的时间复杂度和空间复杂度。最后分别结合“小世界网络”和“动态团体”的方法生成信任凭证集合和查询等实验数据,并在两种方法生成的实验数据的基础上分别进行了启发式搜索方法和非启发式搜索方法的比较。大量的仿真实验结果表明,启发式的证书链发现的搜索空间远远小于非启发式的证书链发现搜索空间。
P2P环境下信任证覆盖网络生成和快速信任链发现的研究
在分布式环境下,信任凭证不可能集中式存储,然而现有的大量的信任链发现算法都是基于信任证集中式存储的前提下进行的,仅有的分布式信任链发现算法也存在着很大的局限性。针对上述不足,创新性提出一种基于Chord协议的信任证覆盖网络(RBCON),并在此基础上进行高效的信任链发现。首先给出了基于角色的P2P拓扑网络RBCON的设计,接下来给出RBCON产生、更新维护、节点离开的算法,并介绍了如何基于RBCON进行高效的信任链发现。RBCON中任何一个节点都可存放信任凭证。通过使用分布式哈希表(djstributed hash table,DHT)实现信任凭证的双向索引定位,能够满足各种信任证发现方法所需要的信任证定位的需要,并能保证网络在持续的节点加入和离开/失败的情况下,信任链的发现依然能够高效进行。详尽的实验结果和分析表明,RBCON与分布式环境下集中式拓扑、分布式非结构化拓扑模式相比,能在尽可能少的证书定位和查找的前提下完成信任链的发现,具有存储负载均衡、查询次数少、网络负载轻的优点,能够较好的抵抗各种恶意网络攻击。
自适应的个性化隐私数据发布方案的研究
现有的隐私发布技术缺少整体系统框架的研究,并且很少考虑到隐私保护的个性化需求,因此隐私保护的粒度和发布信息的精度往往难以满足现实需求,针对上述不足,创新性的提出自适应的个性化隐私数据发布方案,试图使用自适应技术来使不同的访问用户得到不同质量的数据,并试图使用个性化概念来更好满足不同数据所有者的不同隐私保护需求。首先给出自适应的个性化隐私数据发布框架中体系结构的设计,然后提出了个性化隐私保护模型,并系统的提出了个性化隐私保护数据发布方案,其中包括对敏感数据隐私侵犯方法的研究、对隐私侵犯概率的计算、对k匿名缺陷的分析、对发布数据信息损失的计算,并在此基础上给出了个性化数据发布算法;并提出信息状态评估、等级映射机制和个性化隐私策略管理的方案。通过大量的仿真实验对自适应的个性化隐私数据发布方法的核心算法与k匿名算法、l多样算法和多维k匿名算法进行比较,实验结果说明了个性化隐私保护算法在保证隐私的前提下,具有较低的信息损失量和查询精度。
开放式环境下特定敏感数据的水印方案研究
数字水印是保护敏感数据版权和完整性的重要手段。现有的数字水印方法主要针对图像、音频、视频等多媒体数据展开,一些面向半结构数据和关系数据等新型数据的水印技术还刚刚起步。本文针对上述情况,创新性的提出了一种面向树形数据的水印方案和一种面向关系数据的水印方案。首先给出面向树形数据的水印方案,并给出面向树形数据的分形水印嵌入算法和分形水印检测算法;然后给出面向关系数据的通用和自适应的数字水印方法,在提出通用和自适应关系数据水印框架的基础上分别给出水印嵌入和检测的算法。最后给出两类敏感数据水印方案的仿真实验和面临各种攻击的可靠性分析,实验结果表明,本文提出的两类特定敏感数据的水印方案,在面临各类攻击中具有很强的抵抗力。
With the rapid development of information and communication technology, the size andcomplexity of sensitive data that shared, stored and managed in open network is now growingwith the index grade, and the sensitive degree arrives at an unprecedented level. The sensitive datais closely related with national infrastructure services, such as food, water, power supply, financetransaction, transportation, health, emergency, even defense military etc. So interconnection andintercommunication of the open environment set higher requirements for security of sensitive data.
Guaranteeing security of sensitive data in open environment is one of fundamental functionsto deliver sensitive data sharing service. This thesis is intended to contribute on this issue, andmainly involves the following hot issues.
Research on Security Model for Sensitive Data
Based on security characters and safety factors of threatening sensitive data in openenvironment, the threat model for sensitive data is proposed. The security policies to counter the threats are elaborated and the countering model for sensitive data is also given.
Research on Heuristic Credential Chains in Role-based Trust Management
Credential chain search, as a central problem and a key technique in TM and ATN, hasbeen studied extensively in recent years. However, the existing credential chain searchmethods are inadequate because they have high time and space complexity, and often searchmuch more credentials when find(or fail to) a credential chain. In this thesis, we propose anovel heuristic role-based credential chain search method, which use heuristic informationimplied in role-based trust graph to speed chain search. Comparing our heuristic algorithmwith the non-heuristic algorithm, the worst-case time complexity drops from O(N~3) to O(N~(2*)logN), and the worst-case space complexity drops from O(N~*M) to O(M). Deliberategeneration of experimental data and extensive experiments confirm that the heuristiccredential chain search method can much reduce searching space obviously.
Research on Role-based Overlay for Fast Trust Delegation in P2P Networks
Almost all existing algorithms, addressing the credential chain search problem, assume thatall the potentially relevant credentials stored in one place and that they do not consider how togather them. The assumption that all credentials are stored in one place is at odds with thedistribution tenet of trust management. Based on above research on heuristic credential chainsin role-based trust management, we present a novel role-based overlay for fast trust delegationin P2P networks, which has well solved the fast search for role-based credential chains whencredentials distributed in different place. First, the design of Role-Based Credential OverlayNetwork (RBCON) is given. Second, based on famous Chord protocol, the algorithms ofRBCON's generation, RBCON's stabilization, and peers departure are presented. Third,efficient search for credential chains based on RBCON is also introduced. We tested theperformance of RBCON against centralized topology network and decentralized unstructuredtopology network through extensive experiments. The results highlight that the role-basedoverlay has storage balance, less lookup numbers and network load, high availability whensearching credential chains.
Research on adaptive data publish solution with personalized privacy protection
Privacy preservation is a serious concern in publication of personal data. However, theexisting methods lack research on adaptive framework of data publish with privacy and onlyfocus on a universal approach that exerts the same amount of preservation for all persons,without catering for their concrete needs. The consequence is that we may be offeringinsufficient protection to a subset of people, while applying excessive privacy control toanother subset. Motivated by this, we present a new adaptive framework for data publish withpersonalized privacy protection. First, based on the concept of personalized anonymity, aframework of adaptive data publish with personalized privacy protection is presented. Second,the general model for personalized privacy protection is formalized. Based on the study of theway that adversaries infer the sensitive information from published data, the formulas tocalculate the breach probability and information loss are given, on which the algorithm forproducing published data satisfied personalized privacy protection is also introduced. Thesolutions for information state evaluation, grade mapping mechanism, and personalizedprivacy policy management are proposed as well. We test the algorithm for publishing datawith personalized privacy protection against k-anonymity,l-diversity, and multidimensionalk-anonymity. The experiment results show that our method fully prevents privacy intrusioneven in scenarios where the existing approaches fail, and results in our published data thatpermit accurate aggregate analysis.
Research on Watermarking Tree-structure Data and Relational Data
With the rapid development of lnternet, the requirement of copyright and integrityprotection over tree-structure data and relational data, such as XML documents and complexhypertext content, is becoming more and more urgent. There is a rich body of literature onwatermarking multimedia data. However, it is more challenging to apply the effectivewatermarking schemes into tree-structured data and relational data. Based on analysis anddiscussion of the characteristics of semi-structure/relational data and the correspondingwatermarking techniques, we propose new watermarks for tree-structure data and relationaldata respectively. First, in this thesis, a novel watermark scheme for tree-structured data basedon the value lying both in the tree structure and in the node content is proposed, which gives acomprehensive protection for both node content and structure of tree. Second, a generalizedand adaptive relational data watermarking framework (GARWM) is formalized and presented,and the properties of relational data in the semantics of watermarking, such as preservation oflogical relationship in usability preserving attack, discrimination in significance of theattributes, and local constraints/global metrics, to strengthen existing methods, is exploited.The algorithms for embedding and detecting watermark on tree-structure/rational data are alsointroduced. We show that our watermarking methods are resilient to many kinds of threats,and experiment results quantitatively demonstrate the robustness of our techniques.
保障开放式环境中敏感数据安全是实现敏感信息资源共享的基本功能。本论文试图对这一主题中热点及关键技术问题进行系统性的研究。本论文的研究内容和主要贡献如下:
开放式环境下敏感数据安全模型的研究
首先结合开放式环境下的安全特征,全面分析了敏感数据安全的威胁因素,提出开放式环境下敏感数据安全的威胁模型。详细阐述了与之相对的对抗策略,创新性地给出理想的对抗模型。
启发式的快速信任链发现的研究
信任链发现是信任管理和协商的核心技术,但是现有的信任链发现算法复杂度非常高,无法适应大规模的信任管理和协商的性能需求。针对上述不足,创新性提出一种启发式的快速信任链发现方法。首先结合开放式环境下授权认证和访问控制的特点,给出基于角色的信任委托模型RBTDM的定义,并在基于角色的信任图的构建基础上,提出了基于信任图的启发信息计算方法,分别给出启发式的向后搜索算法、启发式的向前搜索算法和启发式的双向搜索算法,从理论上证明了该算法具有较低的时间复杂度和空间复杂度。最后分别结合“小世界网络”和“动态团体”的方法生成信任凭证集合和查询等实验数据,并在两种方法生成的实验数据的基础上分别进行了启发式搜索方法和非启发式搜索方法的比较。大量的仿真实验结果表明,启发式的证书链发现的搜索空间远远小于非启发式的证书链发现搜索空间。
P2P环境下信任证覆盖网络生成和快速信任链发现的研究
在分布式环境下,信任凭证不可能集中式存储,然而现有的大量的信任链发现算法都是基于信任证集中式存储的前提下进行的,仅有的分布式信任链发现算法也存在着很大的局限性。针对上述不足,创新性提出一种基于Chord协议的信任证覆盖网络(RBCON),并在此基础上进行高效的信任链发现。首先给出了基于角色的P2P拓扑网络RBCON的设计,接下来给出RBCON产生、更新维护、节点离开的算法,并介绍了如何基于RBCON进行高效的信任链发现。RBCON中任何一个节点都可存放信任凭证。通过使用分布式哈希表(djstributed hash table,DHT)实现信任凭证的双向索引定位,能够满足各种信任证发现方法所需要的信任证定位的需要,并能保证网络在持续的节点加入和离开/失败的情况下,信任链的发现依然能够高效进行。详尽的实验结果和分析表明,RBCON与分布式环境下集中式拓扑、分布式非结构化拓扑模式相比,能在尽可能少的证书定位和查找的前提下完成信任链的发现,具有存储负载均衡、查询次数少、网络负载轻的优点,能够较好的抵抗各种恶意网络攻击。
自适应的个性化隐私数据发布方案的研究
现有的隐私发布技术缺少整体系统框架的研究,并且很少考虑到隐私保护的个性化需求,因此隐私保护的粒度和发布信息的精度往往难以满足现实需求,针对上述不足,创新性的提出自适应的个性化隐私数据发布方案,试图使用自适应技术来使不同的访问用户得到不同质量的数据,并试图使用个性化概念来更好满足不同数据所有者的不同隐私保护需求。首先给出自适应的个性化隐私数据发布框架中体系结构的设计,然后提出了个性化隐私保护模型,并系统的提出了个性化隐私保护数据发布方案,其中包括对敏感数据隐私侵犯方法的研究、对隐私侵犯概率的计算、对k匿名缺陷的分析、对发布数据信息损失的计算,并在此基础上给出了个性化数据发布算法;并提出信息状态评估、等级映射机制和个性化隐私策略管理的方案。通过大量的仿真实验对自适应的个性化隐私数据发布方法的核心算法与k匿名算法、l多样算法和多维k匿名算法进行比较,实验结果说明了个性化隐私保护算法在保证隐私的前提下,具有较低的信息损失量和查询精度。
开放式环境下特定敏感数据的水印方案研究
数字水印是保护敏感数据版权和完整性的重要手段。现有的数字水印方法主要针对图像、音频、视频等多媒体数据展开,一些面向半结构数据和关系数据等新型数据的水印技术还刚刚起步。本文针对上述情况,创新性的提出了一种面向树形数据的水印方案和一种面向关系数据的水印方案。首先给出面向树形数据的水印方案,并给出面向树形数据的分形水印嵌入算法和分形水印检测算法;然后给出面向关系数据的通用和自适应的数字水印方法,在提出通用和自适应关系数据水印框架的基础上分别给出水印嵌入和检测的算法。最后给出两类敏感数据水印方案的仿真实验和面临各种攻击的可靠性分析,实验结果表明,本文提出的两类特定敏感数据的水印方案,在面临各类攻击中具有很强的抵抗力。
With the rapid development of information and communication technology, the size andcomplexity of sensitive data that shared, stored and managed in open network is now growingwith the index grade, and the sensitive degree arrives at an unprecedented level. The sensitive datais closely related with national infrastructure services, such as food, water, power supply, financetransaction, transportation, health, emergency, even defense military etc. So interconnection andintercommunication of the open environment set higher requirements for security of sensitive data.
Guaranteeing security of sensitive data in open environment is one of fundamental functionsto deliver sensitive data sharing service. This thesis is intended to contribute on this issue, andmainly involves the following hot issues.
Research on Security Model for Sensitive Data
Based on security characters and safety factors of threatening sensitive data in openenvironment, the threat model for sensitive data is proposed. The security policies to counter the threats are elaborated and the countering model for sensitive data is also given.
Research on Heuristic Credential Chains in Role-based Trust Management
Credential chain search, as a central problem and a key technique in TM and ATN, hasbeen studied extensively in recent years. However, the existing credential chain searchmethods are inadequate because they have high time and space complexity, and often searchmuch more credentials when find(or fail to) a credential chain. In this thesis, we propose anovel heuristic role-based credential chain search method, which use heuristic informationimplied in role-based trust graph to speed chain search. Comparing our heuristic algorithmwith the non-heuristic algorithm, the worst-case time complexity drops from O(N~3) to O(N~(2*)logN), and the worst-case space complexity drops from O(N~*M) to O(M). Deliberategeneration of experimental data and extensive experiments confirm that the heuristiccredential chain search method can much reduce searching space obviously.
Research on Role-based Overlay for Fast Trust Delegation in P2P Networks
Almost all existing algorithms, addressing the credential chain search problem, assume thatall the potentially relevant credentials stored in one place and that they do not consider how togather them. The assumption that all credentials are stored in one place is at odds with thedistribution tenet of trust management. Based on above research on heuristic credential chainsin role-based trust management, we present a novel role-based overlay for fast trust delegationin P2P networks, which has well solved the fast search for role-based credential chains whencredentials distributed in different place. First, the design of Role-Based Credential OverlayNetwork (RBCON) is given. Second, based on famous Chord protocol, the algorithms ofRBCON's generation, RBCON's stabilization, and peers departure are presented. Third,efficient search for credential chains based on RBCON is also introduced. We tested theperformance of RBCON against centralized topology network and decentralized unstructuredtopology network through extensive experiments. The results highlight that the role-basedoverlay has storage balance, less lookup numbers and network load, high availability whensearching credential chains.
Research on adaptive data publish solution with personalized privacy protection
Privacy preservation is a serious concern in publication of personal data. However, theexisting methods lack research on adaptive framework of data publish with privacy and onlyfocus on a universal approach that exerts the same amount of preservation for all persons,without catering for their concrete needs. The consequence is that we may be offeringinsufficient protection to a subset of people, while applying excessive privacy control toanother subset. Motivated by this, we present a new adaptive framework for data publish withpersonalized privacy protection. First, based on the concept of personalized anonymity, aframework of adaptive data publish with personalized privacy protection is presented. Second,the general model for personalized privacy protection is formalized. Based on the study of theway that adversaries infer the sensitive information from published data, the formulas tocalculate the breach probability and information loss are given, on which the algorithm forproducing published data satisfied personalized privacy protection is also introduced. Thesolutions for information state evaluation, grade mapping mechanism, and personalizedprivacy policy management are proposed as well. We test the algorithm for publishing datawith personalized privacy protection against k-anonymity,l-diversity, and multidimensionalk-anonymity. The experiment results show that our method fully prevents privacy intrusioneven in scenarios where the existing approaches fail, and results in our published data thatpermit accurate aggregate analysis.
Research on Watermarking Tree-structure Data and Relational Data
With the rapid development of lnternet, the requirement of copyright and integrityprotection over tree-structure data and relational data, such as XML documents and complexhypertext content, is becoming more and more urgent. There is a rich body of literature onwatermarking multimedia data. However, it is more challenging to apply the effectivewatermarking schemes into tree-structured data and relational data. Based on analysis anddiscussion of the characteristics of semi-structure/relational data and the correspondingwatermarking techniques, we propose new watermarks for tree-structure data and relationaldata respectively. First, in this thesis, a novel watermark scheme for tree-structured data basedon the value lying both in the tree structure and in the node content is proposed, which gives acomprehensive protection for both node content and structure of tree. Second, a generalizedand adaptive relational data watermarking framework (GARWM) is formalized and presented,and the properties of relational data in the semantics of watermarking, such as preservation oflogical relationship in usability preserving attack, discrimination in significance of theattributes, and local constraints/global metrics, to strengthen existing methods, is exploited.The algorithms for embedding and detecting watermark on tree-structure/rational data are alsointroduced. We show that our watermarking methods are resilient to many kinds of threats,and experiment results quantitatively demonstrate the robustness of our techniques.
引文
[1] The Economist. The End of Privacy, May 1999.
[2] European Union. Directive on Privacy Protection, Oct. 1998.
[3] Office of the Information and Privacy Commissioner, Ontario. Data Mining: Staking a Claim on Your Privacy, January 1998.
[4] Time. The Death of Privacy, August 1997.
[5] DOD(U. S. Department of Defense). Trusted Computer System Evaluation Criteria, DoD 5200, 28-STD, Washington. DC., Dec. 1985.
[6] Oracle. Security Overview 10g Release 1(10.1) Part No. B10777-01, Dec 2003.
[7] NSTC(National Science and Technology and Technology Council). Federal Plan for Cyber Security and Information Assurance Research and Development, April 2006.
[8] Sandhu R S. Rationale for the RBAC96 Family of Access Models. In: Proc. of first ACM Workshop on RBAC, 1996.
[9] DOD(U.S. Department of Defense).Final Report of the Defense Science Board Task Force on The Role and Status of DoD Red Teaming Activities, 2003.
[10] U. S. National Infrastructure Advisory Council(NIAC). The National Strategy to Secure Cyberspace, 2003.
[11] 梁洪亮,孙玉芳.信息安全评价准则研究综述与探讨,计算机科学,Vol.29(9),pp.16-20,2002.
[12] Anderson J P. Computer Security Technology Planning Study Volume Ⅱ, ESD-TR-73-51, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01730, Oct. 1972.
[13] Bell DE, LaPadula LJ. Secure Computer Systems: Mathematical Foundations, ESD-TR-73-278, Vol. 1, AD 770768, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, Massachusetts, Nov. 1973.
[14] Schell, R. R. Security Kernels: A Methodical Design of System Security, in Technical Papers, USE Inc. Spring Conference, pp.245-250, March 1979.
[15] Denning, D. E. Secure Information Flow in Computer Systems, Ph.D. dissertation, Purdue Univ., West Lafayette, Ind., May 1975.
[16] Federal republic of Germany. Criteria for the evaluation of trustworthiness of information technology systems, ISBN 3-88784-200-6, Jan. 1989.
[17] Communication Electronics Security Group. U K systems security confidence levels. United Kingdom, Feb. 1989.
[18] Office for Official Publications of the European Communities. Information Technology Security Evaluation Criteria, Version 1.2. Jun. 1991.
[19] U. S. National security agency. Combined Federal Criteria, 1992.
[20] Common Criteria Project Sponsoring Organizations. Common Criteria for Information Security Evaluation, Version 2.1.ISO/IEC 15408, Aug. 1999.
[21] 中国.计算机信息系统安全保护等级划分准则.GB17859-1999,1999.
[22] Barlow T, Hess A, Seamons KE. Trust negotiation in electronic markets, in: Proc. of 8th Research Symp. in Emerging Electronic Markets. Maastricht, 2001.
[23] Seamons KE, Winslett M, Yu T. Limiting the disclosure of access control policies during automated trust negotiation. In: Network and Distributed System Security Symp. (NDSS 2001). Internet Society Press, 2001.
[24] Seamons KE, Winslett M, Yu T, Yu L, Jarvis R. Protecting privacy during on-line trust negotiation. In: Dingledine R, Syverson PF.eds. Proc. of the 2nd Workshop on Privacy Enhancing Technologies. LNCS 2482, Springer-Verlag, pp. 129-143, 2003.
[25] Smith B, Seamons KE, Jones MD. Responding to policies at runtime in TrustBuilder. In: Proc. of the 5th Int'l Workshop on Policies for Distributed Systems and Networks. Washington: IEEE Computer Society Press, 2004. 149-158.
[26] Winsborough WH, Li NH. Towards practical automated trust negotiation. In: Proc. of the 3rd Int'l Workshop on Policies for Distributed Systems and Networks (POLICY 2002). Washington: IEEE Computer Society Press, 2002. 92-103.
[27] Nejdl W, Olmedilla D, Winslett M. PeerTrust: Automated trust negotiation for peers on the semantic Web. In: Proc. of the Workshop on Secure Data Management in a Connected World(SDM 2004), LNCS 3178, Springer-Verlag, 2004. 118-132.
[28] Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis. The KcyNote trust-management system, version 2. IETF RFC 2704, Sep. 1999.
[29] 韩伟力.分布式环境下的约束访问控制技术研究,浙江大学博士论文,2003.
[30] Xu Feng, Lu Jian. Research and Development of Trust Management in Web Security, Journal of Software, Vol. 13(11): pp. 2057-2064, 2002.(徐锋,吕建。Web安全中的信任管理研究与进展。软件学报,2002,V13(11),2057-2064.)
[31] LIAO Zhen-Song, JTN Hal, LI Chi-Song, ZOU De-Qing. Automated Trust Negotiation and Its Development Trend, Journal of Software, Vol. 17(9), pp. 1933-1948, Sep. 2006.
[32] LI Jian-Xin, HUAI Jin-Peng, LI Xian-Xian. Research on Automated Trust Negotiation, Journal of Software, Vol. 17(1):pp. 124-133, Jan. 2006.
[33] Abdul-Rahman, A., Hailes, S. A distributed trust model. In: Proceedings of the 1997 New Security Paradigms Workshop. Cumbria, UK: ACM Press, pp.48-60, 1998.
[34] Li LX, Chen WM, Huang SL. Realizing mandatory access control in role-based security system. Journal of Software, Vol. 11(10): pp. 1320-1325, 2000.(in Chinese with English abstract)
[35] Saunders G, Hitchens M, Varadharajan V. Role-Based access control and the access control matrix. In: Hitchens M, ed Proc. of the ACM SINGOPS Operating Systems Review, New York: ACM Press, pp.6-20, 2001.
[36] Matt Blaze, Joan Feigenbaum, Martin Strauss. Compliance-checking in the PolicyMaker trust management system. In Proc. of Second International Conference on Financial Cryptography (FC'98), LNCS1465, pp. 254-274, Springer, 1998.
[37] Dwainc Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, Ronald L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, Vol.9(4), pp.285-322, 2001.
[38] Ziqing Mao, Ninghui Li, and William H. Winsborough Distributed Credential Chain Discovery in Trust Management with Parametcrized Roles and Constraints (Short Paper).in International Conference on Information and Communications Security (ICICS), Dec. 2006.
[39] Tuomas Aura. Fast access control decisions from delegation certificate databases. In Proc. of 3rd Australasian Conference on Information Security and Privacy (ACISP'98), LNCS1438, pp.284-295. Springer, 1998.
[40] Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed Credential Chain Discovery in Trust Management. Journal of Computer Security, vol. 11(1), pp. 35-86, Feb. 2003.
[41] Li NH, Winsborough WH, Mitchell JC. Distributed credential chain discovery in trust management. In: Herbert AS, ed. Proc. of the IEEE Symp. on Computing and Communications Security. New York: ACM Press, pp. 156-165, 2001.
[42] Ajmani, S., Clarke, D. E., Moh, C. H., Richman, S.. Conchord: Cooperative sdsi certificate. storage and name resolution. In: LNCS 2429 Peer-to-Peer Systems: First International Workshop, pp. 141-154, 2002.
[43] Business Week. Privacy on the Net, March 2000.
[44] L. Cranor, J. Reagle, and M. Ackerman. Beyond concern: Understanding net users' attitudes about online privacy. Technical Report TR 99.4.3, AT&T Labs Research, April 1999.
[45] A. Westin. E-commerce and privacy: What net users want. Technical report, Louis Harris & Associates, June 1998.
[46] A. Westin. Privacy concerns & consumer choice. Technical report, Louis Harris & Associates, Dec. 1998.
[47] A. Westin. Freebies and privacy: What net users think. Technical report, Opinion Research Corporation, July 1999.
[48] R. Bayardo and R. Agrawal. Data privacy through optimal k-anonymization. In ICDE, pp. 217-228, 2005.
[49] B. C. M. Fung, K. Wang, and P. S. Yu. Top-down specialization for information and privacy preservation. In ICDE, pp.205-216, 2005.
[50] V. Iyengar. Transforming data to satisfy privacy constraints. In SIGKDD, pp. 279-288, 2002.
[51] K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Incognito: Efficient full-domain k-anonymity. In SIGMOD, pp.49-60, 2005.
[52] A. Machanavajjhala, J. Gehrke, and D. Kifer. 1-diversity: Privacy beyond k-anonymity. In ICDE, 2006.
[53] P. Samarati. Protecting respondents' identities in microdata release. TKDE, Vol. 13(6), pp. 1010-1027, 2001.
[54] Sweeney L. K-Anonymity: A model for protecting privacy. Int'l Journal on Uncertainty, Fuzziness and Knowledge-Based Systems, Vol. 10(5), pp.557-570, 2002.
[55] Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, Vol.10(5), pp.571-588, 2002.
[56] K. Wang, P. S. Yu, and S. Chakraborty. Bottom-up generalization: A data mining solution to privacy protection. In ICDM, pp. 249-256, 2004.
[57] Xiaokui Xiao, Yufei Tao. Personalized Privacy Preservation, SIGMOD 2006, Chicago, Illinois, USA, pp.229-240, June 27-29, 2006.
[58] C. C. Aggarwal. On k-anonymity and the curse of dimensionality. In VLDB, pp.901-909, 2005.
[59] C. Yao, X. S. Wang, and S. Jajodia. Checking for k-anonymity violation by views. In VLDB, pp. 910-921, 2005.
[60] S. Zhong, Z. Yang, and R. N. Wright. Privacy-enhancing k-anonymization of customer data. In PODS, pp. 139—147, 2005.
[61] K. Wang, B. C. M. Fung, and P. S. Yu. Handicapping attacker's confidence: An alternative to k-anonymization, Knowledge and Information Systems, Vol. 11(3), pp. 345-368, April 2007.
[62] G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, and A. Zhu. Anonymizing tables. In ICDT, pp.246-255, 2005.
[63] A. Meyerson and R. Williams. On the complexity of optimal k-anonymity. In PODS, pp. 223-228, 2004.
[64] S. Voloshynovskiy, F. Deguillaume, O. Koval and Thierry Pun, Information-theoretic data-hiding: Recent achievements and open problems, International Journal of linage and Graphics, Vol.5(1), pp. 1-31, 2005.
[65] I. J. Cox, M. L. Miller and J. A. Bloom. Digital watermarking, Morgan Kaufmann, 2002.
[66] M D. Swanson, B. Zhu, A. H. Tewfik and L. Boney. Robust Audio Watermarking Using Perceptual Masking. Signal Processing, 1998, 66(3): 337-355.
[67] T. Y. Chung, M. S. Hong, Y. N. Oh, D. H. Shin and S. H, Park. Digital Watermarking for Copyright Protection of MPEG2 Compressed Video. IEEE Transactions on Consumer Electronics, 1998, 44(3): 895-901.
[68] R. Villan, S. Voloshynovskiy, O. Koval, J. E. Vila-Forcen, E. Topak, F. Deguillaume, Y. Rytsar and T. Pun, Text Data-Hiding for Digital and Printed Documents: Theoretical and Practical Considerations, In Proceedings of SPIE-IS&T Electronic Imaging 2006, Security, Steganography, and Watermarking of Multimedia Contents Ⅷ, San Jose, USA, Jan. 2006.
[69] R. Venkatesan, V. Vazirani, and S. Sinha. A graph theoretic approach to software watermarking. In: Proc. of Fourth International Workshop on Information Hiding (IH 2001), pp. 157-168, 2001.
[70] R. Agrawal, and J. Kiernan. Watermarking relational databases. In: Proceedings of the 28th International Conference on Very Large Data Bases (VLDB 2002), pp. 155-166, 2002.
[71] R. Sion, M. Atallah, and S. Prabhakar. Rights protection for relational data. IEEE Transactions On Knowledge And Data Engineering, Vol. 16(6), pp. 1-17, 2004.
[72] Yuei-Lin Chiang,Lu-Ping Chang,Wen-Tai Hsieh, and et al. Natural language watermarking using semantic substitution for chinese text. In: Proc. of Second International Workshop on Digital Watermarking (IWDW 2003), pp. 129-140, 2003.
[73] R. Sion. Proving ownership over categorical data. In: proc. of the IEEE International Conference on Data Engineering, pp. 584-596, 2004.
[74] R. Sion, M. Atallah, S. prabhakar. Resilient rights protection for sensor streams. In: proceedings of the 30th International Conference on Very Large Data Bases, pp. 732-743, 2004.
[75] 成礼智,罗永,徐志宏等,基于带参数整数小波变换可见数字水印.软件学报,Vol.15(2),pp.238-249,2004.
[76] 沃焱,韩国强,张波.一种新的基于特征的图像内容认证方法.计算机学报,28(1):105-112,2005.
[77] 赵东宁,张勇,李德毅.基于云模型的文本数字水印技术.计算机应用,Vol.12(Suppl.),pp.100-102,2003.
[78] 张勇,赵东宁,李德毅.水印关系数据库.解放军理工大学学报(自然科学版),Vol.4(5),pp.1-4,2003.
[79] 张立和,杨义先,钮心忻等.软件水印综述.软件学报,Vol.14(2),pp.268-277,2003.
[80] 李黎,张明敏,潘志庚.一种抗几何变换的图像盲水印算法.浙江大学学报(工学版),Vol.38(2),pp.141-144,2004.
[81] 胡伟曦,潘志庚.虚拟世界自然文化遗产保护关键技术概述.系统仿真学报,Vol.15(3),pp.315-318,2003.
[82] 孙树森,张明敏,李黎等.数字水印技术在数字博物馆中的应用.系统仿真学报,Vol.15(3),pp.347-349,2003.pp.210-219.2000.
[83] 尹康康,潘志庚.VRML景场中的纹理水印.工程图学学报,Vol.21(3),pp.126-132,2000.
[84] A. Tirkel, G. Rankin, R. van Schyndel, and et al. Electronic water mark. In: Proceedings of Digital Image Computing-Techniques and Applications (DICTA 1993), pp.666-672, 1993.
[85] S. Craver, B. Liu, and W. Wolf. An Implementation of, and Attacks on, Zero-Knowledge Watermarking. In: Proceedings of Sixth International Workshop on Information Hiding (IH 2004). pp. 1-12, 2004.
[86] D. Yu, and F. Sattar. A New Blind Watermarking Technique Based on Independent Component Analysis. In: Proc. of First International Workshop on Digital Watermarking (IWDW 2002), pp. 51-63, 2002.
[87] Y. Q. Shi. Reversible Data Hiding. In: Proceedings of Third International Workshop on Digital Watermarking (IWDW 2004), pp. 1-12, 2004.
[88] J. T Brassil, S. Low, and N. F. Maxemchuk. Copyright protection for the electronic distribution of text documents. In: Proc. of IEEE, Vol. 87(7), pp. 1181-1196, 1999.
[89] Young-Won Kim, Kyung-Ae Moon, and Il-Seok Oh. A Text Watermarking Algorithm based on Word Classification and Inter-word Space Statistics. In: Proceedings of Seventh International Conference on Document Analysis and Recognition (ICDAR 2003), pp. 775-779, 2003.
[90] M. J. Atallah, V. Raskin, C. F. Hempelmann, and et al. Natural language watermarking and tamperproofing In: Proc. of Fifth International Workshop on Information Hiding (IH 2002), pp. 196-212, 2002.
[91] C. Collberg, A. Huntwork, E. Carter, and et al. Graph theoretic software watermarks: implementation, analysis, and attacks. In: Proc. of Sixth International Workshop on Information Hiding (IH 2004), pp. 192-207, 2004.
[92] C. Collberg, and C. Thomhorson. Software watermarking: models and dynamic embeddings. In: Proc. of Symposium on Principles of Programming Languages (POPL 1999). pp.311-324, 1999.
[93] J. Nagra, and C. Thomhorson. Threading software watermarks. In: Proc. of Sixth International Workshop on Information Hiding (IH 2004). pp.208-223, 2004.
[94] Lin Yuan, P.R. Pari, and Gang Qu. Soft IP protection: watermarking HDL codes. In: Proc. of Sixth International Workshop on Information Hiding (IH 2004), pp.224-238, 2004.
[95] R. Sion, M. Atallah, and S. Prabhakar. Resilient information hiding for abstract semi-structures. In: Proceedings of Second International Workshop on Digital Watermarking, pp. 141-153, 2003.
[96] M. Atallah, R. Sion and S. Prabhakar. Watermarking non-media content: XML and Databases. Poster presentation at the CERIAS Security Symposium, 2001.
[97] Wilfred Ng and Lau Ho Lam. Effective Approaches for Watermarking XML Data. DASFAA 2005, LNCS 3453, pp.68-80, 2005.
[98] Xuan ZHOU, HweeHwa PANG, Kian-Lee TAN, Dhruv MANGLA. WmXML: A System for Watermarking XML Data, In: Proc. of the 31st VLDB Conference,Trondheim, Norway, 2005.
[99] Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 164-173, May 1996.
[100] Winsborough WH, Seamons KE, Jones VE. Automated trust negotiation. In: Hilton SC, ed. DARPA Information Survivability Conf. and Exposition. New York: IEEE Press, pp.88-102, 2000.
[101] Li NH, Mitchell JC, Winsborough WH. Design of a role-based trust management framework. In: Heather H, ed Proc. of the IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society Press, pp. 114-130, 2002.
[102] Li NH, Mitchell JC. Datalog with constraints; A foundation for trust management languages. In: Veronica D, Philip W, eds. Proc. of the 5th Int'l Symp. on Practical Aspects of Declarative Languages. LNCS 2562, Berlin, Heidelberg: Springer-Verlag, pp.58-73, 2003.
[103] Zhang LH, Ahn GJ, Chu BT A rule-based framework for role-based delegation. In: Sandhu RS, Jaeger T, eds. Proc. of the 6th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, pp. 153-162, 2001.
[104] Zhang XZ, Oh S, Sandhu R. PBDM: A flexible delegation model in RBAC. In: Ferrari E, Ferraiolo D, eds. Proc. of the 8th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, pp. 149-157, 2003.
[105] P. E. Hart, N. J. Nilsson, and B. Raphael. A formal basis for the heuristic determination of minimum cost paths in graphs. IEEE Trans. Syst. Sci. and Cybernetics, SSC-4(2), pp. 100-107, 1968.
[106] Pearl, J. Heuristics: Intelligent Search Strategies for Computer Problem Solving. Addison-Wesley, pp.48, 1984.
[107] Russell, S.J., & Norvig, P. Artificial Intelligence: A Modern Approach. 2nd edition. Pearson Education, Inc, pp. 94-95(note 3), 2003.
[108] R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In. Proc. of the ACM SIGMOD Conference on Management of data, pp. 207-216, 1993.
[109] Duncan J. Watts~* & Steven H Strogatz, Collective dynamics of 'small-world' networks, Nature 393, pp.440-442, 1998.
[110] Jon Kleinberg and Steve Lawrence. The Structure of the Web, SCIENCE, 294(30): 1849-1850, NOV. 2001.
[111] Milgram, S. The small world problem. Psychol. Today 2, pp.60-67, 1967.
[112] Kochen, M. (ed) The Small World (Ablex, Norwood, NJ, 1989).
[113] Guare, J. Six Degrees of Separation: A Play (Vintage Books, New York, 1990).
[114] Jure Leskovec, Jon Kleinberg, Christos Faloutsos. Graphs over Time: Densification Laws, Shrinking Diameters and Possible Explanations, KDD'05,, Chicago, Illinois, USA, Aug. 21-24, 2005.
[115] J. Gehrke, P. Ginsparg, and J. M. Kleinberg. Overview of the 2003 kdd cup. SIGKDD Explorations, Vol.5(2), pp. 149-151, 2003.
[116] B. H. Hall, A. B. Jaffe, and M. Trajtenberg. The nberpatent citation data file: Lessons, insights and methodological tools. NBER Working Papers 8498, National Bureau of Economic Research, Inc, Oct. 2001.
[117] Nikander P, Viljanen L. Storing and retrieving Internet certificates. In: The 3rd Nordic Workshop on Secure IT Systems. Trondheim, pp. 1-13,1998.
[118] Ion Stoica and Robert Morris and David Karger and Frans Kaashoek and Hari Balakrishnan.Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications, In Proc. of the 2001 ACM SIGCOMM Conference, pp. 149-160, 2001.
[119] KARGER, D., LEHMAN, E., LEIGHTON, F., LEVINE, M., LEWIN, D., AND PANIGRAHY, R. Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the World Wide Web. In Proceedings of the 29th Annual ACM Symposium on Theory of Computing (El Paso, TX, May 1997), pp. 654—663.
[120] S. Androutsellis-Theotokis and D. Spinellis. A Survey of Peer-to-Peer File Sharing Technologies, White paper, Electornic Trading Research Unit (ELTRUN), Athens University fo Economics and Business, 2002.
[121] 罗杰文. Peer to Peer 综述, 2006. http://www.intsci.ac.cn/users/luojw/papers/p2p.htm.
[122] Matei Ripeanu et.al. Mapping the Gnutella Network: Properties of Large-Scale Peer-to-Peer Systems and Implications for System Design. IEEE Internet Computing, vol 6(I), pp.50-57, January-February 2002.
[123] Gnutella 协议.http://www9.limewire.com/developer/gnutella_protocol_0.4.pdf.
[124] C. Gkantsidis, et.al,Random Walks in Peer-to-Peer Networks, INFOCOM 2004..
[125] P. Samarati and L. Sweeney. Generalizing data to provide anonymity when disclosing information (abstract). In Proc. of the ACM Symp. on Principles of Database Systems, pp. 188, 1998.
[126] Da-Wei Wang, Churn-Jung Liau, Tsan-sheng Hsu, Jeremy K.-P Chen. Value versus damage of information release: A data privacy perspective. In International Journal of Approximate Reasoning, Vol. 43(2), 2006.
[127] Hartung, F. and Kutter, M, Multimedia Watermarking Techniques. Proc. of the IEEE (USA), Vol. 87(7), pp. 1079-1107, 1999.
[128] Hartung, F., Su, J. K., and Girod, B. Spread Spectrum Watermarking: Malicious Attacks and Counterattacks. In: (eds). SPIE Security and Watermarking of Multimedia Contents, San Jose, CA. p, 1999.
[2] European Union. Directive on Privacy Protection, Oct. 1998.
[3] Office of the Information and Privacy Commissioner, Ontario. Data Mining: Staking a Claim on Your Privacy, January 1998.
[4] Time. The Death of Privacy, August 1997.
[5] DOD(U. S. Department of Defense). Trusted Computer System Evaluation Criteria, DoD 5200, 28-STD, Washington. DC., Dec. 1985.
[6] Oracle. Security Overview 10g Release 1(10.1) Part No. B10777-01, Dec 2003.
[7] NSTC(National Science and Technology and Technology Council). Federal Plan for Cyber Security and Information Assurance Research and Development, April 2006.
[8] Sandhu R S. Rationale for the RBAC96 Family of Access Models. In: Proc. of first ACM Workshop on RBAC, 1996.
[9] DOD(U.S. Department of Defense).Final Report of the Defense Science Board Task Force on The Role and Status of DoD Red Teaming Activities, 2003.
[10] U. S. National Infrastructure Advisory Council(NIAC). The National Strategy to Secure Cyberspace, 2003.
[11] 梁洪亮,孙玉芳.信息安全评价准则研究综述与探讨,计算机科学,Vol.29(9),pp.16-20,2002.
[12] Anderson J P. Computer Security Technology Planning Study Volume Ⅱ, ESD-TR-73-51, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01730, Oct. 1972.
[13] Bell DE, LaPadula LJ. Secure Computer Systems: Mathematical Foundations, ESD-TR-73-278, Vol. 1, AD 770768, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, Massachusetts, Nov. 1973.
[14] Schell, R. R. Security Kernels: A Methodical Design of System Security, in Technical Papers, USE Inc. Spring Conference, pp.245-250, March 1979.
[15] Denning, D. E. Secure Information Flow in Computer Systems, Ph.D. dissertation, Purdue Univ., West Lafayette, Ind., May 1975.
[16] Federal republic of Germany. Criteria for the evaluation of trustworthiness of information technology systems, ISBN 3-88784-200-6, Jan. 1989.
[17] Communication Electronics Security Group. U K systems security confidence levels. United Kingdom, Feb. 1989.
[18] Office for Official Publications of the European Communities. Information Technology Security Evaluation Criteria, Version 1.2. Jun. 1991.
[19] U. S. National security agency. Combined Federal Criteria, 1992.
[20] Common Criteria Project Sponsoring Organizations. Common Criteria for Information Security Evaluation, Version 2.1.ISO/IEC 15408, Aug. 1999.
[21] 中国.计算机信息系统安全保护等级划分准则.GB17859-1999,1999.
[22] Barlow T, Hess A, Seamons KE. Trust negotiation in electronic markets, in: Proc. of 8th Research Symp. in Emerging Electronic Markets. Maastricht, 2001.
[23] Seamons KE, Winslett M, Yu T. Limiting the disclosure of access control policies during automated trust negotiation. In: Network and Distributed System Security Symp. (NDSS 2001). Internet Society Press, 2001.
[24] Seamons KE, Winslett M, Yu T, Yu L, Jarvis R. Protecting privacy during on-line trust negotiation. In: Dingledine R, Syverson PF.eds. Proc. of the 2nd Workshop on Privacy Enhancing Technologies. LNCS 2482, Springer-Verlag, pp. 129-143, 2003.
[25] Smith B, Seamons KE, Jones MD. Responding to policies at runtime in TrustBuilder. In: Proc. of the 5th Int'l Workshop on Policies for Distributed Systems and Networks. Washington: IEEE Computer Society Press, 2004. 149-158.
[26] Winsborough WH, Li NH. Towards practical automated trust negotiation. In: Proc. of the 3rd Int'l Workshop on Policies for Distributed Systems and Networks (POLICY 2002). Washington: IEEE Computer Society Press, 2002. 92-103.
[27] Nejdl W, Olmedilla D, Winslett M. PeerTrust: Automated trust negotiation for peers on the semantic Web. In: Proc. of the Workshop on Secure Data Management in a Connected World(SDM 2004), LNCS 3178, Springer-Verlag, 2004. 118-132.
[28] Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis. The KcyNote trust-management system, version 2. IETF RFC 2704, Sep. 1999.
[29] 韩伟力.分布式环境下的约束访问控制技术研究,浙江大学博士论文,2003.
[30] Xu Feng, Lu Jian. Research and Development of Trust Management in Web Security, Journal of Software, Vol. 13(11): pp. 2057-2064, 2002.(徐锋,吕建。Web安全中的信任管理研究与进展。软件学报,2002,V13(11),2057-2064.)
[31] LIAO Zhen-Song, JTN Hal, LI Chi-Song, ZOU De-Qing. Automated Trust Negotiation and Its Development Trend, Journal of Software, Vol. 17(9), pp. 1933-1948, Sep. 2006.
[32] LI Jian-Xin, HUAI Jin-Peng, LI Xian-Xian. Research on Automated Trust Negotiation, Journal of Software, Vol. 17(1):pp. 124-133, Jan. 2006.
[33] Abdul-Rahman, A., Hailes, S. A distributed trust model. In: Proceedings of the 1997 New Security Paradigms Workshop. Cumbria, UK: ACM Press, pp.48-60, 1998.
[34] Li LX, Chen WM, Huang SL. Realizing mandatory access control in role-based security system. Journal of Software, Vol. 11(10): pp. 1320-1325, 2000.(in Chinese with English abstract)
[35] Saunders G, Hitchens M, Varadharajan V. Role-Based access control and the access control matrix. In: Hitchens M, ed Proc. of the ACM SINGOPS Operating Systems Review, New York: ACM Press, pp.6-20, 2001.
[36] Matt Blaze, Joan Feigenbaum, Martin Strauss. Compliance-checking in the PolicyMaker trust management system. In Proc. of Second International Conference on Financial Cryptography (FC'98), LNCS1465, pp. 254-274, Springer, 1998.
[37] Dwainc Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, Ronald L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, Vol.9(4), pp.285-322, 2001.
[38] Ziqing Mao, Ninghui Li, and William H. Winsborough Distributed Credential Chain Discovery in Trust Management with Parametcrized Roles and Constraints (Short Paper).in International Conference on Information and Communications Security (ICICS), Dec. 2006.
[39] Tuomas Aura. Fast access control decisions from delegation certificate databases. In Proc. of 3rd Australasian Conference on Information Security and Privacy (ACISP'98), LNCS1438, pp.284-295. Springer, 1998.
[40] Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed Credential Chain Discovery in Trust Management. Journal of Computer Security, vol. 11(1), pp. 35-86, Feb. 2003.
[41] Li NH, Winsborough WH, Mitchell JC. Distributed credential chain discovery in trust management. In: Herbert AS, ed. Proc. of the IEEE Symp. on Computing and Communications Security. New York: ACM Press, pp. 156-165, 2001.
[42] Ajmani, S., Clarke, D. E., Moh, C. H., Richman, S.. Conchord: Cooperative sdsi certificate. storage and name resolution. In: LNCS 2429 Peer-to-Peer Systems: First International Workshop, pp. 141-154, 2002.
[43] Business Week. Privacy on the Net, March 2000.
[44] L. Cranor, J. Reagle, and M. Ackerman. Beyond concern: Understanding net users' attitudes about online privacy. Technical Report TR 99.4.3, AT&T Labs Research, April 1999.
[45] A. Westin. E-commerce and privacy: What net users want. Technical report, Louis Harris & Associates, June 1998.
[46] A. Westin. Privacy concerns & consumer choice. Technical report, Louis Harris & Associates, Dec. 1998.
[47] A. Westin. Freebies and privacy: What net users think. Technical report, Opinion Research Corporation, July 1999.
[48] R. Bayardo and R. Agrawal. Data privacy through optimal k-anonymization. In ICDE, pp. 217-228, 2005.
[49] B. C. M. Fung, K. Wang, and P. S. Yu. Top-down specialization for information and privacy preservation. In ICDE, pp.205-216, 2005.
[50] V. Iyengar. Transforming data to satisfy privacy constraints. In SIGKDD, pp. 279-288, 2002.
[51] K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Incognito: Efficient full-domain k-anonymity. In SIGMOD, pp.49-60, 2005.
[52] A. Machanavajjhala, J. Gehrke, and D. Kifer. 1-diversity: Privacy beyond k-anonymity. In ICDE, 2006.
[53] P. Samarati. Protecting respondents' identities in microdata release. TKDE, Vol. 13(6), pp. 1010-1027, 2001.
[54] Sweeney L. K-Anonymity: A model for protecting privacy. Int'l Journal on Uncertainty, Fuzziness and Knowledge-Based Systems, Vol. 10(5), pp.557-570, 2002.
[55] Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, Vol.10(5), pp.571-588, 2002.
[56] K. Wang, P. S. Yu, and S. Chakraborty. Bottom-up generalization: A data mining solution to privacy protection. In ICDM, pp. 249-256, 2004.
[57] Xiaokui Xiao, Yufei Tao. Personalized Privacy Preservation, SIGMOD 2006, Chicago, Illinois, USA, pp.229-240, June 27-29, 2006.
[58] C. C. Aggarwal. On k-anonymity and the curse of dimensionality. In VLDB, pp.901-909, 2005.
[59] C. Yao, X. S. Wang, and S. Jajodia. Checking for k-anonymity violation by views. In VLDB, pp. 910-921, 2005.
[60] S. Zhong, Z. Yang, and R. N. Wright. Privacy-enhancing k-anonymization of customer data. In PODS, pp. 139—147, 2005.
[61] K. Wang, B. C. M. Fung, and P. S. Yu. Handicapping attacker's confidence: An alternative to k-anonymization, Knowledge and Information Systems, Vol. 11(3), pp. 345-368, April 2007.
[62] G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, and A. Zhu. Anonymizing tables. In ICDT, pp.246-255, 2005.
[63] A. Meyerson and R. Williams. On the complexity of optimal k-anonymity. In PODS, pp. 223-228, 2004.
[64] S. Voloshynovskiy, F. Deguillaume, O. Koval and Thierry Pun, Information-theoretic data-hiding: Recent achievements and open problems, International Journal of linage and Graphics, Vol.5(1), pp. 1-31, 2005.
[65] I. J. Cox, M. L. Miller and J. A. Bloom. Digital watermarking, Morgan Kaufmann, 2002.
[66] M D. Swanson, B. Zhu, A. H. Tewfik and L. Boney. Robust Audio Watermarking Using Perceptual Masking. Signal Processing, 1998, 66(3): 337-355.
[67] T. Y. Chung, M. S. Hong, Y. N. Oh, D. H. Shin and S. H, Park. Digital Watermarking for Copyright Protection of MPEG2 Compressed Video. IEEE Transactions on Consumer Electronics, 1998, 44(3): 895-901.
[68] R. Villan, S. Voloshynovskiy, O. Koval, J. E. Vila-Forcen, E. Topak, F. Deguillaume, Y. Rytsar and T. Pun, Text Data-Hiding for Digital and Printed Documents: Theoretical and Practical Considerations, In Proceedings of SPIE-IS&T Electronic Imaging 2006, Security, Steganography, and Watermarking of Multimedia Contents Ⅷ, San Jose, USA, Jan. 2006.
[69] R. Venkatesan, V. Vazirani, and S. Sinha. A graph theoretic approach to software watermarking. In: Proc. of Fourth International Workshop on Information Hiding (IH 2001), pp. 157-168, 2001.
[70] R. Agrawal, and J. Kiernan. Watermarking relational databases. In: Proceedings of the 28th International Conference on Very Large Data Bases (VLDB 2002), pp. 155-166, 2002.
[71] R. Sion, M. Atallah, and S. Prabhakar. Rights protection for relational data. IEEE Transactions On Knowledge And Data Engineering, Vol. 16(6), pp. 1-17, 2004.
[72] Yuei-Lin Chiang,Lu-Ping Chang,Wen-Tai Hsieh, and et al. Natural language watermarking using semantic substitution for chinese text. In: Proc. of Second International Workshop on Digital Watermarking (IWDW 2003), pp. 129-140, 2003.
[73] R. Sion. Proving ownership over categorical data. In: proc. of the IEEE International Conference on Data Engineering, pp. 584-596, 2004.
[74] R. Sion, M. Atallah, S. prabhakar. Resilient rights protection for sensor streams. In: proceedings of the 30th International Conference on Very Large Data Bases, pp. 732-743, 2004.
[75] 成礼智,罗永,徐志宏等,基于带参数整数小波变换可见数字水印.软件学报,Vol.15(2),pp.238-249,2004.
[76] 沃焱,韩国强,张波.一种新的基于特征的图像内容认证方法.计算机学报,28(1):105-112,2005.
[77] 赵东宁,张勇,李德毅.基于云模型的文本数字水印技术.计算机应用,Vol.12(Suppl.),pp.100-102,2003.
[78] 张勇,赵东宁,李德毅.水印关系数据库.解放军理工大学学报(自然科学版),Vol.4(5),pp.1-4,2003.
[79] 张立和,杨义先,钮心忻等.软件水印综述.软件学报,Vol.14(2),pp.268-277,2003.
[80] 李黎,张明敏,潘志庚.一种抗几何变换的图像盲水印算法.浙江大学学报(工学版),Vol.38(2),pp.141-144,2004.
[81] 胡伟曦,潘志庚.虚拟世界自然文化遗产保护关键技术概述.系统仿真学报,Vol.15(3),pp.315-318,2003.
[82] 孙树森,张明敏,李黎等.数字水印技术在数字博物馆中的应用.系统仿真学报,Vol.15(3),pp.347-349,2003.pp.210-219.2000.
[83] 尹康康,潘志庚.VRML景场中的纹理水印.工程图学学报,Vol.21(3),pp.126-132,2000.
[84] A. Tirkel, G. Rankin, R. van Schyndel, and et al. Electronic water mark. In: Proceedings of Digital Image Computing-Techniques and Applications (DICTA 1993), pp.666-672, 1993.
[85] S. Craver, B. Liu, and W. Wolf. An Implementation of, and Attacks on, Zero-Knowledge Watermarking. In: Proceedings of Sixth International Workshop on Information Hiding (IH 2004). pp. 1-12, 2004.
[86] D. Yu, and F. Sattar. A New Blind Watermarking Technique Based on Independent Component Analysis. In: Proc. of First International Workshop on Digital Watermarking (IWDW 2002), pp. 51-63, 2002.
[87] Y. Q. Shi. Reversible Data Hiding. In: Proceedings of Third International Workshop on Digital Watermarking (IWDW 2004), pp. 1-12, 2004.
[88] J. T Brassil, S. Low, and N. F. Maxemchuk. Copyright protection for the electronic distribution of text documents. In: Proc. of IEEE, Vol. 87(7), pp. 1181-1196, 1999.
[89] Young-Won Kim, Kyung-Ae Moon, and Il-Seok Oh. A Text Watermarking Algorithm based on Word Classification and Inter-word Space Statistics. In: Proceedings of Seventh International Conference on Document Analysis and Recognition (ICDAR 2003), pp. 775-779, 2003.
[90] M. J. Atallah, V. Raskin, C. F. Hempelmann, and et al. Natural language watermarking and tamperproofing In: Proc. of Fifth International Workshop on Information Hiding (IH 2002), pp. 196-212, 2002.
[91] C. Collberg, A. Huntwork, E. Carter, and et al. Graph theoretic software watermarks: implementation, analysis, and attacks. In: Proc. of Sixth International Workshop on Information Hiding (IH 2004), pp. 192-207, 2004.
[92] C. Collberg, and C. Thomhorson. Software watermarking: models and dynamic embeddings. In: Proc. of Symposium on Principles of Programming Languages (POPL 1999). pp.311-324, 1999.
[93] J. Nagra, and C. Thomhorson. Threading software watermarks. In: Proc. of Sixth International Workshop on Information Hiding (IH 2004). pp.208-223, 2004.
[94] Lin Yuan, P.R. Pari, and Gang Qu. Soft IP protection: watermarking HDL codes. In: Proc. of Sixth International Workshop on Information Hiding (IH 2004), pp.224-238, 2004.
[95] R. Sion, M. Atallah, and S. Prabhakar. Resilient information hiding for abstract semi-structures. In: Proceedings of Second International Workshop on Digital Watermarking, pp. 141-153, 2003.
[96] M. Atallah, R. Sion and S. Prabhakar. Watermarking non-media content: XML and Databases. Poster presentation at the CERIAS Security Symposium, 2001.
[97] Wilfred Ng and Lau Ho Lam. Effective Approaches for Watermarking XML Data. DASFAA 2005, LNCS 3453, pp.68-80, 2005.
[98] Xuan ZHOU, HweeHwa PANG, Kian-Lee TAN, Dhruv MANGLA. WmXML: A System for Watermarking XML Data, In: Proc. of the 31st VLDB Conference,Trondheim, Norway, 2005.
[99] Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 164-173, May 1996.
[100] Winsborough WH, Seamons KE, Jones VE. Automated trust negotiation. In: Hilton SC, ed. DARPA Information Survivability Conf. and Exposition. New York: IEEE Press, pp.88-102, 2000.
[101] Li NH, Mitchell JC, Winsborough WH. Design of a role-based trust management framework. In: Heather H, ed Proc. of the IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society Press, pp. 114-130, 2002.
[102] Li NH, Mitchell JC. Datalog with constraints; A foundation for trust management languages. In: Veronica D, Philip W, eds. Proc. of the 5th Int'l Symp. on Practical Aspects of Declarative Languages. LNCS 2562, Berlin, Heidelberg: Springer-Verlag, pp.58-73, 2003.
[103] Zhang LH, Ahn GJ, Chu BT A rule-based framework for role-based delegation. In: Sandhu RS, Jaeger T, eds. Proc. of the 6th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, pp. 153-162, 2001.
[104] Zhang XZ, Oh S, Sandhu R. PBDM: A flexible delegation model in RBAC. In: Ferrari E, Ferraiolo D, eds. Proc. of the 8th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, pp. 149-157, 2003.
[105] P. E. Hart, N. J. Nilsson, and B. Raphael. A formal basis for the heuristic determination of minimum cost paths in graphs. IEEE Trans. Syst. Sci. and Cybernetics, SSC-4(2), pp. 100-107, 1968.
[106] Pearl, J. Heuristics: Intelligent Search Strategies for Computer Problem Solving. Addison-Wesley, pp.48, 1984.
[107] Russell, S.J., & Norvig, P. Artificial Intelligence: A Modern Approach. 2nd edition. Pearson Education, Inc, pp. 94-95(note 3), 2003.
[108] R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In. Proc. of the ACM SIGMOD Conference on Management of data, pp. 207-216, 1993.
[109] Duncan J. Watts~* & Steven H Strogatz, Collective dynamics of 'small-world' networks, Nature 393, pp.440-442, 1998.
[110] Jon Kleinberg and Steve Lawrence. The Structure of the Web, SCIENCE, 294(30): 1849-1850, NOV. 2001.
[111] Milgram, S. The small world problem. Psychol. Today 2, pp.60-67, 1967.
[112] Kochen, M. (ed) The Small World (Ablex, Norwood, NJ, 1989).
[113] Guare, J. Six Degrees of Separation: A Play (Vintage Books, New York, 1990).
[114] Jure Leskovec, Jon Kleinberg, Christos Faloutsos. Graphs over Time: Densification Laws, Shrinking Diameters and Possible Explanations, KDD'05,, Chicago, Illinois, USA, Aug. 21-24, 2005.
[115] J. Gehrke, P. Ginsparg, and J. M. Kleinberg. Overview of the 2003 kdd cup. SIGKDD Explorations, Vol.5(2), pp. 149-151, 2003.
[116] B. H. Hall, A. B. Jaffe, and M. Trajtenberg. The nberpatent citation data file: Lessons, insights and methodological tools. NBER Working Papers 8498, National Bureau of Economic Research, Inc, Oct. 2001.
[117] Nikander P, Viljanen L. Storing and retrieving Internet certificates. In: The 3rd Nordic Workshop on Secure IT Systems. Trondheim, pp. 1-13,1998.
[118] Ion Stoica and Robert Morris and David Karger and Frans Kaashoek and Hari Balakrishnan.Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications, In Proc. of the 2001 ACM SIGCOMM Conference, pp. 149-160, 2001.
[119] KARGER, D., LEHMAN, E., LEIGHTON, F., LEVINE, M., LEWIN, D., AND PANIGRAHY, R. Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the World Wide Web. In Proceedings of the 29th Annual ACM Symposium on Theory of Computing (El Paso, TX, May 1997), pp. 654—663.
[120] S. Androutsellis-Theotokis and D. Spinellis. A Survey of Peer-to-Peer File Sharing Technologies, White paper, Electornic Trading Research Unit (ELTRUN), Athens University fo Economics and Business, 2002.
[121] 罗杰文. Peer to Peer 综述, 2006. http://www.intsci.ac.cn/users/luojw/papers/p2p.htm.
[122] Matei Ripeanu et.al. Mapping the Gnutella Network: Properties of Large-Scale Peer-to-Peer Systems and Implications for System Design. IEEE Internet Computing, vol 6(I), pp.50-57, January-February 2002.
[123] Gnutella 协议.http://www9.limewire.com/developer/gnutella_protocol_0.4.pdf.
[124] C. Gkantsidis, et.al,Random Walks in Peer-to-Peer Networks, INFOCOM 2004..
[125] P. Samarati and L. Sweeney. Generalizing data to provide anonymity when disclosing information (abstract). In Proc. of the ACM Symp. on Principles of Database Systems, pp. 188, 1998.
[126] Da-Wei Wang, Churn-Jung Liau, Tsan-sheng Hsu, Jeremy K.-P Chen. Value versus damage of information release: A data privacy perspective. In International Journal of Approximate Reasoning, Vol. 43(2), 2006.
[127] Hartung, F. and Kutter, M, Multimedia Watermarking Techniques. Proc. of the IEEE (USA), Vol. 87(7), pp. 1079-1107, 1999.
[128] Hartung, F., Su, J. K., and Girod, B. Spread Spectrum Watermarking: Malicious Attacks and Counterattacks. In: (eds). SPIE Security and Watermarking of Multimedia Contents, San Jose, CA. p, 1999.