计算机入侵取证关键技术研究
|
摘要
近年来,计算机网络犯罪案件急剧上升,计算机网络犯罪已经成为普遍的国际性问题。而打击计算机网络犯罪的关键是找到充分、可靠、具有法律效力的电子证据。因此,计算机取证(computer forensics)受到了越来越多的关注,并成为计算机网络安全领域的研究热点。本文对计算机入侵取证领域中的几个关键问题进行了深入的研究。
文中首先全面讨论计算机数据作为合法证据的相关法律问题,之后对计算机取证研究的发展现状进行全面综述,并从全新的角度——静态和动态两种不同的视角对计算机取证现状进行分析和归纳。在此基础上,总结了针对入侵前和入侵过程中进行犯罪证据安全转移的动态取证思想。并指出,好的计算机取证方法,应该是实时地安全保护好可能的犯罪证据,并在事发后进行具体的调查取证。
取证信息安全保护理论模型(DT-BLP安全模型)及其实际应用方案的提出,为取证信息安全保护系统的设计与开发提供了理论指导和应用基础,使得在入侵前和入侵过程中进行犯罪证据的安全保护成为可能,极大地减少了入侵者在入侵前和入侵过程中进行其犯罪证据破坏的可能性。
计算机数据的完整性问题一直是计算机犯罪证据鉴定过程中的难点所在,文中所提出的取证信息一致性算法能够成功地对入侵前、入侵中的取证信息完整性进行严格的技术保护。
随着时间的推移,取证系统中所收集的取证信息量将会越积越多,但是,其真正的入侵犯罪证据可能只占极少的比例(尽管比例很小,却是至关重要的),因此,必须对占较大比例的正常信息进行筛选删除,以便长时间保留那些可能的犯罪证据。为此,论文提出了取证信息风险的模糊评价算法,对所有取证信息进行风险评价,并进行选择。
论文最后介绍了融合前述研究成果的软件原型系统——基于主机的动态取证原型系统的设计与实现步骤,阐述了该原型系统在开发流程中的功能需求分析和详细设计方案,并对系统进行性能评价。
Recently, network crime is rising so rapidly, and it has become an international issue. It is a practicable solution to find out enough electronic testimonies with credibility and legitimacy. This is computer forensics. Today, people attach more and more importance to computer forensics. The research for computer forensics has been an important part of computer security.
Computer digital information such as 0 or 1 is easily modified. The weak characteristic results in the difficulty in judging computer testimonies. In this paper the law problems relative to legal computer testimonies are firstly discussed. Then we richly analyze and fully summarize the research productions in the field, according to the two different methods: static way and dynamic way. Based on the analysis and the summarization, a new computer forensics thinking, which should be able to transfer in time the computer crime testimonies to another safety place, is suggested.
Then a safety theory model called DT-BLP safety model is discussed. The application of the model to computer forensics is presented. The application can protect in time the computer testimonies against the hacker’s destroying, especially in the initial stage of the hacker’s intrusion and in the process of the intrusion.
The integrality problem of computer testimonies is a difficult one in identifying computer crime. In this paper, an information integrality algorithm is presented. The algorithm can protect the integrality of computer testimonies against the hacker’s destroying.
The total amount of computer forensics information becomes larger and larger when the computer is running. However, the amount of the crime testimonies reflecting the hacker’s intrusion behavior is little. The most normal information should be removed at proper moment. The crime testimonies should be kept as longer as possible. In the paper, we proposed a fuzzy evaluation algorithm dealing with the information risk about computer forensics information. Then according to the evaluation results, the potential crime information reflecting the hacker’s intrusion behavior is hold.
Finally, we proposed a dynamic computer forensics system based on host computer, and estimate its performance.
文中首先全面讨论计算机数据作为合法证据的相关法律问题,之后对计算机取证研究的发展现状进行全面综述,并从全新的角度——静态和动态两种不同的视角对计算机取证现状进行分析和归纳。在此基础上,总结了针对入侵前和入侵过程中进行犯罪证据安全转移的动态取证思想。并指出,好的计算机取证方法,应该是实时地安全保护好可能的犯罪证据,并在事发后进行具体的调查取证。
取证信息安全保护理论模型(DT-BLP安全模型)及其实际应用方案的提出,为取证信息安全保护系统的设计与开发提供了理论指导和应用基础,使得在入侵前和入侵过程中进行犯罪证据的安全保护成为可能,极大地减少了入侵者在入侵前和入侵过程中进行其犯罪证据破坏的可能性。
计算机数据的完整性问题一直是计算机犯罪证据鉴定过程中的难点所在,文中所提出的取证信息一致性算法能够成功地对入侵前、入侵中的取证信息完整性进行严格的技术保护。
随着时间的推移,取证系统中所收集的取证信息量将会越积越多,但是,其真正的入侵犯罪证据可能只占极少的比例(尽管比例很小,却是至关重要的),因此,必须对占较大比例的正常信息进行筛选删除,以便长时间保留那些可能的犯罪证据。为此,论文提出了取证信息风险的模糊评价算法,对所有取证信息进行风险评价,并进行选择。
论文最后介绍了融合前述研究成果的软件原型系统——基于主机的动态取证原型系统的设计与实现步骤,阐述了该原型系统在开发流程中的功能需求分析和详细设计方案,并对系统进行性能评价。
Recently, network crime is rising so rapidly, and it has become an international issue. It is a practicable solution to find out enough electronic testimonies with credibility and legitimacy. This is computer forensics. Today, people attach more and more importance to computer forensics. The research for computer forensics has been an important part of computer security.
Computer digital information such as 0 or 1 is easily modified. The weak characteristic results in the difficulty in judging computer testimonies. In this paper the law problems relative to legal computer testimonies are firstly discussed. Then we richly analyze and fully summarize the research productions in the field, according to the two different methods: static way and dynamic way. Based on the analysis and the summarization, a new computer forensics thinking, which should be able to transfer in time the computer crime testimonies to another safety place, is suggested.
Then a safety theory model called DT-BLP safety model is discussed. The application of the model to computer forensics is presented. The application can protect in time the computer testimonies against the hacker’s destroying, especially in the initial stage of the hacker’s intrusion and in the process of the intrusion.
The integrality problem of computer testimonies is a difficult one in identifying computer crime. In this paper, an information integrality algorithm is presented. The algorithm can protect the integrality of computer testimonies against the hacker’s destroying.
The total amount of computer forensics information becomes larger and larger when the computer is running. However, the amount of the crime testimonies reflecting the hacker’s intrusion behavior is little. The most normal information should be removed at proper moment. The crime testimonies should be kept as longer as possible. In the paper, we proposed a fuzzy evaluation algorithm dealing with the information risk about computer forensics information. Then according to the evaluation results, the potential crime information reflecting the hacker’s intrusion behavior is hold.
Finally, we proposed a dynamic computer forensics system based on host computer, and estimate its performance.
引文
[1] http://techrepublic.com.com/5100-22_11-5472533.html#.
[2] 张春江,倪健民,国家信息安全报告,2000,http://www.edu.cn/20011011/300 4488.shtml.
[3] A. Culley. Computer forensics past, present and future, Information Security Technical Report, 2003, 8(2): 32-36.
[4] H. Wolfe. Evidence analysis, Computers & Security, 2003, 22(4): 289-291.
[5] Dr. Henry B. Wolfe. Computer forensics, Computers & Security, 2003, 22(1): 26-28.
[6] http://www.rising.com.cn/; http://www.symantec.com/region/cn/; http://www.jia- ngmin.com/; http://www.kingsoft.com/index.shtml.
[7] http://www.symantec.com/region/cn/; http://www.jiangmin.com/; http://sky.ne- t.cn/.
[8] B. Mukherjee, L.T. Heberlein, and K.N. Levitt. Network Intrusion Detection, IEEE Network, 1994, 26-41.
[9] Denning, D. An Intrusion Detection Model, IEEE Iransctions on Software Engineering, 1987, 13(2): 222-232.
[10] 丁丽萍,王永吉,计算机取证相关法律技术问题研究,软件学报,2005, 16(2): 260-275.
[11] 王玲,钱华林,计算机取证技术及其发展趋势,软件学报,2003, 14(9): 1635-1644.
[12] 王军,网络犯罪侦查中证据体系的建立,网络安全技术与应用, 2003, 34(10): 26-28.
[13] 吴猛,计算机犯罪浅析,http://www.law-lib.com/lw/lw_view.asp?no=979.
[14] 张越今,网络安全与计算机犯罪勘查技术学,北京,清华大学出版社,2003.
[15] 杨卫国,电子证据作为刑事证据的若干问题,网络安全技术与应用,2003, 34(10): 29-31.
[16] http://www.nwpu.edu.cn/departments/gach/analysis/analysis.htm.
[17] 蒋平,计算机犯罪问题研究,北京,商务印书馆,2002.
[18] 杨泽明,钱桂琼等,计算机取证技术研究,网络安全技术与应用,2003, 34(10): 32-35.
[19] 许榕生,吴海燕等,计算机取证概述,计算机工程与应用,2001, 21: 7-6.
[20] Sommer, P. Computer forensics, Computer Fraud & Security Bulletin, 1993, 2: 10-15.
[21] Y. Wang, Cannady, J, Rosenbluth, J. Foundations of computer forensics: A technology for the fight against computer crime, Computer Law and Security Report, 2005, 21(2): 119-127.
[22] R. Marcus K, S. Kate. The future of computer forensics: A needs analysis survey, Computers and Security, 2004, 23(1): 12-16.
[23] Patzakis, J.M. Computer forensics-from cottage industry to standard practice, Information Systems Control Journal, 2001, 2: 25-7.
[24] Bradford, P.G. Brown, M, Perdue, J, Self, B. Towards proactive computer-system forensics, 2004. International Conference on Information Technology: Coding and Computing, 2004, 2(2): 648-52.
[25] Barrett, N, Computer forensics: an introduction, Records Management Bulletin, 2004, 121: 9-10.
[26] Thompson, Eric, MD5 collisions and the impact on computer forensics, Digital Investigation, 2005, 2(1): 36-40.
[27] 陈运迪,利用计算机取证打击犯罪,http://www.chinabyte.com/news/109/17 05609_1.shtml.
[28] Dwan, B, Nowhere to hide [computer forensics], Computer Fraud & Security, 2002, 12: 13-15.
[29] Welch, T, Computer crime investigation and computer forensics, Information Systems Security, 1997, 6(2): 56-80.
[30] 梁锦华,蒋建春等,计算机取证技术研究,计算机工程,2002,28(8): 12-14.
[31] Ontrack 公司主页,http://www.ontrack.com/.
[32] KruseII WG, Heiser JG, Computer forensics: Incident Response Essentials. Person Education, Inc. 2002.
[33] Anderson MR, Internet security——Firewalls & encryption: The cyber cop’s perspective. http://www.forensics-intl.com/art1.html.
[34] NTI 公司主页,http://www.forensics-intl.com/.
[35] AccessData 公司主页,http://www.accessdata.com/.
[36] Guidance Software 公司主页,http://www.guidancesoftware.com/.
[37] Oseles L. Computer forensics: The key to solving the crime. 2001. http://facul- ty.ed.umuc.edu/~meinkej/inss690/oseles_2.pdf.
[38] Parra M. Computer forensics. 2002. http://www.giac.org/practical/Moroni_Parra_ GSEC.doc.
[39] Malcolm W. Stevens, Unification of relative time frames for digital forensics, Digital Investigation, 2004, 1: 225-239.
[40] Pal P, Webber F, Schantz R. Survival by defense-enabling. Proceedings of the 2001 Workshop on New Security Paradigms. Sept. 2001.
[41] V. da Silveira Serafim, R.F. Weber, Restraining and repairing file system damage through file integrity control, Computers & Security, 2004, 23, 52-62.
[42] Butler W. Lampson. Dynamic Protection Structures. In Proceedings of the AFIPS, Fall Joint Computer Conference, volume 35, Las Vegas, Nevada, Nov 1969, 27-38.
[43] Butler W Lampson, Requirements and Technology for Computer Security [R]. Computers at Risk. Washington: National Academy Press, 1991, 74-101.
[44] D E Bell, L J LaPadula, Secure Computer System: unified exposition and MULTICS interpretation[R]. Technical Report MTR-2997, re 1, MITRE Corp, Bedford, Masss, March 1976.
[45] K.J.Biba. Integrity considerations for secure computer systems. Technical Report MTR 3153, The Mitre Corporation, April 1977.
[46] D.D.Clark and D.R.Wilson. A Comparison of Commercial and Military Computer Security Policies. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. 1987, 184-194.
[47] R.S.Sandhu, Role-based access control. Advances in Computers, 1998, 46: 237-286.
[48] Zhong Q, Edwards N. Security risk control of COTS-based applications. Technical Report, HPL-97-108, Bristol: HP Laboratories, 1997.
[49] D.Brewer and M.Nash. The Chinese wall security policy. In proceedings of the 1989 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1989, 206-214.
[50] W E Boebert, R Y Kain, A practical alternative to hierarchical integrity policies. Proc 8th DoD/NBS Computer Security Initiative Conference. Guithersburg, MD, September, 1985, 18-27.
[51] R O’ Brien, C Rogers. Developing applications on LOCK, Proc of 14th National Computer Security Conference. Washington, DC, Oct, 1991, 147-156.
[52] D S Wallach, D Balfanz, D Dean, E W Felten. Extensible Security Architectures for Java. Technical Report, Department of Computer Science, Princeton Univer- sity, Apr. 1997.
[53] Sandhu, R. Separation of duties in computerized information systems, Proc of IFTP WG11. 3 Workshops on Database Security. North Holland, 1990, 197-189.
[54] Kenneth M Walker, Daniel F Steme. Confining root programs with domain and type enforcement, Proc of the Sixth USENLX UNIX Security Symposium, San Jose, California, 1996, 21-36.
[55] R. Sandhu, et al. “Role-Based Access Control Models”, IEEE Computer, IEEE Press, 1996, 29(2): 38-47.
[56] T.Y.Lin.Bell and Lapadula Axioms: A “New” Paradigm for an “Old” Model. Paper of the 1992 NSPW Sep 1992, in Proceedings on the 1992-1993 ACM SIGSAC New Security Paradigms Workshop, Little Compton, Rhode Island, USA, Aug 1993, 82-93.
[57] 刘文清,卿斯汉,刘海峰,一个修改 BLP 安全模型的设计及在 SecLinux 上的应用,软件学报,2002,13(4): 567-573.
[58] 杜艳明,陈建勋,基于 PKI 的安全计算基础与应用研究,武汉科技大学学报,2004, 27(4): 419-422.
[59] Verisign, Inc. Managed Public Key Infrastructure [EB/OL]. Http:// www.veri- sign.com, 2003-06.
[60] Butler W. Lampson. A Note on the Confinement Problem. Communications of the ACM, 1973, 16(10): 613-615.
[61] Sommer P. Computer forensics: An introduction. In: Proceedings of the Compsec’92-the 9th World Conference on Computer Security Audit and Control. London: Elsevier Advanced Technology, 1992, 89~96. http://www.virtualeity. co.uk/vcaforens.htm.
[62] He M. New focus on the subject of computer security ——the subject of computer forensics. System Security, 2002, 7: 42-43.
[63] Liang JH, Jiang JC, Dai FY, Qiang SH. Research on technology of computer forensics. Computer Engineering, 2002, 28(8): 12-14.
[64] Merkle, R.C. “Security, Authentication, and Public Key Systems”, UMI Research Press, Ann Arbor Michigan, 1979.
[65] Zhu Hua fei, “Design and Application of Cryptographic Secure Hash Algorithm”, PhD Thesis, Xidian University, 1996.
[66] M. Naor and M. yung, “Universal one-way hash functions and their cryptographic applications”, In proceedings of the Twenty-First Annual ACM Symposium on theory of Computing, Seattle, Washington, ACM, May 15-17, 1989, 33-43.
[67] I. B. Damgard, “Collision free hash functions and public key signature schemes”, In D. Chaum and W. L. Price, editors, Advances in Cryptology - EUCRYPT’87, Proceedings (Lecture Notes inf Computer Science 304), Springer - Verlag, 1988, 203-216.
[68] B. Schneier. One-way hash functions. Dr. Dobb’s Journal, 1991, 16(9): 148-151.
[69] U. S. National Institute of Standards and Technology NIST (Computer Systems Laboratory). Secure hash standard, Federal Information Processing Standards Publication FIPS PUB 180-1. April, 1995. 121-138.
[70] Xuejia Lai and James L. Massey. A proposal for a new block encryption standard. In: I. B. Damgard, editor, Advances in Cryptology - EUROCRYPT’90. Springer - Verlag, May, Volume 473 of Lecture Notes in Computer Science, 1990, 389-404.
[71] Whitfield Diffie, Martin E. Hellman. New directions in cryptography. IEEE Trans. On Information Theory, 1976. IT-22(6): 644-654.
[72] M.E. Hellman, “The Mathematics of Public-Key Crytography”, Scientific American, Aug 1979, 241(8): 146-157.
[73] R. C. Merkle and M. Hellman, “Hiding Information and Signatures in Trapdoor Knapsacks”, IEEE Transactions on Information Theory, Sep 1979, 24(5): 525-530.
[74] W. Diffie, M. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, 1976, 22(6), pp: 644-654.
[75] Rivest, R. L. Shamir, A. and Adleman,, L. M. “A method for obtaining digital signatures and public key Cryptosystems”, Communications of the ACM, Feb. 1978, 21(2): 120-126.
[76] Rivest, R. L. Shamir, A. and Adleman, L. M. “On Digital Signatures and Public Key Cryptosystems”, MIT Laboratory for Computer Science, Technical Report, MIT/LCR/TR-212, Jan 1979.
[77] M. O. Rabin, “Digital signatures and public key functions as intractable as factorization”, MIT/LCS/TR-212, NIT Laboratory for Computer Science, 1979.
[78] Taher EIGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In George Robert Blakley and David Chaum, editors, Advances in Cryptology-CRYPTO’84, Lecture Notes in Computer Science, 1985, 10-18.
[79] Taher EIGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, July 1985, 31(4): 469-472.
[80] N. Koblita, N, Elliptic curve cryptosystems, Mathematics of Computation, 1987, 48(177), 203-209.
[81] W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication and Authenticated Key Exchanges,” Designs, codes and Cfryptography, v. 1, 1992, 107-125.
[82] ISO/IEC 9796, Information technology - security techniques - Digital signature scheme giving message recovery. International Organization for Standardization, Geneva, Switzerland, (first edition), 1991.
[83] National Institute of Standards and Technology, NIST FIPS PUB 186, “Digital Signature Standard,” U.S. Department of Commerce, May 1994. http://www.itl.n- ist.gov/fipspubs/fip186.htm.
[84] Claus P. Schnorr. Efficient identification and signatures for smart cards, In Gilles Brassard, editor, Advances in Cryptology - CRYPTO’ 89, Lecture Notes in Computer Science, 1990, 239-252.
[85] Claus P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 1991, 4(3): 161-174.
[86] [美]David J. Kruglinski 著,潘爱民,王国印译,Visual C++技术内幕(第四版),清华大学出版社,1999.
[87] 候俊杰,深入浅出 MFC(第二版),华中科技大学出版社,1998.
[88] Atul Kahate, Cryptography and network security, 清华大学出版社,2005.
[89] Carl Pomerance, Cryptology and computational number theory, American Mathematical Society, 1990.
[90] Dittrich D., Basic steps in forensic analysis of Unix systems, 2000. http://sta- ff.washington.edu/dittrich/misc/forensics/.
[91] United States General Accounting Office, Accounting and Information Management Division, Information Security Risk, Assessment [Z], Augest 1999.
[92] National Institute of Standards and Technology, Special Publications 800-30, Risk Management Guide (DRAFT)[Z], June 2001.
[93] ISO/IEC 17799, http://www.iso17799-web.com/.
[94] ISO/IEC 13335, http://www.csoonline.com/opinion/comments/295.html.
[95] 冯登国,张阳,张玉清, 信息安全风险评估综述, 通信学报, 2004, 25(7): 10-18.
[96] Zadeh L A., Fuzzy Sets, Information Control, 1965, 8, 338-353.
[97] 李士勇,模糊控制? 神经控制和智能控制论, 哈尔滨工业大学出版社, 1996, 42-43.
[98] 綦朝晖,Internet 中关于模糊拥塞控制算法的研究,硕士学位论文,天津大学,2003.
[99] 章卫国,杨向忠,模糊控制理论与应用,西北工业大学出版社,1999, 7-42.
[100]刘锡荟,王海燕,网络模糊随机分析 — 原理、方法与程序,电子工业出版社,1991,78-79.
[101]Culley, A., Computer forensics: Past, present and future, Information Security Technical Report, 2003, 8(2): 32-36.
[102]Civie, V., Civie, R., Future technologies from trends in computer forensic science, 1998 IEEE Information Technology Conference, Information Environ- ment for the Future (Cat. No. 98EX228), 1998, 105-108.
[2] 张春江,倪健民,国家信息安全报告,2000,http://www.edu.cn/20011011/300 4488.shtml.
[3] A. Culley. Computer forensics past, present and future, Information Security Technical Report, 2003, 8(2): 32-36.
[4] H. Wolfe. Evidence analysis, Computers & Security, 2003, 22(4): 289-291.
[5] Dr. Henry B. Wolfe. Computer forensics, Computers & Security, 2003, 22(1): 26-28.
[6] http://www.rising.com.cn/; http://www.symantec.com/region/cn/; http://www.jia- ngmin.com/; http://www.kingsoft.com/index.shtml.
[7] http://www.symantec.com/region/cn/; http://www.jiangmin.com/; http://sky.ne- t.cn/.
[8] B. Mukherjee, L.T. Heberlein, and K.N. Levitt. Network Intrusion Detection, IEEE Network, 1994, 26-41.
[9] Denning, D. An Intrusion Detection Model, IEEE Iransctions on Software Engineering, 1987, 13(2): 222-232.
[10] 丁丽萍,王永吉,计算机取证相关法律技术问题研究,软件学报,2005, 16(2): 260-275.
[11] 王玲,钱华林,计算机取证技术及其发展趋势,软件学报,2003, 14(9): 1635-1644.
[12] 王军,网络犯罪侦查中证据体系的建立,网络安全技术与应用, 2003, 34(10): 26-28.
[13] 吴猛,计算机犯罪浅析,http://www.law-lib.com/lw/lw_view.asp?no=979.
[14] 张越今,网络安全与计算机犯罪勘查技术学,北京,清华大学出版社,2003.
[15] 杨卫国,电子证据作为刑事证据的若干问题,网络安全技术与应用,2003, 34(10): 29-31.
[16] http://www.nwpu.edu.cn/departments/gach/analysis/analysis.htm.
[17] 蒋平,计算机犯罪问题研究,北京,商务印书馆,2002.
[18] 杨泽明,钱桂琼等,计算机取证技术研究,网络安全技术与应用,2003, 34(10): 32-35.
[19] 许榕生,吴海燕等,计算机取证概述,计算机工程与应用,2001, 21: 7-6.
[20] Sommer, P. Computer forensics, Computer Fraud & Security Bulletin, 1993, 2: 10-15.
[21] Y. Wang, Cannady, J, Rosenbluth, J. Foundations of computer forensics: A technology for the fight against computer crime, Computer Law and Security Report, 2005, 21(2): 119-127.
[22] R. Marcus K, S. Kate. The future of computer forensics: A needs analysis survey, Computers and Security, 2004, 23(1): 12-16.
[23] Patzakis, J.M. Computer forensics-from cottage industry to standard practice, Information Systems Control Journal, 2001, 2: 25-7.
[24] Bradford, P.G. Brown, M, Perdue, J, Self, B. Towards proactive computer-system forensics, 2004. International Conference on Information Technology: Coding and Computing, 2004, 2(2): 648-52.
[25] Barrett, N, Computer forensics: an introduction, Records Management Bulletin, 2004, 121: 9-10.
[26] Thompson, Eric, MD5 collisions and the impact on computer forensics, Digital Investigation, 2005, 2(1): 36-40.
[27] 陈运迪,利用计算机取证打击犯罪,http://www.chinabyte.com/news/109/17 05609_1.shtml.
[28] Dwan, B, Nowhere to hide [computer forensics], Computer Fraud & Security, 2002, 12: 13-15.
[29] Welch, T, Computer crime investigation and computer forensics, Information Systems Security, 1997, 6(2): 56-80.
[30] 梁锦华,蒋建春等,计算机取证技术研究,计算机工程,2002,28(8): 12-14.
[31] Ontrack 公司主页,http://www.ontrack.com/.
[32] KruseII WG, Heiser JG, Computer forensics: Incident Response Essentials. Person Education, Inc. 2002.
[33] Anderson MR, Internet security——Firewalls & encryption: The cyber cop’s perspective. http://www.forensics-intl.com/art1.html.
[34] NTI 公司主页,http://www.forensics-intl.com/.
[35] AccessData 公司主页,http://www.accessdata.com/.
[36] Guidance Software 公司主页,http://www.guidancesoftware.com/.
[37] Oseles L. Computer forensics: The key to solving the crime. 2001. http://facul- ty.ed.umuc.edu/~meinkej/inss690/oseles_2.pdf.
[38] Parra M. Computer forensics. 2002. http://www.giac.org/practical/Moroni_Parra_ GSEC.doc.
[39] Malcolm W. Stevens, Unification of relative time frames for digital forensics, Digital Investigation, 2004, 1: 225-239.
[40] Pal P, Webber F, Schantz R. Survival by defense-enabling. Proceedings of the 2001 Workshop on New Security Paradigms. Sept. 2001.
[41] V. da Silveira Serafim, R.F. Weber, Restraining and repairing file system damage through file integrity control, Computers & Security, 2004, 23, 52-62.
[42] Butler W. Lampson. Dynamic Protection Structures. In Proceedings of the AFIPS, Fall Joint Computer Conference, volume 35, Las Vegas, Nevada, Nov 1969, 27-38.
[43] Butler W Lampson, Requirements and Technology for Computer Security [R]. Computers at Risk. Washington: National Academy Press, 1991, 74-101.
[44] D E Bell, L J LaPadula, Secure Computer System: unified exposition and MULTICS interpretation[R]. Technical Report MTR-2997, re 1, MITRE Corp, Bedford, Masss, March 1976.
[45] K.J.Biba. Integrity considerations for secure computer systems. Technical Report MTR 3153, The Mitre Corporation, April 1977.
[46] D.D.Clark and D.R.Wilson. A Comparison of Commercial and Military Computer Security Policies. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. 1987, 184-194.
[47] R.S.Sandhu, Role-based access control. Advances in Computers, 1998, 46: 237-286.
[48] Zhong Q, Edwards N. Security risk control of COTS-based applications. Technical Report, HPL-97-108, Bristol: HP Laboratories, 1997.
[49] D.Brewer and M.Nash. The Chinese wall security policy. In proceedings of the 1989 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1989, 206-214.
[50] W E Boebert, R Y Kain, A practical alternative to hierarchical integrity policies. Proc 8th DoD/NBS Computer Security Initiative Conference. Guithersburg, MD, September, 1985, 18-27.
[51] R O’ Brien, C Rogers. Developing applications on LOCK, Proc of 14th National Computer Security Conference. Washington, DC, Oct, 1991, 147-156.
[52] D S Wallach, D Balfanz, D Dean, E W Felten. Extensible Security Architectures for Java. Technical Report, Department of Computer Science, Princeton Univer- sity, Apr. 1997.
[53] Sandhu, R. Separation of duties in computerized information systems, Proc of IFTP WG11. 3 Workshops on Database Security. North Holland, 1990, 197-189.
[54] Kenneth M Walker, Daniel F Steme. Confining root programs with domain and type enforcement, Proc of the Sixth USENLX UNIX Security Symposium, San Jose, California, 1996, 21-36.
[55] R. Sandhu, et al. “Role-Based Access Control Models”, IEEE Computer, IEEE Press, 1996, 29(2): 38-47.
[56] T.Y.Lin.Bell and Lapadula Axioms: A “New” Paradigm for an “Old” Model. Paper of the 1992 NSPW Sep 1992, in Proceedings on the 1992-1993 ACM SIGSAC New Security Paradigms Workshop, Little Compton, Rhode Island, USA, Aug 1993, 82-93.
[57] 刘文清,卿斯汉,刘海峰,一个修改 BLP 安全模型的设计及在 SecLinux 上的应用,软件学报,2002,13(4): 567-573.
[58] 杜艳明,陈建勋,基于 PKI 的安全计算基础与应用研究,武汉科技大学学报,2004, 27(4): 419-422.
[59] Verisign, Inc. Managed Public Key Infrastructure [EB/OL]. Http:// www.veri- sign.com, 2003-06.
[60] Butler W. Lampson. A Note on the Confinement Problem. Communications of the ACM, 1973, 16(10): 613-615.
[61] Sommer P. Computer forensics: An introduction. In: Proceedings of the Compsec’92-the 9th World Conference on Computer Security Audit and Control. London: Elsevier Advanced Technology, 1992, 89~96. http://www.virtualeity. co.uk/vcaforens.htm.
[62] He M. New focus on the subject of computer security ——the subject of computer forensics. System Security, 2002, 7: 42-43.
[63] Liang JH, Jiang JC, Dai FY, Qiang SH. Research on technology of computer forensics. Computer Engineering, 2002, 28(8): 12-14.
[64] Merkle, R.C. “Security, Authentication, and Public Key Systems”, UMI Research Press, Ann Arbor Michigan, 1979.
[65] Zhu Hua fei, “Design and Application of Cryptographic Secure Hash Algorithm”, PhD Thesis, Xidian University, 1996.
[66] M. Naor and M. yung, “Universal one-way hash functions and their cryptographic applications”, In proceedings of the Twenty-First Annual ACM Symposium on theory of Computing, Seattle, Washington, ACM, May 15-17, 1989, 33-43.
[67] I. B. Damgard, “Collision free hash functions and public key signature schemes”, In D. Chaum and W. L. Price, editors, Advances in Cryptology - EUCRYPT’87, Proceedings (Lecture Notes inf Computer Science 304), Springer - Verlag, 1988, 203-216.
[68] B. Schneier. One-way hash functions. Dr. Dobb’s Journal, 1991, 16(9): 148-151.
[69] U. S. National Institute of Standards and Technology NIST (Computer Systems Laboratory). Secure hash standard, Federal Information Processing Standards Publication FIPS PUB 180-1. April, 1995. 121-138.
[70] Xuejia Lai and James L. Massey. A proposal for a new block encryption standard. In: I. B. Damgard, editor, Advances in Cryptology - EUROCRYPT’90. Springer - Verlag, May, Volume 473 of Lecture Notes in Computer Science, 1990, 389-404.
[71] Whitfield Diffie, Martin E. Hellman. New directions in cryptography. IEEE Trans. On Information Theory, 1976. IT-22(6): 644-654.
[72] M.E. Hellman, “The Mathematics of Public-Key Crytography”, Scientific American, Aug 1979, 241(8): 146-157.
[73] R. C. Merkle and M. Hellman, “Hiding Information and Signatures in Trapdoor Knapsacks”, IEEE Transactions on Information Theory, Sep 1979, 24(5): 525-530.
[74] W. Diffie, M. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, 1976, 22(6), pp: 644-654.
[75] Rivest, R. L. Shamir, A. and Adleman,, L. M. “A method for obtaining digital signatures and public key Cryptosystems”, Communications of the ACM, Feb. 1978, 21(2): 120-126.
[76] Rivest, R. L. Shamir, A. and Adleman, L. M. “On Digital Signatures and Public Key Cryptosystems”, MIT Laboratory for Computer Science, Technical Report, MIT/LCR/TR-212, Jan 1979.
[77] M. O. Rabin, “Digital signatures and public key functions as intractable as factorization”, MIT/LCS/TR-212, NIT Laboratory for Computer Science, 1979.
[78] Taher EIGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In George Robert Blakley and David Chaum, editors, Advances in Cryptology-CRYPTO’84, Lecture Notes in Computer Science, 1985, 10-18.
[79] Taher EIGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, July 1985, 31(4): 469-472.
[80] N. Koblita, N, Elliptic curve cryptosystems, Mathematics of Computation, 1987, 48(177), 203-209.
[81] W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication and Authenticated Key Exchanges,” Designs, codes and Cfryptography, v. 1, 1992, 107-125.
[82] ISO/IEC 9796, Information technology - security techniques - Digital signature scheme giving message recovery. International Organization for Standardization, Geneva, Switzerland, (first edition), 1991.
[83] National Institute of Standards and Technology, NIST FIPS PUB 186, “Digital Signature Standard,” U.S. Department of Commerce, May 1994. http://www.itl.n- ist.gov/fipspubs/fip186.htm.
[84] Claus P. Schnorr. Efficient identification and signatures for smart cards, In Gilles Brassard, editor, Advances in Cryptology - CRYPTO’ 89, Lecture Notes in Computer Science, 1990, 239-252.
[85] Claus P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 1991, 4(3): 161-174.
[86] [美]David J. Kruglinski 著,潘爱民,王国印译,Visual C++技术内幕(第四版),清华大学出版社,1999.
[87] 候俊杰,深入浅出 MFC(第二版),华中科技大学出版社,1998.
[88] Atul Kahate, Cryptography and network security, 清华大学出版社,2005.
[89] Carl Pomerance, Cryptology and computational number theory, American Mathematical Society, 1990.
[90] Dittrich D., Basic steps in forensic analysis of Unix systems, 2000. http://sta- ff.washington.edu/dittrich/misc/forensics/.
[91] United States General Accounting Office, Accounting and Information Management Division, Information Security Risk, Assessment [Z], Augest 1999.
[92] National Institute of Standards and Technology, Special Publications 800-30, Risk Management Guide (DRAFT)[Z], June 2001.
[93] ISO/IEC 17799, http://www.iso17799-web.com/.
[94] ISO/IEC 13335, http://www.csoonline.com/opinion/comments/295.html.
[95] 冯登国,张阳,张玉清, 信息安全风险评估综述, 通信学报, 2004, 25(7): 10-18.
[96] Zadeh L A., Fuzzy Sets, Information Control, 1965, 8, 338-353.
[97] 李士勇,模糊控制? 神经控制和智能控制论, 哈尔滨工业大学出版社, 1996, 42-43.
[98] 綦朝晖,Internet 中关于模糊拥塞控制算法的研究,硕士学位论文,天津大学,2003.
[99] 章卫国,杨向忠,模糊控制理论与应用,西北工业大学出版社,1999, 7-42.
[100]刘锡荟,王海燕,网络模糊随机分析 — 原理、方法与程序,电子工业出版社,1991,78-79.
[101]Culley, A., Computer forensics: Past, present and future, Information Security Technical Report, 2003, 8(2): 32-36.
[102]Civie, V., Civie, R., Future technologies from trends in computer forensic science, 1998 IEEE Information Technology Conference, Information Environ- ment for the Future (Cat. No. 98EX228), 1998, 105-108.