《电子商务英语06案例库英语 07 unit 7》由会员分享,可在线阅读,更多相关《电子商务英语06案例库英语 07 unit 7(8页珍藏版)》请在金锄头文库上搜索。
1、Analysis one:When a mobile agent migrates between hosts through communication subsystem , it is executed as a thread created by circum environment. Hosts need to authorize mobile agents for reading and writing , so mobile agent system must be protected from dangers from four following occasions :att
2、acks of a host to an agent ;attacks of an agent to a host ;attacks between agents ;attacks of viruses to agents and their hosts .At the same time , the private key s of the hosts or mobile agents are often used to sign the order.To prevent the attacks and protect private information of mobile agents
3、, a new scheduler based on PKI . The private key of PKI is created dynamically by CA(certificate authority) before signing an order and it is used only once. And also the key is transferred in a series encoded ways through communication net. So any device cannot get the private information of the mo
4、bile agent by its public key published by CA.Question:What do you know about PKI?please check the literature and talk about your understanding of it .Answer:PKI (public key infrastructure) affords a set security rules for e-commerce and integrates the user identity with the public key. Before integr
5、ation a credible organization CA check on user identification and then signs on the digital certification which is the integration of the public key and users identification.In the structure PKI system is the foundation of e-commerce security and has been developed in java and JAAS technology is als
6、o used to authenticate identities of mobile agents and hosts. Under the protection Agents only migrate between the credible hosts which can protect the security of agents, and hosts can be protected from attacks of the hostile agents by authentication for agents and Java sandbox and safe code interp
7、retation. Figure 1show s an e-commerce system of mobile agents based on the security structure.Fig. 1 An e-commerce system of mobile agents based on PKIIts execution process : Buying agent and selling agent register themselves respectively with CA and then get corresponding digital certification and
8、 the other side public key by net communication from LDAP (lightweight directory access protocol).Buying agent and first selling agent authenticate each other by digital encryption. And then buying agent migrates the selling host in which selling agent is. After the buying agent has collected inform
9、ation or completed buying task , it returns buying host.If the buying agent needs more information , it repeatedly does step till all the tasks have been implemented.During the migration of mobile agents, hosts can authenticate Agents powers for using resources by the certifications and protect atta
10、cks from hostile hosts.Analysis two:Security centerCNSMS is proposed in Ref. and operated in the security center. As NetSecu nodes can manage security problems in a sub-domain and provide P2P communication interfaces, CNSMS orchestrates the communication between these nodes. More specifically,CNSMS
11、will achieve the following objectives:(1) Security policy collaborative dissemination and enforcement,(2) Security ruleset dissemination, enforcement, and update,(3) Security event collaborative notification,(4) Trust infrastructure,(5) Scalability.Another key function in the security center is the
12、forensic analysis of the collected traffic and network security events. We used cloud computing in the security center to store a large volume of traffic data ofdifferent origins and conducted data analysis to generate new security rule sets as shown step 6 .To further inform the UTM how to defeat n
13、ew attacks, such as a botnet, we must investigate the traffic in depth, acquire the communication graph of the botnet, and generate security rules for enforcement in the UTM to suppress the communication between botsand bot-master.This makes it possible to resist a DDoS attack launched by a botnet.
14、As we equipped the NetSecu node with open source application protocol identification and bandwidth management technology, the security center could instruct the system to be a collaborative distributed traffic management system, which detects and manages the traffic collaboratively after the analysi
15、s of collected traffic in the security center. It could effectively improve the identification ratio of unknown botnet protocols and throttle the DDoS traffic.Question:Please combine your understanding ,analyze the Cloud-Based Forensic situation in Security Center.Answer:1 Cloud storage and computin
16、g platformWe focus on traffic data storage and forensic analysis. The underground cloud storage and computing platform is based on Hadoop and Eucalyptus cloud computing. We also give some analysis of the use of cloud computing platforms based on Eucalyptus and Amazon EC2 respectively. Cloud storage with HadoopThe Hadoop file system with version 1.0.1 is used for the cloud storage system of collected traffic. The mast
