—————————————————————————————-
Call for Papers for the Third IEEE International Symposium
on Trust, Security and Privacy for Emerging Applications (TSP-10)

Organizer: Trusted Computing Institute, Central South University, China
Bradford, UK, 29 June-1 July, 2010
http://trust.csu.edu.cn/conference/tsp2010
To be held in conjunction with
The 10th IEEE International Conference on Computer and Information Technology (CIT 2010)
http://www.scim.brad.ac.uk/~ylwu/CIT2010/

Introduction
Satisfying user requirements for trust, security and privacy in an efficient way is one
of the first considerations for almost all emerging applications, using emerging technologies
such as pervasive computing, peer to peer computing, grid computing, cloud computing,
virtualization and, mobile and wireless technologies. Challenges arise as emerging applications
evolve to provide more scalable and comprehensive services. One of the biggest challenges is
that traditional security technologies and measures may not meet user requirements in open,
dynamic, heterogeneous, and distributed computing environments. Therefore, we need to build
networks and systems in which emerging applications allow users to enjoy more scalable and
comprehensive services while preserving trust, security and privacy at the same time.

Following the success of TSP 2008 in Shanghai, China during December 17-20, 2008, and TSP-09
in Macau SAR, China, during October 12-14, 2009, “The Third IEEE International Symposium on
Trust, Security and Privacy for Emerging Applications (TSP-10)” will be held in Bradford, UK,
during June 29-July 1, 2010, in conjunction with “The 10th IEEE International Conference on
Computer and Information Technology (CIT 2010)”, aims at bringing together researchers and
practitioners in the world working on trust, security, privacy, and related issues such as
technical, social, and cultural implications for all emerging devices, services, applications,
networks, and systems, and providing a forum for them to present and discuss emerging ideas
and trends in this highly challenging research area.

Scope and Interests
TSP-10 is an international forum for presenting and discussing emerging ideas and trends in
trust, security and privacy for emerging applications from both the research community as
well as the industry. Topics of interest include, but are not limited to:
(1) TSP metrics, architectures, and models
(2) TSP in pervasive computing
(3) TSP in peer to peer computing
(4) TSP in grid computing
(5) TSP in cloud computing
(6) TSP in mobile and wireless communications
(7) TSP in cyber-physical systems
(8) TSP in parallel and distributed systems
(9) TSP in e-commerce and e-government systems
(10) TSP in hardware and software co-design
(11) TSP in operating systems
(12) TSP in database systems
(13) TSP in virtualization technologies
(14) Privacy and anonymity technologies
(15) Risk analysis and management
(16) Reliability, dependability, and fault tolerance
(17) Network attacks and defenses
(18) Cryptography and security protocols
(19) Authentication, access control, and accounting
(20) Miscellaneous TSP issues

Submission and Publication Information
The accepted papers from this symposium will be published by IEEE Computer Society in IEEE
CIT-10 proceedings (indexed by EI Compendex and ISTP). Papers should be written in English
conforming to the IEEE standard conference format (8.5″ x 11″, Two-Column). Papers should be
submitted through the paper submission system at the symposium website. Each paper is limited
to 6 pages (or 8 pages with over length charge). Distinguished papers, after further revisions,
will be published in a special issue of “Concurrency and Computation: Practice and Experience”
(Wiley) to be indexed by both SCI and EI. The program committee will select two winners for
the Best Paper Awards for this symposium. Authors (at least one) of any accepted paper are
requested to register at the conference.

—
*Past Special Issues: Based on the papers published in TSP-2008 proceedings, we have successfully
applied for a Special Issue in “IEICE Transactions on Information and Systems” (indexed by SCI
and EI). Based on the papers published in TSP-2009 proceedings, we also have successfully
applied for a Special Issue in “The Journal of Supercomputing” (Springer, indexed by SCI and EI).

**Prof. Weijia Jia from City University of Hong Kong will offer a keynote speech entitled
“Cross-Network Security for Interactive Multimedia Applications”.

***Two Best Paper Awards will be financially supported by IEEE Technical Committee on Distributed
Processing (Pending).
—

Important Dates
(1) Submission Deadline: 15 March, 2010 (Firm Deadline)
(2) Authors Notification: 15 April, 2010
(3) Final Manuscript Due: 30 April, 2010
(4) Registration Due: 5 May, 2010
(5) Conference Dates: 29 June - 1 July, 2010

General Co-Chairs
Ivan Stojmenovic, University of Ottawa, Canada
Kun Yang, University of Essex, UK

Program Co-Chairs
Peter Mueller, IBM Zurich Research Laboratory, Switzerland
Zonghua Zhang, NICT, Japan

Program Committee (in alphabetical order)
http://trust.csu.edu.cn/conference/tsp2010/

Steering Committee
Guojun Wang, Central South University, China (Chair)
Laurence T. Yang, St. Francis Xavier University, Canada (Chair)
Bhavani Thuraisingham, The University of Texas at Dallas, USA
Indrakshi Ray, Colorado State University, USA
Jianhua Ma, Hosei University, Japan
Jiannong Cao, The Hong Kong Polytechnic University, Hong Kong
Jie Li, University of Tsukuba, Japan
Jie Wu, Temple University, USA
Minyi Guo, Shanghai Jiao Tong University, China
Wanlei Zhou, Deakin University, Australia

Publicity Co-Chairs
Gregorio Martinez, University of Murcia (UMU), Spain
Raphael C.-W. Phan, Loughborough University, UK
Stefanos Gritzalis, University of the Aegean, Greece
Sudip Chakraborty, Valdosta State University, USA
Weigang Wu, Sun Yat-Sen University, China
Xu Li, University of Ottawa, Canada

Secretariat
Qin Liu, Central South University, China

Contact
Please email inquiries concerning TSP-10 to: Prof. Guojun Wang
Email csgjwang AT gmail DOT com
Homepage http://trust.csu.edu.cn/faculty/~csgjwang/
—————————————————————————————-

To unsubscribe from cistc mailing list send a blank email message to cistc-remove@comsoc.org. You can also request removal by mail. Please send a note with your email address and the list name (cistc@comsoc.org) to ComSoc List Removal - IT 3 Park Avenue, 17th Floor New York, NY 10016 USA

看看外国人是怎么看中国的。Economist是在全世界很有影响的一份杂志（http://www.economist.com）。 最近看到其中一篇文章讲日本新首相上台后中日韩关系的一篇文章 history war（http://www.economist.com/world/asia/displaystory.cfm?story_id=14660487）。最后一段是这样写的：

官方版本的历史容易偏离历史而不是接近历史。你只需看看去年北京奥运和本月中国的国庆节，看看在那些极度奢华的盛典上所展示的中国历史就知道了。共产党统治的六十年中，前三十年（痛苦的记忆）被一笔抹掉了。正如艺术大师和历史学家Simon Schama所说，历史应该是用来自我批评的，而不是用来沾沾自喜的。无论是在专制的中国，还是在民主的韩国和日本，历史离这个目的还相距甚远。

So official versions of history tend to veer away from the truth, not towards it. You only have to look at the Chinese history on display at the extravaganzas for last year’s Beijing Olympics or this month’s National Day celebrations. The first (traumatic) 30 years of the Communist Party’s 60-year rule were airbrushed out. History, as Simon Schama, a master of the craft, says, should be the instrument of self-criticism, not self-congratulation. Not just in dictatorial China, but also in democratic South Korea and Japan, history still has far to go if it is to serve that aim.

http://www.pcmag.com/article2/0,2817,2102852,00.asp

Just in case you missed it, the web now has version numbers. Nearly three years ago, amid continued hand-wringing over the dot-com crash, a man named Dale Dougherty dreamed up something called Web 2.0, and the idea soon took on a life of its own. In the beginning, it was little more than a rallying cry, a belief that the Internet would rise again. But as Dougherty’s Silicon Valley start-ups—and blogs are already abuzz with talk of the Web’s next generation.

To many, Web 3.0 is something called the Semantic Web, a term coined by Tim Berners-Lee, the man who invented the (first) World Wide Web. In essence, the Semantic Web is a place where machines can read Web pages much as we humans read them, a place where search engines and software agents can better troll the Net and find what we’re looking for. “It’s a set of standards that turns the Web into one big database,” says Nova Spivack, CEO of Radar Networks, one of the leading voices of this new-age Internet.

But some are skeptical about whether the Semantic Web—or at least, Berners-Lee’s view of it—will actually take hold. They point to other technologies capable of reinventing the online world as we know it, from 3D virtual worlds to Web-connected bathroom mirrors. Web 3.0 could mean many things, and for Netheads, every single one is a breathtaking proposition. — Tim, Lucy, and The Semantic Web

Web 3.0

Tim, Lucy, and The Semantic Web
The Semantic Web isn’t a new idea. This notion of a Web where machines can better read, understand, and process all that data floating through cyberspace—a concept many refer to as Web 3.0—first entered the public consciousness in 2001, when a story appeared in Scientific American. Coauthored by Berners-Lee, the article describes a world in which software “agents” perform Web-based tasks we often struggle to complete on our own.

The article begins with an imaginary girl named Lucy, whose mother has just been told by her doctor that she needs to see a specialist. “At the doctor’s office, Lucy instructed her Semantic Web agent through her handheld Web browser,” we read. “The agent promptly retrieved information about Mom’s prescribed treatment from the doctor’s agent, looked up several lists of providers, and checked for the ones in-plan for Mom’s insurance within a 20-mile radius of her home and with a rating of excellent on trusted rating services.”

That’s quite a mouthful, but it only begins to describe Berners-Lee’s vision of a future Web. Lucy’s Semantic Web agent can also check potential appointment times against her mother’s busy schedule, reschedule other appointments if need be, and more—all on its own, without help from Lucy. And Lucy is just one example. A Semantic Web agent could be programmed to do almost anything, from automatically booking your next vacation to researching a term paper.

How will this actually work? In Berners-Lee’s view, it involves a reannotation of the Web, adding all sorts of machine-readable metadata to the human-readable Web pages we use today (see “Questions of Semantics,” opposite). Six years after the Scientific American article, official standards describing this metadata are in place—including the Recourse Description Framework (RDF) and the Web Ontology Language (OWL)—and they’re already trickling into real-world sites, services, and other tools. -Semantic Web metadata underpins Yahoo!’s new food site. Spivack’s Radar Networks is building a kind of Semantic Web portal. A development platform, Jena, is in the works at HP. And you’ll find Semantic Web structures in Oracle’s Spatial database tool.

The problem is that a complete reannotation of the Web is a massive undertaking. “The Semantic Web is a good-news, bad-news thing,” says R. David Lankes, an associate professor at Syracuse University’s School of Information Studies. “You get the ability to do all these very complex queries, but it takes a tremendous amount of time and metadata to make that happen.” — next: The Other Semantic Web

Web 3.0

The Other Semantic Web
As a consequence, many researchers take a very different approach to the Semantic Web. Rather than calling for an overhaul of Web formats, which would involve hundreds of thousands of independent sites, they’re building agents that can better understand Web pages as they exist today. They’re not making the pages easier to read, they’re making the software agents smarter.

One early example is the BlueOrganizer from AdaptiveBlue (www.adaptiveblue.com). In certain situations, when you visit a Web page, this browser plug-in can understand what the page is about, automatically retrieving related information from other sites and services. If you visit a movie blog, for instance, and read about a particular film, it immediately links to sites where you can buy or rent that film. “It’s what you might call a top-down approach,” says Alex Iskold, the company’s CEO. “Web pages already contain semantic data. We can understand them, so why shouldn’t computers? Why not build a technology that can parse and process existing services and databases?”

Of course, that’s easier said than done. Countless companies offer tools similar to BlueOrganizer—including Claria’s PersonalWeb—but these aren’t that different from the old Amazon.com “recommendation engine,” which suggests new products based on your surfing and buying habits. We’re a long way from agents that can think on their own. In the near term, the Semantic Web may require the sort of metadata Berners-Lee proposes. “Automated agents are worth striving for,” says Pattie Maes, an MIT Media Lab veteran who founded the Lab’s Software Agents Group. “But it’s hard to say what’s better—tags built into Web pages or tags that are, in a sense, inferred by machines.”

《精通PKI网络安全认证技术与编程实现》

以下介绍来自http://www.readbuy.cn/product/product_200759.html

作　　者：马臣云 王彦 编著
出 版 社：人民邮电出版社

出版时间：2008-07-01

全书共32章，分6篇，主要内容包括PKI基础知识、OpenSSL开发、CrytoAPI开发、Java Security开发、电子商务网站应用、 PKI技术应用等，涉及C语言、Java语言、JSP、ASP/ASP.NET、PHP等开发语言。为了方便读者深入了解PKI，本书按照先原理、再讲解、再实战的方式进行，并且全部实例和软件都保存在随书赠送的光盘中。

我把书中的光盘放到FTP服务器上去了  ftp://166.111.143.130/_ccert_incoming/MasterPKI_CDROM/

需要安装GnuPG for windows，http://www.gnupg.org/

然后安装FireFox的一个插件：FireGPG  ：http://cn.getfiregpg.org/s/home

我的PGP Key :duanhx.pgp.pub.key

—-BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.9 (MingW32)

mQGiBErNScMRBADnloFygFjYYXA14HARkqAqOFKITPhSIB+qJRIVuY7duppOg9RY
/A7akpsJVUWufXcmpo7no+9ygQileP4SQFXj9TceJtlemneRJQwlnu3x+DoMrTue
Pfe8Nw8OME1aX7H1fC7elrpwdl5PmtmC5JhL3OxfWmtoQs6gWAk+7Uh5FQCg/+Tv
dbs78/gnN5/R/Jz2+3Avm7MD/01XgkZIUE8c/mUYGpBq0Q0MAJRchH9V2ArBVFf7
DMDr2/CRXCMFPXeHYvDUpF6zTJvnZ+gSzyjDReYC5H2ssFa1UrfhbzvIGF7u/ukS
gnBbO8rWJYlfFANA2T5Es3gSappfn1sXjGrwE0EUiHiZ/7cvWY4k3t0AeOfXue6H
bWjZA/9lxDmgMFzmmLN2kXJMGiMmt1RlgW2bjCovxfJFuZ+wPMe2cGzf8QHedFca
TwM3LqHdWJa4nMN2mWXZXiJ072niQRg9Mp4ANlrnfQoOIs/Q8pm+8haVd4Xkx/tW
NjlPkPZIh834noBWdGSNbft6IUL3m8/kvnryeWLlP0Hq+pvnRbQqSGFpeGluIER1
YW4oMjAwOSkgPGR1YW5oeEB0c2luZ2h1YS5lZHUuY24+iFcEEBECABcFAkrNScMH
CwkIBwMCCgIZAQUbAwAAAAAKCRBFPAedfQjkOLaEAJ9ORp2s9o9aviXe9yh4PFRm
otNVNgCcDxZqvPmnKplc1X6hOGtp5D6NYRqIRgQQEQIABgUCSs2gJQAKCRANIj7s
sZDKZ3pcAKCrjecVrC7HvQKMSGGuyNsPxkj7NACfW+qExx82/ymio09rbCZaSZH7
zbW5Ag0ESs1JwxAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU
6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN
/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9
WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0
/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQ
mwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIIALEYJtIe9×9P+luFsafL
uf1ZznddsCgfN3Bq2YDpqgwl3GEhXnk1O1nGEBwcJjsjtq1neAPCawD9Pc+HAyz5
AQDvc+aJPfWZrvQ7/TB/KNPHtFdtf+ZRvkRS33tHcC59KOJgbIZAGx+CszGD2Ii9
aXrZ0UOLXd7//CjGA3rtUF9SGNPBc0nZl1inRWN3uwk3GPfQ1Onk08N6wxz3Bk1M
NGfi++FIAXdhLSQqbzFDf91L0cKPaL8wM//dQz4L6IT3qXvG58jP0kBIIKKbQhD1
BaByb5ZpX58t7r+bSuFrhE9crns+B4qjIVYwLNxCJ/cXW6wK0cgDcwG9rJE6p3Fo
z+eITAQYEQIADAUCSs1JwwUbDAAAAAAKCRBFPAedfQjkOLi9AKCjE3TkSRFOcCEN
wrpFFa9Dyw+91QCghKUQYmOQGDw6/0bpHiNWjd9ITyU=
=FQre
—–END PGP PUBLIC KEY BLOCK—–

纠正我以前的概念，在一个服务器上设置的cookie在另外一个服务器上是可以读取的，示例如下：

在course.ccert.edu.cn上设置cookie

http://course.ccert.edu.cn/test/setcookie.php

源代码：

<?
setcookie(”CookieName”, “DuanHaixin”,time()+3600,”/test/”,”.ccert.edu.cn”);
?>
<html>
<a href=”/test/display_cookie.php”> Display COokie on other web server </a>
</html>

在netsec.ccert.edu.cn上显示cookie

http://netsec.ccert.edu.cn/test/display_cookie.php

<html>

<?
echo “Cookie Name:”, $_COOKIE['CookieName'];//$CookieName
?>
</html>

不过，上面的例子中，两个服务器有同一个域名后缀。如果想设置cookie，使它在域名完全不同的服务器上却不可行，否则那安全隐患也太大了。

不过可以用下面的方法。假设在A服务器上想设置一个作用域为B服务器的cookie，

1。浏览器访问A服务器的脚本，A生成一个字符串，包括cookie的内容，把这个字符串当作 QUERRY_STRING 定向到B

2。B上的脚本读取QUERRY_STRING, 生成真正的cookie

Reference:

[1] http://de3.php.net/setcookie

[2]：http://www.javaeye.com/topic/34400

如题，请勿外传.
以后相关文档，可以通过wiki 单独组织文档

PPT下载：2009-0908-e8aea8e8aeba

支持IPv4/IPv6互访问，不需要安装IPv6协议栈。

通过Web浏览器访问，不需要任何配置。只需要在你要浏览的网站域名的后面增加一个后缀.cost.edu.cn即可。比如

如果你要访问ipv6.sjtu.edu.cn，在你浏览器地址栏里输入 http://ipv6.sjtu.edu.cn.cost.edu.cn

测试一下：

KAME project （IPv6）: http://www.kame.net  (您应该可以看到一个活动的乌龟)

东北大学六维空间 http://bt.neu6.edu.cn （纯IPv6的网站）

新语丝：http://www.xys.org（被GFW Block的网站）

倍可亲:  http://www.backchina.com

关于IPv4/IPv6的应用层代理，我希望完成的程序功能有点类似sixxs.org或者cspeed.net，二者选一，具体说来是这样的：

一、 Sixxs.org是这样实现的：

1.用户通过浏览器访问某个ipv6或ipv4的网站，在网站的域名后面增加一个后缀sixxs.org，我们可以增加一个ccert.edu.cn，比如对于ipv6.sjnet.edu.cn，网站的url就变成了ipv6.sjnet.edu.cn.ccert.edu.cn；

2.ccert.edu.cn的域名服务器对于所有不知道的域名返回一个固定的IPv4地址，也就是我们的代理服务器的地址;

3.浏览器根据域名服务器范围的地址，把HTTP请求发到代理服务器；

4.代理服务器监听HTTP服务端口（TCP/80），截获用户的HTTP请求，然后访问真正的服务器ipv6.sjnet.edu.cn，根据对方的地址类型（v4还是v6，可以根据真正的域名解析的结果确定）建立TCP连接（其实如果选择协议无关编程，这部分也可以不考虑）

5.代理服务器在客户端的浏览器和服务器之间建立TCP的连接中转，必要时作HTTP命令的转换（比如Location：等）。

二、cspeed.net的实现

大家访问cspeed.net的页面就知道了（如果访问不到，可以用tor），这是一个利用CGI模式实现的代理，用户只需访问cspeed.net，在页面上输入真正的URL就可以了

以上两种做法，我倾向于第一种，因为这样做比较简单。域名服务器的配置暂时不需考虑，你可以在本地配置hosts文件

比如把 ipv6.sjtu.edu.cn.ccert.edu.cn 的地址配置成202.112.50.102 (记不清了，也就是我们试验用的服务器地址) ，只需修改windows下的这个文件就行了

C:\WINDOWS\system32\drivers\etc\hosts

比如我增加了一行：

202.112.50.102      ipv6.sjtu.edu.cn.ccert.edu.cn

然后，你就可以在50.102这台计算机上用wireshark之类的协议分析软件调试分析 浏览器发来的请求和服务器返回的响应了

对以上设想，各位还有不明白吗？

如果你有多台Linux服务器，经常忘了帐号和口令，建议你使用公钥来认证。推荐东北大学温占考老师的一篇文章，介绍openssh, putty和公钥认证的文章。

OpenSSH与Putty