Aiming at unavailability and unreliability of net-flow fingerprint caused by net-flow transformation and network jitter, a semi-fragile net-flow fingerprint coding scheme based on adaptive net-flow characteristic (ACSF) was proposed. Firstly, ACSF generated Hash Message Authentication Code (HMAC) encryption key, determined HMAC scrambling method and chose the initial phase of the Pseudo-Noise (PN) code in accordance with net-flow characteristic parameters.The space of secret key was enlarged to O((k+1)·(S·O(K_EN))), so as to increase computational complexity of compromising. Besides, net-flow fingerprint was made to have the capability of self-adaption. It decreased the computational complexity of decoder to O(k²·l·n_f), which enhanced the efficiency of decoding. Secondly, in order to be semi-fragile net-flow fingerprint, Direct Sequence Spread Spectrum (DSSS) was used to filter non-malicious disposing. It can reach more than 90% correctness under the condition of 66.7% multi-flow disturbance rate. Besides, HMAC was used to locate malicious tamper, which could correctly locate malicious tamper at least 98.3%. Finally, the security, accuracy of tamper localization and resisting disturbance capability of ACSF were analyzed and verified by experiments.

Detecting sensitive information on terminal documents becomes extremely important due to the potential risk of sensitive information leakage. In order to resolve the problems of imprecise document model caused by context-free index and inadequate semantic extension, firstly, a context-sensitive document smoothing algorithm was proposed to build document index, which can retain much more document information; secondly, combining the sensitivity of concept in the domain ontology, semantic extension was improved to expand the detection range of sensitive information; finally, document smoothing and query expansion were integrated into the language model, and a sensitive information detection approach based on the language model was proposed. Comparative experiments on four approaches using different index mechanisms, query expansion algorithms and detection models, the recall, precision and F-Measure of the proposed approach were 0.798, 0.786 and 0.792 respectively, and the various performance indicators were obviously better than the compared algorithms. The experimental results show that the proposed approach is a more effective one.

In view of the problem that verifying the conformance of e-government network structure, a conformance verification method for e-government network based on graph approximate matching was proposed. The method firstly abstracted the graph model of e-government network, then used the modular characteristic of network structure and k-hop neighboring relationship of vertices to realize extendible approximate graph matching which got all the similar structures between the two graphs. And then it proposed an improved graph similarity measure function by introducing the node importance factor and path distance attenuation factor so as to make the conformity assessment results more accurate. The experimental result shows that the method can accurately evaluate the conformance degree of e-government network structure, and fine-grainedly reflect the similarities or differences between the network structures which include all kinds of violations in the network topology and system deployment.

For protecting the sensitive data on mobile operation system, a Taint-marking Based Access Control (TBAC) model was presented and a Taint-marking Information Flow Control (TIFC) framework was proposed. To improve fine-grained data sharing, labels were designed for each data. To support for least privilege characteristic, capacities were defined to each subject. To avoid accumulating of contamination, decontamination capacities of trust subjects were introduced. Compared with BLP, TBAC is more available, flexible and fine-grained. The results show TIFC is an effective, flexible and accurate framework in tracking and controlling the information flow at runtime, and TIFC solves the problem of covert channel caused by control flow during program execution.

To solve the existing problems of optimization and selection in process behavior evaluation model, the process behavior was defined, and the process behavior was described based on Hidden Markov Model (HMM). The relation between precision rate and false positives rate was discussed, and a multiple-dimension process behavior evaluation model based on Boolean function was proposed, which overcame the shortcomings of single process behavior evaluation model, and increased evaluation performance. On the basis of cost decision tree, the target function was given to select the optimal process behavior on the proposed evaluation model. Finally, the proposed evaluation model was tested and compared with the traditional Sequence TIme-Delay Embedding (STIDE) and HMM method. The test results verify the efficiency and superiority of the proposed model.

To improve the correctness and feasibility of the implementation of multilevel security in the distributed environment, a distributed multilevel security core architecture — Distributed Trusted Computing Base (DTCB) was proposed. DTCB was divided into three layers, TCB of System layer, TCB of Module layer and TCB of Partition layer, finer multilevel control granularity was realized step by step, greatly reducing the complexity of the implementation of multilevel security in the distributed environment. At last, based on the composable noninterference model, the security of DTCB was formally proved. The result shows that DTCB assures the multilevel security of distributed system as a whole.