For the common key space shortage problem found in existing Arnold digital image encryption algorithm, a new digital image encryption algorithm-SMA (Sparse Matrix Arnold) based on sparse matrix and Arnold transformation was proposed and in order to further improve the security of the algorithm, an improved algorithm-3SMA (3 round SMA) using the ideas of multi-layered decomposition and three-tier structure encryption was proposed. The SMA algorithm adopted Arnold transform to spread the plaintext picture into a large sparse matrix, and then removed invalid sparse matrix elements to get the cipher text. While, the decryption of SMA needed to enter the cipher text picture, and moved pixels in cipher text picture back to their original positions in accordance with the previously computed swapping table. The 3SMA algorithm comprised three different round keys. Each round, the improved algorithm needed to process two color components of the plaintext picture to achieve the purpose of encryption. The experimental results show that the proposed encryption algorithm and its improvement obtain higher security compared to Arnold encryption algorithms analyzed.

In the centralized network control environment of Software-Defined Network (SDN), the problem of a single point of failure exists in the controlling plane. In order to solve the problem, a kind of controller architecture was proposed based on intrusion tolerance ideology to improve the availability and reliability of network by using the redundant and diverse central controller platform. In the proposed architecture, the intruded controllers were detected by comparing their messages. Firstly, the key message types and fields needing to be compared were defined. Then, different controller messages were compared using a consistency judgement algorithm. Finally, the controllers with abnormal messages would be isolated and restored. The Mininet-based intrusion tolerance reliability test demonstrated that the controller architecture based on intrusion tolerance could detect and filter the abnormal controller messages. The Mininet-based response-delay test showed that the requirement-delay of underlying network increased by 16% and 42% while the tolerance degree was 1 and 3 respectively. In addition, the Cbench-based response-delay and throughput tests showed that the performance of the intrusion tolerance controller lay among the subsidiary controllers, such as Ryu and Floodlight, and approached the advanced one. In practical application, the quantity and type of the subsidiary controllers can be configured according to the security level of application scenarios, and the proposed intrusion tolerance controller can satisfy the application requirements of response rate and intrusion tolerance degree.

Traditional network=based vulnerability scanners can't get very exact information of the target system, they can't identify all of the vulnerabilities in the target system. The way of imitating attack can test the vulnerability exactly. When most of the new vulnerabilities were put forward, the test programs of the vulnerabilities were given together, but the diversity of the parameters of the test program made it difficult to integrate all of the programs. The parameters were classified as DR, DL and DV, and then XML was used to describe the parameters, and a vulnerabilities testing system by imitating attack with XML describing parameters was implemented.

The certificate path of the inner-realm is described in its subject alternative name, and the certificate path of the inter-realm was implemented by its proxy. In the same realm, the shortest path can be acquired by the sponsor with comparing the path in the subject alternative name of the target’s certificate and the sponsor’s trusted anchors. In the different realm, the path of the inter-realm can be acquired by requesting the proxy of the construction and concatenating the certificate path described in the subject alternative name, thus the construction of the whole certificate path can be implemented.