To solve the problem that the existing order preserving encryption schemes are difficult to give consideration to security, efficiency and ease of use at the same time, an order preserving encryption scheme of non-linear mapping based on random function was proposed. In the scheme, the plaintext space was considered as an increasing arithmetic sequence, and each element of the sequence was mapped to a separate ciphertext space based on the key. The key was generated by a random number generating function with non-uniform distribution, and the ciphertext space was constructed by a computer program. During encrypting, the value randomly selected from the corresponding ciphertext space was able to be used as the ciphertext. Analysis and experimental results show that the proposed scheme achieves INDistinguishability under Ordered Chosen Plaintext Attack (IND-OCPA) safety and can effectively prevent statistical attacks; it has the average encryption time per 100 000 data of from 30 ms to 50 ms, resulting in high encryption efficiency; the complex parameter presets are not required in the scheme, and the scheme can be implemented in any computer language, so that it is easy to use.

The security mechanism of REpresentational State Transfer (REST) architecture is not perfect. In order to solve the problem, the security analysis and evaluation of REST architecture based on attack graph was proposed, and the security quantitative evaluation of REST architecture was realized by using attack graph. Firstly, the possible attack of REST architecture was predicted, the REST architecture attack graph model was constructed accordingly, and the attack probability parameter and attack realization parameter were calculated. Then, according to the attack state and attack behavior of attack graph, the security protection measures were proposed. In view of the above, the REST architecture attack graph model was reconstructed, and the attack probability parameter and attack realization parameter were recalculated too. By comparison, after the adoption of security protection measures, the attack possibility parameter has been reduced to about 1/10, and the attack realization parameter has been reduced to about 1/86. The comparison results show that the constructed attack graph can effectively and quantitatively evaluate the security performance of REST architecture.