滨海社区空间演变分形研究——以厦门市高浦社区为例

滨海城市社区的空间形态及其海岸线表现出一定程度的复杂性,发展量化描述方法对于其可发展研究有重要的理论与应用价值。本研究基于分形理论,以滨海城市厦门的高浦社区为研究对象,利用计盒法对该滨海社区空间形态和边界进行复杂性分析和分形维计算,研究社区空间形态复杂性演变规律。结果表明:作为典型海湾渔村的高浦社区空间形态具有分数维,呈现分形结构特性。自1989年至今,该社区空间形态的分形维数呈现增长态势;社区边界的分形维数呈现下降态势。社区空间形态的分形维数与社区建筑占地面积、建筑总面积、建筑密度、容积率都表现出相关性。这表明滨海社区在快速城市化进程中,社区规模急剧扩张可能会导致空间形态和边界复杂性的显著变化。住建部科学技术计划资助项目(2017-R2-015

改良分子信标-双重实时荧光PCR快速检测SARS病毒

目的建立改良分子信标-双重实时荧光PCR检测SARS病毒的方法,用于SARS的早期诊断和动物溯源。方法利用改良分子信标技术、装甲RNA和双片段双色荧光技术,根据GenBank公布的SARS病毒聚合酶基因1b的阅读开放框架结构的保守序列,自行设计一对引物和探针,以部分临床标本的酶联吸附实验结果和传统细胞培养方法作为对照,建立分子信标检测SARS病毒的方法。对368份临床标本(咽漱液、血液、粪便、尿液)、52份细胞培养液和50份动物标本进行荧光PCR扩增。结果分子信标检测SARS病毒的方法灵敏度为10～100个拷贝ml,与流感病毒等呼吸道病毒无交叉反应。分子信标检测368份临床标本,20份阳性。其中确诊病例阳性率为21.27%(1047),确诊病例的咽漱液阳性率为43.48%,还分别从粪便和血清中检测到SARS病毒。52份细胞培养液,29份阳性,阳性率为55.77%。50份动物标本,23份阳性,阳性率为46%。结论改良分子信标-双重实时荧光PCR检测SARS病毒方法灵敏度高、特异性强,可用于SARS的临床早期诊断和动物溯源

Research on and Enforcement of Malware-Defending Technology of Secure Operating System

该文以一个实际的安全操作系统开发实践为基础,针对日益严重的恶意代码威胁,对安全操作系统的恶意代码防御技术进行了研究,取得了以下六个方面的主要成果.第一,从安全操作系统的角度,首次揭示了恶意代码入侵、感染和发作等过程的本质;由此提出了安全操作系统的两种恶意代码防御技术;第二,设计了适合在安全操作系统中实施的恶意代码防御框架.从权限控制和完整性控制两方面实施了恶意代码防御技术;引入了进程完整性阈值,有效地降低了框架对高完整性可执行代码运行效率的影响.第三,把"负权限"引入到自主访问控制机制中,并给出了权限冲突解决机制;提出了"有限权限继承"机制,简化了系统授权管理;细化了访问控制粒度;支持转授权机制;在系统中实施上述自主访问控制机制,实现了用户权限控制.第四,探讨了进程权限、用户权限和可执行代码权限三者之间的关系,以用可执行代码权限的用户相关性与用户无关性,首次提出了基于进程的动态访问控制模型,从而避免了滥用进程极限;综合上述静态和动态模型,提出了基于进程的静态/动态访问控制模型,并实施于系统中,实现了进程权限控制.第五,揭示了Biba模型静态实施方案缺陷的本质,首次提出了基于先决条件的授权模型,并设计了Biba模型的动态实施方案;第六,借助角色访问控制模型,研究了转授权模型,首次提出了支持重复角色和部分角色转授权的转授权模型和支持时限的转授权模型.With consideration of a variety of malware threats and security requirements, research on and enforcement of the malware-defending system in secure operating system is conducted with an experiment of implementing a practical secure operating system (SOS). As a result, six principal achievements have been obtained. First, the essence of infection and damage of malware is revealed in accordance with the properties of SOS, hence privilege control and integrity control, as two kinds of malware-defending methods are presented. The incapability of access control mechanism of Linux/Unix in defending malware is shown. Second, malware-defending framework (MDF) suitable for SOS is designed. Privilege control and integrity control are perfectly combined in MDF as two aspects of defending technology. To reduce the losing of performance of program with higher integrity, integrity threshold is introduced. Third, the concept of negative privilege is introduced into discretional access control (DAC), and conflict-resolving mechanism is given. Limited privileges inheritance mechanism simplifying authorization is presented. Control permission and access permission are distinguished and refined. Delegation is supported by our DAC. The DAC above is implemented in MDF, which realizes user privilege control. Fourth, the relationship among user privilege, program privilege and process privilege, as well as user-dependent or user-independent properties of program privilege, is analyzed. As a result, a process-based static access control (PBSAC) model is presented for the first time, which avoids misuse of owner privilege. Relationships of conflict, dependent and authorization-dependent between process privileges are defined, and rules of dynamically adjusting process privilege are given, hence presents a process-based dynamic access control (PBDAC) model for the first time, which avoids misuse of process privilege. PBS/DAC model is implemented in MDF, which combines PBSAC and PBDAC, and realizes process privilege control. Fifth, essence of defect in static implement of Biba model is shown, and a prerequisite condition-based authorization model is presented for the first time. To overcome the defect, a dynamic implement of Biba model is designed. To satisfy the requirement of multiple integrity policies, general implement of Biba model is designed. To realize integrity control of MDF, Biba model is dynamically and generally implemented in MDF, and works well. Last but not least, delegation model is studied in virtue of role-based access control, and two new delegation models are presented. One is the repeated and partial role-based delegation model, which supports repeat and partial delegation, and the other is temporal role-based delegation model, which supports temporal delegation. The two models are helpful in implementing precise privilege control, and prevent privilege misuse efficiently. In a word, the principal achievements of this dissertation are helpful for the research on and enforcement of malware-defending technology of SOS, and for the construction of secure operating system platforms with malware-defending function

trdm-temporal role-based delegation model

当前基于角色的系统的完全依赖于管理者的集中式管理方式,不能够满足分布环境下的系统管理的需求.基于角色的转授权模型(role-based delegation model, RDM)更适于分布式环境的授权管理,但当前的几种授权模型都不支持时限(temporary)和授权宽度.基于时限和授权宽度等方面,对RDM2000(role-based delegation model 2000)模型进行了扩充,提出了完备的具有时限的基于角色的转授权模型(temporal role-based delegation m

rprdm: a repeated-and-part-role-based delegation model

基于角色的转授权模型(RDM)适于分布式环境下的授权管理.在分析重复角色转授权(RRD)和部分角色转授权(PRD)的实质和必要性的基础上,提出了基于重复和部分角色的转授权模型(RPRDM),并定义了该模型的组成元素以及转授权和转授权撤销规则.最后,基于Linux实现了RPRDM的一个实验原型

research on an authorization model based on system prerequisite conditions

用户角色授权模型URA97(user role assignment 97)中,角色指派和撤销机制定义的先决条件(prerequisite conditions, PC)只约束被授权用户已经拥有的角色,而不约束系统中其他用户拥有的角色,因而会引起授权冲突,存在严重的缺陷.基于系统先决条件的授权模型(SPC-based authorization model, SBAM)提出了系统先决条件(system PC, SPC)的概念,并基于SPC定义了新的角色指派和撤销机制,从而克服了URA97的缺陷,能够正确

research and implementation of role-based domain and type enforcement access control model

安全系统只有能够支持多种安全政策才能满足实际需求.基于角色的访问控制(Role-Based Access Control,RBAC)是一种政策中性(Policy Neutral)的新模型,已经实现了多种安全政策.域-类型增强(Domain and Type Enforcement,DTE)安全政策充分体现了最小特权(Least Privilege)和职责分离(Separation of Duty)的安全原则,但是,RBAC96不便于直接实现DTE.根据RBAC和DTE的思想,本文提出了"基于角色的域-类

Retrospect and prospect of research on C4 photosynthesis in diatoms

Diatoms（Bacillariophyta） is one of the main groups of marine phytoplankton and plays an important role in global carbon cycle. The emergence of C4 photosynthesis is a major stride in plant evolution, and also affects the global carbon cycle. However, the understanding of C4 photosynthesis of diatoms is still limited. Since the 1970 s, scientists have argued whether C4 is involved in diatoms. In this paper, the discovery history of diatom C4 photosynthesis, the diatom carbon dioxide concentration mechanism（CCM） and the comparison of C4 photosynthesis between diatom and higher plants were reviewed. New methodology in the study of diatom’s C4 photosynthesis is prospected to know better about the role of diatoms in global carbon cycle

Retrospect and prospect of research on C_4 photosynthesis in diatoms

Diatoms (Bacillariophyta) is one of the main groups of marine phytoplankton and plays an important role in global carbon cycle. The emergence of C_4 photosynthesis is a major stride in plant evolution, and also affects the global carbon cycle. However, the understanding of C_4 photosynthesis of diatoms is still limited. Since the 1970s, scientists have argued whether C_4 is involved in diatoms. In this paper, the discovery history of diatom C_4 photosynthesis, the diatom carbon dioxide concentration mechanism (CCM) and the comparison of C_4 photosynthesis between diatom and higher plants were reviewed. New methodology in the study of diatoms C_4 photosynthesis is prospected to know better about the role of diatoms in global carbon cycle

长江江豚MHCD-RB基因第二外显子的分离鉴定

主要组织相容性复合体(Major histocompatibility complex,MHC)在脊椎动物的免疫系统中起着重要的作用,常作为适应性遗传标记应用于保护遗传学研究。长江江豚(Neophocaena phocaenoides asiaeorientalis)是惟一生活于淡水环境中的江豚种群,且已处于濒危状况。为了开发适用于长江江豚保护遗传学研究的MHC遗传标记,首次采用北象海豹(Mirounga angustirostris)的一对DRB基因引物对长江江豚的基因组进行扩增,从5个个体中成功扩增