【正文】 stem()。 element_random(r)。}(2) 使用RSA加密算法對(duì)數(shù)據(jù)進(jìn)行加密，具體代碼實(shí)現(xiàn)如下，content為輸入PEKS系統(tǒng)中的明文public String Enc_RSA(String content,String eStr,String nStr){ String cipher = new String()。 } return cipher。 String keyWord_cipher = (keyWord1)。 element_init_G1(tmp, parampairing)。 if (element_cmp(tmp, cipherc2)==0) return 0。//計(jì)算明文對(duì)應(yīng)的字符串并輸出 for(int i=0。在我查閱資料的時(shí)候，學(xué)習(xí)到了對(duì)pbc庫的學(xué)習(xí)使用，由于pbc庫是基于C語言的，然而我又不是很掌握c語言的編程，所以本系統(tǒng)的主界面是在JAVA下做成的，而PEKS中的核心代碼是通過在JAVA中對(duì)C的調(diào)用來實(shí)現(xiàn)的，總的來說是在C語言代碼段的開頭加上JAVA語言文件編譯成頭文件加在C語言代碼段的開頭進(jìn)行調(diào)用。他在忙碌的教學(xué)工作中擠出時(shí)間來審查、修改我的論文。T website allowed an attacker to harvest the Apple iPAD subscribers’ s by enumerating ICCID numbers,which affected over 100,000 Apple customers [1]. In the Web scenario, the frontend web application acts as the single user that interacts with the database. Thus, the database fully trusts the web application, accepts and executes all the queries submitted by the application. As such,the vulnerabilities within web applications may introduce security concerns for the information stored in the database.One class of attacks exploit the application’s input validation mechanisms to tamper the intended structure of SQL queries issued by the application, which is well known as SQL injection. Another class of attacks exploit logic flaws within the application, referred to as state violation attacks[9], to trick the application into sending SQL queries at incorrect application states. For example, an attacker may retrieve other users’ account information without providing the administrator’s credential to the application. While a large body of literatures focus on fortifying theapplication’s input validation mechanisms, only a few works have attempted to address logic flaws within the web applications. Logic flaws are specific to the functionalities of web applications, thus more difficult to handle. The key to this problem is to derive the application’s intended logic (., specification) in a general and automated way. One approach to inferring the application specification is by leveraging program source code. Swaddler [9] establishes statistical models of the application state for each program block using session variables, while Waler [13] characterizes the application logic by associating valuebased invariantson function parameters and session variables with each program function. This approach is limited in that they rely on program source code to extract the specification. The inferred specification is highly dependent on how the application is structured and implemented (., the definition of a program function or block). Thus, implementation flaws may result in an inaccurate specification. Another approach infers the application specification by observing and characterizing the application’s external behavior. BLOCK [18] observes the web requests/responses between the web application and its users and extracts invariants associatedwithin. While BLOCK, as a blackbox approach, is sourcecode free, its capability is limited since it only observes web requests/responses without taking into account the large amount of information persisted in the database, resulting in an inplete specification. The persistent information in the database may affect the application’s behavior in two ways. First, the application can use persistent objects in the database for maintaining its persistent state across web sessions, while using session variables for managing the state during the session. Second, the persistent objects may embed plex data constraints for web applications. Moreover,BLOCK examines web requests/responses, thus incapable of handling certain state violation attacks that are targeted at the database. In this paper, we present a blackbox approach for automateddetection of state violation attacks with a focus on securing the backend database. To be more specific, we aim to identify and block malicious SQL queries, which are issued in a way that violates the application specification. To derive the application specification in a blackbox manner, we have to address the following two issues:(1) What external behavior to observe in orderto collect sufficient information for specification inference.Since we focus on securing the database, we observe the interaction between the web application and the database. For the application to utilize persistent objects stored in the database, they have to be returned within SQL responses first. Thus, we collect all the observed SQL queriesand responses, as well as corresponding session variables.(2) How to infer the application logic from collectedinformation in a systematic way, so that theapplication behavior can be characterized adequately.We model the web application as an extended finite state machine (EFSM). EFSM has been employed for modeling the behavior of plex software [19], since it can capture not only the state transitions but also the data constraints associated with transitions and fits well in the web application scenario. To derive the EFSM, we first construct SQL signatures from observed SQL queries, which represent the output symbols emitted from the EFSM. Then, we extract a set of invariants for each SQL signature from both session variables and SQL responses, which characterize the application state and the associated data constraints when a SQL query is issued. In particular, we leverage a wellknown technique (., daikon engine [11]) to derive valuebased invariants, including the invariants over variables that are used for indicating the application state and the data constraints that can be expressed in a mathematical relationship between variables. Besides, we extract the dependencies between SQL signatures to infer other data constraints, which are implicitly specified within previously issued SQL queries. The set of invariants, indexed by SQL signatures, manifest the application specification and are used for evaluating ining SQL quer