The question of whether an ideal network exists with global scalability in its full life cycle has always been a first-principles problem in the research of network systems and architectures.Thus far,it has not been p...The question of whether an ideal network exists with global scalability in its full life cycle has always been a first-principles problem in the research of network systems and architectures.Thus far,it has not been possible to scientifically practice the design criteria of an ideal network in a unimorphic network system,making it difficult to adapt to known services with clear application scenarios while supporting the ever-growing future services with unexpected characteristics.Here,we theoretically prove that no unimorphic network system can simultaneously meet the scalability requirement in a full cycle in three dimensions—the service-level agreement(S),multiplexity(M),and variousness(V)—which we name as the“impossible SMV triangle”dilemma.It is only by transforming the current network development paradigm that the contradiction between global scalability and a unified network infrastructure can be resolved from the perspectives of thinking,methodology,and practice norms.In this paper,we propose a theoretical framework called the polymorphic network environment(PNE),the first principle of which is to separate or decouple application network systems from the infrastructure environment and,under the given resource conditions,use core technologies such as the elementization of network baselines,the dynamic aggregation of resources,and collaborative software and hardware arrangements to generate the capability of the“network of networks.”This makes it possible to construct an ideal network system that is designed for change and capable of symbiosis and coexistence with the generative network morpha in the spatiotemporal dimensions.An environment test for principle verification shows that the generated representative application network modalities can not only coexist without mutual influence but also independently match well-defined multimedia services or custom services under the constraints of technical and economic indicators.展开更多
The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the developm...The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the development of wireless communication security and safety technology.This paper introduces the concept of wireless endogenous security from the following four aspects.First,we sorts out the endogenous security problems faced by the current wireless communications system,and then analyzes the endogenous security and safety attributes of the wireless channel.After that,the endogenous security and safety structure of the wireless communications system is given,and finally the applications of the existing wireless communication endogenous security and safety functions are listed.展开更多
Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware deci...Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.展开更多
Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing...Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).展开更多
Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"...Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"dark functions"such as system vulnerabilities and backdoors,and points out that endogenous security problems cannot be completely eliminated at the theoretical and engineering levels;rather,it is necessary to develop or utilize the endogenous security functions of the system architecture itself.In addition,this paper gives a definition for and lists the main technical characteristics of endogenous safety and security in cyberspace,introduces endogenous safety and security mechanisms and characteristics based on dynamic heterogeneous redundancy(DHR)architecture,and describes the theoretical implications of a coding channel based on DHR.展开更多
In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers ha...In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers have studied the Cyber Mimic Defense(CMD)technologies of the cloud services.However,there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms,such as scheduling and decision mechanisms.To fill this gap,we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy(DHR)structure which is the core architecture of CMD technology,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describes the architecture and implementation of MimicCloudSim,and then discusses the simulation process.Finally,we demonstrate the capabilities of MimicCloudSim by using a decision mechanism.In addition,we tested the performance of MimicCloudSim,the conclusion shows that MimicCloudSim is highly scalable.展开更多
With the rapid development of information technology,the cyberspace security problem is increasingly serious.Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense.This paper ...With the rapid development of information technology,the cyberspace security problem is increasingly serious.Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense.This paper aims to describe the architecture and analyze the performance of Cyberspace Mimic DNS based on generalized stochastic Petri net.We propose a general method of anti-attacking analysis.For general attack and special attack model,the available probability,escaped probability and nonspecial awareness probability are adopted to quantitatively analyze the system performance.And we expand the GSPN model to adjust to engineering practice by specifying randomness of different output vectors.The result shows that the proposed method is effective,and Mimic system has high anti-attacking performance.To deal with the special attack,we can integrate the traditional defense mechanism in engineering practice.Besides,we analyze the performance of mimic DNSframework based on multi-ruling proxy and input-output desperation,the results represent we can use multi ruling or high-speed cache servers to achieve the consistent cost of delay,throughput compared with single authorized DNS,it can effectively solve 10%to 20%performance loss caused by general ruling proxy.展开更多
At present,there is a problem of false positives caused by the too vast mimic scope in mimic transformation technology.Previous studies have focused on the“compensation”method to deal with this problem,which is expe...At present,there is a problem of false positives caused by the too vast mimic scope in mimic transformation technology.Previous studies have focused on the“compensation”method to deal with this problem,which is expensive and cannot fundamentally solve it.This paper provides new insights into coping with the situation.Firstly,this study summarizes the false-positive problem in the mimic transformation,analyzes its possible harm and the root causes.Secondly,three properties about the mimic scope are proposed.Based on the three properties and security quantification technology,the best mimic component set theory is put forward to solve the false-positive problem.There are two algorithms,the supplemental method and the subtraction method.The best mimic component set obtained by these two algorithms can fundamentally solve the mimic system’s false-positive problem but reduce the cost of mimic transformation.Thus make up for the lack of previous researches.展开更多
As an active defenses technique,multivariant execution(MVX)can detect attacks by monitoring the consistency of heterogeneous variants with parallel execution.Compared with patch-style passive defense,MVX can defend ag...As an active defenses technique,multivariant execution(MVX)can detect attacks by monitoring the consistency of heterogeneous variants with parallel execution.Compared with patch-style passive defense,MVX can defend against known and even unknown vulnerability-based attacks without relying on attack feature information.However,variants generated with software diversity technologies will introduce new vulnerabilities when they execute in parallel.First,we analyze the security of MVX theory from the perspective of formal description.Then we summarize the general forms and techniques for attacks against MVX,and analyze the new vulnerabilities arising from the combination of variant generation technologies.We propose SecMVX,a secure MVX architecture and variant generation technology.Experimental evaluations based on CVEs and SPEC 2006 benchmark show that SecMVX introduces 11.29%of the average time overhead,and avoids vulnerabilities caused by the improper combination of variant generation technologies while keeping the defensive ability of MVX.展开更多
To determine the effects of different kinds of nitrogen fertilizer,especially high-efficiency slowrelease fertilizers,on soil pH,nitrogen(N)and microbial community structures in an acidic celery soil,four treatments(C...To determine the effects of different kinds of nitrogen fertilizer,especially high-efficiency slowrelease fertilizers,on soil pH,nitrogen(N)and microbial community structures in an acidic celery soil,four treatments(CK,no N fertilizer;NR,urea;PE,calcium cyanamide fertilizer;and SK,controlled-release N fertilizer)were applied,and soil pH,total soil N,inorganic N,and soil microbial biomass C were analyzed.Phospholipid fatty acids(PLFAs)were extracted and detected using the MIDI Sherlock microbial identification system.The PE treatment significantly improved soil pH,from 4.80 to>6.00,during the whole growth period of the celery,and resulted in the highest celery yield among the four treatments.After 14 d application of calcium cyanamide,the soil nitrate content significantly decreased,but the ammonium content significantly increased.The PE treatment also significantly increased soil microbial biomass C during the whole celery growth period.Canonical variate analysis of the PLFA data indicated that the soil microbial community structure in the CK treatment was significantly different from those in the N applied treatments after 49 d fertilization.However,there was a significant difference(P<0.05)in soil microbial community structure between the PE treatment and the other three treatments at the end of the experiment.Calcium cyanamide is a good choice for farmers to use on acidic celery land because it supplies sufficient N,and increases soil pH,microbial biomass and the yield of celery.展开更多
The sixth-generation mobile communication(6G)networks will face more complex endogenous security problems,and it is urgent to propose new universal security theories and establish new practice norms to deal with the&#...The sixth-generation mobile communication(6G)networks will face more complex endogenous security problems,and it is urgent to propose new universal security theories and establish new practice norms to deal with theªunknown unknownºsecurity threats in cyberspace.This paper first expounds the new paradigm of cyberspace endogenous security and introduces the vision of 6G cyberspace security.Then,it analyzes the security problems faced by the 6G core network,wireless access network,and emerging associated technologies in detail,as well as the corresponding security technology development status and the integrated development of endogenous security and traditional security.Furthermore,this paper describes the relevant security theories and technical concepts under the guidance of the new paradigm of endogenous security.展开更多
The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical s...The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.展开更多
With the ubiquitous application of digital,intelligent,and network technologies,the connotation and denotation of functional safety have gone beyond the conventional reliability scope of dealing with functional ...With the ubiquitous application of digital,intelligent,and network technologies,the connotation and denotation of functional safety have gone beyond the conventional reliability scope of dealing with functional or system failures caused by random ineffectiveness in the mechanical and electric age.In order to guarantee the functional safety for cyber physical systems(CPS)in cyberspace in the information age,it is impossible to avoid challenges of cyber security,especially"unknown unknown"network threats and attack events aimed at CPS systems,software/hardwrare facility vulnerabilities or loopholes and backdoors.Such challenges have a terrible ghost-haunted nature and attributes that cannot be expressed through mathematical models.They have gone beyond the random hypothetical premises of classical functional safety theories and mathematical nature to be expressed through probability,as well as shaken the foundations of conventional reliability theories,technological methodologies,and practice norms.展开更多
基金supported by the National Key Research and Development Program of China(2022YFB2901403)the Songshan Laboratory Project(221100210900-02).
文摘The question of whether an ideal network exists with global scalability in its full life cycle has always been a first-principles problem in the research of network systems and architectures.Thus far,it has not been possible to scientifically practice the design criteria of an ideal network in a unimorphic network system,making it difficult to adapt to known services with clear application scenarios while supporting the ever-growing future services with unexpected characteristics.Here,we theoretically prove that no unimorphic network system can simultaneously meet the scalability requirement in a full cycle in three dimensions—the service-level agreement(S),multiplexity(M),and variousness(V)—which we name as the“impossible SMV triangle”dilemma.It is only by transforming the current network development paradigm that the contradiction between global scalability and a unified network infrastructure can be resolved from the perspectives of thinking,methodology,and practice norms.In this paper,we propose a theoretical framework called the polymorphic network environment(PNE),the first principle of which is to separate or decouple application network systems from the infrastructure environment and,under the given resource conditions,use core technologies such as the elementization of network baselines,the dynamic aggregation of resources,and collaborative software and hardware arrangements to generate the capability of the“network of networks.”This makes it possible to construct an ideal network system that is designed for change and capable of symbiosis and coexistence with the generative network morpha in the spatiotemporal dimensions.An environment test for principle verification shows that the generated representative application network modalities can not only coexist without mutual influence but also independently match well-defined multimedia services or custom services under the constraints of technical and economic indicators.
基金National Natural Science Foundation of China(No.61941114 and No.61521003)Key Universities and Academic Disciplines Contruction Project。
文摘The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the development of wireless communication security and safety technology.This paper introduces the concept of wireless endogenous security from the following four aspects.First,we sorts out the endogenous security problems faced by the current wireless communications system,and then analyzes the endogenous security and safety attributes of the wireless channel.After that,the endogenous security and safety structure of the wireless communications system is given,and finally the applications of the existing wireless communication endogenous security and safety functions are listed.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No.61521003)the National Key R&D Program of China (No.2016YFB0800100,No.2016YFB0800101)the National Natural Science Foundation of China (No.61602509)
文摘Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.
基金supported by the National Natural Science Foundation of China for Innovative Research Groups (61521003)the National Natural Science Foundation of China (61872382)+1 种基金the National Key Research and Development Program of China (2017YFB0803204)the Research and Development Program in Key Areas of Guangdong Province (No.2018B010113001)
文摘Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).
基金supported by the National Natural Science Foundation Innovation Group Project(61521003)。
文摘Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"dark functions"such as system vulnerabilities and backdoors,and points out that endogenous security problems cannot be completely eliminated at the theoretical and engineering levels;rather,it is necessary to develop or utilize the endogenous security functions of the system architecture itself.In addition,this paper gives a definition for and lists the main technical characteristics of endogenous safety and security in cyberspace,introduces endogenous safety and security mechanisms and characteristics based on dynamic heterogeneous redundancy(DHR)architecture,and describes the theoretical implications of a coding channel based on DHR.
基金This work was supported by the National Science and Technology Major Project of China(No.2018ZX03002002)the Foundation for Innovative Research Groups of the National Natural Science Foundation of China(No.61521003).
文摘In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers have studied the Cyber Mimic Defense(CMD)technologies of the cloud services.However,there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms,such as scheduling and decision mechanisms.To fill this gap,we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy(DHR)structure which is the core architecture of CMD technology,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describes the architecture and implementation of MimicCloudSim,and then discusses the simulation process.Finally,we demonstrate the capabilities of MimicCloudSim by using a decision mechanism.In addition,we tested the performance of MimicCloudSim,the conclusion shows that MimicCloudSim is highly scalable.
基金This work was supported by the specific issues of national cyberspace security(Grant No.2018YFB0804001)the Innovative Research Groups of the National key R&D plan(Grant No.2020YFB18040803).
文摘With the rapid development of information technology,the cyberspace security problem is increasingly serious.Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense.This paper aims to describe the architecture and analyze the performance of Cyberspace Mimic DNS based on generalized stochastic Petri net.We propose a general method of anti-attacking analysis.For general attack and special attack model,the available probability,escaped probability and nonspecial awareness probability are adopted to quantitatively analyze the system performance.And we expand the GSPN model to adjust to engineering practice by specifying randomness of different output vectors.The result shows that the proposed method is effective,and Mimic system has high anti-attacking performance.To deal with the special attack,we can integrate the traditional defense mechanism in engineering practice.Besides,we analyze the performance of mimic DNSframework based on multi-ruling proxy and input-output desperation,the results represent we can use multi ruling or high-speed cache servers to achieve the consistent cost of delay,throughput compared with single authorized DNS,it can effectively solve 10%to 20%performance loss caused by general ruling proxy.
基金This work was supported by National Key Research and Development Program of China(Grant No.2018YF0804001).
文摘At present,there is a problem of false positives caused by the too vast mimic scope in mimic transformation technology.Previous studies have focused on the“compensation”method to deal with this problem,which is expensive and cannot fundamentally solve it.This paper provides new insights into coping with the situation.Firstly,this study summarizes the false-positive problem in the mimic transformation,analyzes its possible harm and the root causes.Secondly,three properties about the mimic scope are proposed.Based on the three properties and security quantification technology,the best mimic component set theory is put forward to solve the false-positive problem.There are two algorithms,the supplemental method and the subtraction method.The best mimic component set obtained by these two algorithms can fundamentally solve the mimic system’s false-positive problem but reduce the cost of mimic transformation.Thus make up for the lack of previous researches.
基金National Key Research and Development Program of China(Grant No.2018YF0804003)the National Key Research and Development Program of China under Grant No.2017YFB0803204.
文摘As an active defenses technique,multivariant execution(MVX)can detect attacks by monitoring the consistency of heterogeneous variants with parallel execution.Compared with patch-style passive defense,MVX can defend against known and even unknown vulnerability-based attacks without relying on attack feature information.However,variants generated with software diversity technologies will introduce new vulnerabilities when they execute in parallel.First,we analyze the security of MVX theory from the perspective of formal description.Then we summarize the general forms and techniques for attacks against MVX,and analyze the new vulnerabilities arising from the combination of variant generation technologies.We propose SecMVX,a secure MVX architecture and variant generation technology.Experimental evaluations based on CVEs and SPEC 2006 benchmark show that SecMVX introduces 11.29%of the average time overhead,and avoids vulnerabilities caused by the improper combination of variant generation technologies while keeping the defensive ability of MVX.
基金financially supported by the Ningbo Agricultural Science and Education Project(2013NK29)the National Natural Science Foundation of China(41301251).
文摘To determine the effects of different kinds of nitrogen fertilizer,especially high-efficiency slowrelease fertilizers,on soil pH,nitrogen(N)and microbial community structures in an acidic celery soil,four treatments(CK,no N fertilizer;NR,urea;PE,calcium cyanamide fertilizer;and SK,controlled-release N fertilizer)were applied,and soil pH,total soil N,inorganic N,and soil microbial biomass C were analyzed.Phospholipid fatty acids(PLFAs)were extracted and detected using the MIDI Sherlock microbial identification system.The PE treatment significantly improved soil pH,from 4.80 to>6.00,during the whole growth period of the celery,and resulted in the highest celery yield among the four treatments.After 14 d application of calcium cyanamide,the soil nitrate content significantly decreased,but the ammonium content significantly increased.The PE treatment also significantly increased soil microbial biomass C during the whole celery growth period.Canonical variate analysis of the PLFA data indicated that the soil microbial community structure in the CK treatment was significantly different from those in the N applied treatments after 49 d fertilization.However,there was a significant difference(P<0.05)in soil microbial community structure between the PE treatment and the other three treatments at the end of the experiment.Calcium cyanamide is a good choice for farmers to use on acidic celery land because it supplies sufficient N,and increases soil pH,microbial biomass and the yield of celery.
基金the National Key Research and Development Program of China(Nos.2020YFB1806607 and 2022YFB2902202)the National Natural Science Foundation of China(Nos.61521003 and 61701538)。
文摘The sixth-generation mobile communication(6G)networks will face more complex endogenous security problems,and it is urgent to propose new universal security theories and establish new practice norms to deal with theªunknown unknownºsecurity threats in cyberspace.This paper first expounds the new paradigm of cyberspace endogenous security and introduces the vision of 6G cyberspace security.Then,it analyzes the security problems faced by the 6G core network,wireless access network,and emerging associated technologies in detail,as well as the corresponding security technology development status and the integrated development of endogenous security and traditional security.Furthermore,this paper describes the relevant security theories and technical concepts under the guidance of the new paradigm of endogenous security.
基金the National Natural Science Foundation Innovation Group Project(61521003).
文摘The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.
文摘With the ubiquitous application of digital,intelligent,and network technologies,the connotation and denotation of functional safety have gone beyond the conventional reliability scope of dealing with functional or system failures caused by random ineffectiveness in the mechanical and electric age.In order to guarantee the functional safety for cyber physical systems(CPS)in cyberspace in the information age,it is impossible to avoid challenges of cyber security,especially"unknown unknown"network threats and attack events aimed at CPS systems,software/hardwrare facility vulnerabilities or loopholes and backdoors.Such challenges have a terrible ghost-haunted nature and attributes that cannot be expressed through mathematical models.They have gone beyond the random hypothetical premises of classical functional safety theories and mathematical nature to be expressed through probability,as well as shaken the foundations of conventional reliability theories,technological methodologies,and practice norms.
