A self-adaptive resource provisioning on demand is a critical factor in cloud computing.The selection of accurate amount of resources at run time is not easy due to dynamic nature of requests.Therefore,a self-adaptive...A self-adaptive resource provisioning on demand is a critical factor in cloud computing.The selection of accurate amount of resources at run time is not easy due to dynamic nature of requests.Therefore,a self-adaptive strategy of resources is required to deal with dynamic nature of requests based on run time change in workload.In this paper we proposed a Cloud-based Adaptive Resource Scheduling Strategy(CARSS)Framework that formally addresses these issues and is more expressive than traditional approaches.The decision making in CARSS is based on more than one factors.TheMAPE-K based framework determines the state of the resources based on their current utilization.Timed-Arc Petri Net(TAPN)is used to model system formally and behaviour is expressed in TCTL,while TAPAAL model checker verifies the underline properties of the system.展开更多
Model integration is an important section of the model management research area. The paper puts forward a formalization representation of model, and presents some concepts, such as the compound model re- lation, the c...Model integration is an important section of the model management research area. The paper puts forward a formalization representation of model, and presents some concepts, such as the compound model re- lation, the composite model and so on. Additionally, the existence of model integration is also analyzed in de- tail and several sufficient conditions are proved.展开更多
There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition ...There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented, and the role is assigned a logical location domain to specify the spatial boundary. Roles are activated based on the current physical position of the user which obtsined from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, con- strained SC-RBAC allows express various spatial separations of duty constraints, location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 in- variants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.展开更多
In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the ...In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.展开更多
Survivability should be considered beyond security for information system. To assess system survivability accurately, for improvement, a formal modeling and analysis method based on stochastic process algebra is propo...Survivability should be considered beyond security for information system. To assess system survivability accurately, for improvement, a formal modeling and analysis method based on stochastic process algebra is proposed in this article. By abstracting the interactive behaviors between intruders and information system, a transferring graph of system state oriented survivability is constructed. On that basis, parameters are defined and system behaviors are characterized precisely with performance evaluation process algebra (PEPA), simultaneously considering the influence of different attack modes. Ultimately the formal model for survivability is established and quantitative analysis results are obtained by PEPA Workbench tool. Simulation experiments show the effectiveness and feasibility of the developed method, and it can help to direct the designation of survivable system.展开更多
In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time ch...In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privilege's working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBAC's, DTE's, and POSIX's, and it generalizes subdomain control mechanism and makes this mechanism dynamic.展开更多
The considerable and significant progress achieved in the design and development of new interaction devices between man and machine has enabled the emergence of various powerful and efficient input and/or output devic...The considerable and significant progress achieved in the design and development of new interaction devices between man and machine has enabled the emergence of various powerful and efficient input and/or output devices. Each of these new devices brings specific interaction modes. With the emergence of these devices, new interaction techniques and modes arise and new interaction capabilities are offered. New user interfaces need to be designed or former ones need to evolve. The design of so called plastic user interfaces contributes to handling such evolutions. The key requirement for the design of such a user interface is that the new obtained user interface shall be adapted to the application and have, at least, the same behavior as the previous (adapted) one. This paper proposes to address the problem of user interface evolution due to the introduction of new interaction devices and/or new interaction modes. More, precisely, we are interested by the study of the design process of a user interface resulting from the evolution of a former user interface due to the introduction of new devices and/or new interaction capabilities. We consider that interface behaviors are described by labelled transition systems and comparison between user interfaces is handled by an extended definition of the bi-simulation relationship to compare user interface behaviors when interaction modes are replaced by new ones.展开更多
To makesystem-of-systems combat simulation models easy to be developed and reused, simulation model formal specification and representation are researched. According to the view of system-of-systems combat simulation,...To makesystem-of-systems combat simulation models easy to be developed and reused, simulation model formal specification and representation are researched. According to the view of system-of-systems combat simulation, and based on DEVS, the simulation model's fundamental formalisms are explored. It includes entity model, system-of-systems model and experiment model. It also presents rigorous formal specification. XML data exchange standard is combined to design the XML based language, SCSL, to support simulation model representation. The corresponding relationship between SCSL and simulation model formalism is discussed and the syntax and semantics of elements in SCSL are detailed. Based on simulation model formal specification, the abstract simulation algorithm is given and SCSL virtual machine, which is capable of automatically interpreting and executing simulation model represented by SCSL, is designed. Finally an application case is presented, which can show the validation of the theory and verification of SCSL.展开更多
Formal state space models of quantum control systems are deduced and a scheme to establish formal state space models via quantization could been obtained for quantum control systems is proposed. State evolution of qua...Formal state space models of quantum control systems are deduced and a scheme to establish formal state space models via quantization could been obtained for quantum control systems is proposed. State evolution of quantum control systems must accord with Schrdinger equations, so it is foremost to obtain Hamiltonian operators of systems. There are corresponding relations between operators of quantum systems and corresponding physical quantities of classical systems, such as momentum, energy and Hamiltonian, so Schrdinger equation models of corresponding quantum control systems via quantization could been obtained from classical control systems, and then establish formal state space models through the suitable transformation from Schrdinger equations for these quantum control systems. This method provides a new kind of path for modeling in quantum control.展开更多
Timed abstract state machine(TASM) is a formal specification language used to specify and simulate the behavior of real-time systems. Formal verification of TASM model can be fulfilled through model checking activitie...Timed abstract state machine(TASM) is a formal specification language used to specify and simulate the behavior of real-time systems. Formal verification of TASM model can be fulfilled through model checking activities by translating into UPPAAL. Firstly, the translational semantics from TASM to UPPAAL is presented through atlas transformation language(ATL). Secondly, the implementation of the proposed model transformation tool TASM2UPPAAL is provided. Finally, a case study is given to illustrate the automatic transformation from TASM model to UPPAAL model.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
High reliability is the key to performance of electrical control equipment. PLC combines computer technology, automatic control technology and communication technology and becomes widely used for automation of industr...High reliability is the key to performance of electrical control equipment. PLC combines computer technology, automatic control technology and communication technology and becomes widely used for automation of industrial processes. Some requirements of complex PLC systems cannot be satisfied by the traditional verification methods. In this paper, an efficient method for the PLC systems modeling and verification is proposed. To ensure the high-speed property of PLC, we proposed a technique of “Time interval model” and “notice-waiting”. It could reduce the state space and make it possible to verify some complex PLC systems. Also, the conversion from the built PLC model to the Promela language is obtained and a tool PLC-Checker for modeling and checking PLC systems are designed. Using PLC-Checker to check a classical PLC example, a counter-example is found. Although the probability of this logic error occurs very small, it could result in system crash fatally.展开更多
The molecular interaction volume model (MIVM) for a general ternary system was deduced in detail for further clarifying and understanding its general multicomponent expression. Both MIVM and the unified interaction ...The molecular interaction volume model (MIVM) for a general ternary system was deduced in detail for further clarifying and understanding its general multicomponent expression. Both MIVM and the unified interaction parameter formalism (UIPF) can be used to predict the activities of solutes and solvents in the Fe-Cr-Ni liquid alloys. But the former employs only the infinite dilute activity coefficients, and the later is not applicable without the dilute binary and ternary interaction parameters. MIVM has a certain physical meaning from the viewpoint of statistical thermodynamics, so it is an alternative for the estimation of activity coefficients of the solutes and solvents in a dilute or finite concentration metal solution where the interaction parameters are absent or their accuracies are questionable.展开更多
随着区块链技术在各行各业的广泛应用,区块链系统的架构变得越来越复杂,这也增加了安全问题的数量.目前,在区块链系统中采用了模糊测试、符号执行等传统的漏洞检测方法,但这些技术无法有效检测出未知的漏洞.为了提高区块链系统的安全性...随着区块链技术在各行各业的广泛应用,区块链系统的架构变得越来越复杂,这也增加了安全问题的数量.目前,在区块链系统中采用了模糊测试、符号执行等传统的漏洞检测方法,但这些技术无法有效检测出未知的漏洞.为了提高区块链系统的安全性,提出基于形式化方法的区块链系统漏洞检测模型VDMBS(vulnerability detection model for blockchain systems),所提模型综合系统迁移状态、安全规约和节点间信任关系等多种安全因素,同时提供基于业务流程执行语言BPEL(business process execution language)的漏洞模型构建方法.最后,用NuSMV在基于区块链的电子投票选举系统上验证所提出的漏洞检测模型的有效性,实验结果表明,与现有的5种形式化测试工具相比,所提出的VDMBS模型能够检测出更多的区块链系统业务逻辑漏洞和智能合约漏洞.展开更多
文摘A self-adaptive resource provisioning on demand is a critical factor in cloud computing.The selection of accurate amount of resources at run time is not easy due to dynamic nature of requests.Therefore,a self-adaptive strategy of resources is required to deal with dynamic nature of requests based on run time change in workload.In this paper we proposed a Cloud-based Adaptive Resource Scheduling Strategy(CARSS)Framework that formally addresses these issues and is more expressive than traditional approaches.The decision making in CARSS is based on more than one factors.TheMAPE-K based framework determines the state of the resources based on their current utilization.Timed-Arc Petri Net(TAPN)is used to model system formally and behaviour is expressed in TCTL,while TAPAAL model checker verifies the underline properties of the system.
基金Supported by the National Natural Science Foundationof China (No.60474041).
文摘Model integration is an important section of the model management research area. The paper puts forward a formalization representation of model, and presents some concepts, such as the compound model re- lation, the composite model and so on. Additionally, the existence of model integration is also analyzed in de- tail and several sufficient conditions are proved.
文摘There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented, and the role is assigned a logical location domain to specify the spatial boundary. Roles are activated based on the current physical position of the user which obtsined from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, con- strained SC-RBAC allows express various spatial separations of duty constraints, location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 in- variants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.
基金supported by the Beijing Natural Science Foundation(Grant No.4052016)the National Natural Science Foundation of China(Grant No.60573042)the National Grand Fundamental Research 973 Program of China(Grant No.G1999035802).
文摘In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.
基金the National Natural Science Foundation of China (90718003)the Hi-Tech Research and Development Program of China (2007AA01Z401)the Specialized Research Fund for the Doctoral Program of Higher Education (20050217007)
文摘Survivability should be considered beyond security for information system. To assess system survivability accurately, for improvement, a formal modeling and analysis method based on stochastic process algebra is proposed in this article. By abstracting the interactive behaviors between intruders and information system, a transferring graph of system state oriented survivability is constructed. On that basis, parameters are defined and system behaviors are characterized precisely with performance evaluation process algebra (PEPA), simultaneously considering the influence of different attack modes. Ultimately the formal model for survivability is established and quantitative analysis results are obtained by PEPA Workbench tool. Simulation experiments show the effectiveness and feasibility of the developed method, and it can help to direct the designation of survivable system.
基金supported by the National Key Basic Research Program of China(Grant No.G1999035802)the National Natural Science Foundation of China(Grant No.60083007)
文摘In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privilege's working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBAC's, DTE's, and POSIX's, and it generalizes subdomain control mechanism and makes this mechanism dynamic.
文摘The considerable and significant progress achieved in the design and development of new interaction devices between man and machine has enabled the emergence of various powerful and efficient input and/or output devices. Each of these new devices brings specific interaction modes. With the emergence of these devices, new interaction techniques and modes arise and new interaction capabilities are offered. New user interfaces need to be designed or former ones need to evolve. The design of so called plastic user interfaces contributes to handling such evolutions. The key requirement for the design of such a user interface is that the new obtained user interface shall be adapted to the application and have, at least, the same behavior as the previous (adapted) one. This paper proposes to address the problem of user interface evolution due to the introduction of new interaction devices and/or new interaction modes. More, precisely, we are interested by the study of the design process of a user interface resulting from the evolution of a former user interface due to the introduction of new devices and/or new interaction capabilities. We consider that interface behaviors are described by labelled transition systems and comparison between user interfaces is handled by an extended definition of the bi-simulation relationship to compare user interface behaviors when interaction modes are replaced by new ones.
文摘To makesystem-of-systems combat simulation models easy to be developed and reused, simulation model formal specification and representation are researched. According to the view of system-of-systems combat simulation, and based on DEVS, the simulation model's fundamental formalisms are explored. It includes entity model, system-of-systems model and experiment model. It also presents rigorous formal specification. XML data exchange standard is combined to design the XML based language, SCSL, to support simulation model representation. The corresponding relationship between SCSL and simulation model formalism is discussed and the syntax and semantics of elements in SCSL are detailed. Based on simulation model formal specification, the abstract simulation algorithm is given and SCSL virtual machine, which is capable of automatically interpreting and executing simulation model represented by SCSL, is designed. Finally an application case is presented, which can show the validation of the theory and verification of SCSL.
文摘Formal state space models of quantum control systems are deduced and a scheme to establish formal state space models via quantization could been obtained for quantum control systems is proposed. State evolution of quantum control systems must accord with Schrdinger equations, so it is foremost to obtain Hamiltonian operators of systems. There are corresponding relations between operators of quantum systems and corresponding physical quantities of classical systems, such as momentum, energy and Hamiltonian, so Schrdinger equation models of corresponding quantum control systems via quantization could been obtained from classical control systems, and then establish formal state space models through the suitable transformation from Schrdinger equations for these quantum control systems. This method provides a new kind of path for modeling in quantum control.
基金National Natural Science Foundations of China(No. 61073013,No. 90818024)Aviation Science Foundation of China( No.2010ZAO4001)
文摘Timed abstract state machine(TASM) is a formal specification language used to specify and simulate the behavior of real-time systems. Formal verification of TASM model can be fulfilled through model checking activities by translating into UPPAAL. Firstly, the translational semantics from TASM to UPPAAL is presented through atlas transformation language(ATL). Secondly, the implementation of the proposed model transformation tool TASM2UPPAAL is provided. Finally, a case study is given to illustrate the automatic transformation from TASM model to UPPAAL model.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
文摘High reliability is the key to performance of electrical control equipment. PLC combines computer technology, automatic control technology and communication technology and becomes widely used for automation of industrial processes. Some requirements of complex PLC systems cannot be satisfied by the traditional verification methods. In this paper, an efficient method for the PLC systems modeling and verification is proposed. To ensure the high-speed property of PLC, we proposed a technique of “Time interval model” and “notice-waiting”. It could reduce the state space and make it possible to verify some complex PLC systems. Also, the conversion from the built PLC model to the Promela language is obtained and a tool PLC-Checker for modeling and checking PLC systems are designed. Using PLC-Checker to check a classical PLC example, a counter-example is found. Although the probability of this logic error occurs very small, it could result in system crash fatally.
基金This work was supported by the Joint Fund of the National Natural Science Foundation of China the Shanghai Baoshan Steel Complex under Grant No. 50274039.
文摘The molecular interaction volume model (MIVM) for a general ternary system was deduced in detail for further clarifying and understanding its general multicomponent expression. Both MIVM and the unified interaction parameter formalism (UIPF) can be used to predict the activities of solutes and solvents in the Fe-Cr-Ni liquid alloys. But the former employs only the infinite dilute activity coefficients, and the later is not applicable without the dilute binary and ternary interaction parameters. MIVM has a certain physical meaning from the viewpoint of statistical thermodynamics, so it is an alternative for the estimation of activity coefficients of the solutes and solvents in a dilute or finite concentration metal solution where the interaction parameters are absent or their accuracies are questionable.
文摘随着区块链技术在各行各业的广泛应用,区块链系统的架构变得越来越复杂,这也增加了安全问题的数量.目前,在区块链系统中采用了模糊测试、符号执行等传统的漏洞检测方法,但这些技术无法有效检测出未知的漏洞.为了提高区块链系统的安全性,提出基于形式化方法的区块链系统漏洞检测模型VDMBS(vulnerability detection model for blockchain systems),所提模型综合系统迁移状态、安全规约和节点间信任关系等多种安全因素,同时提供基于业务流程执行语言BPEL(business process execution language)的漏洞模型构建方法.最后,用NuSMV在基于区块链的电子投票选举系统上验证所提出的漏洞检测模型的有效性,实验结果表明,与现有的5种形式化测试工具相比,所提出的VDMBS模型能够检测出更多的区块链系统业务逻辑漏洞和智能合约漏洞.
