As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes s...As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.展开更多
Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the sa...Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.展开更多
Security service function chaining(SFC)based on software-defined networking(SDN)and network function virtualization(NFV)technology allows traffic to be forwarded sequentially among different security service functions...Security service function chaining(SFC)based on software-defined networking(SDN)and network function virtualization(NFV)technology allows traffic to be forwarded sequentially among different security service functions to achieve a combination of security functions.Security SFC can be deployed according to requirements,but the current SFC is not flexible enough and lacks an effective feedback mechanism.The SFC is not traffic aware and the changes of traffic may cause the previously deployed security SFC to be invalid.How to establish a closed-loop mechanism to enhance the adaptive capability of the security SFC to malicious traffic has become an important issue.Our contribution is threefold.First,we propose a secure SFC path selection framework.The framework can accept the feedback results of traffic and security service functions in SFC,and dynamically select the opti-mal path for SFC based on the feedback results.It also realizes the automatic deployment of paths,forming a complete closed loop.Second,we expand the protocol of SFC to realize the security SFC with branching path,which improve flexibility of security SFC.Third,we propose a deep reinforcement learning-based dynamic path selection method for security SFC.It infers the optimal branching path by analyzing feedback from the security SFC.We have experimented with Distributed Denial of Service(DDoS)attack detection modules as security service functions.Experimental results show that our proposed method can dynamically select the optimal branching path for a security SFC based on traffic features and the state of the SFC.And it improves the accuracy of the overall malicious traffic detection of the security SFC and significantly reduces the latency and overall load of the SFC.展开更多
Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web S...Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web Services security. Traditional security solutions cannot satisfy the Web Services security require of selective protection, end-to-end security and application layer security. Web Services technology needs a solution integrated in Web Services framework to realize end-to-end security. Based on cryptography and Web Services technology and according to W3C, XML encryption specification, XML digital Signature specification and WS-Security, which proposed by IBM and Microsoft, a new Web services security model based on message layer is put forward in this paper. The message layer is composed of message handlers. It is inserted into the message processing sequence and provides transparent security services for Web Services. To verify the model, a Web Services security system is realized on, net platform. The implementation version of the model can provide various security services, and has advantages such as security, scalability, security controllability and end-to-end security in message level. Key words Web services - Web services security - message layer CLC number TP 393.08 Biography: WANG Cui-ru (1954-), female, Professor, research direction: database and information management system.展开更多
This article discusses the security of the NGN service platform in terms of the open service interface and service deployment. It thinks that security of the open service interface can be solved by adding the service ...This article discusses the security of the NGN service platform in terms of the open service interface and service deployment. It thinks that security of the open service interface can be solved by adding the service access gateway and service management platform. The service access gateway provides security features to the open service interface concerning ID authentication, authorization, audit, encryption and integrity protection. For service deployment, its security can be solved by issuing related user digital certificates, deploying a firewall or an intrusion detection system, implementing load control, managing users' home location and displaying users' real-time IP addresses.展开更多
Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps ha...Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
Wearable technologies have the potential to become a valuable influence on human daily life where they may enable observing the world in new ways,including,for example,using augmented reality(AR)applications.Wearable ...Wearable technologies have the potential to become a valuable influence on human daily life where they may enable observing the world in new ways,including,for example,using augmented reality(AR)applications.Wearable technology uses electronic devices that may be carried as accessories,clothes,or even embedded in the user's body.Although the potential benefits of smart wearables are numerous,their extensive and continual usage creates several privacy concerns and tricky information security challenges.In this paper,we present a comprehensive survey of recent privacy-preserving big data analytics applications based on wearable sensors.We highlight the fundamental features of security and privacy for wearable device applications.Then,we examine the utilization of deep learning algorithms with cryptography and determine their usability for wearable sensors.We also present a case study on privacy-preserving machine learning techniques.Herein,we theoretically and empirically evaluate the privacy-preserving deep learning framework's performance.We explain the implementation details of a case study of a secure prediction service using the convolutional neural network(CNN)model and the Cheon-Kim-Kim-Song(CHKS)homomorphic encryption algorithm.Finally,we explore the obstacles and gaps in the deployment of practical real-world applications.Following a comprehensive overview,we identify the most important obstacles that must be overcome and discuss some interesting future research directions.展开更多
Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite W...Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.展开更多
基金funded by the National High-Technology Research and Development Program of China"(863"Program)under Grant No.2009AA01Z427
文摘As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.
基金The work is supported by the National Natural Science Foundation of China under Grant Nos. 61572137 and 61728202, and Shanghai Innovation Action Project under Grant No. 16DZ1100200.
文摘Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.
基金supported by NSFC under Grant No.62341102National Key R&D Program of China under Grant No.2018YFA0701604。
文摘Security service function chaining(SFC)based on software-defined networking(SDN)and network function virtualization(NFV)technology allows traffic to be forwarded sequentially among different security service functions to achieve a combination of security functions.Security SFC can be deployed according to requirements,but the current SFC is not flexible enough and lacks an effective feedback mechanism.The SFC is not traffic aware and the changes of traffic may cause the previously deployed security SFC to be invalid.How to establish a closed-loop mechanism to enhance the adaptive capability of the security SFC to malicious traffic has become an important issue.Our contribution is threefold.First,we propose a secure SFC path selection framework.The framework can accept the feedback results of traffic and security service functions in SFC,and dynamically select the opti-mal path for SFC based on the feedback results.It also realizes the automatic deployment of paths,forming a complete closed loop.Second,we expand the protocol of SFC to realize the security SFC with branching path,which improve flexibility of security SFC.Third,we propose a deep reinforcement learning-based dynamic path selection method for security SFC.It infers the optimal branching path by analyzing feedback from the security SFC.We have experimented with Distributed Denial of Service(DDoS)attack detection modules as security service functions.Experimental results show that our proposed method can dynamically select the optimal branching path for a security SFC based on traffic features and the state of the SFC.And it improves the accuracy of the overall malicious traffic detection of the security SFC and significantly reduces the latency and overall load of the SFC.
文摘Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web Services security. Traditional security solutions cannot satisfy the Web Services security require of selective protection, end-to-end security and application layer security. Web Services technology needs a solution integrated in Web Services framework to realize end-to-end security. Based on cryptography and Web Services technology and according to W3C, XML encryption specification, XML digital Signature specification and WS-Security, which proposed by IBM and Microsoft, a new Web services security model based on message layer is put forward in this paper. The message layer is composed of message handlers. It is inserted into the message processing sequence and provides transparent security services for Web Services. To verify the model, a Web Services security system is realized on, net platform. The implementation version of the model can provide various security services, and has advantages such as security, scalability, security controllability and end-to-end security in message level. Key words Web services - Web services security - message layer CLC number TP 393.08 Biography: WANG Cui-ru (1954-), female, Professor, research direction: database and information management system.
文摘This article discusses the security of the NGN service platform in terms of the open service interface and service deployment. It thinks that security of the open service interface can be solved by adding the service access gateway and service management platform. The service access gateway provides security features to the open service interface concerning ID authentication, authorization, audit, encryption and integrity protection. For service deployment, its security can be solved by issuing related user digital certificates, deploying a firewall or an intrusion detection system, implementing load control, managing users' home location and displaying users' real-time IP addresses.
基金funded by the Taif University Researchers Supporting Projects at Taif University,Kingdom of Saudi Arabia,under Grant Number:TURSP-2020/231.
文摘Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
文摘Wearable technologies have the potential to become a valuable influence on human daily life where they may enable observing the world in new ways,including,for example,using augmented reality(AR)applications.Wearable technology uses electronic devices that may be carried as accessories,clothes,or even embedded in the user's body.Although the potential benefits of smart wearables are numerous,their extensive and continual usage creates several privacy concerns and tricky information security challenges.In this paper,we present a comprehensive survey of recent privacy-preserving big data analytics applications based on wearable sensors.We highlight the fundamental features of security and privacy for wearable device applications.Then,we examine the utilization of deep learning algorithms with cryptography and determine their usability for wearable sensors.We also present a case study on privacy-preserving machine learning techniques.Herein,we theoretically and empirically evaluate the privacy-preserving deep learning framework's performance.We explain the implementation details of a case study of a secure prediction service using the convolutional neural network(CNN)model and the Cheon-Kim-Kim-Song(CHKS)homomorphic encryption algorithm.Finally,we explore the obstacles and gaps in the deployment of practical real-world applications.Following a comprehensive overview,we identify the most important obstacles that must be overcome and discuss some interesting future research directions.
文摘Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.
