Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suf...Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.展开更多
Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous qu...Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.展开更多
In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inher...In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inherent security vulnerabilities. Wepresent someintrusion tolerance technology by exploiting N-version module threshold method in constructingmultilevel secure software architecture, by detecting with hash value, by placing an 'antigen' wordnext to the return address on the stack thatis similar to human immune system, and by adding 'Honeycode' nonfunctional code to disturb intruder, so that the security and the availability of thesoftware system are ensured.展开更多
Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the serv...Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.展开更多
The advance of microelectronics requires the micropower of microsupercapacitors(MSCs) to possess wide temperature-and damage-tolerance beyond high areal energy density.The properties of electrolyte are crucial for MSC...The advance of microelectronics requires the micropower of microsupercapacitors(MSCs) to possess wide temperature-and damage-tolerance beyond high areal energy density.The properties of electrolyte are crucial for MSCs to meet the above requirements.Here,an organohydrogel electrolyte,featured with high salt tolerance,ultralow freezing point,and strong self-healing ability,is experimentally realized via modulating its inner dynamic bonds.Spectroscopic and theoretical analysis reveal that dimethyl sulfoxide has the ability to reconstruct Li^(+)solvation structure,and interact with free water and polyvinyl alcohol chains via forming hydrogen bonds.The organohydrogel electrolyte is employed to build MSCs,which show a boosted energy density,promising wide temperature range-and damage-tolerant ability.These attractive features make the designed organohydrogel electrolyte have great potential to advance MSCs.展开更多
Virtual machines have attracted significant attention especially within the high performance computing community. How- ever, there remain problems with respect to security in general and intrusion detection and diagno...Virtual machines have attracted significant attention especially within the high performance computing community. How- ever, there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted, i.e., intrusion severity analysis for large-scMe virtual machine based systems, such as clouds. Furthermore, the paper proposes a solution to this prob- lem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an automated approach is adopted to signif- icantly reduce the overall intrusion response time. The paper includes a detailed description of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this approach. The evaluation includes both architectural and experimentM evaluation thereby enabling us to strengthen our approach at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further improvements to the proposed approach have been highlighted.展开更多
Quantitative analysis has always been a difficult problem in security analysis of intrusion tolerance systems. An intrusion tolerance model based on multiple recovery mechanisms is introduced in this paper and how to ...Quantitative analysis has always been a difficult problem in security analysis of intrusion tolerance systems. An intrusion tolerance model based on multiple recovery mechanisms is introduced in this paper and how to quantify the security attributes of the model is proposed. A state transition model with recovery states more accurately describes the dynamic behavior of the system. Considering that recovery mechanisms have a great impact on the security performance of the system, we set up the cost models corresponding to different recovery mechanisms. We propose a feasible security measure based on mean cost to security failure in order to evaluate the system cost during the recovery phase. The experimental results confirmed the feasibility of the proposed methods.展开更多
Distributed architecture is often adopted for the intrusion-tolerance system currently.However,this distributed intrusiontolerance system has a consensus problem.To solve this problem,this article explores a distribut...Distributed architecture is often adopted for the intrusion-tolerance system currently.However,this distributed intrusiontolerance system has a consensus problem.To solve this problem,this article explores a distributed intrusion-tolerance system of hybrid time model based on trusted timely computing base(TTCB) and implement an atomic multicast protocol using TTCB services.The TTCB is a trust secure real-time component inside the server,with a well defined interface and separated from the operation system.It is in the synchronous communication environment,while the application layer in the server works asynchronously.By the atomic multicast protocol,it can be achieved that when the servers are over twice the number of faulty servers,the consensus can be satisfied.The performance evaluations show that the proposed protocol can yield larger good throughput with a lower unavailability.展开更多
传统的数据库安全解决方案的缺点是不能很好地解决以合法身份进行的恶意攻击,对具有不同安全需求的用户,只能提供固定的安全级别,造成资源浪费。它采用多级安全模型,即“用户+ OS + DBMS +事务级入侵容忍”,将冗余和多样性技术相结合,...传统的数据库安全解决方案的缺点是不能很好地解决以合法身份进行的恶意攻击,对具有不同安全需求的用户,只能提供固定的安全级别,造成资源浪费。它采用多级安全模型,即“用户+ OS + DBMS +事务级入侵容忍”,将冗余和多样性技术相结合,采用整体安全策略及面向服务的入侵容忍技术,实现数据库的可生存性、可用性及关键数据的机密性、完整性,能有效抵御以合法身份进行的恶意攻击,降低安全成本。展开更多
基金supported by the National Natural Science Foundation of China(Nos.51977113,62293500,62293501 and 62293505).
文摘Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.
基金supported by the National Natural Science Foundation of China (60774091)
文摘Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.
基金Supported by the National Natural Science Foun dation of China (90104005,60373087, 60473023),the Ph. D Pro grams Foundation of Ministry of Education of China(20020486046)
文摘In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inherent security vulnerabilities. Wepresent someintrusion tolerance technology by exploiting N-version module threshold method in constructingmultilevel secure software architecture, by detecting with hash value, by placing an 'antigen' wordnext to the return address on the stack thatis similar to human immune system, and by adding 'Honeycode' nonfunctional code to disturb intruder, so that the security and the availability of thesoftware system are ensured.
文摘Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.
基金National Natural Science Foundation of China(52072297 and 51907149)Key R&D Plan of Shaanxi Province(2021GXLH-Z-068)+1 种基金China Postdoctoral Science Foundation(2019M653609)the Young Talent Support Plan of Xi’an Jiaotong University。
文摘The advance of microelectronics requires the micropower of microsupercapacitors(MSCs) to possess wide temperature-and damage-tolerance beyond high areal energy density.The properties of electrolyte are crucial for MSCs to meet the above requirements.Here,an organohydrogel electrolyte,featured with high salt tolerance,ultralow freezing point,and strong self-healing ability,is experimentally realized via modulating its inner dynamic bonds.Spectroscopic and theoretical analysis reveal that dimethyl sulfoxide has the ability to reconstruct Li^(+)solvation structure,and interact with free water and polyvinyl alcohol chains via forming hydrogen bonds.The organohydrogel electrolyte is employed to build MSCs,which show a boosted energy density,promising wide temperature range-and damage-tolerant ability.These attractive features make the designed organohydrogel electrolyte have great potential to advance MSCs.
文摘Virtual machines have attracted significant attention especially within the high performance computing community. How- ever, there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted, i.e., intrusion severity analysis for large-scMe virtual machine based systems, such as clouds. Furthermore, the paper proposes a solution to this prob- lem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an automated approach is adopted to signif- icantly reduce the overall intrusion response time. The paper includes a detailed description of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this approach. The evaluation includes both architectural and experimentM evaluation thereby enabling us to strengthen our approach at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further improvements to the proposed approach have been highlighted.
基金Supported in part by the National Natural Science Foundation of China(61472139)the Key Project of Shanghai Science and Technology Commission(11511504403)
文摘Quantitative analysis has always been a difficult problem in security analysis of intrusion tolerance systems. An intrusion tolerance model based on multiple recovery mechanisms is introduced in this paper and how to quantify the security attributes of the model is proposed. A state transition model with recovery states more accurately describes the dynamic behavior of the system. Considering that recovery mechanisms have a great impact on the security performance of the system, we set up the cost models corresponding to different recovery mechanisms. We propose a feasible security measure based on mean cost to security failure in order to evaluate the system cost during the recovery phase. The experimental results confirmed the feasibility of the proposed methods.
基金supported by the National Natural Science Foundation of China (60774091)
文摘Distributed architecture is often adopted for the intrusion-tolerance system currently.However,this distributed intrusiontolerance system has a consensus problem.To solve this problem,this article explores a distributed intrusion-tolerance system of hybrid time model based on trusted timely computing base(TTCB) and implement an atomic multicast protocol using TTCB services.The TTCB is a trust secure real-time component inside the server,with a well defined interface and separated from the operation system.It is in the synchronous communication environment,while the application layer in the server works asynchronously.By the atomic multicast protocol,it can be achieved that when the servers are over twice the number of faulty servers,the consensus can be satisfied.The performance evaluations show that the proposed protocol can yield larger good throughput with a lower unavailability.
文摘传统的数据库安全解决方案的缺点是不能很好地解决以合法身份进行的恶意攻击,对具有不同安全需求的用户,只能提供固定的安全级别,造成资源浪费。它采用多级安全模型,即“用户+ OS + DBMS +事务级入侵容忍”,将冗余和多样性技术相结合,采用整体安全策略及面向服务的入侵容忍技术,实现数据库的可生存性、可用性及关键数据的机密性、完整性,能有效抵御以合法身份进行的恶意攻击,降低安全成本。
