In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation...In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.展开更多
While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of runni...While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.展开更多
Based on the problem that the service entity only has the partial field of vision in the network environment,a trust evolvement method of the macro self-organization for Web service combination was proposed.In the met...Based on the problem that the service entity only has the partial field of vision in the network environment,a trust evolvement method of the macro self-organization for Web service combination was proposed.In the method,the control rule of the trust degree in the Dempster-Shafer(D-S)rule was utilized based on the entity network interactive behavior,and a proportion trust control rule was put up.The control rule could make the Web service self-adaptively study so as to gradually form a proper trust connection with its cooperative entities and to improve the security performance of the whole system.The experimental results show that the historical successful experience is saved during the service combination alliance,and the method can greatly improve the reliability and success rate of Web service combination.展开更多
Two limitations of current integrity measurement architectures are pointed out: (1) a reference value is required for every measured entity to verify the system states, as is impractical however; (2) malicious us...Two limitations of current integrity measurement architectures are pointed out: (1) a reference value is required for every measured entity to verify the system states, as is impractical however; (2) malicious user can forge proof of inexistent system states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access control for trusted platform module (TPM). BBACIMA introduces a TPM reference monitor (TPMRM) to ensure the trustworthiness of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR (platform configuration register) operation requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement architectures.展开更多
The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author ...The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS (software intended behaviors describing sets) statically from the binary executable using the software's API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties: (i) it can describe the software's intended behavior accurately; (ii) it demands a small storage expense; (iii) it provides strong capability to defend against mimicry attack.展开更多
Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system...Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.展开更多
The thesis introduces the generation and mechanism of action of trust during cooperation, which indicates that trust can activate the members' participation in management and investment, and preclude the generatio...The thesis introduces the generation and mechanism of action of trust during cooperation, which indicates that trust can activate the members' participation in management and investment, and preclude the generation of members' will and behavior of breach of contract so as to guarantee the stable development of farmers' cooperatives; the decreasing degree of trust can put sand in the wheels of farmers' cooperatives. Based on these, we conduct survey of questionnaire on 197 rural households of 10 farmers' cooperatives in Yanliang, Xi'an, Lintong and Yanglin . By analyzing the generation of trust mechanism and survey data, some suggestions are put forward as follows: promote inner communication; remodel the trust culture of informal system; hew to contractual system; perfect the system of motivation and punishment; establish the system of equal property right and investment; implement management and supervision by job rotation so as to promote the trust degree among the members of farmers' cooperatives and keep the benign recycle of "trust-cooperation".展开更多
基金This work was supported by the National Basic Research Pro-gram of China under Crant No.2007CB311100 Funds of Key Lab of Fujlan Province University Network Security and Cryp- toll1009+3 种基金 the National Science Foundation for Young Scholars of China under Crant No.61001091 Beijing Nature Science Foundation under Crant No. 4122012 "Next-Generation Broad-band Wireless Mobile Communication Network" National Sci-ence and Technology Major Special Issue Funding under Grant No. 2012ZX03002003 Funding Program for Academic tturmn Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of Chi-na.
文摘In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023)
文摘While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.
基金Project(60673169)supported by the National Natural Science Foundation of China
文摘Based on the problem that the service entity only has the partial field of vision in the network environment,a trust evolvement method of the macro self-organization for Web service combination was proposed.In the method,the control rule of the trust degree in the Dempster-Shafer(D-S)rule was utilized based on the entity network interactive behavior,and a proportion trust control rule was put up.The control rule could make the Web service self-adaptively study so as to gradually form a proper trust connection with its cooperative entities and to improve the security performance of the whole system.The experimental results show that the historical successful experience is saved during the service combination alliance,and the method can greatly improve the reliability and success rate of Web service combination.
基金the National High Technology Research and Development Plan of China (2007AA01Z412)the National Key Technology R&D Program of China (2006BAH02A02)the National Natural Science Foundation of China (60603017)
文摘Two limitations of current integrity measurement architectures are pointed out: (1) a reference value is required for every measured entity to verify the system states, as is impractical however; (2) malicious user can forge proof of inexistent system states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access control for trusted platform module (TPM). BBACIMA introduces a TPM reference monitor (TPMRM) to ensure the trustworthiness of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR (platform configuration register) operation requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement architectures.
基金the National Natural Science Foundation of China (60673071, 60743003, 90718005, 90718006)the National High Technology Research and Development Program of China (863 Program) (2006AA01Z442, 2007AA01Z411)
文摘The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS (software intended behaviors describing sets) statically from the binary executable using the software's API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties: (i) it can describe the software's intended behavior accurately; (ii) it demands a small storage expense; (iii) it provides strong capability to defend against mimicry attack.
基金partially supported by grants from the China 863 High-tech Program (Grant No. 2015AA016002)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No. 20131103120001)+2 种基金the National Key Research and Development Program of China (Grant No. 2016YFB0800204)the National Science Foundation of China (No. 61502017)the Scientific Research Common Program of Beijing Municipal Commission of Education (KM201710005024)
文摘Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.
基金Supported by Youth Project of National Social Science Program(10CJY043)Decision-making and Bid Inviting Subject of Government of Henan Province in 2010 (B600)
文摘The thesis introduces the generation and mechanism of action of trust during cooperation, which indicates that trust can activate the members' participation in management and investment, and preclude the generation of members' will and behavior of breach of contract so as to guarantee the stable development of farmers' cooperatives; the decreasing degree of trust can put sand in the wheels of farmers' cooperatives. Based on these, we conduct survey of questionnaire on 197 rural households of 10 farmers' cooperatives in Yanliang, Xi'an, Lintong and Yanglin . By analyzing the generation of trust mechanism and survey data, some suggestions are put forward as follows: promote inner communication; remodel the trust culture of informal system; hew to contractual system; perfect the system of motivation and punishment; establish the system of equal property right and investment; implement management and supervision by job rotation so as to promote the trust degree among the members of farmers' cooperatives and keep the benign recycle of "trust-cooperation".