With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issu...With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.展开更多
利用 .NET Web Service构建分布式异构应用平台是当今软件设计的一个热点。文章介绍了 .NET框架中基于 Web Service的分布式异构应用平台体系结构及主要的后台工作协议 XML (e Xtensible Markup L anguage,可扩展标识语言 ) ,阐述了利用...利用 .NET Web Service构建分布式异构应用平台是当今软件设计的一个热点。文章介绍了 .NET框架中基于 Web Service的分布式异构应用平台体系结构及主要的后台工作协议 XML (e Xtensible Markup L anguage,可扩展标识语言 ) ,阐述了利用 XML作为异构数据转换的中介 ,Web Service作为分布式应用的平台来实现分布式异构数据透明转换的机制。展开更多
With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality a...With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.展开更多
A new web product data management architecture is presented. The three-tier web architecture and Simple Object Access Protocol (SOAP) are combined to build the web-based product data management (PDM) system which incl...A new web product data management architecture is presented. The three-tier web architecture and Simple Object Access Protocol (SOAP) are combined to build the web-based product data management (PDM) system which includes three tiers: the user services tier, the business services tier, and the data services tier. The client service component uses the server-side technology, and Extensible Markup Language (XML) web service which uses SOAP as the communication protocol is chosen as the business service component. To illustrate how to build a web-based PDM system using the proposed architecture, a case PDM system which included three logical tires was built. To use the security and central management features of the database, a stored procedure was recommended in the data services tier. The business object was implemented as an XML web service so that client could use standard internet protocols to communicate with the business object from any platform. In order to satisfy users using all sorts of browser, the server-side technology and Microsoft ASP.NET was used to create the dynamic user interface.展开更多
Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security pla...Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security played a vital role in ensuring that the communication between cloud users and service providers remained unadulterated and authentic.In most cloud-based data distribution environments,emphasis is placed on accepting trusted client users’requests,but the cloud servers’integrity is seldom verified.This paper designs a trust-based access control model based on user and server characteristics in a multi-cloud environment to address this issue.The proposed methodology consists of data encryption using Cyclic Shift Transposition Algorithm and trust-based access control method.In this trust-based access control mechanism framework,trust values are assigned to cloud users using direct trust degrees.The direct trust degree is estimated based on the following metrics:success and failure rate of interactions,service satisfaction index,and dishonesty level.In addition to this,trust values are assigned to cloud servers based on the metrics:server load,service rejection rate,and service access delay.The role-Based Access control policy of each user is modified based on his trust level.If the server fails to meet the minimum trust level,then another suitable server will be selected.The proposed system is found to outperform other existing systems in a multi-cloud environment.展开更多
Public medical facilities that are closely related to the health of residents have been recognised as one of the most crucial elements in sustainable urban planning.For the sake of social equality of medical services(...Public medical facilities that are closely related to the health of residents have been recognised as one of the most crucial elements in sustainable urban planning.For the sake of social equality of medical services(especially for emergency medical conditions),the spatial distributions of medical resources need to be accurately measured and continuously optimized.This study presents an effective method to examine night emergency hospital visit and analyse its spatiotemporal characteristics using float car data(FCD).By extracting the hospital service areas,the two-step floating catchment area(2SFCA)methodology was improved to calculate hospital accessibility.Then,the balance between hospital accessibility and population density was analysed.In addition,we investigated the relationship between individual hospital choice preferences and hospital level and analysed several factors that affect individual choices.These results help us understand the special requirements and need of emergency hospital travel in cities and identify areas where medical resources are scarce.They can be used as guidance for urban hospital planning and construction.And the approach of hospital access behaviour investigation and the improved 2SFCA method can also provide insights for other activity-based travel behaviour research.展开更多
With the development and popularization of information technology,the global academic exchange model has generally developed towards open access.Scientific activity in the information age requires more data to be open...With the development and popularization of information technology,the global academic exchange model has generally developed towards open access.Scientific activity in the information age requires more data to be opened and shared.From open access to open data and to open science.展开更多
A new packet medium access protocol, namely, minislot signaling access based on distributed queues(MSADQ/CDMA), is proposed in voice and data intergration CDMA networks. The MSADQ protocol is based on distributed queu...A new packet medium access protocol, namely, minislot signaling access based on distributed queues(MSADQ/CDMA), is proposed in voice and data intergration CDMA networks. The MSADQ protocol is based on distributed queues and collision resolution algorithm. Through proper management of the PN codes, the number of random competition collision reduces greatly, the multiple access interference (MAI) decreases. It has several special access signaling channels to carry the voice and data access request. Each slot is devided into several control minislots (CMSs), in which the Data Terminals (DT) or Voice Terminals (VT) transmit their request. According to the voice and data traffic character, the signaling access structure is proposed. The code assign rules and queue managing rules are also proposed to ensure the QoS requirement of each traffic. Comparisions with other three protocol are developed by simulation, which shows that MSADQ/CDMA protocol occupies less PN codes, but still has very good performance.展开更多
数据分发服务(Data distribution service,DDS)是一种可靠的实时数据通信中间件标准,它是面向基于发布/订阅模型的分布式环境,在各个领域得到了广泛应用,但现有研究涉及DDS安全技术的成果较少,而在实际应用中发布订阅系统存在多种安全...数据分发服务(Data distribution service,DDS)是一种可靠的实时数据通信中间件标准,它是面向基于发布/订阅模型的分布式环境,在各个领域得到了广泛应用,但现有研究涉及DDS安全技术的成果较少,而在实际应用中发布订阅系统存在多种安全威胁。为了建立灵活可靠的安全机制来确保发布订阅信息的安全性,提出一种以数据为中心的访问控制方案。在属性加密的基础上,对访问树结构进行优化处理,结合发布订阅环境增加属性信任机制。之后采用制定属性连接式与授权策略的方式对发布订阅信息进行加密匹配,并建立DDS访问控制模型来控制发布订阅系统内信息的交互,实现数据的安全分发。经过实验验证,该方案既能够应对DDS存在的几种安全威胁,保障发布订阅信息的机密性,也能够实现系统对特定信息的访问控制,并且发布者订阅者不需要共享密钥,减少了密钥管理的开销。展开更多
基金financially supported by the National Natural Science Foundation of China(No.61303216,No.61272457,No.U1401251,and No.61373172)the National High Technology Research and Development Program of China(863 Program)(No.2012AA013102)National 111 Program of China B16037 and B08038
文摘With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.
文摘利用 .NET Web Service构建分布式异构应用平台是当今软件设计的一个热点。文章介绍了 .NET框架中基于 Web Service的分布式异构应用平台体系结构及主要的后台工作协议 XML (e Xtensible Markup L anguage,可扩展标识语言 ) ,阐述了利用 XML作为异构数据转换的中介 ,Web Service作为分布式应用的平台来实现分布式异构数据透明转换的机制。
文摘With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.
基金the National Key Project Foundation of China (No. 2001BA201A0605) and partially supported by the State Key Lab for Mechanical Transmission..
文摘A new web product data management architecture is presented. The three-tier web architecture and Simple Object Access Protocol (SOAP) are combined to build the web-based product data management (PDM) system which includes three tiers: the user services tier, the business services tier, and the data services tier. The client service component uses the server-side technology, and Extensible Markup Language (XML) web service which uses SOAP as the communication protocol is chosen as the business service component. To illustrate how to build a web-based PDM system using the proposed architecture, a case PDM system which included three logical tires was built. To use the security and central management features of the database, a stored procedure was recommended in the data services tier. The business object was implemented as an XML web service so that client could use standard internet protocols to communicate with the business object from any platform. In order to satisfy users using all sorts of browser, the server-side technology and Microsoft ASP.NET was used to create the dynamic user interface.
文摘Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security played a vital role in ensuring that the communication between cloud users and service providers remained unadulterated and authentic.In most cloud-based data distribution environments,emphasis is placed on accepting trusted client users’requests,but the cloud servers’integrity is seldom verified.This paper designs a trust-based access control model based on user and server characteristics in a multi-cloud environment to address this issue.The proposed methodology consists of data encryption using Cyclic Shift Transposition Algorithm and trust-based access control method.In this trust-based access control mechanism framework,trust values are assigned to cloud users using direct trust degrees.The direct trust degree is estimated based on the following metrics:success and failure rate of interactions,service satisfaction index,and dishonesty level.In addition to this,trust values are assigned to cloud servers based on the metrics:server load,service rejection rate,and service access delay.The role-Based Access control policy of each user is modified based on his trust level.If the server fails to meet the minimum trust level,then another suitable server will be selected.The proposed system is found to outperform other existing systems in a multi-cloud environment.
基金supported by National Natural Science Foundation of China[grant no 42171452].
文摘Public medical facilities that are closely related to the health of residents have been recognised as one of the most crucial elements in sustainable urban planning.For the sake of social equality of medical services(especially for emergency medical conditions),the spatial distributions of medical resources need to be accurately measured and continuously optimized.This study presents an effective method to examine night emergency hospital visit and analyse its spatiotemporal characteristics using float car data(FCD).By extracting the hospital service areas,the two-step floating catchment area(2SFCA)methodology was improved to calculate hospital accessibility.Then,the balance between hospital accessibility and population density was analysed.In addition,we investigated the relationship between individual hospital choice preferences and hospital level and analysed several factors that affect individual choices.These results help us understand the special requirements and need of emergency hospital travel in cities and identify areas where medical resources are scarce.They can be used as guidance for urban hospital planning and construction.And the approach of hospital access behaviour investigation and the improved 2SFCA method can also provide insights for other activity-based travel behaviour research.
文摘With the development and popularization of information technology,the global academic exchange model has generally developed towards open access.Scientific activity in the information age requires more data to be opened and shared.From open access to open data and to open science.
文摘A new packet medium access protocol, namely, minislot signaling access based on distributed queues(MSADQ/CDMA), is proposed in voice and data intergration CDMA networks. The MSADQ protocol is based on distributed queues and collision resolution algorithm. Through proper management of the PN codes, the number of random competition collision reduces greatly, the multiple access interference (MAI) decreases. It has several special access signaling channels to carry the voice and data access request. Each slot is devided into several control minislots (CMSs), in which the Data Terminals (DT) or Voice Terminals (VT) transmit their request. According to the voice and data traffic character, the signaling access structure is proposed. The code assign rules and queue managing rules are also proposed to ensure the QoS requirement of each traffic. Comparisions with other three protocol are developed by simulation, which shows that MSADQ/CDMA protocol occupies less PN codes, but still has very good performance.
文摘数据分发服务(Data distribution service,DDS)是一种可靠的实时数据通信中间件标准,它是面向基于发布/订阅模型的分布式环境,在各个领域得到了广泛应用,但现有研究涉及DDS安全技术的成果较少,而在实际应用中发布订阅系统存在多种安全威胁。为了建立灵活可靠的安全机制来确保发布订阅信息的安全性,提出一种以数据为中心的访问控制方案。在属性加密的基础上,对访问树结构进行优化处理,结合发布订阅环境增加属性信任机制。之后采用制定属性连接式与授权策略的方式对发布订阅信息进行加密匹配,并建立DDS访问控制模型来控制发布订阅系统内信息的交互,实现数据的安全分发。经过实验验证,该方案既能够应对DDS存在的几种安全威胁,保障发布订阅信息的机密性,也能够实现系统对特定信息的访问控制,并且发布者订阅者不需要共享密钥,减少了密钥管理的开销。
