B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maint...B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maintenance and service costs of stand-alone embedded systems can be reduced when they can be展开更多
B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later secti...B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later sections. Communication networks for industrial automation are typically built in hierarchi-展开更多
D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sen...D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sensors,meters,and actuators.A large number of specialized and partly proprietary commu- nication systems,media,and protocols can be found on this level.Most were developed at a time when security issues were of lesser con- cern than today,and when no practical secu- rity measures were available.展开更多
E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost,...E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost, real-time performance, power consumption, and other constraints which are even more demanding than in large workstations. A reference discusses these aspects with the example of a thermostat con-展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
Cloud computing is the new norm within business entities as businesses try to keep up with technological advancements and user needs. The concept is defined as a computing environment allowing for remote outsourcing o...Cloud computing is the new norm within business entities as businesses try to keep up with technological advancements and user needs. The concept is defined as a computing environment allowing for remote outsourcing of storage and computing resources. A hybrid cloud environment is an excellent example of cloud computing. Specifically, the hybrid system provides organizations with increased scalability and control over their data and support for a remote workforce. However, hybrid cloud systems are expensive as organizations operate different infrastructures while introducing complexity to the organization’s activities. Data security is critical among the most vital concerns that have resulted from the use of cloud computing, thus, affecting the rate of user adoption and acceptance. This article, borrowing from the hybrid cloud computing system, recommends combining traditional and modern data security systems. Traditional data security systems have proven effective in their respective roles, with the main challenge arising from their recognition of context and connectivity. Therefore, integrating traditional and modern designs is recommended to enhance effectiveness, context, connectivity, and efficiency.展开更多
Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new m...Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.展开更多
The virtual machine of code mechanism (VMCM) as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS (micro-electromechanical systems) security device for high c...The virtual machine of code mechanism (VMCM) as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS (micro-electromechanical systems) security device for high consequence systems. Based on a study of the running condition of physical code mechanism, VMCM's configuration, ternary encoding method, running action and logic are derived. The cases of multi-level code mechanism are designed and verified with the VMCM method, showing that the presented method is effective.展开更多
Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using ma...Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using machine learning and deep learning.The significant advantage of deep learning is that it is highly efficient,but it needs a large training time with a lot of data.Therefore,in this paper,we present a new feature reduction strategy based on Distributed Cumulative Histograms(DCH)to distinguish between dataset features to locate the most effective features.Cumulative histograms assess the dataset instance patterns of the applied features to identify the most effective attributes that can significantly impact the classification results.Three different models for detecting attacks using Convolutional Neural Network(CNN)and Long Short-Term Memory Network(LSTM)are also proposed.The accuracy test of attack detection using the hybrid model was 98.96%on the UNSW-NP15 dataset.The proposed model is compared with wrapper-based and filter-based Feature Selection(FS)models.The proposed model reduced classification time and increased detection accuracy.展开更多
IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted...IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted by IoT devices.The application of physical unclonable functions(PUFs)ensures secure data transmission among the internet of things(IoT)devices in a simplified network with an efficient time-stamped agreement.This paper proposes a secure,lightweight,cost-efficient reinforcement machine learning framework(SLCR-MLF)to achieve decentralization and security,thus enabling scalability,data integrity,and optimized processing time in IoT devices.PUF has been integrated into SLCR-MLF to improve the security of the cluster head node in the IoT platform during transmission by providing the authentication service for device-to-device communication.An IoT network gathers information of interest from multiple cluster members selected by the proposed framework.In addition,the software-defined secured(SDS)technique is integrated with SLCR-MLF to improve data integrity and optimize processing time in the IoT platform.Simulation analysis shows that the proposed framework outperforms conventional methods regarding the network’s lifetime,energy,secured data retrieval rate,and performance ratio.By enabling the proposed framework,number of residual nodes is reduced to 16%,energy consumption is reduced by up to 50%,almost 30%improvement in data retrieval rate,and network lifetime is improved by up to 1000 msec.展开更多
Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)de...Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)devices,the widespread emergence of electronic medical records(EMR),and the rapid progress of cloud computing and artificial intelli-gence provide an opportunity to collect healthcare big data throughout the lifespan and analyze the disease risk at all stages of life.Thus,the focus of precision medicine is shift-ing from treatment toward prediction and prevention,i.e.,precision health.To this end,various types of data such as omics,imaging,EMR,continuous physiological monitoring,lifestyle,and environmental information,need to be collected,tracked,managed and shared.Thus,internet-of-medical things(IoMT)is crucial for assimilating the health systems,appli-cations,services,and devices that can improve the speed and accuracy of diagnosis and treatments along with real-time monitoring and modification of patient behavior as well as health status.However,security has emerged as a growing concern owing to the prolifera-tion of IoMT devices.The increasing interconnectivity of IoMT-enabled devices with health data reception,transmission,and processing significantly increases the number of potential vulnerabilities within a system.To address the security issues of precision health in IoMT systems,this study reviews the state-of-the-art techniques and schemes from the perspective of a hierarchical system architecture.We present an IoMT system model comprising three layers:the sensing layer,network layer,and cloud infrastructure layer.In particular,we dis-cuss the vulnerabilities and threats to security in each layer and review the existing security techniques and schemes corresponding to the system components along with their function-alities.Owing to the unique nature of biometric features in medical and health services,we highlight the biometrics-based technologies applied in IoMT systems,which contribute toward a considerable difference between the security solutions of existing IoT systems.Fur-thermore,we summarize the challenges and future research directions of IoMT systems to ensure an improved and more secure future of precision health.展开更多
To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own ...To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation. The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains. The security assertion markup language (SAML) assertion is used as security token in the system for authentication, authorization, and identity federation. The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider' s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.展开更多
Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national an...Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.展开更多
This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention...This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention on three aspects:(i)application of control and detection uni ed framework to enhancing the diagnosis capability of feedback control systems,(ii)projection-based fault detection,and complementary and explainable applications of projection-and machine learning-based techniques,and(iii)system performance degradation detection that is of elemental importance for today's automatic control systems.Some ideas and conceptual schemes are presented and illustrated by means of examples,serving as convincing arguments for research e orts in these aspects.They would contribute to the future development of capable diagnosis systems for functionality safe and cyber secure automatic control systems.展开更多
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ...Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.展开更多
Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdi...Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.展开更多
Innovations on the Internet of Everything(IoE)enabled systems are driving a change in the settings where we interact in smart units,recognized globally as smart city environments.However,intelligent video-surveillance...Innovations on the Internet of Everything(IoE)enabled systems are driving a change in the settings where we interact in smart units,recognized globally as smart city environments.However,intelligent video-surveillance systems are critical to increasing the security of these smart cities.More precisely,in today’s world of smart video surveillance,person re-identification(Re-ID)has gained increased consideration by researchers.Various researchers have designed deep learningbased algorithms for person Re-ID because they have achieved substantial breakthroughs in computer vision problems.In this line of research,we designed an adaptive feature refinementbased deep learning architecture to conduct person Re-ID.In the proposed architecture,the inter-channel and inter-spatial relationship of features between the images of the same individual taken from nonidentical camera viewpoints are focused on learning spatial and channel attention.In addition,the spatial pyramid pooling layer is inserted to extract the multiscale and fixed-dimension feature vectors irrespective of the size of the feature maps.Furthermore,the model’s effectiveness is validated on the CUHK01 and CUHK02 datasets.When compared with existing approaches,the approach presented in this paper achieves encouraging Rank 1 and 5 scores of 24.6% and 54.8%,respectively.展开更多
With the process of medical informatization,medical diagnosis results are recorded and shared in the form of electronic data in the computer.However,the security of medical data storage cannot be effectively protected...With the process of medical informatization,medical diagnosis results are recorded and shared in the form of electronic data in the computer.However,the security of medical data storage cannot be effectively protected and the unsafe sharing of medical data among different institutions is still a hidden danger that cannot be underestimated.To solve the above problems,a secure storage and sharing model of private data based on blockchain technology and homomorphic encryption is constructed.Based on the idea of blockchain decentralization,the model maintains a reliable medical alliance chain system to ensure the safe transmission of data between different institutions;A privacy data encryption and computing protocol based on homomorphic encryption is constructed to ensure the safe transmission of medical data;Using its complete anonymity to ensure the Blockchain of medical data and patient identity privacy;A strict transaction control management mechanism of medical data based on Intelligent contract automatic execution of preset instructions is proposed.After security verification,compared with the traditional medical big data storage and sharing mode,the model has better security and sharing.展开更多
A new method is proposed for the object surveillance system based on the enhanced fish-eye lens and the high speed digital signal processor (DSP). The improved fish-eye lens images an ellipse picture on the charge-c...A new method is proposed for the object surveillance system based on the enhanced fish-eye lens and the high speed digital signal processor (DSP). The improved fish-eye lens images an ellipse picture on the charge-coupled device (CCD) surface, which increases both the utilization rate of the 4:3 rectangular CCD and the imaging resolution, and remains the view angle of 183° The algorithm of auto-adapted renewal background subtraction (ARBS) is also explored to extract the object from the monitoring image. The experimental result shows that the ARBS algorithm has high anti-jamming ability and high resolution, leading to excellent object detecting ability from the enhanced elliptical fish-eye image under varies environments. This system has potential applications in different security monitoring fields due to its wide monitoring space, simple structure, working stability, and reliability.展开更多
Adversarial examples revealed the weakness of machine learning techniques in terms of robustness,which moreover inspired adversaries to make use of the weakness to attack systems employing machine learning.Existing re...Adversarial examples revealed the weakness of machine learning techniques in terms of robustness,which moreover inspired adversaries to make use of the weakness to attack systems employing machine learning.Existing researches covered the methodologies of adversarial example generation,the root reason of the existence of adversarial examples,and some defense schemes.However practical attack against real world systems did not appear until recent,mainly because of the difficulty in injecting a artificially generated example into the model behind the hosting system without breaking the integrity.Recent case study works against face recognition systems and road sign recognition systems finally abridged the gap between theoretical adversarial example generation methodologies and practical attack schemes against real systems.To guide future research in defending adversarial examples in the real world,we formalize the threat model for practical attacks with adversarial examples,and also analyze the restrictions and key procedures for launching real world adversarial example attacks.展开更多
文摘B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maintenance and service costs of stand-alone embedded systems can be reduced when they can be
文摘B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later sections. Communication networks for industrial automation are typically built in hierarchi-
文摘D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sensors,meters,and actuators.A large number of specialized and partly proprietary commu- nication systems,media,and protocols can be found on this level.Most were developed at a time when security issues were of lesser con- cern than today,and when no practical secu- rity measures were available.
文摘E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost, real-time performance, power consumption, and other constraints which are even more demanding than in large workstations. A reference discusses these aspects with the example of a thermostat con-
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘Cloud computing is the new norm within business entities as businesses try to keep up with technological advancements and user needs. The concept is defined as a computing environment allowing for remote outsourcing of storage and computing resources. A hybrid cloud environment is an excellent example of cloud computing. Specifically, the hybrid system provides organizations with increased scalability and control over their data and support for a remote workforce. However, hybrid cloud systems are expensive as organizations operate different infrastructures while introducing complexity to the organization’s activities. Data security is critical among the most vital concerns that have resulted from the use of cloud computing, thus, affecting the rate of user adoption and acceptance. This article, borrowing from the hybrid cloud computing system, recommends combining traditional and modern data security systems. Traditional data security systems have proven effective in their respective roles, with the main challenge arising from their recognition of context and connectivity. Therefore, integrating traditional and modern designs is recommended to enhance effectiveness, context, connectivity, and efficiency.
文摘Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.
基金Project supported by High-Technology Research and Develop-ment Program of China (Grant No .863 -2003AA404210)
文摘The virtual machine of code mechanism (VMCM) as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS (micro-electromechanical systems) security device for high consequence systems. Based on a study of the running condition of physical code mechanism, VMCM's configuration, ternary encoding method, running action and logic are derived. The cases of multi-level code mechanism are designed and verified with the VMCM method, showing that the presented method is effective.
文摘Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using machine learning and deep learning.The significant advantage of deep learning is that it is highly efficient,but it needs a large training time with a lot of data.Therefore,in this paper,we present a new feature reduction strategy based on Distributed Cumulative Histograms(DCH)to distinguish between dataset features to locate the most effective features.Cumulative histograms assess the dataset instance patterns of the applied features to identify the most effective attributes that can significantly impact the classification results.Three different models for detecting attacks using Convolutional Neural Network(CNN)and Long Short-Term Memory Network(LSTM)are also proposed.The accuracy test of attack detection using the hybrid model was 98.96%on the UNSW-NP15 dataset.The proposed model is compared with wrapper-based and filter-based Feature Selection(FS)models.The proposed model reduced classification time and increased detection accuracy.
文摘IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted by IoT devices.The application of physical unclonable functions(PUFs)ensures secure data transmission among the internet of things(IoT)devices in a simplified network with an efficient time-stamped agreement.This paper proposes a secure,lightweight,cost-efficient reinforcement machine learning framework(SLCR-MLF)to achieve decentralization and security,thus enabling scalability,data integrity,and optimized processing time in IoT devices.PUF has been integrated into SLCR-MLF to improve the security of the cluster head node in the IoT platform during transmission by providing the authentication service for device-to-device communication.An IoT network gathers information of interest from multiple cluster members selected by the proposed framework.In addition,the software-defined secured(SDS)technique is integrated with SLCR-MLF to improve data integrity and optimize processing time in the IoT platform.Simulation analysis shows that the proposed framework outperforms conventional methods regarding the network’s lifetime,energy,secured data retrieval rate,and performance ratio.By enabling the proposed framework,number of residual nodes is reduced to 16%,energy consumption is reduced by up to 50%,almost 30%improvement in data retrieval rate,and network lifetime is improved by up to 1000 msec.
基金supported in part by the National Natural Science Foundation of China under Grants 62072451,62102409,and 62073310in part by the Shenzhen Science and Technology Program under Grant RCBS20210609104609044.
文摘Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)devices,the widespread emergence of electronic medical records(EMR),and the rapid progress of cloud computing and artificial intelli-gence provide an opportunity to collect healthcare big data throughout the lifespan and analyze the disease risk at all stages of life.Thus,the focus of precision medicine is shift-ing from treatment toward prediction and prevention,i.e.,precision health.To this end,various types of data such as omics,imaging,EMR,continuous physiological monitoring,lifestyle,and environmental information,need to be collected,tracked,managed and shared.Thus,internet-of-medical things(IoMT)is crucial for assimilating the health systems,appli-cations,services,and devices that can improve the speed and accuracy of diagnosis and treatments along with real-time monitoring and modification of patient behavior as well as health status.However,security has emerged as a growing concern owing to the prolifera-tion of IoMT devices.The increasing interconnectivity of IoMT-enabled devices with health data reception,transmission,and processing significantly increases the number of potential vulnerabilities within a system.To address the security issues of precision health in IoMT systems,this study reviews the state-of-the-art techniques and schemes from the perspective of a hierarchical system architecture.We present an IoMT system model comprising three layers:the sensing layer,network layer,and cloud infrastructure layer.In particular,we dis-cuss the vulnerabilities and threats to security in each layer and review the existing security techniques and schemes corresponding to the system components along with their function-alities.Owing to the unique nature of biometric features in medical and health services,we highlight the biometrics-based technologies applied in IoMT systems,which contribute toward a considerable difference between the security solutions of existing IoT systems.Fur-thermore,we summarize the challenges and future research directions of IoMT systems to ensure an improved and more secure future of precision health.
基金The National Natural Science Foundation of China(No60673054)
文摘To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation. The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains. The security assertion markup language (SAML) assertion is used as security token in the system for authentication, authorization, and identity federation. The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider' s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.
基金the Natural Science Foundation of Beijing (Grant No. 4052016)the National Natural Science Foundation of China (Grant No. 60573042)the National Grand Fundamental Research 973 Program of China (Grant No. G1999035802)
文摘Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.
文摘This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention on three aspects:(i)application of control and detection uni ed framework to enhancing the diagnosis capability of feedback control systems,(ii)projection-based fault detection,and complementary and explainable applications of projection-and machine learning-based techniques,and(iii)system performance degradation detection that is of elemental importance for today's automatic control systems.Some ideas and conceptual schemes are presented and illustrated by means of examples,serving as convincing arguments for research e orts in these aspects.They would contribute to the future development of capable diagnosis systems for functionality safe and cyber secure automatic control systems.
基金the Science and Technology Innovation Program of Shanghai Science and Technology Commit-tee(No.19511103500)。
文摘Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.
文摘Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.
基金supported by Korea Institute for Advancement of Technology(KIAT)grant funded by the Korea Government(MOTIE)(P0008703,The Competency Development Program for Industry Specialist)the MSIT(Ministry of Science and ICT),Republic of Korea,under the ITRC(Information Technology Research Center)support program(IITP-2022-2018-0-01799)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Innovations on the Internet of Everything(IoE)enabled systems are driving a change in the settings where we interact in smart units,recognized globally as smart city environments.However,intelligent video-surveillance systems are critical to increasing the security of these smart cities.More precisely,in today’s world of smart video surveillance,person re-identification(Re-ID)has gained increased consideration by researchers.Various researchers have designed deep learningbased algorithms for person Re-ID because they have achieved substantial breakthroughs in computer vision problems.In this line of research,we designed an adaptive feature refinementbased deep learning architecture to conduct person Re-ID.In the proposed architecture,the inter-channel and inter-spatial relationship of features between the images of the same individual taken from nonidentical camera viewpoints are focused on learning spatial and channel attention.In addition,the spatial pyramid pooling layer is inserted to extract the multiscale and fixed-dimension feature vectors irrespective of the size of the feature maps.Furthermore,the model’s effectiveness is validated on the CUHK01 and CUHK02 datasets.When compared with existing approaches,the approach presented in this paper achieves encouraging Rank 1 and 5 scores of 24.6% and 54.8%,respectively.
基金supported in part by the Jilin Provincial Department of Science and Technology,China(YDZJ202303CGZH010)Jilin Provincial Department of Human Resources and Social Security,China(2022QN05)the Changchun Science and Technology Bureau,China(21ZGM29).
文摘With the process of medical informatization,medical diagnosis results are recorded and shared in the form of electronic data in the computer.However,the security of medical data storage cannot be effectively protected and the unsafe sharing of medical data among different institutions is still a hidden danger that cannot be underestimated.To solve the above problems,a secure storage and sharing model of private data based on blockchain technology and homomorphic encryption is constructed.Based on the idea of blockchain decentralization,the model maintains a reliable medical alliance chain system to ensure the safe transmission of data between different institutions;A privacy data encryption and computing protocol based on homomorphic encryption is constructed to ensure the safe transmission of medical data;Using its complete anonymity to ensure the Blockchain of medical data and patient identity privacy;A strict transaction control management mechanism of medical data based on Intelligent contract automatic execution of preset instructions is proposed.After security verification,compared with the traditional medical big data storage and sharing mode,the model has better security and sharing.
文摘A new method is proposed for the object surveillance system based on the enhanced fish-eye lens and the high speed digital signal processor (DSP). The improved fish-eye lens images an ellipse picture on the charge-coupled device (CCD) surface, which increases both the utilization rate of the 4:3 rectangular CCD and the imaging resolution, and remains the view angle of 183° The algorithm of auto-adapted renewal background subtraction (ARBS) is also explored to extract the object from the monitoring image. The experimental result shows that the ARBS algorithm has high anti-jamming ability and high resolution, leading to excellent object detecting ability from the enhanced elliptical fish-eye image under varies environments. This system has potential applications in different security monitoring fields due to its wide monitoring space, simple structure, working stability, and reliability.
基金partially sponsored by Shanghai Sailing Program No.18YF1402200。
文摘Adversarial examples revealed the weakness of machine learning techniques in terms of robustness,which moreover inspired adversaries to make use of the weakness to attack systems employing machine learning.Existing researches covered the methodologies of adversarial example generation,the root reason of the existence of adversarial examples,and some defense schemes.However practical attack against real world systems did not appear until recent,mainly because of the difficulty in injecting a artificially generated example into the model behind the hosting system without breaking the integrity.Recent case study works against face recognition systems and road sign recognition systems finally abridged the gap between theoretical adversarial example generation methodologies and practical attack schemes against real systems.To guide future research in defending adversarial examples in the real world,we formalize the threat model for practical attacks with adversarial examples,and also analyze the restrictions and key procedures for launching real world adversarial example attacks.
