针对在Visual Studio 2010中的VB.NET下如何访问VFP表的方法进行了研究和讨论。常用的访问数据库表的方式有ADO、RDO和Ole Db等。主要讨论了ADO和RDO两种访问VFP表的方式。研究发现ADO方式访问VFP表存在一些BUG,会使程序出现异常。使用...针对在Visual Studio 2010中的VB.NET下如何访问VFP表的方法进行了研究和讨论。常用的访问数据库表的方式有ADO、RDO和Ole Db等。主要讨论了ADO和RDO两种访问VFP表的方式。研究发现ADO方式访问VFP表存在一些BUG,会使程序出现异常。使用RDO方式访问VFP表,在软件发布时,需要将VFP的ODBC驱动程序vfpodbc.dll、组件文件Interop.RDO.dll和文件MSRDO20.dll进行打包,并对MSRDO20.dll进行注册。本文中给出了MSRDO20.dll的注册项和注册值,以及在应用Setup Factory 9建立的软件安装包中所要输入的注册代码。展开更多
This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extens...This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.展开更多
Data organization requires high efficiency for large amount of data applied in the digital mine system. A new method of storing massive data of block model is proposed to meet the characteristics of the database, incl...Data organization requires high efficiency for large amount of data applied in the digital mine system. A new method of storing massive data of block model is proposed to meet the characteristics of the database, including ACID-compliant, concurrency support, data sharing, and efficient access. Each block model is organized by linear octree, stored in LMDB(lightning memory-mapped database). Geological attribute can be queried at any point of 3D space by comparison algorithm of location code and conversion algorithm from address code of geometry space to location code of storage. The performance and robustness of querying geological attribute at 3D spatial region are enhanced greatly by the transformation from 3D to 2D and the method of 2D grid scanning to screen the inner and outer points. Experimental results showed that this method can access the massive data of block model, meeting the database characteristics. The method with LMDB is at least 3 times faster than that with etree, especially when it is used to read. In addition, the larger the amount of data is processed, the more efficient the method would be.展开更多
A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission ar...A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.展开更多
To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can sup...To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.展开更多
To enhance the practicability of the trust negotiation system, an agent based automated trust negotiation model (ABAM) is proposed. The ABAM introduces an agent to keep the negotiation process with no human interven...To enhance the practicability of the trust negotiation system, an agent based automated trust negotiation model (ABAM) is proposed. The ABAM introduces an agent to keep the negotiation process with no human intervention. Meanwhile, the ABAM specifies the format of a meta access control policy, and adopts credentials with flexible format to meet the requirements of access control policies instead of disclosing the whole contents of a certificate. Furthermore, the ABAM uses asymmetric functions with a high security intensity to encrypt the transmitting message, which can prevent information from being attacked. Finally, the ABAM presents a new negotiation protocol to guide the negotiation process. A use case is studied to illuminate that the ABAM is sound and reasonable. Compared with the existing work, the intelligence, privacy and negotiation efficiency are improved in the ABAM.展开更多
An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning secur...An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.展开更多
For sparse storage and quick access to projection matrix based on vector type, this paper proposes a method to solve the problems of the repetitive computation of projection coefficient, the large space occupation and...For sparse storage and quick access to projection matrix based on vector type, this paper proposes a method to solve the problems of the repetitive computation of projection coefficient, the large space occupation and low retrieval efficiency of projection matrix in iterative reconstruction algorithms, which calculates only once the projection coefficient and stores the data sparsely in binary format based on the variable size of library vector type. In the iterative reconstruction process, these binary files are accessed iteratively and the vector type is used to quickly obtain projection coefficients of each ray. The results of the experiments show that the method reduces the memory space occupation of the projection matrix and the computation of projection coefficient in iterative process, and accelerates the reconstruction speed.展开更多
A 1.8-V 64-kb four-way set-associative CMOS cache memory implemented by 0.18μm/1.8V 1P6M logic CMOS technology for a super performance 32-b RISC microprocessor is presented.For comparison,a conventional parallel acce...A 1.8-V 64-kb four-way set-associative CMOS cache memory implemented by 0.18μm/1.8V 1P6M logic CMOS technology for a super performance 32-b RISC microprocessor is presented.For comparison,a conventional parallel access cache with the same storage and organization is also designed and simulated using the same technology.Simulation results indicate that by using sequential access,power reduction of 26% on a cache hit and 35% on a cache miss is achieved.High-speed approaches including modified current-mode sense amplifier and split dynamic tag comparators are adopted to achieve fast data access.Simulation results indicate that a typical clock to data access of 2.7ns is achieved...展开更多
In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption an...In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.展开更多
Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
The future usage of heterogeneous databases will consist of the WWW and CORBA environments. The integration of the WWW databases and CORBA standards are discussed. These two techniques need to merge together to make d...The future usage of heterogeneous databases will consist of the WWW and CORBA environments. The integration of the WWW databases and CORBA standards are discussed. These two techniques need to merge together to make distributed usage of heterogeneous databases user friendly. In an environment integrating WWW databases and CORBA technologies, CORBA can be used to access heterogeneous data sources in the internet. This kind of applications can achieve distributed transactions to assure data consistency and integrity. The application of this technology is with a good prospect.展开更多
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure ...As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.展开更多
In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dy...In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.展开更多
In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control ...In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control (DPMAC) scheme designed according to WSNs' features is proposed.DPMAC is a priority based access control protocol with the characteristics that its polling table is dynamically refreshed depending on whether the sensor node is active and that the bandwidth is dynamically allocated according to the traffic types.The access priorities are determined by the emergency levels of events and the scheduler proposed in our MAC is preemptive based on the deadline of the events.Simulation results show that DPMAC can efficiently utilize bandwidth and decrease average access delay and response time for emergency events with different access priorities in WSNs.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Most transactional memory (TM) research focused on multi-core processors, and others investigated at the clusters, leaving the area of non-uniform memory access (NUMA) system unexplored. The existing TM implementation...Most transactional memory (TM) research focused on multi-core processors, and others investigated at the clusters, leaving the area of non-uniform memory access (NUMA) system unexplored. The existing TM implementations made significant performance degradation on NUMA system because they ignored the slower remote memory access. To solve this problem, a latency-based conflict detection and a forecasting-based conflict prevention method were proposed. Using these techniques, the NUMA aware TM system was presented. By reducing the remote memory access and the abort rate of transaction, the experiment results show that the NUMA aware strategies present good practical TM performance on NUMA system.展开更多
Abstract: The layered decoding algorithm has been widely used in the implementation of Low Density Parity Check (LDPC) decoders, due to its high convergence speed. However, the pipeline operation of the layered dec...Abstract: The layered decoding algorithm has been widely used in the implementation of Low Density Parity Check (LDPC) decoders, due to its high convergence speed. However, the pipeline operation of the layered decoder may introduce memory access conflicts, which heavily deteriorates the decoder throughput. To essentially deal with the issue of memory access conflicts,展开更多
In this study, an improved random access(RA) scheme for Machine-to-Machine(M2M) communications is proposed. The improved RA scheme is realized by two steps. First, the improved RA scheme achieves a reasonable resource...In this study, an improved random access(RA) scheme for Machine-to-Machine(M2M) communications is proposed. The improved RA scheme is realized by two steps. First, the improved RA scheme achieves a reasonable resource tradeoff between physical random access channel(PRACH) and physical uplink shared channel(PUSCH). To realize a low-complexity resource allocation between PRACH and PUSCH, a boundary of traffic load is derived to divide the number of active M2 M users(UEs) into multiple intervals. The corresponding resource allocation for these intervals is determined by e NB. Then the resource allocation for other number of UEs can be obtained from the allocation of these intervals with less computation. Second, the access barring on arrival rate of new UEs is introduced in the improved RA scheme to reduce the expected delay. Numerical results show that the proposed improved RA scheme can realize a low-complexity resource allocation between PRACH and PUSCH. Meanwhile, the expected delay can be effectively reduced by access barring on arriving rate of new M2 M UEs.展开更多
基金The National High Technology Research and Development Program of China(863Program)(No.2007AA01Z445)
文摘This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.
基金Projects(41572317,51374242)supported by the National Natural Science Foundation of ChinaProject(2015CX005)supported by the Innovation Driven Plan of Central South University,China
文摘Data organization requires high efficiency for large amount of data applied in the digital mine system. A new method of storing massive data of block model is proposed to meet the characteristics of the database, including ACID-compliant, concurrency support, data sharing, and efficient access. Each block model is organized by linear octree, stored in LMDB(lightning memory-mapped database). Geological attribute can be queried at any point of 3D space by comparison algorithm of location code and conversion algorithm from address code of geometry space to location code of storage. The performance and robustness of querying geological attribute at 3D spatial region are enhanced greatly by the transformation from 3D to 2D and the method of 2D grid scanning to screen the inner and outer points. Experimental results showed that this method can access the massive data of block model, meeting the database characteristics. The method with LMDB is at least 3 times faster than that with etree, especially when it is used to read. In addition, the larger the amount of data is processed, the more efficient the method would be.
文摘A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.
基金The National Natural Science Foundation of China(No60403027)
文摘To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.
基金The National Natural Science Foundation of China(No60403027)
文摘To enhance the practicability of the trust negotiation system, an agent based automated trust negotiation model (ABAM) is proposed. The ABAM introduces an agent to keep the negotiation process with no human intervention. Meanwhile, the ABAM specifies the format of a meta access control policy, and adopts credentials with flexible format to meet the requirements of access control policies instead of disclosing the whole contents of a certificate. Furthermore, the ABAM uses asymmetric functions with a high security intensity to encrypt the transmitting message, which can prevent information from being attacked. Finally, the ABAM presents a new negotiation protocol to guide the negotiation process. A use case is studied to illuminate that the ABAM is sound and reasonable. Compared with the existing work, the intelligence, privacy and negotiation efficiency are improved in the ABAM.
基金The National Natural Science Foundation of China(No.60403027,60773191,70771043)the National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z403)
文摘An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.
基金National Natural Science Foundation of China(No.6171177)
文摘For sparse storage and quick access to projection matrix based on vector type, this paper proposes a method to solve the problems of the repetitive computation of projection coefficient, the large space occupation and low retrieval efficiency of projection matrix in iterative reconstruction algorithms, which calculates only once the projection coefficient and stores the data sparsely in binary format based on the variable size of library vector type. In the iterative reconstruction process, these binary files are accessed iteratively and the vector type is used to quickly obtain projection coefficients of each ray. The results of the experiments show that the method reduces the memory space occupation of the projection matrix and the computation of projection coefficient in iterative process, and accelerates the reconstruction speed.
文摘A 1.8-V 64-kb four-way set-associative CMOS cache memory implemented by 0.18μm/1.8V 1P6M logic CMOS technology for a super performance 32-b RISC microprocessor is presented.For comparison,a conventional parallel access cache with the same storage and organization is also designed and simulated using the same technology.Simulation results indicate that by using sequential access,power reduction of 26% on a cache hit and 35% on a cache miss is achieved.High-speed approaches including modified current-mode sense amplifier and split dynamic tag comparators are adopted to achieve fast data access.Simulation results indicate that a typical clock to data access of 2.7ns is achieved...
基金supported by National Natural Science Foundation of China under Grant No.60873231Natural Science Foundation of Jiangsu Province under Grant No.BK2009426+1 种基金Major State Basic Research Development Program of China under Grant No.2011CB302903Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002
文摘In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
文摘The future usage of heterogeneous databases will consist of the WWW and CORBA environments. The integration of the WWW databases and CORBA standards are discussed. These two techniques need to merge together to make distributed usage of heterogeneous databases user friendly. In an environment integrating WWW databases and CORBA technologies, CORBA can be used to access heterogeneous data sources in the internet. This kind of applications can achieve distributed transactions to assure data consistency and integrity. The application of this technology is with a good prospect.
基金ACKNOWLEDGEMENT This paper is supported by the Opening Project of State Key Laboratory for Novel Software Technology of Nanjing University, China (Grant No.KFKT2012B25) and National Science Foundation of China (Grant No.61303263).
文摘As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
基金supported by the National Key Basic Research Program of China(973 program) under Grant No.2012CB315901
文摘In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.
基金supported by the National Natural Science Foundation of China under Grants No.61172068,61003300the Key Program of NSFC Guangdong Union Foundation under Grant No.U0835004+2 种基金the National Grand Fundamental Research 973 Program of China under Grant No.A001200907the Fundamental Research Funds for the Central Universities under Grant No.K50511010003Program for New Century Excellent Talents in University under Grant No.NCET-11-0691
文摘In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control (DPMAC) scheme designed according to WSNs' features is proposed.DPMAC is a priority based access control protocol with the characteristics that its polling table is dynamically refreshed depending on whether the sensor node is active and that the bandwidth is dynamically allocated according to the traffic types.The access priorities are determined by the emergency levels of events and the scheduler proposed in our MAC is preemptive based on the deadline of the events.Simulation results show that DPMAC can efficiently utilize bandwidth and decrease average access delay and response time for emergency events with different access priorities in WSNs.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金Projects(61003075, 61170261) supported by the National Natural Science Foundation of China
文摘Most transactional memory (TM) research focused on multi-core processors, and others investigated at the clusters, leaving the area of non-uniform memory access (NUMA) system unexplored. The existing TM implementations made significant performance degradation on NUMA system because they ignored the slower remote memory access. To solve this problem, a latency-based conflict detection and a forecasting-based conflict prevention method were proposed. Using these techniques, the NUMA aware TM system was presented. By reducing the remote memory access and the abort rate of transaction, the experiment results show that the NUMA aware strategies present good practical TM performance on NUMA system.
基金the National Natural Science Foundation of China,the National Key Basic Research Program of China,The authors would like to thank all project partners for their valuable contributions and feedbacks
文摘Abstract: The layered decoding algorithm has been widely used in the implementation of Low Density Parity Check (LDPC) decoders, due to its high convergence speed. However, the pipeline operation of the layered decoder may introduce memory access conflicts, which heavily deteriorates the decoder throughput. To essentially deal with the issue of memory access conflicts,
基金supported by Key Laboratory of Universal Wireless Communications(Beijing University of Posts and Telecommunications),Ministry of Education,P.R.China,KFKT-2014103)National Science and Technology Major Project of China(No.2013ZX03006001)National Natural Science Foundation of China(61501056)
文摘In this study, an improved random access(RA) scheme for Machine-to-Machine(M2M) communications is proposed. The improved RA scheme is realized by two steps. First, the improved RA scheme achieves a reasonable resource tradeoff between physical random access channel(PRACH) and physical uplink shared channel(PUSCH). To realize a low-complexity resource allocation between PRACH and PUSCH, a boundary of traffic load is derived to divide the number of active M2 M users(UEs) into multiple intervals. The corresponding resource allocation for these intervals is determined by e NB. Then the resource allocation for other number of UEs can be obtained from the allocation of these intervals with less computation. Second, the access barring on arrival rate of new UEs is introduced in the improved RA scheme to reduce the expected delay. Numerical results show that the proposed improved RA scheme can realize a low-complexity resource allocation between PRACH and PUSCH. Meanwhile, the expected delay can be effectively reduced by access barring on arriving rate of new M2 M UEs.
