Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we p...Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute- based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.展开更多
This paper proposes a new access architecture onmobile cloud,which introduces a middle layer sitting between mobile devices and their cloud infrastructure.This middle layer is composed of cloudlets which are deployed ...This paper proposes a new access architecture onmobile cloud,which introduces a middle layer sitting between mobile devices and their cloud infrastructure.This middle layer is composed of cloudlets which are deployed by cloud services providers,such as wireless network access points(APs),to improve the performance of mobile cloud servicesand be different from traditional mobile operator mode.Then based on this new architecture.we improve our previous(Attribute-basedencryption) ABE access control scheme on cloud for mobile cloud,which is proposed to offload the main amount of computations to the cloudlet as the function of cloud.Simulationresults demonstratethe new access control scheme takes into consideration response time constraints and network statusof access task execution,while satisfying certain network security for mobile cloud.展开更多
To enhance user perceived performance,Akamai' s content distribution network(CDN) utilizes the domain name system(DNS) effectively to redirect users to close-by content replicas over short time scale.The use of DN...To enhance user perceived performance,Akamai' s content distribution network(CDN) utilizes the domain name system(DNS) effectively to redirect users to close-by content replicas over short time scale.The use of DNS redirection has brought a significant advantage to Akamai' s CDN.However,the reliance on DNS also poses a fundamental threat to Akamai' s content distribution model.In particular,systematic evaluation and quantification illustrates the impact of recent emerging public DNS resolving services on Akamai' s CDN,including the degradation of corresponding user perceived performance and the benefit damnification of collaborating internet services providers(ISPs) that host Akamai's edge servers.The measurement demonstrates that a considerable penetration of public DNS resolving services(e.g.,OpenDNS and GoogleDNS) effectively corrupts the Akamai' s serving model,namely the large-scale server distribution and quick DNS redirection.展开更多
The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model ...The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model will monitor the Web server host resources, and finally discusses in detail the design and implementation of resource monitoring system. Intrusion detection model proposed can effectively regulate the behavior of users in this paper, allowing users follow a pre-standard service to call service providers, largely to protect the security of Web services.展开更多
The violently penetration of renewables in power supply network leads to situations, by which the offer exceeds the demand. Therefore, it is necessary to include a system for processes' management. SmartGrid is a pla...The violently penetration of renewables in power supply network leads to situations, by which the offer exceeds the demand. Therefore, it is necessary to include a system for processes' management. SmartGrid is a platform over the power supply network. It is represented with its network and services, which also have to be managed. The paper aims to show the second stage of SmartGrid management modeling. It meets heterogeneous requirements of the actors--subscriber without photovoltaics, subscriber with photovoltaics, service provider, network operator, and network elements operator--to service and network management and is oriented to functional areas, covering the life cycle of power supply service: Design, Planning, Installation, Provision, Configuration, Maintenance, Performance, Accounting, Buying Up, Security and Subscriber Control. Functional models for existing networks--telecommunications--are used and they are adapted to power supply. The results are illustrated with three functional areas for service management: Accounting, Buying Up, and Performance. The synthesis of network management functions and network element management functions are similar.展开更多
基金This work has been supported by the National Natural Science Foundation of China under Grant No.61272519,the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20120005110017,and the National Key Technology R&D Program under Grant No.2012BAH06B02
文摘Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute- based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.
基金supported by National Natural Science Foundation of China(No.U 1405254, 61472092)China Postdoctoral Science Foundation(No.2015M581101)National Science and Technology SupportingFoundation of China(No.2014BAH41B00)
文摘This paper proposes a new access architecture onmobile cloud,which introduces a middle layer sitting between mobile devices and their cloud infrastructure.This middle layer is composed of cloudlets which are deployed by cloud services providers,such as wireless network access points(APs),to improve the performance of mobile cloud servicesand be different from traditional mobile operator mode.Then based on this new architecture.we improve our previous(Attribute-basedencryption) ABE access control scheme on cloud for mobile cloud,which is proposed to offload the main amount of computations to the cloudlet as the function of cloud.Simulationresults demonstratethe new access control scheme takes into consideration response time constraints and network statusof access task execution,while satisfying certain network security for mobile cloud.
基金Supported by the National Basic Research Program of China(No.2013CB329103)the National Natural Science Foundation of China(No.61133016,61300191)+1 种基金the National High Technology Joint Research Program of China(No.2011AA010706)the Program of SichuanProvince Applied and Basic Research(No.2013JY0116)
文摘To enhance user perceived performance,Akamai' s content distribution network(CDN) utilizes the domain name system(DNS) effectively to redirect users to close-by content replicas over short time scale.The use of DNS redirection has brought a significant advantage to Akamai' s CDN.However,the reliance on DNS also poses a fundamental threat to Akamai' s content distribution model.In particular,systematic evaluation and quantification illustrates the impact of recent emerging public DNS resolving services on Akamai' s CDN,including the degradation of corresponding user perceived performance and the benefit damnification of collaborating internet services providers(ISPs) that host Akamai's edge servers.The measurement demonstrates that a considerable penetration of public DNS resolving services(e.g.,OpenDNS and GoogleDNS) effectively corrupts the Akamai' s serving model,namely the large-scale server distribution and quick DNS redirection.
文摘The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model will monitor the Web server host resources, and finally discusses in detail the design and implementation of resource monitoring system. Intrusion detection model proposed can effectively regulate the behavior of users in this paper, allowing users follow a pre-standard service to call service providers, largely to protect the security of Web services.
文摘The violently penetration of renewables in power supply network leads to situations, by which the offer exceeds the demand. Therefore, it is necessary to include a system for processes' management. SmartGrid is a platform over the power supply network. It is represented with its network and services, which also have to be managed. The paper aims to show the second stage of SmartGrid management modeling. It meets heterogeneous requirements of the actors--subscriber without photovoltaics, subscriber with photovoltaics, service provider, network operator, and network elements operator--to service and network management and is oriented to functional areas, covering the life cycle of power supply service: Design, Planning, Installation, Provision, Configuration, Maintenance, Performance, Accounting, Buying Up, Security and Subscriber Control. Functional models for existing networks--telecommunications--are used and they are adapted to power supply. The results are illustrated with three functional areas for service management: Accounting, Buying Up, and Performance. The synthesis of network management functions and network element management functions are similar.
