Coordination technology addresses the construction of open, flexible systems from active and independent software agents in concurrent and distributed systems. In most open distributed applications, multiple agents ne...Coordination technology addresses the construction of open, flexible systems from active and independent software agents in concurrent and distributed systems. In most open distributed applications, multiple agents need interaction and communication to achieve their overall goal. Coordination technologies for the Internet typically are concerned with enabling interaction among agents and helping them cooperate with each other. At the same time, access control should also be considered to constrain interaction to make it harmless. Access control should be regarded as the security counterpart of coordination. At present, the combination of coordination and access control remains an open problem. Thus, we propose a role Dased coordination model with policy enforcement in agent application systems. In this model, coordination is combined with access control so as to fully characterize the interactions in agent systems. A set of agents interacting with each other for a common global system task constitutes a coordination group. Role based access control is applied in this model to prevent unauthorized accesses. Coordination policy is enforced in a distributed manner so that the model can be applied to the open distributed systems such as Internet. An Internet online auction system is presented as a case study to illustrate the proposed coordination model and finally the performance analysis of the model is introduced.展开更多
In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control ...In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control (DPMAC) scheme designed according to WSNs' features is proposed.DPMAC is a priority based access control protocol with the characteristics that its polling table is dynamically refreshed depending on whether the sensor node is active and that the bandwidth is dynamically allocated according to the traffic types.The access priorities are determined by the emergency levels of events and the scheduler proposed in our MAC is preemptive based on the deadline of the events.Simulation results show that DPMAC can efficiently utilize bandwidth and decrease average access delay and response time for emergency events with different access priorities in WSNs.展开更多
In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved ...In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-展开更多
文摘无论是信息管理系统,还是多媒体应用系统,都需要强大的数据库来支持,访问数据库则是应用程序必须具备的基本功能之一。Visual Basic 6.0提供了多种访问数据库的方法,包括数据控件、DAO(数据访问对象)、RDO(远程数据对象)、VBSQL以及ADO(ActiveX Data Objects)等。本文分析比较了两类VB对数据库编程的常用方法,总结了各类方法在VB中对数据库编程的使用原则。
文摘Coordination technology addresses the construction of open, flexible systems from active and independent software agents in concurrent and distributed systems. In most open distributed applications, multiple agents need interaction and communication to achieve their overall goal. Coordination technologies for the Internet typically are concerned with enabling interaction among agents and helping them cooperate with each other. At the same time, access control should also be considered to constrain interaction to make it harmless. Access control should be regarded as the security counterpart of coordination. At present, the combination of coordination and access control remains an open problem. Thus, we propose a role Dased coordination model with policy enforcement in agent application systems. In this model, coordination is combined with access control so as to fully characterize the interactions in agent systems. A set of agents interacting with each other for a common global system task constitutes a coordination group. Role based access control is applied in this model to prevent unauthorized accesses. Coordination policy is enforced in a distributed manner so that the model can be applied to the open distributed systems such as Internet. An Internet online auction system is presented as a case study to illustrate the proposed coordination model and finally the performance analysis of the model is introduced.
基金supported by the National Natural Science Foundation of China under Grants No.61172068,61003300the Key Program of NSFC Guangdong Union Foundation under Grant No.U0835004+2 种基金the National Grand Fundamental Research 973 Program of China under Grant No.A001200907the Fundamental Research Funds for the Central Universities under Grant No.K50511010003Program for New Century Excellent Talents in University under Grant No.NCET-11-0691
文摘In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control (DPMAC) scheme designed according to WSNs' features is proposed.DPMAC is a priority based access control protocol with the characteristics that its polling table is dynamically refreshed depending on whether the sensor node is active and that the bandwidth is dynamically allocated according to the traffic types.The access priorities are determined by the emergency levels of events and the scheduler proposed in our MAC is preemptive based on the deadline of the events.Simulation results show that DPMAC can efficiently utilize bandwidth and decrease average access delay and response time for emergency events with different access priorities in WSNs.
基金supported by the National 973 Basic Research Program of China under grant No.2014CB340600the National Natural Science Foundation of China under grant No.61370230 and No.61662022+1 种基金Program for New Century Excellent Talents in University Under grant NCET-13-0241Natural Science Foundation of Huhei Province under Grant No.2016CFB371
文摘In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-
