With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality...With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the in- ternal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.展开更多
The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- thoug...The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control (RBAC) policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.展开更多
I am delighted to visit Spain,a beautiful and richly endowed kingdom,at the kind invitation of King Felipe VI.This will be the first stop of my trip that takes me to Europe and Latin America for state visits and for t...I am delighted to visit Spain,a beautiful and richly endowed kingdom,at the kind invitation of King Felipe VI.This will be the first stop of my trip that takes me to Europe and Latin America for state visits and for the G20Buenos Aires Summit.展开更多
The medium access control(MAC) protocol for indoor visible light communication(VLC) with energy harvesting is explored in this paper. The unfairness of throughput exists among devices due to the significant difference...The medium access control(MAC) protocol for indoor visible light communication(VLC) with energy harvesting is explored in this paper. The unfairness of throughput exists among devices due to the significant difference of their energy harvesting rates which changes with distance, acceptance angle and the obstruction probability. We propose an energy harvesting model, a new obstruction probability model and an energy adaptive contention algorithm to overcome the unfairness problem. This device can adjust its contention window according to the energy harvesting rate. As a result, the device with lower energy harvesting rate can get shorter contention window to improve its transmission opportunity. Simulation results show that our MAC protocol can achieve a higher degree of fairness.展开更多
基金Project (No. 60373088) supported by the National Natural ScienceFoundation of China
文摘With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the in- ternal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.
基金supported in part by National Key Basic Research Program of China (973 Program) under Grant No.2013CB329603National Natural Science Foundation of China under Grant No.60903191
文摘The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control (RBAC) policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.
文摘I am delighted to visit Spain,a beautiful and richly endowed kingdom,at the kind invitation of King Felipe VI.This will be the first stop of my trip that takes me to Europe and Latin America for state visits and for the G20Buenos Aires Summit.
文摘The medium access control(MAC) protocol for indoor visible light communication(VLC) with energy harvesting is explored in this paper. The unfairness of throughput exists among devices due to the significant difference of their energy harvesting rates which changes with distance, acceptance angle and the obstruction probability. We propose an energy harvesting model, a new obstruction probability model and an energy adaptive contention algorithm to overcome the unfairness problem. This device can adjust its contention window according to the energy harvesting rate. As a result, the device with lower energy harvesting rate can get shorter contention window to improve its transmission opportunity. Simulation results show that our MAC protocol can achieve a higher degree of fairness.
