Purpose-In order to solve the problem of inaccurate calculation of index weights,subjectivity and uncertainty of index assessment in the risk assessment process,this study aims to propose a scientific and reasonable c...Purpose-In order to solve the problem of inaccurate calculation of index weights,subjectivity and uncertainty of index assessment in the risk assessment process,this study aims to propose a scientific and reasonable centralized traffic control(CTC)system risk assessment method.Design/methodologylapproach-First,system-theoretic process analysis(STPA)is used to conduct risk analysis on the CTC system and constructs risk assessment indexes based on this analysis.Then,to enhance the accuracy of weight calculation,the fuzzy analytical hierarchy process(FAHP),fuzzy decision-making trial and evaluation laboratory(FDEMATEL)and entropy weight method are employed to calculate the subjective weight,relative weight and objective weight of each index.These three types of weights are combined using game theory to obtain the combined weight for each index.To reduce subjectivity and uncertainty in the assessment process,the backward cloud generator method is utilized to obtain the numerical character(NC)of the cloud model for each index.The NCs of the indexes are then weighted to derive the comprehensive cloud for risk assessment of the CTC system.This cloud model is used to obtain the CTC system's comprehensive risk assessment.The model's similarity measurement method gauges the likeness between the comprehensive risk assessment cloud and the risk standard cloud.Finally,this process yields the risk assessment results for the CTC system.Findings-The cloud model can handle the subjectivity and fuzziness in the risk assessment process well.The cloud model-based risk assessment method was applied to the CTC system risk assessment of a railway group and achieved good results.Originality/value-This study provides a cloud model-based method for risk assessment of CTC systems,which accurately calculates the weight of risk indexes and uses cloud models to reduce uncertainty and subjectivity in the assessment,achieving effective risk assessment of CTC systems.It can provide a reference and theoretical basis for risk management of the CTC system.展开更多
In order to achieve the lateral control of the intelligent vehicle, use the bi-cognitive model based on cloud model and cloud reasoning, solve the decision problem of the qualitative and quantitative of the lateral co...In order to achieve the lateral control of the intelligent vehicle, use the bi-cognitive model based on cloud model and cloud reasoning, solve the decision problem of the qualitative and quantitative of the lateral control of the intelligent vehicle. Obtaining a number of experiment data by driving a vehicle, classify the data according to the concept of data and fix the input and output variables of the cloud controller, design the control rules of the cloud controller of intelligent vehicle, and clouded and fix the parameter of cloud controller: expectation, entropy and hyper entropy. In order to verify the effectiveness of the cloud controller, joint simulation platform based on Matlab/Simulink/CarSim is established. Experimental analysis shows that: driver's lateral controller based on cloud model is able to achieve tracking of the desired angle, and achieve good control effect, it also verifies that a series of mental activities such as feeling, cognition, calculation, decision and so on are fuzzy and uncertain.展开更多
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure ...As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.展开更多
To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put...To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.展开更多
Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated tha...Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.展开更多
Workow management technologies have been dramatically improving their deployment architectures and systems along with the evolution and proliferation of cloud distributed computing environments.Especially,such cloud c...Workow management technologies have been dramatically improving their deployment architectures and systems along with the evolution and proliferation of cloud distributed computing environments.Especially,such cloud computing environments ought to be providing a suitable distributed computing paradigm to deploy very large-scale workow processes and applications with scalable on-demand services.In this paper,we focus on the distribution paradigm and its deployment formalism for such very large-scale workow applications being deployed and enacted across the multiple and heterogeneous cloud computing environments.We propose a formal approach to vertically as well as horizontally fragment very large-scale workow processes and their applications and to deploy the workow process and application fragments over three types of cloud deployment models and architectures.To concretize the formal approach,we rstly devise a series of operational situations fragmenting into cloud workow process and application components and deploying onto three different types of cloud deployment models and architectures.These concrete approaches are called the deployment-driven fragmentation mechanism to be applied to such very large-scale workow process and applications as an implementing component for cloud workow management systems.Finally,we strongly believe that our approach with the fragmentation formalisms becomes a theoretical basis of designing and implementing very large-scale and maximally distributed workow processes and applications to be deployed on cloud deployment models and architectural computing environments as well.展开更多
Recently,an innovative trend like cloud computing has progressed quickly in InformationTechnology.For a background of distributed networks,the extensive sprawl of internet resources on the Web and the increasing numbe...Recently,an innovative trend like cloud computing has progressed quickly in InformationTechnology.For a background of distributed networks,the extensive sprawl of internet resources on the Web and the increasing number of service providers helped cloud computing technologies grow into a substantial scaled Information Technology service model.The cloud computing environment extracts the execution details of services and systems from end-users and developers.Additionally,through the system’s virtualization accomplished using resource pooling,cloud computing resources become more accessible.The attempt to design and develop a solution that assures reliable and protected authentication and authorization service in such cloud environments is described in this paper.With the help of multi-agents,we attempt to represent Open-Identity(ID)design to find a solution that would offer trustworthy and secured authentication and authorization services to software services based on the cloud.This research aims to determine how authentication and authorization services were provided in an agreeable and preventive manner.Based on attack-oriented threat model security,the evaluation works.By considering security for both authentication and authorization systems,possible security threats are analyzed by the proposed security systems.展开更多
Space information network is used for real time acquiring, transmitting and processing the space information on the space platform, which provides significant communication services for communication, navigation posit...Space information network is used for real time acquiring, transmitting and processing the space information on the space platform, which provides significant communication services for communication, navigation positioning and science exploration. In this paper, the architecture of Software Defined Space Optical Network (SDSON) based on cloud platform is designed by means of Software Defined Optical Network (SDON) and cloud services. The new architecture combining centralized and distributed management-control mechanism is a multi-layer and multi-domain architecture with powerful computing and storage ability. Moreover, reliable service and unreliable service communication models employed in the space information network are proposed considering the characteristic of Disruption/Delay Tolerant Network (DTN). Finally, the functional verification and demonstration are performed on our optical experimental network platform.展开更多
使用北斗网络RTK(real-time kinematic,实时动态)技术、三维激光扫描技术,获取已建地下空间CGCS2000坐标系下的点云数据,运用3DMAX、Revit软件参考点云逆向建模,采集模型中的距离和坐标数据与地下空间实测数据进行比较,计算模型内部精...使用北斗网络RTK(real-time kinematic,实时动态)技术、三维激光扫描技术,获取已建地下空间CGCS2000坐标系下的点云数据,运用3DMAX、Revit软件参考点云逆向建模,采集模型中的距离和坐标数据与地下空间实测数据进行比较,计算模型内部精度。实验结果表明:在多种新技术的融合应用下,可实现已建地下多场地使用统一坐标系建模,满足CIM(city information mode,城市信息模型)平台建设的需求。展开更多
基金National Natural Science Foundation of China under Grant 62203468Technological Research and Development Program of China State Railway Group Co.,Ltd.under Grant J2023G007+2 种基金Young Elite Scientist Sponsorship Program by China Association for Science and Technology(CAST)under Grant 2022QNRC001Youth Talent Program Supported by China Railway SocietyResearch Program of Beijing Hua-Tie Information Technology Corporation Limited under Grant 2023HT02.
文摘Purpose-In order to solve the problem of inaccurate calculation of index weights,subjectivity and uncertainty of index assessment in the risk assessment process,this study aims to propose a scientific and reasonable centralized traffic control(CTC)system risk assessment method.Design/methodologylapproach-First,system-theoretic process analysis(STPA)is used to conduct risk analysis on the CTC system and constructs risk assessment indexes based on this analysis.Then,to enhance the accuracy of weight calculation,the fuzzy analytical hierarchy process(FAHP),fuzzy decision-making trial and evaluation laboratory(FDEMATEL)and entropy weight method are employed to calculate the subjective weight,relative weight and objective weight of each index.These three types of weights are combined using game theory to obtain the combined weight for each index.To reduce subjectivity and uncertainty in the assessment process,the backward cloud generator method is utilized to obtain the numerical character(NC)of the cloud model for each index.The NCs of the indexes are then weighted to derive the comprehensive cloud for risk assessment of the CTC system.This cloud model is used to obtain the CTC system's comprehensive risk assessment.The model's similarity measurement method gauges the likeness between the comprehensive risk assessment cloud and the risk standard cloud.Finally,this process yields the risk assessment results for the CTC system.Findings-The cloud model can handle the subjectivity and fuzziness in the risk assessment process well.The cloud model-based risk assessment method was applied to the CTC system risk assessment of a railway group and achieved good results.Originality/value-This study provides a cloud model-based method for risk assessment of CTC systems,which accurately calculates the weight of risk indexes and uses cloud models to reduce uncertainty and subjectivity in the assessment,achieving effective risk assessment of CTC systems.It can provide a reference and theoretical basis for risk management of the CTC system.
基金supported by the National Natural Science Foundation of China (61035004,61273213,61300006,61305055,90920305,61203366,91420202,61571045,61372148)the National Hi-Tech Research and Development Program of China (2015AA015401)+2 种基金the National Basic Research Program of China (2016YFB0100906,2016YFB100903)the Junior Fellowships for Advanced Innovation Think-Tank Program of China Association for Science and Technology (DXB-ZKQN-2017-035)the Beijing Municipal Science and Technology Commission Special Major (D171100005017002)
文摘In order to achieve the lateral control of the intelligent vehicle, use the bi-cognitive model based on cloud model and cloud reasoning, solve the decision problem of the qualitative and quantitative of the lateral control of the intelligent vehicle. Obtaining a number of experiment data by driving a vehicle, classify the data according to the concept of data and fix the input and output variables of the cloud controller, design the control rules of the cloud controller of intelligent vehicle, and clouded and fix the parameter of cloud controller: expectation, entropy and hyper entropy. In order to verify the effectiveness of the cloud controller, joint simulation platform based on Matlab/Simulink/CarSim is established. Experimental analysis shows that: driver's lateral controller based on cloud model is able to achieve tracking of the desired angle, and achieve good control effect, it also verifies that a series of mental activities such as feeling, cognition, calculation, decision and so on are fuzzy and uncertain.
基金ACKNOWLEDGEMENT This paper is supported by the Opening Project of State Key Laboratory for Novel Software Technology of Nanjing University, China (Grant No.KFKT2012B25) and National Science Foundation of China (Grant No.61303263).
文摘As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
基金Supported by the National Natural Science Foundation of China(No.60872041,61072066)Fundamental Research Funds for the Central Universities(JYI0000903001,JYI0000901034)
文摘To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.
文摘Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(Grant Number 2020R1A6A1A03040583)。
文摘Workow management technologies have been dramatically improving their deployment architectures and systems along with the evolution and proliferation of cloud distributed computing environments.Especially,such cloud computing environments ought to be providing a suitable distributed computing paradigm to deploy very large-scale workow processes and applications with scalable on-demand services.In this paper,we focus on the distribution paradigm and its deployment formalism for such very large-scale workow applications being deployed and enacted across the multiple and heterogeneous cloud computing environments.We propose a formal approach to vertically as well as horizontally fragment very large-scale workow processes and their applications and to deploy the workow process and application fragments over three types of cloud deployment models and architectures.To concretize the formal approach,we rstly devise a series of operational situations fragmenting into cloud workow process and application components and deploying onto three different types of cloud deployment models and architectures.These concrete approaches are called the deployment-driven fragmentation mechanism to be applied to such very large-scale workow process and applications as an implementing component for cloud workow management systems.Finally,we strongly believe that our approach with the fragmentation formalisms becomes a theoretical basis of designing and implementing very large-scale and maximally distributed workow processes and applications to be deployed on cloud deployment models and architectural computing environments as well.
文摘Recently,an innovative trend like cloud computing has progressed quickly in InformationTechnology.For a background of distributed networks,the extensive sprawl of internet resources on the Web and the increasing number of service providers helped cloud computing technologies grow into a substantial scaled Information Technology service model.The cloud computing environment extracts the execution details of services and systems from end-users and developers.Additionally,through the system’s virtualization accomplished using resource pooling,cloud computing resources become more accessible.The attempt to design and develop a solution that assures reliable and protected authentication and authorization service in such cloud environments is described in this paper.With the help of multi-agents,we attempt to represent Open-Identity(ID)design to find a solution that would offer trustworthy and secured authentication and authorization services to software services based on the cloud.This research aims to determine how authentication and authorization services were provided in an agreeable and preventive manner.Based on attack-oriented threat model security,the evaluation works.By considering security for both authentication and authorization systems,possible security threats are analyzed by the proposed security systems.
文摘Space information network is used for real time acquiring, transmitting and processing the space information on the space platform, which provides significant communication services for communication, navigation positioning and science exploration. In this paper, the architecture of Software Defined Space Optical Network (SDSON) based on cloud platform is designed by means of Software Defined Optical Network (SDON) and cloud services. The new architecture combining centralized and distributed management-control mechanism is a multi-layer and multi-domain architecture with powerful computing and storage ability. Moreover, reliable service and unreliable service communication models employed in the space information network are proposed considering the characteristic of Disruption/Delay Tolerant Network (DTN). Finally, the functional verification and demonstration are performed on our optical experimental network platform.
文摘使用北斗网络RTK(real-time kinematic,实时动态)技术、三维激光扫描技术,获取已建地下空间CGCS2000坐标系下的点云数据,运用3DMAX、Revit软件参考点云逆向建模,采集模型中的距离和坐标数据与地下空间实测数据进行比较,计算模型内部精度。实验结果表明:在多种新技术的融合应用下,可实现已建地下多场地使用统一坐标系建模,满足CIM(city information mode,城市信息模型)平台建设的需求。
