With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dyn...With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtuMized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users' embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.展开更多
As online trade and interactions on the internet are on the rise, a key issue is how to use simple and effective evaluation methods to accomplish trust decision-making for customers. It is well known that subjective t...As online trade and interactions on the internet are on the rise, a key issue is how to use simple and effective evaluation methods to accomplish trust decision-making for customers. It is well known that subjective trust holds uncertainty like randomness and fuzziness. However, existing approaches which are commonly based on probability or fuzzy set theory can not attach enough importance to uncertainty. To remedy this problem, a new quantifiable subjective trust evaluation approach is proposed based on the cloud model. Subjective trust is modeled with cloud model in the evaluation approach, and expected value and hyper-entropy of the subjective cloud is used to evaluate the reputation of trust objects. Our experimental data shows that the method can effectively support subjective trust decisions and provide a helpful exploitation for subjective trust evaluation.展开更多
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure ...As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.展开更多
In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunct...In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunctioning nodes generate wrong output during the run time. To detect such nodes, we create collaborative network between worker node (i.e. data node of Hadoop) and Master node (i.e. name node of Hadoop) with the help of trusted heartbeat framework (THF). We propose procedures to register node and to alter status of node based on reputation provided by other co-worker nodes.展开更多
This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the per...This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the perspective of blocking attacks. On this basis, the host protection mobile agent protection technology is selected, and a method to enhance the security protection of mobile agents (referred to as IEOP method) is proposed. The method first encrypts the mobile agent code using the encryption function, and then encapsulates the encrypted mobile agent with the improved EOP protocol IEOP, and then traces the suspicious execution result. Experiments show that using this method can block most malicious attacks on mobile agents, and can protect the integrity and confidentiality of mobile agents, but the increment of mobile agent tour time is not large.展开更多
This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed...This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.展开更多
The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminate...The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or between different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.展开更多
Cloud computing can be realized by service interoperation and its essence is to provide cloud services through network. The development of effective methods to assure the trustworthiness of service interoperation in c...Cloud computing can be realized by service interoperation and its essence is to provide cloud services through network. The development of effective methods to assure the trustworthiness of service interoperation in cloud environment is a very important problem. The essence of cloud security is trust and trust management. Combining quality of service (QoS) with trust model, this paper constructs a QoS-aware and quantitative trust-model that consists of initial trust value, direct trust value, and recommendatory trust value of service, making the provision, discovery, and aggregation of cloud services trustworthy. Hence, it can assure trustworthiness of service interoperation between users and services or among services in cloud environment. At the same time, based on this model, service discovery method based on QoS-aware and quantitative trust-model (TQoS-WSD) is proposed, which makes a solid trust relationship among service requestor, service provider and service recommender, and users can find trustworthy service whose total evaluation value is higher. Corapared to QoS-based service discovery (QoS-WSD) method, it is proved by the experiment for TQoS-WSD method that more accurate result of service discovery will be achieved by service requestor, while reasonable time cost is increased. Meanwhile, TQoS-WSD method strongly resists the effect of service discovery by untrustworthy QoS values and improves service invocation success-rate and thus assures trustworthiness of services interoperation.展开更多
The collaboration tools offered by Cloud Computing have increased the need to share data and services within companies or between autonomous organizations. This has led to the deployment of community cloud infrastruct...The collaboration tools offered by Cloud Computing have increased the need to share data and services within companies or between autonomous organizations. This has led to the deployment of community cloud infrastructures. However, several challenges will arise from this grouping of heterogeneous organizations. One of the main challenges is the management of trust between the actors of the community. Trust issues arise from the uncertainty about the quality of the resources and entities involved. The quality of a resource can be examined from a security or functional perspective. Therefore, ensuring security and monitoring the quality of resources is to ensure a high level of trust. Therefore, we propose in this paper a technique for dynamic trust management and quality monitoring of resources shared between organizations. Our approach consists, on the one hand, in evaluating the quality of resources based on quality of service measurement attributes and, on the other hand, in updating the trust values according to the information deduced from these measurements. The proposed framework is evaluated in terms of resource sharing success rate and execution time. Experimental results and comparison with TNA-SL and InterTrust models show that the framework can identify and track the behavior of malicious organizations with relatively low execution time.展开更多
Cloud computing has emerged as a new style of computing in distributed environment. An efficient and dependable Workflow Scheduling is crucial for achieving high performance and incorporating with enterprise systems. ...Cloud computing has emerged as a new style of computing in distributed environment. An efficient and dependable Workflow Scheduling is crucial for achieving high performance and incorporating with enterprise systems. As an effective security services aggregation methodology, Trust Work-flow Technology (TWT) has been used to construct composite services. However, in cloud environment, the existing closed network services are maintained and functioned by third-party organizations or enterprises. Therefore service-oriented trust strategies must be considered in workflow scheduling. TWFS related algorithms consist of trust policies and strategies to overcome the threats of the application with heuristic workflow scheduling. As a significance of this work, trust based Meta heuristic workflow scheduling (TMWS) is proposed. The TMWS algorithm will improve the efficiency and reliability of the operation in the cloud system and the results show that the TMWS approach is effective and feasible.展开更多
分布式云存储技术为数量日益庞大的机载软件提供了新的分发与存储方式,这意味着航空公司失去了对软件的直接控制,因此机载软件安全成为了航空公司十分关注的问题。为了提高云存储环境下机载软件的安全性,提出了一种基于可信隐式第三方(T...分布式云存储技术为数量日益庞大的机载软件提供了新的分发与存储方式,这意味着航空公司失去了对软件的直接控制,因此机载软件安全成为了航空公司十分关注的问题。为了提高云存储环境下机载软件的安全性,提出了一种基于可信隐式第三方(Trusted Implicit Third Party,TITP)的机载软件审计方法对云上机载软件进行监控与管理,以确保机载软件的完整性。此外,由部署在云端的可信硬件代替用户进行审计工作,解决了可公开验证审计机制中第三方审计者不完全可信的问题,并以日志的方式记录审计结果以供用户查询。运用可信硬件进行完整性验证不仅降低了用户计算成本,而且缩短了用户在线时间。与其他可信隐式第三方审计方法进行实验对比,所提方法在审计计算过程中节省了10%的时间消耗。展开更多
基金supported by National Basic Research Program of China (973 Program) (No. 2007CB310800)China Postdoctoral Science Foundation (No. 20090460107 and No. 201003794)
文摘With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtuMized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users' embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.
文摘As online trade and interactions on the internet are on the rise, a key issue is how to use simple and effective evaluation methods to accomplish trust decision-making for customers. It is well known that subjective trust holds uncertainty like randomness and fuzziness. However, existing approaches which are commonly based on probability or fuzzy set theory can not attach enough importance to uncertainty. To remedy this problem, a new quantifiable subjective trust evaluation approach is proposed based on the cloud model. Subjective trust is modeled with cloud model in the evaluation approach, and expected value and hyper-entropy of the subjective cloud is used to evaluate the reputation of trust objects. Our experimental data shows that the method can effectively support subjective trust decisions and provide a helpful exploitation for subjective trust evaluation.
基金ACKNOWLEDGEMENT This paper is supported by the Opening Project of State Key Laboratory for Novel Software Technology of Nanjing University, China (Grant No.KFKT2012B25) and National Science Foundation of China (Grant No.61303263).
文摘As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
文摘In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunctioning nodes generate wrong output during the run time. To detect such nodes, we create collaborative network between worker node (i.e. data node of Hadoop) and Master node (i.e. name node of Hadoop) with the help of trusted heartbeat framework (THF). We propose procedures to register node and to alter status of node based on reputation provided by other co-worker nodes.
基金supported by the National Natural Science Foundation of China (61772196 61472136)+3 种基金the Hunan Provincial Focus Social Science Fund (2016ZDB006)Hunan Provincial Social Science Achievement Review Committee results appraisal identification project (Xiang social assessment 2016JD05)Key Project of Hunan Provincial Social Science Achievement Review Committee (XSP 19ZD1005)the financial support provided by the Key Laboratory of Hunan Province for New Retail Virtual Reality Technology (2017TP1026)
文摘This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the perspective of blocking attacks. On this basis, the host protection mobile agent protection technology is selected, and a method to enhance the security protection of mobile agents (referred to as IEOP method) is proposed. The method first encrypts the mobile agent code using the encryption function, and then encapsulates the encrypted mobile agent with the improved EOP protocol IEOP, and then traces the suspicious execution result. Experiments show that using this method can block most malicious attacks on mobile agents, and can protect the integrity and confidentiality of mobile agents, but the increment of mobile agent tour time is not large.
基金supported by The National Natural Science Foundation for Young Scientists of China under Grant No.61303263the Jiangsu Provincial Research Foundation for Basic Research(Natural Science Foundation)under Grant No.BK20150201+4 种基金the Scientific Research Key Project of Beijing Municipal Commission of Education under Grant No.KZ201210015015Project Supported by the National Natural Science Foundation of China(Grant No.61370140)the Scientific Research Common Program of the Beijing Municipal Commission of Education(Grant No.KMKM201410015006)The National Science Foundation of China under Grant Nos.61232016 and U1405254and the PAPD fund
文摘This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.
文摘The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or between different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.
基金supported by National Basic Research Program of China (973 Program) (No. 2007CB310801)National Natural Science Foundation of China (No. 60873083, No. 60803025, No. 60970017, No. 60903034, No. 60873225)+3 种基金Natural Science Foundation of Hubei Province for Distinguished Young Scholars (No. 2008CDB351)Natural Science Foundation of Hubei Province (No. 2008ABA358, No. 2008ABA379)Research Fund for the Doctoral Program of Higher Education of China (No. 20070486065)Open Foundation of State Key Laboratory of Software Engineering (No. SKLSE20080718)
文摘Cloud computing can be realized by service interoperation and its essence is to provide cloud services through network. The development of effective methods to assure the trustworthiness of service interoperation in cloud environment is a very important problem. The essence of cloud security is trust and trust management. Combining quality of service (QoS) with trust model, this paper constructs a QoS-aware and quantitative trust-model that consists of initial trust value, direct trust value, and recommendatory trust value of service, making the provision, discovery, and aggregation of cloud services trustworthy. Hence, it can assure trustworthiness of service interoperation between users and services or among services in cloud environment. At the same time, based on this model, service discovery method based on QoS-aware and quantitative trust-model (TQoS-WSD) is proposed, which makes a solid trust relationship among service requestor, service provider and service recommender, and users can find trustworthy service whose total evaluation value is higher. Corapared to QoS-based service discovery (QoS-WSD) method, it is proved by the experiment for TQoS-WSD method that more accurate result of service discovery will be achieved by service requestor, while reasonable time cost is increased. Meanwhile, TQoS-WSD method strongly resists the effect of service discovery by untrustworthy QoS values and improves service invocation success-rate and thus assures trustworthiness of services interoperation.
文摘The collaboration tools offered by Cloud Computing have increased the need to share data and services within companies or between autonomous organizations. This has led to the deployment of community cloud infrastructures. However, several challenges will arise from this grouping of heterogeneous organizations. One of the main challenges is the management of trust between the actors of the community. Trust issues arise from the uncertainty about the quality of the resources and entities involved. The quality of a resource can be examined from a security or functional perspective. Therefore, ensuring security and monitoring the quality of resources is to ensure a high level of trust. Therefore, we propose in this paper a technique for dynamic trust management and quality monitoring of resources shared between organizations. Our approach consists, on the one hand, in evaluating the quality of resources based on quality of service measurement attributes and, on the other hand, in updating the trust values according to the information deduced from these measurements. The proposed framework is evaluated in terms of resource sharing success rate and execution time. Experimental results and comparison with TNA-SL and InterTrust models show that the framework can identify and track the behavior of malicious organizations with relatively low execution time.
文摘Cloud computing has emerged as a new style of computing in distributed environment. An efficient and dependable Workflow Scheduling is crucial for achieving high performance and incorporating with enterprise systems. As an effective security services aggregation methodology, Trust Work-flow Technology (TWT) has been used to construct composite services. However, in cloud environment, the existing closed network services are maintained and functioned by third-party organizations or enterprises. Therefore service-oriented trust strategies must be considered in workflow scheduling. TWFS related algorithms consist of trust policies and strategies to overcome the threats of the application with heuristic workflow scheduling. As a significance of this work, trust based Meta heuristic workflow scheduling (TMWS) is proposed. The TMWS algorithm will improve the efficiency and reliability of the operation in the cloud system and the results show that the TMWS approach is effective and feasible.
文摘分布式云存储技术为数量日益庞大的机载软件提供了新的分发与存储方式,这意味着航空公司失去了对软件的直接控制,因此机载软件安全成为了航空公司十分关注的问题。为了提高云存储环境下机载软件的安全性,提出了一种基于可信隐式第三方(Trusted Implicit Third Party,TITP)的机载软件审计方法对云上机载软件进行监控与管理,以确保机载软件的完整性。此外,由部署在云端的可信硬件代替用户进行审计工作,解决了可公开验证审计机制中第三方审计者不完全可信的问题,并以日志的方式记录审计结果以供用户查询。运用可信硬件进行完整性验证不仅降低了用户计算成本,而且缩短了用户在线时间。与其他可信隐式第三方审计方法进行实验对比,所提方法在审计计算过程中节省了10%的时间消耗。