The past decade has seen the rapid development of data in many areas.Data has enormous commercial potential as a new strategic resource that may efficiently boost technical growth and service innovation.However,indivi...The past decade has seen the rapid development of data in many areas.Data has enormous commercial potential as a new strategic resource that may efficiently boost technical growth and service innovation.However,individuals are becoming increasingly concerned about data misuse and leaks.To address these issues,in this paper,we propose TrustControl,a trusted data usage control system to control,process,and protect data usage without revealing privacy.A trusted execution environment(TEE)is exploited to process confidential user data.First of all,we design a secure and reliable remote attestation mechanism for ARM TrustZone,which can verify the security of the TEE platform and function code,thus guaranteeing data processing security.Secondly,to address the security problem that the raw data may be misused,we design a remote dynamic code injection method to regulate that data can only be processed for the expected purpose.Our solution focuses on protecting the sensitive data of the data owner and the function code of the data user to prevent data misuse and leakage.Furthermore,we implement the prototype system of TrustControl on TrustZone-enabled hardware.Real-world experiment results demonstrate that the proposed Trust-Control is secure and the performance overhead of introducing our prototype system is very low.展开更多
In hearing physiological experiments and clinic tests,we need not only a signal processing system,but also a synchronous sound stimulator’ Most of stimulators we are now using are function generators which are indepe...In hearing physiological experiments and clinic tests,we need not only a signal processing system,but also a synchronous sound stimulator’ Most of stimulators we are now using are function generators which are independent to processing units,and can be controlled only by hand. Although some of them have ports through which they can be controlled by computer,but as they are designed for industrial aims,not for hearing research,most of them can’t generate the special waveforms we need. We use the TDT signal processing system and develop a software package have both usage. On the interface of the program we can control the sampling parameters and generate stimulating waveforms’展开更多
Due to inherent heterogeneity, multi-domain characteristic and highly dynamic nature, authorization is a critical concern in grid computing. This paper proposes a general authorization and access control architecture,...Due to inherent heterogeneity, multi-domain characteristic and highly dynamic nature, authorization is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, grid usage control (GUCON), for grid computing. It's based on the next generation access control mechanism usage control (UCON) model. The GUCON Framework dynamic grants and adapts permission to the subject based on a set of contextual information collected from the system environments; while retaining the authorization by evaluating access requests based on subject attributes, object attributes and requests. In general, GUCON model provides very flexible approaches to adapt the dynamically security request. GUCON model is being implemented in our experiment prototype.展开更多
Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated tha...Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
Connection Admission Control(CAC)in ATM networks is the set o/actions taken by the networkto decide whether to accept connection requests during the phase of call establishment or call re-negotiation.CAC is an integra...Connection Admission Control(CAC)in ATM networks is the set o/actions taken by the networkto decide whether to accept connection requests during the phase of call establishment or call re-negotiation.CAC is an integral part of the preventive congestion control in ATM networks whose aim is to ensurenetwork performance.The CAC algorithm has the characteristics of the multitude of control parameters,high degree of computation complexity and strong time restrictions.In this paper we present a CACmechanism featured by combination of foreground control and background learning which is based onneural networks having the capabilities of self-learning and high-Speed processing.A case study is given,after which we discuss the practicability of the proposed algorithm.展开更多
基金This work was supported by the National Key R&D Program of China(No.2021YFB2700601)Research Project of Hainan University(No.HD-KYH-2021240)+2 种基金Finance Science and Technology Project of Hainan Province(No.ZDKJ2020009 and ZDKJ2020012)National Natural Science Foundation of China(No.62163011,62162022 and 62162024)Key Projects in Hainan Province(No.ZDYF2021GXJS003 and ZDYF2020040).
文摘The past decade has seen the rapid development of data in many areas.Data has enormous commercial potential as a new strategic resource that may efficiently boost technical growth and service innovation.However,individuals are becoming increasingly concerned about data misuse and leaks.To address these issues,in this paper,we propose TrustControl,a trusted data usage control system to control,process,and protect data usage without revealing privacy.A trusted execution environment(TEE)is exploited to process confidential user data.First of all,we design a secure and reliable remote attestation mechanism for ARM TrustZone,which can verify the security of the TEE platform and function code,thus guaranteeing data processing security.Secondly,to address the security problem that the raw data may be misused,we design a remote dynamic code injection method to regulate that data can only be processed for the expected purpose.Our solution focuses on protecting the sensitive data of the data owner and the function code of the data user to prevent data misuse and leakage.Furthermore,we implement the prototype system of TrustControl on TrustZone-enabled hardware.Real-world experiment results demonstrate that the proposed Trust-Control is secure and the performance overhead of introducing our prototype system is very low.
文摘In hearing physiological experiments and clinic tests,we need not only a signal processing system,but also a synchronous sound stimulator’ Most of stimulators we are now using are function generators which are independent to processing units,and can be controlled only by hand. Although some of them have ports through which they can be controlled by computer,but as they are designed for industrial aims,not for hearing research,most of them can’t generate the special waveforms we need. We use the TDT signal processing system and develop a software package have both usage. On the interface of the program we can control the sampling parameters and generate stimulating waveforms’
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘Due to inherent heterogeneity, multi-domain characteristic and highly dynamic nature, authorization is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, grid usage control (GUCON), for grid computing. It's based on the next generation access control mechanism usage control (UCON) model. The GUCON Framework dynamic grants and adapts permission to the subject based on a set of contextual information collected from the system environments; while retaining the authorization by evaluating access requests based on subject attributes, object attributes and requests. In general, GUCON model provides very flexible approaches to adapt the dynamically security request. GUCON model is being implemented in our experiment prototype.
文摘Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
文摘Connection Admission Control(CAC)in ATM networks is the set o/actions taken by the networkto decide whether to accept connection requests during the phase of call establishment or call re-negotiation.CAC is an integral part of the preventive congestion control in ATM networks whose aim is to ensurenetwork performance.The CAC algorithm has the characteristics of the multitude of control parameters,high degree of computation complexity and strong time restrictions.In this paper we present a CACmechanism featured by combination of foreground control and background learning which is based onneural networks having the capabilities of self-learning and high-Speed processing.A case study is given,after which we discuss the practicability of the proposed algorithm.