Cloud edge integrated security architecture of new cloud manufacturing system

With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.

SDSA: A Framework of a Software-Defi ned Security Architecture

The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.

Service Security Architecture and Access Control Model for Cloud Computing

Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Ecological Security of Landscape Architecture in Yunnan Province

The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.

Cyber-Physical-Social Based Security Architecture for Future Internet of Things

As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.

Designing a Security Architecture for a P2P Video Conference System

More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.

An Investigation on Open-RAN Specifications:Use Cases,Security Threats,Requirements,Discussions

The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Recently,the Open Radio Access Network(O-RAN)has been introduced as a solution for growing financial and operational burdens in Beyond 5G(B5G)and 6G networks.O-RAN promotes openness and intelligence to overcome the limitations of traditional RANs.By disaggregating conventional Base Band Units(BBUs)into O-RAN Distributed Units(O-DU)and O-RAN Centralized Units(O-CU),O-RAN offers greater flexibility for upgrades and network automation.However,this openness introduces new security challenges compared to traditional RANs.Many existing studies overlook these security requirements of the O-RAN networks.To gain deeper insights into the O-RAN system and security,this paper first provides an overview of the general O-RAN architecture and its diverse use cases relevant to B5G and 6G applications.We then delve into specifications of O-RAN security threats and requirements,aiming to mitigate security vulnerabilities effectively.By providing a comprehensive understanding of O-RAN architecture,use cases,and security considerations,thisworkserves as a valuable resource for future research in O-RAN and its security.

Research on IPv6 Transition Evolvement and Security Architecture of Smart Distribution Grid Data Communication System

Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.

An Aware-Scheduling Security Architecture with Priority-Equal Multi-Controller for SDN

Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.

Machine Learning Security Defense Algorithms Based on Metadata Correlation Features

With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.

Wake-Up Security:Effective Security ImprovementMechanism for Low Power Internet of Things

As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficult to apply high-performance security modules to the IoT owing to the limited battery,memory capacity,and data transmission performance depend-ing on the size of the device.Conventional research has mainly reduced power consumption by lightening encryption algorithms.However,it is difficult to defend large-scale information systems and networks against advanced and intelligent attacks because of the problem of deteriorating security perfor-mance.In this study,we propose wake-up security(WuS),a low-power security architecture that can utilize high-performance security algorithms in an IoT environment.By introducing a small logic that performs anomaly detection on the IoT platform and executes the security module only when necessary according to the anomaly detection result,WuS improves security and power efficiency while using a relatively high-complexity security module in a low-power environment compared to the conventional method of periodically exe-cuting a high-performance security module.In this study,a Python simulator based on the UNSW-NB15 dataset is used to evaluate the power consumption,latency,and security of the proposed method.The evaluation results reveal that the power consumption of the proposed WuS mechanism is approxi-mately 51.8%and 27.2%lower than those of conventional high-performance security and lightweight security modules,respectively.Additionally,the laten-cies are approximately 74.8%and 65.9%lower,respectively.Furthermore,the WuS mechanism achieved a high detection accuracy of approximately 96.5%or greater,proving that the detection efficiency performance improved by approximately 33.5%compared to the conventional model.The performance evaluation results for the proposed model varied depending on the applied anomaly-detection model.Therefore,they can be used in various ways by selecting suitable models based on the performance levels required in each industry.

Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques

This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.

Security challenges and defense approaches for blockchain-based services from a full-stack architecture perspective

As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.

Digital Object Architecture for IoT Networks

The Internet of Things(IoT)is a recent technology,which implies the union of objects,“things”,into a single worldwide network.This promising paradigm faces many design challenges associated with the dramatic increase in the number of end-devices.Device identification is one of these challenges that becomes complicated with the increase of network devices.Despite this,there is still no universally accepted method of identifying things that would satisfy all requirements of the existing IoT devices and applications.In this regard,one of the most important problems is choosing an identification system for all IoT devices connected to the public communication networks.Many unique soft-ware and hardware solutions are used as a unique global identifier;however,such solutions have many limitations.This article proposes a novel solution,based on the Digital Object Architecture(DOA),that meets the requirements of identifying devices and applications of the IoT.This work analyzes the benefits of using the DOA as an identification platform in modern telecommunication networks.We propose a model of an identification system based on the architecture of digital objects,which differs from the well-known ones.The proposed model ensures an acceptable quality of service(QoS)in the common architecture of the existing public communication networks.A novel interaction architecture is developed by introducing a Middle Handle Register(MHR)between the global register,i.e.,Global Handle Register(GHR),and local register,i.e.,Local Handle Register(LHR).The aspects of the network interaction and the compatibility of IoT end-devices with the integrated DOA identifiers in heterogeneous communication networks are presented.The developed model is simulated for a wide-area network with allocated registers,and the results are introduced and discussed.

A Novel IoT Architecture, Assessment of Threats and Their Classification withMachine Learning Solutions

The Internet of Things(IoT)will significantly impact our social and economic lives in the near future.Many Internet of Things(IoT)applications aim to automate multiple tasks so inactive physical objects can behave independently of others.IoT devices,however,are also vulnerable,mostly because they lack the essential built-in security to thwart attackers.It is essential to perform the necessary adjustments in the structure of the IoT systems in order to create an end-to-end secure IoT environment.As a result,the IoT designs that are now in use do not completely support all of the advancements that have been made to include sophisticated features in IoT,such as Cloud computing,machine learning techniques,and lightweight encryption techniques.This paper presents a detailed analysis of the security requirements,attack surfaces,and security solutions available for IoT networks and suggests an innovative IoT architecture.The Seven-Layer Architecture in IoT provides decent attack detection accuracy.According to the level of risk they pose,the security threats in each of these layers have been properly categorized,and the essential evaluation criteria have been developed to evaluate the various threats.Also,Machine Learning algorithms like Random Forest and Support Vector Machines,etc.,and Deep Learning algorithms like Artificial Neural Networks,Q Learning models,etc.,are implemented to overcome the most damaging threats posing security breaches to the different IoT architecture layers.

Securing Stock Transactions Using Blockchain Technology: Architecture for Identifying and Reducing Vulnerabilities Linked to the Web Applications Used (MAHV-BC)

This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.

Cyberspace Endogenous Safety and Security

Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"dark functions"such as system vulnerabilities and backdoors,and points out that endogenous security problems cannot be completely eliminated at the theoretical and engineering levels;rather,it is necessary to develop or utilize the endogenous security functions of the system architecture itself.In addition,this paper gives a definition for and lists the main technical characteristics of endogenous safety and security in cyberspace,introduces endogenous safety and security mechanisms and characteristics based on dynamic heterogeneous redundancy(DHR)architecture,and describes the theoretical implications of a coding channel based on DHR.

An Analysis of Cybersecurity Attacks against Internet of Things and Security Solutions

Internet of Things (IoT) has become a prevalent topic in the world of technology. It helps billion of devices to connect to the internet so that they can exchange data with each other. Nowadays, the IoT can be applied in anything, from cellphones, coffee makers, cars, body sensors to smart surveillance, water distribution, energy management system, and environmental monitoring. However, the rapid growth of IoT has brought new and critical threats to the security and privacy of the users. Due to the millions of insecure IoT devices, an adversary can easily break into an application to make it unstable and steal sensitive user information and data. This paper provides an overview of different kinds of cybersecurity attacks against IoT devices as well as an analysis of IoT architecture. It then discusses the security solutions we can take to protect IoT devices against different kinds of security attacks. The main goal of this research is to enhance the development of IoT research by highlighting the different kinds of security challenges that IoT is facing nowadays, and the existing security solutions we can implement to make IoT devices more secure. In this study, we analyze the security solutions of IoT in three forms: secure authentication, secure communications, and application security to find suitable security solutions for protecting IoT devices.

Versatile Routing and Self-Certifying Features Support for Secure Mobility in eXpressive Internet Architecture

Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.