Privacy Protection Based Access Control Scheme in Cloud-Based Services

With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.

Localization Algorithm of Indoor Wi-Fi Access Points Based on Signal Strength Relative Relationship and Region Division

Precise localization techniques for indoor Wi-Fi access points(APs)have important application in the security inspection.However,due to the interference of environment factors such as multipath propagation and NLOS(Non-Line-of-Sight),the existing methods for localization indoor Wi-Fi access points based on RSS ranging tend to have lower accuracy as the RSS(Received Signal Strength)is difficult to accurately measure.Therefore,the localization algorithm of indoor Wi-Fi access points based on the signal strength relative relationship and region division is proposed in this paper.The algorithm hierarchically divide the room where the target Wi-Fi AP is located,on the region division line,a modified signal collection device is used to measure RSS in two directions of each reference point.All RSS values are compared and the region where the RSS value has the relative largest signal strength is located as next candidate region.The location coordinate of the target Wi-Fi AP is obtained when the localization region of the target Wi-Fi AP is successively approximated until the candidate region is smaller than the accuracy threshold.There are 360 experiments carried out in this paper with 8 types of Wi-Fi APs including fixed APs and portable APs.The experimental results show that the average localization error of the proposed localization algorithm is 0.30 meters,and the minimum localization error is 0.16 meters,which is significantly higher than the localization accuracy of the existing typical indoor Wi-Fi access point localization methods.

Spatial Pattern and Development of Protected Areas in the North-south Transitional Zone of China

The north-south transitional zone in China mainly consists of the Qinling-Daba Mountains. It is the most important West-East geo-ecological space in China, containing protected areas vital for biodiversity conservation and ecological security of China. The protection and rational development of its natural habitat is of great significance to China’s ecological security and integration of protected areas based on mountain forest ecosystems on a global scale. In this study, five important types of protected areas in the transitional zone were selected, and their spatial patterns were analysed. Spatial analysis methods, such as kernel density estimation and accessibility analysis, were employed for both point and areal data, and focused on four aspects: land use scale, shift in the centre of gravity, spatial agglomeration, and accessibility. In addition, policy background and evolution of spatial and temporal characteristics of the protected area system in the transitional zone from 1963 to 2017 were also examined. We analysed the characteristics and geographical significance of the West-east corridor using the spatial pattern of the protected area system from the perspective of ecological and economic spaces. We focused on spatial shape, type intersection, and key areas to analyse the spatial overlap of the protected areas. Protected area establishment was divided into three stages: initial(1956–1980), rapid development(1981–2013), and national park transformation(2014–present). These stages reflected the change in the concept of ‘simple protection—sustainable use—integration and upgrade’ for protected areas of China. The spatial centre of gravity of the protection zone system was located in the west Qinling-Daba Mountains, and its high-density core exhibited a relatively stable N-shaped structure composed of four gathering areas. Affected by factors such as geographic environment and socio-economic development density, the average access time for protected areas was high(1.56 h);wetland parks and scenic areas are located closer to the city centre. As the West-east corridor in the transitional zone extends from west to east, there is a clear spatial dislocation between the development of protected areas and the intensity of human activities. During development, differentiated goal orientation should be adopted based on the idea of zoning and classified governance. With the advancement of the construction of protected areas, the spatial overlap of protected areas in the transition zone has become more prominent. At present, the spatially overlapped protected areas in the transitional zone remain prominent, with inclusion overlap being the most common, and forest parks exhibiting the highest probability of overlap with other protected areas, we should focus on in the integration process of the corridor-type ecological space based on the mountain forest ecosystem.

A Robust Wi-Fi Fingerprinting Indoor Localization Coping with Access Point Movement

A Wi-Fi fingerprinting localization approach has attracted increasing attention in recent years due to the ubiquity of Access Point( AP). However,typical fingerprinting localization methods fail to resist accidental environmental changes,such as AP movement. In order to address this problem,a robust fingerprinting indoor localization method is initiated. In the offline phase,three attributes of Received Signal Strength Indication( RSSI) —average,standard deviation and AP's response rate—are computed to prepare for the subsequent computation. In this way,the underlying location-relevant information can be captured comprehensively. Then in the online phase, a three-step voting scheme-based decision mechanism is demonstrated, detecting and eliminating the part of AP where the signals measured are severely distorted by AP 's movement. In the following localization step,in order to achieve accuracy and efficiency simultaneously,a novel fingerprinting localization algorithm is applied. Bhattacharyya distance is utilized to measure the RSSI distribution distance,thus realizing the optimization of MAximum Overlapping algorithm( MAO). Finally,experimental results are displayed,which demonstrate the effectiveness of our proposed methods in eliminating outliers and attaining relatively higher localization accuracy.

Creation of Virtual Wi-Fi Access Point and Secured Wi-Fi Pairing, through NFC

The growing ubiquity of Wi-Fi networks combined with the integration of low-cost Wi-Fi chipsets in all devices makes Wi-Fi as the wireless technology the most used for accessing to internet [1]. This means that the development of a Wi-Fi strategy has become an imperative for almost all operators worldwide. In this context, APs (Access Points) have to become as secure as cellular networks. Furthermore, authentication process between a mobile device and an access point has to be automated, without user constraining configuration. For reaching this purpose, client must have different credentials depending on authentication method. Our goal is to create an architecture that is both ergonomic and flexible in order to meet the need for connection and client mobility. We use NFC technology as a radio channel for starting communication with the network. The communication initiation will instantiate a virtual Wi-Fi AP and distribute all policies and access certificates for an authentication based on EAP-TLS (it could be extended to any EAP method for 802.1X standard). The end result of our new topology is to allow access to services through a virtual Wi-Fi AP with an enterprise-grade in a public hotspot.

Java类protected继承链访问控制机制研究

基于从C++语言到Java语言类封装特性的演变,从类和类的继承两个方面讨论了Java打包类的4层访问控制特性,特别剖析、提出并用例程论证了Java类Protected继承链访问控制机制,研究结果为目前关于Java类封装机制的认识提供了补充。

A Protective Mechanism for the Access Control System in the Virtual Domain

In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-

瑞安华数Wi-Fi降频接入网络MoCA Access1.1+改造升级方案

本文介绍了瑞安华数公司用Mo CA Access 1.1+(头端吞吐率800Mbps)升级原有Wi-Fi降频接入网络,为用户提供20Mbps^50Mbps带宽,解决原有网络的问题。

Prevalence of Occupational Injury and Knowledge of Post-Exposure Prophylaxis Accessibility among Healthcare Workers in Mogadishu, Somalia

Introduction: Healthcare workers in Mogadishu, Somalia face significant occupational injury risks, particularly needle stick injuries, with 61.1% reporting incidents. This poses a serious threat to their health, leading to infections such as hepatitis B, hepatitis C, and HIV. Despite the high prevalence of injuries, awareness of Post-Exposure Prophylaxis (PEP) accessibility is relatively high, with 84.0% of respondents aware of it. However, there are gaps in knowledge and implementation, as evidenced by variations in availability of PEP. Improving workplace safety measures, providing comprehensive training on injury prevention and PEP protocols, and ensuring consistent availability of PEP in healthcare facilities are crucial steps to safeguard the well-being of healthcare workers in Mogadishu, Somalia. Methods: A cross-sectional study was conducted among hospital workers in Mogadishu, Somalia, focusing on professionals from various healthcare facilities. The study targeted nurses, doctors, laboratory personnel, and pharmacists. Purposive sampling was employed, resulting in a sample size of 383 calculated using Fisher’s sample size formula. Data were collected using coded questionnaires entered into Microsoft Excel 2019 and analyzed with SPSS software to generate frequencies and proportions, presented through frequency tables and pie figures. Results: The study in Mogadishu, Somalia, examined the prevalence of occupational injuries and knowledge of Post-Exposure Prophylaxis (PEP) accessibility among healthcare workers. Findings indicate a high prevalence of injuries, with 61.1% reporting incidents, predominantly needle stick injuries (60.6%). Despite the majority seeking prompt medical attention (72.0%), work-related illnesses affected 53.2% of respondents, notably work-related stress (59.5%). While most received training on injury and illness prevention (68.9%), gaps exist in PEP awareness, with 16.0% unaware of it. Nonetheless, 84.0% were aware, predominantly through health facilities (52.0%). Availability of PEP was reported by 71.3% in healthcare facilities, with variations in shift availability. The majority reported guidelines for PEP use (55.7%). Efforts are needed to bolster PEP awareness and ensure consistent availability in healthcare facilities to safeguard worker health. Conclusion: High prevalence of occupational injuries among healthcare workers, with needle stick injuries being the most common (60.6%). Despite this, 84.0% of respondents were aware of Post-Exposure Prophylaxis (PEP), primarily learning about it from health facilities (52.0%). While 71.3% reported the availability of PEP in their facility, 28.7% noted its unavailability. These results emphasize the need for improved education and accessibility of PEP to mitigate occupational injury risks.

铁路站场无线Wi-Fi安全接入方案研究

针对目前铁路站场各类应用所使用的无线Wi-Fi网络接入存在的问题和风险,提出一种安全接入方案。依据等级保护相关技术要求和标准,从终端接入认证、用户身份认证、终端安全监测等方面对铁路站场移动终端安全接入方案进行构思,设计了铁路站场无线Wi-Fi安全接入框架及移动终端安全接入流程,明确了无线接入点、无线网络控制器、Wi-Fi安全接入网关、移动终端安全管理平台的功能定位。通过安全性分析,验证了该方案可实现铁路站场接入终端安全可控、接入用户安全可信、终端安全状态持续检测和异常终端拒绝接入等功能,支持铁路各站场Wi-Fi的统一管理和运维,降低了铁路站场网络安全防护的建设成本和运维成本,适用于各铁路局站场无线Wi-Fi环境。

基于大数据的继电保护运维管理系统的设计与实现

在双碳背景下,促进清洁能源消纳与碳减排已成为电网发展的重要目标。提出了一种优化方法,考虑可再生能源不确定性与系统功率储备进行系统调度。在预测误差分析的基础上,提出了一种基于负荷损失概率的评估方法,以确定系统运行储备功率。将系统运营成本和二氧化碳排放量建模为优化目标。优化过程包括两个阶段,在第一阶段优化中利用混合整数线性规划方法进行确定性优化,生成具有规定功率储备要求的发电机组组合。在第二阶段优化中考虑预测不确定性,对运行计划进行调整,使用可控发电机来处理预测偏差。将不同方法下可用运行储备功率、成本和二氧化碳排放量在仿真中进行了对比。与传统大数据技术及智能电网的发展为继电保护系统历史数据进行深层次挖掘提供了支撑,以此为基础研究了基于大数据的继电保护运维管理系统。文章针对基于大数据的继电保护运维管理系统进行设计,详细阐述了系统架构、数据库设计、系统功能模块、系统实现。系统在原始数据预处理的基础上进行数据可视化,从统计分析和动态分析两个角度对保护设备进行评估,实现了设备失效数据的统计计算、设备缺陷关联性分析、运行水平评估以及设备状态检修功能。系统实现了继电保护设备运维全流程管理,最终服务于继电保护检修工作,能够为运行人员状态检修提供参考,对于减小维修的盲目性、提高检修工作效率具有参考价值。

基于区块链的可信分布式工业数据治理方案

针对当前工业系统缺乏统一的产品数据共享服务,限制了用户获取可信的产品追溯信息的问题,基于区块链设计可信分布式工业数据治理方案,实现高效、安全的产品数据共享与治理.产品数据生成者将数据提交到区块链系统之前,在离链状态下对产品数据进行压缩和加密.为了在离链过程中使产品数据可用,系统通过2种类型的区块链交易(生成者交易和数据交易)支持离链/链上数据访问.提供混合访问控制机制用于加密产品数据,将秘密密钥仅提供给经过授权的数据用户.该方案能够有效地保护产品数据的隐私性,提供细粒度的访问控制,能够对产品数据生成的全流程进行溯源.系统性能的测试结果表明,在secp256k1椭圆曲线上(提供128 bit安全性),密钥生成阶段的计算和通信开销不高于81.592 ms和2.83 kB,数据提交阶段不高于50.251 ms和3.59 kB,数据更新时间不超过251.596 ms,数据读取时间不高于311.104 ms.与同类方案的性能比较结果证实了该方案的高效性.

元宇宙下虚拟数字人信息保护的困境与解决路径

元宇宙下虚拟数字人信息与元宇宙用户信息实时传递,具有同步性,但相较于以自然人为主体的个人信息保护,虚拟数字人信息缺少相应的监管与保护措施,泄露风险加剧。现有立法无法对虚拟数字人信息保护的适用范围、责任认定等核心内容提供精细指引。基于此,当前应立足民法保护、算法技术归责以及行业规范三维路径。首先,确定虚拟数字人法律主体地位、厘清虚拟数字人信息保护范围;其次,建立算法数字技术归责体系,明确责任承担方式;最后,确定元宇宙平台的准入标准、明晰企业的权利义务。

数字素养对粮农耕地质量保护技术采纳行为的影响研究

耕地质量对于保障我国粮食安全和农业可持续发展至关重要,如何促进粮农进行耕地质量保护值得探讨。文章利用中国乡村振兴调查(CRRS)数据,基于Oprobit模型实证分析数字素养对粮农耕地质量保护技术采纳行为的影响及作用路径,助力耕地质量保护。研究结果显示:数字素养对粮农耕地质量保护技术采纳行为具有显著的正向影响,经过内生性处理和一系列稳健性检验后,结论依然成立;机制检验发现,数字素养可以通过提升信息获取能力、增加农业社会化服务采纳和强化农业保险购买来促进粮农采纳耕地质量保护技术;异质性分析表明,数字素养对农地经营规模较小、未受灾和村庄有电商服务站的粮农具有显著性行为响应效果。

Access数据库加密系统的安全性及其保护措施

ACCESS数据库结构简。单、功能比较齐全、使用维护方便，因此，在功能能够满足要求的条件下，往往成为一些小型数据库软件的首选。但是由于数据库的加密机制非常简单，很容易破解数据库密码，安全性差。本文在分析了MSAccess数据库的加密原理以及现有破解方法的基础上，给出了简便易行的保护措施。并且，用VB给出了切实可行的实现方案。应用表明，该保护措施能有效地提高数据库的安全性。

基于区块链的医院智慧管理系统数据安全研究

随着医疗信息化的迅速发展,医院智慧管理系统在提升医疗服务质量和效率方面发挥着关键作用。然而,医疗数据的敏感性和重要性带来了严峻的安全挑战。文章应用区块链技术来保护医院智慧管理系统的数据安全,并提出了一种创新的基于区块链的数据安全架构。该架构充分利用了分布式存储、共识机制和智能合约等核心技术,有效解决了数据完整性、隐私保护和访问控制等关键问题。实验结果表明,文章方案在保障数据安全性的同时显著提高了系统的效率和可扩展性,为医疗信息化建设提供了新思路和方法,对推动医疗行业的数字化转型具有重要意义。

网络空间中数字身份认同与个人隐私保护

本文基于对10000名网民数字身份行为数据进行的统计分析,探讨了网络空间中数字身份认同的技术实现方式及其存在的隐私安全问题。研究发现,62.5%的用户在多个网络平台采用同一数字身份,75.3%的用户遭遇过不同程度的隐私信息泄露。针对上述问题,本文从密码学、访问控制、可信计算、隐私保护数据挖掘等技术层面,提出了一种基于联邦学习的隐私保护数字身份认同方案。仿真实验表明,该方案能够有效平衡数字身份的可用性与隐私安全性。

智能化办公环境下的数据隐私保护

随着智能化办公环境的不断发展,数据隐私保护已成为当今信息化领域的重要课题。该文旨在探讨在智能化办公环境下如何有效保护数据隐私的问题,针对当前数据隐私保护存在的挑战,通过分析关键技术和策略,提出了一套综合的数据隐私保护方案。该文通过对基于角色的访问控制、数据分类与敏感度分析以及数据审计与监控机制等关键技术的深入研究,阐述了在智能化办公环境中有效保护数据隐私的可行性和必要性,并就其实际应用进行了探讨与分析,最终得出了一系列可行的解决方案和建议。

Blockchain Data Privacy Access Control Based on Searchable Attribute Encryption

Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent characteristics as public,distributed,decentration and chronological characteristics.However,the transaction information on the blockchain is open to all nodes,the transaction information update operation is even more transparent.And the leakage of transaction information will cause huge losses to the transaction party.In response to these problems,this paper combines hierarchical attribute encryption with linear secret sharing,and proposes a blockchain data privacy protection control scheme based on searchable attribute encryption,which solves the privacy exposure problem in traditional blockchain transactions.The user’s access control is implemented by the verification nodes,which avoids the security risks of submitting private keys and access structures to the blockchain network.Associating the private key component with the random identity of the user node in the blockchain can solve the collusion problem.In addition,authorized users can quickly search and supervise transaction information through searchable encryption.The improved algorithm ensures the security of keywords.Finally,based on the DBDH hypothesis,the security of the scheme is proved in the random prediction model.

Novel Private Data Access Control Scheme Suitable for Mobile Edge Computing

Efficient response speed and information processing speed are among the characteristics of mobile edge computing(MEC).However,MEC easily causes information leakage and loss problems because it requires frequent data exchange.This work proposes an anonymous privacy data protection and access control scheme based on elliptic curve cryptography(ECC)and bilinear pairing to protect the communication security of the MEC.In the proposed scheme,the information sender encrypts private information through the ECC algorithm,and the information receiver uses its own key information and bilinear pairing to extract and verify the identity of the information sender.During each round of communication,the proposed scheme uses timestamps and random numbers to ensure the freshness of each round of conversation.Experimental results show that the proposed scheme has good security performance and can provide data privacy protection,integrity verification,and traceability for the communication process of MEC.The proposed scheme has a lower cost than other related schemes.The communication and computational cost of the proposed scheme are reduced by 31.08% and 22.31% on average compared with those of the other related schemes.