In pervasive computing environments,users can get services anytime and anywhere,but the ubiquity and mobility of the environments bring new security challenges.The user and the service provider do not know each other ...In pervasive computing environments,users can get services anytime and anywhere,but the ubiquity and mobility of the environments bring new security challenges.The user and the service provider do not know each other in advance,they should mutually authenticate each other.The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous.Privacy and security are two important but seemingly contradictory objectives.As a result,a user prefers not to expose any sensitive information to the service provider such as his physical location,ID and so on when being authenticated.In this paper,a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed.Not only can a user's anonymous authentication be achieved,but also the public key cryptography operations can be reduced by adopting this scheme.Different access control policies for different services are enabled by using biometric encryption technique.The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.展开更多
Reversible data hiding techniques are capable of reconstructing the original cover image from stego-images. Recently, many researchers have focused on reversible data hiding to protect intellectual property rights. In...Reversible data hiding techniques are capable of reconstructing the original cover image from stego-images. Recently, many researchers have focused on reversible data hiding to protect intellectual property rights. In this paper, we combine reversible data hiding with the chaotic Henon map as an encryption technique to achieve an acceptable level of confidentiality in cloud computing environments. And, Haar digital wavelet transformation (HDWT) is also applied to convert an image from a spatial domain into a frequency domain. And then the decimal of coefficients and integer of high frequency band are modified for hiding secret bits. Finally, the modified coefficients are inversely transformed to stego-images.展开更多
Under virtualization idea based on large-scale dismantling and sharing, the implementing of network interconnection of calculation components and storage components by loose coupling, which are tightly coupling in tra...Under virtualization idea based on large-scale dismantling and sharing, the implementing of network interconnection of calculation components and storage components by loose coupling, which are tightly coupling in traditional server, achieves computing capacity, storage capacity and service capacity distri- bution according to need in application-level. Under the new server model, the segregation and protection of user space and system space as well as the security monitoring of virtual resources are the important factors of ultimate security guarantee. This article presents a large-scale and expansible distributed invasion detection system of virtual computing environment based on virtual machine. The system supports security monitoring management of global resources and provides uniform view of security attacks under virtual computing environment, thereby protecting the user applications and system security under capacity services domain.展开更多
Resources over Internet have such intrinsic characteristics as growth, autonomy and diversity, which have brought many challenges to the efficient sharing and comprehensive utilization of these resources. This paper p...Resources over Internet have such intrinsic characteristics as growth, autonomy and diversity, which have brought many challenges to the efficient sharing and comprehensive utilization of these resources. This paper presents a novel approach for the construction of the Internet-based Virtual Computing Environment (iVCE), whose sig- nificant mechanisms are on-demand aggregation and autonomic collaboration. The iVCE is built on the open infrastructure of the Internet and provides harmonious, transparent and integrated services for end-users and applications. The concept of iVCE is presented and its architectural framework is described by introducing three core concepts, i.e., autonomic element, virtual commonwealth and virtual executor. Then the connotations, functions and related key technologies of each components of the architecture are deeply analyzed with a case study, iVCE for Memory.展开更多
To reduce the running time of network simulation in heterogeneous computing environment,a network simulation task partition method,named LBPHCE,is put forward.In this method,the network simulation task is partitioned ...To reduce the running time of network simulation in heterogeneous computing environment,a network simulation task partition method,named LBPHCE,is put forward.In this method,the network simulation task is partitioned in comprehensive consideration of the load balance of both routing computing simulation and packet forwarding simulation.First,through benchmark experiments,the computation ability and routing simulation ability of each simulation machine are measured in the heterogeneous computing environment.Second,based on the computation ability of each simulation machine,the network simulation task is initially partitioned to meet the load balance of packet forwarding simulation in the heterogeneous computing environment,and then according to the routing computation ability,the scale of each partition is fine-tuned to satisfy the balance of the routing computing simulation,meanwhile the load balance of packet forwarding simulation is guaranteed.Experiments based on PDNS indicate that,compared to traditional uniform partition method,the LBPHCE method can reduce the total simulation running time by 26.3%in average,and compared to the liner partition method,it can reduce the running time by 18.3%in average.展开更多
This article presents an innovative approach to automatic rule discovery for data transformation tasks leveraging XGBoost,a machine learning algorithm renowned for its efficiency and performance.The framework proposed...This article presents an innovative approach to automatic rule discovery for data transformation tasks leveraging XGBoost,a machine learning algorithm renowned for its efficiency and performance.The framework proposed herein utilizes the fusion of diversified feature formats,specifically,metadata,textual,and pattern features.The goal is to enhance the system’s ability to discern and generalize transformation rules fromsource to destination formats in varied contexts.Firstly,the article delves into the methodology for extracting these distinct features from raw data and the pre-processing steps undertaken to prepare the data for the model.Subsequent sections expound on the mechanism of feature optimization using Recursive Feature Elimination(RFE)with linear regression,aiming to retain the most contributive features and eliminate redundant or less significant ones.The core of the research revolves around the deployment of the XGBoostmodel for training,using the prepared and optimized feature sets.The article presents a detailed overview of the mathematical model and algorithmic steps behind this procedure.Finally,the process of rule discovery(prediction phase)by the trained XGBoost model is explained,underscoring its role in real-time,automated data transformations.By employingmachine learning and particularly,the XGBoost model in the context of Business Rule Engine(BRE)data transformation,the article underscores a paradigm shift towardsmore scalable,efficient,and less human-dependent data transformation systems.This research opens doors for further exploration into automated rule discovery systems and their applications in various sectors.展开更多
Infrastructure as a Service(IaaS)provides logical separation between data,network,applications and machines from the physical constrains of real machines.IaaS is one of the basis of cloud virtualization.Recently,secur...Infrastructure as a Service(IaaS)provides logical separation between data,network,applications and machines from the physical constrains of real machines.IaaS is one of the basis of cloud virtualization.Recently,security issues are also gradually emerging with virtualization of cloud computing.Different security aspects of cloud virtualization will be explored in this research paper,security recognizing potential threats or attacks that exploit these vulnerabilities,and what security measures are used to alleviate such threats.In addition,a dis-cussion of general security requirements and the existing security schemes is also provided.As shown in this paper,different components of virtualization environ-ment are targets to various attacks that in turn leads to security issues compromis-ing the whole cloud infrastructure.In this paper an overview of various cloud security aspects is also provided.Different attack scenarios of virtualization envir-onments and security solutions to cater these attacks have been discussed in the paper.We then proceed to discuss API security concerns,data security,hijacking of user account and other security concerns.The aforementioned discussions can be used in the future to propose assessment criteria,which could be useful in ana-lyzing the efficiency of security solutions of virtualization environment in the face of various virtual environment attacks.展开更多
This paper examines task partition problem in a Multiagent based Distributed Open Computing Environment Model(MDOCEM). We first present a formal method to describe the task partition problem, then give a heuristic al...This paper examines task partition problem in a Multiagent based Distributed Open Computing Environment Model(MDOCEM). We first present a formal method to describe the task partition problem, then give a heuristic algorithm to solve the task partition problem that gives an approximate optimum solution.展开更多
The initiative of internet-based virtual computing environment (iVCE) aims to provide the end users and applications with a harmonions, trustworthy and transparent integrated computing environment which will facilit...The initiative of internet-based virtual computing environment (iVCE) aims to provide the end users and applications with a harmonions, trustworthy and transparent integrated computing environment which will facilitate sharing and collaborating of network resources between applications. Trust management is an elementary component for iVCE. The uncertain and dynamic characteristics of iVCE necessitate the requirement for the trust management to be subjective, historical evidence based and context dependent. This paper presents a Bayesian analysis-based trust model, which aims to secure the active agents for selecting appropriate trusted services in iVCE. Simulations are made to analyze the properties of the trust model which show that the subjective prior information influences trust evaluation a lot and the model stimulates positive interactions.展开更多
We propose a new two-type-player prisoner's dilemma game based on the division of work on a square lattice, in which a fraction of the population μ are assigned type A and the rest B. In a one-shot two-player game, ...We propose a new two-type-player prisoner's dilemma game based on the division of work on a square lattice, in which a fraction of the population μ are assigned type A and the rest B. In a one-shot two-player game, we let both of their original payoffs be scaled by a same multiplicative factor α 〉 1, if two neighboring players are of different types; however we leave the payoffs unchanged if they are of the same type. Then we show that combined with the two-type setup, the square lattice can assist to induce different social ranks according to players' abilities to collect payoffs. Simulation results show that the density of cooperation is significantly promoted for a wide range of the temptation to defection parameters and that there are optimal values for both α and μ leading to the maximal cooperation level. We reach these results by analyzing the distribution of the players in the social ranks and we also show some typical snapshots of the system.展开更多
We study the effect of mutation on the evolutionary prisoner's dilemma in highly clustered scale-free networks. It is found that cooperation is more sensitive and vulnerable to strategy mutation in more highly cluste...We study the effect of mutation on the evolutionary prisoner's dilemma in highly clustered scale-free networks. It is found that cooperation is more sensitive and vulnerable to strategy mutation in more highly clustered networks. For small mutation rates, high clustering coefficient promotes cooperation. For medium mutation rates, high clustering coefficient inhibits the emergence of cooperation. For large mutation rates, cooperation is insensitive to clustering property. We provide explanations for the effects of clustering on cooperation with varied mutation rates.展开更多
We investigate the game theory in a structured population with the assumption that the evolution of network structure is far faster than that of strategy update. We find that the degree distribution for the finM netwo...We investigate the game theory in a structured population with the assumption that the evolution of network structure is far faster than that of strategy update. We find that the degree distribution for the finM network consists of two distinct parts: the low degree part which is contributed to by defectors and a broadband in the regime with high degree which is formed by cooperators. The structure of the final network and the final strategy pattern have also been numerically proved to be independent of the game parameters.展开更多
The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is diffi...The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.展开更多
Internet-based virtual computing environment (iVCE) has been proposed to combine data centers and other kinds of computing resources on the Internet to provide efficient and economical services. Virtual machines (...Internet-based virtual computing environment (iVCE) has been proposed to combine data centers and other kinds of computing resources on the Internet to provide efficient and economical services. Virtual machines (VMs) have been widely used in iVCE to isolate different users/jobs and ensure trustworthiness, but traditionally VMs require a long period of time for booting, which cannot meet the requirement of iVCE's large-scale and highly dynamic applications. To address this problem, in this paper we design and implement VirtMan, a fast booting system for a large number of virtual machines in iVCE. VirtMan uses the Linux Small Computer System Interface (SCSI) target to remotely mount to the source image in a scalable hierarchy, and leverages the homogeneity of a set of VMs to transfer only necessary image data at runtime. We have implemented VirtMan both as a standalone system and for OpenStack. In our 100-server testbed, VirtMan boots up 1000 VMs (with a 15 CB image of Windows Server 2008) on 100 physical servers in less than 120 s, which is three orders of magnitude lower than current public clouds.展开更多
基金Supported by the National Natural Science Foundation of China (No.60703101)
文摘In pervasive computing environments,users can get services anytime and anywhere,but the ubiquity and mobility of the environments bring new security challenges.The user and the service provider do not know each other in advance,they should mutually authenticate each other.The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous.Privacy and security are two important but seemingly contradictory objectives.As a result,a user prefers not to expose any sensitive information to the service provider such as his physical location,ID and so on when being authenticated.In this paper,a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed.Not only can a user's anonymous authentication be achieved,but also the public key cryptography operations can be reduced by adopting this scheme.Different access control policies for different services are enabled by using biometric encryption technique.The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.
文摘Reversible data hiding techniques are capable of reconstructing the original cover image from stego-images. Recently, many researchers have focused on reversible data hiding to protect intellectual property rights. In this paper, we combine reversible data hiding with the chaotic Henon map as an encryption technique to achieve an acceptable level of confidentiality in cloud computing environments. And, Haar digital wavelet transformation (HDWT) is also applied to convert an image from a spatial domain into a frequency domain. And then the decimal of coefficients and integer of high frequency band are modified for hiding secret bits. Finally, the modified coefficients are inversely transformed to stego-images.
基金Supported by the High Technology Research and Development Programme of China (No. 2003AA1Z2070 ) and the National Natural Science Foundation of China (No. 90412013).
文摘Under virtualization idea based on large-scale dismantling and sharing, the implementing of network interconnection of calculation components and storage components by loose coupling, which are tightly coupling in traditional server, achieves computing capacity, storage capacity and service capacity distri- bution according to need in application-level. Under the new server model, the segregation and protection of user space and system space as well as the security monitoring of virtual resources are the important factors of ultimate security guarantee. This article presents a large-scale and expansible distributed invasion detection system of virtual computing environment based on virtual machine. The system supports security monitoring management of global resources and provides uniform view of security attacks under virtual computing environment, thereby protecting the user applications and system security under capacity services domain.
文摘Resources over Internet have such intrinsic characteristics as growth, autonomy and diversity, which have brought many challenges to the efficient sharing and comprehensive utilization of these resources. This paper presents a novel approach for the construction of the Internet-based Virtual Computing Environment (iVCE), whose sig- nificant mechanisms are on-demand aggregation and autonomic collaboration. The iVCE is built on the open infrastructure of the Internet and provides harmonious, transparent and integrated services for end-users and applications. The concept of iVCE is presented and its architectural framework is described by introducing three core concepts, i.e., autonomic element, virtual commonwealth and virtual executor. Then the connotations, functions and related key technologies of each components of the architecture are deeply analyzed with a case study, iVCE for Memory.
基金supported by the National Natural Science Foundation of China(Grant No.61103223)the Natural Science Foundation of Jiangsu Province(No.BK2011003).
文摘To reduce the running time of network simulation in heterogeneous computing environment,a network simulation task partition method,named LBPHCE,is put forward.In this method,the network simulation task is partitioned in comprehensive consideration of the load balance of both routing computing simulation and packet forwarding simulation.First,through benchmark experiments,the computation ability and routing simulation ability of each simulation machine are measured in the heterogeneous computing environment.Second,based on the computation ability of each simulation machine,the network simulation task is initially partitioned to meet the load balance of packet forwarding simulation in the heterogeneous computing environment,and then according to the routing computation ability,the scale of each partition is fine-tuned to satisfy the balance of the routing computing simulation,meanwhile the load balance of packet forwarding simulation is guaranteed.Experiments based on PDNS indicate that,compared to traditional uniform partition method,the LBPHCE method can reduce the total simulation running time by 26.3%in average,and compared to the liner partition method,it can reduce the running time by 18.3%in average.
文摘This article presents an innovative approach to automatic rule discovery for data transformation tasks leveraging XGBoost,a machine learning algorithm renowned for its efficiency and performance.The framework proposed herein utilizes the fusion of diversified feature formats,specifically,metadata,textual,and pattern features.The goal is to enhance the system’s ability to discern and generalize transformation rules fromsource to destination formats in varied contexts.Firstly,the article delves into the methodology for extracting these distinct features from raw data and the pre-processing steps undertaken to prepare the data for the model.Subsequent sections expound on the mechanism of feature optimization using Recursive Feature Elimination(RFE)with linear regression,aiming to retain the most contributive features and eliminate redundant or less significant ones.The core of the research revolves around the deployment of the XGBoostmodel for training,using the prepared and optimized feature sets.The article presents a detailed overview of the mathematical model and algorithmic steps behind this procedure.Finally,the process of rule discovery(prediction phase)by the trained XGBoost model is explained,underscoring its role in real-time,automated data transformations.By employingmachine learning and particularly,the XGBoost model in the context of Business Rule Engine(BRE)data transformation,the article underscores a paradigm shift towardsmore scalable,efficient,and less human-dependent data transformation systems.This research opens doors for further exploration into automated rule discovery systems and their applications in various sectors.
文摘Infrastructure as a Service(IaaS)provides logical separation between data,network,applications and machines from the physical constrains of real machines.IaaS is one of the basis of cloud virtualization.Recently,security issues are also gradually emerging with virtualization of cloud computing.Different security aspects of cloud virtualization will be explored in this research paper,security recognizing potential threats or attacks that exploit these vulnerabilities,and what security measures are used to alleviate such threats.In addition,a dis-cussion of general security requirements and the existing security schemes is also provided.As shown in this paper,different components of virtualization environ-ment are targets to various attacks that in turn leads to security issues compromis-ing the whole cloud infrastructure.In this paper an overview of various cloud security aspects is also provided.Different attack scenarios of virtualization envir-onments and security solutions to cater these attacks have been discussed in the paper.We then proceed to discuss API security concerns,data security,hijacking of user account and other security concerns.The aforementioned discussions can be used in the future to propose assessment criteria,which could be useful in ana-lyzing the efficiency of security solutions of virtualization environment in the face of various virtual environment attacks.
文摘This paper examines task partition problem in a Multiagent based Distributed Open Computing Environment Model(MDOCEM). We first present a formal method to describe the task partition problem, then give a heuristic algorithm to solve the task partition problem that gives an approximate optimum solution.
基金The National Basic Research 973 Program of China (No2005CB321804)
文摘The initiative of internet-based virtual computing environment (iVCE) aims to provide the end users and applications with a harmonions, trustworthy and transparent integrated computing environment which will facilitate sharing and collaborating of network resources between applications. Trust management is an elementary component for iVCE. The uncertain and dynamic characteristics of iVCE necessitate the requirement for the trust management to be subjective, historical evidence based and context dependent. This paper presents a Bayesian analysis-based trust model, which aims to secure the active agents for selecting appropriate trusted services in iVCE. Simulations are made to analyze the properties of the trust model which show that the subjective prior information influences trust evaluation a lot and the model stimulates positive interactions.
基金Supported by the National Basic Research Program of China under Grant No 2006CB705500, the National Natural Science Foundation of China under Grant Nos 60744003, 10635040 and 10532060, the Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No 20060358065, and the National Science Fund for Fostering Talents in Basic Science (J0630319).
文摘We propose a new two-type-player prisoner's dilemma game based on the division of work on a square lattice, in which a fraction of the population μ are assigned type A and the rest B. In a one-shot two-player game, we let both of their original payoffs be scaled by a same multiplicative factor α 〉 1, if two neighboring players are of different types; however we leave the payoffs unchanged if they are of the same type. Then we show that combined with the two-type setup, the square lattice can assist to induce different social ranks according to players' abilities to collect payoffs. Simulation results show that the density of cooperation is significantly promoted for a wide range of the temptation to defection parameters and that there are optimal values for both α and μ leading to the maximal cooperation level. We reach these results by analyzing the distribution of the players in the social ranks and we also show some typical snapshots of the system.
文摘We study the effect of mutation on the evolutionary prisoner's dilemma in highly clustered scale-free networks. It is found that cooperation is more sensitive and vulnerable to strategy mutation in more highly clustered networks. For small mutation rates, high clustering coefficient promotes cooperation. For medium mutation rates, high clustering coefficient inhibits the emergence of cooperation. For large mutation rates, cooperation is insensitive to clustering property. We provide explanations for the effects of clustering on cooperation with varied mutation rates.
基金Supported by the New Century Excellent Talent Project of the Ministry of Education of China under Grant No NECT-07-0112, and the National Natural Science Foundation of China under Grant No 10775022.
文摘We investigate the game theory in a structured population with the assumption that the evolution of network structure is far faster than that of strategy update. We find that the degree distribution for the finM network consists of two distinct parts: the low degree part which is contributed to by defectors and a broadband in the regime with high degree which is formed by cooperators. The structure of the final network and the final strategy pattern have also been numerically proved to be independent of the game parameters.
文摘The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.
基金supported by the National Natural Science Foundation of China(Nos.61379055 and 61379053)
文摘Internet-based virtual computing environment (iVCE) has been proposed to combine data centers and other kinds of computing resources on the Internet to provide efficient and economical services. Virtual machines (VMs) have been widely used in iVCE to isolate different users/jobs and ensure trustworthiness, but traditionally VMs require a long period of time for booting, which cannot meet the requirement of iVCE's large-scale and highly dynamic applications. To address this problem, in this paper we design and implement VirtMan, a fast booting system for a large number of virtual machines in iVCE. VirtMan uses the Linux Small Computer System Interface (SCSI) target to remotely mount to the source image in a scalable hierarchy, and leverages the homogeneity of a set of VMs to transfer only necessary image data at runtime. We have implemented VirtMan both as a standalone system and for OpenStack. In our 100-server testbed, VirtMan boots up 1000 VMs (with a 15 CB image of Windows Server 2008) on 100 physical servers in less than 120 s, which is three orders of magnitude lower than current public clouds.