The electrification of vehicle helps to improve its operation efficiency and safety.Due to fast development of network,sensors,as well as computing technology,it becomes realizable to have vehicles driving autonomousl...The electrification of vehicle helps to improve its operation efficiency and safety.Due to fast development of network,sensors,as well as computing technology,it becomes realizable to have vehicles driving autonomously.To achieve autonomous driving,several steps,including environment perception,path-planning,and dynamic control,need to be done.However,vehicles equipped with on-board sensors still have limitations in acquiring necessary environmental data for optimal driving decisions.Intelligent and connected vehicles(ICV)cloud control system(CCS)has been introduced as a new concept as it is a potentially synthetic solution for high level automated driving to improve safety and optimize traffic flow in intelligent transportation.This paper systematically investigated the concept of cloud control system from cloud related applications on ICVs,and cloud control system architecture design,as well as its core technologies development.Based on the analysis,the challenges and suggestions on cloud control system development have been addressed.展开更多
The concept of cloud control systems is discussed in this paper, which is an extension of networked control systems(NCSs). With the development of internet of things(IOT), the technology of NCSs has played a key role ...The concept of cloud control systems is discussed in this paper, which is an extension of networked control systems(NCSs). With the development of internet of things(IOT), the technology of NCSs has played a key role in IOT. At the same time, cloud computing is developed rapidly, which provides a perfect platform for big data processing, controller design and performance assessment. The research on cloud control systems will give new contribution to the control theory and applications in the near future.展开更多
With the advantage of fast calculation and map resources on cloud control system(CCS), cloud-based predictive cruise control(CPCC) for heavy trucks has great potential to improve energy efficiency, which is significan...With the advantage of fast calculation and map resources on cloud control system(CCS), cloud-based predictive cruise control(CPCC) for heavy trucks has great potential to improve energy efficiency, which is significant to achieve the goal of national carbon neutrality. However, most investigations focus on the on-board predictive cruise control(PCC) system,lack of research on CPCC architecture under CCS. Besides, the current PCC algorithms have the problems of a single control target and high computational complexity, which hinders the improvement of the control effect. In this paper, a layered architecture based on CCS is proposed to effectively address the realtime computing of CPCC system and the deployment of its algorithm on vehicle-cloud. In addition, based on the dynamic programming principle and the proposed road point segmentation method(RPSM), a PCC algorithm is designed to optimize the speed and gear of heavy trucks with slope information. Simulation results show that the CPCC system can adaptively control vehicle driving through the slope prediction, with fuel-saving rate of 6.17% in comparison with the constant cruise control. Also,compared with other similar algorithms, the PCC algorithm can make the engine operate more in the efficient zone by cooperatively optimizing the gear and speed. Moreover, the RPSM algorithm can reconfigure the road in advance, with a 91% roadpoint reduction rate, significantly reducing algorithm complexity.Therefore, this study has essential research significance for the economic driving of heavy trucks and the promotion of the CPCC system.展开更多
Rich semantic information in natural language increases team efficiency in human collaboration, reduces dependence on high precision data information, and improves adaptability to dynamic environment. We propose a sem...Rich semantic information in natural language increases team efficiency in human collaboration, reduces dependence on high precision data information, and improves adaptability to dynamic environment. We propose a semantic centered cloud control framework for cooperative multi-unmanned ground vehicle(UGV) system. Firstly, semantic modeling of task and environment is implemented by ontology to build a unified conceptual architecture, and secondly, a scene semantic information extraction method combining deep learning and semantic web rule language(SWRL) rules is used to realize the scene understanding and task-level cloud task cooperation. Finally, simulation results show that the framework is a feasible way to enable autonomous unmanned systems to conduct cooperative tasks.展开更多
The rapid increase of the scale and the complexity of the controlled plants bring new challenges such as computing power and storage for conventional control systems.Cloud computing is concerned as a powerful solution...The rapid increase of the scale and the complexity of the controlled plants bring new challenges such as computing power and storage for conventional control systems.Cloud computing is concerned as a powerful solution to handle complex large-scale control missions by using sufficient computing resources.However,the computing ability enables more complex devices and more data to be involved and most of the data have not been fully utilized.Meanwhile,it is even impossible to obtain an accurate model of each device in the complex control systems for the model-based control algorithms.Therefore,motivated by the above reasons,we propose a data-driven predictive cloud control system.To achieve the proposed system,a practical data-driven predictive cloud control testbed is established and together a cloud-edge communication scheme is developed.Finally,the simulations and experiments demonstrate the effectiveness of the proposed system.展开更多
Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payme...Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.展开更多
Cloud computing is touted as the next big thing in the Information Technology (IT) industry, which is going to impact the businesses of any size and yet the security issue continues to pose a big threat on it. The sec...Cloud computing is touted as the next big thing in the Information Technology (IT) industry, which is going to impact the businesses of any size and yet the security issue continues to pose a big threat on it. The security and privacy issues persisting in cloud computing have proved to be an obstacle for its widespread adoption. In this paper, we look at these issues from a business perspective and how they are damaging the reputation of big companies. There is a literature review on the existing issues in cloud computing and how they are being tackled by the Cloud Service Providers (CSP). We propose a governing body framework which aims at solving these issues by establishing relationship amongst the CSPs in which the data about possible threats can be generated based on the previous attacks on other CSPs. The Governing Body will be responsible for Data Center control, Policy control, legal control, user awareness, performance evaluation, solution architecture and providing motivation for the entities involved.展开更多
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure ...As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.展开更多
With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To addres...With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To address these challenges, the server-aided access control(SAAC) system was proposed. The SAAC system builds upon a variant of conditional proxy re-encryption(CPRE) named threshold conditional proxy re-encryption(TCPRE). In TCPRE, t out of n proxies can re-encrypt ciphertexts(satisfying some specified conditions) for the delegator(while up to t-1 proxies cannot), and the correctness of the re-encrypted ciphertexts can be publicly verified. Both features guarantee the trust and reliability on the proxies deployed in the SAAC system. The security models for TCPRE were formalized, several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.展开更多
With the rapid development of cloud computing and control theory, a new paradigm of networked control systems called cloud control systems is proposed to meet the requirements of large-scale and complex applications. ...With the rapid development of cloud computing and control theory, a new paradigm of networked control systems called cloud control systems is proposed to meet the requirements of large-scale and complex applications. Currently, cloud control systems are mainly built by using a centralized architecture. The centralized system is overly dependent on the central control plane and has huge challenges in large-scale heterogeneous node systems. In this paper, we propose a decentralized approach to establish cloud control systems by proposing a distributed point-to-point task routing method. A considerable number of tasks in the system will not rely on the central plane and will be directly routed to the target devices through the pointto-point routing method, which improves the horizontal scalability of the cloud control system. The point-to-point routing method directly gives a unique address to every task, making inter-task communication more efficient in a complex heterogeneous and busy cloud control systems. Finally, we experimentally demonstrate that the distributed point-to-point task routing approach is compatible against the state-of-the-art central systems in large-scale task situations.展开更多
With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issu...With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.展开更多
Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies...Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.展开更多
In this paper, stochastic stabilization is investigated by max-plus algebra for a Markovian jump cloud control system with a reference signal. For the Markovian jump cloud control system, there exists framework adjust...In this paper, stochastic stabilization is investigated by max-plus algebra for a Markovian jump cloud control system with a reference signal. For the Markovian jump cloud control system, there exists framework adjustment whose evolution is satisfied with a Markov chain. Using max-plus algebra, a maxplus stochastic system is used to describe the Markovian jump cloud control system. A causal feedback matrix is obtained by exponential stability analysis for a causal feedback controller of the Markovian jump cloud control system. A sufficient condition is given to ensure existence on the causal feedback matrix of the causal feedback controller. Based on the causal feedback controller, stochastic stabilization in probability is analyzed for the Markovian jump cloud control system with a reference signal.Simulation results are given to show effectiveness of the causal feedback controller for the Markovian jump cloud control system.展开更多
In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from in...In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.展开更多
The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features ...The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features such as rapid provisioning,automated protection and restoration(P&R),efficient resource allocation,and support for different quality of service(QoS) requirements.In this paper,we propose a novel stateful PCE-cloud(SPC)based architecture of GMPLS optical networks for cloud services.The cloud computing technologies(e.g.virtualization and parallel computing) are applied to the construction of SPC for improving the reliability and maximizing resource utilization.The functions of SPC and GMPLS based control plane are expanded according to the features of cloud services for different QoS requirements.The architecture and detailed description of the components of SPC are provided.Different potential cooperation relationships between public stateful PCE cloud(PSPC) and region stateful PCE cloud(RSPC) are investigated.Moreover,we present the policy-enabled and constraint-based routing scheme base on the cooperation of PSPC and RSPC.Simulation results for verifying the performance of routing and control plane reliability are analyzed.展开更多
Access control has made a long way from 1960s. With the advent changes of technologies pertaining to location transparency in storage of data, there arises different access control scenarios. Cloud storage, the predom...Access control has made a long way from 1960s. With the advent changes of technologies pertaining to location transparency in storage of data, there arises different access control scenarios. Cloud storage, the predominant storage that is being in use currently, also paves way to various access control problems. Though there are various access control mechanisms such as RBAC, ABAC, they are designed on the user’s perspective such as the role held by the user or other attributes assigned to the user. A new access control mechanism called object relationship based access control (RoBAC) has been developed based on the relations held among the users. The policy decision of access control is based on the relationship among the classes followed in the Java programming. Results have shown that this model best suits various scenarios in the cloud environment, and it also shows that the time for making decision either to allow or to deny is reduced compared to the existing system.展开更多
In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption an...In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.展开更多
To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put...To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.展开更多
Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can ...Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol;thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.展开更多
With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality a...With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.展开更多
基金Supported by Beijing Nova Program of Science and Technology(Grant No.Z191100001119087)Beijing Municipal Science&Technology Commission(Grant No.Z181100004618005 and Grant No.Z18111000460000)。
文摘The electrification of vehicle helps to improve its operation efficiency and safety.Due to fast development of network,sensors,as well as computing technology,it becomes realizable to have vehicles driving autonomously.To achieve autonomous driving,several steps,including environment perception,path-planning,and dynamic control,need to be done.However,vehicles equipped with on-board sensors still have limitations in acquiring necessary environmental data for optimal driving decisions.Intelligent and connected vehicles(ICV)cloud control system(CCS)has been introduced as a new concept as it is a potentially synthetic solution for high level automated driving to improve safety and optimize traffic flow in intelligent transportation.This paper systematically investigated the concept of cloud control system from cloud related applications on ICVs,and cloud control system architecture design,as well as its core technologies development.Based on the analysis,the challenges and suggestions on cloud control system development have been addressed.
基金supported by National Basic Research Program of China(973Program)(2012CB720000)National Natural Science Foundation of China(61225015,61273128)+2 种基金Foundation for Innovative Research Groups of the National Natural Science Foundation of China(61321002)the Ph.D.Programs Foundation of Ministry of Education of China(20111101110012)CAST Foundation(CAST201210)
文摘The concept of cloud control systems is discussed in this paper, which is an extension of networked control systems(NCSs). With the development of internet of things(IOT), the technology of NCSs has played a key role in IOT. At the same time, cloud computing is developed rapidly, which provides a perfect platform for big data processing, controller design and performance assessment. The research on cloud control systems will give new contribution to the control theory and applications in the near future.
基金supported by the National Key Research and Development Program (2021YFB2501003)the Key Research and Development Program of Guangdong Province (2019B090912001)the China Postdoctoral Science Foundation (2020M680531)。
文摘With the advantage of fast calculation and map resources on cloud control system(CCS), cloud-based predictive cruise control(CPCC) for heavy trucks has great potential to improve energy efficiency, which is significant to achieve the goal of national carbon neutrality. However, most investigations focus on the on-board predictive cruise control(PCC) system,lack of research on CPCC architecture under CCS. Besides, the current PCC algorithms have the problems of a single control target and high computational complexity, which hinders the improvement of the control effect. In this paper, a layered architecture based on CCS is proposed to effectively address the realtime computing of CPCC system and the deployment of its algorithm on vehicle-cloud. In addition, based on the dynamic programming principle and the proposed road point segmentation method(RPSM), a PCC algorithm is designed to optimize the speed and gear of heavy trucks with slope information. Simulation results show that the CPCC system can adaptively control vehicle driving through the slope prediction, with fuel-saving rate of 6.17% in comparison with the constant cruise control. Also,compared with other similar algorithms, the PCC algorithm can make the engine operate more in the efficient zone by cooperatively optimizing the gear and speed. Moreover, the RPSM algorithm can reconfigure the road in advance, with a 91% roadpoint reduction rate, significantly reducing algorithm complexity.Therefore, this study has essential research significance for the economic driving of heavy trucks and the promotion of the CPCC system.
基金supported by the National Defense Science and Technology Innovation Zone of China (193-A13-203-01-01)the Military Science Postgraduate Project of PLA (JY2020B006)。
文摘Rich semantic information in natural language increases team efficiency in human collaboration, reduces dependence on high precision data information, and improves adaptability to dynamic environment. We propose a semantic centered cloud control framework for cooperative multi-unmanned ground vehicle(UGV) system. Firstly, semantic modeling of task and environment is implemented by ontology to build a unified conceptual architecture, and secondly, a scene semantic information extraction method combining deep learning and semantic web rule language(SWRL) rules is used to realize the scene understanding and task-level cloud task cooperation. Finally, simulation results show that the framework is a feasible way to enable autonomous unmanned systems to conduct cooperative tasks.
基金supported by the National Natural Science Foundation of China(61836001,62122014,62173036,62102022)。
文摘The rapid increase of the scale and the complexity of the controlled plants bring new challenges such as computing power and storage for conventional control systems.Cloud computing is concerned as a powerful solution to handle complex large-scale control missions by using sufficient computing resources.However,the computing ability enables more complex devices and more data to be involved and most of the data have not been fully utilized.Meanwhile,it is even impossible to obtain an accurate model of each device in the complex control systems for the model-based control algorithms.Therefore,motivated by the above reasons,we propose a data-driven predictive cloud control system.To achieve the proposed system,a practical data-driven predictive cloud control testbed is established and together a cloud-edge communication scheme is developed.Finally,the simulations and experiments demonstrate the effectiveness of the proposed system.
文摘Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.
文摘Cloud computing is touted as the next big thing in the Information Technology (IT) industry, which is going to impact the businesses of any size and yet the security issue continues to pose a big threat on it. The security and privacy issues persisting in cloud computing have proved to be an obstacle for its widespread adoption. In this paper, we look at these issues from a business perspective and how they are damaging the reputation of big companies. There is a literature review on the existing issues in cloud computing and how they are being tackled by the Cloud Service Providers (CSP). We propose a governing body framework which aims at solving these issues by establishing relationship amongst the CSPs in which the data about possible threats can be generated based on the previous attacks on other CSPs. The Governing Body will be responsible for Data Center control, Policy control, legal control, user awareness, performance evaluation, solution architecture and providing motivation for the entities involved.
基金ACKNOWLEDGEMENT This paper is supported by the Opening Project of State Key Laboratory for Novel Software Technology of Nanjing University, China (Grant No.KFKT2012B25) and National Science Foundation of China (Grant No.61303263).
文摘As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
基金The National Natural Science Foundation of China(No.61272413,No.61472165)
文摘With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To address these challenges, the server-aided access control(SAAC) system was proposed. The SAAC system builds upon a variant of conditional proxy re-encryption(CPRE) named threshold conditional proxy re-encryption(TCPRE). In TCPRE, t out of n proxies can re-encrypt ciphertexts(satisfying some specified conditions) for the delegator(while up to t-1 proxies cannot), and the correctness of the re-encrypted ciphertexts can be publicly verified. Both features guarantee the trust and reliability on the proxies deployed in the SAAC system. The security models for TCPRE were formalized, several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.
基金supported by the National Key Research and Development Program of China (2018AAA0103203)the National Natural Science Foundation of China (62073036,61836001,62102022,62122014)the Beijing Natural Science Foundation of China (42020741)。
文摘With the rapid development of cloud computing and control theory, a new paradigm of networked control systems called cloud control systems is proposed to meet the requirements of large-scale and complex applications. Currently, cloud control systems are mainly built by using a centralized architecture. The centralized system is overly dependent on the central control plane and has huge challenges in large-scale heterogeneous node systems. In this paper, we propose a decentralized approach to establish cloud control systems by proposing a distributed point-to-point task routing method. A considerable number of tasks in the system will not rely on the central plane and will be directly routed to the target devices through the pointto-point routing method, which improves the horizontal scalability of the cloud control system. The point-to-point routing method directly gives a unique address to every task, making inter-task communication more efficient in a complex heterogeneous and busy cloud control systems. Finally, we experimentally demonstrate that the distributed point-to-point task routing approach is compatible against the state-of-the-art central systems in large-scale task situations.
基金financially supported by the National Natural Science Foundation of China(No.61303216,No.61272457,No.U1401251,and No.61373172)the National High Technology Research and Development Program of China(863 Program)(No.2012AA013102)National 111 Program of China B16037 and B08038
文摘With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.
基金supported by the NSFC(61173141,U1536206,61232016, U1405254,61373133,61502242,61572258)BK20150925+3 种基金Fund of Jiangsu Engineering Center of Network Monitoring(KJR1402)Fund of MOE Internet Innovation Platform(KJRP1403)CICAEETthe PAPD fund
文摘Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.
基金supported by the National Natural Science Foundation of China (61973230)Tianjin Research Innovation Project for Postgraduate Students (2021YJSO2S03)。
文摘In this paper, stochastic stabilization is investigated by max-plus algebra for a Markovian jump cloud control system with a reference signal. For the Markovian jump cloud control system, there exists framework adjustment whose evolution is satisfied with a Markov chain. Using max-plus algebra, a maxplus stochastic system is used to describe the Markovian jump cloud control system. A causal feedback matrix is obtained by exponential stability analysis for a causal feedback controller of the Markovian jump cloud control system. A sufficient condition is given to ensure existence on the causal feedback matrix of the causal feedback controller. Based on the causal feedback controller, stochastic stabilization in probability is analyzed for the Markovian jump cloud control system with a reference signal.Simulation results are given to show effectiveness of the causal feedback controller for the Markovian jump cloud control system.
基金ACKNOWLEDGEMENTS This work has been supported by the National Natural Science Foundation of China under Grant No. 61272519, 61121061.
文摘In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.
基金supported by National Natural Science Foundation of China(No.61571061)Innovative Research Fund of Beijing University of Posts and Telecommunications (2015RC16)
文摘The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features such as rapid provisioning,automated protection and restoration(P&R),efficient resource allocation,and support for different quality of service(QoS) requirements.In this paper,we propose a novel stateful PCE-cloud(SPC)based architecture of GMPLS optical networks for cloud services.The cloud computing technologies(e.g.virtualization and parallel computing) are applied to the construction of SPC for improving the reliability and maximizing resource utilization.The functions of SPC and GMPLS based control plane are expanded according to the features of cloud services for different QoS requirements.The architecture and detailed description of the components of SPC are provided.Different potential cooperation relationships between public stateful PCE cloud(PSPC) and region stateful PCE cloud(RSPC) are investigated.Moreover,we present the policy-enabled and constraint-based routing scheme base on the cooperation of PSPC and RSPC.Simulation results for verifying the performance of routing and control plane reliability are analyzed.
文摘Access control has made a long way from 1960s. With the advent changes of technologies pertaining to location transparency in storage of data, there arises different access control scenarios. Cloud storage, the predominant storage that is being in use currently, also paves way to various access control problems. Though there are various access control mechanisms such as RBAC, ABAC, they are designed on the user’s perspective such as the role held by the user or other attributes assigned to the user. A new access control mechanism called object relationship based access control (RoBAC) has been developed based on the relations held among the users. The policy decision of access control is based on the relationship among the classes followed in the Java programming. Results have shown that this model best suits various scenarios in the cloud environment, and it also shows that the time for making decision either to allow or to deny is reduced compared to the existing system.
基金supported by National Natural Science Foundation of China under Grant No.60873231Natural Science Foundation of Jiangsu Province under Grant No.BK2009426+1 种基金Major State Basic Research Development Program of China under Grant No.2011CB302903Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002
文摘In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.
基金Supported by the National Natural Science Foundation of China(No.60872041,61072066)Fundamental Research Funds for the Central Universities(JYI0000903001,JYI0000901034)
文摘To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.
文摘Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol;thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.
文摘With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.