Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control sy...Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.展开更多
With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic techniqu...With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.展开更多
With the advent of virtualization techniques and software-defined networking(SDN),network function virtualization(NFV)shifts network functions(NFs)from hardware implementations to software appliances,between which exi...With the advent of virtualization techniques and software-defined networking(SDN),network function virtualization(NFV)shifts network functions(NFs)from hardware implementations to software appliances,between which exists a performance gap.How to narrow the gap is an essential issue of current NFV research.However,the cumbersomeness of deployment,the water pipe effect of virtual network function(VNF)chains,and the complexity of the system software stack together make it tough to figure out the cause of low performance in the NFV system.To pinpoint the NFV system performance,we propose NfvInsight,a framework for automatic deployment and benchmarking VNF chains.Our framework tackles the challenges in NFV performance analysis.The framework components include chain graph generation,automatic deployment,and fine granularity measurement.The design and implementation of each component have their advantages.To the best of our knowledge,we make the first attempt to collect rules forming a knowledge base for generating reasonable chain graphs.NfvInsight deploys the generated chain graphs automatically,which frees the network operators from executing at least 391 lines of bash commands for a single test.To diagnose the performance bottleneck,NfvInsight collects metrics from multiple layers of the software stack.Specifically,we collect the network stack latency distribution ingeniously,introducing only less than 2.2%overhead.We showcase the convenience and usability of NfvInsight in finding bottlenecks for both VNF chains and the underlying system.Leveraging our framework,we find several design flaws of the network stack,which are unsuitable for packet forwarding inside one single server under the NFV circumstance.Our optimization for these flaws gains at most 3x performance improvement.展开更多
基金partly supported by the University of Malaya Impact Oriented Interdisci-plinary Research Grant under Grant IIRG008(A,B,C)-19IISS.
文摘Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.
基金Sponsored by the National High Technology Development Program of China (Grant No. 2002AA142020).
文摘With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.
基金the National Key Research and Development Program of China under Grant No.2019YFB1802600the National Natural Science Foundation of China under Grant Nos.61420106013,61702480,61672499,and 61802365+1 种基金the Youth Innovation Promotion Association of Chinese Academy of Sciences under Grant Nos.2013073 and 2020105the Guangdong Province Key Laboratory of Popular High Performance Computers under Grant No.2017B030314073.
文摘With the advent of virtualization techniques and software-defined networking(SDN),network function virtualization(NFV)shifts network functions(NFs)from hardware implementations to software appliances,between which exists a performance gap.How to narrow the gap is an essential issue of current NFV research.However,the cumbersomeness of deployment,the water pipe effect of virtual network function(VNF)chains,and the complexity of the system software stack together make it tough to figure out the cause of low performance in the NFV system.To pinpoint the NFV system performance,we propose NfvInsight,a framework for automatic deployment and benchmarking VNF chains.Our framework tackles the challenges in NFV performance analysis.The framework components include chain graph generation,automatic deployment,and fine granularity measurement.The design and implementation of each component have their advantages.To the best of our knowledge,we make the first attempt to collect rules forming a knowledge base for generating reasonable chain graphs.NfvInsight deploys the generated chain graphs automatically,which frees the network operators from executing at least 391 lines of bash commands for a single test.To diagnose the performance bottleneck,NfvInsight collects metrics from multiple layers of the software stack.Specifically,we collect the network stack latency distribution ingeniously,introducing only less than 2.2%overhead.We showcase the convenience and usability of NfvInsight in finding bottlenecks for both VNF chains and the underlying system.Leveraging our framework,we find several design flaws of the network stack,which are unsuitable for packet forwarding inside one single server under the NFV circumstance.Our optimization for these flaws gains at most 3x performance improvement.
