Cloud edge integrated security architecture of new cloud manufacturing system

With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.

Service Security Architecture and Access Control Model for Cloud Computing

Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.

SDSA: A Framework of a Software-Defi ned Security Architecture

The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.

Research on IPv6 Transition Evolvement and Security Architecture of Smart Distribution Grid Data Communication System

Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques

This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.

Endogenous Security Formal Definition,Innovation Mechanisms,and Experiment Research in Industrial Internet

With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mechanism without prior knowledge.However,endogenous security lacks a scientific and formal definition in industrial Internet.Therefore,firstly we give a formal definition of endogenous security in industrial Internet and propose a new industrial Internet endogenous security architecture with cost analysis.Secondly,the endogenous security innovation mechanism is clearly defined.Thirdly,an improved clone selection algorithm based on federated learning is proposed.Then,we analyze the threat model of the industrial Internet identity authentication scenario,and propose cross-domain authentication mechanism based on endogenous key and zero-knowledge proof.We conduct identity authentication experiments based on two types of blockchains and compare their experimental results.Based on the experimental analysis,Ethereum alliance blockchain can be used to provide the identity resolution services on the industrial Internet.Internet of Things Application(IOTA)public blockchain can be used for data aggregation analysis of Internet of Things(IoT)edge nodes.Finally,we propose three core challenges and solutions of endogenous security in industrial Internet and give future development directions.

Computer Forensics Under Cloud Computing Environment

Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.

Arm PSA-Certified IoT Chip Security: A Case Study

With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.

On the architecture and development life cycle of secure cyber-physical systems

Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems.These activities often incorporate security mechanisms from different realms.We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems.We provide a comprehensive survey on the domain-specific architectures,countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems,and adapt these elements to the newly designed flow paradigm.Finally,we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.

Abstract security patterns and the design of secure systems

During the initial stages of software development,the primary goal is to define precise and detailed requirements without concern for software realizations.Security constraints should be introduced then and must be based on the semantic aspects of applications,not on their software architectures,as it is the case in most secure development methodologies.In these stages,we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals,without consideration of implementation details.We can consider the effects of threats on the application assets and try to find ways to stop them.These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns(ASPs),that include only the core functions of these mechanisms,which must be present in every implementation of them.An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy.We describe here the properties of ASPs and present a detailed example.We relate ASPs to each other and to Security Solution Frames,which describe families of related patterns.We show how to include ASPs to secure an application,as well as how to derive concrete patterns from them.Finally,we discuss their practical value,including their use in“security by design”and IoT systems design.

Design high-confidence computers using trusted instructional set architecture and emulators

High-confidence computing relies on trusted instructional set architecture,sealed kernels,and secure operating systems.Cloud computing depends on trusted systems for virtualization tasks.Branch predictions and pipelines are essential in improving performance of a CPU/GPU.But Spectre and Meltdown make modern processors vulnerable to be exploited.Disabling the prediction and pipeline is definitely not a good solution.On the other hand,current software patches can only address non-essential issues around Meltdown.This paper introduces a holistic approach in trusted computer architecture design and emulation.

A High-Assurance Trust Model for Digital Community Control System Based on Internet of Things

Security issues and lnternet of Things （loT） become indispensable part in digital community as loT develops with the pervasive introduction of additional ＂smart＂ sensors and devices over the last decades, and it necessitates the implementation of information security principle in digital community system. A three-level criticality model to determine the potential impact is proposed in digital community system when various devices lost in this paper. Combining the actual security requirement of digital community and characteristics of loT, a hierarchical security architecture including defense-in-deep cybersecurity and distribute secure control is proposed. A high-assurance trust model, which assumes insider compromise, which exists in the digital community, is finally proposed according to the security issues analysis.

UAE-India-France Trilateral:A Mechanism to Advance Strategic Autonomy in the Indo-Pacific?

The geopolitical construct of the Indo-Pacific has evolved as one of the most important ones of the twenty-first century and more particularly of the last decade.While there is little or no consensus on where the Indo-Pacific Region(IPR)begins or ends,it has inadvertently become a space where new convergences,competitions and alignments have emerged.These developments are intrinsically linked with the ascent of China as a global power,the retreat of the American strategic footprint and the emergence of a multi-polar world order.Within the larger Indo-Pacific construct,the Western Indian Ocean region is a space of considerable geopolitical and maritime interactions between states.The United Arab Emirates(UAE)and India are both countries of the Western Indian Ocean region while France is a resident power of the region owing to the presence of two of its overseas departments-Mayotte and Reunion—and its inter services bases in the UAE and Djibouti.The three countries have considerable experience in operationalising bilateral as well as trilateral initiatives.The lack of such initiatives in the Western Indian Ocean region could therefore offer the opportunity for UAE,India and France to come together in a trilateral arrangement to further their strategic interests and uphold the concept of a‘free and open Indo-Pacific’.The paper seeks to explore whether a trilateral partnership between the UAE,India and France could contribute to furthering their respective strategic autonomy in the Indo-Pacific Region.The paper will also endeavour to examine the conflicts and differences that could be expected and the possible areas of convergence.