Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for s...Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.展开更多
This paper describes a structural equation modeling (SEM) analysis of factors influencing architects' trust in project design teams. We undertook a survey of architects, during which we distributed 193 questionnair...This paper describes a structural equation modeling (SEM) analysis of factors influencing architects' trust in project design teams. We undertook a survey of architects, during which we distributed 193 questionnaires in 29 A-level architectural design institutes selected radomly from the altogether 59 ones in Shenzhen, P. R. China, and received 130 valid questionnaires. We used Amos 6.0 for SEM to identify significant personal construct based factors affecting interpersonal trust. The results show that only social interaction between architects significantly affects their interpersonal trust. The explained variance of trus~ is not very high in the model. Therefore, future research should add more factors into the current model. The practical implication is that team managers should promote the social interactions between team members such that the interpersonal trust level between team members can be improved.展开更多
This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed...This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.展开更多
With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM...With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.展开更多
It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen who...It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.展开更多
Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reduc...Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
Grid Computing is concerned with the sharing and coordinated use of diverse resources in distributed Virtual Organizations. This introduces various challenging security issues. Among these trusting, the resources to b...Grid Computing is concerned with the sharing and coordinated use of diverse resources in distributed Virtual Organizations. This introduces various challenging security issues. Among these trusting, the resources to be shared and coordinated with the dynamic and multi-institutional virtual organization environment becomes a challenging security issue. In this paper, an approach for trust assessment and trust degree calculation using subjective logic is suggested to allocate the Data Grid or Computational Grid user a reliable, trusted resource for maintaining the integrity of the data with fast response and accurate results. The suggested approach is explained using an example scenario and also from the simulation results. It is observed that there is an increase in the resource utilization of a trusted resource in contrast to the resource which is not trusted.展开更多
The initiative of internet-based virtual computing environment (iVCE) aims to provide the end users and applications with a harmonions, trustworthy and transparent integrated computing environment which will facilit...The initiative of internet-based virtual computing environment (iVCE) aims to provide the end users and applications with a harmonions, trustworthy and transparent integrated computing environment which will facilitate sharing and collaborating of network resources between applications. Trust management is an elementary component for iVCE. The uncertain and dynamic characteristics of iVCE necessitate the requirement for the trust management to be subjective, historical evidence based and context dependent. This paper presents a Bayesian analysis-based trust model, which aims to secure the active agents for selecting appropriate trusted services in iVCE. Simulations are made to analyze the properties of the trust model which show that the subjective prior information influences trust evaluation a lot and the model stimulates positive interactions.展开更多
As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM....As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protecti on framework is developed, which can exte nd the trusted relati on ship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.展开更多
In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store t...In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.展开更多
在未来新型电力系统中,虚拟电厂(virtual power plant,VPP)内部多主体的可信交易和信息安全将更加复杂和具有挑战性。而区块链技术的信息安全、分布决策、智能合约及防篡改等特征,为VPP多元主体可信交易提供新思路。文中聚焦VPP内部多...在未来新型电力系统中,虚拟电厂(virtual power plant,VPP)内部多主体的可信交易和信息安全将更加复杂和具有挑战性。而区块链技术的信息安全、分布决策、智能合约及防篡改等特征,为VPP多元主体可信交易提供新思路。文中聚焦VPP内部多聚合商形成的利益最大化及可信交易匹配效率问题,首先,依据交易主体需求差异,建立区块链技术与多智能体系统融合的一主多从分层互动控制架构;其次,设计一种面向多聚合商对等交易需求下的可信交易匹配机制,引入非合作博弈模型,保证了多聚合商主体的利益;然后,基于区块链的分布式粒子群优化算法提出了改进的委托权威证明机制(delegated proof-of-authority,DPoA)共识算法,提高交易的安全性;最后,通过算例分析验证文中所提策略的合理性和可行性,该策略能有效增强多主体交易的匹配效率和安全性。展开更多
基金This work was partly supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT),(No.2020-0-00952,Development of 5G edge security technology for ensuring 5G+service stability and availability,50%)the Institute of Information and Communications Technology Planning and Evaluation(IITP)grant funded by the MSIT(Ministry of Science and ICT),Korea(No.IITP-2022-2020-0-01602,ITRC(Information Technology Research Center)support program,50%).
文摘Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.
基金Funded by the R & D Project of the Ministry of Construction of China.
文摘This paper describes a structural equation modeling (SEM) analysis of factors influencing architects' trust in project design teams. We undertook a survey of architects, during which we distributed 193 questionnaires in 29 A-level architectural design institutes selected radomly from the altogether 59 ones in Shenzhen, P. R. China, and received 130 valid questionnaires. We used Amos 6.0 for SEM to identify significant personal construct based factors affecting interpersonal trust. The results show that only social interaction between architects significantly affects their interpersonal trust. The explained variance of trus~ is not very high in the model. Therefore, future research should add more factors into the current model. The practical implication is that team managers should promote the social interactions between team members such that the interpersonal trust level between team members can be improved.
基金supported by The National Natural Science Foundation for Young Scientists of China under Grant No.61303263the Jiangsu Provincial Research Foundation for Basic Research(Natural Science Foundation)under Grant No.BK20150201+4 种基金the Scientific Research Key Project of Beijing Municipal Commission of Education under Grant No.KZ201210015015Project Supported by the National Natural Science Foundation of China(Grant No.61370140)the Scientific Research Common Program of the Beijing Municipal Commission of Education(Grant No.KMKM201410015006)The National Science Foundation of China under Grant Nos.61232016 and U1405254and the PAPD fund
文摘This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.
基金Supported by the National Program on Key Basic Re-search Project of China (G1999035801)
文摘With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.
基金the National High Technology Research and Development Program of China (2007AA01Z412)
文摘It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.
基金sponsored by the National Natural Science Foundation of China granted No.61872430, 61402342, 61772384the National Basic Research Program of China 973 Program granted No.2014CB340601Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-17-103)
文摘Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
文摘Grid Computing is concerned with the sharing and coordinated use of diverse resources in distributed Virtual Organizations. This introduces various challenging security issues. Among these trusting, the resources to be shared and coordinated with the dynamic and multi-institutional virtual organization environment becomes a challenging security issue. In this paper, an approach for trust assessment and trust degree calculation using subjective logic is suggested to allocate the Data Grid or Computational Grid user a reliable, trusted resource for maintaining the integrity of the data with fast response and accurate results. The suggested approach is explained using an example scenario and also from the simulation results. It is observed that there is an increase in the resource utilization of a trusted resource in contrast to the resource which is not trusted.
基金The National Basic Research 973 Program of China (No2005CB321804)
文摘The initiative of internet-based virtual computing environment (iVCE) aims to provide the end users and applications with a harmonions, trustworthy and transparent integrated computing environment which will facilitate sharing and collaborating of network resources between applications. Trust management is an elementary component for iVCE. The uncertain and dynamic characteristics of iVCE necessitate the requirement for the trust management to be subjective, historical evidence based and context dependent. This paper presents a Bayesian analysis-based trust model, which aims to secure the active agents for selecting appropriate trusted services in iVCE. Simulations are made to analyze the properties of the trust model which show that the subjective prior information influences trust evaluation a lot and the model stimulates positive interactions.
基金supported by the National Natural Science Foundation of China(Nos.61802270 and 61802271)the Fundamental Research Funds for the Central Universities(Nos.SCU2018D018 and SCU2018D022)
文摘As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protecti on framework is developed, which can exte nd the trusted relati on ship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.
基金Supported by the National Basic Research Program of China(973 Program)(2014CB340600)the National Natural Science Foundation of China(61173138,61103628,61103220)the Intel Collaborative Research Project
文摘In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.
文摘在未来新型电力系统中,虚拟电厂(virtual power plant,VPP)内部多主体的可信交易和信息安全将更加复杂和具有挑战性。而区块链技术的信息安全、分布决策、智能合约及防篡改等特征,为VPP多元主体可信交易提供新思路。文中聚焦VPP内部多聚合商形成的利益最大化及可信交易匹配效率问题,首先,依据交易主体需求差异,建立区块链技术与多智能体系统融合的一主多从分层互动控制架构;其次,设计一种面向多聚合商对等交易需求下的可信交易匹配机制,引入非合作博弈模型,保证了多聚合商主体的利益;然后,基于区块链的分布式粒子群优化算法提出了改进的委托权威证明机制(delegated proof-of-authority,DPoA)共识算法,提高交易的安全性;最后,通过算例分析验证文中所提策略的合理性和可行性,该策略能有效增强多主体交易的匹配效率和安全性。
