Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policy...Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.展开更多
The power Internet of Things(IoT)is a significant trend in technology and a requirement for national strategic development.With the deepening digital transformation of the power grid,China’s power system has initiall...The power Internet of Things(IoT)is a significant trend in technology and a requirement for national strategic development.With the deepening digital transformation of the power grid,China’s power system has initially built a power IoT architecture comprising a perception,network,and platform application layer.However,owing to the structural complexity of the power system,the construction of the power IoT continues to face problems such as complex access management of massive heterogeneous equipment,diverse IoT protocol access methods,high concurrency of network communications,and weak data security protection.To address these issues,this study optimizes the existing architecture of the power IoT and designs an integrated management framework for the access of multi-source heterogeneous data in the power IoT,comprising cloud,pipe,edge,and terminal parts.It further reviews and analyzes the key technologies involved in the power IoT,such as the unified management of the physical model,high concurrent access,multi-protocol access,multi-source heterogeneous data storage management,and data security control,to provide a more flexible,efficient,secure,and easy-to-use solution for multi-source heterogeneous data access in the power IoT.展开更多
Over the past decade, Graphics Processing Units (GPUs) have revolutionized high-performance computing, playing pivotal roles in advancing fields like IoT, autonomous vehicles, and exascale computing. Despite these adv...Over the past decade, Graphics Processing Units (GPUs) have revolutionized high-performance computing, playing pivotal roles in advancing fields like IoT, autonomous vehicles, and exascale computing. Despite these advancements, efficiently programming GPUs remains a daunting challenge, often relying on trial-and-error optimization methods. This paper introduces an optimization technique for CUDA programs through a novel Data Layout strategy, aimed at restructuring memory data arrangement to significantly enhance data access locality. Focusing on the dynamic programming algorithm for chained matrix multiplication—a critical operation across various domains including artificial intelligence (AI), high-performance computing (HPC), and the Internet of Things (IoT)—this technique facilitates more localized access. We specifically illustrate the importance of efficient matrix multiplication in these areas, underscoring the technique’s broader applicability and its potential to address some of the most pressing computational challenges in GPU-accelerated applications. Our findings reveal a remarkable reduction in memory consumption and a substantial 50% decrease in execution time for CUDA programs utilizing this technique, thereby setting a new benchmark for optimization in GPU computing.展开更多
For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and all...For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.展开更多
The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the ...The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.展开更多
We show that an aggregated Interest in Named Data Networking (NDN) may fail to retrieve desired data since the Interest previously sent upstream for the same content is judged as a duplicate one and then dropped by an...We show that an aggregated Interest in Named Data Networking (NDN) may fail to retrieve desired data since the Interest previously sent upstream for the same content is judged as a duplicate one and then dropped by an upstream node due to its multipath forwarding. Furthermore, we propose NDRUDAF, a NACK based mechanism that enhances the Interest forwarding and enables Detection and fast Recovery from such Unanticipated Data Access Failure. In the NDN enhanced with NDRUDAF, the router that aggregates the Interest detects such unanticipated data access failure based on a negative acknowledgement from the upstream node that judges the Interest as a duplicate one. Then the router retransmits the Interest as soon as possible on behalf of the requester whose Interest is aggregated to fast recover from the data access failure. We qualitatively and quantitatively analyze the performance of the NDN enhanced with our proposed NDRUDAF and compare it with that of the present NDN. Our experimental results validate that NDRUDAF improves the system performance in case of such unanticipated data access failure in terms of data access delay and network resource utilization efficiency at routers.展开更多
In the security and privacy fields,Access Control(AC)systems are viewed as the fundamental aspects of networking security mechanisms.Enforcing AC becomes even more challenging when researchers and data analysts have t...In the security and privacy fields,Access Control(AC)systems are viewed as the fundamental aspects of networking security mechanisms.Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data(BD)processing cluster frameworks,which are adopted to manage yottabyte of unstructured sensitive data.For instance,Big Data systems’privacy and security restrictions are most likely to failure due to the malformed AC policy configurations.Furthermore,BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the“three Vs”(Velocity,Volume,and Variety)attributes,without planning security consideration,which are considered to be patch work.Some of the BD“three Vs”characteristics,such as distributed computing,fragment,redundant data and node-to node communication,each with its own security challenges,complicate even more the applicability of AC in BD.This paper gives an overview of the latest security and privacy challenges in BD AC systems.Furthermore,it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems,which very few enforce AC in a cost-effective and in a timely manner.Moreover,this work discusses some of the future research methodologies and improvements for BD AC systems.This study is valuable asset for Artificial Intelligence(AI)researchers,DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.展开更多
The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upo...The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upon blockchain have been explored recently for Internet of Things(IoTs).However,the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners.In this paper,we first address these issues by incorporating the Accountable Subgroup Multi-Signature(ASM)algorithm into the Attribute-based Access Control(ABAC)method with Policy Smart Contract,to provide a finegrained and flexible solution.Next,we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users.Finally,we evaluate our work by comparing its performance with the benchmarks.The results demonstrate significant improvement on the effectiveness and efficiency.展开更多
With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality a...With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.展开更多
As an industry accepted storage scheme, hafnium oxide(HfO_x) based resistive random access memory(RRAM)should further improve its thermal stability and data retention for practical applications. We therefore fabri...As an industry accepted storage scheme, hafnium oxide(HfO_x) based resistive random access memory(RRAM)should further improve its thermal stability and data retention for practical applications. We therefore fabricated RRAMs with HfO_x/ZnO double-layer as the storage medium to study their thermal stability as well as data retention. The HfO_x/ZnO double-layer is capable of reversible bipolar switching under ultralow switching current(〈 3 μA) with a Schottky emission dominant conduction for the high resistance state and a Poole–Frenkel emission governed conduction for the low resistance state. Compared with a drastically increased switching current at 120℃ for the single HfO_x layer RRAM, the HfO_x/ZnO double-layer exhibits excellent thermal stability and maintains neglectful fluctuations in switching current at high temperatures(up to 180℃), which might be attributed to the increased Schottky barrier height to suppress current at high temperatures. Additionally, the HfO_x/ZnO double-layer exhibits 10-year data retention @85℃ that is helpful for the practical applications in RRAMs.展开更多
Digital transformation has been corner stone of business innovation in the last decade, and these innovations have dramatically changed the definition and boundaries of enterprise business applications. Introduction o...Digital transformation has been corner stone of business innovation in the last decade, and these innovations have dramatically changed the definition and boundaries of enterprise business applications. Introduction of new products/ services, version management of existing products/ services, management of customer/partner connections, management of multi-channel service delivery (web, social media, web etc.), merger/acquisitions of new businesses and adoption of new innovations/technologies will drive data growth in business applications. These datasets exist in different sharing nothing business applications at different locations and in various forms. So, to make sense of this information and derive insight, it is essential to break the data silos, streamline data retrieval and simplify information access across the entire organization. The information access framework must support just-in-time processing capabilities to bring data from multiple sources, be fast and powerful enough to transform and process huge amounts of data quickly, and be agile enough to accommodate new data sources per user needs. This paper discusses the SAP HANA Smart Data Access data-virtualization technology to enable unified access to heterogenous data across the organization and analysis of huge volume of data in real-time using SAP HANA in-memory platform.展开更多
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relatio...This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).展开更多
In the environment of big data,the traditional access control lacks effective and flexible access mechanism.Based on attribute access control,this paper proposes a HBMC-ABAC big data access control framework.It solves...In the environment of big data,the traditional access control lacks effective and flexible access mechanism.Based on attribute access control,this paper proposes a HBMC-ABAC big data access control framework.It solves the problems of difficult authority change,complex management,over-authorization and lack of authorization in big data environment.At the same time,binary mapping codes are proposed to solve the problem of low efficiency of policy retrieval in traditional ABAC.Through experimental analysis,the results show that our proposed HBMC-ABAC model can meet the current large and complex environment of big data.展开更多
Growing attention has been directed to the use of satellite imagery and open geospatial data to understand large-scale sustainable development outcomes.Health and education are critical domains of the Unites Nations’...Growing attention has been directed to the use of satellite imagery and open geospatial data to understand large-scale sustainable development outcomes.Health and education are critical domains of the Unites Nations’Sus-tainable Development Goals(SDGs),yet existing research on the accessibility of corresponding services focused mainly on detailed but small-scale studies.This means that such studies lack accessibility metrics for large-scale quantitative evaluations.To address this deficiency,we evaluated the accessibility of health and education ser-vices in China's Mainland in 2021 using point-of-interest data,OpenStreetMap road data,land cover data,and WorldPop spatial demographic data.The accessibility metrics used were the least time costs of reaching hospital and school services and population coverage with a time cost of less than 1 h.On the basis of the road network and land cover information,the overall average time costs of reaching hospital and school were 20 and 22 min,respectively.In terms of population coverage,94.7%and 92.5%of the population in China has a time cost of less than 1 h in obtaining hospital and school services,respectively.Counties with low accessibility to hospitals and schools were highly coupled with poor areas and ecological function regions,with the time cost incurred in these areas being more than twice that experienced in non-poor and non-ecological areas.Furthermore,the cumulative time cost incurred by the bottom 20%of counties(by GDP)from access to hospital and school services reached approximately 80%of the national total.Low-GDP counties were compelled to suffer disproportionately increased time costs to acquire health and education services compared with high-GDP counties.The accessibil-ity metrics proposed in this study are highly related to SDGs 3 and 4,and they can serve as auxiliary data that can be used to enhance the evaluation of SDG outcomes.The analysis of the uneven distribution of health and education services in China can help identify areas with backward public services and may contribute to targeted and efficient policy interventions.展开更多
In Cloud Computing, the application software and the databases are moved to large centralized data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings many ...In Cloud Computing, the application software and the databases are moved to large centralized data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings many new security challenges, which have not been well solved. Data access control is an effective way to ensure the big data security in the cloud. In this paper,we study the problem of fine-grained data access control in cloud computing.Based on CP-ABE scheme,we propose a novel access control policy to achieve fine-grainedness and implement the operation of user revocation effectively.The analysis results indicate that our scheme ensures the data security in cloud computing and reduces the cost of the data owner significantly.展开更多
To solve the problems of data sharing in social network,such as management of private data is too loose,access permissions are not clear,mode of data sharing is too single and soon on,we design a hierarchical access c...To solve the problems of data sharing in social network,such as management of private data is too loose,access permissions are not clear,mode of data sharing is too single and soon on,we design a hierarchical access control scheme of private data based on attribute encryption.First,we construct a new algorithm based on attribute encryption,which divides encryption into two phases,and we can design two types of attributes encryption strategy to make sure that different users could get their own decryption keys corresponding to their permissions.We encrypt the private data hierarchically with our algorithm to realize“precise”,“more accurate”,“fuzzy”and“private”four management modes,then users with higher permissions can access the private data inferior to their permissions.And we outsource some complex operations of decryption to DSP to ensure high efficiency on the premise of privacy protection.Finally,we analyze the efficiency and the security of our scheme.展开更多
In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access cont...In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access control.This paper proposes an Education Archives Sharing and Access Control(EduASAC)system to solve these problems.The system research goal is to realize the sharing of security parameters,the execution of access control,and the recording of system behaviors based on the blockchain network,ensuring the legitimacy of shared membership and the security of education archives.At the same time,the system can be combined with most homomorphic ciphertext retrieval schemes running on the storage server,making the homomorphic ciphertext retrieval mechanism controllable.This paper focuses on the blockchain access control framework and specifically designs smart contracts that conform to the business logic of the EduASAC system.The former adopts a dual-mode access control mechanism combining Discretionary Access Control(DAC)and Mandatory Access Control(MAC)and improves the tagging mode after user permission verification based on the Authentication and Authorization for Constrained Environments(ACE)authorization framework of Open Authorization(OAuth)2.0;the latter is used in the system to vote on nodes to join requests,define access control policies,execute permission verification processes,store,and share system parameters,and standardize the behavior of member nodes.Finally,the EduASAC system realizes the encryption,storage,retrieval,sharing,and access control processes of education archives.To verify the performance of the system,simulation experiments were conducted.The results show that the EduASAC system can meet the high security needs of education archive sharing and ensure the system’s high throughput,low latency,fast decision-making,and fine-grained access control ability.展开更多
基金Key Research and Development and Promotion Program of Henan Province(No.222102210069)Zhongyuan Science and Technology Innovation Leading Talent Project(224200510003)National Natural Science Foundation of China(No.62102449).
文摘Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.
基金supported by the National Key Research and Development Program of China(grant number 2019YFE0123600)。
文摘The power Internet of Things(IoT)is a significant trend in technology and a requirement for national strategic development.With the deepening digital transformation of the power grid,China’s power system has initially built a power IoT architecture comprising a perception,network,and platform application layer.However,owing to the structural complexity of the power system,the construction of the power IoT continues to face problems such as complex access management of massive heterogeneous equipment,diverse IoT protocol access methods,high concurrency of network communications,and weak data security protection.To address these issues,this study optimizes the existing architecture of the power IoT and designs an integrated management framework for the access of multi-source heterogeneous data in the power IoT,comprising cloud,pipe,edge,and terminal parts.It further reviews and analyzes the key technologies involved in the power IoT,such as the unified management of the physical model,high concurrent access,multi-protocol access,multi-source heterogeneous data storage management,and data security control,to provide a more flexible,efficient,secure,and easy-to-use solution for multi-source heterogeneous data access in the power IoT.
文摘Over the past decade, Graphics Processing Units (GPUs) have revolutionized high-performance computing, playing pivotal roles in advancing fields like IoT, autonomous vehicles, and exascale computing. Despite these advancements, efficiently programming GPUs remains a daunting challenge, often relying on trial-and-error optimization methods. This paper introduces an optimization technique for CUDA programs through a novel Data Layout strategy, aimed at restructuring memory data arrangement to significantly enhance data access locality. Focusing on the dynamic programming algorithm for chained matrix multiplication—a critical operation across various domains including artificial intelligence (AI), high-performance computing (HPC), and the Internet of Things (IoT)—this technique facilitates more localized access. We specifically illustrate the importance of efficient matrix multiplication in these areas, underscoring the technique’s broader applicability and its potential to address some of the most pressing computational challenges in GPU-accelerated applications. Our findings reveal a remarkable reduction in memory consumption and a substantial 50% decrease in execution time for CUDA programs utilizing this technique, thereby setting a new benchmark for optimization in GPU computing.
基金partially supported by the National Natural Science Foundation of China under grant no.62372245the Foundation of Yunnan Key Laboratory of Blockchain Application Technology under Grant 202105AG070005+1 种基金in part by the Foundation of State Key Laboratory of Public Big Datain part by the Foundation of Key Laboratory of Computational Science and Application of Hainan Province under Grant JSKX202202。
文摘For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.
基金This work was supported by National Natural Science Foundation of China(U2133208,U20A20161).
文摘The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.
基金supported in part by the National Natural Science Foundation of China (No.61602114)part by the National Key Research and Development Program of China (2017YFB0801703)+1 种基金part by the CERNET Innovation Project (NGII20170406)part by Jiangsu Provincial Key Laboratory of Network and Information Security (BM2003201)
文摘We show that an aggregated Interest in Named Data Networking (NDN) may fail to retrieve desired data since the Interest previously sent upstream for the same content is judged as a duplicate one and then dropped by an upstream node due to its multipath forwarding. Furthermore, we propose NDRUDAF, a NACK based mechanism that enhances the Interest forwarding and enables Detection and fast Recovery from such Unanticipated Data Access Failure. In the NDN enhanced with NDRUDAF, the router that aggregates the Interest detects such unanticipated data access failure based on a negative acknowledgement from the upstream node that judges the Interest as a duplicate one. Then the router retransmits the Interest as soon as possible on behalf of the requester whose Interest is aggregated to fast recover from the data access failure. We qualitatively and quantitatively analyze the performance of the NDN enhanced with our proposed NDRUDAF and compare it with that of the present NDN. Our experimental results validate that NDRUDAF improves the system performance in case of such unanticipated data access failure in terms of data access delay and network resource utilization efficiency at routers.
文摘In the security and privacy fields,Access Control(AC)systems are viewed as the fundamental aspects of networking security mechanisms.Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data(BD)processing cluster frameworks,which are adopted to manage yottabyte of unstructured sensitive data.For instance,Big Data systems’privacy and security restrictions are most likely to failure due to the malformed AC policy configurations.Furthermore,BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the“three Vs”(Velocity,Volume,and Variety)attributes,without planning security consideration,which are considered to be patch work.Some of the BD“three Vs”characteristics,such as distributed computing,fragment,redundant data and node-to node communication,each with its own security challenges,complicate even more the applicability of AC in BD.This paper gives an overview of the latest security and privacy challenges in BD AC systems.Furthermore,it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems,which very few enforce AC in a cost-effective and in a timely manner.Moreover,this work discusses some of the future research methodologies and improvements for BD AC systems.This study is valuable asset for Artificial Intelligence(AI)researchers,DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.
基金supported by the National Natural Science Foundation of China under Grant 61972148。
文摘The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upon blockchain have been explored recently for Internet of Things(IoTs).However,the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners.In this paper,we first address these issues by incorporating the Accountable Subgroup Multi-Signature(ASM)algorithm into the Attribute-based Access Control(ABAC)method with Policy Smart Contract,to provide a finegrained and flexible solution.Next,we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users.Finally,we evaluate our work by comparing its performance with the benchmarks.The results demonstrate significant improvement on the effectiveness and efficiency.
文摘With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.
基金supported by the National Natural Science Foundation of China(Grant Nos.61006003 and 61674038)the Natural Science Foundation of Fujian Province,China(Grant Nos.2015J01249 and 2010J05134)+1 种基金the Science Foundation of Fujian Education Department of China(Grant No.JAT160073)the Science Foundation of Fujian Provincial Economic and Information Technology Commission of China(Grant No.83016006)
文摘As an industry accepted storage scheme, hafnium oxide(HfO_x) based resistive random access memory(RRAM)should further improve its thermal stability and data retention for practical applications. We therefore fabricated RRAMs with HfO_x/ZnO double-layer as the storage medium to study their thermal stability as well as data retention. The HfO_x/ZnO double-layer is capable of reversible bipolar switching under ultralow switching current(〈 3 μA) with a Schottky emission dominant conduction for the high resistance state and a Poole–Frenkel emission governed conduction for the low resistance state. Compared with a drastically increased switching current at 120℃ for the single HfO_x layer RRAM, the HfO_x/ZnO double-layer exhibits excellent thermal stability and maintains neglectful fluctuations in switching current at high temperatures(up to 180℃), which might be attributed to the increased Schottky barrier height to suppress current at high temperatures. Additionally, the HfO_x/ZnO double-layer exhibits 10-year data retention @85℃ that is helpful for the practical applications in RRAMs.
文摘Digital transformation has been corner stone of business innovation in the last decade, and these innovations have dramatically changed the definition and boundaries of enterprise business applications. Introduction of new products/ services, version management of existing products/ services, management of customer/partner connections, management of multi-channel service delivery (web, social media, web etc.), merger/acquisitions of new businesses and adoption of new innovations/technologies will drive data growth in business applications. These datasets exist in different sharing nothing business applications at different locations and in various forms. So, to make sense of this information and derive insight, it is essential to break the data silos, streamline data retrieval and simplify information access across the entire organization. The information access framework must support just-in-time processing capabilities to bring data from multiple sources, be fast and powerful enough to transform and process huge amounts of data quickly, and be agile enough to accommodate new data sources per user needs. This paper discusses the SAP HANA Smart Data Access data-virtualization technology to enable unified access to heterogenous data across the organization and analysis of huge volume of data in real-time using SAP HANA in-memory platform.
文摘This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).
文摘In the environment of big data,the traditional access control lacks effective and flexible access mechanism.Based on attribute access control,this paper proposes a HBMC-ABAC big data access control framework.It solves the problems of difficult authority change,complex management,over-authorization and lack of authorization in big data environment.At the same time,binary mapping codes are proposed to solve the problem of low efficiency of policy retrieval in traditional ABAC.Through experimental analysis,the results show that our proposed HBMC-ABAC model can meet the current large and complex environment of big data.
基金This work was supported by the National Natural Science Foundation for Distinguished Young Scholars of China(Grant No.41725006).
文摘Growing attention has been directed to the use of satellite imagery and open geospatial data to understand large-scale sustainable development outcomes.Health and education are critical domains of the Unites Nations’Sus-tainable Development Goals(SDGs),yet existing research on the accessibility of corresponding services focused mainly on detailed but small-scale studies.This means that such studies lack accessibility metrics for large-scale quantitative evaluations.To address this deficiency,we evaluated the accessibility of health and education ser-vices in China's Mainland in 2021 using point-of-interest data,OpenStreetMap road data,land cover data,and WorldPop spatial demographic data.The accessibility metrics used were the least time costs of reaching hospital and school services and population coverage with a time cost of less than 1 h.On the basis of the road network and land cover information,the overall average time costs of reaching hospital and school were 20 and 22 min,respectively.In terms of population coverage,94.7%and 92.5%of the population in China has a time cost of less than 1 h in obtaining hospital and school services,respectively.Counties with low accessibility to hospitals and schools were highly coupled with poor areas and ecological function regions,with the time cost incurred in these areas being more than twice that experienced in non-poor and non-ecological areas.Furthermore,the cumulative time cost incurred by the bottom 20%of counties(by GDP)from access to hospital and school services reached approximately 80%of the national total.Low-GDP counties were compelled to suffer disproportionately increased time costs to acquire health and education services compared with high-GDP counties.The accessibil-ity metrics proposed in this study are highly related to SDGs 3 and 4,and they can serve as auxiliary data that can be used to enhance the evaluation of SDG outcomes.The analysis of the uneven distribution of health and education services in China can help identify areas with backward public services and may contribute to targeted and efficient policy interventions.
基金This research is supported by a grant from National Natural Science Foundation of China (No. 61170241, 61472097).This paper is funded by the International Exchange Program of Harbin Engineering University for Innovationoriented Talents Cultivation.
文摘In Cloud Computing, the application software and the databases are moved to large centralized data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings many new security challenges, which have not been well solved. Data access control is an effective way to ensure the big data security in the cloud. In this paper,we study the problem of fine-grained data access control in cloud computing.Based on CP-ABE scheme,we propose a novel access control policy to achieve fine-grainedness and implement the operation of user revocation effectively.The analysis results indicate that our scheme ensures the data security in cloud computing and reduces the cost of the data owner significantly.
文摘To solve the problems of data sharing in social network,such as management of private data is too loose,access permissions are not clear,mode of data sharing is too single and soon on,we design a hierarchical access control scheme of private data based on attribute encryption.First,we construct a new algorithm based on attribute encryption,which divides encryption into two phases,and we can design two types of attributes encryption strategy to make sure that different users could get their own decryption keys corresponding to their permissions.We encrypt the private data hierarchically with our algorithm to realize“precise”,“more accurate”,“fuzzy”and“private”four management modes,then users with higher permissions can access the private data inferior to their permissions.And we outsource some complex operations of decryption to DSP to ensure high efficiency on the premise of privacy protection.Finally,we analyze the efficiency and the security of our scheme.
基金supported by the Fundamental Research Funds for the Central Universities.Nos.3282023017,328202251.RL H received the grant.
文摘In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access control.This paper proposes an Education Archives Sharing and Access Control(EduASAC)system to solve these problems.The system research goal is to realize the sharing of security parameters,the execution of access control,and the recording of system behaviors based on the blockchain network,ensuring the legitimacy of shared membership and the security of education archives.At the same time,the system can be combined with most homomorphic ciphertext retrieval schemes running on the storage server,making the homomorphic ciphertext retrieval mechanism controllable.This paper focuses on the blockchain access control framework and specifically designs smart contracts that conform to the business logic of the EduASAC system.The former adopts a dual-mode access control mechanism combining Discretionary Access Control(DAC)and Mandatory Access Control(MAC)and improves the tagging mode after user permission verification based on the Authentication and Authorization for Constrained Environments(ACE)authorization framework of Open Authorization(OAuth)2.0;the latter is used in the system to vote on nodes to join requests,define access control policies,execute permission verification processes,store,and share system parameters,and standardize the behavior of member nodes.Finally,the EduASAC system realizes the encryption,storage,retrieval,sharing,and access control processes of education archives.To verify the performance of the system,simulation experiments were conducted.The results show that the EduASAC system can meet the high security needs of education archive sharing and ensure the system’s high throughput,low latency,fast decision-making,and fine-grained access control ability.