With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 pre...With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.展开更多
Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper o...Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper offers an extensive review of IoT security,emphasizing the technology’s architecture,important security elements,and common attacks.It highlights how important artificial intelligence(AI)is to bolstering IoT security,especially when it comes to addressing risks at different IoT architecture layers.We systematically examined current mitigation strategies and their effectiveness,highlighting contemporary challenges with practical solutions and case studies from a range of industries,such as healthcare,smart homes,and industrial IoT.Our results highlight the importance of AI methods that are lightweight and improve security without compromising the limited resources of devices and computational capability.IoT networks can ensure operational efficiency and resilience by proactively identifying and countering security risks by utilizing machine learning capabilities.This study provides a comprehensive guide for practitioners and researchers aiming to understand the intricate connection between IoT,security challenges,and AI-driven solutions.展开更多
This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It i...This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It includes an introduction to the functions and information security of autonomous driving SoCs,as well as the main design strategies for the collaborative prevention and control mechanism of SoC functional safety and information security in autonomous driving.The research shows that in the field of autonomous driving,there is a close connection between the functional safety of SoCs and their information security.In the design of the safety collaborative protection mechanism,the overall collaborative protection architecture,SoC functional safety protection mechanism,information security protection mechanism,the workflow of the collaborative protection mechanism,and its strategies are all key design elements.It is hoped that this analysis can provide some references for the collaborative protection of SoC functional safety and information security in the field of autonomous driving,so as to improve the safety of autonomous driving technology and meet its practical application requirements.展开更多
The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,bi...The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a seriou...The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.展开更多
As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this pa...As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.展开更多
Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware deci...Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.展开更多
More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 sy...More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.展开更多
Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethe...Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.展开更多
The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Rece...The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Recently,the Open Radio Access Network(O-RAN)has been introduced as a solution for growing financial and operational burdens in Beyond 5G(B5G)and 6G networks.O-RAN promotes openness and intelligence to overcome the limitations of traditional RANs.By disaggregating conventional Base Band Units(BBUs)into O-RAN Distributed Units(O-DU)and O-RAN Centralized Units(O-CU),O-RAN offers greater flexibility for upgrades and network automation.However,this openness introduces new security challenges compared to traditional RANs.Many existing studies overlook these security requirements of the O-RAN networks.To gain deeper insights into the O-RAN system and security,this paper first provides an overview of the general O-RAN architecture and its diverse use cases relevant to B5G and 6G applications.We then delve into specifications of O-RAN security threats and requirements,aiming to mitigate security vulnerabilities effectively.By providing a comprehensive understanding of O-RAN architecture,use cases,and security considerations,thisworkserves as a valuable resource for future research in O-RAN and its security.展开更多
With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The networ...With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.展开更多
Deepfake has emerged as an obstinate challenge in a world dominated by light.Here,the authors introduce a new deepfake detection method based on Xception architecture.The model is tested exhaustively with millions of ...Deepfake has emerged as an obstinate challenge in a world dominated by light.Here,the authors introduce a new deepfake detection method based on Xception architecture.The model is tested exhaustively with millions of frames and diverse video clips;accuracy levels as high as 99.65%are reported.These are the main reasons for such high efficacy:superior feature extraction capabilities and stable training mechanisms,such as early stopping,characterizing the Xception model.The methodology applied is also more advanced when it comes to data preprocessing steps,making use of state-of-the-art techniques applied to ensure constant performance.With an ever-rising threat from fake media,this piece of research puts great emphasis on stringent memory testing to keep at bay the spread of manipulated content.It also justifies better explanation methods to justify the reasoning done by the model for those decisions that build more trust and reliability.The ensemble models being more accurate have been studied and examined for establishing a possibility of combining various detection frameworks that could together produce superior results.Further,the study underlines the need for real-time detection tools that can be effective on different social media sites and digital environments.Ethics,protecting privacy,and public awareness in the fight against the proliferation of deepfakes are important considerations.By significantly contributing to the advancements made in the technology that has actually advanced detection,it strengthens the safety and integrity of the cyber world with a robust defense against ever-evolving deepfake threats in technology.Overall,the findings generally go a long way to prove themselves as the crucial step forward to ensuring information authenticity and the trustworthiness of society in this digital world.展开更多
Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite netwo...Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a...Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.展开更多
The core goal of network security is to protect the security of data sharing.Traditional wireless network security technology is committed to guaranteeing end-to-end data transmission security.However,with the advance...The core goal of network security is to protect the security of data sharing.Traditional wireless network security technology is committed to guaranteeing end-to-end data transmission security.However,with the advancement of mobile networks,cloud computing,and Internet of Things,communication-computing integration and cloud-network integration have been important technical routes.As a result,the main application requirements of wireless networks have changed from data transmission to cloud-based information services.Traditional data transmission security technology cannot overcome the security requirements of cloud-network-end collaborative services in the new era,and secure semantic communication has become an important model.To address this issue,we propose a cloud-network-end collaborative security architecture.Firstly,we clarify security mechanisms for end system security,network connection security,and cloud services security,respectively.Next,based on the above three aspects,we elaborate on the connotation of cloud-network-end collaborative security.By giving example applications,including heterogeneous network secure convergence framework,unmanned system collaborative operations security framework,and space-air-ground integrated network security framework,we demonstrate the universality of the proposed architecture.Finally,we review the current research on end system security,network connection security,and cloud services security,respectively.展开更多
This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA f...This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.展开更多
This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data ...This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.展开更多
文摘With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.
文摘Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper offers an extensive review of IoT security,emphasizing the technology’s architecture,important security elements,and common attacks.It highlights how important artificial intelligence(AI)is to bolstering IoT security,especially when it comes to addressing risks at different IoT architecture layers.We systematically examined current mitigation strategies and their effectiveness,highlighting contemporary challenges with practical solutions and case studies from a range of industries,such as healthcare,smart homes,and industrial IoT.Our results highlight the importance of AI methods that are lightweight and improve security without compromising the limited resources of devices and computational capability.IoT networks can ensure operational efficiency and resilience by proactively identifying and countering security risks by utilizing machine learning capabilities.This study provides a comprehensive guide for practitioners and researchers aiming to understand the intricate connection between IoT,security challenges,and AI-driven solutions.
文摘This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It includes an introduction to the functions and information security of autonomous driving SoCs,as well as the main design strategies for the collaborative prevention and control mechanism of SoC functional safety and information security in autonomous driving.The research shows that in the field of autonomous driving,there is a close connection between the functional safety of SoCs and their information security.In the design of the safety collaborative protection mechanism,the overall collaborative protection architecture,SoC functional safety protection mechanism,information security protection mechanism,the workflow of the collaborative protection mechanism,and its strategies are all key design elements.It is hoped that this analysis can provide some references for the collaborative protection of SoC functional safety and information security in the field of autonomous driving,so as to improve the safety of autonomous driving technology and meet its practical application requirements.
基金Supported by Key Scientific Research Foundation of Southwest Forestry University(110809)~~
文摘The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
基金supported in part by the following grants:National Science Foundation of China(Grant No.61272400)Chongqing Innovative Team Fund for College Development Project(Grant No.KJTD201310)+3 种基金Chongqing Youth Innovative Talent Project(Grant No.cstc2013kjrc-qnrc40004)Science and Technology Research Program of the Chongqing Municipal Education Committee(Grant No.KJ1500425)Foundation of CQUPT(Grant No.WF201403)Chongqing Graduate Research and Innovation Project(Grant No.CYS14146)
文摘The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.
文摘As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No.61521003)the National Key R&D Program of China (No.2016YFB0800100,No.2016YFB0800101)the National Natural Science Foundation of China (No.61602509)
文摘Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.
文摘More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.
文摘Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.
基金supported by the Research Program funded by the SeoulTech(Seoul National University of Science and Technology).
文摘The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Recently,the Open Radio Access Network(O-RAN)has been introduced as a solution for growing financial and operational burdens in Beyond 5G(B5G)and 6G networks.O-RAN promotes openness and intelligence to overcome the limitations of traditional RANs.By disaggregating conventional Base Band Units(BBUs)into O-RAN Distributed Units(O-DU)and O-RAN Centralized Units(O-CU),O-RAN offers greater flexibility for upgrades and network automation.However,this openness introduces new security challenges compared to traditional RANs.Many existing studies overlook these security requirements of the O-RAN networks.To gain deeper insights into the O-RAN system and security,this paper first provides an overview of the general O-RAN architecture and its diverse use cases relevant to B5G and 6G applications.We then delve into specifications of O-RAN security threats and requirements,aiming to mitigate security vulnerabilities effectively.By providing a comprehensive understanding of O-RAN architecture,use cases,and security considerations,thisworkserves as a valuable resource for future research in O-RAN and its security.
基金This work was supported by the National Natural Science Foundation of China(U2133208,U20A20161).
文摘With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.
文摘Deepfake has emerged as an obstinate challenge in a world dominated by light.Here,the authors introduce a new deepfake detection method based on Xception architecture.The model is tested exhaustively with millions of frames and diverse video clips;accuracy levels as high as 99.65%are reported.These are the main reasons for such high efficacy:superior feature extraction capabilities and stable training mechanisms,such as early stopping,characterizing the Xception model.The methodology applied is also more advanced when it comes to data preprocessing steps,making use of state-of-the-art techniques applied to ensure constant performance.With an ever-rising threat from fake media,this piece of research puts great emphasis on stringent memory testing to keep at bay the spread of manipulated content.It also justifies better explanation methods to justify the reasoning done by the model for those decisions that build more trust and reliability.The ensemble models being more accurate have been studied and examined for establishing a possibility of combining various detection frameworks that could together produce superior results.Further,the study underlines the need for real-time detection tools that can be effective on different social media sites and digital environments.Ethics,protecting privacy,and public awareness in the fight against the proliferation of deepfakes are important considerations.By significantly contributing to the advancements made in the technology that has actually advanced detection,it strengthens the safety and integrity of the cyber world with a robust defense against ever-evolving deepfake threats in technology.Overall,the findings generally go a long way to prove themselves as the crucial step forward to ensuring information authenticity and the trustworthiness of society in this digital world.
文摘Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
基金supported by NSFC (No.61672060)National High Technology Research and Development Program of China (863 Program, No.2015AA015701)
文摘Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.
基金supported by the National Key Research and Development Program of China(No.2021YFB3101100)National Natural Science Foundation of China(Nos.62232013,92267204,and 62202364)Fellowship of China National Postdoctoral Program for Innovation Talents(No.BX20230279).
文摘The core goal of network security is to protect the security of data sharing.Traditional wireless network security technology is committed to guaranteeing end-to-end data transmission security.However,with the advancement of mobile networks,cloud computing,and Internet of Things,communication-computing integration and cloud-network integration have been important technical routes.As a result,the main application requirements of wireless networks have changed from data transmission to cloud-based information services.Traditional data transmission security technology cannot overcome the security requirements of cloud-network-end collaborative services in the new era,and secure semantic communication has become an important model.To address this issue,we propose a cloud-network-end collaborative security architecture.Firstly,we clarify security mechanisms for end system security,network connection security,and cloud services security,respectively.Next,based on the above three aspects,we elaborate on the connotation of cloud-network-end collaborative security.By giving example applications,including heterogeneous network secure convergence framework,unmanned system collaborative operations security framework,and space-air-ground integrated network security framework,we demonstrate the universality of the proposed architecture.Finally,we review the current research on end system security,network connection security,and cloud services security,respectively.
基金funded by the Office of Gas and Electricity Markets(Ofgem)and supported by De Montfort University(DMU)and Nottingham Trent University(NTU),UK.
文摘This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.
文摘This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.
