With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages i...With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.展开更多
Videos represent the most prevailing form of digital media for communication,information dissemination,and monitoring.However,theirwidespread use has increased the risks of unauthorised access andmanipulation,posing s...Videos represent the most prevailing form of digital media for communication,information dissemination,and monitoring.However,theirwidespread use has increased the risks of unauthorised access andmanipulation,posing significant challenges.In response,various protection approaches have been developed to secure,authenticate,and ensure the integrity of digital videos.This study provides a comprehensive survey of the challenges associated with maintaining the confidentiality,integrity,and availability of video content,and examining how it can be manipulated.It then investigates current developments in the field of video security by exploring two critical research questions.First,it examine the techniques used by adversaries to compromise video data and evaluate their impact.Understanding these attack methodologies is crucial for developing effective defense mechanisms.Second,it explores the various security approaches that can be employed to protect video data,enhancing its transparency,integrity,and trustworthiness.It compares the effectiveness of these approaches across different use cases,including surveillance,video on demand(VoD),and medical videos related to disease diagnostics.Finally,it identifies potential research opportunities to enhance video data protection in response to the evolving threat landscape.Through this investigation,this study aims to contribute to the ongoing efforts in securing video data,providing insights that are vital for researchers,practitioners,and policymakers dedicated to enhancing the safety and reliability of video content in our digital world.展开更多
The safety and longevity of key blast furnace(BF)equipment determine the stable and low-carbon production of iron.This pa-per presents an analysis of the heat transfer characteristics of these components and the uneve...The safety and longevity of key blast furnace(BF)equipment determine the stable and low-carbon production of iron.This pa-per presents an analysis of the heat transfer characteristics of these components and the uneven distribution of cooling water in parallel pipes based on hydrodynamic principles,discusses the feasible methods for the improvement of BF cooling intensity,and reviews the pre-paration process,performance,and damage characteristics of three key equipment pieces:coolers,tuyeres,and hearth refractories.Fur-thermoere,to attain better control of these critical components under high-temperature working conditions,we propose the application of optimized technologies,such as BF operation and maintenance technology,self-repair technology,and full-lifecycle management techno-logy.Finally,we propose further researches on safety assessments and predictions for key BF equipment under new operating conditions.展开更多
Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the sa...Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.展开更多
Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web S...Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web Services security. Traditional security solutions cannot satisfy the Web Services security require of selective protection, end-to-end security and application layer security. Web Services technology needs a solution integrated in Web Services framework to realize end-to-end security. Based on cryptography and Web Services technology and according to W3C, XML encryption specification, XML digital Signature specification and WS-Security, which proposed by IBM and Microsoft, a new Web services security model based on message layer is put forward in this paper. The message layer is composed of message handlers. It is inserted into the message processing sequence and provides transparent security services for Web Services. To verify the model, a Web Services security system is realized on, net platform. The implementation version of the model can provide various security services, and has advantages such as security, scalability, security controllability and end-to-end security in message level. Key words Web services - Web services security - message layer CLC number TP 393.08 Biography: WANG Cui-ru (1954-), female, Professor, research direction: database and information management system.展开更多
Security service function chaining(SFC)based on software-defined networking(SDN)and network function virtualization(NFV)technology allows traffic to be forwarded sequentially among different security service functions...Security service function chaining(SFC)based on software-defined networking(SDN)and network function virtualization(NFV)technology allows traffic to be forwarded sequentially among different security service functions to achieve a combination of security functions.Security SFC can be deployed according to requirements,but the current SFC is not flexible enough and lacks an effective feedback mechanism.The SFC is not traffic aware and the changes of traffic may cause the previously deployed security SFC to be invalid.How to establish a closed-loop mechanism to enhance the adaptive capability of the security SFC to malicious traffic has become an important issue.Our contribution is threefold.First,we propose a secure SFC path selection framework.The framework can accept the feedback results of traffic and security service functions in SFC,and dynamically select the opti-mal path for SFC based on the feedback results.It also realizes the automatic deployment of paths,forming a complete closed loop.Second,we expand the protocol of SFC to realize the security SFC with branching path,which improve flexibility of security SFC.Third,we propose a deep reinforcement learning-based dynamic path selection method for security SFC.It infers the optimal branching path by analyzing feedback from the security SFC.We have experimented with Distributed Denial of Service(DDoS)attack detection modules as security service functions.Experimental results show that our proposed method can dynamically select the optimal branching path for a security SFC based on traffic features and the state of the SFC.And it improves the accuracy of the overall malicious traffic detection of the security SFC and significantly reduces the latency and overall load of the SFC.展开更多
Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps ha...Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes s...As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.展开更多
Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated infor...Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.展开更多
This article discusses the security of the NGN service platform in terms of the open service interface and service deployment. It thinks that security of the open service interface can be solved by adding the service ...This article discusses the security of the NGN service platform in terms of the open service interface and service deployment. It thinks that security of the open service interface can be solved by adding the service access gateway and service management platform. The service access gateway provides security features to the open service interface concerning ID authentication, authorization, audit, encryption and integrity protection. For service deployment, its security can be solved by issuing related user digital certificates, deploying a firewall or an intrusion detection system, implementing load control, managing users' home location and displaying users' real-time IP addresses.展开更多
Wearable technologies have the potential to become a valuable influence on human daily life where they may enable observing the world in new ways,including,for example,using augmented reality(AR)applications.Wearable ...Wearable technologies have the potential to become a valuable influence on human daily life where they may enable observing the world in new ways,including,for example,using augmented reality(AR)applications.Wearable technology uses electronic devices that may be carried as accessories,clothes,or even embedded in the user's body.Although the potential benefits of smart wearables are numerous,their extensive and continual usage creates several privacy concerns and tricky information security challenges.In this paper,we present a comprehensive survey of recent privacy-preserving big data analytics applications based on wearable sensors.We highlight the fundamental features of security and privacy for wearable device applications.Then,we examine the utilization of deep learning algorithms with cryptography and determine their usability for wearable sensors.We also present a case study on privacy-preserving machine learning techniques.Herein,we theoretically and empirically evaluate the privacy-preserving deep learning framework's performance.We explain the implementation details of a case study of a secure prediction service using the convolutional neural network(CNN)model and the Cheon-Kim-Kim-Song(CHKS)homomorphic encryption algorithm.Finally,we explore the obstacles and gaps in the deployment of practical real-world applications.Following a comprehensive overview,we identify the most important obstacles that must be overcome and discuss some interesting future research directions.展开更多
Within an agent server, the model introduces a trusted third party entity called Secure Service Station(SSS). The SSS is a non\|hardware component and is intended to prevent most attacks performed by malicious hosts, ...Within an agent server, the model introduces a trusted third party entity called Secure Service Station(SSS). The SSS is a non\|hardware component and is intended to prevent most attacks performed by malicious hosts, by providing mechanisms that ensure attack detection and provide integrity to mobile agents. This noble technique involves encapsulating partial results obtained on each intermediate host and binding these results together using a hash function, thus forming a strong bonded chain that cannot be compromised. An analytical model to explore the system performance was also developed.展开更多
Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite W...Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.展开更多
文摘With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.
基金funded by the European Union’s Horizon 2020 Research and Innovation Programme under the Marie Skłodowska-Curie Action(MSCA)grant agreement No.101109961.
文摘Videos represent the most prevailing form of digital media for communication,information dissemination,and monitoring.However,theirwidespread use has increased the risks of unauthorised access andmanipulation,posing significant challenges.In response,various protection approaches have been developed to secure,authenticate,and ensure the integrity of digital videos.This study provides a comprehensive survey of the challenges associated with maintaining the confidentiality,integrity,and availability of video content,and examining how it can be manipulated.It then investigates current developments in the field of video security by exploring two critical research questions.First,it examine the techniques used by adversaries to compromise video data and evaluate their impact.Understanding these attack methodologies is crucial for developing effective defense mechanisms.Second,it explores the various security approaches that can be employed to protect video data,enhancing its transparency,integrity,and trustworthiness.It compares the effectiveness of these approaches across different use cases,including surveillance,video on demand(VoD),and medical videos related to disease diagnostics.Finally,it identifies potential research opportunities to enhance video data protection in response to the evolving threat landscape.Through this investigation,this study aims to contribute to the ongoing efforts in securing video data,providing insights that are vital for researchers,practitioners,and policymakers dedicated to enhancing the safety and reliability of video content in our digital world.
基金supported by the National Natural Science Foundation of China(No.52174296)the Key Laboratory of Metallurgical Industry Safety&Risk Prevention and Control,Ministry of Emergency Management,China.
文摘The safety and longevity of key blast furnace(BF)equipment determine the stable and low-carbon production of iron.This pa-per presents an analysis of the heat transfer characteristics of these components and the uneven distribution of cooling water in parallel pipes based on hydrodynamic principles,discusses the feasible methods for the improvement of BF cooling intensity,and reviews the pre-paration process,performance,and damage characteristics of three key equipment pieces:coolers,tuyeres,and hearth refractories.Fur-thermoere,to attain better control of these critical components under high-temperature working conditions,we propose the application of optimized technologies,such as BF operation and maintenance technology,self-repair technology,and full-lifecycle management techno-logy.Finally,we propose further researches on safety assessments and predictions for key BF equipment under new operating conditions.
基金The work is supported by the National Natural Science Foundation of China under Grant Nos. 61572137 and 61728202, and Shanghai Innovation Action Project under Grant No. 16DZ1100200.
文摘Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.
文摘Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web Services security. Traditional security solutions cannot satisfy the Web Services security require of selective protection, end-to-end security and application layer security. Web Services technology needs a solution integrated in Web Services framework to realize end-to-end security. Based on cryptography and Web Services technology and according to W3C, XML encryption specification, XML digital Signature specification and WS-Security, which proposed by IBM and Microsoft, a new Web services security model based on message layer is put forward in this paper. The message layer is composed of message handlers. It is inserted into the message processing sequence and provides transparent security services for Web Services. To verify the model, a Web Services security system is realized on, net platform. The implementation version of the model can provide various security services, and has advantages such as security, scalability, security controllability and end-to-end security in message level. Key words Web services - Web services security - message layer CLC number TP 393.08 Biography: WANG Cui-ru (1954-), female, Professor, research direction: database and information management system.
基金supported by NSFC under Grant No.62341102National Key R&D Program of China under Grant No.2018YFA0701604。
文摘Security service function chaining(SFC)based on software-defined networking(SDN)and network function virtualization(NFV)technology allows traffic to be forwarded sequentially among different security service functions to achieve a combination of security functions.Security SFC can be deployed according to requirements,but the current SFC is not flexible enough and lacks an effective feedback mechanism.The SFC is not traffic aware and the changes of traffic may cause the previously deployed security SFC to be invalid.How to establish a closed-loop mechanism to enhance the adaptive capability of the security SFC to malicious traffic has become an important issue.Our contribution is threefold.First,we propose a secure SFC path selection framework.The framework can accept the feedback results of traffic and security service functions in SFC,and dynamically select the opti-mal path for SFC based on the feedback results.It also realizes the automatic deployment of paths,forming a complete closed loop.Second,we expand the protocol of SFC to realize the security SFC with branching path,which improve flexibility of security SFC.Third,we propose a deep reinforcement learning-based dynamic path selection method for security SFC.It infers the optimal branching path by analyzing feedback from the security SFC.We have experimented with Distributed Denial of Service(DDoS)attack detection modules as security service functions.Experimental results show that our proposed method can dynamically select the optimal branching path for a security SFC based on traffic features and the state of the SFC.And it improves the accuracy of the overall malicious traffic detection of the security SFC and significantly reduces the latency and overall load of the SFC.
基金funded by the Taif University Researchers Supporting Projects at Taif University,Kingdom of Saudi Arabia,under Grant Number:TURSP-2020/231.
文摘Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
基金funded by the National High-Technology Research and Development Program of China"(863"Program)under Grant No.2009AA01Z427
文摘As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.
文摘Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.
文摘This article discusses the security of the NGN service platform in terms of the open service interface and service deployment. It thinks that security of the open service interface can be solved by adding the service access gateway and service management platform. The service access gateway provides security features to the open service interface concerning ID authentication, authorization, audit, encryption and integrity protection. For service deployment, its security can be solved by issuing related user digital certificates, deploying a firewall or an intrusion detection system, implementing load control, managing users' home location and displaying users' real-time IP addresses.
文摘Wearable technologies have the potential to become a valuable influence on human daily life where they may enable observing the world in new ways,including,for example,using augmented reality(AR)applications.Wearable technology uses electronic devices that may be carried as accessories,clothes,or even embedded in the user's body.Although the potential benefits of smart wearables are numerous,their extensive and continual usage creates several privacy concerns and tricky information security challenges.In this paper,we present a comprehensive survey of recent privacy-preserving big data analytics applications based on wearable sensors.We highlight the fundamental features of security and privacy for wearable device applications.Then,we examine the utilization of deep learning algorithms with cryptography and determine their usability for wearable sensors.We also present a case study on privacy-preserving machine learning techniques.Herein,we theoretically and empirically evaluate the privacy-preserving deep learning framework's performance.We explain the implementation details of a case study of a secure prediction service using the convolutional neural network(CNN)model and the Cheon-Kim-Kim-Song(CHKS)homomorphic encryption algorithm.Finally,we explore the obstacles and gaps in the deployment of practical real-world applications.Following a comprehensive overview,we identify the most important obstacles that must be overcome and discuss some interesting future research directions.
文摘Within an agent server, the model introduces a trusted third party entity called Secure Service Station(SSS). The SSS is a non\|hardware component and is intended to prevent most attacks performed by malicious hosts, by providing mechanisms that ensure attack detection and provide integrity to mobile agents. This noble technique involves encapsulating partial results obtained on each intermediate host and binding these results together using a hash function, thus forming a strong bonded chain that cannot be compromised. An analytical model to explore the system performance was also developed.
文摘Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.