Varieties of trusted computing products usually follow the mechanism of liner-style chain of trust according to the specifications of TCG. The distinct advantage is that the compatibility with the existing computing p...Varieties of trusted computing products usually follow the mechanism of liner-style chain of trust according to the specifications of TCG. The distinct advantage is that the compatibility with the existing computing platform is preferable, while the shortcomings are obvious simultaneously. A new star-style trust model with the ability of data recovery is proposed in this paper. The model can enhance the hardware-based root of trust in platform measurement, reduce the loss of trust during transfer process, extend the border of trust flexibly, and have the ability of data backup and recovery. The security and reliability of system is much more improved. It is proved that the star-style trust model is much better than the liner-style trust model in trust transfer and boundary extending etc. using formal methods in this paper. We illuminate the design and implementation of a kind of trusted PDA acting on star-style trust model.展开更多
According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing me...According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing mechanism based on typical data center network architecture. The mechanism can make the network flow in its exclusive network link bandwidth and transmission path, which can improve the link utilization and the use of the network energy efficiency. Meanwhile, we apply trusted computing to guarantee the high security, high performance and high fault-tolerant routing forwarding service, which helps improving the average completion time of network flow.展开更多
As the use of mobile devices continues to rise,trust administration will significantly improve security in routing the guaranteed quality of service(QoS)supply in Mobile Ad Hoc Networks(MANET)due to the mobility of th...As the use of mobile devices continues to rise,trust administration will significantly improve security in routing the guaranteed quality of service(QoS)supply in Mobile Ad Hoc Networks(MANET)due to the mobility of the nodes.There is no continuance of network communication between nodes in a delay-tolerant network(DTN).DTN is designed to complete recurring connections between nodes.This approach proposes a dynamic source routing protocol(DSR)based on a feed-forward neural network(FFNN)and energybased random repetition trust calculation in DTN.If another node is looking for a node that swerved off of its path in this situation,routing will fail since it won’t recognize it.However,in the suggested strategy,nodes do not stray from their pathways for routing.It is only likely that the message will reach the destination node if the nodes encounter their destination or an appropriate transitional node on their default mobility route,based on their pattern of mobility.The EBRRTC-DTN algorithm(Energy based random repeat trust computation)is based on the time that has passed since nodes last encountered the destination node.Compared to other existing techniques,simulation results show that this process makes the best decision and expertly determines the best and most appropriate route to send messages to the destination node,which improves routing performance,increases the number of delivered messages,and decreases delivery delay.Therefore,the suggested method is better at providing better QoS(Quality of Service)and increasing network lifetime,tolerating network system latency.展开更多
Cloud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocatio...Cloud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation and scheduling are extremely important challenges in cloud infrastructure. Based on distributed agents, this paper presents trusted data acquisition mechanism for efficient scheduling cloud resources to satisfy various user requests. Our mechanism defines, collects and analyzes multiple key trust targets of cloud service resources based on historical information of servers in a cloud data center. As a result, using our trust computing mechanism, cloud providers can utilize their resources efficiently and also provide highly trusted resources and services to many users.展开更多
Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent techni...Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.展开更多
With the rapid development of wireless networks,the Ad Hoc networks are widely used in many fields,but the current network security solutions for the Ad Hoc network are not competitive enough.So the critical technolog...With the rapid development of wireless networks,the Ad Hoc networks are widely used in many fields,but the current network security solutions for the Ad Hoc network are not competitive enough.So the critical technology of Ad Hoc network applications shall be how to implement the security scheme.Here the discussions are focused on the specific solution against the security threats which the Ad Hoc networks will face,the methodology of a management model which uses trusted computing technology to solve Ad Hoc network security problems,and the analysis and verification for the security of this model.展开更多
Ubiquitous power Internet of Things(IoT)is a smart service system oriented to all aspects of the power system,and has the characteristics of universal interconnection,human-computer interaction,comprehensive state per...Ubiquitous power Internet of Things(IoT)is a smart service system oriented to all aspects of the power system,and has the characteristics of universal interconnection,human-computer interaction,comprehensive state perception,efficient information processing,and other convenient and flexible applications.It has become a hot topic in the field of IoT.We summarize some existing research work on the IoT and edge computing framework.Because it is difficult to meet the requirements of ubiquitous power IoT for edge computing in terms of real time,security,reliability,and business function adaptation using the general edge computing framework software,we propose a trusted edge computing framework,named“EdgeKeeper,”adapting to the ubiquitous power IoT.Several key technologies such as security and trust,quality of service guarantee,application management,and cloud-edge collaboration are desired to meet the needs of the edge computing framework.Experiments comprehensively evaluate EdgeKeeper from the aspects of function,performance,and security.Comparison results show that EdgeKeeper is the most suitable edge computing framework for the electricity IoT.Finally,future directions for research are proposed.展开更多
While smart devices based on ARM processor bring us a lot of convenience,they also become an attractive target of cyber-attacks.The threat is exaggerated as commodity OSes usually have a large code base and suffer fro...While smart devices based on ARM processor bring us a lot of convenience,they also become an attractive target of cyber-attacks.The threat is exaggerated as commodity OSes usually have a large code base and suffer from various software vulnerabilities.Nowadays,adversaries prefer to steal sensitive data by leaking the content of display output by a security-sensitive application.A promising solution is to exploit the hardware visualization extensions provided by modern ARM processors to construct a secure display path between the applications and the display device.In this work,we present a scheme named SecDisplay for trusted display service,it protects sensitive data displayed from being stolen or tampered surreptitiously by a compromised OS.The TCB of SecDisplay mainly consists of a tiny hypervisor and a super light-weight rendering painter,and has only^1400 lines of code.We implemented a prototype of SecDisplay and evaluated its performance overhead.The results show that SecDisplay only incurs an average drop of 3.4%.展开更多
Blockchain has become a new frontier of venture capitals that has attracted the attention of banks,governments,and other business corporations.The recent blockchain related attempts included legal blockchains by Fadad...Blockchain has become a new frontier of venture capitals that has attracted the attention of banks,governments,and other business corporations.The recent blockchain related attempts included legal blockchains by Fadada.com and Microsoft and pork tracking blockchains by Walmart and IBM.Blockchain is poised to become the most exciting invention after the Internet;while the latter connects the world to enable new business models based on online business processes,the former will help resolve the trust issue more efficiently via network computing.In this paper,we give an overview on blockchain research and development as well as introduce the papers in this special issue.We show that while blockchain has enabled Bitcoin,the most successful digital currency,its widespread adoption in finance and other business sectors will lead to many business innovations as well as many research opportunities.展开更多
With the wide application of electronic hardware in aircraft such as air-to-ground communication,satellite communication,positioning system and so on,aircraft hardware is facing great secure pressure.Focusing on the s...With the wide application of electronic hardware in aircraft such as air-to-ground communication,satellite communication,positioning system and so on,aircraft hardware is facing great secure pressure.Focusing on the secure problem of aircraft hardware,this paper proposes a supervisory control architecture based on secure System-on-a-Chip(So C)system.The proposed architecture is attack-immune and trustworthy,which can support trusted escrow application and Dynamic Integrity Measurement(DIM)without interference.This architecture is characterized by a Trusted Monitoring System(TMS)hardware isolated from the Main Processor System(MPS),a secure access channel from TMS to the running memory of the MPS,and the channel is unidirectional.Based on this architecture,the DIM program running on TMS is used to measure and call the Lightweight Measurement Agent(LMA)program running on MPS.By this method,the Operating System(OS)kernel,key software and data of the MPS can be dynamically measured without disturbance,which makes it difficult for adversaries to attack through software.Besides,this architecture has been fully verified on FPGA prototype system.Compared with the existing systems,our architecture achieves higher security and is more efficient on DIM,which can fully supervise the running of application and aircraft hardware OS.展开更多
In the cloud computing environment,with the complex network environment,the virtualization platform faces many security problems.At the same time,trusted computing can greatly enhance the architecture security of virt...In the cloud computing environment,with the complex network environment,the virtualization platform faces many security problems.At the same time,trusted computing can greatly enhance the architecture security of virtualization platform systems,but there are many problems when trusted computing is deployed directly in the cloud environment.Therefore,this paper proposes a trusted virtual machine model based on high-performance cipher coprocessor to solve the security problems such as the isolation and insufficient performance of virtual TPM(vTPM)on the existing virtual platform.In this model,virtio technology was used to realize the virtualization of TPM,and a management architecture was designed to manage the life cycle of vTPM.The analysis shows that the model can complete the isolation of vTPM,and protect the security of vTPM during the migration process through the migration control server,and can strengthen the security of the virtualization platform.Finally,the simulation results show that the model is more feasible and suitable for cloud platform than hardware TPM.展开更多
The Energy Internet has generated huge amounts of information on the production devices,transmission devices,and energy consumption devices.The leakage of data in the collection,transmission,and storage process will c...The Energy Internet has generated huge amounts of information on the production devices,transmission devices,and energy consumption devices.The leakage of data in the collection,transmission,and storage process will cause serious security problems.The existing Energy Internet security methods rely on traditional access control mechanisms and specific network boundary defense mechanisms,which has the limitations of static strategies and coarse design.We combine the advantages of role-based access control(RBAC)and attribute-based access control(ABAC),and propose a trusted Energy Internet fine-grained access control model based on devices'attribute and users'roles.We have not only achieved fine-grained Energy Internet resource allocation,but also ensured that the access control process is related to the security status of the environment in real time.Experimental results show that the access control model can safely and accurately execute access decisions in the Energy Internet scenario,and the processing performance is more stable.展开更多
基金Supported by the National Natural Science Foundation of China(61303024)the Natural Science Foundation of Hubei Province(2013CFB441)+1 种基金the Foundation of Science and Technology on Information Assurance Laboratory(KJ-13-106)the Natural Science Foundation of Jiangsu Province(BK20130372)
文摘Varieties of trusted computing products usually follow the mechanism of liner-style chain of trust according to the specifications of TCG. The distinct advantage is that the compatibility with the existing computing platform is preferable, while the shortcomings are obvious simultaneously. A new star-style trust model with the ability of data recovery is proposed in this paper. The model can enhance the hardware-based root of trust in platform measurement, reduce the loss of trust during transfer process, extend the border of trust flexibly, and have the ability of data backup and recovery. The security and reliability of system is much more improved. It is proved that the star-style trust model is much better than the liner-style trust model in trust transfer and boundary extending etc. using formal methods in this paper. We illuminate the design and implementation of a kind of trusted PDA acting on star-style trust model.
基金supported by the National Natural Science Foundation of China(The key trusted running technologies for the sensing nodes in Internet of things: 61501007The outstanding personnel training program of Beijing municipal Party Committee Organization Department (The Research of Trusted Computing environment for Internet of things in Smart City: 2014000020124G041
文摘According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing mechanism based on typical data center network architecture. The mechanism can make the network flow in its exclusive network link bandwidth and transmission path, which can improve the link utilization and the use of the network energy efficiency. Meanwhile, we apply trusted computing to guarantee the high security, high performance and high fault-tolerant routing forwarding service, which helps improving the average completion time of network flow.
文摘As the use of mobile devices continues to rise,trust administration will significantly improve security in routing the guaranteed quality of service(QoS)supply in Mobile Ad Hoc Networks(MANET)due to the mobility of the nodes.There is no continuance of network communication between nodes in a delay-tolerant network(DTN).DTN is designed to complete recurring connections between nodes.This approach proposes a dynamic source routing protocol(DSR)based on a feed-forward neural network(FFNN)and energybased random repetition trust calculation in DTN.If another node is looking for a node that swerved off of its path in this situation,routing will fail since it won’t recognize it.However,in the suggested strategy,nodes do not stray from their pathways for routing.It is only likely that the message will reach the destination node if the nodes encounter their destination or an appropriate transitional node on their default mobility route,based on their pattern of mobility.The EBRRTC-DTN algorithm(Energy based random repeat trust computation)is based on the time that has passed since nodes last encountered the destination node.Compared to other existing techniques,simulation results show that this process makes the best decision and expertly determines the best and most appropriate route to send messages to the destination node,which improves routing performance,increases the number of delivered messages,and decreases delivery delay.Therefore,the suggested method is better at providing better QoS(Quality of Service)and increasing network lifetime,tolerating network system latency.
基金supported by the National Basic Research Program of China (973 Program) (No. 2012CB821200 (2012CB821206))the National Nature Science Foundation of China (No.61003281, No.91024001 and No.61070142)+1 种基金Beijing Natural Science Foundation (Study on Internet Multi-mode Area Information Accurate Searching and Mining Based on Agent, No.4111002)the Chinese Universities Scientific Fund under Grant No.BUPT 2009RC0201
文摘Cloud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation and scheduling are extremely important challenges in cloud infrastructure. Based on distributed agents, this paper presents trusted data acquisition mechanism for efficient scheduling cloud resources to satisfy various user requests. Our mechanism defines, collects and analyzes multiple key trust targets of cloud service resources based on historical information of servers in a cloud data center. As a result, using our trust computing mechanism, cloud providers can utilize their resources efficiently and also provide highly trusted resources and services to many users.
基金National Natural Science Foundation of China under Grant No. 60873203Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education under Grant No. AISTC2009_03+1 种基金Hebei National Funds for Distinguished Young Scientists under Grant No. F2010000317National Science Foundation of Hebei Province under Grant No. F2010000319
文摘Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.
基金National Natural Science Foundation of China under Grant No. 60970115,National Natural Science Funds Projects of China under Grant No. 91018008
文摘With the rapid development of wireless networks,the Ad Hoc networks are widely used in many fields,but the current network security solutions for the Ad Hoc network are not competitive enough.So the critical technology of Ad Hoc network applications shall be how to implement the security scheme.Here the discussions are focused on the specific solution against the security threats which the Ad Hoc networks will face,the methodology of a management model which uses trusted computing technology to solve Ad Hoc network security problems,and the analysis and verification for the security of this model.
基金Project supported by the State Grid Corporation Science and Technology Project,China。
文摘Ubiquitous power Internet of Things(IoT)is a smart service system oriented to all aspects of the power system,and has the characteristics of universal interconnection,human-computer interaction,comprehensive state perception,efficient information processing,and other convenient and flexible applications.It has become a hot topic in the field of IoT.We summarize some existing research work on the IoT and edge computing framework.Because it is difficult to meet the requirements of ubiquitous power IoT for edge computing in terms of real time,security,reliability,and business function adaptation using the general edge computing framework software,we propose a trusted edge computing framework,named“EdgeKeeper,”adapting to the ubiquitous power IoT.Several key technologies such as security and trust,quality of service guarantee,application management,and cloud-edge collaboration are desired to meet the needs of the edge computing framework.Experiments comprehensively evaluate EdgeKeeper from the aspects of function,performance,and security.Comparison results show that EdgeKeeper is the most suitable edge computing framework for the electricity IoT.Finally,future directions for research are proposed.
基金This work was financially supported by the National Natural Science Foundation of China(Grant No.61379145)the Joint Funds of CETC(Grant No.20166141B08020101).
文摘While smart devices based on ARM processor bring us a lot of convenience,they also become an attractive target of cyber-attacks.The threat is exaggerated as commodity OSes usually have a large code base and suffer from various software vulnerabilities.Nowadays,adversaries prefer to steal sensitive data by leaking the content of display output by a security-sensitive application.A promising solution is to exploit the hardware visualization extensions provided by modern ARM processors to construct a secure display path between the applications and the display device.In this work,we present a scheme named SecDisplay for trusted display service,it protects sensitive data displayed from being stolen or tampered surreptitiously by a compromised OS.The TCB of SecDisplay mainly consists of a tiny hypervisor and a super light-weight rendering painter,and has only^1400 lines of code.We implemented a prototype of SecDisplay and evaluated its performance overhead.The results show that SecDisplay only incurs an average drop of 3.4%.
文摘Blockchain has become a new frontier of venture capitals that has attracted the attention of banks,governments,and other business corporations.The recent blockchain related attempts included legal blockchains by Fadada.com and Microsoft and pork tracking blockchains by Walmart and IBM.Blockchain is poised to become the most exciting invention after the Internet;while the latter connects the world to enable new business models based on online business processes,the former will help resolve the trust issue more efficiently via network computing.In this paper,we give an overview on blockchain research and development as well as introduce the papers in this special issue.We show that while blockchain has enabled Bitcoin,the most successful digital currency,its widespread adoption in finance and other business sectors will lead to many business innovations as well as many research opportunities.
基金supported by the National Key Research and Development Program of China(No.2017YFB0802502)by the Aeronautical Science Foundation(No.2017ZC51038)+4 种基金by the National Natural Science Foundation of China(Nos.62002006,61702028,61672083,61370190,61772538,61532021,61472429,and 61402029)by the Foundation of Science and Technology on Information Assurance Laboratory(No.1421120305162112006)by the National Cryptography Development Fund(No.MMJJ20170106)by the Defense Industrial Technology Development Program(No.JCKY2016204A102)by the Liaoning Collaboration Innovation Center For CSLE,China。
文摘With the wide application of electronic hardware in aircraft such as air-to-ground communication,satellite communication,positioning system and so on,aircraft hardware is facing great secure pressure.Focusing on the secure problem of aircraft hardware,this paper proposes a supervisory control architecture based on secure System-on-a-Chip(So C)system.The proposed architecture is attack-immune and trustworthy,which can support trusted escrow application and Dynamic Integrity Measurement(DIM)without interference.This architecture is characterized by a Trusted Monitoring System(TMS)hardware isolated from the Main Processor System(MPS),a secure access channel from TMS to the running memory of the MPS,and the channel is unidirectional.Based on this architecture,the DIM program running on TMS is used to measure and call the Lightweight Measurement Agent(LMA)program running on MPS.By this method,the Operating System(OS)kernel,key software and data of the MPS can be dynamically measured without disturbance,which makes it difficult for adversaries to attack through software.Besides,this architecture has been fully verified on FPGA prototype system.Compared with the existing systems,our architecture achieves higher security and is more efficient on DIM,which can fully supervise the running of application and aircraft hardware OS.
文摘In the cloud computing environment,with the complex network environment,the virtualization platform faces many security problems.At the same time,trusted computing can greatly enhance the architecture security of virtualization platform systems,but there are many problems when trusted computing is deployed directly in the cloud environment.Therefore,this paper proposes a trusted virtual machine model based on high-performance cipher coprocessor to solve the security problems such as the isolation and insufficient performance of virtual TPM(vTPM)on the existing virtual platform.In this model,virtio technology was used to realize the virtualization of TPM,and a management architecture was designed to manage the life cycle of vTPM.The analysis shows that the model can complete the isolation of vTPM,and protect the security of vTPM during the migration process through the migration control server,and can strengthen the security of the virtualization platform.Finally,the simulation results show that the model is more feasible and suitable for cloud platform than hardware TPM.
基金the State Grid Corporation of China Science and Technology Project Funding。
文摘The Energy Internet has generated huge amounts of information on the production devices,transmission devices,and energy consumption devices.The leakage of data in the collection,transmission,and storage process will cause serious security problems.The existing Energy Internet security methods rely on traditional access control mechanisms and specific network boundary defense mechanisms,which has the limitations of static strategies and coarse design.We combine the advantages of role-based access control(RBAC)and attribute-based access control(ABAC),and propose a trusted Energy Internet fine-grained access control model based on devices'attribute and users'roles.We have not only achieved fine-grained Energy Internet resource allocation,but also ensured that the access control process is related to the security status of the environment in real time.Experimental results show that the access control model can safely and accurately execute access decisions in the Energy Internet scenario,and the processing performance is more stable.