为了满足5G垂直用户对于网络切片部署时细粒度安全隔离需求,同时兼顾用户的隔离需求和提高资源利用率,提出了一种基于改进BN模型的网络切片安全部署方法。首先提出了一种双层BN模型的网络切片部署架构,基于SBA(service based architectu...为了满足5G垂直用户对于网络切片部署时细粒度安全隔离需求,同时兼顾用户的隔离需求和提高资源利用率,提出了一种基于改进BN模型的网络切片安全部署方法。首先提出了一种双层BN模型的网络切片部署架构,基于SBA(service based architecture)设计了虚拟机容器的双层虚拟化架构,将网络切片根据其所属用户的隔离需求分配利益冲突类标签,基于改进的BN模型部署规则确定网络切片的隔离部署策略;然后将该部署方法建立为整数线性规划模型,并将部署成本作为目标函数,通过最小化目标函数实现低成本部署网络切片;最后使用遗传算法对该问题仿真求解。实验结果表明,该安全部署方法在满足网络切片安全隔离需求的前提下降低了部署成本。展开更多
为了桥接语义鸿沟,提升I/O性能,需要对执行不同类型负载的虚拟CPU(v CPU)采取不同的调度策略,故而虚拟CPU调度算法亟需优化。基于KVM虚拟化平台提出一种基于任务分类的虚拟CPU调度模型STC(virtual CPU scheduler based on task classifi...为了桥接语义鸿沟,提升I/O性能,需要对执行不同类型负载的虚拟CPU(v CPU)采取不同的调度策略,故而虚拟CPU调度算法亟需优化。基于KVM虚拟化平台提出一种基于任务分类的虚拟CPU调度模型STC(virtual CPU scheduler based on task classification),它将虚拟CPU(v CPU)和物理CPU分别分为两个类型,分别为short v CPU和long v CPU,以及short CPU和long CPU,不同类型的v CPU分配至对应类型的物理CPU上执行。同时,基于机器学习理论,STC构建分类器,通过提取任务行为特征将任务分为两类,I/O密集型的任务分配至short v CPU上,而计算密集型任务则分配至long v CPU上。STC在保证计算性能的基础上,提高了I/O的响应速度。实验结果表明,STC与系统默认的CFS相比,网络延时降低18%,网络吞吐率提高17%~25%,并且保证了整个系统的资源共享公平性。展开更多
5G provides a unified authentication architecture and access management for IoT(Internet of Things)devices.But existing authentication services cannot cover massive IoT devices with various computing capabilities.In a...5G provides a unified authentication architecture and access management for IoT(Internet of Things)devices.But existing authentication services cannot cover massive IoT devices with various computing capabilities.In addition,with the development of quantum computing,authentication schemes based on traditional digital signature technology may not be as secure as we expected.This paper studies the authentication mechanism from the user equipment to the external data network in 5G and proposed an authentication protocol prototype that conforms to the Third Generation Partnership Program(3GPP)standard.This prototype can accommodate various Hash-based signature technologies,applying their advantages in resource consumption to meet the authentication requirements of multiple types of IoT devices.The operation of the proposed authentication scheme is mainly based on the Hash function,which is more efficient than the traditional authentication scheme.It provides flexible and high-quality authentication services for IoT devices cluster in the 5G environment combining the advantages of Hash-based signature technology and 5G architecture.展开更多
文摘为了满足5G垂直用户对于网络切片部署时细粒度安全隔离需求,同时兼顾用户的隔离需求和提高资源利用率,提出了一种基于改进BN模型的网络切片安全部署方法。首先提出了一种双层BN模型的网络切片部署架构,基于SBA(service based architecture)设计了虚拟机容器的双层虚拟化架构,将网络切片根据其所属用户的隔离需求分配利益冲突类标签,基于改进的BN模型部署规则确定网络切片的隔离部署策略;然后将该部署方法建立为整数线性规划模型,并将部署成本作为目标函数,通过最小化目标函数实现低成本部署网络切片;最后使用遗传算法对该问题仿真求解。实验结果表明,该安全部署方法在满足网络切片安全隔离需求的前提下降低了部署成本。
文摘为了桥接语义鸿沟,提升I/O性能,需要对执行不同类型负载的虚拟CPU(v CPU)采取不同的调度策略,故而虚拟CPU调度算法亟需优化。基于KVM虚拟化平台提出一种基于任务分类的虚拟CPU调度模型STC(virtual CPU scheduler based on task classification),它将虚拟CPU(v CPU)和物理CPU分别分为两个类型,分别为short v CPU和long v CPU,以及short CPU和long CPU,不同类型的v CPU分配至对应类型的物理CPU上执行。同时,基于机器学习理论,STC构建分类器,通过提取任务行为特征将任务分为两类,I/O密集型的任务分配至short v CPU上,而计算密集型任务则分配至long v CPU上。STC在保证计算性能的基础上,提高了I/O的响应速度。实验结果表明,STC与系统默认的CFS相比,网络延时降低18%,网络吞吐率提高17%~25%,并且保证了整个系统的资源共享公平性。
文摘5G provides a unified authentication architecture and access management for IoT(Internet of Things)devices.But existing authentication services cannot cover massive IoT devices with various computing capabilities.In addition,with the development of quantum computing,authentication schemes based on traditional digital signature technology may not be as secure as we expected.This paper studies the authentication mechanism from the user equipment to the external data network in 5G and proposed an authentication protocol prototype that conforms to the Third Generation Partnership Program(3GPP)standard.This prototype can accommodate various Hash-based signature technologies,applying their advantages in resource consumption to meet the authentication requirements of multiple types of IoT devices.The operation of the proposed authentication scheme is mainly based on the Hash function,which is more efficient than the traditional authentication scheme.It provides flexible and high-quality authentication services for IoT devices cluster in the 5G environment combining the advantages of Hash-based signature technology and 5G architecture.