With the rapid development of intelligent cyber-physical systems(ICPS),diverse services with varying Quality of Service(QoS)requirements have brought great challenges to traditional network resource allocation.Further...With the rapid development of intelligent cyber-physical systems(ICPS),diverse services with varying Quality of Service(QoS)requirements have brought great challenges to traditional network resource allocation.Furthermore,given the open environment and a multitude of devices,enhancing the security of ICPS is an urgent concern.To address these issues,this paper proposes a novel trusted virtual network embedding(T-VNE)approach for ICPS based combining blockchain and edge computing technologies.Additionally,the proposed algorithm leverages a deep reinforcement learning(DRL)model to optimize decision-making processes.It employs the policygradient-based agent to compute candidate embedding nodes and utilizes a breadth-first search(BFS)algorithm to determine the optimal embedding paths.Finally,through simulation experiments,the efficacy of the proposed method was validated,demonstrating outstanding performance in terms of security,revenue generation,and virtual network request(VNR)acceptance rate.展开更多
GS1 is an international standards organization,which focuses on product identification and product data,helping businesses and governments to improve commerce and supply chain.Why trusted data is essential to high-qua...GS1 is an international standards organization,which focuses on product identification and product data,helping businesses and governments to improve commerce and supply chain.Why trusted data is essential to high-quality development?More than 50 years ago,GS1 was initiated with the bar code,a profound transformation of the way we work and live.From then on,a simple scan connected a physical product to its digital identity.It transformed commerce,improving supply chains and enabling safer healthcare.Collaboration between industry and governments,and a strong partnership with ISO and IEC laid the foundations for the global adoption of a common product identification over the past 50 years and all around the world.展开更多
In an era where artificial intelligence(AI)is permeating many aspects of scientific research activity,what science and technology(S&T)journals can do to uphold research integrity and secure scholarly quality?What ...In an era where artificial intelligence(AI)is permeating many aspects of scientific research activity,what science and technology(S&T)journals can do to uphold research integrity and secure scholarly quality?What kind of revolution is needed in such a rapidly drifting world to hold on to the essential value of science?展开更多
The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to exped...The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.展开更多
With the rapid development of digital technologies such as big data,cloud computing,and the Internet of Things(loT),data security and privacy protection have become the core challenges facing modern computing systems....With the rapid development of digital technologies such as big data,cloud computing,and the Internet of Things(loT),data security and privacy protection have become the core challenges facing modern computing systems.Traditional security mechanisms are difficult to effectively deal with advanced adversarial attacks due to their reliance on a centralized trust model.In this context,the Trusted Execution Environment(TEE),as a hardware-enabled secure isolation technology,offers a potential solution to protect sensitive computations and data.This paper systematically discusses TEE's technical principle,application status,and future development trend.First,the underlying architecture of TEE and its core characteristics,including isolation,integrity,and confidentiality,are analyzed.Secondly,practical application cases of TEE in fields such as finance,the IoT,artificial intelligence,and privacy computing are studied.Finally,the future development direction of TEE is prospected.展开更多
The year 2025 marks both the 25th anniversary of the Forum on China-Africa Cooperation(FOCAC)and the first year of implementation of the outcomes of the 2024 FOCAC Beijing Summit.Throughout the year,China has supporte...The year 2025 marks both the 25th anniversary of the Forum on China-Africa Cooperation(FOCAC)and the first year of implementation of the outcomes of the 2024 FOCAC Beijing Summit.Throughout the year,China has supported Africa in addressing historical injustices at diplomatic and political levels and firmly backed South Africa in hosting the G20 Leaders’Summit,further deepening China-Africa strategic mutual trust.展开更多
This mixed-methods study investigated how AI-enhanced English as a Foreign Language(EFL)learning environments influence students’psychological well-being through the mediating roles of motivation and language learnin...This mixed-methods study investigated how AI-enhanced English as a Foreign Language(EFL)learning environments influence students’psychological well-being through the mediating roles of motivation and language learning anxiety and the moderating role of trust.Participants were Chinese university students(N=310,62%female,mean age=18.9,SD=0.8),of whom 15 completed interviews to both add to and to clarify the evidence from the surveys.Structural equation modeling results revealed that AI use had significant indirect effects on well-being through increased motivation and reduced language learning anxiety.Trust in AI significantly moderated both paths,amplifying the motivational benefits and anxiety reduction associated with AI use.Thematic analysis supported these results,identifying three experiential themes:(1)motivational empowerment through personalization,(2)anxiety regulation through safe practice and feedback,and(3)trust as the emotional bridge between AI and well-being.The study extends AI psychology applications by empirically linking technology engagement with affective outcomes and underscores the need for human-centered and trust-enhancing design in AI-supported education.From these findings,we conclude that adaptive,transparent,and autonomy-supportive AI systems promote self-determined motivation,emotional safety,and overall psychological health among EFL learners.展开更多
This paper examines Hernán Díaz’s novel Trust (2022) through the lens of cultural deconstruction, analyzing how its four nested narratives systematically dismantle the American Dream ideology. The novel Bon...This paper examines Hernán Díaz’s novel Trust (2022) through the lens of cultural deconstruction, analyzing how its four nested narratives systematically dismantle the American Dream ideology. The novel Bonds and autobiography My Life collaboratively construct a financial myth portraying protagonist Andrew Bevel as an exemplar of self-made success. Subsequently, Ida’s Memoir exposes the subjective construction of history, declaring the American Dream’s bankruptcy at the epistemological level, while Mildred’s diary Futures deconstructs the myth from within by revealing that Bevel’s financial genius was built upon appropriation of his wife’s intellectual labor. This paper argues that Trust reveals the American Dream as an ideological illusion-narratively constructed, practically dependent on structural injustice, and essentially serving power reproduction.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like Chi...Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.展开更多
In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation...In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.展开更多
Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computi...Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.展开更多
Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch att...Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.展开更多
The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network...The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.展开更多
In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relation...In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.展开更多
Goud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation...Goud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation and scheduling are extremely important challenges in cloud infrastructure. Based on distributed agents, this paper presents trusted data acquisition mechanism for efficient scheduling cloud resources to satisfy various user requests. Our mechanism defines, collects and analyzes multiple key trust targets of cloud service resources based on historical information of servers in a cloud data center. As a result, using our trust computing mechanism, cloud providers can utilize their resources efficiently and also provide highly trusted resources and services to many users.展开更多
Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the...Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the application layer. Therefore, it is nec- essary to monitor whether or not awareness nodes are trusted in real time, but the existing mechanisms for trusted certification lack the real-time measurement and tracking of the sensing node. To solve the above problems, this paper proposes a dynamic metric based authentication mechanism for sensing nodes of Internet of things. Firstly, the dynamic trustworthiness measure of the sensing nodes is carried out by introducing the computational function such as the trust function, the trust- worthiness risk assessment function, the feed- back control function and the active function of the sensing node. The dynamic trustworthi- ness measure of sensing nodes from multiple dimensions can effectively describe the change of trusted value of sensing nodes. Then, on the basis of this, a trusted attestation based on node trusted measure is realized by using the revocable group signature mechanism of local verifier. The mechanism has anonymity, un- forgeability and traceability, which is proved the security in the standard model. Simulationexperiments show that the proposed trusted attestation mechanism is flexible, practical and ef|Scient and has better attack resistance. It can effectively guarantee the reliable data transmission of nodes and realize the dynamic tracking of node reliability, which has a lower impact on system performance.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of truste...Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.展开更多
基金supported by the National Natural Science Foundation of China under Grant 62471493supported by the Natural Science Foundation of Shandong Province under Grant ZR2023LZH017,ZR2024MF066。
文摘With the rapid development of intelligent cyber-physical systems(ICPS),diverse services with varying Quality of Service(QoS)requirements have brought great challenges to traditional network resource allocation.Furthermore,given the open environment and a multitude of devices,enhancing the security of ICPS is an urgent concern.To address these issues,this paper proposes a novel trusted virtual network embedding(T-VNE)approach for ICPS based combining blockchain and edge computing technologies.Additionally,the proposed algorithm leverages a deep reinforcement learning(DRL)model to optimize decision-making processes.It employs the policygradient-based agent to compute candidate embedding nodes and utilizes a breadth-first search(BFS)algorithm to determine the optimal embedding paths.Finally,through simulation experiments,the efficacy of the proposed method was validated,demonstrating outstanding performance in terms of security,revenue generation,and virtual network request(VNR)acceptance rate.
文摘GS1 is an international standards organization,which focuses on product identification and product data,helping businesses and governments to improve commerce and supply chain.Why trusted data is essential to high-quality development?More than 50 years ago,GS1 was initiated with the bar code,a profound transformation of the way we work and live.From then on,a simple scan connected a physical product to its digital identity.It transformed commerce,improving supply chains and enabling safer healthcare.Collaboration between industry and governments,and a strong partnership with ISO and IEC laid the foundations for the global adoption of a common product identification over the past 50 years and all around the world.
文摘In an era where artificial intelligence(AI)is permeating many aspects of scientific research activity,what science and technology(S&T)journals can do to uphold research integrity and secure scholarly quality?What kind of revolution is needed in such a rapidly drifting world to hold on to the essential value of science?
基金supported by State Grid Hebei Electric Power Co.,Ltd.Science and Technology Project,Research on Security Protection of Power Services Carried by 4G/5G Networks(Grant No.KJ2024-127).
文摘The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.
文摘With the rapid development of digital technologies such as big data,cloud computing,and the Internet of Things(loT),data security and privacy protection have become the core challenges facing modern computing systems.Traditional security mechanisms are difficult to effectively deal with advanced adversarial attacks due to their reliance on a centralized trust model.In this context,the Trusted Execution Environment(TEE),as a hardware-enabled secure isolation technology,offers a potential solution to protect sensitive computations and data.This paper systematically discusses TEE's technical principle,application status,and future development trend.First,the underlying architecture of TEE and its core characteristics,including isolation,integrity,and confidentiality,are analyzed.Secondly,practical application cases of TEE in fields such as finance,the IoT,artificial intelligence,and privacy computing are studied.Finally,the future development direction of TEE is prospected.
文摘The year 2025 marks both the 25th anniversary of the Forum on China-Africa Cooperation(FOCAC)and the first year of implementation of the outcomes of the 2024 FOCAC Beijing Summit.Throughout the year,China has supported Africa in addressing historical injustices at diplomatic and political levels and firmly backed South Africa in hosting the G20 Leaders’Summit,further deepening China-Africa strategic mutual trust.
文摘This mixed-methods study investigated how AI-enhanced English as a Foreign Language(EFL)learning environments influence students’psychological well-being through the mediating roles of motivation and language learning anxiety and the moderating role of trust.Participants were Chinese university students(N=310,62%female,mean age=18.9,SD=0.8),of whom 15 completed interviews to both add to and to clarify the evidence from the surveys.Structural equation modeling results revealed that AI use had significant indirect effects on well-being through increased motivation and reduced language learning anxiety.Trust in AI significantly moderated both paths,amplifying the motivational benefits and anxiety reduction associated with AI use.Thematic analysis supported these results,identifying three experiential themes:(1)motivational empowerment through personalization,(2)anxiety regulation through safe practice and feedback,and(3)trust as the emotional bridge between AI and well-being.The study extends AI psychology applications by empirically linking technology engagement with affective outcomes and underscores the need for human-centered and trust-enhancing design in AI-supported education.From these findings,we conclude that adaptive,transparent,and autonomy-supportive AI systems promote self-determined motivation,emotional safety,and overall psychological health among EFL learners.
文摘This paper examines Hernán Díaz’s novel Trust (2022) through the lens of cultural deconstruction, analyzing how its four nested narratives systematically dismantle the American Dream ideology. The novel Bonds and autobiography My Life collaboratively construct a financial myth portraying protagonist Andrew Bevel as an exemplar of self-made success. Subsequently, Ida’s Memoir exposes the subjective construction of history, declaring the American Dream’s bankruptcy at the epistemological level, while Mildred’s diary Futures deconstructs the myth from within by revealing that Bevel’s financial genius was built upon appropriation of his wife’s intellectual labor. This paper argues that Trust reveals the American Dream as an ideological illusion-narratively constructed, practically dependent on structural injustice, and essentially serving power reproduction.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
基金supported by the National Natural Science Foundation of China (Grant NO.61332019, NO.61402342, NO.61202387)the National Basic Research Program of China ("973" Program) (Grant No.2014CB340600)the National High–Tech Research and Development Program of China ("863" Program) (Grant No.2015AA016002)
文摘Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
基金This work was supported by the National Basic Research Pro-gram of China under Crant No.2007CB311100 Funds of Key Lab of Fujlan Province University Network Security and Cryp- toll1009+3 种基金 the National Science Foundation for Young Scholars of China under Crant No.61001091 Beijing Nature Science Foundation under Crant No. 4122012 "Next-Generation Broad-band Wireless Mobile Communication Network" National Sci-ence and Technology Major Special Issue Funding under Grant No. 2012ZX03002003 Funding Program for Academic tturmn Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of Chi-na.
文摘In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023) Network andInformation Security Key Laboratory Programof Ministry of Educa-tion of China
文摘Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.
基金Supported by the National High-TechnologyResearch and Development Programof China (2002AA1Z2101)
文摘Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.
基金ACKNOWLEDGMENT This work was supported by the National Basic Research Program of China (973 Project) (NO.2007CB311100), the National Science Foundation for Young Scholars of China (Grant No.61001091), Beijing Nature Science Foundation(No. 4122012), "next-generation broadband wireless mobile communication network" National Science and Technology major Special issue funding(No. 2012ZX03002003), Funding Program for Academic Human Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of China and the key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks(No.2013ZX03006001-005), the issue belongs to Major national science and technology projects.
文摘The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.
基金Supported by the National High-Technology Re-search and Development Program ( 863 Program)China(2004AA113020)
文摘In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.
基金supported by the National Basic Research Program of China (973 Program) (No. 2012CB821200 (2012CB821206))the National Nature Science Foundation of China (No.61003281, No.91024001 and No.61070142)+1 种基金Beijing Natural Science Foundation (Study on Internet Multi-mode Area Information Accurate Searching and Mining Based on Agent, No.4111002)the Chinese Universities Scientific Fund under Grant No.BUPT 2009RC0201
文摘Goud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation and scheduling are extremely important challenges in cloud infrastructure. Based on distributed agents, this paper presents trusted data acquisition mechanism for efficient scheduling cloud resources to satisfy various user requests. Our mechanism defines, collects and analyzes multiple key trust targets of cloud service resources based on historical information of servers in a cloud data center. As a result, using our trust computing mechanism, cloud providers can utilize their resources efficiently and also provide highly trusted resources and services to many users.
基金supported by the National Natural Science Foundation of China (The key trusted running technologies for the sensing nodes in Internet of things: 61501007, The research of the trusted and security environment for high energy physics scientific computing system: 11675199)General Project of science and technology project of Beijing Municipal Education Commission: KM201610005023+2 种基金the outstanding personnel training program of Beijing municipal Party Committee Organization Department (The Research of Trusted Computing environment for Internet of things in Smart City: 2014000020124G041)The key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks (No.2013ZX03006001-005)the issue belongs to Major national science and technology projects
文摘Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the application layer. Therefore, it is nec- essary to monitor whether or not awareness nodes are trusted in real time, but the existing mechanisms for trusted certification lack the real-time measurement and tracking of the sensing node. To solve the above problems, this paper proposes a dynamic metric based authentication mechanism for sensing nodes of Internet of things. Firstly, the dynamic trustworthiness measure of the sensing nodes is carried out by introducing the computational function such as the trust function, the trust- worthiness risk assessment function, the feed- back control function and the active function of the sensing node. The dynamic trustworthi- ness measure of sensing nodes from multiple dimensions can effectively describe the change of trusted value of sensing nodes. Then, on the basis of this, a trusted attestation based on node trusted measure is realized by using the revocable group signature mechanism of local verifier. The mechanism has anonymity, un- forgeability and traceability, which is proved the security in the standard model. Simulationexperiments show that the proposed trusted attestation mechanism is flexible, practical and ef|Scient and has better attack resistance. It can effectively guarantee the reliable data transmission of nodes and realize the dynamic tracking of node reliability, which has a lower impact on system performance.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金Supported by the National Natural Science Foun-dation of China (60373054)
文摘Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.
