The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,bi...The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.展开更多
As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial c...As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a seriou...The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.展开更多
As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this pa...As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.展开更多
With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 pre...With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.展开更多
Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware deci...Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.展开更多
More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 sy...More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.展开更多
Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper o...Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper offers an extensive review of IoT security,emphasizing the technology’s architecture,important security elements,and common attacks.It highlights how important artificial intelligence(AI)is to bolstering IoT security,especially when it comes to addressing risks at different IoT architecture layers.We systematically examined current mitigation strategies and their effectiveness,highlighting contemporary challenges with practical solutions and case studies from a range of industries,such as healthcare,smart homes,and industrial IoT.Our results highlight the importance of AI methods that are lightweight and improve security without compromising the limited resources of devices and computational capability.IoT networks can ensure operational efficiency and resilience by proactively identifying and countering security risks by utilizing machine learning capabilities.This study provides a comprehensive guide for practitioners and researchers aiming to understand the intricate connection between IoT,security challenges,and AI-driven solutions.展开更多
Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethe...Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.展开更多
This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level securi...This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level security(MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework,and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on Virt-BLP model,while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present,our MAC framework fills the blank by applying Virt-BLP model to Xen,which is better than current researches to guarantee the security of communication between virtual machines(VMs) . The experimental results show that our MAC framework is effective to manage the communication between VMs.展开更多
Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchai...Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.展开更多
At present,there are few security models which control the communication between virtual machines(VMs).Moreover,these models are not applicable to multi-level security(MLS).In order to implement mandatory access contr...At present,there are few security models which control the communication between virtual machines(VMs).Moreover,these models are not applicable to multi-level security(MLS).In order to implement mandatory access control(MAC)and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control(DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.展开更多
Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite netwo...Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.展开更多
With the construction of the power Internet of Things(IoT),communication between smart devices in urban distribution networks has been gradually moving towards high speed,high compatibility,and low latency,which provi...With the construction of the power Internet of Things(IoT),communication between smart devices in urban distribution networks has been gradually moving towards high speed,high compatibility,and low latency,which provides reliable support for reconfiguration optimization in urban distribution networks.Thus,this study proposed a deep reinforcement learning based multi-level dynamic reconfiguration method for urban distribution networks in a cloud-edge collaboration architecture to obtain a real-time optimal multi-level dynamic reconfiguration solution.First,the multi-level dynamic reconfiguration method was discussed,which included feeder-,transformer-,and substation-levels.Subsequently,the multi-agent system was combined with the cloud-edge collaboration architecture to build a deep reinforcement learning model for multi-level dynamic reconfiguration in an urban distribution network.The cloud-edge collaboration architecture can effectively support the multi-agent system to conduct“centralized training and decentralized execution”operation modes and improve the learning efficiency of the model.Thereafter,for a multi-agent system,this study adopted a combination of offline and online learning to endow the model with the ability to realize automatic optimization and updation of the strategy.In the offline learning phase,a Q-learning-based multi-agent conservative Q-learning(MACQL)algorithm was proposed to stabilize the learning results and reduce the risk of the next online learning phase.In the online learning phase,a multi-agent deep deterministic policy gradient(MADDPG)algorithm based on policy gradients was proposed to explore the action space and update the experience pool.Finally,the effectiveness of the proposed method was verified through a simulation analysis of a real-world 445-node system.展开更多
This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It i...This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It includes an introduction to the functions and information security of autonomous driving SoCs,as well as the main design strategies for the collaborative prevention and control mechanism of SoC functional safety and information security in autonomous driving.The research shows that in the field of autonomous driving,there is a close connection between the functional safety of SoCs and their information security.In the design of the safety collaborative protection mechanism,the overall collaborative protection architecture,SoC functional safety protection mechanism,information security protection mechanism,the workflow of the collaborative protection mechanism,and its strategies are all key design elements.It is hoped that this analysis can provide some references for the collaborative protection of SoC functional safety and information security in the field of autonomous driving,so as to improve the safety of autonomous driving technology and meet its practical application requirements.展开更多
The blockchain trilemma—balancing decentralization,security,and scalability—remains a critical challenge in distributed ledger technology.Despite significant advancements,achieving all three attributes simultaneousl...The blockchain trilemma—balancing decentralization,security,and scalability—remains a critical challenge in distributed ledger technology.Despite significant advancements,achieving all three attributes simultaneously continues to elude most blockchain systems,often forcing trade-offs that limit their real-world applicability.This review paper synthesizes current research efforts aimed at resolving the trilemma,focusing on innovative consensus mechanisms,sharding techniques,layer-2 protocols,and hybrid architectural models.We critically analyze recent breakthroughs,including Directed Acyclic Graph(DAG)-based structures,cross-chain interoperability frameworks,and zero-knowledge proof(ZKP)enhancements,which aimto reconcile scalability with robust security and decentralization.Furthermore,we evaluate the trade-offs inherent in these approaches,highlighting their practical implications for enterprise adoption,decentralized finance(DeFi),and Web3 ecosystems.By mapping the evolving landscape of solutions,this review identifies gaps in currentmethodologies and proposes future research directions,such as adaptive consensus algorithms and artificial intelligence-driven(AI-driven)governance models.Our analysis underscores that while no universal solution exists,interdisciplinary innovations are progressively narrowing the trilemma’s constraints,paving the way for next-generation blockchain infrastructures.展开更多
Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a...Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.展开更多
Existing glass segmentation networks have high computational complexity and large memory occupation,leading to high hardware requirements and time overheads for model inference,which is not conducive to efficiency-see...Existing glass segmentation networks have high computational complexity and large memory occupation,leading to high hardware requirements and time overheads for model inference,which is not conducive to efficiency-seeking real-time tasks such as autonomous driving.The inefficiency of the models is mainly due to employing homogeneous modules to process features of different layers.These modules require computationally intensive convolutions and weight calculation branches with numerous parameters to accommodate the differences in information across layers.We propose an efficient glass segmentation network(EGSNet)based on multi-level heterogeneous architecture and boundary awareness to balance the model performance and efficiency.EGSNet divides the feature layers from different stages into low-level understanding,semantic-level understanding,and global understanding with boundary guidance.Based on the information differences among the different layers,we further propose the multi-angle collaborative enhancement(MCE)module,which extracts the detailed information from shallow features,and the large-scale contextual feature extraction(LCFE)module to understand semantic logic through deep features.The models are trained and evaluated on the glass segmentation datasets HSO(Home-Scene-Oriented)and Trans10k-stuff,respectively,and EGSNet achieves the best efficiency and performance compared to advanced methods.In the HSO test set results,the IoU,Fβ,MAE(Mean Absolute Error),and BER(Balance Error Rate)of EGSNet are 0.804,0.847,0.084,and 0.085,and the GFLOPs(Giga Floating Point Operations Per Second)are only 27.15.Experimental results show that EGSNet significantly improves the efficiency of the glass segmentation task with better performance.展开更多
Since the 1970s, according to the international pension system reform trend for old-age social security system, no single institutional arrangement can ensure the functions of endowment security system to achieve the ...Since the 1970s, according to the international pension system reform trend for old-age social security system, no single institutional arrangement can ensure the functions of endowment security system to achieve the optimal.Therefore,how to based on the present situation of development, and to accurately, thus promote the resources integration, comprehensive build multi-level old-age security system, has important policy and practice significance.展开更多
基金Supported by Key Scientific Research Foundation of Southwest Forestry University(110809)~~
文摘The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.
文摘As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
基金supported in part by the following grants:National Science Foundation of China(Grant No.61272400)Chongqing Innovative Team Fund for College Development Project(Grant No.KJTD201310)+3 种基金Chongqing Youth Innovative Talent Project(Grant No.cstc2013kjrc-qnrc40004)Science and Technology Research Program of the Chongqing Municipal Education Committee(Grant No.KJ1500425)Foundation of CQUPT(Grant No.WF201403)Chongqing Graduate Research and Innovation Project(Grant No.CYS14146)
文摘The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.
文摘As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.
文摘With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No.61521003)the National Key R&D Program of China (No.2016YFB0800100,No.2016YFB0800101)the National Natural Science Foundation of China (No.61602509)
文摘Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.
文摘More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.
文摘Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper offers an extensive review of IoT security,emphasizing the technology’s architecture,important security elements,and common attacks.It highlights how important artificial intelligence(AI)is to bolstering IoT security,especially when it comes to addressing risks at different IoT architecture layers.We systematically examined current mitigation strategies and their effectiveness,highlighting contemporary challenges with practical solutions and case studies from a range of industries,such as healthcare,smart homes,and industrial IoT.Our results highlight the importance of AI methods that are lightweight and improve security without compromising the limited resources of devices and computational capability.IoT networks can ensure operational efficiency and resilience by proactively identifying and countering security risks by utilizing machine learning capabilities.This study provides a comprehensive guide for practitioners and researchers aiming to understand the intricate connection between IoT,security challenges,and AI-driven solutions.
文摘Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.
基金supported by National Key Basic Research and Development Plan (973 Plan) of China (No. 2007CB310900)National Natural Science Foundation of China (No. 90612018, 90715030 and 60970008)
文摘This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level security(MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework,and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on Virt-BLP model,while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present,our MAC framework fills the blank by applying Virt-BLP model to Xen,which is better than current researches to guarantee the security of communication between virtual machines(VMs) . The experimental results show that our MAC framework is effective to manage the communication between VMs.
文摘Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.
基金Acknowledgements This work was supported by National Key Basic Research and Development Plan(973 Plan)of China(No.2007CB310900)National Natural Science Foundation of China(No.90612018,90715030 and 60970008).
文摘At present,there are few security models which control the communication between virtual machines(VMs).Moreover,these models are not applicable to multi-level security(MLS).In order to implement mandatory access control(MAC)and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control(DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.
文摘Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.
基金supported by the National Natural Science Foundation of China under Grant 52077146.
文摘With the construction of the power Internet of Things(IoT),communication between smart devices in urban distribution networks has been gradually moving towards high speed,high compatibility,and low latency,which provides reliable support for reconfiguration optimization in urban distribution networks.Thus,this study proposed a deep reinforcement learning based multi-level dynamic reconfiguration method for urban distribution networks in a cloud-edge collaboration architecture to obtain a real-time optimal multi-level dynamic reconfiguration solution.First,the multi-level dynamic reconfiguration method was discussed,which included feeder-,transformer-,and substation-levels.Subsequently,the multi-agent system was combined with the cloud-edge collaboration architecture to build a deep reinforcement learning model for multi-level dynamic reconfiguration in an urban distribution network.The cloud-edge collaboration architecture can effectively support the multi-agent system to conduct“centralized training and decentralized execution”operation modes and improve the learning efficiency of the model.Thereafter,for a multi-agent system,this study adopted a combination of offline and online learning to endow the model with the ability to realize automatic optimization and updation of the strategy.In the offline learning phase,a Q-learning-based multi-agent conservative Q-learning(MACQL)algorithm was proposed to stabilize the learning results and reduce the risk of the next online learning phase.In the online learning phase,a multi-agent deep deterministic policy gradient(MADDPG)algorithm based on policy gradients was proposed to explore the action space and update the experience pool.Finally,the effectiveness of the proposed method was verified through a simulation analysis of a real-world 445-node system.
文摘This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It includes an introduction to the functions and information security of autonomous driving SoCs,as well as the main design strategies for the collaborative prevention and control mechanism of SoC functional safety and information security in autonomous driving.The research shows that in the field of autonomous driving,there is a close connection between the functional safety of SoCs and their information security.In the design of the safety collaborative protection mechanism,the overall collaborative protection architecture,SoC functional safety protection mechanism,information security protection mechanism,the workflow of the collaborative protection mechanism,and its strategies are all key design elements.It is hoped that this analysis can provide some references for the collaborative protection of SoC functional safety and information security in the field of autonomous driving,so as to improve the safety of autonomous driving technology and meet its practical application requirements.
文摘The blockchain trilemma—balancing decentralization,security,and scalability—remains a critical challenge in distributed ledger technology.Despite significant advancements,achieving all three attributes simultaneously continues to elude most blockchain systems,often forcing trade-offs that limit their real-world applicability.This review paper synthesizes current research efforts aimed at resolving the trilemma,focusing on innovative consensus mechanisms,sharding techniques,layer-2 protocols,and hybrid architectural models.We critically analyze recent breakthroughs,including Directed Acyclic Graph(DAG)-based structures,cross-chain interoperability frameworks,and zero-knowledge proof(ZKP)enhancements,which aimto reconcile scalability with robust security and decentralization.Furthermore,we evaluate the trade-offs inherent in these approaches,highlighting their practical implications for enterprise adoption,decentralized finance(DeFi),and Web3 ecosystems.By mapping the evolving landscape of solutions,this review identifies gaps in currentmethodologies and proposes future research directions,such as adaptive consensus algorithms and artificial intelligence-driven(AI-driven)governance models.Our analysis underscores that while no universal solution exists,interdisciplinary innovations are progressively narrowing the trilemma’s constraints,paving the way for next-generation blockchain infrastructures.
基金supported by NSFC (No.61672060)National High Technology Research and Development Program of China (863 Program, No.2015AA015701)
文摘Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.
文摘Existing glass segmentation networks have high computational complexity and large memory occupation,leading to high hardware requirements and time overheads for model inference,which is not conducive to efficiency-seeking real-time tasks such as autonomous driving.The inefficiency of the models is mainly due to employing homogeneous modules to process features of different layers.These modules require computationally intensive convolutions and weight calculation branches with numerous parameters to accommodate the differences in information across layers.We propose an efficient glass segmentation network(EGSNet)based on multi-level heterogeneous architecture and boundary awareness to balance the model performance and efficiency.EGSNet divides the feature layers from different stages into low-level understanding,semantic-level understanding,and global understanding with boundary guidance.Based on the information differences among the different layers,we further propose the multi-angle collaborative enhancement(MCE)module,which extracts the detailed information from shallow features,and the large-scale contextual feature extraction(LCFE)module to understand semantic logic through deep features.The models are trained and evaluated on the glass segmentation datasets HSO(Home-Scene-Oriented)and Trans10k-stuff,respectively,and EGSNet achieves the best efficiency and performance compared to advanced methods.In the HSO test set results,the IoU,Fβ,MAE(Mean Absolute Error),and BER(Balance Error Rate)of EGSNet are 0.804,0.847,0.084,and 0.085,and the GFLOPs(Giga Floating Point Operations Per Second)are only 27.15.Experimental results show that EGSNet significantly improves the efficiency of the glass segmentation task with better performance.
文摘Since the 1970s, according to the international pension system reform trend for old-age social security system, no single institutional arrangement can ensure the functions of endowment security system to achieve the optimal.Therefore,how to based on the present situation of development, and to accurately, thus promote the resources integration, comprehensive build multi-level old-age security system, has important policy and practice significance.
