Global security threats have motivated organizations to adopt robust and reliable security systems to ensure the safety of individuals and assets.Biometric authentication systems offer a strong solution.However,choosi...Global security threats have motivated organizations to adopt robust and reliable security systems to ensure the safety of individuals and assets.Biometric authentication systems offer a strong solution.However,choosing the best security system requires a structured decision-making framework,especially in complex scenarios involving multiple criteria.To address this problem,we develop a novel quantum spherical fuzzy technique for order preference by similarity to ideal solution(QSF-TOPSIS)methodology,integrating quantum mechanics principles and fuzzy theory.The proposed approach enhances decision-making accuracy,handles uncertainty,and incorporates criteria relationships.Criteria weights are determined using spherical fuzzy sets,and alternatives are ranked through the QSFTOPSIS framework.This comprehensive multi-criteria decision-making(MCDM)approach is applied to identify the optimal gate security system for an organization,considering critical factors such as accuracy,cost,and reliability.Additionally,the study compares the proposed approach with other established MCDM methods.The results confirm the alignment of rankings across these methods,demonstrating the robustness and reliability of the QSF-TOPSIS framework.The study identifies the infrared recognition and identification system(IRIS)as the most effective,with a score value of 0.5280 and optimal security system among the evaluated alternatives.This research contributes to the growing literature on quantum-enhanced decision-making models and offers a practical framework for solving complex,real-world problems involving uncertainty and ambiguity.展开更多
B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maint...B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maintenance and service costs of stand-alone embedded systems can be reduced when they can be展开更多
B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later secti...B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later sections. Communication networks for industrial automation are typically built in hierarchi-展开更多
D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sen...D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sensors,meters,and actuators.A large number of specialized and partly proprietary commu- nication systems,media,and protocols can be found on this level.Most were developed at a time when security issues were of lesser con- cern than today,and when no practical secu- rity measures were available.展开更多
E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost,...E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost, real-time performance, power consumption, and other constraints which are even more demanding than in large workstations. A reference discusses these aspects with the example of a thermostat con-展开更多
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ...Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.展开更多
Environmental protection requires identifying,investigating,and raising awareness about safeguarding nature from the harmful effects of both anthropogenic and natural events.This process of environmental protection is...Environmental protection requires identifying,investigating,and raising awareness about safeguarding nature from the harmful effects of both anthropogenic and natural events.This process of environmental protection is essential for maintaining human well-being.In this context,it is critical to monitor and safeguard the personal environment,which includes maintaining a healthy diet and ensuring plant safety.Living in a balanced environment and ensuring the safety of plants for green spaces and a healthy diet require controlling the nature and quality of the soil in our environment.To ensure soil quality,it is imperative to monitor and assess the levels of various soil parameters.Therefore,an Optimized Reduced Kernel Partial Least Squares(ORKPLS)method is proposed to monitor and control soil parameters.This approach is designed to detect increases or deviations in soil parameter quantities.A Tabu search approach was used to select the appropriate kernel parameter.Subsequently,soil analyses were conducted to evaluate the performance of the developed techniques.The simulation results were analyzed and compared.Through this study,deficiencies or exceedances in soil parameter quantities can be identified.The proposed method involves determining whether each soil parameter falls within a normal range.This allows for the assessment of soil parameter conditions based on the principle of fault detection.展开更多
Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new m...Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.展开更多
Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdi...Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.展开更多
The virtual machine of code mechanism (VMCM) as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS (micro-electromechanical systems) security device for high c...The virtual machine of code mechanism (VMCM) as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS (micro-electromechanical systems) security device for high consequence systems. Based on a study of the running condition of physical code mechanism, VMCM's configuration, ternary encoding method, running action and logic are derived. The cases of multi-level code mechanism are designed and verified with the VMCM method, showing that the presented method is effective.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
Cloud computing is the new norm within business entities as businesses try to keep up with technological advancements and user needs. The concept is defined as a computing environment allowing for remote outsourcing o...Cloud computing is the new norm within business entities as businesses try to keep up with technological advancements and user needs. The concept is defined as a computing environment allowing for remote outsourcing of storage and computing resources. A hybrid cloud environment is an excellent example of cloud computing. Specifically, the hybrid system provides organizations with increased scalability and control over their data and support for a remote workforce. However, hybrid cloud systems are expensive as organizations operate different infrastructures while introducing complexity to the organization’s activities. Data security is critical among the most vital concerns that have resulted from the use of cloud computing, thus, affecting the rate of user adoption and acceptance. This article, borrowing from the hybrid cloud computing system, recommends combining traditional and modern data security systems. Traditional data security systems have proven effective in their respective roles, with the main challenge arising from their recognition of context and connectivity. Therefore, integrating traditional and modern designs is recommended to enhance effectiveness, context, connectivity, and efficiency.展开更多
To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own ...To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation. The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains. The security assertion markup language (SAML) assertion is used as security token in the system for authentication, authorization, and identity federation. The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider' s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.展开更多
Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using ma...Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using machine learning and deep learning.The significant advantage of deep learning is that it is highly efficient,but it needs a large training time with a lot of data.Therefore,in this paper,we present a new feature reduction strategy based on Distributed Cumulative Histograms(DCH)to distinguish between dataset features to locate the most effective features.Cumulative histograms assess the dataset instance patterns of the applied features to identify the most effective attributes that can significantly impact the classification results.Three different models for detecting attacks using Convolutional Neural Network(CNN)and Long Short-Term Memory Network(LSTM)are also proposed.The accuracy test of attack detection using the hybrid model was 98.96%on the UNSW-NP15 dataset.The proposed model is compared with wrapper-based and filter-based Feature Selection(FS)models.The proposed model reduced classification time and increased detection accuracy.展开更多
Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national an...Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.展开更多
IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted...IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted by IoT devices.The application of physical unclonable functions(PUFs)ensures secure data transmission among the internet of things(IoT)devices in a simplified network with an efficient time-stamped agreement.This paper proposes a secure,lightweight,cost-efficient reinforcement machine learning framework(SLCR-MLF)to achieve decentralization and security,thus enabling scalability,data integrity,and optimized processing time in IoT devices.PUF has been integrated into SLCR-MLF to improve the security of the cluster head node in the IoT platform during transmission by providing the authentication service for device-to-device communication.An IoT network gathers information of interest from multiple cluster members selected by the proposed framework.In addition,the software-defined secured(SDS)technique is integrated with SLCR-MLF to improve data integrity and optimize processing time in the IoT platform.Simulation analysis shows that the proposed framework outperforms conventional methods regarding the network’s lifetime,energy,secured data retrieval rate,and performance ratio.By enabling the proposed framework,number of residual nodes is reduced to 16%,energy consumption is reduced by up to 50%,almost 30%improvement in data retrieval rate,and network lifetime is improved by up to 1000 msec.展开更多
This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention...This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention on three aspects:(i)application of control and detection uni ed framework to enhancing the diagnosis capability of feedback control systems,(ii)projection-based fault detection,and complementary and explainable applications of projection-and machine learning-based techniques,and(iii)system performance degradation detection that is of elemental importance for today's automatic control systems.Some ideas and conceptual schemes are presented and illustrated by means of examples,serving as convincing arguments for research e orts in these aspects.They would contribute to the future development of capable diagnosis systems for functionality safe and cyber secure automatic control systems.展开更多
Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)de...Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)devices,the widespread emergence of electronic medical records(EMR),and the rapid progress of cloud computing and artificial intelli-gence provide an opportunity to collect healthcare big data throughout the lifespan and analyze the disease risk at all stages of life.Thus,the focus of precision medicine is shift-ing from treatment toward prediction and prevention,i.e.,precision health.To this end,various types of data such as omics,imaging,EMR,continuous physiological monitoring,lifestyle,and environmental information,need to be collected,tracked,managed and shared.Thus,internet-of-medical things(IoMT)is crucial for assimilating the health systems,appli-cations,services,and devices that can improve the speed and accuracy of diagnosis and treatments along with real-time monitoring and modification of patient behavior as well as health status.However,security has emerged as a growing concern owing to the prolifera-tion of IoMT devices.The increasing interconnectivity of IoMT-enabled devices with health data reception,transmission,and processing significantly increases the number of potential vulnerabilities within a system.To address the security issues of precision health in IoMT systems,this study reviews the state-of-the-art techniques and schemes from the perspective of a hierarchical system architecture.We present an IoMT system model comprising three layers:the sensing layer,network layer,and cloud infrastructure layer.In particular,we dis-cuss the vulnerabilities and threats to security in each layer and review the existing security techniques and schemes corresponding to the system components along with their function-alities.Owing to the unique nature of biometric features in medical and health services,we highlight the biometrics-based technologies applied in IoMT systems,which contribute toward a considerable difference between the security solutions of existing IoT systems.Fur-thermore,we summarize the challenges and future research directions of IoMT systems to ensure an improved and more secure future of precision health.展开更多
An optical phased array(OPA)featuring all-solid-state beam steering is a promising component for light detection and ranging(LiDAR).There exists an increasing demand for panoramic perception and rapid target recogniti...An optical phased array(OPA)featuring all-solid-state beam steering is a promising component for light detection and ranging(LiDAR).There exists an increasing demand for panoramic perception and rapid target recognition in intricate LiDAR applications,such as security systems and self-driving vehicles.However,the majority of existing OPA approaches suffer from limitations in field of view(FOV)and do not explore parallel scanning,thus restricting their potential utility.Here,we combine a two-dimensional(2D)grating with an FOV-synthetization concept to design a silicon-based top-facing OPA for realizing a wide cone-shaped 360°FOV.By utilizing four OPA units sharing the 2D grating as a single emitter,four laser beams are simultaneously emitted upwards and manipulated to scan distinct regions,demonstrating seamless beam steering within the lateral 360°range.Furthermore,a frequency-modulated dissipative Kerr-soliton(DKS)microcomb is applied to the proposed multi-beam OPA,exhibiting its capability in large-scale parallel multi-target coherent detection.The comb lines are spatially dispersed with a 2D grating and separately measure distances and velocities in parallel,significantly enhancing the parallelism.The results showcase a ranging precision of 1 cm and velocimetry errors of less than 0.5 cm/s.This approach provides an alternative solution for LiDAR with an ultra-wide FOV and massively parallel multi-target detection capability.展开更多
文摘Global security threats have motivated organizations to adopt robust and reliable security systems to ensure the safety of individuals and assets.Biometric authentication systems offer a strong solution.However,choosing the best security system requires a structured decision-making framework,especially in complex scenarios involving multiple criteria.To address this problem,we develop a novel quantum spherical fuzzy technique for order preference by similarity to ideal solution(QSF-TOPSIS)methodology,integrating quantum mechanics principles and fuzzy theory.The proposed approach enhances decision-making accuracy,handles uncertainty,and incorporates criteria relationships.Criteria weights are determined using spherical fuzzy sets,and alternatives are ranked through the QSFTOPSIS framework.This comprehensive multi-criteria decision-making(MCDM)approach is applied to identify the optimal gate security system for an organization,considering critical factors such as accuracy,cost,and reliability.Additionally,the study compares the proposed approach with other established MCDM methods.The results confirm the alignment of rankings across these methods,demonstrating the robustness and reliability of the QSF-TOPSIS framework.The study identifies the infrared recognition and identification system(IRIS)as the most effective,with a score value of 0.5280 and optimal security system among the evaluated alternatives.This research contributes to the growing literature on quantum-enhanced decision-making models and offers a practical framework for solving complex,real-world problems involving uncertainty and ambiguity.
文摘B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maintenance and service costs of stand-alone embedded systems can be reduced when they can be
文摘B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later sections. Communication networks for industrial automation are typically built in hierarchi-
文摘D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sensors,meters,and actuators.A large number of specialized and partly proprietary commu- nication systems,media,and protocols can be found on this level.Most were developed at a time when security issues were of lesser con- cern than today,and when no practical secu- rity measures were available.
文摘E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost, real-time performance, power consumption, and other constraints which are even more demanding than in large workstations. A reference discusses these aspects with the example of a thermostat con-
基金the Science and Technology Innovation Program of Shanghai Science and Technology Commit-tee(No.19511103500)。
文摘Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.
基金supported by the Deputyship for Research and Innovation,Ministry of Education in Saudi Arabia for funding this research work through the project number(0226-1443-S).
文摘Environmental protection requires identifying,investigating,and raising awareness about safeguarding nature from the harmful effects of both anthropogenic and natural events.This process of environmental protection is essential for maintaining human well-being.In this context,it is critical to monitor and safeguard the personal environment,which includes maintaining a healthy diet and ensuring plant safety.Living in a balanced environment and ensuring the safety of plants for green spaces and a healthy diet require controlling the nature and quality of the soil in our environment.To ensure soil quality,it is imperative to monitor and assess the levels of various soil parameters.Therefore,an Optimized Reduced Kernel Partial Least Squares(ORKPLS)method is proposed to monitor and control soil parameters.This approach is designed to detect increases or deviations in soil parameter quantities.A Tabu search approach was used to select the appropriate kernel parameter.Subsequently,soil analyses were conducted to evaluate the performance of the developed techniques.The simulation results were analyzed and compared.Through this study,deficiencies or exceedances in soil parameter quantities can be identified.The proposed method involves determining whether each soil parameter falls within a normal range.This allows for the assessment of soil parameter conditions based on the principle of fault detection.
文摘Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.
文摘Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.
基金Project supported by High-Technology Research and Develop-ment Program of China (Grant No .863 -2003AA404210)
文摘The virtual machine of code mechanism (VMCM) as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS (micro-electromechanical systems) security device for high consequence systems. Based on a study of the running condition of physical code mechanism, VMCM's configuration, ternary encoding method, running action and logic are derived. The cases of multi-level code mechanism are designed and verified with the VMCM method, showing that the presented method is effective.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘Cloud computing is the new norm within business entities as businesses try to keep up with technological advancements and user needs. The concept is defined as a computing environment allowing for remote outsourcing of storage and computing resources. A hybrid cloud environment is an excellent example of cloud computing. Specifically, the hybrid system provides organizations with increased scalability and control over their data and support for a remote workforce. However, hybrid cloud systems are expensive as organizations operate different infrastructures while introducing complexity to the organization’s activities. Data security is critical among the most vital concerns that have resulted from the use of cloud computing, thus, affecting the rate of user adoption and acceptance. This article, borrowing from the hybrid cloud computing system, recommends combining traditional and modern data security systems. Traditional data security systems have proven effective in their respective roles, with the main challenge arising from their recognition of context and connectivity. Therefore, integrating traditional and modern designs is recommended to enhance effectiveness, context, connectivity, and efficiency.
基金The National Natural Science Foundation of China(No60673054)
文摘To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation. The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains. The security assertion markup language (SAML) assertion is used as security token in the system for authentication, authorization, and identity federation. The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider' s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.
文摘Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using machine learning and deep learning.The significant advantage of deep learning is that it is highly efficient,but it needs a large training time with a lot of data.Therefore,in this paper,we present a new feature reduction strategy based on Distributed Cumulative Histograms(DCH)to distinguish between dataset features to locate the most effective features.Cumulative histograms assess the dataset instance patterns of the applied features to identify the most effective attributes that can significantly impact the classification results.Three different models for detecting attacks using Convolutional Neural Network(CNN)and Long Short-Term Memory Network(LSTM)are also proposed.The accuracy test of attack detection using the hybrid model was 98.96%on the UNSW-NP15 dataset.The proposed model is compared with wrapper-based and filter-based Feature Selection(FS)models.The proposed model reduced classification time and increased detection accuracy.
基金the Natural Science Foundation of Beijing (Grant No. 4052016)the National Natural Science Foundation of China (Grant No. 60573042)the National Grand Fundamental Research 973 Program of China (Grant No. G1999035802)
文摘Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.
文摘IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted by IoT devices.The application of physical unclonable functions(PUFs)ensures secure data transmission among the internet of things(IoT)devices in a simplified network with an efficient time-stamped agreement.This paper proposes a secure,lightweight,cost-efficient reinforcement machine learning framework(SLCR-MLF)to achieve decentralization and security,thus enabling scalability,data integrity,and optimized processing time in IoT devices.PUF has been integrated into SLCR-MLF to improve the security of the cluster head node in the IoT platform during transmission by providing the authentication service for device-to-device communication.An IoT network gathers information of interest from multiple cluster members selected by the proposed framework.In addition,the software-defined secured(SDS)technique is integrated with SLCR-MLF to improve data integrity and optimize processing time in the IoT platform.Simulation analysis shows that the proposed framework outperforms conventional methods regarding the network’s lifetime,energy,secured data retrieval rate,and performance ratio.By enabling the proposed framework,number of residual nodes is reduced to 16%,energy consumption is reduced by up to 50%,almost 30%improvement in data retrieval rate,and network lifetime is improved by up to 1000 msec.
文摘This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention on three aspects:(i)application of control and detection uni ed framework to enhancing the diagnosis capability of feedback control systems,(ii)projection-based fault detection,and complementary and explainable applications of projection-and machine learning-based techniques,and(iii)system performance degradation detection that is of elemental importance for today's automatic control systems.Some ideas and conceptual schemes are presented and illustrated by means of examples,serving as convincing arguments for research e orts in these aspects.They would contribute to the future development of capable diagnosis systems for functionality safe and cyber secure automatic control systems.
基金supported in part by the National Natural Science Foundation of China under Grants 62072451,62102409,and 62073310in part by the Shenzhen Science and Technology Program under Grant RCBS20210609104609044.
文摘Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)devices,the widespread emergence of electronic medical records(EMR),and the rapid progress of cloud computing and artificial intelli-gence provide an opportunity to collect healthcare big data throughout the lifespan and analyze the disease risk at all stages of life.Thus,the focus of precision medicine is shift-ing from treatment toward prediction and prevention,i.e.,precision health.To this end,various types of data such as omics,imaging,EMR,continuous physiological monitoring,lifestyle,and environmental information,need to be collected,tracked,managed and shared.Thus,internet-of-medical things(IoMT)is crucial for assimilating the health systems,appli-cations,services,and devices that can improve the speed and accuracy of diagnosis and treatments along with real-time monitoring and modification of patient behavior as well as health status.However,security has emerged as a growing concern owing to the prolifera-tion of IoMT devices.The increasing interconnectivity of IoMT-enabled devices with health data reception,transmission,and processing significantly increases the number of potential vulnerabilities within a system.To address the security issues of precision health in IoMT systems,this study reviews the state-of-the-art techniques and schemes from the perspective of a hierarchical system architecture.We present an IoMT system model comprising three layers:the sensing layer,network layer,and cloud infrastructure layer.In particular,we dis-cuss the vulnerabilities and threats to security in each layer and review the existing security techniques and schemes corresponding to the system components along with their function-alities.Owing to the unique nature of biometric features in medical and health services,we highlight the biometrics-based technologies applied in IoMT systems,which contribute toward a considerable difference between the security solutions of existing IoT systems.Fur-thermore,we summarize the challenges and future research directions of IoMT systems to ensure an improved and more secure future of precision health.
基金National Key Research and Development Program of China(2022YFA1404001)National Natural Science Foundation of China(62135004)Key Research and Development Program of Hubei Province(2021BAA005)。
文摘An optical phased array(OPA)featuring all-solid-state beam steering is a promising component for light detection and ranging(LiDAR).There exists an increasing demand for panoramic perception and rapid target recognition in intricate LiDAR applications,such as security systems and self-driving vehicles.However,the majority of existing OPA approaches suffer from limitations in field of view(FOV)and do not explore parallel scanning,thus restricting their potential utility.Here,we combine a two-dimensional(2D)grating with an FOV-synthetization concept to design a silicon-based top-facing OPA for realizing a wide cone-shaped 360°FOV.By utilizing four OPA units sharing the 2D grating as a single emitter,four laser beams are simultaneously emitted upwards and manipulated to scan distinct regions,demonstrating seamless beam steering within the lateral 360°range.Furthermore,a frequency-modulated dissipative Kerr-soliton(DKS)microcomb is applied to the proposed multi-beam OPA,exhibiting its capability in large-scale parallel multi-target coherent detection.The comb lines are spatially dispersed with a 2D grating and separately measure distances and velocities in parallel,significantly enhancing the parallelism.The results showcase a ranging precision of 1 cm and velocimetry errors of less than 0.5 cm/s.This approach provides an alternative solution for LiDAR with an ultra-wide FOV and massively parallel multi-target detection capability.
