Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of truste...Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.展开更多
This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the per...This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the perspective of blocking attacks. On this basis, the host protection mobile agent protection technology is selected, and a method to enhance the security protection of mobile agents (referred to as IEOP method) is proposed. The method first encrypts the mobile agent code using the encryption function, and then encapsulates the encrypted mobile agent with the improved EOP protocol IEOP, and then traces the suspicious execution result. Experiments show that using this method can block most malicious attacks on mobile agents, and can protect the integrity and confidentiality of mobile agents, but the increment of mobile agent tour time is not large.展开更多
To promote the ecological civilization has been determined as one of the significant agenda for China's development strategy. However, the shortfall of funding might hinder the progress. Therefore, new financing r...To promote the ecological civilization has been determined as one of the significant agenda for China's development strategy. However, the shortfall of funding might hinder the progress. Therefore, new financing resources and channels are urgently required. Trust has been seen as a popular investing and financing instrument due to its comprehensive benefits such as equity restricting, financial independence and continuity, etc. If trust companies provide services to environmental protection and establish "green trust" or "green funds", it would fully widen financing channel of green industry and contribute to China's sustainable development.展开更多
In new environments of trading, customer's trust is vital for the extended progress and development of electronic commerce. This paper proposes that in addition to known factors of electronic commerce B2C websites...In new environments of trading, customer's trust is vital for the extended progress and development of electronic commerce. This paper proposes that in addition to known factors of electronic commerce B2C websites such a design of websites, security of websites and familiarity of website influence customers trust in online transactions. This paper presents an application of expert system on trust in electronic commerce. Based on experts’ judgment, a frame of work was proposed. The proposed model applies ANFIS and Mamdani inference fuzzy system to get the desired results and then results of two methods were compared. Two questionnaires were used in this study. The first questionnaire was developed for e-commerce experts, and the second one was designed for the customers of electronic websites. Based on AHP method, Expert Choice software was used to determine the priority of factors in the first questionnaire, and MATLAB and Excel were used for developing the fuzzy rules. Finally, the fuzzy logical kit was used to analyze the generated factors in the model. Our study findings show that trust in EC transactions is strongly mediated by perceived security.展开更多
By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined publi...By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes' validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes' authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided.展开更多
Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reduc...Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.展开更多
基金Supported by the National Natural Science Foun-dation of China (60373054)
文摘Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.
基金supported by the National Natural Science Foundation of China (61772196 61472136)+3 种基金the Hunan Provincial Focus Social Science Fund (2016ZDB006)Hunan Provincial Social Science Achievement Review Committee results appraisal identification project (Xiang social assessment 2016JD05)Key Project of Hunan Provincial Social Science Achievement Review Committee (XSP 19ZD1005)the financial support provided by the Key Laboratory of Hunan Province for New Retail Virtual Reality Technology (2017TP1026)
文摘This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the perspective of blocking attacks. On this basis, the host protection mobile agent protection technology is selected, and a method to enhance the security protection of mobile agents (referred to as IEOP method) is proposed. The method first encrypts the mobile agent code using the encryption function, and then encapsulates the encrypted mobile agent with the improved EOP protocol IEOP, and then traces the suspicious execution result. Experiments show that using this method can block most malicious attacks on mobile agents, and can protect the integrity and confidentiality of mobile agents, but the increment of mobile agent tour time is not large.
文摘To promote the ecological civilization has been determined as one of the significant agenda for China's development strategy. However, the shortfall of funding might hinder the progress. Therefore, new financing resources and channels are urgently required. Trust has been seen as a popular investing and financing instrument due to its comprehensive benefits such as equity restricting, financial independence and continuity, etc. If trust companies provide services to environmental protection and establish "green trust" or "green funds", it would fully widen financing channel of green industry and contribute to China's sustainable development.
文摘In new environments of trading, customer's trust is vital for the extended progress and development of electronic commerce. This paper proposes that in addition to known factors of electronic commerce B2C websites such a design of websites, security of websites and familiarity of website influence customers trust in online transactions. This paper presents an application of expert system on trust in electronic commerce. Based on experts’ judgment, a frame of work was proposed. The proposed model applies ANFIS and Mamdani inference fuzzy system to get the desired results and then results of two methods were compared. Two questionnaires were used in this study. The first questionnaire was developed for e-commerce experts, and the second one was designed for the customers of electronic websites. Based on AHP method, Expert Choice software was used to determine the priority of factors in the first questionnaire, and MATLAB and Excel were used for developing the fuzzy rules. Finally, the fuzzy logical kit was used to analyze the generated factors in the model. Our study findings show that trust in EC transactions is strongly mediated by perceived security.
基金supported by the 863 Program under Grant No. 2008AA04A107
文摘By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes' validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes' authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided.
基金sponsored by the National Natural Science Foundation of China granted No.61872430, 61402342, 61772384the National Basic Research Program of China 973 Program granted No.2014CB340601Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-17-103)
文摘Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
