The core missions of IoT are to sense data,transmit data and give feedback to the real world based on the calculation of the sensed data.The trust of sensing source data and transmission network is extremely important...The core missions of IoT are to sense data,transmit data and give feedback to the real world based on the calculation of the sensed data.The trust of sensing source data and transmission network is extremely important to IoT security.5G-IoT with its low latency,wide connectivity and high-speed transmission extends the business scenarios of IoT,yet it also brings new challenges to trust proof solutions of IoT.Currently,there is a lack of efficient and reliable trust proof solutions for massive dynamically connected nodes,while the existing solutions have high computational complexity and can't adapt to time-sensitive services in 5G-IoT scenarios.In order to solve the above problems,this paper proposes an adaptive multi-dimensional trust proof solution.Firstly,the static and dynamic attributes of sensing nodes are metricized,and the historical interaction as well as the recommendation information are combined with the comprehensive metric of sensing nodes,and a multi-dimensional fine-grained trusted metric model is established in this paper.Then,based on the comprehensive metrics,the sensing nodes are logically grouped and assigned with service levels to achieve the screening and isolation of malicious nodes.At the same time,the proposed solution reduces the energy consumption of the metric process and optimizes the impact of real-time metrics on the interaction latency.Simulation experiments show that the solution can accurately and efficiently identify malicious nodes and effectively guarantee the safe and trustworthy operation of 5G-IoT nodes,while having a small impact on the latency of the 5G network.展开更多
Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system...Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.展开更多
The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG sp...The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG specifications cannot directly function on platforms complying with Chinese specifications because the two cryptography schemes are not compatible with each other. In order to transplant those applications with little to no modification, the paper presents a formal compatibility model based on Zaremski and Wing's type system. Our model is concerned not only on the syntactic compatibility for data type, but also on the semantic compatibility for cryptographic attributes according to the feature of trusted computing. A compatibility algorithm is proposed based on the model to generate adapters for trusted computing applications.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
This paper presents a trusted-environment construction method based on the underlying hardware.This method aims at protecting the security-sensitive software in the aspects of software loading,running,and storing in t...This paper presents a trusted-environment construction method based on the underlying hardware.This method aims at protecting the security-sensitive software in the aspects of software loading,running,and storing in the general operating system.It extends the trust chain of the traditional trusted computing technology to reach the target software,ensuring trusted loading.The extended memory management mechanism effectively pre-vents memory dumping and memory tampering for the high-sensitivity data.The file monitoring mechanism protects files from vicious operation made by attackers.Flexible-expanded storage environment provides the target software with static storing protection.Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.展开更多
Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like Chi...Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.展开更多
In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store t...In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.展开更多
Inferring unknown social trust relations attracts increasing attention in recent years. However, social trust, as a social concept, is intrinsically dynamic, and exploiting temporal dynamics provides challenges and op...Inferring unknown social trust relations attracts increasing attention in recent years. However, social trust, as a social concept, is intrinsically dynamic, and exploiting temporal dynamics provides challenges and opportunities for social trust prediction. In this paper, we investigate social trust prediction by exploiting temporal dynamics. In particular, we model the dynamics of user preferences in two principled ways. The first one focuses on temporal weight; the second one targets temporal smoothness. By incorporating these two types of temporal dynamics into traditional matrix factorization based social trust prediction model, two extended social trust prediction models are proposed and the cor- responding algorithms to solve the models are designed too. We conduct experiments on a real-world dataset and the results dem- onstrate the effectiveness of our proposed new models. Further experiments are also conducted to understand the importance of temporal dynamics in social trust prediction.展开更多
Under the global circumstances where data leakage gets more and more severe, we present a trustworthiness-based distribution model that aims at data leakage prevention (DLP). In our model, first, the distributor cal...Under the global circumstances where data leakage gets more and more severe, we present a trustworthiness-based distribution model that aims at data leakage prevention (DLP). In our model, first, the distributor calculates the user's trustworthiness based on his historical behaviors; second, according to the user's trustworthiness and his obtained file set overlapping leaked file set, the distributor accesses the probability of the user's intentional leak behavior as the subjective risk assessment; third, the distributor evaluates the user's platform vulnerability as an objective element; last, the distributor makes decisions whether to distribute the file based on the integrated risk assessment. The experiments indicate that the model can distinguish users of different types and make the probability of malicious users' requirements being denied much higher than that of honest users' requirements being denied, so that the model is capable of preventing data leakage validly.展开更多
Current trusted computing platform only verifies application's static Hash value, it could not prevent application from being dynamic attacked. This paper gives one static analysis-based behavior model building metho...Current trusted computing platform only verifies application's static Hash value, it could not prevent application from being dynamic attacked. This paper gives one static analysis-based behavior model building method for trusted computing dynamic verification, including control flow graph (CFG) building, finite state automata (FSA) constructing, e run cycle removing, e transition removing, deterministic finite state (DFA) constructing, trivial FSA removing, and global push down automata (PDA) constructing. According to experiment, this model built is a reduced model for dynamic verification and covers all possible paths, because it is based on binary file static analysis.展开更多
Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reduc...Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.展开更多
During the ISO Annual Meeting,the session themed on“Trust in AI:How to build global confidence”was held on September 10.Wael Diab,Chair of ISO/IEC JTC 1/SC 42 on AI,Heather West,Senior Director of Cybersecurity&...During the ISO Annual Meeting,the session themed on“Trust in AI:How to build global confidence”was held on September 10.Wael Diab,Chair of ISO/IEC JTC 1/SC 42 on AI,Heather West,Senior Director of Cybersecurity&Privacy Services at U.S.based law firm Venable and coordinator of the alliance for trust in AI,and Wan Sie Lee,Director of Trusted AI&Data at Singapore's Infocomm Media Development Authority(IMDA)were invited as vips to discuss how to prevent potential risks brought by the rapid development of AI technologies,and how standards can play a crucial role in the process to build global confidence on AI.The meeting took place in hybrid forms,attracting participants from all over the world both on site and online.展开更多
基金supported by National Key R&D Program of China (2019YFB2102303)National Natural Science Foundation of China (NSFC61971014,NSFC11675199)+2 种基金Beijing Postdoctoral Research Foundation (2021-ZZ-079)Young Backbone Teacher Training Program of Henan Colleges and Universities (2021GGJS170)Henan Province Higher Education Key Research Project (23B520014)。
文摘The core missions of IoT are to sense data,transmit data and give feedback to the real world based on the calculation of the sensed data.The trust of sensing source data and transmission network is extremely important to IoT security.5G-IoT with its low latency,wide connectivity and high-speed transmission extends the business scenarios of IoT,yet it also brings new challenges to trust proof solutions of IoT.Currently,there is a lack of efficient and reliable trust proof solutions for massive dynamically connected nodes,while the existing solutions have high computational complexity and can't adapt to time-sensitive services in 5G-IoT scenarios.In order to solve the above problems,this paper proposes an adaptive multi-dimensional trust proof solution.Firstly,the static and dynamic attributes of sensing nodes are metricized,and the historical interaction as well as the recommendation information are combined with the comprehensive metric of sensing nodes,and a multi-dimensional fine-grained trusted metric model is established in this paper.Then,based on the comprehensive metrics,the sensing nodes are logically grouped and assigned with service levels to achieve the screening and isolation of malicious nodes.At the same time,the proposed solution reduces the energy consumption of the metric process and optimizes the impact of real-time metrics on the interaction latency.Simulation experiments show that the solution can accurately and efficiently identify malicious nodes and effectively guarantee the safe and trustworthy operation of 5G-IoT nodes,while having a small impact on the latency of the 5G network.
基金partially supported by grants from the China 863 High-tech Program (Grant No. 2015AA016002)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No. 20131103120001)+2 种基金the National Key Research and Development Program of China (Grant No. 2016YFB0800204)the National Science Foundation of China (No. 61502017)the Scientific Research Common Program of Beijing Municipal Commission of Education (KM201710005024)
文摘Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.
基金Supported by the National High Technology Research and Development Plan of China (863 Program) (2006AA01Z440)the National Basic Research Program of China (973 Program) (2007CB311100)
文摘The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG specifications cannot directly function on platforms complying with Chinese specifications because the two cryptography schemes are not compatible with each other. In order to transplant those applications with little to no modification, the paper presents a formal compatibility model based on Zaremski and Wing's type system. Our model is concerned not only on the syntactic compatibility for data type, but also on the semantic compatibility for cryptographic attributes according to the feature of trusted computing. A compatibility algorithm is proposed based on the model to generate adapters for trusted computing applications.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
基金Supported by the National Natural Science Foundation of China(60970115,61003268,91018008)Natural Science Foundation of Hubei(2009429)+1 种基金Fundamental Research Funds for the Central Universities(3101038)National Defense Foster Project of Wuhan University(29)
文摘This paper presents a trusted-environment construction method based on the underlying hardware.This method aims at protecting the security-sensitive software in the aspects of software loading,running,and storing in the general operating system.It extends the trust chain of the traditional trusted computing technology to reach the target software,ensuring trusted loading.The extended memory management mechanism effectively pre-vents memory dumping and memory tampering for the high-sensitivity data.The file monitoring mechanism protects files from vicious operation made by attackers.Flexible-expanded storage environment provides the target software with static storing protection.Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.
基金supported by the National Natural Science Foundation of China (Grant NO.61332019, NO.61402342, NO.61202387)the National Basic Research Program of China ("973" Program) (Grant No.2014CB340600)the National High–Tech Research and Development Program of China ("863" Program) (Grant No.2015AA016002)
文摘Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
基金Supported by the National Basic Research Program of China(973 Program)(2014CB340600)the National Natural Science Foundation of China(61173138,61103628,61103220)the Intel Collaborative Research Project
文摘In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.
基金Supported by the National Natural Science Foundation of China(61063039)Project of Guangxi Key Laboratory of Trusted Software(kx201202)
文摘Inferring unknown social trust relations attracts increasing attention in recent years. However, social trust, as a social concept, is intrinsically dynamic, and exploiting temporal dynamics provides challenges and opportunities for social trust prediction. In this paper, we investigate social trust prediction by exploiting temporal dynamics. In particular, we model the dynamics of user preferences in two principled ways. The first one focuses on temporal weight; the second one targets temporal smoothness. By incorporating these two types of temporal dynamics into traditional matrix factorization based social trust prediction model, two extended social trust prediction models are proposed and the cor- responding algorithms to solve the models are designed too. We conduct experiments on a real-world dataset and the results dem- onstrate the effectiveness of our proposed new models. Further experiments are also conducted to understand the importance of temporal dynamics in social trust prediction.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2009AA01Z442, 2008AA01Z404)the National Natural Science Foundation of China (90718006, 60970114)
文摘Under the global circumstances where data leakage gets more and more severe, we present a trustworthiness-based distribution model that aims at data leakage prevention (DLP). In our model, first, the distributor calculates the user's trustworthiness based on his historical behaviors; second, according to the user's trustworthiness and his obtained file set overlapping leaked file set, the distributor accesses the probability of the user's intentional leak behavior as the subjective risk assessment; third, the distributor evaluates the user's platform vulnerability as an objective element; last, the distributor makes decisions whether to distribute the file based on the integrated risk assessment. The experiments indicate that the model can distinguish users of different types and make the probability of malicious users' requirements being denied much higher than that of honest users' requirements being denied, so that the model is capable of preventing data leakage validly.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2006AA01Z442, 2007AA01Z411)the National Natural Science Foundation of China (60673071, 60970115)Open Foundation of State Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education in China (AISTC2008Q03)
文摘Current trusted computing platform only verifies application's static Hash value, it could not prevent application from being dynamic attacked. This paper gives one static analysis-based behavior model building method for trusted computing dynamic verification, including control flow graph (CFG) building, finite state automata (FSA) constructing, e run cycle removing, e transition removing, deterministic finite state (DFA) constructing, trivial FSA removing, and global push down automata (PDA) constructing. According to experiment, this model built is a reduced model for dynamic verification and covers all possible paths, because it is based on binary file static analysis.
基金sponsored by the National Natural Science Foundation of China granted No.61872430, 61402342, 61772384the National Basic Research Program of China 973 Program granted No.2014CB340601Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-17-103)
文摘Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
文摘During the ISO Annual Meeting,the session themed on“Trust in AI:How to build global confidence”was held on September 10.Wael Diab,Chair of ISO/IEC JTC 1/SC 42 on AI,Heather West,Senior Director of Cybersecurity&Privacy Services at U.S.based law firm Venable and coordinator of the alliance for trust in AI,and Wan Sie Lee,Director of Trusted AI&Data at Singapore's Infocomm Media Development Authority(IMDA)were invited as vips to discuss how to prevent potential risks brought by the rapid development of AI technologies,and how standards can play a crucial role in the process to build global confidence on AI.The meeting took place in hybrid forms,attracting participants from all over the world both on site and online.
