A novel framework for software defined based secure storage systems

The Software Defined Systems (SDSys) paradigm has been introduced recently as a solution to reduce the overhead in the control and management operations of complex computing systems and to maintain a high level of security and protection. The main concept behind this technology is around isolating the data plane from the control plane. Building a Software Defined System in a real life environment is considered an expensive solution and may have a lot of risks. Thus, there is a need to simulate such systems before the real-life implementation and deployment. In this paper we present a novel experimental framework as a virtualized testbed environment for software defined based secure storage systems. Its also covers some related issues for large scale data storage and sharing such as deduplication. This work builds on the Mininet simulator, where its core components, the host, switch and the controller, are customized to build the proposed experimental simulation framework. The developed emulator, will not only support the development and testing of SD-based secure storage solutions, it will also serve as an experimentation tool for researchers and for benchmarking purposes. The developed simulator/emulator could also be used as an educational tool to train students and novice researchers.     

A framework for Multi-Agent Based Clustering

A framework to support Multi-Agent Based Clustering (MABC) is described. A unique feature of the framework is that it provides mechanisms to allow agents to negotiate so as to improve an initial cluster configuration. The framework encourages a two phase approach to clustering. During the first phase clustering agents bid for records in the input data and form an initial cluster configuration. In the second phase (the negotiation phase) agents pass individual records to each other so as to improve the initial configuration. The communication framework and its operation is fully described in terms of the performatives used and from an algorithmic perspective. The reported evaluation was conducted using benchmark data sets. The results demonstrate that the supported agent negotiation produces enhanced clustering results.     

An extended XACML model to ensure secure information access for web services

More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just “allow or reject” policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service.     

An object-oriented framework for developing distributed manufacturing architectures

Management of complexity, changes and disturbances is one of the key issues of production today. Distributed, agent-based structures represent viable alternatives to hierarchical systems provided with reactive/proactive capabilities. In the paper, approaches to distributed manufacturing architectures are surveyed, and their fundamental features are highlighted, together with the main questions to be answered while designing new structures. Moreover, an object-oriented simulation framework for development and evaluation of multi-agent manufacturing architectures is introduced.     

An adaptive secure communication framework for mobile peer-to-peer environments using Bayesian games

Peers in Mobile P2P (MP2P) networks exploit both the structured and unstructured styles to enable communication in a peer-to-peer fashion. Such networks involve the participation of two types of peers: benign peers and malicious peers. Complexities are witnessed in the determination of the identity of the peers because of the user mobility and the unrestricted switching (ON/OFF) of the mobile devices. MP2P networks require a scalable, distributed and light-weighted secure communication scheme. Nevertheless, existing communication approaches lack the capability to satisfy the requirements above. In this paper, we propose an Adaptive Trusted Request and Authorization model (ATRA) over MP2P networks, by exploiting the limited historical interaction information among the peers and a Bayesian game to ensure secure communication. The simulation results reveal that regardless of the peer’s ability to obtain the other such peer’s trust and risk data, the request peers always spontaneously connect the trusted resource peers and the resource peers always preferentially authorize the trusted request peers. Performance comparison of ATRA with state-of-the-art secure communication schemes over MP2P networks shows that ATRA can: (a) improve the success rate of node typing identification, (b) reduce time required for secure connections found, (c) provide efficient resource sharing, and (d) maintain the lower average cost.     

A framework for secure execution of software

The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues. We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solution depends on two basic premises: (i) increasing the physical security by using tamperproof devices and (ii) increasing the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user not be able to modify the software to bypass an operation that is crucial: checking the presence of the token. However, experience shows that the second premise is not realistic because analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.In this paper, we review the most relevant works related to software protection, present a taxonomy of those works, and, most important, introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of the premises given above; that is, SmartProt has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of SmartProt as well as the protocols developed to manage licences. Finally, we provide an analysis of its implementation details.     

RetriBlog: An architecture-centered framework for developing blog crawlers

Blogs have become an important social tool. It allows the users to share their tastes, express their opinions, report news, form groups related to some subject, among others. The information obtained from the blogosphere may be used to create several applications in various fields. However, due to the growing number of blogs posted every day, as well as the dynamicity of the blogosphere, the task of extracting relevant information from the blogs has become difficult and time consuming. In this paper, we use information retrieval and extraction techniques to deal with this problem. Furthermore, as blogs have many variation points is required to provide applications that can be easily adapted. Faced with this scenario, the work proposes RetriBlog, an architecture-centered framework for the development of blog crawlers. Finally, it presents an evaluation of the proposed algorithms and three case studies.     

A secure distributed framework for achieving k-anonymity

k-anonymity provides a measure of privacy protection by preventing re-identification of data to fewer than a group of k data items. While algorithms exist for producing k-anonymous data, the model has been that of a single source wanting to publish data. Due to privacy issues, it is common that data from different sites cannot be shared directly. Therefore, this paper presents a two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other. The framework is privacy preserving in the sense that it satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.     

多Agent系统安全模式设计

设计了一种使用SPKI证书体系结构为基础的多Agent安全模式结构,保证了单个Agent活动的可验证性和不可抵赖性,并由此构建了一个以此安全铆为对象的多Agent系统安全模式结构。     

多Agent系统的层次开发框架

尽管目前已经对基于Agent的计算进行了大量的研究,但是要想成为能够在软件工程实践中被广泛使用的方法,仍然需要应对很多挑战.为了促使面向Agent的开发方法学实现工程化的转变,有必要将面向Agent的软件抽象转变为能够处理复杂应用的实际工具.提出了一个多Agent系统的层次开发框架,根据这个框架开发人员能够将合适的元模型组合在一起,经过剪裁定制获得一个适合于特定项目的开发方法,就像利用现成的第三方组件来构建应用系统一样.为了验证这个框架的可用性与有效性,采用一个C4I系统的开发研究项目作为案例进行研究.     

A standard for developing secure mobile applications

The abundance of mobile software applications (apps) has created a security challenge. These apps are widely available across all platforms for little to no cost and are often created by small companies and less-experienced programmers. The lack of development standards and best practices exposes the mobile device to potential attacks. This article explores not only the practices that should be adopted by developers of all apps, but also those practices the enterprise user should demand of any app that resides on a mobile device that is employed for both business and private uses.     

An efficient dynamic-identity based signature scheme for secure network coding

The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes.     

A formal framework for secure and complying services

Internet is offering a variety of services that are assembled to accomplish requests made by clients. While serving a request, security of the communications and of the data exchanged among services is crucial. Since communications occur along specific channels, it is equally important to guarantee that the interactions between a client and a server never get blocked because either cannot access a selected channel. We address here both these problems, from a formal point of view. A static analysis is presented, guaranteeing that a composition of a client and of possibly nested services respects both security policies for access control, and compliance between clients and servers.     

An extended support vector machine forecasting framework for customer churn in e-commerce

In order to accurately forecast and prevent customer churn in e-commerce, a customer churn forecasting framework is established through four steps. First, customer behavior data is collected and converted into data warehouse by extract transform load (ETL). Second, the subject of data warehouse is established and some samples are extracted as train objects. Third, alternative predication algorithms are chosen to train selected samples. Finally, selected predication algorithm with extension is used to forecast other customers. For the imbalance and nonlinear of customer churn, an extended support vector machine (ESVM) is proposed by introducing parameters to tell the impact of churner, non-churner and nonlinear. Artificial neural network (ANN), decision tree, SVM and ESVM are considered as alternative predication algorithms to forecast customer churn with the innovative framework. Result shows that ESVM performs best among them in the aspect of accuracy, hit rate, coverage rate, lift coefficient and treatment time. This novel ESVM can process large scale and imbalanced data effectively based on the framework.     

U-multimedia framework: a secure and intelligent multimedia service framework based on context information in U-home

In the last few years, intelligent secured multimedia services play a vital role along with ubiquitous home environment (Park et al. in Lecture Notes in Computer Science, vol. 4097, pp. 660–670, [2006]; Lecture Notes in Computer Science, vol. 4159, pp. 893–901, [2006]; IEICE Trans. Inf. Syst. E89-D(12):2831–2837, [2006]; Lecture Notes in Artificial Intelligence, vol. 4252, pp. 777–784, [2006]; Lecture Notes in Artificial Intelligence, vol. 3801, pp. 313–320, [2005]). There are certain constrains and limitations in providing effective and efficient services in U-home. The mechanism and applications are integrated to realize such services. Three different kinds of ubiquitous multimedia services are proposed in the framework. Based on the temporal and spatial context information, the surrounding situations are recognized. The contexts are collected and well analyzed with the preconditions to provide the final services. The proposed framework provides efficient services in the multimedia based deices based on the current context information.

基于边缘云框架的高效安全人脸表情识别

针对物联网环境下数据量大且人脸表情识别率低的问题,提出基于边缘云框架的高效安全人脸表情识别方法.物联网设备通过多秘密共享技术获取用户信息,并分发到不同的边缘云.边缘云利用语谱图和局部二值模式的方法提取语音特征,采用差值中心对称局部二值模式获得图像特征,将特征送至核心云.基于栈式稀疏去噪自编码器融合语音和图像特征,实现人...     

A lightweight framework for secure life-logging in smart environments

As the world becomes an interconnected network where objects and humans interact with each other, new challenges and threats appear in the ecosystem. In this interconnected world, smart objects have an important role in giving users the chance for life-logging in smart environments. However, smart devices have several limitations with regards to memory, resources and computation power, hindering the opportunity to apply well-established security algorithms and techniques for secure life-logging on the Internet of Things (IoT) domain. The need for secure and trustworthy life-logging in smart environments is vital, thus, a lightweight approach has to be considered to overcome the constraints of Smart Objects. The purpose of this paper is to present in details the current topics of life-logging in smart environments, while describing interconnection issues, security threats and suggesting a lightweight framework for ensuring security, privacy and trustworthy life-logging. In order to investigate the efficiency of the lightweight framework and the impact of the security attacks on energy consumption, an experimental test-bed was developed including two interconnected users and one smart attacker, who attempts to intercept transmitted messages or interfere with the communication link. Several mitigation factors, such as power control, channel assignment and AES-128 encryption were applied for secure life-logging. Finally, research into the degradation of the consumed energy regarding the described intrusions is presented.     

综合性SDG故障诊断架构

基于模型的SDG(Signed DiGraph,符号有向图)故障诊断方法因其具有完备性好、推理深度高等优点在过程工业安全工程中具有十分重要的意义,已成为安全工程中的1种关键技术。本文在以前研究的基础上,提出了1个综合性SDG故障诊断架构,以期能够实现在生产过程中及时发现故障并判明故障源。该综合性故障诊断架构按模型、推理和应用3个层次搭建,以传统定性SDG及概率SDG理论为基础,包含了从模型建立到故障诊断推理,从定性SDG方法到结合统计监控的SDG方法再到概率SDG方法等一系列实施方案。该综合性SDG故障诊断架构由于引入了多元统计监控模型,使得在系统没有表现出明显的故障征兆时就能够及时敏感地检测到异常变化,进而触发SDG及PSDG推理来实现对故障源的查找,并给出各故障源发生故障的概率值,以指导使用者按照概率值的大小顺序采取处理措施。以某石化公司的气体分馏装置为实际背景,利用该装置实时数据库中的实际生产工艺数据对该综合性诊断架构进行了实例验证,其故障诊断结果与实际发生的故障相吻合,证明了该综合性故障诊断架构的有效性。