一种强安全的无证书非交互密钥交换协议

非交互密钥交换协议(Non-interactive Key Exchange,NIKE)允许通信双方在没有信息交互的情况下生成一个共享密钥。在基于身份的非交互密钥交换协议(Identity-based Non-interactive Key Exchange,ID-NIKE)中,用户私钥是由私钥生成中心(Private Key Generator,PKG)分发给用户的,因此PKG可以计算出用户之间的共享密钥,即存在密钥托管的问题。针对ID-NIKE的上述不足,基于无证书的公钥密码体制(Certificateless Public Key Cryptography,CL-PKC),首先提出了无证书非交互密钥交换协议的安全模型,然后设计了一个强安全的无证书非交互密钥交换协议方案,并在随机预言模型下基于BDH假设给出了协议的安全性证明。该方案是第一个基于CL-PKC的非交互密钥交换协议方案,并结合了CL-PKC和NIKE的优点,因此该方案不仅具有非交互的性质,而且PKG计算不出用户间的共享密钥,所以其可以更好地保护用户隐私。另外,该协议还允许用户部分秘密信息泄露,因此具有更高的安全性。     

基于效益最大化的云虚拟机资源分配研究

针对云资源分配研究中缺乏对用户使用资源的效益情况进行研究的现状,借鉴网络带宽分配效用最大化的NUM(Network Utility Maximization)模型,提出了一种使用户效益最大化的云虚拟机资源分配模型。在分析分配模型时,通过拉格朗日函数将模型简化为求解拉格朗日对偶函数。最后,引入模糊次梯度算法在理论上证明了可以得到模型的最优解。仿真结果表明了方案的可行性和算法较好的收敛性。     

基于实时行为可信度量的网络访问控制模型

传统的可信网络访问控制方法实现了终端平台的身份认证和完整性认证,属于静态认证机制。然而在实际网络环境中,终端平台环境和用户行为经常处于变化之中,极易导致认证结果随终端环境和用户行为的变化而失效等误差,最终可导致错误授权。针对上述问题,提出一种基于全局可信的用户行为实时评估模型(RTEM-GT)。引入惩罚因子和时间因子将用户行为评估方法从单一评估上升到全局评估;在可信网络连接架构下,进一步设计基于用户行为可信策略的访问控制模型(AC-UBTP),进而提出网络连接与访问的动态授权机制。实验结果与分析表明,RTEM-GT能够实时准确地对用户行为进行可信判定,且更加切合实际。     

PKSM安全模型在ACR网管系统中的研究

分析了大规模接入汇聚路由器(ACR)网管系统在用户密钥管理和消息交换传输中存在的安全问题,对SNMPv3中基于用户的安全模型(USM)以及非对称公钥密码机制进行了研究,提出了在SNMPv3中引入基于非对称公钥密码机制的PKSM安全模型以扩充USM的方法,增强了ACR网管系统对用户加密密钥更新与消息加密交换的整体安全性.     

基于SIP协议的CSTA呼叫模型的实现探讨

随着VoIP(Voice over Internet Protocol)的迅速发展,作为VoIP的主流协议的SIP协议成为各大运营商和设备商所关注的热点,出现了许多用SIP协议来通信的软终端。为了可以引入更多的用户对呼叫中心的使用,提出了一种基于SIP协议和CSTA呼叫模型的实现方法,将SIP协议和CSTA呼叫模型结合起来,用SIP协议来实现终端和服务器的通信并实时对外汇报终端状态的变化,这样就可以实现第三方监控,并通过测试验证了其可行性。     

3G/WLAN网络中基于终端移动与业务认知的动态负载均衡机制

下一代无线移动通信要求异构网络之间相互协作,3G蜂窝网与WLAN之间的密切合作将为用户提供无缝的业务链接与多样化通信服务.终端移动与业务时空分布的不均衡性是影响网络性能的重要因素,3G/WLAN网络中业务负载均衡策略是提高网络整体性能的有效途径.首先,文中提出了一种新的基于终端移动与业务认知的动态负载均衡(DLB-MSA)机制,该机制重点关注业务潜在用户,通过动态优化的联合业务接入控制,使得每个无线接入点的业务量与其通信资源保持匹配关系,实现网络的负载均衡.然后,为了探讨终端移动对无线网络通信性能的影响,文中创建了一种新的基于2维终端速率分类与状态转换的移动模型,并且给出了相应的Markov分析方法.该模型能够更准确地反映用户移动规律,通过比较简单的参数学习来逼近3G/WLAN网络中终端的群体移动特征.最后,文中基于该模型对DLB-MSA机制进行性能评估,通过仿真验证了该机制的有效性.     

Web服务中基于SAML和XACML的RBAC模型

针对Web服务中安全性方面所存在的问题,引入角色来设定用户的访问策略,在用户访问具体资源时根据资源拥有者设置的权限来确定该用户的访问权限,使用角色作为行使权限的中介,通过SAML协议对该类角色实现单点登陆,并使用XACML对服务端的受保护资源进行访问控制.在此基础上给出了基于SAML和XACML的RBAC模型,该模型具有良好的灵活性、可扩展性及跨平台性.     

一个网格经济学模型和信用机制

网格的目标是实现对地理上广泛分布的大量异构资源进行共享.然而,由于网格具有的异构性、分布性和动态性,网格环境中的资源管理是个复杂的问题.将经济学原理,例如一些经济学模型和市场机制引入网格之中构建网格经济学资源管理模型,能够很好地配合网格的离散特性.该文将经济学原理引入网格环境之中,提出了一个“信用机制”,使用户能够根据服务提供者的“信用”来优化选择,同时使网格更为高效和有序.     

一种社区授权服务的拉式模型

针对目前网格中的社区授权服务(CAS)推式模型所存在的某些安全问题,提出了一种拉式模型。在拉式模型中,引入一个CAS缓存服务器;由资源提供者(而不是用户)向CAS缓冲服务器查询用户的权限声明,并与本地授权策略相结合形成用户在本资源上的最终有效权限。该文详细描述了用户向资源提供者进行服务请求的认证步骤,并从运行效率和安全性、可靠性等方面与推式模型进行了对比分析。     

模型驱动的Web服务组合的QoS属性的研究

为反映组合Web服务的服务质量(QoS),文章在用模型驱动的方法对Web服务组合进行研究的基础上探讨了如何对Web服务进行QoS属性拓展,给出了拓展的WSDL元模型。通过引入模型驱动的思想,解决了Web服务对QoS属性描述不足的问题。并通过对BPEL元模型的分析,得出了组合服务在各种结构模型情况下的QoS属性的计算方法。     

基于拍卖机制的网格在线信誉系统模型

在现有的网格经济模型和在线信誉系统的基础上,提出了基于拍卖机制的网格在线信誉系统模型.该模型侧重于保护资源提供者,为资源提供者提供了贡献与共享资源的动机,吸引更多更好的资源加入网格,实现资源优化分配.保证交易双方均获取最大利益,有利于网格资源的市场管理及供需均衡.并以市场为平台,构建一种新的网格信任模型,由交易事件和衰减函数共同驱动信任度的在线更新,并引入激励机制,尽可能增强信任模型的合理性和可操作性.     

Matrix based proactive resource provisioning in mobile cloud environment

Mobile cloud computing is a dynamic, virtually scalable and network based computing environment where mobile device acts as a thin client and applications run on remote cloud servers. Mobile cloud computing resources required by different users depend on their respective personalized applications. Therefore, efficient resource provisioning in mobile clouds is an important aspect that needs special attention in order to make the mobile cloud computing a highly optimized entity. This paper proposes an adaptive model for efficient resource provisioning in mobile clouds by predicting and storing resource usages in a two dimensional matrix termed as resource provisioning matrix. These resource provisioning matrices are further used by an independent authority to predict future required resources using artificial neural network. Independent authority also checks and verifies resource usage bill computed by cloud service provider using resource provisioning matrices. It provides cost computation reliability for mobile customers in mobile cloud environment. Proposed model is implemented on Hadoop using three different applications. Results indicate that proposed model provides better mobile cloud resources utilization as well as maintains quality of service for mobile customer. Proposed model increases battery life of mobile device and decreases data usage cost for mobile customer.     

一种采用消息模型的多集群作业管理方案设计

文中针对多集群环境资源异构且地域分散、网络环境不可靠以及面向用户需求的特点,提出了一种采用消息模型的多集群作业管理方案。该方案采用全局一局部的层次调度方法,基于发布一订阅的消息模型,根据当前网络环境、用户作业的资源需求、各集群自身负载情况进行综合统一调度管理。实践证明,采用该方案设计实现的多集群作业管理系统实现了多集群环境下的资源监控、资源管理、作业调度、作业控制、数据管理等功能,有效解决了在资源异构及网络环境不可靠条件下的系统稳定性问题,显著提高了多集群系统作业吞吐能力。     

Autonomous and adaptive resource allocation among multiple nodes and multiple applications in heterogeneous wireless networks

In the forthcoming future, various means of wireless communication, such as cellular, Wi-Fi, WiMAX, and DSRC, will be available to mobile users and applications. With the development of wireless communication and mobile devices, more and more users and applications will be accommodated in mobile environment. Since mobile users and applications compete for the limited wireless resources whose communication quality dynamically change, we need an adaptive mechanism for mobile users and applications to share the available network resources while satisfying each application?s QoS requirements. In this paper, we propose an adaptive resource allocation mechanism where each node autonomously determines wireless network resources to assign to each of networked applications running on it. For this purpose, we adopt an attractor composition model, which is based on an autonomous and adaptive behavior of biological systems. Through numerical analysis, we confirmed that our mechanism could adaptively and stably allocate wireless network resources to applications, while considering their QoS requirements and fairly sharing network resources with other nodes. It also is shown that our mechanism superiors to a mechanism where a node determines resource allocation by solving an optimization problem.     

A Resource Reservation Scheme for Synchronized Distributed Multimedia Sessions

Guarantees of services in a networked environment are provided by the proper allocation and scheduling of network and system resources. A lot of research in packet scheduling, QoS routing, traffic multiplexing, etc. has been aimed at providing deterministic or statistical service guarantees, while utilizing resources efficiently. In this paper, we propose a resource reservation scheme for a class of multimedia presentations. We characterize this class of multimedia presentations as synchronized distributed multimedia sessions, which we believe are important components of many multimedia applications. In addition to multimedia presentations, the reservation scheme applies to applications with synchronized resource requirements. Based on resource inquiry and interval analysis, the scheme is also able to find feasible resource allocation schedules for resource reservation requests. Built upon a layer of resource abstraction, the scheme suits well with today's heterogeneous network environment.     

CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms

Cloud computing is a recent advancement wherein IT infrastructure and applications are provided as ‘services’ to end‐users under a usage‐based payment model. It can leverage virtualized services even on the fly based on requirements (workload patterns and QoS) varying with time. The application services hosted under Cloud computing model have complex provisioning, composition, configuration, and deployment requirements. Evaluating the performance of Cloud provisioning policies, application workload models, and resources performance models in a repeatable manner under varying system and user configurations and requirements is difficult to achieve. To overcome this challenge, we propose CloudSim: an extensible simulation toolkit that enables modeling and simulation of Cloud computing systems and application provisioning environments. The CloudSim toolkit supports both system and behavior modeling of Cloud system components such as data centers, virtual machines (VMs) and resource provisioning policies. It implements generic application provisioning techniques that can be extended with ease and limited effort. Currently, it supports modeling and simulation of Cloud computing environments consisting of both single and inter‐networked clouds (federation of clouds). Moreover, it exposes custom interfaces for implementing policies and provisioning techniques for allocation of VMs under inter‐networked Cloud computing scenarios. Several researchers from organizations, such as HP Labs in U.S.A., are using CloudSim in their investigation on Cloud resource provisioning and energy‐efficient management of data center resources. The usefulness of CloudSim is demonstrated by a case study involving dynamic provisioning of application services in the hybrid federated clouds environment. The result of this case study proves that the federated Cloud computing model significantly improves the application QoS requirements under fluctuating resource and service demand patterns. Copyright © 2010 John Wiley & Sons, Ltd.     

一种全局统一的层次化网格资源模型

网格计算通过新的组织方式将广域网上的各种计算资源、信息资源、设备资源等集成起来，以统一的方式向用户提供服务，是当前网络计算领域的研究热点，引入逻辑资源树的概念，通过抽象资源参数，提出了一种全局统一的层次化网格资源模型，支持资源的动态加入与删除，与资源池及全局一本地两层资源模型相比，提出的资源模型有效地屏蔽了广域网上资源的异构性，提高了资源的可扩展性；同时根据网络通信性能对资源进行层次化组织，避免了盲目的资源选择，该模型进行资源查找的时间复杂度为Olog(N)，有较高的查找效率。     

Managing QoS for Multimedia Applications in the Differentiated Services Environment

The overall quality of network connections has a significant impact on the performance of networked applications. As a result, Quality-of-Service (QoS) management for networked multimedia applications over IP is a significant and immediate challenge. While differentiated services (DiffServ) provide a sense of resource allocation and QoS, they do not guarantee QoS. This paper presents the design, implementation and evaluation of a content-aware bandwidth broker (CABB) that manages QoS for multimedia applications in a DiffServ environment. CABB allocates network resources to multimedia flows based on client requirements, the adaptability of the application, and its tolerance to network level parameters such as bandwidth, delay, and latency. It has been implemented and evaluated using the NS-2 simulator toolkit. Evaluations show that CABB improves network resource allocations and increases overall throughput. Furthermore multimedia application flows are better managed and controlled, improving perceived QoS and avoiding possible congestion at core routers.     

Aligning principal and agent’s incentives: A principal–agent perspective of social networking sites

The viability of networked communities depends on the creation and disclosure of user-generated content and the frequency of user visitation (Facebook 10-K Annual Report, 2012). However, little is known about how to align the interests of user and social networking sites. In this study, we draw upon the principal-agent perspective to extend Pavlou et al.’s uncertainty mitigation model of online exchange relationships (2007) and propose an empirically tested model for aligning the incentives of the principal (user) and the agent (service provider). As suggested by Pavlou et al., we incorporated a multi-dimensional measure of trust: trust of provider and trust of members. The proposed model is empirically tested with survey data from 305 adults aged 20-55. The results support our model, delineating how real individuals with bounded rationality actually make decision about information disclosure under uncertainty in the social networking site context. There is show little to no relationship between online privacy concerns and information disclosure on online social network sites. Perceived benefits provide the linkage between the incentives of principal (user) and agent (provider) while usage intensity demonstrated the most significant impact on information disclosure. We argue that the phenomenon may be explained through Communication Privacy Management Theory. The present study enhances our understanding of agency theory and human judgment theory in the context of social media. Practical implications for understanding and facilitating online social exchange relationships are also discussed.     

P2P在制造资源信息共享中的应用

网络化制造需要共享大量制造资源信息。针对现有共享模式的服务提供能力有限,且实现平台存在网络带宽瓶颈和资源管理不方便等问题,根据P2P思想和传统集中式ASP共享模型,提出了一种多对多共享模式,将共享资源元数据信息发布在P2P网络中,而资源分别存放在提供者本地,请求者和共享者在P2P平台监督下直接协商完成共享。基于此模式,建立了一种基于P2P网络的资源共享平台框架。介绍了框架的P2P网络拓扑结构,利用面向对象思想对共享制造资源建模,采用资源元数据索引信息实现资源的查询,并利用双向分层信任机制确保了共享资源的安全性。通过实验结果表明了该研究开发工作的可行性和有效性。