FAHP在用户行为信任评价中的研究

针对层次分析法（AHP）的缺点,提出了一种基于三角模糊数的模糊层次分析法,该评估方法通过使用模糊数来反映专家评判的模糊性,弱化了单纯使用AHP方法存在的主观性,并对网络用户行为各属性的权重进行量化计算,使评判结果更加客观,通过实例说明如何在实际中应用该方法。评价结果为基于动态信任的安全控制提供量化分析基础,为服务提供者采取更加安全的策略来响应用户请求提供量化依据。     

云计算下基于信任的防御系统模型

由于云计算的动态性和开放性,云环境中频频出现恶意攻击行为,为了保障云计算的安全,结合可信云的思想,提出一个云计算下基于信任的防御系统模型。该模型通过实时监控获取用户的行为证据并加以规范;提出一种新的基于模糊层次分析法（FAHP）的用户行为信任评估方法,逐步确定各行为证据的权重,实现行为信任的科学量化评估;利用多种检测引擎对可疑文件进行全面检测和综合决策,为云中用户提供最大限度的安全防御。实验结果表明,该系统模型能有效消除不良用户的恶意攻击行为、降低病毒等给用户带来的损失,达到云端和客户端双向防御的目的。     

基于云模型理论的网络用户行为评判模型研究

由于网络的异构性使得网络中的用户纷繁复杂,而众多的网络用户行为表现方式又多种多样,也直接影响到网络的安全性.本文借鉴已有的研究工作,以复杂的网络环境为研究背景,通过对复杂网络环境中用户行为的研究,引入云模型理论,研究并提出了一个基于云模型理论的网络用户行为评判模型,实现了对网络用户行为定量描述及评判;同时研究结果还体现了网络用户行为的不确定性和评判标准的差异性,这样使网络行为评判结果更加符合客观事实.仿真实验进一步验证了本文研究的网络用户行为评判模型能够对复杂的网络环境中网络用户行为做出合理的评判,为复杂的网络环境中网络行为评判的研究提供了有价值的新思路.     

基于FANP的云用户行为信任评估优化机制

开放的云计算环境面临着安全挑战,传统的用户行为评估机制已经无法保障云端的安全性.为科学量化评估用户的行为信任,确保权重赋值科学合理,提高云平台下用户行为的安全可信度,设计出一种结合模糊网络分析法的信任评估优化机制.将模型中用户行为信任评估一个控制目标扩展为历史访问行为与当前访问环境两个控制目标模块,同时将历史访问行为模...     

云环境下基于 ECC的数字认证技术的研究*

云计算技术的发展正在使得计算机世界发生着巨大的变革,随之而来是人们对云计算安全问题的热议,其中云计算的虚拟化安全和用户隐私数据保护问题已成为目前广大研究者关注的焦点,文章阐述了虚拟化对云计算带来的好处及其安全问题对云计算安全的影响,针对目前虚拟的云环境下所面临的用户隐私数据安全保护问题及应对策略进行分析,为了保护用户隐私数据在虚拟的云环境下不被泄露或窃取,文章提出了利用基于ECC算法的数字认证技术在虚拟机与云计算用户之间建立一种单线排他的认证连接,来实现在虚拟的云环境下用户隐私数据的安全保护与绝对隔离,使云计算能够更加安全地为人们提供服务。     

基于云计算环境的平台可信度认证问题研究

为了搭建可信的云计算环境,云平台和用户平台之间需要进行相互认证。鉴于云环境的基本特征,提出一种基于云环境的平台可信度认证模型(CCEBA)。该模型引用可信计算平台远程证明的思想,将改进的基于模块和组件属性的可信证明方案应用于云平台的可信度认证中。用户平台认证则采用改进的基于系统行为的可信证明方案。实验结果表明,该认证模型有效地提高了云平台和用户平台之间认证的可信度,并且提高了远程证明的效率,从而搭建了可信的云计算环境。     

云计算环境下的可信接入安全协议研究进展

随着云计算的蓬勃发展,越来越多的用户在云端使用计算和存储资源,然而各种安全问题接踵而来.云计算和可信计算技术的融合研究将成为云安全领域的重要趋势,通过设计安全协议来保障整个云计算环境的安全性和可生存性.主要针对在云计算环境下的可信接入安全协议及其形式化证明,进行了归类综述和对比分析,最后指出可信云平台所面临的研究问题.     

云计算环境下用户行为安全认证机制与安全控制分析

针对云计算环境的安全行为机制，提出基于用户行为认证的安全控制方法。在用户身份认证的基础上，增加了身份再认证和行为认证等多种认证机制，从而增强了系统对于不可信用户的行为监测。实验结果表明，该方法的漏检率较低，具有一定的适用性。     

一种云计算安全模型与架构设计研究

由于云计算存在安全性的问题,使得原本具备大规模、动态、开放和分布式计算环境等优势的云计算目前更多的是以小规模、静态的私有云的模式出现。为了解决云平台的安全问题,文章从用户维、数据维、业务维和环境维构造相应的云安全服务平台及相关服务出发,基于Eucalyptus平台设计了一种轻量级的云计算多维安全平台架构。达到云平台安全、云服务安全和安全云服务,以满足在应用云计算提供服务的过程中所需的安全可信需求。     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

基于可拓云的网络信任评估

针对网络信任评估中存在不确定因素的问题,以复杂开放网络中的安全交易为研究背景,引入可拓云理论,利用可拓学中的物元理论和云模型的不确定性兼二者定性与定量相结合的优点,提出了基于可拓云的网络信任评估模型,实现了信任值定性与定量之间的转换。在此模型基础上提出基于可拓云的网络信任评估方法,对网络安全交易能够有效地进行信任评估,为最终信任决策提供有利依据。仿真实验结果表明:信任决策调度算法提高了信任评估的准确性和交易的成功率,有效缓解了网络交易实体的欺骗行为,评估方法具有可行性和有效性。     

Fuzzy User Access Trust Model for Cloud Access Control

Cloud computing belongs to a set of policies, protocols, technologies through which one can access shared resources such as storage, applications, networks, and services at relatively low cost. Despite the tremendous advantages of cloud computing, one big threat which must be taken care of is data security in the cloud. There are a dozen of threats that we are being exposed to while availing cloud services. Insufficient identity and access management, insecure interfaces and Applications interfaces (APIs), hijacking, advanced persistent threats, data threats, and many more are certain security issues with the cloud platform. APIs and service providers face a huge challenge to ensure the security and integrity of both network and data. To overcome these challenges access control mechanisms are employed. Traditional access control mechanisms fail to monitor the user operations on the cloud platform and are prone to attacks like IP spoofing and other attacks that impact the integrity of the data. For ensuring data integrity on cloud platforms, access control mechanisms should go beyond authentication, identification, and authorization. Thus, in this work, a trust-based access control mechanism is proposed that analyzes the data of the user behavior, network behavior, demand behavior, and security behavior for computing trust value before granting user access. The method that computes the final trust value makes use of the fuzzy logic algorithm. The trust value-based policies are defined for the access control mechanism and based on the trust value outcome the access control is granted or denied.     

基于信任域的网格安全研究

信任已成为网格安全的重要因素.信任一般具有模糊性,网格信任的模糊性是随时间和空间变化而变化的.本文基于动态和复杂的VOs信任域环境来研究解决网格系统的安全问题,设计了网格信任管理模式的安全体系结构,并提出了基于模糊逻辑的动态信任域作为安全的实施方案,以保证网格系统环境的安全性.     

Trustworthy assurance of service interoperation in cloud environment

Cloud computing can be realized by service interoperation and its essence is to provide cloud services through network. The development of effective methods to assure the trustworthiness of service interoperation in cloud environment is a very important problem. The essence of cloud security is trust and trust management. Combining quality of service (QoS) with trust model, this paper constructs a QoS-aware and quantitative trust-model that consists of initial trust value, direct trust value, and recommendatory trust value of service, making the provision, discovery, and aggregation of cloud services trustworthy. Hence, it can assure trustworthiness of service interoperation between users and services or among services in cloud environment. At the same time, based on this model, service discovery method based on QoS-aware and quantitative trust-model (TQoS-WSD) is proposed, which makes a solid trust relationship among service requestor, service provider and service recommender, and users can find trustworthy service whose total evaluation value is higher. Compared to QoS-based service discovery (QoS-WSD) method, it is proved by the experiment for TQoS-WSD method that more accurate result of service discovery will be achieved by service requestor, while reasonable time cost is increased. Meanwhile, TQoS-WSD method strongly resists the effect of service discovery by untrustworthy QoS values and improves service invocation success-rate and thus assures trustworthiness of services interoperation.     

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.     

一种基于中国信任模式的无中心网络计算环境的信任评估模型

为了在面向中国范围内的基于互联网的各类开放的、无中心网络计算环境中（如网格计算、对等计算或云计算等）促使各个节点诚实、可靠地交互提出了一套具有典型中国特色的信任评估模型。特别是针对中国人的思维模式、主观意愿和行为方式来设计网络节点的信任评估模型,从而有效地提升了中国范围内的无中心网络计算环境的系统安全稳定性和协作成功率。信任评估模型充分考虑了节点的身份、节点间关系、直接交互经验和客观综合评价情况,同时考虑了节点信任情况的动态变化。以其较强的针对性、可推广性和可行性,具有良好的参考价值和实用价值。     

云计算环境下实体的多属性高效率评估策略设计

鉴于当前在云计算的实体信任评估领域所实施的方法策略无法满足云计算环境的动态模糊性,以遗传自适应学习算法为理论基础,在云计算环境下的信任管理过程中,针对动态评估高效率的需求,设计了多属性信任关系的动态评估模型。其可以评估分析信任管理过程实体的多属性问题,同时可以在持续的评估过程中,自主的学习,使其评估分析的执行能力逐渐提升,最终能够满足上文中阐明的高效性与动态性的要求。经过实验分析表明,本文所设计的模型在直接面对实时变化的云计算网络环境实体参数时,其可以自适应的调整评估策略规则,最终克服了云计算环境的动态模糊性,对实体的多个属性进行了综合评估。     

基于云理论的可信技术研究

针对云计算环境下信息的安全性和可靠性方面的欠缺, 为了建立灵活多适应性的安全机制, 将云与可信的概念相结合, 是现今安全领域的一个主要研究方向。为进一步解决云计算安全问题, 对云计算环境下的一些可信技术进行了研究, 并在此基础上提出了一种新的逆向云生成算法。该算法基于原一维逆向云算法, 使用主观信任云的期望和超熵对信任客体的可信度进行了评价, 为网上交易的信任决策提供了依据。对实验数据的分析表明, 与传统的算法相比, 此算法在信任度的可靠性和稳定性上存在比较明显的优势。