民航网络自保护模型及其访问控制研究

提出一种民航网络自保护系统模型,设计其系统结构与分层响应框架,在系统中设计了基于角色的访问控制策略和基于Agent的通信加密机制.实验证明,该系统模型的访问控制策略及通信机制能够有效保护网络自保护系统中的数据安全.     

云计算环境下任务行为访问控制模型研究

近年来,云计算环境下访问控制机制成为研究热点。针对传统的访问控制模型不能满足云系统中的资源被非法用户恶意访问或处理的访问控制需求的问题,在传统访问控制基础上,通过对基于行为的访问控制(Action Based Access Control)模型的策略和授权机制的研究,基于ABAC模型中的优缺点,引入了用户信任度,给出了模型的形式化定义和信任相似度的算法,设计了基于信任相似度的权限授予机制,提出基于任务行为的访问控制模型(Task-action Based Access Control,TABAC)。安全及性能分析表明,该方案使访问控制灵活可靠,适用范围更广泛。     

一种基于属性证书和角色的访问控制模型

基于角色的访问控制是安全系统中保护资源的有效手段之一.基于对面向对象RBAC模型的分析,引入PMI属性证书,提出一种面向对象的访问控制模型AC-ORBAC,给出形式化描述,该模型通过属性证书实现角色授权访问控制,使访问控制的管理更为灵活,对职责分离进行了讨论.同时结合PKI实现了一种面向对象的基于角色和属性证书的访问控制方法.     

一种基于角色和应用上下文的移动网访问控制模型

访问控制是ITU X.805中定义的电信网八个安全维度之一.分析了移动核心网中数据访问的特点,提出了一种应用于移动通信网的访问控制模型基于角色和应用上下文的访问控制模型(R-ACBAC).该模型在基于角色的访问控制模型(RBAC)基础上,引入应用上下文和限定性约束等概念,对移动网访问控制中角色和权限的分配策略、触发机制、动态迁移等内容进行了详细的定义,为移动网中数据访问的检测与控制提供了参考.     

基于角色的工作流安全模型的研究与实现

随着计算机和互联网领域的迅速发展,现代信息系统的分布性、异构性和自治性的特征越来越显著,相应的信息资源也分布在异构的计算机环境中,信息源之间的连接表现出松散耦合的特点,在这种大规模分布式环境下对分布式工作流管理系统的权限管理也提出了更高要求.访问控制是工作流管理系统设计中的关键环节,是系统安全的重要保障,文中分析了基于群组改进的访问控制模型,通过把群组引入到工作流系统的权限管理系统,把各个不同的用户具有相同的角色集归为同一用户群组,对多个用户的授权压缩为对同一群组授权,减少了授权工作量,并给出了基于该模型的权限管理系统关键技术的具体实现.     

访问控制模型研究进展及发展趋势

 访问控制的任务是保证信息资源不被非法使用和访问,冲突检测与消解主要解决不同信息系统安全策略不统一的问题.随着计算机和网络通信技术的发展,先后出现了自主访问控制模型、强制访问控制模型、基于角色的访问控制模型、基于任务的访问控制模型、面向分布式和跨域的访问控制模型、与时空相关的访问控制模型以及基于安全属性的访问控制模型等访问控制模型.本文从理论和应用研究两个角度分析和总结了现有访问控制技术、访问控制策略冲突检测与消解方法的研究现状,提出了目前访问控制模型及其冲突检测与消解研究在面向信息物理社会的泛在网络互联环境中存在的问题,并给出了细粒度多级安全的访问控制模型及其策略可伸缩调整方法的发展趋势.     

属性驱动的多策略网格授权机制研究

网格系统存在大量动态的访问用户和每个自治域有自己的访问控制策略,因此具有动态性和自治性的访问控制需求。基于属性的访问控制和网格系统的授权需求提出了一个属性驱动的多策略访问控制模型（MP_ABAC,Multipolicy_supported Access Control based on Attribute）并基于继承和封装思想和可扩展访问控制标记语言（XACML）设计了MP_ABAC授权框架。框架在网格访问控制中存在很大的优势,为网格授权系统提供了开放的架构,且能够集成第三方基于属性的授权系统。     

基于Command模式的CSCW系统访问控制研究

针对CSCW系统的特点及其对用户访问控制的特殊要求,本文在RBAC(基于角色的访问控制)模型的基础上进行了优化,并引入Command设计模式,设计并实现了分级、细粒度的权限管理模型.该模型结合用户权限驱动的动态多级导航,在很大程度上提高了CSCW系统的易用性.系统的实现基于统一的基类,大大提高了代码复用,几乎无需修改现有程序就可以把本系统无缝的集成到现有CSCW系统中.实验证明,该方案不仅可以满足大中型CSCW系统对权限管理的需求,而且能随组织结构或安全需求的变化而变化,具有很好的灵活性和可操作性.     

开放网络环境中基于动态信任管理的通用访问控制模型

综合基于角色的访问控制和信任管理的各自优势,通过引入信任级别概念,文章提出了一个适用于开放式环境的动态信任通用访问控制模型--DTMGAC(Generic Access Control Model Based on Dynamic Trust Management).模型依据用户身份信任和信任的动态度量,由信任级对角色分配关系实施约束,通过信任级动态调整角色权限分配关系,实现对角色可信授权委托控制.该模型具有良好的自治特性,不仅能细化访问控制粒度,增强系统实用性,而且还能有效降低威胁风险.     

一种基于策略的跨自主域访问控制模型研究

针对分布式环境下各自主域访问控制模型的异构性以及跨域访问中域自治与协作问题,提出了一种基于策略的跨自主域访问控制模型.该模型通过自主域间访问主体的不同粒度映射机制,支持域间的安全互操作;通过安全控制器并结合基于XACML的访问控制策略,实现了域间用户权限的逻辑整合.各域的相关权限信息封装在域内,既保持原有的独立性又实现了域间的协作,同时屏蔽了域间主体差异,解决了不同域系统互不认知和异构访问控制模型映射问题.     

A Secure Infrastructure for Service Discovery and Access in Pervasive Computing

Security is paramount to the success of pervasive computing environments. The system presented in this paper provides a communications and security infrastructure that goes far in advancing the goal of anywhere-anytime computing. Our work securely enables clients to access and utilize services in heterogeneous networks. We provide a service registration and discovery mechanism implemented through a hierarchy of service management. The system is built upon a simplified Public Key Infrastructure that provides for authentication, non-repudiation, anti-playback, and access control. Smartcards are used as secure containers for digital certificates. The system is implemented in Java and we use Extensible Markup Language as the sole medium for communications and data exchange. Currently, we are solely dependent on a base set of access rights for our distributed trust model however, we are expanding the model to include the delegation of rights based upon a predefined policy. In our proposed expansion, instead of exclusively relying on predefined access rights, we have developed a flexible representation of trust information, in Prolog, that can model permissions, obligations, entitlements, and prohibitions. In this paper, we present the implementation of our system and describe the modifications to the design that are required to further enhance distributed trust. Our implementation is applicable to any distributed service infrastructure, whether the infrastructure is wired, mobile, or ad hoc.     

TD-LTE室内分布系统四网协同组网研究

如何部署和建设TD-LTE是中国移动四网协同战略的关键一环,本文在研究TD-LTE与其它系统间的干扰特性以及覆盖特性的基础上,结合现网测试结果,给出TD-LTE室内分布系统的双通道建设方案,对TD-LTE室内分布系统规划建设具有重要的指导意义.     

Enhanced binary exponential backoff algorithm for fair channel access in the ieee 802.11 medium access control protocol

The medium access control protocol determines system throughput in wireless mobile ad hoc networks following the ieee 802.11 standard. Under this standard, asynchronous data transmissions have a defined distributed coordination function that allows stations to contend for channel usage in a distributed manner via the carrier sensing multiple access with collision avoidance protocol. In distributed coordination function, a slotted binary exponential backoff (BEB) algorithm resolves collisions of packets transmitted simultaneously by different stations. The BEB algorithm prevents packet collisions during simultaneous access by randomizing moments at stations attempting to access the wireless channels. However, this randomization does not eliminate packet collisions entirely, leading to reduced system throughput and increased packet delay and drop. In addition, the BEB algorithm results in unfair channel access among stations. In this paper, we propose an enhanced binary exponential backoff algorithm to improve channel access fairness by adjusting the manner of increasing or decreasing the contention window based on the number of the successfully sent frames. We propose several configurations and use the NS2 simulator to analyze network performance. The enhanced binary exponential backoff algorithm improves channel access fairness, significantly increases network throughput capacity, and reduces packet delay and drop. Copyright © 2013 John Wiley & Sons, Ltd.     

Modeling the IEEE 802.11e HCCA mode

It was shown that the hybrid coordination function control channel access (HCCA) is capable of guaranteeing quality of service in wireless local area networks. However, there is still no comprehensive analytical model for HCCA. Therefore, novel modeling of pure HCCA based on the cyclic-service queueing system is provided in this paper. Our model is general enough to accept a wide range of schedulers and various types of traffic under the finite buffer policy. Via comparisons with simulations, high accuracy of the analytical model is exhibited. Furthermore, some valuable insights and recommendations on how to improve the HCCA performance are revealed by investigating the HCCA mode through the proposed model.     

Optimal Retransmission Control of Slotted ALOHA Systems

Multiple access methods constitute an important subject in the design of distributed computer communication systems. A technique which has attracted considerable attention is the slotted ALOHA random access scheme. In this paper, based on some analytical properties of the slotted ALOHA system [9], we establish the optimality property of the multiple control limit policy among the class of multiple-action policies. The previously reported control limit policy [6] is just a special case. We then derive the optimal retransmission control (ORC) policy which is optimal among the whole class of stationary policies. The superiority of the ORC policy is also illustrated by numerical examples. The performance of the ORC policy for various potential input traffic intensity is presented.     

IEEE 802.11 medium access control enhancements based on simultaneous multiple‐input multiple‐output bandwidth sharing

The demand for higher data rate has spurred the adoption of multiple‐input multiple‐output (MIMO) transmission techniques in IEEE 802.11 products. MIMO techniques provide an additional spatial dimension that can significantly increase the channel capacity. A number of multiuser MIMO system have been proposed, where the multiple antenna at the physical layer are employed for multiuser access, allowing multiple users to share the same bandwidth. As these MIMO physical layer technologies further evolve, the usable bandwidth per application increases; hence, the average service time per application decreases. However, in the IEEE 802.11 distributed coordination function‐based systems, a considerable amount of bandwidth is wasted during the medium access and coordination process. Therefore, as the usable bandwidth is enhanced using MIMO technology, the bandwidth wastage of medium access and coordination becomes a significant performance bottleneck. Hence, there is a fundamental need for bandwidth sharing schemes at the medium access control (MAC) layer where multiple connections can concurrently use the increased bandwidth provided by the physical layer MIMO technologies. In this paper, we propose the MIMO‐aware rate splitting (MRS) MAC protocol and examine its behavior under different scenarios. MRS is a distributed MAC protocol where nodes locally cooperate with one another to share bandwidth via splitting the spatial channels of MIMO systems. Simulation results of MRS protocol are obtained and compared with those of IEEE 802.11n protocol. We show that our proposed MRS scheme can significantly outperform the IEEE 802.11n in medium access delay and throughput. Copyright © 2012 John Wiley & Sons, Ltd.     

公用无线局域网的负载均衡策略

无线局域网与GPRS结合而成的公用无线局域网,是一种覆盖全球的宽带移动通信网,负载均衡策略是其中的一项关键技术.本文首先提出基于接入控制器(AC)的集中式负载均衡策略(CLBAC)以提高网络安全性,然后提出分布式负载均衡策略(DLB):各用户在接入网络的时侯,首先采用虚拟的分布式协调功能(VDCF)预测各小区的实时负载,然后接入负载最轻的小区.与集中式负载均衡策略比较,分布式负载均衡策略在网络资源开销和安全性等方面具有明显优势.仿真结果表明:VDCF算法预测小区负载快捷准确.     

Delay guaranteed MDP scheduling scheme for HCCA based on 802.11p protocol in V2R environments

In recent years, the vehicular ad hoc network has attracted worldwide attention from academe and industry. Many researches have been executed to improve the quality of services (QoS) of the intelligent transportation system. However, current existing channel access schemes at the medium access control layer specified in 802.11 protocol, including hybrid coordination function control channel access (HCCA) and enhanced distributed channel access, could not efficiently achieve the QoS requirements in some special situations. This paper proposes a delay guaranteed HCCA (DG‐HCCA) scheduling scheme, which works based on a Markov decision process model and the measurement of historic performance, to guarantee the QoS enhanced data transmission for vehicles to roadside unit. Besides, this paper also presents a performance analysis model to systematically evaluate the system performance of the channel utility and the average delay. The performance of the proposed delay guaranteed HCCA scheduling scheme is compared with that of original HCCA scheme specified in 802.11p standard and other 2 HCCA improved schemes by the simulation experiments. The simulation results demonstrate that the proposed solution could highly fulfill the transmission delay requirements with a better channel utility and less loss rates than those by the standard HCCA scheme and other 2 schemes.     

Dynamic spectrum access in open spectrum wireless networks

One of the reasons for the limitation of bandwidth in current generation wireless networks is the spectrum policy of the Federal Communications Commission (FCC). But, with the spectrum policy reform, open spectrum wireless networks, and spectrum agile radios are set to drive next general wireless networks. In this paper, we investigate continuous-time Markov models for dynamic spectrum access in open spectrum wireless networks. Both queueing and no queueing cases are considered. Analytical results are derived based on the Markov models. A random access protocol is proposed that is shown to achieve airtime fairness. A distributed version of this protocol that uses only local information is also proposed based on homo egualis anthropological model. Inequality aversion by the radio systems to achieve fairness is captured by this model. These protocols are then extended to spectrum agile radios. Extensive simulation results are presented to compare the performances of fixed versus agile radios.