自适应的策略管理系统的研究与设计

针对IETF策略管理框架和Ponder策略部署框架的缺陷,提出在策略管理框架中加入自适应机制,在此基础上设计了支持移动控制台和身份认证及加密等安全机制的、具有自适应能力的策略管理系统;并采用Ponder策略语言定义了自管理策略和自适应策略,为系统实现基于事件的自管理和自维护提供了可能;最后通过建立四个数据集,阐述了系统的状态转换关系.     

应用安全平台体系中安全策略模型的研究

在分布式系统中,安全策略的管理是很重要的,为了对分布式系统中的安全策略方便地进行管理,并且可以适应不同类型的分布式认证系统,该文通过对RBAC96模型的研究,给出了通过结构化的语言(XML)来描述应用安全平台体系中的安全策略模型和一个实例。     

两层架构的可信身份服务平台研究与设计

针对当前网络环境中基于用户真实身份安全管控需求与用户隐私保护需求之间的矛盾,引入主管机构作为可信方,将用户的真实身份管理与虚拟业务账号管理独立开来,建立两层架构的可信身份服务平台。平台通过身份绑定机制,建立用户业务账号与其真实身份之间的映射关系,实现基于真实身份的信任保障;并根据业务的应用场景配置策略为其提供用户属性,以保障用户隐私安全。     

Fault-tolerant feedback virtual machine deployment based on user-personalized requirements

A key requirement of the cloud platform is the reasonable deployment of its large-scale virtual machine infrastructure. The mapping relation between the virtual node and the physical node determines the specific resource distribution strategy and reliability of the virtual machine deployment. Resource distribution strategy has an important effect on performance, energy consumption, and guarantee of the quality of service of the computer, and serves an important role in the deployment of the virtual machine. To solve the problem of meeting the fault-tolerance requirement and guarantee high reliability of the application system based on the full use of the cloud resource under the prerequisite of various demands, the deployment framework of the feedback virtual machine in cloud platform facing the individual user’s demands of fault-tolerance level and the corresponding deployment algorithm of the virtual machine are proposed in this paper. Resource distribution strategy can deploy the virtual machine in the physical nodes where the resource is mutually complementary according to the users’ different requirements on virtual resources. The deployment framework of the virtual machine in this paper can provide a reliable computer configuration according to the specific fault-tolerance requirements of the user while considering the usage rate of the physical resources of the cloud platform. The experimental result shows that the method proposed in this paper can provide flexible and reliable select permission of fault-tolerance level to the user in the virtual machine deployment process, provide a pertinent individual fault-tolerant deployment method of the virtual machine to the user, and guarantee to meet the user service in a large probability to some extent.     

面向集群服务器系统的监控平台综述

为保证云计算、高性能计算集群服务器系统的服务能力,需构建监控平台对各种来源数据的实现统一管理、统计分析和展现。本文面向集群服务器系统监控平台的搭建方式,综述当前各种常见的监控平台架构和组件,分析各类平台在部署、数据规模、统计分析能力以及时效性等方面的不同。分析结果表明,集群服务器系统监控平台搭建方案应根据监控数据规模、时效性要求、查询和统计需求选择方案。     

Business processes oriented heterogeneous systems integration platform for networked enterprises

Supply chains, dynamic alliances, e-business, extended enterprises, and virtual organizations are typical networked enterprises which are formed based on partner companies’ core competencies. Different partners have different infrastructures; the interoperability among heterogeneous systems is the solid foundation for the networked enterprise to work seamlessly and effectively. Due to the distributed and heterogeneous characteristics of different partner companies, it is a big challenge to implement a satisfying and cost effective solution in the networked enterprise.Aiming at the problems of system integration and cross-system interoperability, Service-Oriented Architecture (SOA) provides a new integration pattern and relative system infrastructure. The key for the development and implementation of SOA is services encapsulation and orchestration of applications through certain mechanism to operate a complex business. However, cross infrastructures services access protection and relative services orchestration are still the bottleneck for the SOA implementation.This paper develops a business processes oriented heterogeneous systems integration platform with relative methodology for networked enterprises integration. The platform is a space distributed and management centralized platform for networked enterprises. The service access agent (SAA) mechanism is developed to realize cross-domains identity authentication, service authorization, and information transmission security. Every Web service or SAA in the platform has a unique ID. The interoperating process only relies on IDs, which endows the platform with a loose coupling feature. Aiming at service orchestration, a graphic service process modelling method is developed, with which the developed process model can link atom Web services and form a complex service. The Java based service orchestration tool provides an ESB (Enterprise Service Bus) independent service orchestration and deployment. Those services that are results of orchestration can be orchestrated as an atom service in another orchestrating process. Thus, the platform can support orchestration decomposition. The structure approach of the business process modelling based platform implementation is developed, which provides a guideline for platform installation, services modelling, service encapsulation, service orchestration, and service deployment. Two cases are provided to illustrate the usage of the platform in industries. The development of this platform is an open source project.     

From IMS Management to SOA Based NGN Management

Although IP Multimedia Subsystem (IMS) based Next Generation Networks (NGNs) are already emerging as the common session control platform for converging fixed, mobile and cable networks, harmonized solutions for the management of these converged platforms have still got to be developed. This document describes a hands-on approach to NGN Management. Started with IMS specific management systems, succeeding research had to take into account the importance of the management of NGN SDPs as well. This work shows that the hybrid nature of an NGN, where services can be delivered at the IMS layer, by SIP signaling mechanisms, as well as at the SDP, via Web Services, requires a harmonized management approach. Taking into account Service Oriented Architecture (SOA) principles and policy based model driven architectures, this work shows that a unification of service composition and service management already at the workflow creation level, bares significant benefits in terms of automation and harmonization. Following the SOA paradigm, the approach presented here does not differentiate between business process management (BPM) and management process management. Focusing on Telemanagement Forum’s enhanced Telecom Operations Map service fulfillment and service assurance operations, this document describes an New Generation Software and Services (NGOSS) based implementation of a unified Operation Support System (OSS) for NGNs that encompasses many problems of former stovepipe management solutions in terms of automation, flexibility and manageability.     

Exploring interoperability of distributed Ledger and Decentralized Technology adoption in virtual enterprises

The breakthrough of Distributed Ledger Technologies (DLT) has enabled the emergence and implementation of a wide range of digital platforms in Virtual Enterprises (VE) which collaborate to provide digital services. DLT has the potential to revolutionize VE by offering transparent, decentralized, trustworthy, data provenance, reliable, and auditable features. Yet, the full deployment of DLT systems and digital platforms is still limited since some systems are operating in isolation. Hence, DLT interoperability is one of the challenges inhibiting widespread adoption of DLT platforms. DLT interoperability represents the ability for one distributed ledger platform to interact and share data with other legacy digital applications. It is inevitable to orchestrate these digital platforms fragments by introducing a cross-DLT platform integration to govern data usage within VE. Presently, already proposed approaches for DLT interoperability such as naive relay, sidechain, oracle solutions notary scheme, or relay chain are mostly not employed as they are either resource-intensive or too expensive to operate. Therefore, this paper presents a layered architecture that aids interoperability of DLT, and digital platforms based on IOTA Tangle. Design science method is adopted, and case demonstration is carried out to show how IOTA Tangle enable VE to provide an innovative virtual asset payment platform for seamless electric mobility as a service to clients. IOTA was employed as the DLT platform due to its data traceability, immutability, and tamper-proof features which allow for verification of integrity of data. IOTA offers flexibility and performance to support a reliable digital solution. Findings from this study presents a layered architecture that aids IOTA Tangle to make requests, inter-communicate, and share data via RESTful application programming interface as gateway with other external digital platforms deployed by VE to achieve an interoperable eco-system.

     

Policy lifecycle model for systems management

In an enterprise, policies are the glue that hold network and systems management activities, tools, managed resources, and process participants together. Nevertheless, gaps between management objectives, policy definitions, and policy enforcement are inevitable during policy deployment. Policy definitions will rarely satisfy all management requirements and can be difficult to understand and enforce. Moreover, system administrators often ignore or circumvent policies intentionally or unintentionally in daily management activities. Policy-based management offers a promising solution to the problem of managing complex systems. It provides a means by which to simplify and largely automate the management procedure. These authors propose a policy lifecycle model, based on proven software development procedures; it can guide the deployment of a policy-based information management system in an enterprise.     

大数据环境下常州市新北区智慧排水平台构建

为解决业务系统相互独立,整合困难,数据利用程度低,决策智能化水平不高等问题,梳理常州新北水务管理体系,分析水务信息化现状,在智慧城市的大背景下,借助云计算、物联网、大数据分析等先进技术,构建大数据环境下新北区排水管理一体化平台,包括水务"一张图",1个数据中心,采集和水务业务2个平台,以及1套完整的排水网络安全体系,为新北区排水建设和管理提供新的思路。     

分布式应用中的访问控制规范的研究

针对分布式系统中安全服务规范给安全策略管理带来的不便,文章给出了一个针对分布式系统的访问控制策略设计和管理的访问控制模型,将此模型融入到分布式应用系统程序中,使用视图策略语言来描述访问控制策略,实现对安全访问策略行之有效的管理,并可以进行静态类型检测以保证规范的一致性。文章最后给出了分布式应用程序中执行VPL表示的访问控制策略的基础结构。     

An Adaptive Policy-Based Framework for Network Services Management

This paper presents a framework for specifying policies for the management of network services. Although policy-based management has been the subject of considerable research, proposed solutions are often restricted to condition-action rules, where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. While current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to:a) provide policy specification and adaptation across different abstraction layers; and, b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policies in response to changes within the managed environment. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. Access control for network services is also discussed.     

Organizational buyers’ assimilation of B2B platforms: Effects of IT-enabled service functionality

This paper investigates service functionality in the domain of B2B platform assimilation from the buyer’s perspective. Using a customer service life cycle framework, we identified five dimensions of service functionality, namely, information search, negotiation, acquisition, ownership, and retirement. We theorize that the importance of these dimensions is contingent upon current level of B2B platform assimilation. Furthermore, building on an enabler-inhibitor perspective, we theorize that the benefits and top management support are the enablers, whereas assimilation costs, managerial complexity, and demand uncertainty are the inhibitors of a firm’s future decision to assimilate a B2B platform. Using a two-staged field survey, we tested our theory on a sample of 191 professionals. The results indicate that the importance of service functionality dimensions varies depending on the current level of service assimilation, namely, the importance of information search functionalities decreases while the importance of ownership and retirement functionalities increases as the firms move from the awareness stage to the general deployment stage. Furthermore, our results indicate that benefits and top management support enable future platform assimilation irrespective of the assimilation stage a firm is in currently. Assimilation costs were found to have negative impact on future platform assimilation among the companies who had a low level of current assimilation. However, the effect became non-significant for the companies with a higher level of current assimilation. Our paper contributes to the theory development by (i) showing that the importance of different IT mediated services is contingent upon current level of assimilation; and (ii) showing which factors retain their importance throughout the assimilation stages. We describe management implications for B2B platform owners and buyer organizations.     

An innovative simulation environment for cross-domain policy enforcement

With the development of policy management systems, policy-based management has been introduced in cross-domain organization collaborations and system integrations. Theoretically, cross-domain policy enforcement is possible, but in reality different systems from different organizations or domains have very different high-level policy representations and low-level enforcement mechanisms, such as security policies and privacy configurations. To ensure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed prior to actual policy deployment and enforcement code development. In most cases, we have to manually write enforcement codes for all organizations or domains involved in every collaboration activity, which is a huge task. The goal of this paper is to propose an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire environment is used to simulate the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span multiple domains. The middleware derived from this simulation environment can also be used to generate policy enforcement components directly for permanent integration or temporary interaction. This middleware provides various functions to enforce policies automatically or semi-automatically across domains, such as collecting policies of each participant domain in a new collaboration, generating policy models for each domain, and mapping specific policy rules following these models to different enforcement mechanisms of participant domains.     

Trust fraud: A crucial challenge for China’s e-commerce market

Currently, China’s e-commerce market is growing at an unprecedented pace, however, it is faced with many challenges, among which the trust fraud problem is the biggest issue. In this article, we use Taobao as an example and conduct a thorough investigation of the trust fraud phenomenon in China’s e-commerce market. We present the development history of trust fraud, summarize its unique characteristics, and explore the reasons why so many sellers commit fraud. We further propose a dynamic time decay trust model that aims to deter trust fraud by raising its cost and promote the growth of small and medium-sized sellers. The model utilizes detailed seller ratings as the data source, and incorporates a transaction amount weight, a time decay coefficient, and three trust factors in the calculation of trust. We test the model on real transaction data from Taobao, and the experimental results verify its effectiveness. Our proposed trust model yields a practical approach to online trust management not only in the Taobao market but also for other e-commerce platforms.     

A system for visual role-based policy modelling

The definition of security policies in information systems and programming applications is often accomplished through traditional low level languages that are difficult to use. This is a remarkable drawback if we consider that security policies are often specified and maintained by top level enterprise managers who would probably prefer to use simplified, metaphor oriented policy management tools.To support all the different kinds of users we propose a suite of visual languages to specify access and security policies according to the role based access control (RBAC) model. Moreover, a system implementing the proposed visual languages is proposed. The system provides a set of tools to enable a user to visually edit security policies and to successively translate them into (eXtensible Access Control Markup Language) code, which can be managed by a Policy Based Management System supporting such policy language.The system and the visual approach have been assessed by means of usability studies and of several case studies. The one presented in this paper regards the configuration of access policies for a multimedia content management platform providing video streaming services also accessible through mobile devices.     

基于Portal认证技术的科技成果数据跨平台访问控制

为避免科技成果数据外泄,设计一种基于Portal认证技术的科技成果数据跨平台访问控制方法。采用Portal认证技术构建请求访问平台和科技成果数据服务平台的访问控制模型,当这2个平台通过访客身份认证后,对其进行信任度评估和访问请求授权;服务提供平台利用策略实施点（PEP）完成访问请求用户属性信息的收集并传送至PEP,采用推荐算子计算存在访问请求的用户信任度,并通过合一运算获取用户在科技成果数据服务平台的信任度。将获取的信任度传送至策略决策点（PDP）,通过PDP对信任度进行分析,以给出是否对该访问请求进行授权的判定,实现科技成果数据跨平台访问控制。实验结果表明,该方法访问控制的有效性与精准度较高,平台响应时间短,实用性好。     

PCC智能管控策略研究

流量经营将决定运营商在3G市场能否占主导地位,在未来4G市场能否引领先机、占据主动。通过全面进行PCC部署和优化,进行基于业务、用户、总使用流量、位置/时间、接人类型多个维度的管控,同时,配合BOSS在线计费功能,对用户特定策略规则灵活计费,提升数据业务价值,助力流量经营。