A Reconfiguration Trial on the Platform of Allied Information for Wireless Converged Networks

PAl （platform of allied information） promotes persistent innovation and application of the wireless technologies among different institutes, based on open, safe and controllable network architecture. The platform architecture, unified interface, security mechanism, and reconfiguration are designed to achieve the convergence of various wireless experimental resources. In this paper, the reconfiguration mechanism is designed and a reconfiguration trial is implemented based on the PAI, to verify the ability of integrating experimental resources in the related units.     

Evolution of MPP SoC architecture techniques

The evolution of chip architecture is discussed in this paper. Then MPP SoC architectures according to three kinds of computing paradigms are analyzed. Based on these discussions and analyses, array processor architecture for unified change is presented, which could implement the simplification, effectiveness and versatility of both data level and non-data level parallel algorithm＇s programming.     

Analysis and Implementation of an Open Programmable Router Based on Forwarding and Control Element Separation

A router architecture based upon ForCES (Forwarding and Control Element Separation), which is being standardized by IETF ForCES working group, gains its competitive advantage over traditional router architectures in flexibility, programmability, and cost-effectiveness. In this paper, design and implementation of a ForCES-based router (ForTER) is illustrated. Firstly, the implementation architecture of ForTER is discussed. Then, a layered software model, which well illustrates ForCES features, is proposed. Based on the model, design and implementation of Control Element (CE) and Forwarding Element (FE) in ForTER are introduced in detail. Moreover, security for ForTER is considered and an algorithm to prevent DoS attacks is presented. Lastly, experiments of ForTER are illustrated for routing and running routing protocols, network management, DoS attack prevention, etc. The experimental results show the feasibility of the ForTER design. Consequently, the ForTER implementation basically testifies the feasibility of ForCES architecture and some IETF ForCES specifications.     

ORACLE的存储体系结构及其对象空间分配的研究

With fast development in information times, the database, as the kernel unit of information storage, has been playing an increasingly role in the field of the modern information technology. In this paper, ORACLE storage architecture is analyed from physical and logical aspects. Meanwhile, its object space allocation is also discussed and explained by some examples.     

The Security of Wireless Local Area Network

The Wireless Local Area Network （WLAN） is a new and developing technology and the security problem is always important in all networks; therefore, the security problems will be discussed in this article. The article firstly introduces the history of development of IEEE 802.11 and provides an overview of the Wireless LAN. The architecture of WLAN will be referred in next. Finally, the further of the wireless LAN will be prospected by this article.     

The Security of Wireless Local Area Network

The Wireless Local Area Network (WLAN) is a new and developing technology and the security problem is always important in all networks; therefore, the security problems will be discussed in this article. The article firstly introduces the history of development of IEEE 802.11 and provides an overview of the Wireless LAN. The architecture of WLAN will be referred in next. Finally, the further of the wireless LAN will be prospected by this article.     

CROWN:A service grid middleware with trust management mechanism

Based on a proposed Web service-based grid architecture, a service grid middleware system called CROWN is designed in this paper. As the two kernel points of the middleware, the overlay-based distributed grid resource management mechanism is proposed, and the policy-based distributed access control mechanism with the capability of automatic negotiation of the access control policy and trust management and negotia- tion is also discussed in this paper. Experience of CROWN testbed deployment and ap- plication development shows that the middleware can support the typical scenarios such as computing-intensive applications, data-intensive applications and mass information processing applications.     

An Inference Microprocessor Design

This paper is concerned with the design of an inference microprocessor for production rule systems.Its implementation is based on both exact and inexact (fuzzy logic) reasoning,so it can be used for building various production rule systems.The methods of translating linguistically expressed rules into numerical representations are described and the hardware implementations are discussed.Finally, a parallel architecture for the inference microprocessor is presented.     

Internet Network Resource Information Model

The foundation of any network management systems is a database that contains information about the network resources relevant to the management tasks.A network information model is an abstraction of network resources,including both managed resources and managing resources,In the SNMP-based management framework,management information is defined almost exclusively from a “Device“ viewpoint,namely managing a network is equivalent to managing a collection of individual nodes.Aiming at making use of recent advances in distributed computing and in object-oriented analysis and design,the Internet management architecture can also be based on the Open Distributed Processing Reference Model(RM-ODP).The purpose of this article is to provide an Internet Network Resource Information Model.First,a layered management information architecture will be discussed.Then the Internet Network resource information model is presented.The information model is specified using object-Z.     

Towards evolvable Internet architecture-design constraints and models analysis

There is a general consensus about the success of Internet architecture in academia and industry. However, with the development of diversified application, the existing Internet architecture is facing more and more challenges in scalability, security, mobility and performance. A novel evolvable Internet architecture framework is proposed in this paper to meet the continuous changing application requirements. The basic idea of evolvability is relaxing the constraints that limit the development of the architecture while adhering to the core design principles of the Internet. Three important design constraints used to ensure the construction of the evolvable architecture, including the evolvability constraint, the economic adaptability constraint and the manageability constraint, are comprehensively described. We consider that the evolvable architecture can be developed from the network layer under these design constraints. What＇s more, we believe that the address system is the foundation of the Internet. Therefore, we propose a general address platform which provides a more open and efficient network environment for the research and development of the evolvable architecture.     

可信可控网络中的一致性视图构建机制

在可信可控网络中利用多个控制节点对AS进行联合控制,容易造成多个控制节点在网络控制过程中持有的AS视图不一致问题。针对该问题,在可信可控网络模型的基础上提出了基于选举算法的AS内一致性视图构建机制,该机制首先基于选举算法选举出主控制节点,然后主控制节点根据AS内各个控制节点的负载,将视图构建任务分配给负载最低的控制节点负责构建视图,并利用主控制节点的时间对生成的视图的版本进行界定,从而避免了多个控制节点独自构建视图造成的视图混乱问题。仿真实验的结果表明,所提出的一致性视图构建机制具有良好的性能。     

下一代互联网的可信性

本文首先概述了互联网可信性的研究概况．然后剖析了造成信任危机的原因;在给出可信性的 基本定义之后,讨论了互联网可信性的网络体系结构和协议工作模型,并归纳了目前互联网最新的网络安全 技术．最后给出了下一代互联网可信性研究的关键问题与展望．     

Hidasav:一种层次化的域间真实源地址验证方法

可信任是下一代互联网的重要特征,真实地址访问是可信任的基础和前提.自治域级真实地址访问是整个可信任互联网体系结构中最为复杂的一个层次.基于标签的源地址验证不受拓扑结构影响,无需中间节点特殊处理,是实现域间真实地址访问的有效方法.然而,现有方法中信任联盟过于扁平化和单一化的问题导致验证开销随联盟规模增大而急剧增大,影响和制约了机制的可扩展性和过滤能力,难以进行增量部署.对此,文中提出了一种层次化的基于标签替换的域间真实源地址验证方法(Hidasav),该方法通过合理规划联盟层次和聚类整合,构建出一种多级并存的信任联盟体系结构,通过引入实现轻量级标签替换的联盟边界,将每一层级联盟和外界网络隔离,使得下层联盟和更高层联盟内部的网络环境彼此互不可见、互无影响.与现有同类典型方法在CNGI真实环境中的实验结果比较表明,该方法能够在确保域间高速通信的同时有效降低边界路由设备的状态机存储、更新和报文验证开销.     

一个Web服务可信体系结构

Web服务的安全可信问题是影响其广泛应用的重要因素。已有的解决方案大多从安全角度出发,但对于服务面对攻击或安全威胁时仍能按照预期工作则缺乏考虑。从Web服务的安全可信需求出发,对安全的概念进行了拓展,提出了可信的目标和内涵。在此基础上,提出一个以安全交互、联合身份和分布策略为基础,以运维管理、共用机制为支撑的Web服务可信体系结构,其可为Web服务安全可信提供体系结构层面的支持。     

可信网络连接的安全量化分析与协议改进

可信网络连接(TNC)被认为是可信的网络体系结构的重要部分,随着TNC研究和应用的不断深入,TNC架构自身的安全性问题变得更加至关重要.文中重点研究TNC协议架构的安全性问题,首先提出了一种针对TNC协议的基于半马尔可夫过程的安全性量化分析方法;其次针对TNC完整性验证和访问授权过程中存在的安全威胁和漏洞,提出了一套安全性增强机制,并通过安全量化分析方法进行了验证.最后利用Intel IXP2400网络处理器搭建了TNC原型系统,为文中提出的改进机制和系统框架提供了安全量化验证的实际平台.     

基于过程知识的软件项目计划及其控制

为使软件项目计划合理、计划执行控制有效,该文基于小组软件过程TSP(TeamSoftwareProcess),提出了一个软件过程知识支持下的具有决策、建议和预测能力的分布式软件项目计划与控制解决方案,与此同时,讨论了相关支持工具的体系结构实现及其实例应用场景。     

一种基于效用和证据理论的可信软件评估方法

由于可信软件评估需求的动态多变以及专家主观决策的有限理性,多维多尺度可信软件评估问题是一个重要而困难的研究课题.在分析现有可信软件评估需求的基础上,提出一种基于效用和证据理论的可信软件评估方法.首先设计了一个需求驱动的可信指标树动态构造模型:开放式可信指标数据库和指标树生成算法;接着讨论分析了基于效用的可信软件定性和定量指标的信息预处理技术,并重点介绍基于分布式评估框架和Dempster合成规则的可信软件评估证据推理算法;最后通过案例证明了该方法的有效性和合理性.相信该模型的提出能对复杂环境下软件可信性评估理论的进一步研究起推动作用.     

可信编译器关键技术研究

软件的可信性很大程度上依赖于程序代码的可信性。影响软件可信性的主要因素包括来自软件内部的代码缺陷、代码错误、程序故障以及来自软件外部的病毒、恶意代码等,因此从代码角度来保证软件的可信性是实现可信软件的重要途径之一。编译器作为重要的系统软件之一,其可信性对整个计算机系统而言具有非常重要的意义。软件程序一般都需要经过编译器编译后方能执行,如果编译器不可信,则无法保证其所生成代码的可信性。本文主要讨论设计和实现可信编译器的主要思路和关键技术。     

基于区块链的智慧城市边缘设备可信管理方法研究

由于物联网设备的资源受限,当前智慧城市相关应用系统,在抵御以物联网设备为目标的恶意攻击时存在局限性,难以提供安全可靠的服务。本文设计了基于区块链的智慧城市边缘设备管理架构,将区块链技术引入智慧城市建设研究中,利用区块链分布式架构和去中心化的思想,实现感知数据的可信收集和存储,并基于该架构提出了一种新的基于信誉的PoW共识算法,为物联网设备提供信任机制,该算法极大的增加了由物联网设备端发起的恶意攻击的成本,有效的预防了设备的恶意攻击行为,实现了边缘设备行为的可信管理。基于所提方法实现的智慧城市应用案例验证了其可行性,有效防范了来自节点的恶意攻击,增强了系统的信息安全性。     

面向软件可信性的可信指针分析技术综述*

对可信指针分析技术的定义和描述、指针分析对软件可信性的保障、可信指针分析属性以及该领域主要研究成果等方面进行了综述。通过对现有可信指针分析技术的分析和比较,详细讨论了面向软件可信性的可信指针分析的关键技术;此外,重点介绍了流敏感指针分析及上下文敏感指针分析的方法和理论;最后对进一步研究工作的方向进行了展望。