A Traceable Capability-based Access Control for IoT

Delegation mechanism in Internet of Things (IoT) allows users to share some of their permissions with others. Cloud-based delegation solutions require that only the user who has registered in the cloud can be delegated permissions. It is not convenient when a permission is delegated to a large number of temporarily users. Therefore, some works like CapBAC delegate permissions locally in an offline way. However, this is difficult to revoke and modify the offline delegated permissions. In this work, we propose a traceable capability-based access control approach (TCAC) that can revoke and modify permissions by tracking the trajectories of permissions delegation. We define a time capability tree (TCT) that can automatically extract permissions trajectories, and we also design a new capability token to improve the permission verification, revocation and modification efficiency. The experiment results show that TCAC has less token verification and revocation/modification time than those of CapBAC and xDBAuth. TCAC can discover 73.3% unvisited users in the case of delegating and accessing randomly. This provides more information about the permissions delegation relationships, and opens up new possibilities to guarantee the global security in IoT delegation system. To the best of our knowledge, TCAC is the first work to capture the unvisited permissions.     

深圳市公交票价及财政政策研究

面对越来越严峻的城市交通形势,深圳政府已经认识到必须要加大对公交行业的投入,以建立可以与私人交通方式相竞争的公交体系。其中,公交票价和财政政策是非常重要的研究内容。鉴此就深圳目前面临的票价和财政问题,结合国外发达国家的相关经验,在对整个行业形势和交通政策进行深入研究的基础上,提出适合深圳发展的关于公交票价和财政政策方面的建议,使政府、公交公司、乘客三者之间能取得一个较好的平衡点。     

电力网倒闸操作票专家系统

电力网倒闸操作票专家系统,用规则描述变电站操作票生成知识构成知识库.将变电站各种设备的参数建立数据库,推理机动态地操纵知识库和数据库,从而形成操作票自动生成系统.其功能包括自动开票、手工开票、模拟开票、图形模拟及系统维护和管理.     

中国古城门票的制度经济学分析--从凤凰古城门票事件看中国古城保护制度困局

运用新制度经济学研究方法,指出古城在本质上属于一种特殊的土地资源,其历史文化价值的整体性、公共性、外部性等特征使其成为一个历史文化价值“公共区域”,而古城保护则类似于建设一个极为特殊的“古城历史文化公园”,必须以特定的土地商业模式为基础。古城门票实际上代表了一种古城土地商业模式,对中国现有古城土地商业模式的比较制度分析表明,门票模式在中国古城保护历史中扮演了重要的角色,其主导地位来源于其对中国特殊制度环境所具有的最佳适应性。应辩证和历史地分析古城门票在中国古城保护中的作用,在高层政府缺位的情况下,对凤凰等小型古城而言门票模式虽不高级但却较为适宜,必须构建各方平等的社会沟通机制以防止古城门票的扭曲和变形。     

Mobile Cloud Middleware

Mobile Cloud Computing (MCC) is arising as a prominent research area that is seeking to bring the massive advantages of the cloud to the constrained smartphones. Mobile devices are looking towards cloud-aware techniques, driven by their growing interest to provide ubiquitous PC-like functionality to mobile users. These functionalities mainly target at increasing storage and computational capabilities. Smartphones may integrate those functionalities from different cloud levels, in a service oriented manner within the mobile applications, so that a mobile task can be delegated by direct invocation of a service. However, developing these kind of mobile cloud applications requires to integrate and consider multiple aspects of the clouds, such as resource-intensive processing, programmatically provisioning of resources (Web APIs) and cloud intercommunication. To overcome these issues, we have developed a Mobile Cloud Middleware (MCM) framework, which addresses the issues of interoperability across multiple clouds, asynchronous delegation of mobile tasks and dynamic allocation of cloud infrastructure. MCM also fosters the integration and orchestration of mobile tasks delegated with minimal data transfer. A prototype of MCM is developed and several applications are demonstrated in different domains. To verify the scalability of MCM, load tests are also performed on the hybrid cloud resources. The detailed performance analysis of the middleware framework shows that MCM improves the quality of service for mobiles and helps in maintaining soft-real time responses for mobile cloud applications.     

虚拟候车环境内视觉线索目视管理对乘客寻路行为的影响

在虚拟候车环境中,研究视觉线索所提供的信息与乘客视觉信息需求的一致性对其登乘行为的影响,通过调整候车环境中提供寻路信息的两种视觉线索(候车信息屏和车站检票口布局结构)与乘客所需信息的目视统一性,以完成任务的总时间、看屏时间及行动时间等作为乘客寻路表现的指标来评价不同形式的两种视觉线索的功能,为车站目视化管理提供科学依据。实验结果表明:候车信息屏上信息呈现的顺序在与使用者的目视编码需求保持一致时,乘客有较好的寻路表现;与顺序型和奇偶型布局相比,AB型布局能使乘客在较短的时间内形成空间认知,是一种对布局结构进行目视管理的理想类型。     

网络订票的移动支付协议的研究与设计

本文给出一个网络订票的移动支付模型,在这一模型上,基于CEMBS的设计思想,在尽量满足移动网络特性的情况下,设计了一个能在移动终端实现网络订票的高效、安全协议.通过分析,该协议满足不可否认性,认证性以及保密性等一些性质,并且协议较为简单,应用范围较广.     

电力生产对象运行维护自动化中签名认证问题的研究

该文提出了电力生产对象运行维护自动化中的一种签名认证模型。讨论了系统的运行环境和体系结构，并给出了签名认证的具体算法。     

对一个模糊身份格基签名方案的改进

对第一个基于格理论构造的模糊身份签名方案进行了深入分析,指出了它的安全性证明中存在的两个问题: 1)对私钥提取查询的应答会导致Hash函数碰撞的产生;2)对于和挑战目标相同比特位数大于门限值的身份的签名查询无法应答. 针对这些问题,给出了相应的改进方法,并且利用格上固定维数的格基代理方法,避免了原方案中维数的扩张,给出了一个私钥维数和签名维数更短的模糊身份格基签名方案. 最后,给出了新方案的安全性证明.     

程序化操作在变电站中实现的几个关键问题

程序化操作是无人值班变电站发展的必然。阐述了程序化操作变电站中程序化操作实现的方式和目标、全方位的程序化操作发展方向、程序化操作的通信协议的选择、操作票的模式、程序化操作方案的选择、程序化操作在调度端的实现、保证程序化操作正确性的措施、程序化操作变电站的扩建以及对运行管理的要求等几个关键问题,在技术分析的基础上给出了实现方案。