云计算的服务安全体系结构和访问控制模型

Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views , the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers . An attribute-based dynamic access control model is presented to detail the relationships among subjects , objects , roles , attributes , context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.     

Traffic adaptive WDM networks: a study of reconfiguration issues

This paper studies the issues arising in the reconfiguration phase of broadcast optical networks. Although the ability to dynamically optimize the network under changing traffic conditions has been recognized as one of the key features of multi-wavelength optical networks, this is the first in-depth study of the tradeoffs involved in carrying out the reconfiguration process. We develop and compare reconfiguration policies to determine when to reconfigure the network, and we present an approach to carry out the network transition by describing a class of strategies that determine how to retune the optical transceivers. We identify the degree of load balancing and the number of retunings as two important, albeit conflicting, objectives in the design of reconfiguration policies, naturally leading to a formulation of the problem as a Markovian decision process. Consequently, we develop a systematic and flexible framework in which to view and contrast reconfiguration policies. We show how an appropriate selection of reward and cost functions can be used to achieve the desired balance among various performance criteria of interest. We conduct a comprehensive evaluation of reconfiguration policies and retuning strategies and demonstrate the benefits of reconfiguration through both analytical and simulation results. The result of our work is a set of practical techniques for managing the network transition phase that can be directly applied to networks of large size. Although our work is in the context of broadcast networks, the results can be applied to any wavelength-division multiplexing network where it is necessary to multiplex traffic from a large user population into a number of wavelengths     

基于Acegi安全框架实现Web系统的安全控制

Acegi是一个能为基于Spring的企业应用提供强大而灵活安全访问控制解决方案的框架。它充分利用Spring的IOC和AOP功能,提供声明式安全访问控制的功能。介绍了Acegi安全框架在认证和授权的基本流程,及其在Web系统中如何灵活利用其XML配置文件的声明式方法提供系统在认证和授权上的安全性。     

Secure quality of service handling: SQoSH

Proposals for programmable network infrastructures, such as active networks and open signaling, provide programmers with access to network resources and data structures. The motivation for providing these interfaces is accelerated introduction of new services, but exposure of the interfaces introduces many new security risks. We describe some of the security issues raised by active networks. We then describe our secure active network environment (SANE) architecture. SANE was designed as a security infrastructure for active networks, and was implemented in the SwitchWare architecture. SANE restricts the actions that loaded modules can perform by restricting the resources that can be named; this is further extended to remote invocation by means of cryptographic credentials. SANE can be extended to support restricted control of quality of service in a programmable network element. The Piglet lightweight device kernel provides a “virtual clock” type of scheduling discipline for network traffic, and exports several tuning knobs with which the clock can be adjusted. The ALIEN active loader provides safe access to these knobs to modules that operate on the network element. Thus, the proposed SQoSH architecture is able to provide safe, secure access to network resources, while allowing these resources to be managed by end users needing customized networking services. A desirable consequence of SQoSH's integration of access control and resource control is that a large class of denial-of-service attacks, unaddressed solely with access control and cryptographic protocols, can now be prevented     

A Security Architecture for Reconfigurable Networked Embedded Systems

Nowadays, networked embedded systems (NESs) are required to be reconfigurable in order to be customizable to different operating environments and/or adaptable to changes in operating environment. However, reconfigurability acts against security as it introduces new sources of vulnerability. In this paper, we propose a security architecture that integrates, enriches and extends a component-based middleware layer with abstractions and mechanisms for secure reconfiguration and secure communication. The architecture provides a secure communication service that enforces application-specific fine-grained security policy. Furthermore, in order to support secure reconfiguration at the middleware level, the architecture provides a basic mechanism for authenticated downloading from a remote source. Finally, the architecture provides a rekeying service that performs key distribution and revocation. The architecture provides the services as a collection of middleware components that an application developer can instantiate according to the application requirements and constraints. The security architecture extends the middleware by exploiting the decoupling and encapsulation capabilities provided by components. It follows that the architecture results itself reconfigurable and can span heterogeneous devices. The security architecture has been implemented for different platforms including low-end, resource-poor ones such as Tmote Sky sensor devices.     

A Security Architecture for Mobility-Related Services

In future wireless networks, mobility-related services, such as candidate access router discovery (CARD), will play a significant role in realizing truly ubiquitous, seamless connectivity. In order for these services to be realized, however, their particular security concerns must be addressed. Moreover, the security solution must be flexible and highly configurable in order to meet the demands of inter-domain roaming agreements. In this paper, we explore a number of alternatives and present a general architecture, iARSec, that provides both authentication as well as explicit authorization for services running between neighboring access routers.     

Light-Weight AAA Infrastructure for Mobility Support Across Heterogeneous Networks

Security and privacy architecture for various access networks have often been considered on the upper service layers in the form of application and transport security and from lower layers in the form of security over wireless networks. Today there is no trust relationship between the stakeholders of different access network types for e.g. wireless mesh network, wireless PAN, wireless LAN, cellular network, satellite etc. and each have their own security mechanism. What is common for these access networks is the networking layer which is IP based. In order to provide seamless service across these heterogeneous access networks there must be a trust relationship among the stakeholders for authentication, authorization, accounting and billing of end user. However, what is still missing is a general solution which is both adaptable to the network types and conditions and also takes into account end system capabilities as well as enabling inter-domain AAA negotiation. This paper proposes a light-weight AAA infrastructure providing continuous, on-demand, end-to-end security in heterogeneous networks.     

Using policies in highly configurable component-based NGOSS

The mission of operational support systems (OSS) is to run and manage the daily operations of a company. It is very important that the OSS exhibits great flexibility in adjusting its behaviour to ad hoc circumstances and in evolving as dictated by emerging changes. Contemporary advances in the area of software engineering, involving component-based frameworks, service-oriented architectures and Web Services, considerably facilitate the development of flexible component-based OSS. However, unless business rules, constraints and processes are disentangled from the OSS and become separately managed entities, every single change on them would require direct modifications within the system’s software, a fact that still limits the flexibility. It is the primary aim of this paper to examine the role that policies can play in delivering highly adaptable, configurable and flexible component-based new generation OSS (NGOSS). In order to ensure the highest degree of flexibility for NGOSS, the paper makes a threefold contribution. Firstly, a generic high-level model is introduced encompassing constructs that include policies capable of specifying NGOSS components in a technology-neutral way. The model complies with most of the TeleManagement Forum’s NGOSS principles. Secondly, we show how policies can be specified and used to flexibly configure component behaviour. Thirdly, the design of a component container is presented, which provides all necessary tools to facilitate the use of policies and aids the software materialisation of a policy-enabled interface to OSS components. An implementation of the container and an example scenario of its use is then shown.     

Enhancing Privacy and Authorization Control Scalability in the Grid Through Ontologies

The use of data Grids for sharing relevant data has proven to be successful in many research disciplines. However, the use of these environments when personal data are involved (such as in health) is reduced due to its lack of trust. There are many approaches that provide encrypted storages and key shares to prevent the access from unauthorized users. However, these approaches are additional layers that should be managed along with the authorization policies. We present in this paper a privacy-enhancing technique that uses encryption and relates to the structure of the data and their organizations, providing a natural way to propagate authorization and also a framework that fits with many use cases. The paper describes the architecture and processes, and also shows results obtained in a medical imaging platform.     

An immunity-based security architecture for mobile ad hoc networks

This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.     

基于策略的RBAC统一授权模型研究

现有的授权方式难以满足多种应用要求。提出一种基于策略的RBAC统一授权模型,并给出其实现方案。该模型以策略为基本构成要素,实现了根据多种属性的角色自动授予、角色冲突检测等功能。利用该模型能够以细粒度、灵活及与具体应用无关的方式授予用户权限,解决了大规模、海量用户系统难以自动授权的问题。基于该模型实现的统一授权与访问系统验汪了模型的有效性,可用在多种类型的应用系统上。     

Novel hybrid WDM/TDM PON architectures to manage flexibility in optical access networks

Different hybrid WDM/TDM PON architectures are compared in terms of flexibility, simplicity (affecting the cost), insertion loss (affecting the reach) and security. Special attention is given to the flexibility aspect in next generation optical access networks by designing different architectures with a different degree of flexibility, which are able to cope with different ranges of dynamic bandwidth allocation (DBA) possibilities. This paper assesses the degree of architectural flexibility needed to deal with some important flexibility advantages. It is shown that mostly a partially flexible architecture fulfils the needs. The architectures are then further evaluated from a cost and reach perspective. In this way, we provide a complete comparison considering all the key aspects of access network design. It is shown that a hybrid WDM/TDM PON with a partially flexible architecture in the first remote node can be an interesting candidate for next-generation optical access networks.     

Dynamic reconfiguration policies for reconfigurable coded-WDM PONs

This article studies the issues arising when reconfiguring coded-WDM networks to provide protection against eavesdropping. Although the ability to reconfigure coded-WDM PONs dynamically has been recognized as an effective means of improving the security of OCDMA networks, this article provides the first in-depth study of the tradeoffs involved in carrying out this reconfiguration process. The article commences by showing that the degree of confidentiality and the traffic loss are two important, but conflicting, objectives in the design of reconfiguration policies. The reconfiguration problem is then formulated as a Markovian decision process (MDP). The results obtained from MDP theory are applied to establish optimal reconfiguration policies for coded-WDM networks with various system parameters. Finally, the advantages of the optimal reconfiguration policies over a class of threshold-based policies are illustrated through simulation results.     

可重构柔性网络体系研究

下一代网络应该是一个可以满足用户个性化需求的网络,可重构技术在满足系统对环境和应用对象变化的适应性要求方面有着很好的表现,因此将可重构技术引入网络体系设计,提出了可重构柔性网络的概念,给出了可重构柔性网络参考模型,并进行形式化描述。最后,介绍了可重构柔性网络的应用前景及优势。     

基于承诺-担保的访问控制模型

访问控制模型是信息安全领域研究的重点之一.现有文献中可以见到许多访问控制模型,但其只能依据已有的事实由授权系统单方面对授权请求进行判定处理,不适合电子商务环境下根据用户对未来可满足条件的承诺进行交互式访问授权的需要.提出了新的基于承诺-担保的访问控制模型(PABAC)以满足上述访问控制需要.讨论了模型体系结构,承诺担保机制,授权职责分离以及访问控制.模拟实验结果表明了模型的有效性.     

Security and Authentication in the Mobile World

Mobile systems are evolving into data centric, packet switched,multiacess networks. New types of security threats are emerging in thesenew networks. From the user point of view a seamless solution for thesethreats is required. This paper presents a vision of network convergenceand its implications to authentication and authorization solutions.Security requirements are discussed and current authentication solutionsin GSM, UMTS and operator wireless local area networks (OWLAN) areintroduced. All-IP multimedia session security is discussed.Implications of AdHoc network architecture into security requirement arediscussed.     

基于信任协商的开放系统授权服务模型的设计

提出了一种第三方的授权服务模型,对现存的信任协商系统起到支撑作用.模型作为一个授权代理,在实体使用信任协商确定一个适当的资源访问策略后,可以在一个开放的系统中发布访问资源的令牌.模型的体系结构设计允许集成新的信任应用程序,也可以间接集成现存传统的应用程序.讨论模型、模型使用的通信协议的设计和实现,以及它的性能.     

Secure Cloud Architecture for 5G Core Network

Service-based architecture (SBA) is a profound advancement in the novel 5G Core network (5GC). Existing studies show that SBA can benefit from cloud computing to achieve extensibility, modularity, reusability, and openness. It also brings security problems (e.g., hypervisor hijacking, and malware injection). To provide secure 5G services, we propose a service-based cloud architecture called Mimicloud for 5GC based on dynamic and heterogeneous techniques. Mimicloud provides flexible reconfiguration mechanisms to protect containers and eliminate all attack knowledge obtained from adversaries. We use multiple containers to execute crucial services and ensure security with crosscheck. Mimicloud employs heterogeneous components to prevent multiple containers from being breached through the same vulnerabilities. Experimental results show that Mimicloud can effectively strengthen the security of the 5GC. The performance overhead is analyzed in order to demonstrate its scalability.     

Terminal-centric view of software. reconfigurable system architecture and enabling components and technologies

Reconfigurable radio in Europe is rapidly gaining momentum and becoming a key enabler for realizing the vision of being optimally connected anywhere, anytime. At the center of this exciting technology is the reconfigurable terminal that will move across different radio access networks, adapting at every instant to an optimum mode of operation. This will require coordinated reconfiguration management support from both the terminal and the network, but the terminal will inherit a significant part of this intelligence. This article focuses on a novel reconfigurable terminal architecture that advances the state of the art and encompasses the overall protocol stack from the physical to application layer in IP-based radio access networks. The proposed architecture is composed of a terminal reconfiguration management part and enabling middleware technologies like the complementary Distributed Processing Environment and agent platforms, flexible protocol stacks that can flexibly be interchanged to support different wireless technologies and associated mechanisms, and finally, object-oriented reconfigurable RF and baseband components. The work presented in this article is conducted in the context of the IST projects SCOUT (www.ist-scout.org) and TRUST (www4.in.tum.de/-scout/trust webpage/spl I.bar/src/ trust frameset.html) of the European 5th Framework Program.