基于属性加密的雾协同云数据共享方案

为解决现有的属性加密数据共享方案粗粒度和开销大等问题,提出一种能保证数据隐私且访问控制灵活的雾协同云数据共享方案(FAC-ABE)。设计属性加密机制,将数据的访问控制策略分为个性化和专业化两种。通过个性化的访问策略,根据用户的经验和偏好,将数据共享给相应的云端。利用雾节点对数据分类,将共享的数据分流,保障数据共享给专业的云服务器。安全分析结果表明,该方案能保障数据机密性,实现更细粒度的访问控制。实验结果表明,用户能将加密开销转移到雾节点上,降低了云端用户开销。     

A generalized web service model for geophysical data processing and modeling

A web service model for geophysical data manipulation, analysis and modeling based on a generalized data processing system was implemented. The service is not limited to any specific data type or operation and allows the user to combine ∼190 tools of the existing package, and new codes easily includable. It allows remote execution of complex processing flows completely designed and controlled by remote clients who are presented with mirror images of the server processing environment. Clients are also able to upload their processing flows to the server, thereby building a knowledge base of processing expertise shared by the community. Flows in this knowledge base are currently represented by a hierarchy of automatically generated interactive web forms. These flows can be accessed and the resulting data retrieved by either using a web browser or through API calls from within the clients’ applications. The server administrator is thus relieved of the need for development of any content-specific data access mechanisms. The underlying processing system is fully developed and includes a graphical user interface, parallel processing capabilities, on-line documentation, on-line software distribution service and automatic code updates. Currently, the service is installed on the University of Saskatchewan seismology web server (http://seisweb.usask.ca/SIA/ps.php) and maintains a library of processing examples (http://seisweb.usask.ca/temp/examples) including a number of useful web tools (such as UTM coordinate transformations, calculation of travel times of seismic waves in a global Earth model and generation of color palettes). Important potential applications of this web service model for building intelligent data queries, processing and modeling of global seismological data are also discussed.     

Stochastic web-based natural language dialog planning for web information filtering

This work addresses natural language dialog planning for an intelligent web filtering model, which lets the user filter search results obtained by a traditional search engine and assists them to find what they really are looking for. Unlike state-of-the-art approaches, a stochastic planning model is proposed for a web-driven dialog system which uses Conditional Random Fields to predict next dialog moves. Experiments with real web users and different interaction settings show the promise of the approach to web-based adaptive planning aimed at information filtering.     

面向移动终端的密文可验证属性基可搜索加密方案

轻量级设备的数据大多都存储在云服务器上。由于云服务不完全可信,且传统的单关键词可搜索加密会产生许多与检索内容无关的信息,因此提出一个面向移动终端的密文可验证属性基可搜索加密方案。该方案结合CP-ABE技术控制访问细粒度,引入可信第三方进行数据完整性验证,同时帮助用户进行部分解密工作。该方案在困难问题假设下被证明是选择性不可区分的密文策略和选择明文攻击IND-sCP-CPA及不可区分的选择关键词攻击IND-CKA。理论分析和数值模拟实验表明,该方案具有更高的效率。     

多授权机构下可撤销叛徒的属性基加密方案

针对单授权机构下属性基加密方案中的密钥滥用问题,以及加密机制本身存在的效率和安全问题,研究一种在多授权机构下可对非法用户（或叛徒）进行撤销的属性基加密方案。在单授权机构下属性基加密方案的基础上,利用双线性映射和线性秘密共享方案等来实现多个授权机构相互协作而不需要中央机构控制,并结合完全子树架构将用户映射到二叉树上来提高撤销叛徒的效率,将单授权方案转化成多授权机构下的可撤销叛徒的属性基加密方案MA-TRABE,还分析了该方案的抗串谋攻击安全性和多授权机构下的安全性。根据电子商务安全支付的需要,设计了MA-TRABE的实际应用。     

基于密文策略属性加密的云存储访问控制方案

针对现有方案存在的访问策略公开、密文存储开销较大的问题,提出一种支持策略隐藏且固定长度密文的云存储访问控制方案,并在安全模型下证明方案可抵抗选择明文攻击。方案中用户私钥由多个授权机构共同生成,中央授权机构不参与生成任何主密钥与属性私钥;访问结构隐藏在密文之中,恶意用户无法通过访问结构获取敏感信息。此外,方案实现了固定密文长度,并且加密时的指数运算和解密时的双线性对运算次数均是固定值。最后,理论分析和实验结果表明该方案在密文长度和加解密时间上都明显优于对比方案。     

Modeling dynamic recovery strategy for composite web services execution

During the execution of Composite Web Services (CWS), a component Web Service (WS) can fail and can be repaired with strategies such WS retry, substitution, compensation, roll-back, replication, or checkpointing. Each strategy behaves differently on different scenarios, impacting the CWS Q o S. We propose a non intrusive dynamic fault tolerant model that analyses several levels of information: environment state, execution state, and Q o S criteria, to dynamically decide the best recovery strategy when a failure occurs. We present an experimental study to evaluate the model and determine the impact on Q o S parameters of different recovery strategies; and evaluate the intrusiveness of our strategy during the normal execution of CWSs.     

User centric dynamic web information visualization

Distributed search and routing algorithms based on the DHT (distributed hash table) protocol have attracted considerable attention in structured P2P (peer-to-peer) research as a result of favorable properties such as distribution, self-organization, and high scalability. Compared with a traditional C/S (client/server) network, the probability of peers initiating malicious behavior increases dramatically because of their self-governing and dynamic characteristics, which also make it harder to satisfy the peers’ security required by DHT. In this paper, we propose a new secure DHT protocol based on a multidimensional mapping mechanism. This mechanism maps peers to a multidimensional space by dividing the identifiers into groups. Moreover, a series of secure methods and routing algorithms are provided to achieve secure DHT in smaller spaces. Compared with state-of-the-art approaches, the theoretical analysis and experimental results show that the multidimensional mapping mechanism can effectively improve the average success rate of a resource search by inhibiting malicious behavior.     

A lightweight attribute-based encryption scheme for the Internet of Things

Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie–Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.     

基于Web的数据动态处理界面生成器实现的关键技术研究

从Web应用出发，对于完成能够对数据进行动态处理的界面生成器所需要的几项关键的技术，包括数据库数据及EntityBean数据源的实现、JSP的Tag扩充、控制器事件驱动引擎的实现等内容，研究其实现方法并完成了实例说明。     

一种有效的无线传感器网络虚假数据过滤方案

虚假数据注入攻击是无线传感器网络的一种严重威胁,针对大多数虚假数据过滤方案没考虑节点身份攻击和中间节点被攻击者俘获的问题,提出了一种抗节点身份攻击的虚假数据过滤方案,方案不仅在数据转发过程中对转发的数据进行验证、过滤,同时对协作产生感知数据的节点的身份进行验证。安全性分析和性能评价表明,该方案不仅能抵抗各种攻击,而且在存储开销方面与其他方案相比,具有明显优势,并且随着数据包被转发跳数的增加,该方案的虚假数据过滤能力和能量节省也显著增加。     

A hybrid scheme for processing data structures in a dataflowenvironment

The asynchronous nature of the dataflow model of computation allows the exploitation of maximum inherent parallelism in many application programs. However, before the dataflow model of computation can become a viable alternative to the control flow model of computation, one has to find practical solutions to some problems such as efficient handling of data structures. The paper introduces a new model for handling data structures in a dataflow environment. The proposed model combines constant time access capabilities of vectors as well as the flexibility inherent in the concept of pointers. This allows a careful balance between copying and sharing to optimize the storage and processing overhead incurred during the operations on data structures. The mode] is compared by simulation to other data structure models proposed in the literature, and the results are good     

PageGen: an effective scheme for dynamic generation of web pages

We present a scheme for dynamic generation of web pages. The scheme separates presentation from content. Furthermore, by utilizing the theme metaphor, the scheme makes it easy to develop a web site with several design themes, each having its own template, graphics and style sheet characteristics. The proposed scheme relies on versatile substitution mechanisms, which nonetheless use simplified syntax. Most importantly, the scheme utilizes XML for defining custom tags that are transformed into HTML using the innovative concept of HTML patterns. The scheme was initially implemented as a COM component (PageGen) and later ported to Microsoft .NET. it has proven to be quite effective for Active Server Pages (and ASP.NET) sites used to host online books and course material. However, the scheme is general enough for use with any database-centric site or content as well as being adapted to other web application frameworks such as PHP and JSP.     

A blockchain-based medical data preservation scheme for telecare medical information systems

International Journal of Information Security - With rapid technological development, mobile computing and wireless transmission have become mature. These two technologies can be combined for...     

无线传感器网络中虚假数据过滤方案

传统虚假数据过滤算法不能有效地应用于无线传感器网络,因而需要研究适合无线传感器网络的虚假数据过滤方案。在介绍无线传感器网络与虚假数据过滤的概念和特点后,提出了虚假数据过滤方案的分类方法,探讨了各种虚假数据过滤策略,着重分析了当前一些较为重要的虚假数据过滤策略,并指出了这些策略的优缺点。最后分析了当前亟待解决的问题,展望了其未来的发展趋势。     

传感器网络中鲁棒性虚假数据过滤方案

虚假数据攻击不仅误导基站做出错误的决定,同时也会耗尽宝贵的网络资源。提出了一个鲁棒性虚假数据过滤方案(a Robust Filtering False Date scheme,RFFD)。该方案主要包括一个密钥管理架构及与之对应的虚假数据过滤安全机制两个部分。理论分析和模拟实验表明,与SEF方案相比,RFFD方案过滤虚假数据包的性能显著提高。     

PDR: A protocol for dynamic network reconfiguration based on deadlock recovery scheme

Dynamic network reconfiguration is described as the process of replacing one routing function with another while the network keeps running. The main challenge is avoiding deadlock anomalies while keeping limitations on packet injection and forwarding minimal. Current approaches which have a high complexity and as a result have a limited practical applicability either require the existence of extra network resources, or they will affect the network performance during the reconfiguration process. In this paper we present a simple, fast and efficient mechanism for dynamic network reconfiguration which is based on regressive deadlock recovery instead of avoiding deadlock. The mechanism which is referred to as PDR guarantees a deadlock-free reconfiguration based on wormhole switching. In PDR, a particular approach is taken to handle both deadlocks and performance degradation. We propose the use of a packet injection restriction mechanism that prevents performance degradation near the saturation by controlling the network traffic. Further, in this approach, to accurately detect deadlocks, the deadlock detection mechanism is implemented and also improved by using only the local information, thereby considerably reducing false deadlock detections. In the rare cases when deadlocks are suspected, we propose a new technique that absorbs the deadlocked packet at the current node instead of dropping deadlocked packets and re-injects it later into the network. The main advantage of this method is its simplicity and also it does not require any additional buffers in intermediate nodes to handle deadlocks. It requires only some buffer space in the local node to temporarily hold the deadlocked packets removed from the network. Evaluating results reveal that the mechanism shows substantial performance improvements over the other methods and it works efficiently in different topologies with various routing algorithms.     

面向资源受限用户的高效动态数据审计方案

物联网(IoT)设备推动着云存储外包数据服务的快速发展,从而使云存储外包数据服务得到越来越多终端用户的青睐,因此如何确保云服务器中用户数据的完整性验证成为一个亟待解决的热点问题.针对资源受限的用户,目前的云数据审计方案存在运算复杂、开销高和效率低等问题.为了解决这些问题,提出一个面向资源受限用户的高效动态数据审计方案....