共查询到20条相似文献,搜索用时 15 毫秒
1.
雾计算是一种在云数据中心和物联网(Internet of Things,IoT)设备之间提供分布式计算、存储等服务的技术,它能利用网络边缘进行认证并提供与云交互的方法.雾计算中以传统的安全技术实现用户与雾节点间安全性的方法不够完善,它仍然面对着窃听攻击、伪装攻击等安全威胁,这对检测技术提出了新的挑战.针对这一问题,提出... 相似文献
2.
With the growing needs of data across the world, it almost hard to live without data a day. This is almost a blessing in disguise for the researchers working on different domains and dealing with huge amounts of data. The fog computing concept is aiming to change the scenarios created by cloud computing environments and also to make the data‐centric clouds decentralized and localized. Fog devices contain only specific information that is frequently used in it and generally the size of the data in fog device is very less in comparison with cloud server. Fog stores only those data, which are frequently used by the users, rest it takes from the cloud itself. The motivation toward this field to make the data flow in various domain seamless and hassle free. Fog computing can be thought as an intermediate between the users and the cloud server, which connects end users easily and thus reduces the latency of the services. This paper discusses the three layered data flow architecture for fog computing and it proposes several novel architectures such as energy lattices, MediFog, UXFog, connected parking system, and FoAgro to utilize the concept of fog computing. 相似文献
3.
随着计算机技术及Internet的不断发展,如何保证信息系统安全成为一个重要课题.针对这个问题,设计实现了基于信息技术安全性评估准则(通用标准)的系统评估方法和软件.首先在分析通用标准结构的基础上,设计了安全功能和保证要求的体系结构;接着针对保护轮廓和安全目标这两个通用标准的核心文档进行了分析与设计,并指出了文档结构中的内在联系;然后提出了针对标准结构和其内在关联应完成的评估要素;最后给出了评估系统的设计和实现.通过实际保护轮廓和软件产品的安全目标实例分析表明本文所提出的评估方法和系统能够指导信息系统的评估和实践. 相似文献
4.
在基于层次平台的SoC设计方法学基础上,文中提出了安全SoC设计关键技术,主要包括基于可信计算体系结构的安全SoC层次化设计平台、在安全SoC设计中引入独立的安全约束及安全约束映射技术以及安全验证技术。从软件攻击、旁路攻击和物理攻击等角度,定义安全约束并验证防护技术的有效性。文中给出的安全SoC设计技术不仅可以充分重用已有的设计资源,也可充分利用现有的层次平台设计技术及相关辅助设计工具。 相似文献
5.
针对目前电网系统缺乏有效的信息安全评估机制和方法,根据电网终端系统的特点,提出一套基于通用评估准则的安全评估模型,对安全评估的整体机制进行了研究和探讨,该模型能够刻画安全评估的需求、目标和细化内容;利用评估对象TOE对电网终端安全评估的过程和组件结构进行了详细讨论,最后在此基础上实现了对电网终端进行信息安全自动化安全评估工具. 相似文献
6.
智慧健康是基于物联网的环境感知网络和传感基础设施的实时的、智能的、无处不在的医疗保健服务.得益于云计算、雾计算以及物联网等相关技术的快速发展,关于智慧健康的相关研究也逐渐步入正轨.近年来对于智慧健康的相关研究,主要从云端和边缘这2个主要方向展开,其中包含了云、雾计算,物联网传感器,区块链以及隐私和安全等相关技术.目前,在云和智慧健康的研究中,关注点在于如何利用云去完成海量健康数据的挑战和提升服务性能,具体包括健康大数据在云中的存储、检索和计算等相关问题.而在边缘,研究重点转变为健康数据的采集、传输和计算,具体包括用于采集健康数据的各类传感器和可穿戴设备、各类无线传感器技术以及如何在边缘处理健康数据并提升服务性能等.最后,对典型的智慧健康应用案例、区块链在智慧健康中的应用以及相关隐私和安全问题进行了讨论,并提出了智慧健康服务在未来的挑战和机遇. 相似文献
7.
在分布式计算环境中,CORBA为解决异构环境的应用提供了良好的基础,但其安全性一直是人们关注的重点,该文从CORBA规范对安全服务的考虑,分析了COSS规范中的几种安全服务模型,提出了安全模型的实现层次和结构框架,介绍了CORBA与JAVA的结合,通过JAVA本身的安全机制进一步加强系统的安全服务。 相似文献
8.
This paper proposes extending the CORBA (Common Object Request Broker Architecture) security model to make possible the use of mandatory policies and policy management in distributed applications. Mandatory policies and a policy service were proposed for insertion in the JaCoWeb Project, which is developing an authorization scheme for large-scale networks based on CORBA security standards. In this paper, there is a combination of client-side and server-side access control, in a single domain. Our mandatory control is carried out on the level of ORB (Object Request Broker), on the client side, preventing, in unauthorized accesses, the emission of the corresponding requisition, the associated processing on the server and also, the generation of new requests through this unauthorized processing. In this paper, operations of security management not currently included in the OMG standards are also proposed. The paper further presents implementation results and an evaluation of these results based on common criteria.Carla Merkle Westphall received a Master degree in Computer Science in 1996, and a Doctor degree in Electrical Engineering (Information Security) in 2000, both at the Federal University of Santa Catarina, Brazil. The main topics of her research are distributed systems security and access control. She is currently a researcher and a professor in her field of knowledge.Joni da Silva Fraga received a Doctor degree in Automatic/Informatic in 1985 at Institut National Polytechnique de Toulouse, France. He is a Professor in the Department of Automation and Systems at the Federal University of Santa Catarina, Brazil. His research topics are distributed systems, fault tolerance, security and real-time. 相似文献
9.
10.
11.
物联网的边界计算模型:雾计算 总被引:1,自引:0,他引:1
在物联网和云计算带来技术变革和带动产业发展的过程中,由于网络接入设备激增,而网络带宽有限的情况下,思科公司推出了雾计算的概念。首先探讨雾计算的特征和应用模式,然后分析雾计算的"雾节点"与云计算的"云节点"以及物联网的"物节点"的互操作方法,并总结了雾计算的用例,最后给出了前景展望。 相似文献
12.
Fog networks have attracted the attention of researchers recently. The idea is that a part of the computation of a job/application can be performed by fog devices that are located at the network edge, close to the users. Executing latency sensitive applications on the cloud may not be feasible, owing to the significant communication delay involved between the user and the cloud data center (cdc). By the time the application traverses the network and reaches the cloud data center, it might already be too late. However, fog devices, also known as mobile data centers (mdcs), are capable of executing such latency sensitive applications. In this paper, we study the problem of balancing the application load while taking account of security constraints of jobs, across various mdcs in a fog network. In case a particular mdc does not have sufficient capacity to execute a job, the job needs to be migrated to some other mdc. To this end, we propose three heuristic algorithms: minimum distance, minimum load, and minimum hop distance and load (MHDL). In addition, we also propose an ILP-based algorithm called load balancing aware scheduling ILP (LASILP) for solving the task mapping and scheduling problem. The performance of the proposed algorithms have been compared with the cloud only algorithm and another heuristic algorithm called fog-cloud-placement (FCP). Simulation results performed on real-life workload traces reveal that the MHDL heuristic performs better as compared to other scheduling policies in the fog computing environment while meeting application privacy requirements. 相似文献
13.
广播是普适计算环境中最基本的一种通信方式。对广播通信安全协议的研究显得十分重要。点对点的鉴别模式并不适用于广播安全;数字签名方法则对普适计算硬件要求太高。给出一种基于对称密钥算法的安全鉴别方案,通过对密钥发布方式的改进,满足普适计算硬件环境的广播安全鉴别,对μTESLA进行改进,避免了其由于时间同步错误导致的节点攻击。改进的方案获得更高的安全性能。 相似文献
14.
结合传统基于虚拟机内省(virtual machine introspection-based, VMI)和基于网络(network-based)入侵检测系统(intrusion detection system, IDS)的特点,提出一种部署在云服务器集群内部的协同入侵检测系统(virtual machine introspection & network-based IDS, VMI-N-IDS)来抵御云环境内部分布式拒绝服务攻击(distributed denial of service, DDoS)攻击威胁,比如“云滴冻结”攻击.将入侵检测系统和攻击者看作是博弈的双方,提出一种针对云服务器集群内部DDoS攻击与检测的博弈论模型;分别给出博弈双方的效用函数,并证明了该模型子博弈精炼纳什均衡;给出了权衡误报率和恶意软件规模控制的最佳防御策略,解决了动态调整云环境内部入侵检测策略的问题.实验表明,VMI-N-IDS能够有效抵御云环境内部DDoS攻击威胁. 相似文献
15.
在军事作战等对时延敏感的应用场景中,云计算无法满足用户的实时需求,因此分散计算应运而生。它利用智能手机、平板电脑、联网汽车和物联网终端等全球计算资源提供服务,并将云数据中心视为通用计算节点,彻底消除中心化,实现计算资源的分散化。分散计算将所有具有计算能力的设备连接起来,形成一个网络化的有机体,每个计算节点以协作和共享的方式为用户提供服务。与雾计算和边缘计算的本地化处理不同,该范式利用了网络中的空闲计算资源,绕过了局部计算能力的限制,得到了广泛的关注。首先,介绍了分散计算的研究背景,并给出了分散计算的定义;其次,详细介绍了分散计算的三种核心技术;随后,通过一些具体的应用场景实例化分散计算的概念,更好地分析了分散计算在万物互联时代的优势;最后,阐述了未来分散计算的研究方向以及面临的挑战。 相似文献
16.
随着万物联网的趋势不断加深,智能手机、智能眼镜等端设备的数量不断增加,使数据的增长速度远远超过了网络带宽的增速;同时,增强现实、无人驾驶等众多新应用的出现对延迟提出了更高的要求.边缘计算将网络边缘上的计算、网络与存储资源组成统一的平台为用户提供服务,使数据在源头附近就能得到及时有效的处理.这种模式不同于云计算要将所有数据传输到数据中心,绕过了网络带宽与延迟的瓶颈,引起了广泛的关注.首先介绍边缘计算的概念,并给出边缘计算的定义;随后,比较了当前比较有代表性的3个边缘计算平台,并通过一些应用实例来分析边缘计算在移动应用和物联网应用上的优势;最后阐述了当前边缘计算面临的挑战. 相似文献
17.
边缘计算概念的提出引入了一个新兴的计算模型,它不仅可以缓解传统云计算模型中由于数据传输造成的高延迟问题,同时也有益于保持隐私数据及安全敏感数据的机密性.然而,边缘计算节点本身执行环境的安全性依然是一个不可忽略的问题,它时刻威胁着整个边缘计算模型的安全.得益于硬件厂商在各平台上推出可信执行环境,通过将这些可信执行环境集成至边缘计算节点中可以有效地保障这些节点上运算的安全性.此研究首先分析了一系列传统计算模型中的可信执行环境,并讨论了这些可信执行环境各自的优缺点.其后,在此基础上,深入研究了Intel软件防护扩展和ARM TrustZone这2个流行的可信执行环境,并分别在Intel雾计算节点参考设计样机和ARM Juno开发板上对这2个可信执行环境的安全性和性能进行了分析与测试.结果显示:这些硬件辅助的可信执行环境的引入能够在基本不影响整个系统性能的同时,增强边缘计算平台的安全性.为了帮助提高可信执行环境在边缘计算模型下的可靠性,最后总结了将可信执行环境使用在边缘计算模型中将要面对的安全挑战. 相似文献
18.
Fog computing is a new computing paradigm that can provide flexible resources and services at the edge of network. It is an extension of cloud computing and usually cooperated with cloud computing. Therefore, end users, fog nodes, and cloud servers can form a three‐layer service model in practical application. In this model, they should have an agreement on a service contract, which contains every party's rights and obligations before the beginning of the service. However, due to lack of trust, it will suffer from some fairness problems during signing a service contract. Contract signing protocol allows two or more mutual distrust entities to sign a predefined digital contract in a fair and effective way. In this paper, we propose a fair three‐party contract signing protocol based on the primitive of blockchain, which can be applied to the scenario of fog computing. Our proposed construction allows the participants to sign a contract in a fair way without the involvement of an arbitrator. Moreover, the privacy of the contract content can be preserved on the public chain. Finally, we realize the proposed protocol through the private blockchain and provide the experimental simulation that analyzes the efficiency and effectiveness. 相似文献
19.
It is always desired to improve the response time from cloud servers, which deliver contents without buffering. As the penetration of mobile/fog devices is increasing, the limits of cellular ranges come under question. This question arises in spite of the fact that the current Internet Service Providers and data operators are adding cellular towers frequently to reduce delay and enhance performance. This performance can be improved by increasing Nano‐Cache(s) at the edges of the network for forwarding interrelated contents to remote corner of the earth. In this research work, Nano‐Caches are integrated for delivering contents efficiently, using search‐based optimization techniques, which are energy and response aware in nature. An algorithm, namely, Modified Teaching Learning‐Based Optimization(MTLBO), is devised and implemented in fog zone to find efficient route for forwarding contents using Nano‐Caches and subsequently to improve content retrieval time. Mathematical distribution model of traffic is used for simulation process. MTLBO is compared with existing algorithms, namely, Teaching Learning‐Based Optimization (TLBO) Algorithm and Simulated Annealing (SA) Algorithm. The design of experiments (DOE) was carried out to observe number of iterations, learning rate, and by changing the network size. Java library was used for observing values of memory and execution time. The results show that Modified Teaching Learning‐Based Optimization (MTLBO) approach is better than Teaching Learning‐Based Optimization (TLBO) approach as it has less overheads in terms of memory (considering number of fog caches) and network size for delivering contents at remote areas. In comparison to the Simulated Annealing (SA) algorithm, MTLBO performs better in terms of execution time, overhead in terms of memory, and scalability as function of network size. 相似文献
20.
基于攻击能力增长的网络安全分析模型 总被引:3,自引:0,他引:3
网络脆弱性分析是近年来国内外研究的热点问题之一.基于攻击能力增长的网络安全性分析模型以攻击者的能力增长为主导,参考网络环境配置,模拟黑客攻击自动生成攻击图.使用攻击能力增长表示攻击者的最终目标使得攻击图的表示更为准确.最小攻击代价分析第1次考虑了相似攻击对攻击代价的影响,以便对各条路径的攻击代价进行计算;最小环境改变分析考虑入侵检测的因素对最可能的攻击路径进行分析,对于入侵检测系统的处理更加科学合理;两种分析都为改善网络配置提供了依据.与已有成果相比,模型提出的算法和方法更为实际可行. 相似文献