普适计算中动态绑定的研究与实现

普适计算环境中,应用程序需要能够自动发现和使用环境中的可利用服务,以适应普适计算的动态性。本文中,作者使用动态绑定机制来完成服务到应用的自动映射,实现并详细阐述了一个基于CORBA的支持动态绑定的中间件原型CWDB。在CWDB中,通过动态绑定层和高性能发现服务的组合来实现普适计算环境中的动态绑定。最后,通过一个位置显示应用来展示CWDB的适用性和其性能。     

普适计算隐私保护策略研究

普适计算环境中,用户的隐私保护意志可以通过让用户自己制定隐私信息的访问控制策略(隐私策略)而得到实现,研究隐私策略的统一表示及其执行机制可以有效地解决隐私策略的多样性问题.文中使用多类逻辑和描述逻辑,建立了隐私策略模型和隐私策略公理,提出了隐私规则知识库的概念,给出了隐私策略的逻辑推理方法.在此之上,从应用的角度,定义了隐私策略本体,提出了隐私规则的执行流程.通过规则引擎,验证了隐私规则的有效性和可用性.     

任务计算中基于语义Web的上下文感知服务选择

针对普适环境中任务计算的特点,分析了任务计算的层次结构和复杂任务的分解策略,设计了一种任务计算中服务发现的体系结构。此体系结构依赖于服务和内容的语义表示,而这种语义表示是基于本体的、共享的。它不仅可以增强精确度和调用率,而且能够实现知识共享、基于能力的搜索、自主推理以及语义匹配等功能。据此,提出了一种基于语义Web的上下文感知动态服务选择机制,这种机制可以根据待匹配的服务的动态上下文属性来对其进行过滤和排序,从而进一步优化了发现的过程、节约了用户的时间和精力。此外,该选择机制可用于发现有用的静态或动态上下文信息,从而为用户提供最合适、最相关的服务。     

基于普适计算的服务发现系统设计

在普适计算环境下,服务是动态变化的,而服务发现技术能够在动态变化的普适计算环境中动态查找、定位所需要的服务,是解决普适计算环境异构性、实现不同应用集成的有效途径.介绍了服务的语义描述语言OWL-S,用于对服务进行描述,然后设计并实现了一个普适计算下的服务发现系统.同时,详细介绍了服务请求时进行服务匹配使用的匹配算法.通过增加语义信息,达到服务发布者和请求者可以实现语义层次的匹配,提高了服务的查准率和查全率.     

基于上下文感知的普适服务框架

为了更好地适应用户的个性化需求和普适计算环境的特征,提出一种基于上下文感知的普适服务框架。该框架包括服务呈现层、服务管理层、服务提供层和上下文感知层。通过基于社区的服务管理方式来屏蔽普适计算环境中服务的异构性、分布性,动态地感知与当前计算环境和用户活动相关的上下文信息,采用基于上下文的服务推荐机制为用户提供个性化的服务,从而更好地适应人的意图和环境 因素。     

一种普适计算下的访问控制策略

计算技术的发展是以为人类服务为目标的,需要一种＂以人为本＂的计算模式,而普适计算正是这样的一种革新性的计算模式。访问控制作为一种重要的安全措施在系统安全中得到了广泛应用,而普适计算模式下的系统安全也需要一种合适的访问控制策略。为此,比较了现有访问控制模型的各自特点和适用范围,分析了普适计算环境下访问控制策略的特殊要求,在此基础上详细描述了普适计算模式下动态访问控制策略实现方法。并在ARM7嵌入式实验箱现有资源基础上模拟了普适环境下考虑上下文信息的访问控制中的部分机制。     

智能空间环境下基于本体的机器人服务自主认知及规划

为了提高机器人服务的自主性,针对动态家庭环境提出基于本体的机器人服务自主认知及规划方法.首先,利用本体技术为智能空间系统建立本体模型,并通过构建语义规则的方法,建立以用户为中心自适应调整的数据-概念转换机制,实现智能空间信息的整合.在此基础上,建立服务任务推理规则库对本体模型进行扩展,通过匹配实时更新的智能空间本体与规则库中的知识,推理出机器人需要执行的服务序列,实现机器人对用户所需服务的自主认知.最后,利用分层任务网络的思想,在JSHOP2规划器上实现服务任务的具体规划.智能空间环境下的任务执行实验结果表明,利用该方法服务机器人能够根据环境信息和用户信息实现对任务的自主认知,进而主动地为用户提供个性化的服务,其服务的智能化水平得以显著提高.     

动态计算网络:一种面向物联网的普适计算框架

随着物联网的发展,大量不同的设备通过各种不同的方式连接到物联网中,使普适计算环境更加复杂和多样化,因此要求在物联网环境下的普适计算框架能适应新的计算条件的变化。提出了一种新的普适计算框架,以便在物联网环境中普适计算系统能够自动适应复杂多样的软硬件运行环境,使软件无需修改就可以在整个物联网环境中任意地执行,实现普适计算的服务发现、上下文感知与服务迁移功能。提出物联网环境下普适计算的基本运算单元为"动态计算网络",使用"设备动态匹配"作为普适计算软件自动适应环境的解决方案。提出的动态计算网络增强了普适计算软件对物联网环境的适应性,为面向物联网的通用软件系统设计提供了一种有效的解决方法。     

一种基于上下文协商的动态服务组合方法

普适计算的计算环境和交互信息动态变化,为了提供适时适地的服务,服务组合除了满足用户的需求之外,还要适应环境的变化.以面向普适计算的分布式文档管理系统为例,提出一种基于上下文协商的动态服务组合方法,适应普适计算环境下资源动态变化的特点,同时满足用户对服务的需求.首先定义上下文和带有上下文信息的服务模型;然后给出服务和设备以及服务和用户之间的上下文协商约束条件,根据约束条件提出基本算法实现服务动态组合,并对基本算法进行优化;最后通过原型系统和实验验证算法的性能和有效性,并通过实验数据分析上下文对于服务组合的影响.实验数据说明:提出的方法能够应用在普适计算环境中上下文敏感的服务组合问题上,提高服务组合的动态适应性和网络资源利用率.     

基于普适环境的自适应系统研究

作为新的计算模式,普适计算为应用技术界开辟了一个崭新、宽阔的研究领域.普适计算的目标是无时无处不在而又不可见,具有泛在性、便捷性和适应性的特点,对软件自适应机制提出了新的挑战.针对自适应技术用于普适计算下存在的问题,对自适应技术的体系结构展开研究,提出了一个适用于普适计算环境的自适应中间件模型.力图实现一种能够较好支持普适计算环境的软件基础架构,并通过分布仿真原型系统的实验比较说明该中间件体系结构的执行效率.对自适应系统与自适应策略进行了探讨.     

普适环境下的信任管理及其在移动服务中的应用

作为一种新的计算模式,普适计算在逐渐进入我们生活的同时,普适计算下的安全也引起了越来越多的关注.首先分析了现有信任管理存在的缺陷,接着针对普适计算的特点分析了普适环境下的信任管理,最后结合普适环境下的一个典型应用--移动服务,提出了一种基于信任管理的移动安全方案.     

一种透明的可信云租户隔离机制研究

租户隔离是云计算能被作为第三方服务提供给租户的重要前提,因此云租户隔离机制的安全有效性能否被租户信任对云计算服务的推广非常关键.但是在云计算这种第三方服务模式中,由于租户不能参与云服务基础设施及其安全隔离机制的建设和管理过程,因此他们难以对云租户隔离机制的安全有效性建立信心.本文将透明性要求视为可信云租户隔离机制的一部分,将云租户隔离机制和租户透明要求都转化为云服务系统中不同安全域之间的信息流, 对云租户隔离机制进行定义,并制定云计算平台中的域间信息流策略控制方式,最后基于信息流无干扰理论证明了所定义的云租户隔离机制在安全方面的有效性.     

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.     

基于上下文和角色的云计算访问控制模型

云计算环境的开放性和动态性容易引发安全问题,数据资源的安全和用户的隐私保护面临严峻考验。针对云计算中用户和数据资源动态变化的特性,提出了一种基于上下文和角色的访问控制模型。该模型综合考虑云计算环境中的上下文信息和上下文约束,将用户的访问请求和服务器中的授权策略集进行评估验证,能够动态地授予用户权限。给出用户访问资源的具体实现过程,经分析比较,进一步阐明该模型在访问控制方面具有较为突出的优点。该方案不仅能够降低管理的复杂性,而且能限制云服务提供商的特权,从而有效地保证云资源的安全。     

Ubiquitous security for ubiquitous computing

The potential for rapid and diverse interconnectivity through devices utilising heterogeneous communications interfaces has enabled a truly ubiquitous computing environment. However, this has resulted in equally ubiquitous security risks due principally to the number and complexity of services being run over such networks. As technology advances towards the realisation of a ubiquitous computing environment, what impact does this have on the traditional information security triangle, of preserving the confidentiality, integrity and availability of information? And how does this influence, future information security requirements, particularly in light of always-on business processes which require real-time information sharing? This paper describes research conducted into answering these questions. Emphasis is placed on the need for risk management, and how this may be achieved through context-based access control mechanisms and pro-active threat assessment techniques.     

Flexible and secure service discovery in ubiquitous computing

The realization of ubiquitous computing requires achieving seamless service provisioning for users and devices everywhere. However, potentially uneven conditions imposed (by heterogeneous, overlapping environments) and a high degree of user autonomy pose long-term challenges for mobile application design and implementation. In this context, service discovery protocols can be used as a building block to foster peer collaboration, allowing user-provided services to be found and used. Promoting user collaboration, in turn, raises issues regarding security and privacy. Interacting peers (i.e. users) may belong to multiple domains, and authentication cannot always rely on an infrastructure provided by an administrative domain. Thus, user privacy, security, and collaboration may be regarded as conflicting goals.This paper presents a flexible protocol for service discovery in ubiquitous systems whose peer-to-peer design enables the dynamic choice among the levels of collaboration, security and privacy desired by participants. The proposed approach is based on decentralized mechanisms that harness well-known trust management principles to control the exposure of service information. The resulting protocol is called Flexible and Secure Service Discovery (FSSD). An evaluation with a simple prototype was conducted to support our claims of flexibility (e.g. allowing run-time decisions). Results demonstrate that the proposed approach can reflect well the balance among the conflicting goals of security, privacy and user collaboration.     

Analysis of Critical Factors in Manufacturing by Adopting a Cloud Computing Service

The advantages of a cloud computing service are cost advantages, availability, scalability, flexibility, reduced time to market, and dynamic access to computing resources. Enterprises can improve the successful adoption rate of cloud computing services if they understand the critical factors. To find critical factors, this study first reviewed the literature and established a three-layer hierarchical factor table for adopting a cloud computing service based on the Technology-Organization-Environment framework. Then, a hybrid method that combines two multi-criteria decision-making tools—called the Fuzzy Analytic Network Process method and the concept of VlseKriterijumska Optimizacija I Kompromisno Resenje acceptable advantage—was used to objectively identify critical factors for the adoption of a cloud computing service, replacing the subjective decision of the authors. The results of this study determined five critical factors, namely data access security, information transmission security, senior management support, fallback cloud management, and employee acceptance. Finally, the paper presents the findings and implications of the study.     

An incentive compatible reputation mechanism for ubiquitous computing environments

The vision of ubiquitous computing is becoming a reality thanks to the advent of portable devices and the advances in wireless networking technologies. It aims to facilitate user tasks through seamless utilization of services available in the surrounding environments. In such distributed environments featuring openness, interactions such as service provision and consumption between entities that are unknown or barely known to each other, are commonplace. Trust management through reputation mechanism for facilitating such interactions is recognized as an important element of ubiquitous computing. It is, however, faced by the problems of how to stimulate reputation information sharing and enforce honest recommendation elicitation. We present in this paper an incentive compatible reputation mechanism to facilitate the trustworthiness evaluation of entities in ubiquitous computing environments. It is based on probability theory and supports reputation evolution and propagation. Our reputation mechanism not only shows robustness against lies, but also stimulates honest and active recommendations. The latter is realized by ensuring that active and honest recommenders, compared to inactive or dishonest ones, can obtain the most number of honest (helpful) recommendations and thus suffer the least number of wrong trust decisions, as validated by simulation based evaluation. The proposed reputation mechanism is also implemented as part of a QoS-aware Web service discovery middleware and evaluated regarding its overhead on service discovery latency.     

Visual modeling and formal specification of constraints of RBAC using semantic web technology

The role-based access control (RBAC) model has garnered great interest in the security community due to the flexible and secure nature of its applicability to the complex and sophisticated information system. One import aspect of RBAC is the enforcing of security policy, called constraint, which controls the behavior of components in RBAC. Much research has been conducted to specify constraints. However, more work is needed on the aspect of sharing information resources for providing better interoperability in the widely dispersed ubiquitous information system environment. This paper provides visual modeling of RBAC policy and specifies constraints of RBAC by employing a semantic web ontology language (OWL) to enhance understanding of constraints for machines and people in a ubiquitous computing environment. Using OWL, constraints were precisely formalized according to the constraint patterns and the effectiveness of OWL specification was demonstrated by showing the reasoning process.