Evaluating existing security and privacy requirements for legal compliance

Governments enact laws and regulations to safeguard the security and privacy of their citizens. In response, requirements engineers must specify compliant system requirements to satisfy applicable legal security and privacy obligations. Specifying legally compliant requirements is challenging because legal texts are complex and ambiguous by nature. In this paper, we discuss our evaluation of the requirements for iTrust, an open-source Electronic Health Records system, for compliance with legal requirements governing security and privacy in the healthcare domain. We begin with an overview of the method we developed, using existing requirements engineering techniques, and then summarize our experiences in applying our method to the iTrust system. We illustrate some of the challenges that practitioners face when specifying requirements for a system that must comply with law and close with a discussion of needed future research focusing on security and privacy requirements.     

不同场景的联邦学习安全与隐私保护研究综述

随着大数据不断发展,联邦学习已被广泛应用于各种各样的场景,从而方便人们的生产生活,但该技术给人们带来便利的同时也让用户面临着数据泄露的挑战,因此数据安全成为联邦学习研究的热点问题.通过介绍横向及纵向联邦学习的训练过程,并对该过程的潜在对手及其攻击原因进行研究,从而分类总结了现有的攻击手段,如投毒攻击、对抗攻击及模型逆推攻击等;在两种场景下分类介绍针对几种攻击手段的防御措施,如梯度稀疏化、恶意检测、秘密样本对齐、标签保护、加密共享和扰动共享等,这些方法不仅可以保证参与方的数据安全,也可以保证联合模型的准确率;最后根据对现有技术的研究,总结了现存方法存在的问题及未来的研究方向.     

Reference deployment models for eliminating user concerns on cloud security

Cloud computing has become a hot topic both in research and in industry, and when making decisions on deploying/adopting cloud computing related solutions, security has always been a major concern. This article summarizes security related issues in cloud computing and proposes five service deployment models to address these issues. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment.     

Application of face image detection based on deep learning in privacy security of intelligent cloud platform

Multimedia Tools and Applications - The application of deep learning-based face detection in the privacy and security of intelligent cloud platforms is studied, in order to resolve the risk of...     

XML privacy protection model based on cloud storage

When eXtensible Markup Language (XML) becomes a widespread data representation and exchange format for Web applications, safeguarding the privacy of data represented in XML documents can be indispensable. In this paper, we propose an XML privacy protection model by separating the structure and content, and with cloud storage to save content information and Trusted Third Party (TTP) to help manage structure information. To protect data privacy more effectively, we will create different Document Type Definition (DTD) views for different users according to users' privacy practice and the provider's privacy preferences. To further speed up the process of gaining access to data we will adopt the start–end region encoding scheme to encode the nodes in XML document and DTD views. The experiment result shows that this mechanism has a good performance in space and time.     

基于云基础设施的服务部署优化问题建模

目前典型的云基础设施提供商所提供的虚拟机资源都是有限的规格类型,当同一个服务部署在不同配置的虚拟机上时,会体现出不同的性能。通过对基于云基础设施的SaaS层服务部署情况进行研究和分析,提出对服务部署策略进行优化的必要性,并将该服务部署优化问题抽象为多目标组合优化问题,对其进行数学建模;然后利用排队论,得出优化指标的计算方法,并进行实验验证。     

隐私数据验证场景下的隐私保护研究

隐私数据验证场景是信息验证服务下的一类特殊场景,其实用性要求数据在第三方数据库进行存储、发布且有能力处理任意形式声明的验证,其安全性要求数据在存储、更新与证明期间提供有效的隐私保护手段。目前该场景下的隐私保护研究尚且处于空白阶段,因此本文引入可证明数据加密策略的概念,以满足隐私数据验证场景下的实用性与安全性需求。本文主要有三个贡献：（1）对可证明数据加密策略进行讨论并给出形式化定义;（2）基于非交互零知识证明构造出首个可证明数据加密方案,并同时支持高效的数据更新操作;（3）基于承诺方案、非交互零知识证明与全同态加密,提出可证明数据加密策略的两种通用构造框架并给予相关性质证明。     

Fault-tolerant feedback virtual machine deployment based on user-personalized requirements

A key requirement of the cloud platform is the reasonable deployment of its large-scale virtual machine infrastructure. The mapping relation between the virtual node and the physical node determines the specific resource distribution strategy and reliability of the virtual machine deployment. Resource distribution strategy has an important effect on performance, energy consumption, and guarantee of the quality of service of the computer, and serves an important role in the deployment of the virtual machine. To solve the problem of meeting the fault-tolerance requirement and guarantee high reliability of the application system based on the full use of the cloud resource under the prerequisite of various demands, the deployment framework of the feedback virtual machine in cloud platform facing the individual user’s demands of fault-tolerance level and the corresponding deployment algorithm of the virtual machine are proposed in this paper. Resource distribution strategy can deploy the virtual machine in the physical nodes where the resource is mutually complementary according to the users’ different requirements on virtual resources. The deployment framework of the virtual machine in this paper can provide a reliable computer configuration according to the specific fault-tolerance requirements of the user while considering the usage rate of the physical resources of the cloud platform. The experimental result shows that the method proposed in this paper can provide flexible and reliable select permission of fault-tolerance level to the user in the virtual machine deployment process, provide a pertinent individual fault-tolerant deployment method of the virtual machine to the user, and guarantee to meet the user service in a large probability to some extent.     

Precluding incongruous behavior by aligning software requirements with security and privacy policies

Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.     

基于安全信任的网络切片部署策略研究

5G移动通信网虚拟化场景下,如何安全部署网络切片是未来5G大规模商用的前提。针对5G网络切片部署的安全性,提出一种基于安全信任的网络切片部署策略。该部署策略通过提出安全信任值概念,来有效量化分析VNF和网络资源的安全性,并以此为基础,利用0-1整数线性规划方法构建网络切片部署的数学模型,利用启发式算法进行求解,找到网络切片部署成本最小的部署方案。仿真实验表明,该部署策略在保证部署安全的前提下,减少了部署成本,同时获得较好的安全收益和部署收益率。     

Enhanced Honeypot cryptographic scheme and privacy preservation for an effective prediction in cloud security

For the cloud security or intrusion detection system (IDS) an effective scheme for prediction and privacy preservation is employed with the use of enhanced Honeypot algorithm. At first, the dataset is preprocessed with the use of normalization method at which the missing values were replaced and an unwanted data will be removed. After that, features are extracted and best features were selected with the use of GLCM algorithm. The classifier is then accountable for the prediction of target and a novel CNN classifier is used for this which in turn offers high rate of accuracy in the prediction of attack. The data is then kept in the server of cloud for monitoring and maintenance purpose. It is vital to keep and secure the data from an intrusion or any other attack. In order tocontent this scheme of privacy reservation, a technique of cryptography isused in this approach. The Honeypot algorithm of cryptography is utilized for the use of encryption. As, the data owner requests for the file, the cloud server is then responsible for key generation and to verify this key with user for the purpose of authentication. After the provision of key, the file is decrypted using Honeypot algorithm and a decrypted file will be retrieved by the user. In conclusion, the performance analysis is carried and the comparative analysis of existing and proposed techniques is made for proving the proposed scheme effectiveness.     

Preserving security and privacy

At the "Computers, Freedom, and Privacy (CFP) Conference held in Berkeley, California, the spotlight was on the twin weights of national security and personal liberty - with technology the fulcrum on which all turns. It highlights included sessions devoted to the new international cybercrime treaty, a global crusade to spread technology to underdeveloped nations, laws meant to block illegal sites at the IP-address level, and wiretapping voice-over-IP (VoIP) communications.     

边缘计算场景下基于强化学习的应用最优部署

为有效解决城市范围内智能公共交通应用程序的布局问题,制定总代价最小化的应用布局优化策略MIN-COST,以降低应用程序部署的总代价为目标,同时满足应用程序服务延时要求。通过提出一个基于深度强化学习技术优化公交边缘应用程序部署的一般框架,可以从历史经验中学习到最优化部署方法,相对于一般启发式算法更加快速。将仿真结果与其它部署策略进行比较,验证了所提策略可以在保证服务时延的基础上有效降低应用程序服务总代价。     

基于改进BN模型的网络切片安全部署方法

为了满足5G垂直用户对于网络切片部署时细粒度安全隔离需求,同时兼顾用户的隔离需求和提高资源利用率,提出了一种基于改进BN模型的网络切片安全部署方法。首先提出了一种双层BN模型的网络切片部署架构,基于SBA（service based architecture）设计了虚拟机容器的双层虚拟化架构,将网络切片根据其所属用户的隔离需求分配利益冲突类标签,基于改进的BN模型部署规则确定网络切片的隔离部署策略;然后将该部署方法建立为整数线性规划模型,并将部署成本作为目标函数,通过最小化目标函数实现低成本部署网络切片;最后使用遗传算法对该问题仿真求解。实验结果表明,该安全部署方法在满足网络切片安全隔离需求的前提下降低了部署成本。     

Dandelion:OpenStack云平台的快速部署机制

提出了一种快速、自动部署OpenStack云平台的解决方案,以提高OpenStack的部署效率.该方案首先创建不同节点类型的镜像模板文件; 接着根据节点类型(如网络节点、计算节点)将已制作好的镜像模板进行复制,并依照节点的属性(如IP地址、hostname标识等)使用脚本自动修改配置文件,完成单个节点的部署; 之后,利用相同的策略实现其他节点的快速部署.在部署的基础上,通过管理服务器提供的预启动执行环境(PXE)、动态主机配置协议(DHCP)及简单文件传输协议(TFTP)等网络服务挂载节点的镜像块文件,最终完成节点的启动.此外,建立了性能评价模型用于确定源镜像副本和存储服务器的最佳数量,以优化存储网络的拓扑结构.实验结果表明,无论是使用相同存储网络部署不同大小的云平台,还是使用不同大小的存储网络部署相同大小的云平台,与Cobbler、网络文件系统(NFS)等部署方案相比,所提解决方案大大减少了部署时间,提高了部署效率.     

基于安全连接的 WSN 节点优化部署

针对目前无线传感器网络节点覆盖优化方案中,无线传感器网络节点位置移动会破坏节点间的共享密钥的问题,采用了一种基于泰森多边形形心引力和存在共享密钥节点间的安全连接虚拟力的无线传感器网络部署方案.该方案以提高节点覆盖率为优化目标,引入安全连接虚拟力,以保证节点的安全连接;采用改进泰森多边形形心引力的虚拟力方案,能够有效指导节点散布过程和实现全局优化.通过仿真实验表明,本文方案能够提高节点的覆盖率,并且能够的减小存在共享密钥的安全连接的破坏.     

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider.

基于云计算的数据安全风险及防范策略探讨

云计算依托计算机网络系统,目前已经成为人们生活的重要部分,随着网络化、虚拟化生活的加速发展,诸如Google、Microsoft、Apple、Amazon、IBM等互联网IT和手机、网络运营商巨头开始重新定位企业发展的战略核心.云计算作为IT商业计算模型,它将计算任务分布在各种类型的广域网络和局域网络组成计算机网络系统,使用户能够借助网络按需获取计算力、存储空间和信息服务.云计算的用户通过PC、手机以及其他终端连接到网络使用云资源;随着云计算的广泛应用,云计算的环境安全环境、数据安全成为突出问题,如何保障云计算的安全成为当前急需解决的问题.本文介绍了云计算相关概念,以及对云计算数据安全风险进行分析,并提出了防范策略.     

基于HDFS的云存储安全技术研究

针对目前云存储技术存在的数据泄露和数据篡改等安全问题,结合HDFS数据完整性校验机制的特点,设计并实现了一种基于HDFS的数据传输存储安全技术方案.对用户上传至HDFS中的数据文件实施AES加密,文件以密文形式存储,同时应用RSA算法保障AES密钥的安全,可有效防止数据在传输和存储过程中被泄露.设计了基于HDFS的文件密文和文件明文两种存储格式,用户可自主选择是否进行加密.通过安全性分析和性能测试,验证了方案的安全性和可行性.