云计算环境下的可信接入安全协议研究进展

随着云计算的蓬勃发展,越来越多的用户在云端使用计算和存储资源,然而各种安全问题接踵而来.云计算和可信计算技术的融合研究将成为云安全领域的重要趋势,通过设计安全协议来保障整个云计算环境的安全性和可生存性.主要针对在云计算环境下的可信接入安全协议及其形式化证明,进行了归类综述和对比分析,最后指出可信云平台所面临的研究问题.     

一个基于TPM芯片的可信网络接入模型

在可信计算技术中,可信网络接入技术的研究占有重要地位,它是构建可信计算环境的根本保障。本文介绍了可信网络接入技术的相关概念和技术现状,并在此基础上,提出了一个基于TPM安全芯片的可信网络接入模型,并进行了详细的分析和设计。     

E级高性能计算机系统中监控分系统的挑战与设计

随着E级高性能计算机系统组装密度成倍增加,结点规模不断扩大,监控分系统在可扩展性、可靠性、可服务性和高效运维上面临巨大挑战。针对这些挑战,从架构、网络、功能和运维4个方面介绍了监控分系统的设计思路,并通过原型系统验证了部分设计的可行性与优势,对未来E级系统的构建具有较大的支撑作用。     

抗量子可信计算安全支撑平台技术

随着科技的发展,量子计算机大规模部署逐渐变为可能,基于部分计算困难问题的公钥密码算法将被量子算法有效求解.传统的可信硬件芯片如TCM/TPM等由于广泛使用了RSA、SM3、ECC等公钥密码体制,其安全性将受到严重影响;而绝大部分具有抗量子能力的密码算法并不适配现有TCM/TPM芯片有限的计算能力,因此需要对抗量子可信计...     

Towards multilaterally secure computing platforms—with open source and trusted computing

We present a security architecture for a trustworthy open computing platform that aims at solving a variety of security problems of conventional platforms by an efficient migration of existing operating system components, a Security Software Layer (PERSEUS), and hardware functionalities offered by the Trusted Computing technology. The main goal is to provide multilateral security, e.g., protecting users' privacy while preventing violations of copyrights. Hence the proposed architecture includes a variety of security services such as secure booting, trusted GUI, secure installation/update, and trusted viewer. The design is flexible enough to support a wide range of hardware platforms, i.e., PC, PDA, and embedded systems. The proposed platform shall serve as a basis for implementing a variety of innovative business models and distributed applications with multilateral security.     

A survey of the European Open Science Cloud services for expanding the capacity and capabilities of multidisciplinary scientific applications

Open Science is a paradigm in which scientific data, procedures, tools and results are shared transparently and reused by society. The European Open Science Cloud (EOSC) initiative is an effort in Europe to provide an open, trusted, virtual and federated computing environment to execute scientific applications and store, share and reuse research data across borders and scientific disciplines. Additionally, scientific services are becoming increasingly data-intensive, not only in terms of computationally intensive tasks but also in terms of storage resources. To meet those resource demands, computing paradigms such as High-Performance Computing (HPC) and Cloud Computing are applied to e-science applications. However, adapting applications and services to these paradigms is a challenging task, commonly requiring a deep knowledge of the underlying technologies, which often constitutes a general barrier to its uptake by scientists. In this context, EOSC-Synergy, a collaborative project involving more than 20 institutions from eight European countries pooling their knowledge and experience to enhance EOSC’s capabilities and capacities, aims to bring EOSC closer to the scientific communities. This article provides a summary analysis of the adaptations made in the ten thematic services of EOSC-Synergy to embrace this paradigm. These services are grouped into four categories: Earth Observation, Environment, Biomedicine, and Astrophysics. The analysis will lead to the identification of commonalities, best practices and common requirements, regardless of the thematic area of the service. Experience gained from the thematic services can be transferred to new services for the adoption of the EOSC ecosystem framework. The article made several recommendations for the integration of thematic services in the EOSC ecosystem regarding Authentication and Authorization (federated regional or thematic solutions based on EduGAIN mainly), FAIR data and metadata preservation solutions (both at cataloguing and data preservation—such as EUDAT’s B2SHARE), cloud platform-agnostic resource management services (such as Infrastructure Manager) and workload management solutions.     

用于高性能计算的作业调度能效性研究综述

由于科学研究与商业应用等对高性能计算的需求与日俱增,高性能计算的性能和系统规模得到迅速发展。但是,急剧增长的功耗严重限制了高性能计算系统的设计和使用,使得低功耗技术成为高性能计算领域的关键技术。作为整个系统的核心组件,作业调度系统立足有限的系统资源,对用户提交的应用进行作业-资源分配,其能效性对于整个高性能计算系统的能耗控制与调节起到至关重要的作用。首先介绍主要的能量效率技术和常用的作业调度策略,然后对当前高性能计算作业调度能效性进行分析,并讨论了其面临的挑战及未来发展方向。     

Efficient integrity verification of replicated data in cloud using homomorphic encryption

The cloud computing is an emerging model in which computing infrastructure resources are provided as a service over the internet. Data owners can outsource their data by remotely storing them in the cloud and enjoy on-demand high quality services from a shared pool of configurable computing resources. However, since data owners and the cloud servers are not in the same trusted domain, the outsourced data may be at risk as the cloud server may no longer be fully trusted. Therefore, data confidentiality, availability and integrity is of critical importance in such a scenario. The data owner encrypts data before storing it on the cloud to ensure data confidentiality. Cloud should let the owners or a trusted third party to check for the integrity of their data storage without demanding a local copy of the data. Owners often replicate their data on the cloud servers across multiple data centers to provide a higher level of scalability, availability, and durability. When the data owners ask the cloud service provider (CSP) to replicate data, they are charged a higher storage fee by the CSP. Therefore, the data owners need to be strongly convinced that the CSP is storing data copies agreed on in the service level contract, and data-updates have been correctly executed on all the remotely stored copies. To deal with such problems, previous multi copy verification schemes either focused on static files or incurred huge update costs in a dynamic file scenario. In this paper, we propose a dynamic multi-replica provable data possession scheme (DMR-PDP) that while maintaining data confidentiality prevents the CSP from cheating, by maintaining fewer copies than paid for and/or tampering data. In addition, we also extend the scheme to support a basic file versioning system where only the difference between the original file and the updated file is propagated rather than the propagation of operations for privacy reasons. DMR-PDP also supports efficient dynamic operations like block modification, insertion and deletion on replicas over the cloud servers. Through security analysis and experimental results, we demonstrate that the proposed scheme is secure and performs better than some other related ideas published recently.     

An adaptive and trustworthy software testing framework on the grid

Grid computing, which is characterized by large-scale sharing and collaboration of dynamic distributed resources has quickly become a mainstream technology in distributed computing and is changing the traditional way of software development. In this article, we present a grid-based software testing framework for unit and integration test, which takes advantage of the large-scale and cost-efficient computational grid resources to establish a testbed for supporting automated software test in complex software applications. Within this software testing framework, a dynamic bag-of-tasks model using swarm intelligence is developed to adaptively schedule unit test cases. Various high-confidence computing mechanisms, such as redundancy, intermediate value checks, verification code injection, and consistency checks are employed to verify the correctness of each test case execution on the grid. Grid workflow is used to coordinate various test units for integration test. Overall, we expect that the grid-based software testing framework can provide efficient and trustworthy services to significantly accelerate the testing process with large-scale software testing.

基于无干扰理论的虚拟机可信启动研究

云计算作为一种新型高价值计算系统,目前被广泛应用于各行业领域;等保2.0中也提出了对其应用主动免疫可信计算技术进行动态可信验证的要求.云计算模式下,虚拟机作为用户使用云服务的直接载体,其可信启动是虚拟机运行环境可信的基础.但由于虚拟机以进程的形式运行在物理节点上,其启动过程呈现出高动态性,且多虚拟机域间存在非预期干扰等特点;而现有的虚拟机可信启动方案存在虚拟机启动过程的动态防护性不足、缺乏多虚拟域间非预期干扰性排除等问题.针对上述问题,提出一种基于无干扰理论的虚拟机可信启动研究方案.首先,基于无干扰理论,提出了虚拟机进程的运行时可信定理;进一步地,给出了虚拟机可信启动的定义并证明了虚拟机可信启动判定定理.其次,依据虚拟机可信启动判定定理,基于系统调用设计监测控制逻辑,对虚拟机启动过程进行主动动态度量与主动控制.实验结果表明所提方案能够有效排除复杂云环境下多虚拟机间非预期干扰,保证虚拟机启动过程的动态可信性,且性能开销较小.     

可信计算平台管理中心的设计与实现

针对能够提供可信的运行环境和服务的一种可信计算平台,文章设计并实现了可信计算平台的管理和维护程序—“管理中心”;并对管理中心的工作流程和实现进行了详细的阐述。     

基于TPM的嵌入式可信计算平台设计

增强工业嵌入式系统的安全性是当今工业信息安全领域研究的核心议题。只依靠软件的安全机制已经不能充分地保护信息安全,而现有的可信平台模块是专为个人计算机设计的,不能满足工业嵌入式系统的特殊需求。通过研究可信计算技术,设计了基于可信平台模块TPM的嵌入式可信计算平台,并从软件结构和硬件结构,分析了可信平台模块和信任链的传递机制。最后,在ZYNQ硬件平台上进行可信验证,通过内核伪造攻击测试,验证了设计的正确性,从而确保了工业嵌入式平台的安全可信。     

基于云计算平台的政务大数据系统自动检索方法研究

传统检索方法查准率和查全率相对较差,导致自动检索精准度较低。为此,提出了基于云计算平台的政务大数据系统自动检索方法研究。在云计算平台下,利用CiteSpace软件对政务大数据系统中的关键词进行统计分析,获取相关资源。在电子政务联机模式下,揭示政务大数据系统中资源相关属性,在MapReduce挖掘模型支持下,进行政务大数据系统数据挖掘,实现政务大数据系统自动检索。实验验证分析,该方法检索查准率和查全率较高,具有高效检索效果。     

普适计算环境下信任管理模型的研究

普适计算环境下,各种资源、设备、应用以及环境均是高度动态变化的,因此如何衡量实体间的信任关系成为了一个十分重要的问题.传统的安全和认证方法基于可信第三方,而在动态的普适计算环境下,可信第三方的设置是不现实的,也是不可行的.基于以上问题,提出了一个新的普适计算信任管理模型,该模型集成了信誉和风险分析机制,考虑了多种相关因素,可以有效建立和度量各实体间的信任关系.相关仿真结果证明,该模型是行之有效的.     

面向异构计算的高性能计算算法与软件

研发适应国产异构计算环境的高性能计算算法与软件是非常重要的课题,对我国高性能计算软件研发匹配高性能计算硬件高水平发展的速度具有重要意义.首先,简要介绍高性能计算应用软件的现状、趋势和面临挑战,并对几类典型高性能计算应用软件开展并行计算算法特征分析,涵盖了宇宙N体模拟、地球系统模式、计算材料相场动力学、分子动力学、量子计算化学和格点量子色力学等多个问题、尺度和领域.其次,讨论了面向国产异构计算系统的对策,提炼出若干典型应用算法和软件的共性问题,涉及核心算法、算法发展、优化策略等.最后,面向异构计算体系结构,对高性能计算算法与软件进行了总结.     

面向异构计算的高性能计算算法与软件

研发适应国产异构计算环境的高性能计算算法与软件是非常重要的课题,对我国高性能计算软件研发匹配高性能计算硬件高水平发展的速度具有重要意义.本文首先简要介绍高性能计算应用软件的现状、趋势和面临挑战,并对几类典型高性能计算应用软件开展并行计算算法特征分析,涵盖了宇宙N体模拟、地球系统模式、计算材料相场动力学、分子动力学、量子计算化学和格点量子色力学等多个问题、尺度和领域.其次,我们讨论了面向国产异构计算系统的对策,提炼出若干典型应用算法和软件的共性问题,涉及核心算法、算法发展、优化策略等.最后,本文面向异构计算体系结构对高性能计算算法与软件进行了总结.     

Fingerprint verification based on minutiae features: a review

Fingerprints have been an invaluable tool for law enforcement and forensics for over a century, motivating research into automated fingerprint-based identification in the early 1960s. More recently, fingerprints have found an application in biometric systems. Biometrics is the automatic identification of an individual based on physiological or behavioural characteristics. Due to its security-related applications and the current world political climate, biometrics is presently the subject of intense research by private and academic institutions. Fingerprints are emerging as the most common and trusted biometric for personal identification. The main objective of this paper is to review the extensive research that has been done on automated fingerprint matching over the last four decades. In particular, the focus is on minutiae-based algorithms. Minutiae features contain most of a fingerprints individuality, and are consequently the most important fingerprint feature for verification systems. Minutiae extraction, matching algorithms, and verification performance are discussed in detail, with open problems and future directions identified.

The marketplace of high-performance computing

In this paper we analyze the major trends and changes in the High-Performance Computing (HPC) market place since the beginning of the journal `Parallel Computing'. The initial success of vector computers in the 1970s was driven by raw performance. The introduction of this type of computer systems started the area of `Supercomputing'. In the 1980s the availability of standard development environments and of application software packages became more important. Next to performance these factors determined the success of MP vector systems, especially at industrial customers. MPPs became successful in the early 1990s due to their better price/performance ratios, which was made possible by the attack of the `killer-micros'. In the lower and medium market segments the MPPs were replaced by microprocessor based symmetrical multiprocessor (SMP) systems in the middle of the 1990s. There success formed the basis for the use of new cluster concepts for very high-end systems. In the last few years only the companies which have entered the emerging markets for massive parallel database servers and financial applications attract enough business volume to be able to support the hardware development for the numerical high-end computing market as well. Success in the traditional floating point intensive engineering applications seems to be no longer sufficient for survival in the market.     

Building Automated Trust Negotiation architecture in virtual computing environment

Automated Trust Negotiation (ATN) is an important method to establish trust relationship between two strangers by exchanging their access control policies and credentials. Unfortunately, ATN is not widely adopted because of the complexity and multiformity of negotiation policies, especially in virtual computing environment, where the situation becomes worse than in traditional computing environment, due to the fact that a host with multiple virtual machines needs to be deployed with multiple negotiation policies. Moreover, all of these policies for each virtual machine must be upgraded and checked. To ease the burden on the administrator when deploying ATN access control policies and credentials in virtual computing environment, we propose an automated trusted negotiation architecture called virtual automated trust negotiation (VATN) to centralize ATN policies and credentials for multiple virtual machines in a physical node into a privileged virtual machine. VATN puts policy compliance checker and credential verification control in each virtual machine to improve the execution efficiency of trust negotiation. We implement VATN in Xen virtualization platform. Finally, we discuss the correctness of policy consistency checking and make performance analysis of VATN implemented in Xen.     

云计算下的基于萤火虫-遗传算法的资源调度

如何能够最大限度发挥云计算中资源调度效率是目前研究的热点之一.首先建立云计算环境下的资源调度模型,将萤火虫算法中的个体与云计算节点资源进行对应,其次在算法中个体初始化中引入遗传算法优化初始解,对算法中的位置更新设定感觉阀值用来调节个体选择最优路径的概率;最后针对挥发因子的改进使得荧光素的值进行更新.仿真实验表明,该算法能够有效的提高云计算中的资源调度性能,缩短了任务完成的时间,提高系统整体处理能力.