Ambient Petri Nets

Both the Ambient Calculus by L. Cardelli and the Elementary Object Systems by R. Valk model the behaviour of mobile systems. The Ambient Calculus is based on the concept of ambient, which is an environment with a given name that is delimited by a boundary, where some internal processes are executed. The main property of these ambients is that they can be moved to a new location thus modeling mobility. Elementary Object Systems are two-level net systems composed of a system net and one or more object nets, which can be seen as high-level token objects of the system net modeling the execution of mobile processes. This paper intends to contribute to the relationship between both frameworks by defining a multilevel extension of Elementary Object Systems, which will be used to provide a denotational semantics of a new process algebra called APBC (Ambient Petri Box Calculus). Such process algebra is an extension of the Petri Box Calculus that includes both ambients and their mobility capabilities, which conversely can be also interpreted as an extension of the Ambient Calculus with the main operations from the PBC.     

Types for the Ambient Calculus

The ambient calculus is a concurrent calculus where the unifying notion of ambient is used to model many different constructs for distributed and mobile computation. We study a type system that describes several properties of ambient behavior. The type system allows ambients to be partitioned in disjoint sets (groups), according to the intended design of a system, in order to specify both the communication and the mobility behavior of ambients.     

Splitting Mobility and Communication in Boxed Ambients

Stemming from our previous work on BACI, a boxed ambient calculus with communication in- terfaces, we define a new calculus that further enhances communication mechanisms and mobility control by introducing multiple communication ports, access control lists, and port hiding.The development of the calculus is mainly focused on three objectives: separation of concerns between mobility and communication, fine-grained controls, and locality. Communication primi- tives use ports to establish communication channels between ambients, while ambient names are only used for mobility. In order to achieve a better control over mobility, the calculus includes co-capabilities à la Safe Ambients, but with the addition of access control lists. These lists contain the names of the ambients that are allowed to enter or exit the ambient with that co-capability.The resulting calculus not only provides more flexibility and expressiveness than Boxed Ambients, but also enables simpler implementations using more powerful constructs for communication and mobility. We establish the basic meta-theory of the calculus by providing rules for type safety and showing that typing is preserved during execution.     

On the Expressiveness of Pure Mobile Ambients

We consider the Pure Ambient Calculus, which is Cardelli and Gordon's Ambient Calculus (or more precisely its safe version by Levi and Sangiorgi) restricted to its mobility primitives, and we focus on its expressive power. Since it has no form of communication or substitution, we show how these notions can be simulated by mobility and modifications in the hierarchical structure of ambients. As an example, we give an encoding of the synchronous π-calculus into pure ambients and we state an operational correspondence result. In order to simplify the proof and give an intuitive understanding of the encoding, we design an intermediate language: the π-Calculus with Explicit Substitutions and Channels, which is a syntactic extension of the π-calculus with a specific operational semantics.     

The Calculus of Context-aware Ambients

We present the Calculus of Context-aware Ambients (CCA in short) for the modelling and verification of mobile systems that are context-aware. This process calculus is built upon the calculus of mobile ambients and introduces new constructs to enable ambients and processes to be aware of the environment in which they are being executed. This results in a powerful calculus where both mobility and context-awareness are first-class citizens. We present the syntax and a formal semantics of the calculus. We propose a new theory of equivalence of processes which allows the identification of systems that have the same context-aware behaviours. We prove that CCA encodes the π-calculus which is known to be a universal model of computation. Finally, we illustrate the pragmatics of the calculus through many examples and a real-world case study of a context-aware hospital bed.     

Detecting attacks in high-speed networks: Issues and solutions

ABSTRACT

Intrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network.     

Predicate μ-Calculus for Mobile Ambients

Ambient logics have been proposed to describe properties for mobile agents which may evolve over time as well as space. This paper takes a predicate-based approach to extending an ambient logic with recursion, yielding a predicate μ-calculus in which fixpoint formulas are formed using predicate variables. An algorithm is developed for model checking finite-control mobile ambients against formulas of the logic, providing the first decidability result for model checking a spatial logic with recursion.     

定向网络攻击追踪溯源层次化模型研究

定向网络攻击对网络空间安全构成了极大的威胁，甚至已经成为国家间网络对抗的一种主要形式。本文认为定向网络攻击难以避免，传统的以识别并阻断攻击为核心的防御体系不能很好地应对复杂先进的定向网络攻击，遂提出将追踪溯源作为威慑性防御手段。本文给出了定向网络攻击追踪溯源的形式化定义和分类；充分借鉴了网络欺骗等领域的研究成果，提出通过构建虚实结合的网络和系统环境，采用主被动相结合的方式，追踪溯源定向网络攻击；构建了包括网络服务、主机终端、文件数据、控制信道、行为特征和挖掘分析六个层次的定向网络攻击追踪溯源模型，并系统阐述了模型各层次的内涵及主要技术手段；以此模型为基础，建立了以"欺骗环境构建"、"多源线索提取"、"线索分析挖掘"为主线的追踪溯源纵深体系，多维度追踪溯源定向网络攻击；结合现有攻击模型、追踪溯源理论和典型溯源案例，论证了所建立的模型的有效性。     

Interaction in Time and Space

Distributed π-calculus and ambient calculus are extended with timers which may trigger timeout recovery processes. Timers provide a useful notion of relative time with respect to the interaction in a distributed system. The rather flat notion of space in timed distributed π-calculus is improved by considering a hierarchical representation of space in timed mobile ambients. Some basic results are proven, making sound both formal approaches. An easily understood example is used for both extensions, showing how it is possible to describe a non-monotonic behaviour and use a decentralized control to coordinate the interacting components in time and space.     

Resilient filtering for cyber‐physical systems under denial‐of‐service attacks

Owing to the deep integration of control, computation, and communication, cyber‐physical systems (CPSs) play an important role in wide real‐world applications. In this paper, we investigate the problem of resilient filter design of CPSs under malicious denial‐of‐service (DoS) attacks launched by adversaries. Firstly, based on two standard assumptions concerning with the frequency and duration of DoS attacks, we state the H_∞ filtering problem for the CPSs under DoS attacks. Then, sufficient conditions are developed to ensure that, when there are DoS attacks, the filtering error dynamics of the underlying CPSs is mean square exponential stable with a prescribed H_∞ disturbance attenuation performance. Furthermore, a switched filter is designed for CPSs under DoS attacks. Examples are given to illustrate the effectiveness and potential of the proposed new design techniques.     

Resilient Time-Varying Formation-Tracking of Multi-UAV Systems Against Composite Attacks: A Two-Layered Framework

This paper studies the countermeasure design problems of distributed resilient time-varying formation-tracking control for multi-UAV systems with single-way communications against composite attacks,including denial-of-services(DoS)attacks,false-data injection attacks,camouflage attacks,and actuation attacks(AAs).Inspired by the concept of digital twin,a new two-layered protocol equipped with a safe and private twin layer(TL) is proposed,which decouples the above problems into the defense scheme ...     

移动灰箱演算中强干扰问题的进一步控制

为了消除移动灰箱演算中的强干扰问题,Levi等人提出了安全灰箱演算.然而,安全灰箱演算中引入的反动作却带来了新的安全隐患.为了消除上述安全隐患,提出了鲁棒灰箱演算.鲁棒灰箱演算在依靠反动作解决强干扰问题的同时,利用反动作的参数明确了该反动作的使用对象,有效地消除了安全灰箱演算中的不安全因素.对防火墙跨越的描述和对多元异步(-演算的翻译显示鲁棒灰箱演算依然具有较强的类似移动灰箱演算和安全灰箱演算的表达能力.同时还就鲁棒灰箱演算的类型问题作了初步的探讨,给出并证明了一套可以描述进程和能力的移动性和线程数两个属性的类型系统.研究结果初步表明,鲁棒灰箱演算可以成为移动计算形式化描述中的有力工具.     

Behavioural typing for safe ambients

We introduce a typed variant of Safe Ambients, named Secure Safe Ambients (SSA), whose type system allows behavioral invariants of ambients to be expressed and verified. The most significant aspect of the type system is its ability to capture both explicit and implicit process and ambient behavior: process types account not only for immediate behavior, but also for the behavior resulting from capabilities a process acquires during its evolution in a given context. Based on that, the type system provides for static detection of security attacks such as Trojan Horses and other combinations of malicious agents.We study the type system of SSA, define algorithms for type checking and type reconstruction, define languages for expressing security properties, and study a distributed version of SSA and its type system. For the latter, we show that distributed type checking ensures security even in ill-typed contexts, and discuss how it relates to the security architecture of the Java Virtual Machine.     

Translating Mobile Ambients into P Systems

We present a translation of the mobile ambients without communication and replication into P systems with mobile membranes. We introduce a set of developmental rules over membranes, and describe the correspondence between the behaviour of an ambient and the evolution of its translated membrane system. We give an operational correspondence result between the mobile ambients and P systems.     

Privacy-preserving graph publishing with disentangled variational information bottleneck

Social networks collect enormous amounts of user personal and behavioral data, which could threaten users' privacy if published or shared directly. Privacy-preserving graph publishing (PPGP) can make user data available while protecting private information. For this purpose, in PPGP, anonymization methods like perturbation and generalization are commonly used. However, traditional anonymization methods are challenging in balancing high-level privacy and utility, ineffective at defending against both various link and hybrid inference attacks, as well as vulnerable to graph neural network (GNN)-based attacks. To solve those problems, we present a novel privacy-disentangled approach that disentangles private and non-private information for a better privacy-utility trade-off. Moreover, we propose a unified graph deep learning framework for PPGP, denoted privacy-disentangled variational information bottleneck (PDVIB). Using low-dimensional perturbations, the model generates an anonymized graph to defend against various inference attacks, including GNN-based attacks. Particularly, the model fits various privacy settings by employing adjustable perturbations at the node level. With three real-world datasets, PDVIB is demonstrated to generate robust anonymous graphs that defend against various privacy inference attacks while maintaining the utility of non-private information.     

内容中心网络中DoS攻击问题综述

“内容中心网络”（Content Centric Networking,CCN）是未来互联网架构体系群中极具前景的架构之一。尽管CCN网络的全新设计使其能够抵御目前网络存在的大多数形式DoS攻击,但仍引发了新型的DoS攻击,其中危害较大的两类攻击是兴趣包泛洪攻击和缓存污染攻击。这两类DoS攻击利用了CCN网络自身转发机制的安全逻辑漏洞,通过泛洪大量的恶意攻击包,耗尽网络资源,并导致网络瘫痪。与传统IP网络中DoS攻击相比,CCN网络中的内容路由、内嵌缓存和接收者驱动传输等新特征,对其DoS攻击的检测和防御方法都提出了新的挑战。本文首先介绍CCN网络的安全设计和如何对抗已有的DoS攻击,然后从多角度描述、比较CCN中新型DoS攻击的特点,重点阐述了兴趣包泛洪攻击和缓存污染攻击的分类、检测和防御方法,以及它们所面临的问题挑战,最后对全文进行总结。     

The <Emphasis Type="Italic">k</Emphasis>-anonymity and <Emphasis Type="Italic">l</Emphasis>-diversity approaches for privacy preservation in social networks against neighborhood attacks

Recently, more and more social network data have been published in one way or another. Preserving privacy in publishing social network data becomes an important concern. With some local knowledge about individuals in a social network, an adversary may attack the privacy of some victims easily. Unfortunately, most of the previous studies on privacy preservation data publishing can deal with relational data only, and cannot be applied to social network data. In this paper, we take an initiative toward preserving privacy in social network data. Specifically, we identify an essential type of privacy attacks: neighborhood attacks. If an adversary has some knowledge about the neighbors of a target victim and the relationship among the neighbors, the victim may be re-identified from a social network even if the victim’s identity is preserved using the conventional anonymization techniques. To protect privacy against neighborhood attacks, we extend the conventional k-anonymity and l-diversity models from relational data to social network data. We show that the problems of computing optimal k-anonymous and l-diverse social networks are NP-hard. We develop practical solutions to the problems. The empirical study indicates that the anonymized social network data by our methods can still be used to answer aggregate network queries with high accuracy.     

低速率拒绝服务攻击研究综述

低速率拒绝服务攻击是近年来提出的一类新型攻击,其不同于传统洪泛式DoS攻击,主要是利用端系统或网络中常见的自适应机制所存在的安全漏洞,通过低速率周期性攻击流,以更高的攻击效率对受害者进行破坏且不易被发现。LDoS攻击自提出以来便得到了研究者们的充分重视,其攻击特征分析与检测防范方法逐渐成为网络安全领域的一个重要研究课题。首先对目前已提出的各种LDoS攻击方式进行了分类描述和建模,并在NS2平台上进行了实验验证,接着对LDoS攻击的检测防范难点进行了讨论并对已有的各种检测防范方案进行了小结,最后指出了有待进一步研究的几个问题,以期为今后此类攻击检测防范研究工作提供参考。     

Regular 2 w -ary right-to-left exponentiation algorithm with very efficient DPA and FA countermeasures

With the growing demand of efficient cryptosystems, their secure implementations against various side-channel attacks and the fault attack are also requested from the practice. Several countermeasures are proposed so far, and this paper proposes a new regular 2 ^w -ary right-to-left exponentiation algorithm, which can be equipped with very efficient DPA (differential power attack) and FA (fault attack) countermeasures. Since its regular behavior clearly prevents the simple power analysis attack, the new algorithm gives a strong resistance to all the well-known major implementation attacks. This paper also gives a variant of the new algorithm for securely implementing the RSA cryptosystem with CRT (Chinese Remainder Theorem).     

Controlled invariant feasibility — A general approach to enforcing strong feasibility in MPC applied to move-blocking

Strong feasibility of MPC problems is usually enforced by constraining the state at the final prediction step to a controlled invariant set. However, such terminal constraints fail to enforce strong feasibility in a rich class of MPC problems, for example when employing move-blocking. In this paper a generalized, least restrictive approach for enforcing strong feasibility of MPC problems is proposed and applied to move-blocking MPC. The approach hinges on the novel concept of controlled invariant feasibility. Instead of a terminal constraint, the state of an earlier prediction step is constrained to a controlled invariant feasible set. Controlled invariant feasibility is a generalization of controlled invariance. The convergence of well-known approaches for determining maximum controlled invariant sets, and j-step admissible sets, is formally proved. Thus an algorithm for rigorously approximating maximum controlled invariant feasible sets is developed for situations where the exact maximum cannot be determined.