普适计算环境下的安全访问模型

针对移动终端的普及和可信计算技术对移动终端通信模式的影响，为满足普适计算环境的安全访问需求，本文提出普适计算环境下的安全访问模型，该模型定义了普适计算环境下用户的本地注册、域内访问和域间漫游3种机制，并详细介绍了相应的工作流程.安全性证明表明本文机制是CK安全的；分析显示本文模型在匿名性、安全性和效率上的优势，使其更加适合在普适计算环境下使用.     

基于普适计算的分布式定位设计

普适环境中,定位计算是上下文察觉计算的重要内容。本文提出分布式定位计算的思想,该思想摆脱了以往传统定位中先确定用户坐标再判断其所处区域的繁琐模式,将对用户所处区域的计算分散至底层的感知设备中,减轻了计算设备的计算负担,提高了上下文感知系统的效率,并通过实现该定位设计验证了分布式定位设计的可行性。     

Centaurus: An Infrastructure for Service Management in Ubiquitous Computing Environments

In the near future, we will see dramatic changes in computing and networking hardware. A large number of devices (e.g., phones, PDAs, even small household appliances) will become computationally enabled. Micro/nano sensors will be widely embedded in most engineered artifacts, from the clothes we wear to the roads we drive on. All of these devices will be (wirelessly) networked using Bluetooth, IEEE 802.15 or IEEE 802.11 for short range connectivity creating pervasive environments. In this age where a large number of wirelessly networked appliances and devices are becoming commonplace, there is a necessity for providing a standard interface to them that is easily accessible by any user. This paper outlines the design of Centaurus, an infrastructure for presenting services to heterogeneous mobile clients in a physical space via some short range wireless links. The infrastructure is communication medium independent; we have implemented the system over Bluetooth, CDPD and Infrared, three well-known wireless technologies. All the components in our model use a language based on Extensible Markup Language (XML) for communication, giving the system a uniform and easily adaptable interface. Centaurus defines a uniform infrastructure for heterogeneous services, both hardware and software, to be made available to diverse mobile users within a confined space.     

普适服务综述

随着技术和市场的发展,电信网和互联网正在走向融合,形成一体化网络,提供的服务也将逐步趋同。普适服务融合了各方面对未来服务的需求和期望,成为超3G、下一代网络（NGN）、下二代互联网（NGI）等研究领域的热点问题。普适服务的概念起源于普适计算和超3G领域,其特征包括普适性、移动性、透明性、质量可控性、个性化、自适应性、主动性、安全性、易用性、多样性、快捷性。3GPP、OMA等标准化组织以及欧盟的超3G研究项目都针对普适服务的不同特征进行了研究。当前普适服务的研究热点包括上下文感知、业务使能等技术。     

Piecewise Network Awareness Service for Wireless/Mobile Pervasive Computing

This paper presents a piecewise framework for network awareness service (NAS) for wireless/mobile pervasive computing. We investigate how piecewise consideration of wired and wireless elements of the framework architecture benefits service advertisement and discovery and network-awareness techniques. We also discuss scalability of the NAS framework with respect to platform computing capabilities. The framework is suitable for a wide range of computing devices, from powerful ones with multi-tasking operating systems (OS) to small ones with lightweight OS. Case studies applying the NAS framework to sensor monitoring in home networks and data streaming in pervasive multimedia computing are presented. The analytical results on the performance of the NAS framework in these case studies show that it has significant advantages over traditional network-awareness frameworks in terms of reducing wireless bandwidth consumption and saving battery energy of mobile devices.     

Privacy-enhanced,Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability

In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing a service session.

面向普适计算的动态多级安全访问控制方案

提出一种面向普适计算的动态多级安全访问控制新方案,形式化描述了访问控制的构成要素,定义了动态访问控制策略,最后给出了授权实现算法.方案既保证了授权的动态性,又增强了访问控制的安全性,更适合于普适计算环境.     

基于无线传感器的普适计算系统安全性探讨

普适计算的发展加速了计算模式的革新,但安全性方面的挑战成为制约其发展的瓶颈。信息安全对以嵌入式控制为主的普适计算系统的正常工作有着重要意义。由于隐秘通道存在着私人信息泄漏的可能,而规避周界安全的隐秘通道技术的研究尚未得到应有的重视。文中提出基于无线传感器的隐秘通道安全技术,以一种无法被其它系统所探知的方式,对无线传感器参数数据进行优化调整,以可见的数据加密方式,实现隐秘通道传送,为确保普适计算系统的信息安全提供了参考。     

分布式计算技术概述

分布式计算已经广泛而又深入的参透到各行各业的科技应用中.本文对几种主要的分布式计算技术,如网格、云计算、普适计算等,做了分析和比较,同时对分布式计算目前所面临的问题做了总结.最后对分布式计算技术未来的发展方向做了展望与预测.     

普适环境下带宽自适应的组播策略

提出一种以树状拓扑为主干,Mesh状拓扑为辅助的组播策略.首先定义严格单源树状拓扑,并根据普适环境下结点的自治性行为提出放松单源树状拓扑.其次分析树状拓扑动态性带来的带宽瓶颈问题.通过Mesh状辅助拓扑和结点带宽使用情况动态调整结点状态,实现了自适应的带宽使用策略,保证了较高的使用率和可用性.分析模拟结果表明,与现有的方法相比,该策略能够取得较好的组播性能.     

面向普适计算的自适应技术研究

在普适计算领域中,终端设备所能够使用的资源是动态变化的,要求终端具有自适应处理能力,能够根据资源的变化作出相应的响应.文中以嵌入式操作系统为基础,提出了终端自适应处理的体系结构,并详细分析了采用模糊控制理论的应用自适应设计方法.在嵌入式浏览器的应用中,具有自适应处理策略的浏览器在所需要的资源发生变化时,能够获得比较稳定的上网性能.     

普适计算中多通道交互框架的研究

多通道交互是普适计算人机交互中一个新的发展趋势,国际标准化组织W3C公布的多通道交互协议旨在开发支持普适计算设备多通道交互的通用协议标准。本文对此标准协议中的多通道交互基本框架进行了分析,并提出了此框架中,环境上下文在交互管理构件和系统环境构件中与用户输入输出信息的融合框架。在此框架基础上对驾驶导航(Driving Direction)实例进行分析。     

云计算的服务安全体系结构和访问控制模型

Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views , the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers . An attribute-based dynamic access control model is presented to detail the relationships among subjects , objects , roles , attributes , context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.     

Service Discovery in Agent-Based Pervasive Computing Environments

Directory based service discovery mechanisms are unsuitable for ad-hoc m-commerce environments. Working towards finding an alternate mechanism, we developed Allia: a peer-to-peer caching based and policy-driven agent-service discovery framework that facilitates cross-platform service discovery in ad-hoc environments. Our approach achieves a high degree of flexibility in adapting itself to changes in ad-hoc environments and is devoid of common problems associated with structured compound formation in mobile commerce environments. Device capabilities and limitations, user preferences regarding device usage, application specifics with respect to mobile commerce are factors that our framework adapts to. We have described our initial implementation of Allia over ThinkPads and iPAQs by extending the LEAP Agent Platform and using Bluetooth as the underlying network protocol. In addition, we evaluated Allia's performance by running simulations of our protocol in Glomosim simulator. We also compared our framework against a structured compound-based architecture.     

普适计算环境下的嵌入式数据库应用体系结构

嵌入式数据库技术是整个普适计算系统正常工作中的重要一环。在讨论了普适计算和嵌入式数据库的关系之后,简单介绍了嵌入式数据库的特点和关键技术,重点分析了普适计算环境对嵌入式数据库的要求及所面临的研究问题,并给出了使用DB2 EveryPlace建立嵌入式数据库系统应用的步骤,展望了普适计算与嵌入式数据库技术结合的应用前景和需要解决的一些课题。     

安全桌面云计算架构解决方案

当前,很多企业和行业用户纷纷采用桌面云计算技术改造或建设自身的信息化基础设施,以期提高信息系统治理水平,减少信息外泄的途径。随着虚拟化等关键技术的引入,桌面云计算架构也面临着新的安全风险,针对桌面云计算架构所面临的安全风险提出了较为完整的解决方案,远程用户可以基于此随时随地利用有线/无线等多种网络接入方式访问后台数据中心,如同在本地一样操作各类业务。     

Supporting Service Discovery,Querying and Interaction in Ubiquitous Computing Environments

In this paper, we contend that ubiquitous computing environments will be highly heterogeneous, service rich domains. Moreover, future applications will consequently be required to interact with multiple, specialised service location and interaction protocols simultaneously. We argue that existing service discovery techniques do not provide sufficient support to address the challenges of building applications targeted to these emerging environments.This paper makes a number of contributions. Firstly, using a set of short ubiquitous computing scenarios we identify several key limitations of existing service discovery approaches that reduce their ability to support ubiquitous computing applications. Secondly, we present a detailed analysis of requirements for providing effective support in this domain. Thirdly, we provide the design of a simple extensible meta-service discovery architecture that uses database techniques to unify service discovery protocols and addresses several of our key requirements. Lastly, we examine the lessons learnt through the development of a prototype implementation of our architecture.     

基于XML实现液晶编程的一种新方法

针对传统液晶显示编程工作量大、繁琐，且程序形成后，再进行修改比较困难的缺点，提出了基于可扩展标志语言(Extensible Markup Language，XML)技术编程的一种新方法。这种方法把显示内容和显示算法分开，由Pc绘制显示内容并转换成基于XML标准的文件存储到单片机的ROM中，而显示算法只需根据显示文件的格式进行判断调用相应的函数。这种运用XML技术实现液晶显示编程，不仅提高编程的效率、增强程序的可维护性，而且大大减小程序占用的空间。     

基于抽象状态机的普适服务组合分析与验证

提出了一个普适环境下服务组合的框架,使用抽象状态机对服务的行为进行不同精化层级的形式化描述,然后利用 CoreASM 这一模型检测工具对服务组合进行模拟执行验证,从而验证服务组合的正确性.最后给出了一个运用此方法进行服务组合验证的典型应用场景.