检索结果-南通市图书馆

On the satisfiability of authorization requirements in business process

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Frontiers of Computer Science 2017年第3期11卷 528-540页

作者： Yang BO chunhe xia Zhigang ZHANG Xinzheng LU Beijing Key Laboratory of Network Technology Beihang University Beijing 100191 China School of Computer Science and Engineering Beihang University Beijing 100191 China The Research Institute of Beihang University in Shenzhen Shenzhen 518057 China National Education Examinations Authority Ministry of Education Beijing 100084 China

Satisfiability problem of authorization require- ments in business process asks whether there exists an as- signment of users to tasks that satisfies all the requirements, and methods were proposed to solve this problem. However, the proposed methods are inefficient in the sense that a step of the methods is searching all the possible assignments, which is time-consuming. This work proposes a method to solve the satisfiability problem of authorization requirements with- out browsing the assignments space. Our method uses im- proved separation of duty algebra （ISoDA） to describe a sat- isfiability problem of qualification requirements and quan- tification requirements （Separation of Duty and Binding of Duty requirements）. Thereafter, ISoDA expressions are re- duced into multi-mutual-exclusive expressions. The satisfia- bilities of multi-mutual-exclusive expressions are determined by an efficient algorithm proposed in this study. The experiment shows that our method is faster than the state-of-the-art methods.

关键词： satisfiability authorization requirements separation of duty binding of duty business process

LDA-ID:An LDA-Based Framework for Real-Time Network Intrusion Detection

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

China Communications 2023年第12期20卷 166-181页

作者： Weidong Zhou Shengwei Lei chunhe xia Tianbo Wang Key Laboratory of Beijing Network Technology Beihang UniversityBeijing 100191China School of Cyber Science and Technology Beihang UniversityBeijing 100191China

Network intrusion poses a severe threat to the ***,existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature *** addition,efficient real-time detection is an urgent *** address the two above problems,we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection(LDA-ID),consisting of static and online *** problem of feature overlap is transformed into static LDA-ID topic number optimization and topic ***,the detection is based on the latent topic *** achieve efficient real-time detection,we design an online computing mode for static LDA-ID,in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new ***,we design two matching mechanisms to accommodate the static and online LDA-ID,*** results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.

关键词： feature overlap LDA-ID optimal topic number determination real-time intrusion detection

A behavior-aware SLA-based framework for guaranteeing the security conformance of cloud service

在线全文

学校读者我要写书评

暂无评论

Frontiers of Computer Science 2020年第6期14卷 153-169页

作者： xiaochen LIU chunhe xia Tianbo WANG Li ZHONG xiaojian LI Beijing Key Laboratory of Network Technology School of Computer Science and EngineeringBeihang UniversityBeijing 100191China School of Computer Science and Information Technology Guangxi Normal UniversityGuilin 541004China School of Cyber Science and Technology Beihang UniversityBeijing 100191China

As cloud computing technology turning to mature,cloud services have become a trust-based ***'distrust of the security and performance of cloud services will hinder the rapid deployment and development of cloud *** cloud service providers(CSPs)urgently need a way to prove that the infrastructure and the behavior of cloud services they provided can be *** challenge here is how to construct a novel framework that can effective verify the security conformance of cloud services,which focuses on fine-grained descriptions of cloud service behavior and security service level aggreements(SLAs).In this paper,we propose a novel approach to verify cloud service security conformance,which reduces the description gap between the CSP and users through modeling cloud service behavior and security SLA,these models enable a systematic integration of security constraints and service behavior into cloud while using UPPAAL to check the performance and security *** proposed approach is validated through case study and experiments with real cloud service based on Open-Stack,which illustrates CloudSec approach effectiveness and can be applied on realistic cloud scenario.

关键词： security conformance security SLA cloud be-havior modeling

Trust Type Based Trust Bootstrapping Model of Computer Network Collaborative Defense

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

China Communications 2015年第12期12卷 133-146页

作者： YU Yang xia chunhe LI Shiying LI Zhong Beijing Key Laboratory of Network Technology School of Computer Science and EngineeringBeihang University

In the system of Computer Network Collaborative Defense(CNCD),it is difficult to evaluate the trustworthiness of defense agents which are newly added to the system,since they lack historical interaction for trust *** will lead that the newly added agents could not get reasonable initial trustworthiness,and affect the whole process of trust *** solve this problem in CNCD,a trust type based trust bootstrapping model was introduced in this ***,the division of trust type,trust utility and defense cost were *** the constraints of defense tasks were analyzed based on game *** to the constraints obtained,the trust type of defense agents was identified and the initial trustworthiness was assigned to defense *** simulated experiment shows that the methods proposed have lower failure rate of defense tasks and better adaptability in the respect of defense task execution.

关键词： trust defense constraints adaptability behave execution interactive reputation Collaborative utility

Modeling and Global Conflict Analysis of Firewall Policy

在线全文

学校读者我要写书评

暂无评论

China Communications 2014年第5期11卷 124-135页

作者： LIANG xiaoyan xia chunhe JIAO Jian HU Junshun LI xiaojian Beij ing Key Laboratory of Network Technology Beihang University Beijing 100191 R R. China Beijing Information Science & Technology University Beijing 100192 P. R. China Software Development Center of China Agricultural Bank Beijing 100073 P. R. China College of Computer Science and Information Technology Guangxi Normal University Guilin 541004 Guangxi Province P. R. China

The global view of firewall policy conflict is important for administrators to optimize the *** has been lack of appropriate firewall policy global conflict analysis,existing methods focus on local conflict *** research the global conflict detection algorithm in this *** presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough *** on this model,we presented the global conflict formal model,and represent it with OBDD(Ordered Binary Decision Diagram).Then we developed GFPCDA(Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global *** experiment,we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model,of a classical *** compared this algorithm with GFPCDA *** results show that GFPCDA detects conflicts more precisely and independently,and has better performance.

关键词： firewall policy semantic model conflict analysis conflict detection

An Algorithm for Generation of Attack Signatures Based on Sequences Alignment

在线全文

学校读者我要写书评

暂无评论

Journal of Software Engineering and Applications 2008年第1期1卷 76-82页

作者： Nan Li chunhe xia Yi Yang HaiQuan Wang Beihang University

This paper presents a new algorithm for generation of attack signatures based on sequence alignment. The algorithm is composed of two parts: a local alignment algorithm-GASBSLA (Generation of Attack Signatures Based on Sequence Local Alignment) and a multi-sequence alignment algorithm-TGMSA (Tri-stage Gradual Multi-Sequence Alignment). With the inspiration of sequence alignment used in Bioinformatics, GASBSLA replaces global alignment and constant weight penalty model by local alignment and affine penalty model to improve the generality of attack signatures. TGMSA presents a new pruning policy to make the algorithm more insensitive to noises in the generation of attack signatures. In this paper, GASBSLA and TGMSA are described in detail and validated by experiments.

关键词： Attack Signatures Generation Sequence Local Alignment Affine Penalty Intrusion Detection Pruning Policy

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

业务流程授权约束依从性分析

计算机研究与发展 2017年第10期54卷 2404-2418页

作者：薄阳夏春和网络技术北京市重点实验室(北京航空航天大学) 北京100191 北京航空航天大学计算机学院北京100191 广西师范大学计算机科学与信息工程学院广西桂林510004

授权约束的依从性研究是业务流程安全领域中的重要研究内容.针对授权约束提出了全新的业务流程依从性分析框架,该框架可以处理:1)流程授权和非流程授权;2)业务流程任务委托;3)角色继承关系;4)职责分离和职责绑定约束;5)静态约束和动态约... 详细信息

授权约束的依从性研究是业务流程安全领域中的重要研究内容.针对授权约束提出了全新的业务流程依从性分析框架,该框架可以处理:1)流程授权和非流程授权;2)业务流程任务委托;3)角色继承关系;4)职责分离和职责绑定约束;5)静态约束和动态约束.提出授权图表示依从性分析框架,并给出授权图的构造和化简方法对授权图进行维护,然后设计了针对授权图的依从性分析算法.基于分析结果,给出了不依从授权约束的冲突模式,针对每一种冲突模式设计一组解决方案,并实现了原型系统.所提出的授权约束依从性分析框架独立于系统部署的平台,适用范围广泛.最后通过实例分析和实验验证说明了该方法的有效性.

关键词：业务流程授权约束依从性职责分离职责绑定任务委托

Research on Survivability of Mobile Ad-hoc Network

在线全文

学校读者我要写书评

暂无评论

Journal of Software Engineering and Applications 2009年第1期2卷 50-54页

作者： Yuan Zhou chunhe xia Haiquan Wang Jianzhong Qi Beihang University Beijing China

In this paper, we analyze the survivability of Mobile Ad Hoc Network systemically and give a detailed description of the survivability issues related to the MANET. We begin our work with analyzing the requirements of survivability of ad hoc network, and then we classify the impacts that affect survivability into three categories: dynamic topology, faults and attacks. The impacts of these factors are analyzed individually. A simulation environment for the MANET towards survivability is designed and implemented as well. Experiments that under the requirements and the impacts we de-clared are done based on this environment.

关键词： Ad hoc Survivability GTNeTS Simulation

基于改进迭代FFT算法的均匀线阵交错稀疏布阵方法

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

电子与信息学报 2016年第4期38卷 970-977页

作者：李龙军王布宏夏春和空军工程大学信息与导航学院西安710077 北京航空航天大学北京100191

基于孔径空分复用的共享孔径交错稀疏布阵是实现机载多功能天线的有效途径。该文提出一种基于改进迭代FFT算法的均匀线阵交错稀疏布阵方法。基于均匀线阵天线激励与方向图的傅里叶变换关系,通过对目标方向图采样的频谱分析,采用交叉选... 详细信息

基于孔径空分复用的共享孔径交错稀疏布阵是实现机载多功能天线的有效途径。该文提出一种基于改进迭代FFT算法的均匀线阵交错稀疏布阵方法。基于均匀线阵天线激励与方向图的傅里叶变换关系,通过对目标方向图采样的频谱分析,采用交叉选取子阵激励的方法对子阵单元进行稀疏优化布阵,实现了子阵频谱能量的均匀分配,确保了交错稀疏子阵方向图的一致性。在此基础上采用迭代FFT算法对稀疏交错子阵进行联合优化。理论分析与仿真实验表明,相对于基于差集及遗传算法的稀疏交错优化方法,该算法通过较少次数的迭代,可以实现等稀疏率和方向图近似一致的交错稀疏布阵,而且可以获得更低的副瓣电平。

关键词：阵列天线共享孔径稀疏交错迭代FFT 副瓣电平