检索结果-南通市图书馆

A Multilevel security model for Private Cloud

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Chinese Journal of Electronics 2014年第2期23卷 232-235页

作者： XUE Haiwei ZHANG Yunliang GUO Zhien DAI Yiqi Department of Computer Science Tsinghua University

Towards data leak caused by misoperation and malicious inside users, we proposed a multilevel security model based on Bell-lapadula(BLP) model. In our model each subject was assigned with a security level. Subjects can read objects only when their security levels are not less than objects' security levels, and subjects can write objects only when their security levels are not more than objects' security levels. The current security level in our model can be dynamically changed when users read sensitive data, since users can access data with different security levels in private cloud. Our model use mandatory access control method to control user's operation and can guarantee that users can not leak sensitive data after they read them. Our model can be proved secure by mathematical method, and we implemented a prototype system of our model and the experimental results show that it is secure.

关键词： Cloud computing Private cloud security model BLP model Access control

Formal Analysis on an Extended security model for Database Systems

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2008年第5期13卷 519-522页

作者： ZHU Hong ZHU Yi LI Chenyang SHI Jie FU Ge WANG Yuanzhen Database and Multimedia Technology Research Institute Huazhong University of Science and Technology Wuhan 430074Hubei China

In order to develop highly secure database systems to meet the requirements for class B2, the BLP （Bell-LaPudula） model is extended according to the features of database systems. A method for verifying security model for database systems is pro- posed. According to this method, an analysis by using Coq proof assistant to ensure the correctness and security of the extended model is introduced. Our formal security model has been verified secure. This work demonstrates that our verification method is effective and sufficient.

关键词： Bell-LaPudula （BLP） model security model Coq integrity constraints

A Linear Homomorphic Proxy Signature Scheme Based on Blockchain for Internet of Things

在线全文

学校读者我要写书评

暂无评论

Computer modeling in Engineering & Sciences 2023年第8期136卷 1857-1878页

作者： Caifen Wang Bin Wu College of Big Data and Internet Shenzhen Technology UniversityShenzhen518118China School of Electronic and Information Engineering Lanzhou Jiaotong UniversityLanzhou730070China

The mushroom growth of IoT has been accompanied by the generation of massive amounts of data.Subject to the limited storage and computing capabilities ofmost IoT devices,a growing number of institutions and organizations outsource their data computing tasks to cloud servers to obtain efficient and accurate computation while avoiding the cost of local data computing.One of the most important challenges facing outsourcing computing is how to ensure the correctness of computation results.Linearly homomorphic proxy signature(LHPS)is a desirable solution to ensure the reliability of outsourcing computing in the case of authorized signing right.Blockchain has the characteristics of tamper-proof and traceability,and is a new technology to solve data security.However,as far as we know,constructions of LHPS have been few and far between.In addition,the existing LHPS scheme does not focus on homomorphic unforgeability and does not use blockchain technology.Herein,we improve the security model of the LHPS scheme,and the usual existential forgery and homomorphic existential forgery of two types of adversaries are considered.Under the new model,we present a blockchain-based LHPS scheme.The security analysis shows that under the adaptive chosen message attack,the unforgeability of the proposed scheme can be reduced to the CDH hard assumption,while achieving the usual and homomorphic existential unforgeability.Moreover,comparedwith the previous LHPS scheme,the performance analysis shows that our scheme has the same key size and comparable computational overhead,but has higher security.

关键词： Homomorphic signature proxy signature security model provable security unforgeability

Cloud security Service for Identifying Unauthorized User Behaviour

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2022年第2期70卷 2581-2600页

作者： D.Stalin David Mamoona Anam Chandraprabha Kaliappan S.Arun Mozhi Selvi Dilip Kumar Sharma Pankaj Dadheech Sudhakar Sengan Department of Computer Science and Engineering IFET College of EngineeringVillupuram605108Tamil NaduIndia Department of Computer Sciences and Software Engineering Faculty of Basic and Applied SciencesInternational Islamic UniversityIslamabadPakistan Department of Information Technology Bannari Amman Institute of TechnologySathyamangalam638401Tamil NaduIndia Department of Computer Science Engineering DMI St.John the Baptist UniversityMangochiLilongweMalawi Department of Mathematics Jaypee University of Engineering and TechnologyGuna473226Madhya PradeshIndia Department of Computer Science and Engineering Swami Keshvanand Institute of TechnologyManagement and Gramothan(SKIT)Jaipur302017RajasthanIndia Department of Computer Science and Engineering PSN College of Engineering and TechnologyTirunelveli627152Tamil NaduIndia

Recently,an innovative trend like cloud computing has progressed quickly in InformationTechnology.For a background of distributed networks,the extensive sprawl of internet resources on the Web and the increasing number of service providers helped cloud computing technologies grow into a substantial scaled Information Technology service model.The cloud computing environment extracts the execution details of services and systems from end-users and developers.Additionally,through the system’s virtualization accomplished using resource pooling,cloud computing resources become more accessible.The attempt to design and develop a solution that assures reliable and protected authentication and authorization service in such cloud environments is described in this paper.With the help of multi-agents,we attempt to represent Open-Identity(ID)design to find a solution that would offer trustworthy and secured authentication and authorization services to software services based on the cloud.This research aims to determine how authentication and authorization services were provided in an agreeable and preventive manner.Based on attack-oriented threat model security,the evaluation works.By considering security for both authentication and authorization systems,possible security threats are analyzed by the proposed security systems.

关键词： Cloud computing user behaviour access control security model

An Automatic Analysis Approach Toward Indistinguishability of Sampling on the LWE Problem

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Tsinghua Science and Technology 2020年第5期25卷 553-563页

作者： Shuaishuai Zhu Yiliang Han Xiaoyuan Yang the College of Cryptography Engineering Engineering University of People's Armed PoliceXi'an 710086China the Key Laboratory of Network and Information security under the People's Armed Police Engineering University of People's Armed PoliceXi'an 710086China

Learning With Errors (LWE) is one of the Non-Polynomial (NP)-hard problems applied in cryptographic primitives against quantum attacks.However,the security and efficiency of schemes based on LWE are closely affected by the error sampling algorithms.The existing pseudo-random sampling methods potentially have security leaks that can fundamentally influence the security levels of previous cryptographic primitives.Given that these primitives are proved semantically secure,directly deducing the influences caused by leaks of sampling algorithms may be difficult.Thus,we attempt to use the attack model based on automatic learning system to identify and evaluate the practical security level of a cryptographic primitive that is semantically proved secure in indistinguishable security models.In this paper,we first analyzed the existing major sampling algorithms in terms of their security and efficiency.Then,concentrating on the Indistinguishability under Chosen-Plaintext Attack (IND-CPA) security model,we realized the new attack model based on the automatic learning system.The experimental data demonstrates that the sampling algorithms perform a key role in LWE-based schemes with significant disturbance of the attack advantages,which may potentially compromise security considerably.Moreover,our attack model is achievable with acceptable time and memory costs.

关键词： lattice-based cryptography learning with errors security model Non-Polynomial(NP)-hard problems

Generative Trapdoors for Public Key Cryptography Based on Automatic Entropy Optimization

在线全文

学校读者我要写书评

暂无评论

China Communications 2021年第8期18卷 35-46页

作者： Shuaishuai Zhu Yiliang Han College of Cryptography Engineering Engineering University of People’s Armed PoliceXi’an 710086China Key Laboratory of Network and Information security under the People’s Armed Police Xi’an 710086China

Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally hard problem,such as the NPC problems.So the trapdoor in a public key encryption mechanism turns out to be a type of limited resource.In this paper,we generalize the methodology of adversarial learning model in artificial intelligence and introduce a novel way to conveniently obtain sub-optimal and computationally hard trapdoors based on the automatic information theoretic search technique.The basic routine is constructing a generative architecture to search and discover a probabilistic reversible generator which can correctly encoding and decoding any input messages.The architecture includes a trapdoor generator built on a variational autoencoder(VAE)responsible for searching the appropriate trapdoors satisfying a maximum of entropy,a random message generator yielding random noise,and a dynamic classifier taking the results of the two generator.The evaluation of our construction shows the architecture satisfying basic indistinguishability of outputs under chosen-plaintext attack model(CPA)and high efficiency in generating cheap trapdoors.

关键词： generative model public key encryption indistinguishability model security model deep learning

On the security of TLS Resumption and Renegotiation

在线全文

学校读者我要写书评

暂无评论

China Communications 2016年第12期13卷 176-188页

作者： Xinyu Li Jingy Xu Zhenfeng Zhang Dengguo Feng CAS Key Laboratory of Electromagnetic Space Information University of Science and Technology of China Trusted Computing and Information Assurance Laboratory Institute of Software Chinese Academy of Sciences

The Transport Layer security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.

关键词： TLS 1.2 resumption renegotiation security model

Design of secure operating systems with high security levels

在线全文

学校读者我要写书评

暂无评论

Science in China(Series F) 2007年第3期50卷 399-418页

作者： QING SiHan1,2 & SHEN ChangXiang3 1 Institute of Software, Chinese Academy of Sciences, Beijing 100080, China 2 School of Software and Microelectronics, Peking University, Beijing 102600, China 3 Institute of Computing Technology, Navy, Beijing 100841, China Institute of Software Chinese Academy of Sciences Beijing China School of Software and Microelectronics Peking University Beijing China Institute of Computing Technology Navy Beijing China

Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level （hereafter simply referred to as ANSHENG OS）, this paper addresses the following key issues in the design of secure operating systems with high security levels： security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models： confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis （CCA） is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

关键词： secure operating systems with high security levels architecture security model covert channel analysis

Remote Attestation-Based Access Control on Trusted Computing Platform

在线全文

学校读者我要写书评

暂无评论

Wuhan University Journal of Natural Sciences 2010年第3期15卷 190-194页

作者： LIU Xian'gang ZHANG Xing FU Yingfang SHEN Changxiang Institute of Computer Science and Technology Beijing University of Technology Beijing 100022 China

Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller （RABAC）, which is based on a combination of techniques, such as random number, Bell-La Padula （BLP） model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.

关键词： trusted computing remote attestation access control security model