With the increasing acceptance of cloud data center and virtualization technology by enterprises and industries, the security concern becomes the key hindrance to the development and deployment of cloud computing. Sec...
详细信息
With the increasing acceptance of cloud data center and virtualization technology by enterprises and industries, the security concern becomes the key hindrance to the development and deployment of cloud computing. security auditing is a good way to deal with the threats faced by a cloud data center. But traditional auditing is no longer suitable for the new cloud environment. In this paper, we design, implement and evaluate the CDCAS, a novel cloud data center auditing system, which matches the demand of the scalability and efficiency of a cloud data center. In this system, we design one distributed and autonomous agent model which can be controlled by a set of rules dynamically generated to fit its use scenario. We then build the log analysis model which uses the signature based method and correlative analysis algorithm to extract security events from collected log with agreeable false positives. We evaluate our system both on real world and simulation to validate its efficiency. And our system is also deployed by the cloud data center of a well-known financial institution, and performs well.
Resources dynamical allocation and management is always an important feature in cloud computing. Auto Scale allows users to scale their cloud resources capacity according to elastic loads timely, which has been widely...
详细信息
Resources dynamical allocation and management is always an important feature in cloud computing. Auto Scale allows users to scale their cloud resources capacity according to elastic loads timely, which has been widely used in mature public cloud. For private cloud, there are some different features from public cloud. It is more flexible to use Auto Scale technique to provide QoS guarantees and ensure system health. In this paper, we design a novel Auto Load-aware Scale scheme for private cloud environment. We describe scale in and scale out strategy based on prediction algorithm. We implement our scheme on OpenStack platform. Both simulation and experiments are carried out to evaluate our work. The experiments show that our scheme has better performance in resource utilization while providing high SLA levels.
Synchronized phasor measurements are becoming one of the key measurement elements of wide area measurement systems in advanced power system monitoring, protection, and control applications. Availability of global posi...
详细信息
Synchronized phasor measurements are becoming one of the key measurement elements of wide area measurement systems in advanced power system monitoring, protection, and control applications. Availability of global positioning system (GPS) provides the possibility of wide-area deployment of Phasor Measurement Unit (PMU) and Frequency Disturbance Recorder (FDR) in power system. GPS is the only timing source for PMU and FDR so far, and they will cease to work when GPS signal is lost or unstable. In addition, phasor data is transferred over the Internet without any encryption, which exposes data to cyber-attacks. The purpose of this paper is to develop an alternative GPS independent timing synchronization method for PMU and FDR, and to implement an encryption system without disrupting real-time data delivery. Primary test results confirm improvement of timing reliability and data transfer security of synchrophasor measurements.
One of the challenges of educational organization improvement is to manage talented teachers effectively,*** assign the right teacher for given *** providing scientific performance evaluation,some factors related to a...
详细信息
One of the challenges of educational organization improvement is to manage talented teachers effectively,*** assign the right teacher for given *** providing scientific performance evaluation,some factors related to a teacher,such as age,experience,professional,*** play important ***,it is crucial to find the underlying associations between teachers' personal information and their working *** this paper,data mining technique is employed to improve the faculty *** algorithm called Quick Apriori,which is based on the classic Apriori algorithm,is *** results not only provide the decision rules related to personal characteristics with working performance,but also show that the obtained rules are consonant with existing experience.
Since the location-based social networking services emerged,the location privacy issue has gained widespread concerns from consumers and *** the location history plays an important role in knowledge discovery,many peo...
详细信息
Since the location-based social networking services emerged,the location privacy issue has gained widespread concerns from consumers and *** the location history plays an important role in knowledge discovery,many people worry that their privacy will be disclosed *** this paper,we introduce a spatial-temporal cloaking model which follows the k-anonymity principle to protect the location *** corresponding algorithm which can find a minimum cloaking 3D box covering the actual location and its temporal information is proposed as ***,the algorithm is able to prevent the modeled records against the continuous attacks which infer the actual location by computing the overlapping spatial *** experimental results show that the proposed algorithm has a high efficiency.
Combined PBL with some advanced foreign reading teaching strategies,we choose the most suitable way to give lessons and bring up students ability to think of *** on teaching experience for several years,we propose som...
详细信息
Combined PBL with some advanced foreign reading teaching strategies,we choose the most suitable way to give lessons and bring up students ability to think of *** on teaching experience for several years,we propose some teaching strategies in English reading teaching to help students improve the efficiency and accuracy of reading with the help of *** practice,students'innovation and cooperation are strengthened and the width and depth of their questions are improved.
The inability to effectively track data in cloud computing environments is becoming one of the top concerns for cloud stakeholders. This inability is due to two main reasons. Firstly, the lack of data tracking tools b...
详细信息
ISBN:
(纸本)9780769550220
The inability to effectively track data in cloud computing environments is becoming one of the top concerns for cloud stakeholders. This inability is due to two main reasons. Firstly, the lack of data tracking tools built for clouds. Secondly, current logging mechanisms are only designed from a system-centric perspective. There is a need for data-centric logging techniques which can trace data activities (e. g. file creation, edition, duplication, transfers, deletions, etc.) within and across all cloud servers. This will effectively enable full transparency and accountability for data movements in the cloud. In this paper, we introduce S2Logger, a data event logging mechanism which captures, analyses and visualizes data events in the cloud from the data point of view. By linking together atomic data events captured at both file and block level, the resulting sequence of data events depicts the cloud data provenance records throughout the data lifecycle. With this information, we can then detect critical data-related cloud security problems such as malicious actions, data leakages and data policy violations by analysing the data provenance. S2Logger also enables us to address the gaps and inadequacies of existing system-centric security tools.
This paper presents a compact and unified hardware architecture implementing SHA-1 and SHA-256 algorithms that is suitable for the mobile trusted module (MTM), which should satisfy small area and low-power condition. ...
详细信息
At CDCIEM 2012, Yang et al. proposed a new construction of somewhat homomorphic encryption scheme over integers, which is quite efficient in the perspective of the key size. In this paper, we present an effective latt...
详细信息
Over the years, role based access control (RBAC) has remained a dominant form of access control both in the industry and academia. More recently, the need for risk awareness in access control has received considerable...
详细信息
Over the years, role based access control (RBAC) has remained a dominant form of access control both in the industry and academia. More recently, the need for risk awareness in access control has received considerable attention in the research community in light of issues such as insider threats. Although RBAC facilitates risk mitigation via features such as constraints (e.g. static and dynamic separation of duty), a quantified approach of risk awareness/mitigation has emerged as a promising research theme due to its inherent flexibility. In this approach, risk/cost metrics are computed for various entities involved in access control such as users and objects and a risk threshold limits the permissions that can be exercised. The quantified approach accommodates dynamism in access decisions based on contexts/situations such as an employee accessing a sensitive file using a work computer versus accessing using her own device. In this paper, we analyze the difference between the traditional constraint-based risk mitigation and the recent quantified risk-aware approaches in RBAC and propose a framework for introducing risk-awareness in RBAC models that incorporates quantified-risk. We also provide a formal specification of an adaptive risk-aware RBAC model by enhancing the NIST core RBAC model.
暂无评论