Zhou Yi,Li Ying,Li Yang,Wu Zhaohui

DOI: https://doi.org/10.1109/icnsc.2006.1673131

2006-01-01

Abstract:In the Internet computing environment, clients usually invoke remote components to accomplish computation. As a result, many security problems are raised. Traditional network component architecture model focuses on business logic. It takes into little consideration the security problems when business logic is invoked. This paper proposes secure network component architecture model (SNCAM) to address them. It classifies clients according to their credibility levels on the component side. Next, we discuss the main idea of this paper, which is the security domain. To reduce the overhead introduced by the security mechanisms, a method called security agent is proposed. Finally, it quantitatively determines the performance cost introduced by the security mechanisms, and when to use the security agent

李阳,周怿,吴朝晖

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.11.003

2004-01-01

Abstract:A new software architecture model based on remote component cache algorithm for high performance and stability was proposed. This model made cooperation between local and remote components with complex calculations were done at remote components and local components were responsible for the construction of system framework and business logic. The abstract definition of component, component agent, connector and component cache were described, and the LRU (least recently used) mapping arithmetic and the component cache mechanism were discussed. The experimental results show that the algorithm scheme can greatly improve the system performance in different software architecture.

Kun Gao,Lifeng Xi,JiFang Li

2007-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:As the mobile commerce market is booming recently, deep research of the overall architecture of mobile computing security is important. In this paper, we present an architecture model for mobile computing security. This security architecture model is partitioned into three layers: nature attribute, bounded goal, and detailed application. In each layer, we discuss main research issues in detail. Firstly, we present some basic issues related to mobile computing security in the nature attribute layer. Secondly, upon the limitation operation of mobile computing technology, we discuss security issues in mobile networks and computing. Finally, we propose a brief classification of mobile computing applications in the detailed application layer, and present the security topics in mobile payment as an example.

Wente Zeng,Moyuen Chow

DOI: https://doi.org/10.1109/ISIE.2011.5984466

2011-01-01

Abstract:Networked Control Systems (NCS) is a fast growing technology that integrates distributed sensors, actuators, and computing processors over a communication network for a vast amount of applications. However, the NCS can be vulnerable to various network attacks when the network used is insecure (e.g., Internet). Thus, secure NCS need to have embedded security mechanism to ensure its security operating requirements, which may sacrifice its performance due to limited system resources. This paper addresses the trade-off between NCS security and its real-time performance and use a secured networked DC motor system for illustration. This paper will present a trade-off model for system dynamic performance and system security. This model can be used to adapt security configurations to provide sufficient protection and satisfy real-time dynamic performance requirements of the NCS simultaneously. The construction of this model includes the development of a set of metrics to quantitatively measure the performance and security levels of NCS and the development of a trade-off objective function incorporating performance and security. A Simulink based test-bed implemented to control the speed of the DC motor is used to illustrate the effectiveness of this model.

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2000.05.008

2000-01-01

Abstract:The definitions of some concepts related to security architecture for computer networks are presented firstly in this paper, and then, a framework is proposed from the aspect of security requirements. Based on the analysis of dependence among security services, a method is presented for classifying and rating network security according to se curity services and mechanisms. After the analysis of security mechanisms in TCP/IP protocol including IPSec and SSL, a protocol layered entity model is presented for implementation of security services and security management. From the aspect of entity unit, all kinds of security technologies are organized into to four layers. The place of security management in the architecture and content of management activities for large networks are described. At the end of this paper, further research directions are pointed about the security architecture.

聂飞,李增智,周恒琳

DOI: https://doi.org/10.3969/j.issn.1004-731x.2004.12.070

2004-01-01

Abstract:As there are security worries existing in active networks, a method to enhance security of active networks is provided by inserting several fields into the capsule format, and a component-based secure active network simulation model is presented. The model can run on J-Sim simulation system, and can be used to study the security of active networks. The model can also be used to study influence of some factors (such as protocol deployment, network topology, security policy, etc.) to performances of active networks.

Jing Ren,Sheng Wang,Yangming Zhao,Shizhong Xu,Lemin Li

DOI: https://doi.org/10.1049/cp.2011.1456

2011-01-01

Abstract:Security is one of the most urgent problems in today's Internet. For the lack of a clear definition of identifier of entity we seek to manage in the Internet, existing security mechanisms are not well integrated into the Internet architecture. These security mechanisms are designed as separate extensions and their effectiveness are limited. In this paper, we present a new network architecture, Security Enhanced Network Architecture (SENA), to provide a "built-in" security. In SENA, there are four identifiers, including service identifier, connection identifier, endpoint identifier and routing identifier. With a reinforced control plane, the architecture allows network administrators directly manage the mappings between different identifiers and provides security as an integrated solution.

Wente Zeng,Mo-Yuen Chow

DOI: https://doi.org/10.1109/tii.2012.2209662

IF: 12.3

2012-01-01

IEEE Transactions on Industrial Informatics

Abstract:Distributed networked control systems (D-NCS) are vulnerable to various network attacks when the network is not secured; thus, D-NCS must be well protected with security mechanisms (e.g., cryptography), which may adversely affect the dynamic performance of the D-NCS because of limited system resources. This paper addresses the tradeoff between D-NCS security and its real-time performance and uses the Intelligent Space (iSpace) for illustration. A tradeoff model for a system's dynamic performance and its security is presented. This model can be used to allocate system resources to provide sufficient protection and to satisfy the D-NCS's real-time dynamic performance requirements simultaneously. Then, the paper proposes a paradigm of the performance-security tradeoff optimization based on the coevolutionary genetic algorithm (CGA) for D-NCS. A Simulink-based test-bed is implemented to illustrate the effectiveness of this paradigm. The results of the simulation show that the CGA can efficiently find the optimal values in a performance-security tradeoff model for D-NCS.

Chao Chen,Ke Wang,Yiqi Dai

DOI: https://doi.org/10.1109/cis.2009.141

2009-01-01

Abstract:The security and trustworthiness of enterprise networks have been a major concern in the research and practice of Intranet security. The security of endpoints and their network access are inevitably two important factors regarding enterprise network security. In this paper we present a novel architecture to enforce controls on endpoint application execution and network access, in which the Policy Decision Point (PDP) and Policy Enforcement Point (PEP) are introduced. A hybrid mechanism is proposed such that the control of application and network access of endpoints are integrated. Security analysis and performance evaluation prove that the proposed architecture maintains a balance between security and flexibility of enterprise network control.

Xu Li,Li Hui,Hu Jiawei,Wang Yunmin,Zhang Huayu

DOI: https://doi.org/10.1007/978-3-319-67807-8_3

2017-01-01

Abstract:Content-Centric Networking (CCN), is built on the notion of content-based security. With the integration of Network Coding (NC) into CCN to contribute to the best performance, security, one of the key features of CCN has been left behind. Though the permission for encoding/recoding content packets at producers and intermediate routers provides performance benefits, it also introduces additional security issues and disables existing security practices. In this paper, we fill the gap by analyzing new security challenges brought accordingly and proposing an Autonomous Systems (AS-s) based security mechanism for NC applications in CCN. It can not only guarantee the optimal performance of NC, but also offer the assurance for Integrity, Origin Authentication and Correctness of content packets, together with proving trustworthiness among border routers. More importantly, we also shed light on the performance issues and implementation problems of the mechanism. © 2017, Springer International Publishing AG.

Gaofeng Da,Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.1145/2600176.2600184

2016-01-01

Abstract:Modeling and analyzing security of networked systems is an important problem in the emerging Science of Security and has been under active investigation. In this paper, we propose a new approach towards tackling the problem. Our approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients. To the best of our knowledge, our model is the first that can accommodate a certain degree of adaptiveness of attacks , which substantially weakens the often-made independence and exponential attack inter-arrival time assumptions. The approach leads to a stochastic process model with two security metrics, and we attain some analytic results in terms of the security metrics.

You Wang,J. Bi,Bingyang Liu,Guang Yao

2009-01-01

Abstract:In this paper we present a new architecture focused on improving the management of the network as well as solving the host mobility and security problem. First we analyze several challenges the Internet is facing today, then we describe our architecture with comparison to other similar approaches and then give the design details. In our proposal, network has a hierarchical structure which can be constructed through virtualization. We show that better management and security can be achieved in this architecture. Based on ID/Loc-split, we can support host mobility with a more scalable mapping system. Compared with the Internet today, our scheme may be more suitable for specific networks.

SUN Yan-bin,ZHANG Yu,ZHANG Hong-li

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.034

2016-01-01

Abstract:The application model in the Internet has shifted into information sharing,while the architecture is still based on the end-to-end communication.The conflict between them is becoming increasingly acute.To solve such a mis-match,ICN (Information-Centric Networking)is proposed.In this paper,a basic architecture framework for ICNs is first proposed,functional modules and properties are adopted to explore the design of ICN.Then,the relationships between ICN and other future network technologies are analyzed,the experiment platform and the deployment of ICN are discussed.Final-ly,crucial issues and future researches are concluded.

Rachana A Gupta,Mo-Yuen Chow,Avesh Kumar Agarwal,Wenye Wang

DOI: https://doi.org/10.1109/IECON.2007.4460391

2007-01-01

Abstract:Abstract- Distributed network-control-systems (D-NCS) are a multidisciplinary effort whose,aim is to produce a network structure and,components,that are capable of integrating sensors, actuators, communication, and control algorithms in a manner,to suit real-time applications. They have been gaining popularity due ,to their ,high ,potential in widespread applications and becoming more,realizable due to the rapid advancements,in wireless communication,and data transfer technologies. This paper ,addresses the issue of D-NCS information security as well its real-time performance with respect to network security protocols and encryption schemes. We use a wireless network based, robot navigation path tracking system called Intelligent Space (iSpace) as a D-NCS test bed in this paper. The paper classifies the data from every NCS module (sensors, actuators and controllers) according to bandwidth requirement, time and information sensitivity. We define performance parameters for this NCS test bed. Various system factors affecting these performance,parameters are recognized. Network security algorithms DES and 3DES are integrated with ,the ,application to secure ,the ,sensitive information,flow. These wireless security features are considered as an added factor to the NCS. Standard statistical approach (2, factorial experiment design) is used to study and estimate the effect of each factor on the system performance especially security additions. Thorough experimental results, tables of detailed characterization and,effect estimate analysis is presented followed by the discussion on the performance comparison of NCS with and without wireless security. Index terms – Distributed networked-control-system, iSpace,

YANG Xin,LI Hui,QUE Jianming,MA Zhentai,LI Gengxin,YAO Yao,WANG Bin,JIANG Fuli

DOI: https://doi.org/10.11896/jsjkx.220600265

2023-01-01

Abstract:Traditional IP-based Internet offers an end-to-end data transport service and has developed rapidly in the past half-century.However,serious security incidents emerged from attacks based on traditional networks.Traditional security mechanisms(e.g.,firewalls,intrusion detection systems) enhance security.However,most of them only provide some remedial strategies rather than solve the address-security problem radically due to the lack of change in network design.The overall in-depth security of the networked system cannot be guaranteed without a fundamental change.In order to meet the development requirements of the next generation of an endogenous security network,one of the future networks,the multi-identifier network(MIN),is introduced as our research background.This paper proposes an efficient scheme in hieratical architecture that provides comprehensive protection by addressing the security aspects pertaining to the network and application layers.At the network layer,the proposed architecture develops a multi-identifier routing scheme with embedded identity-based authentication and packet signature mechanisms to provide data tamper-resistance and traceability.At the application layer,the proposed architecture designs a mimic defensive scheme combined with weighted network centrality measures.This scheme focuses on protecting the core components of the whole network to improve the service's robustness and efficiently resist potential attacks.This paper tests and evaluates the proposed scheme from a theoretical and practical perspective.An analytical model is built based on the random walk for theoretical evaluation.In experiments,the proposed scheme is developed in MIN as MIN-VPN.Then considering IP-VPN as a baseline,anti-attack tests are conducted on IP-VPN and MIN-VPN.The results of theoretical evaluations and experiments show that the proposed scheme provides excellent transmission performance and successful defense against various TCP/IP-based attacks with acceptable defensive cost,demonstrating this security mechanism's effectiveness.In addition,after long-period penetration testing in three international elite security contests,the proposed method is effectively immune to all TCP/IP-based attacks from thousands of professional teams,thus verifying its strong security.

Tianzhou Chen,Mingteng Cao,Qingsong Shi

DOI: https://doi.org/10.1109/NAS.2008.57

2008-01-01

Abstract:The architecture and implementation of network protocol stack is very important for network communication. And now CMP(Chip Multi-processor) architecture is the trend of CPU because of its excellent parallelism and high efficiency. So this paper proposes a Component-based Network Protocol Architecture(CNPAM) based on Intel Multi-core. In this architecture, two important modules are brought in: distribution module and migration module. Distribution module takes charge of distributing close function components to the same core group in which the two cores share the L2 cache. And migration module guarantees the load balance of all cores. The performance of CNPAM gets a significant improvement.

Shiang-Jiun Chen,Chin-Shen Fang,Tzu-Yun Wang,I-Wei Chiang

DOI: https://doi.org/10.1109/ICKII58656.2023.10332769

2023-08-11

Abstract:Under the Software-Defined Networking (SDN) framework, Low Earth Orbit (LEO) operates with its multiple architectures, including Cross-Domain Controller Architecture, Inter-Domain Controller Architecture, and so on. For cross-domain controller structure, the security of the east-west protocol is considered, including the protocols and sources in its secure design. For the inter-domain controller, the south-north bound protocol and software are used. we proposed a method to build a treatment model to provide a mechanism for the abnormal behavior. On these two architectures, we employed a series of security analysis methods and countermeasures. Regarding the security analysis methods, we used software composite analysis (SCA), static application security testing (SAST), and dynamic application security testing (DAST) to assess the potential threats and attack vectors, and then build a threat model. East-west and south-north (application layer) protocols were considered in building the threat model. With this model, the monitor mechanism was established for the abnormal activities. The security performance was evaluated.

Engineering,Computer Science

Ramya Mohan

DOI: https://doi.org/10.5120/11634-7111

2013-04-18

Abstract:This paper outlines a comprehensive model to increase system efficiency, preserve network bandwidth, monitor incoming and outgoing packets, ensure the security of confidential files and reduce power wastage in an organization. This model illustrates the use and potential application of a Network Analysis Tool (NAT) in a multi-computer set-up of any scale. The model is designed to run in the background and not hamper any currently executing applications, while using minimum system resources. It was developed as open source software, using VB. Net, with a view to overcoming limitations of legacy systems and financial restrictions in small-to mid-level organizations like businesses and educational institutes. It is fully-customizable and serves as a simple and open-source alternative to existing software. The NAT relies on simple client-server architecture and uses remote access to monitor and maintain the computers on a network, for example logging off a user or shutting down a computer after a certain "idle" time, enabling and disabling applications, troubleshooting and so on. The NAT was tested in a laboratory and resultant data is presented, along with the results of a survey that was conducted among users.

Networking and Internet Architecture

Subodha Charles,Prabhat Mishra

DOI: https://doi.org/10.1145/3406661

IF: 1.447

2020-10-12

ACM Transactions on Design Automation of Electronic Systems

Abstract:Growth of the Internet-of-things has led to complex system-on-chips (SoCs) being used in the edge devices in IoT applications. The increased complexity is demanding designers to consider several critical factors, such as dynamic requirement changes, long application life, mass production, and tight time-to-market deadlines. These requirements lead to more complex security concerns. SoC manufacturers outsource some of the intellectual property cores integrated on the SoC to untrusted third-party vendors. The untrusted intellectual properties can contain malicious implants, which can launch attacks using the resources provided by the on-chip interconnection network, commonly known as the network-on-chip (NoC). Existing efforts on securing NoC have considered lightweight encryption, authentication, and other attack detection mechanisms such as denial-of-service and buffer overflows. Unfortunately, these approaches focus on designing statically optimized security solutions. As a result, they are not suitable for many IoT systems with long application life and dynamic requirement changes. There is a critical need to design reconfigurable security architectures that can be dynamically tuned based on changing requirements. In this article, we propose a tier-based reconfigurable security architecture that can adapt to different use-case scenarios. We explore how to design an efficient reconfigurable architecture that can support three popular NoC security mechanisms (encryption, authentication, and denial-of-service attack detection and localization) and implement suitable dynamic reconfiguration techniques. We evaluate our proposed framework by running standard benchmarks enabling different tiers of security and provide a comprehensive analysis of how different levels of security can affect application performance, energy efficiency, and area overhead.

computer science, software engineering, hardware & architecture

Lifang Liu,Lisha Zhao,Xiaogang Qi,Wei Xiong

DOI: https://doi.org/10.16182/j.issn1004731x.joss.201801024

2018-01-01

Abstract:With the booming development of Internet technology,network security threats force every country to pay more and more attention to network security.By analyzing and summarizing the principles of network security threats,three kinds of proactive security threats are proposed in this paper,including saturation security threats,deleting security threats,and tampering security threats.OPNET is employed as the simulation tool to establish multi-service communications network model,in which the node are based on the queuing theory model.In addition,different traffic intensity parameters are designed to simulate the network performance under various running situations.Fuzzy comprehensive evaluation method is used to assess the effect of network security threats.