Dongjin Yu,Ying Li,Yi Zhou,Zhaohui Wu

DOI: https://doi.org/10.1007/11758501_171

2006-01-01

Abstract:In the Internet computing environment, clients usually invoke remote components to accomplish computation, which leads to many security problems. Traditional network component architecture model focuses on business logic, and takes little consideration for security problems. This paper proposes Secure Network Component Architecture Model (SNCAM). It classifies clients according to their credibility levels on component-side. Next, it presents the main idea of this paper, which is the security domain. To reduce the overhead introduced by the security mechanism, a method called security agent is also proposed.

PAN Wei,LI Wei-Hua

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.05.029

2006-01-01

Computer Science

Abstract:A self-contained security interaction model(SIM)is presented in this paper.This model is accordanted with the standard trend and fully scalable.Meanwhile,security interaction protocol family(SIPF)is discussed.Security inter- action message description model(SIMDM)is defined to describe and format the security interaction messages.Then the security of SIM is verified according to combinatorial theory of security protocols which are independent each other. Based on the fact above,a firewall system,which has security interaction ability to manage other security systems,is designed and implemented to realize coordinated interaction and dynamic defence against illegal intrusion.

聂飞,李增智,周恒琳

DOI: https://doi.org/10.3969/j.issn.1004-731x.2004.12.070

2004-01-01

Abstract:As there are security worries existing in active networks, a method to enhance security of active networks is provided by inserting several fields into the capsule format, and a component-based secure active network simulation model is presented. The model can run on J-Sim simulation system, and can be used to study the security of active networks. The model can also be used to study influence of some factors (such as protocol deployment, network topology, security policy, etc.) to performances of active networks.

CAI Xin,HUANG Ben-xiong

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.09.069

2006-01-01

Abstract:With the development of network intrusion technology,singular and isolated security technologies like Internet firewalls or intrusion detection systems can no longer secure networks.Aiming at the problem,develop such a security model based on network end-point which follows a highly modular approach that look upon such intrusion technologies as function modules.Security agent loads and configures these function modules based on dynamic security policy of security server.It makes our network more secure and easier to be managed.Meanwhile,this model supports third party software,which makes it more universal and extended.

Kun Gao,Lifeng Xi,JiFang Li

2007-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:As the mobile commerce market is booming recently, deep research of the overall architecture of mobile computing security is important. In this paper, we present an architecture model for mobile computing security. This security architecture model is partitioned into three layers: nature attribute, bounded goal, and detailed application. In each layer, we discuss main research issues in detail. Firstly, we present some basic issues related to mobile computing security in the nature attribute layer. Secondly, upon the limitation operation of mobile computing technology, we discuss security issues in mobile networks and computing. Finally, we propose a brief classification of mobile computing applications in the detailed application layer, and present the security topics in mobile payment as an example.

Huang Chengxia,Yang Lin,Li Jingpeng

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.06.029

2006-01-01

Abstract:This paper presents a scalable and extensible network security management framework, which is against existing network security management technology and component technology. In this framework, the managed security products are modularized to components with security functions, and the components can be installed or uninstalled easily. This paper describes the mechanism and related key techniques exampled with firewall component.

李阳,周怿,吴朝晖

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.11.003

2004-01-01

Abstract:A new software architecture model based on remote component cache algorithm for high performance and stability was proposed. This model made cooperation between local and remote components with complex calculations were done at remote components and local components were responsible for the construction of system framework and business logic. The abstract definition of component, component agent, connector and component cache were described, and the LRU (least recently used) mapping arithmetic and the component cache mechanism were discussed. The experimental results show that the algorithm scheme can greatly improve the system performance in different software architecture.

Jiao JIAO,Xian-hui LIU,Wei-dong ZHAO

2013-01-01

Abstract:With the growing popularity of the Internet, the network has brought to people's lives a lot of convenience, but the network communication data security problems are threatening people's privacy and property. This paper is designed and imple-mented a communication model based on real-time security model which ensures the data security with three aspects:informa-tion can be recognized from the identity of each other, the information can not be tampered, the information can not be denied. At the same time, this module also ensures the effectiveness of the information. The paper also verifies the validity of the model and algorithm. The model enjoys a certain application value in the network communications security field.

Sung -Do Chi,Jong Sou Park,Ki -Chan Jung,Jang -Se Lee

DOI: https://doi.org/10.1007/3-540-47719-5_26

2001-01-01

Abstract:The major objective of this paper is to develop the network security modeling and cyber attack simulation that is able to classify threats, specify attack mechanisms, verify protection mechanisms, and evaluate consequences. To do this, we have employed the advanced modeling and simulation concepts such as System Entity Structure / Model Base framework, DEVS (Discrete Event System Specification) formalism, and experimental frame concept underlying the object-oriented S/W environment. Our approach is to show the difference from others in that (i) it supports a hierarchical and modular modeling environment, (ii) it generates the command-level behavior of cyber attack scenario, (iii) it provides an efficient model building environment based on the experimental frame concept, and (iv) it supports the vulnerability analysis of given node on the network. Simulation test performed on sample network system will illustrate our techniques.

Hongqin Zhang,Jiaqi Yin,Huibiao Zhu,Ningning Chen

DOI: https://doi.org/10.18293/seke2021-003

2021-01-01

Abstract:As a key technology of the Internet of Things (IoT), middleware plays an important role in managing virtualized resources and services.However, traditional Internet architectures cannot ensure adequate data security and efficient data delivery for IoT middlewares.Therefore, Information-Centric Networking (ICN), a paradigm of the future network, is introduced into IoT middlewares.Since ICN-IoT middleware is attracting more and more attentions, its security is worth discussing.In this paper, we adopt Communicating Sequential Processes (CSP) to model the ICN-IoT middleware architecture.Five properties (deadlock freedom, data availability, action keys leakage, device faking and user faking) of the model are verified by utilizing the model checker Process Analysis Toolkit (PAT).According to the verification results, the model cannot guarantee the security of data.To solve the problems, we encrypt messages with the receiver's public key, and improve the model by introducing a method similar to the digital signature.The new verification results demonstrate that our study can assure the security of the ICN-IoT middleware architecture.

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2000.05.008

2000-01-01

Abstract:The definitions of some concepts related to security architecture for computer networks are presented firstly in this paper, and then, a framework is proposed from the aspect of security requirements. Based on the analysis of dependence among security services, a method is presented for classifying and rating network security according to se curity services and mechanisms. After the analysis of security mechanisms in TCP/IP protocol including IPSec and SSL, a protocol layered entity model is presented for implementation of security services and security management. From the aspect of entity unit, all kinds of security technologies are organized into to four layers. The place of security management in the architecture and content of management activities for large networks are described. At the end of this paper, further research directions are pointed about the security architecture.

Zang Mingxiang,Chen Qiuzhi,Jiang Jianguo

DOI: https://doi.org/10.1109/IFITA.2010.238

2010-01-01

Abstract:Currently, network built with C/S model has been widely used in E-commerce, ERP and corporate intranets. Therefore, the security of network transmission in this model has become an increasingly important issue. In view of the low security of traditional DES algorithm and slow RSA encryption speed, this paper presented an Encryption Algorithms model of data packets on the basis of analyzing the methods of existing network transmission. The algorithm model realizes a simple Authentication Center which simulates Kerberos authentication service. Through improving Kerberos protocol, strengthening the secure of the authentication process and defending the attack of replay effectively, security Transmission by Network of C/S model is realized. The result of experimentation shows that the proposed algorithm has the advantages of fast encryption (decryption) speed, high efficiency, strong safety. Furthermore; it can guarantee integrity in network transmission.

ZHOU Heng-lin,LI Zeng-zhi,WU Ya-qiang,LIAO Zhi-gang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.07.039

2005-01-01

Abstract:Utilizing the trait that protocol can be deployed dynamically in active net, the component-based security mechanism is designed for active ne tworks on the base of the security prototype of active networks. The mechanism can meet the security requirement of the active networks, such as secrecy, integrality and usability, and provides security measure including extensible encryption and decryption, authentication and authorization, execution monitor and code revocation, etc for active packet and active node. In addition, it supports dynam itic load and customization, therefore security level can be customized for active networks according to the actual application.

Chen Guilin,Zhao Shenghui,Chen Haibao,Ji Chengchao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.02.025

2009-01-01

Abstract:Current Web services security technologies are relatively independent.However,it needs an overall security design for the whole application integrating solution.An integrated Web services security model is proposed,where the formal definition of the model and the key implementation techniques are given.The model achieves following security targets:uniform identity authentication based on certification,role-based access control and secure SOAP message transmission,which makes the model have characteristics of openness and dynamic adaptation.A prototype system is developed based on this model,the running results show that it can achieve above three secure targets,and makes the whole system more secure than single security technology.

Gaofeng Da,Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.1145/2600176.2600184

2016-01-01

Abstract:Modeling and analyzing security of networked systems is an important problem in the emerging Science of Security and has been under active investigation. In this paper, we propose a new approach towards tackling the problem. Our approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients. To the best of our knowledge, our model is the first that can accommodate a certain degree of adaptiveness of attacks , which substantially weakens the often-made independence and exponential attack inter-arrival time assumptions. The approach leads to a stochastic process model with two security metrics, and we attain some analytic results in terms of the security metrics.

Y Tang,Hp Hu,Xc Lu

DOI: https://doi.org/10.1007/978-3-540-30207-0_68

2004-01-01

Abstract:Security collaboration is necessary to improve integral security of network. But there is no unified model to ensure interoperability and collaboration within IDS, firewall and other network security components. We propose a security collaboration model by exploiting blackboard technique, named BSCM. In this model, network security components don't communicate with each other directly, but via a common blackboard which serves as the platform of information-sharing and events-responding. We introduce the "Register-feedback" mechanism which connects the blackboard and all the components in BSCM. The formal definition of BSCM and a sample system are given in this paper.

LOU Jian,CAO Zhen-fu

DOI: https://doi.org/10.3969/j.issn.1007-757X.2006.10.003

2006-01-01

Abstract:With the rapid development of the E-business activities in recent years, the security problem about computer network is attracting more and more people's attention. In the same time, the modes and motivations of network attacks have also had a great change. The formernetwork security models now are too simple to describe the new changes of the security trends. This thesis puts forward an improved network security model and a two-channel network security model on the basis of the study of the security realities. At last, the thesis gives an example of the security exchange system on the Internet which uses the two-channel network security model.

Wente Zeng,Moyuen Chow

DOI: https://doi.org/10.1109/ISIE.2011.5984466

2011-01-01

Abstract:Networked Control Systems (NCS) is a fast growing technology that integrates distributed sensors, actuators, and computing processors over a communication network for a vast amount of applications. However, the NCS can be vulnerable to various network attacks when the network used is insecure (e.g., Internet). Thus, secure NCS need to have embedded security mechanism to ensure its security operating requirements, which may sacrifice its performance due to limited system resources. This paper addresses the trade-off between NCS security and its real-time performance and use a secured networked DC motor system for illustration. This paper will present a trade-off model for system dynamic performance and system security. This model can be used to adapt security configurations to provide sufficient protection and satisfy real-time dynamic performance requirements of the NCS simultaneously. The construction of this model includes the development of a set of metrics to quantitatively measure the performance and security levels of NCS and the development of a trade-off objective function incorporating performance and security. A Simulink based test-bed implemented to control the speed of the DC motor is used to illustrate the effectiveness of this model.

Jun Xiang,Deyu Qi,Kefu Xu,Shouqiang Liu,Wenhong Wei

DOI: https://doi.org/10.1109/ICIEA.2008.4582928

2008-01-01

Abstract:As the network-based degree improves, the security problem becomes more significant day by day. The network security has entered the three-dimensional security interaction protection time. In this paper, security interaction technology is studied, the deficiencies of existing security interaction models are pointed out. Based on these, the dynamic security interaction model, DSIM for short, is designed. It has such advantages as lightening network load, saving network bandwidth, dynamic adapting and easy expanding. ©2008 IEEE.

Tiange SI,Duo LIU,Yiqi DAI

DOI: https://doi.org/10.3321/j.issn:1000-0054.2007.07.034

2007-01-01

Abstract:To deal with worsening network security problems, a trusted computer system model for network applications was developed based on the transparence computing paradigm. The model effectively controls security problems within the computer by using transparence computing technology. Problems among computers inside a network can be controlled by using a star topology with the monitor in the center of the model which watches and controls communications among the system entities. The monitor can filter data transfers and dynamically isolate physical connections among host computers, between host computers and servers, as well as between host computers and the outside network. Analyses show that this model effectively solves network security problems and guarantees local area network safety.