Zhiyong Tan,Duo Liu,Jie Lin,Yiqi Dai

DOI: https://doi.org/10.1109/NSWCTC.2009.194

2009-01-01

Abstract:A multilevel security (MLS) model with credibility characteristics, the credibility-based Bell-LaPadula (CBLP) security model, has been proposed to resolve the problem of trusted subjectspsila hidden security flaw and poor system usability in present MLS systems in the previous paper of the authors. A sampling statistics method is proposed in this paper to evaluate the availability of the CBLP model by obtaining the variation curve of the subjectspsila credibility and the rejection ratio of access operations. The validity of this method was achieved according to the strong law of large numbers and the central limit theorem. The sampling statistics results of the CBLP model in specific scenarios showed that it is highly consistent with that of the formal analysis method and has lower computational complexity.

Zhi-yong TAN,Duo LIU,Tian-ge SI,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2008.08.029

2008-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:A multilevel security (MLS) model with credibility characteristics was proposed to solve the problem of trusted subjects' hidden security flaw and poor system usability in present MLS systems. By introducing credibility labels of subjects and objects and credibility evaluation functions in original BLP model, it can evaluate credibility of access requests as well as corresponding credibility variation of subjects and objects. Since this model establishes restriction mechanism against trusted subjects and assigns limited privileges to all subjects, it is more flexible and practicable than present security-label based MLS models.

Xuezeng Pan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.005

2009-01-01

Abstract:To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability,a confidentiality and integrity dynamic union model based on multi-level security(MLS) policy was presented.The two dimensions of secure model are composed of confidentiality and integrity,on which the security label is separated into write privilege range and read privilege range respectively,whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access,improving the agility and practicability of the model.The formal definition of this model was given,and the security was also analyzed with proof.Finally,examples were illuminated to show the effectiveness and usability of this model.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

刘雄,谭智勇,刘铎,戴一奇

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2010.01.028

2010-01-01

Abstract:The BLP (Bell-LaPadula) model and its derivatives are normally used to implement secure policies in multilevel security systems. The derivatives improved the flexibility but also introduce risks which have not been analyzed in detail. This paper investigates the multilevel security model with credibility characteristics to analyze the security of actions using the quantitative risk analysis method to compute the expected damage resulting from an action. The analysis result can be used to evaluate system security and as a criterion to judge the validity of the action. The system can then control the damage and improve flexibility.

Cui Yan-Li,Xing Zhang

DOI: https://doi.org/10.1109/PACIIA.2009.5406422

2009-01-01

Abstract:For trusted computing technology, as the basis of remote attestation, system integrity measurement whose theory model and application research is all along a discussed focus. Integrity measurement of binary system of trusted computing technology used the transmission model of trust chain, but the development of this model is late to the development of remote attestation. This paper mainly concerns systems integrity measurement of property remote attestation, adds certificate authority and trusted property authority based on the original binary integrity measurement, realizes the conversion from binary fingerprints convert to property remote attestation. Combining the new features of property remote attestation, this paper uses the predicate logic to prove the credibility of systems integrity measurement of property remote attestation. ©2009 IEEE.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Zhiyong Tan,Duo Liu,Xuejun Zhuo,Yiqi Dai,Laurence T. Yang

DOI: https://doi.org/10.1007/s11227-011-0732-z

IF: 3.3

2013-01-01

The Journal of Supercomputing

Abstract:This paper presents the design and implementation features of Centralized Pervasive Computing Environment/Multilevel Security (CPCE/MLS), a multilevel security (MLS) system in pervasive computing environment deployed in Local area network (LAN) with a Mandatory Access Control (MAC) mechanism. By introducing the server-storage terminals and implementing the multilevel security access control mechanism based on the Bell---LaPadula model, process creation supervision, and an auditing mechanism, the CPCE/MLS system is able to provide the security guarantee of the whole computing environment. As such, each terminal is controlled under an integrated security policy. The performance test results show that the CPCE/MLS system, without optimization, generates great overhead but achieves significantly better performance after the cache mechanism is added in the monitor agent and in the hook driver. The system with the hook driver cache mechanism is able to achieve the 95.9% throughput of the native system with 8 K and 16 K requested data blocksize.

Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser,Paul A. Karger,Grant M. Wagner,Angela Schuett Reninger

DOI: https://doi.org/10.1109/sp.2007.21

2007-05-01

Abstract:This paper presents a new model for, or rather a new way of thinking about adaptive, risk—based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well—known, Bell—Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name “Fuzzy MLS”. The long version of this paper is published as an IBM Research Report [3].

Shuai Wang,Aiqun Hu,Tao Li,Shaofan Lin

DOI: https://doi.org/10.3390/sym16020249

2024-02-17

Symmetry

Abstract:Industrial control terminals play an important role in industrial control scenarios. Due to the special nature of industrial control networks, industrial control terminal systems are vulnerable to malicious attacks, which can greatly threaten the stability and security of industrial production environments. Traditional security protection methods for industrial control terminals have coarse detection granularity, and are unable to effectively detect and prevent attacks, lacking real-time responsiveness to attack events. Therefore, this paper proposes a real-time dynamic credibility evaluation mechanism based on program behavior, which integrates the matching and symmetry ideas of credibility evaluation. By conducting a real-time dynamic credibility evaluation of function call sequences and system call sequences during program execution, the credibility of industrial control terminal application program behavior can be judged. To solve the problem that the system calls generated during program execution are unstable and difficult to measure, this paper proposes a partition-based dynamic credibility evaluation method, dividing program behavior during runtime into function call behavior and system call behavior within function intervals. For function call behavior, a sliding window-based function call sequence benchmark library construction method is proposed, which matches and evaluates real-time measurement results based on the benchmark library, thereby achieving symmetry between the benchmark library and the measured data. For system call behavior, a maximum entropy system call model is constructed, which is used to evaluate the credibility of system call sequences. Experiment results demonstrate that our method performs better in both detection success rate and detection speed compared to the existing methods.

multidisciplinary sciences

Xie Jun,Xu Feng,Huang Hao

2004-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:MLS (multilevel security) is being widely applied in many security critical systems, but it can't implement many important security policies such as channel-control. In this paper, the concept of trust degree is introduced into the MLS to implement policies like channel-control conveniently. An access control state machine model which enforces the trust degree based multilevel security policy is established, and is proved to be secure for this policy. It is also proved that this model can enforce all static information flow policies. An extension of the model is also offered to support the dynamic change of storage objects' security labels. The model avoids the disadvantage of MLS' not being able to resolve the problem of secure downgrading and not taking integrity into consideration, and at the same time it retains the advantage of easy understanding and use enjoyed by the traditional classified policy models.

Xiao-long XU,Qun TU,Xin-heng WANG,Ru-chuan WANG

DOI: https://doi.org/10.1016/s1005-8885(14)60300-9

2014-01-01

Abstract:Non-center network computing environments have some unique characteristics,such as instability,heterogeneity,autonomy,distribution and openness,which bring serious issues of security and reliability.This article proposes a brand-new credibility protection mechanism for resource sharing and collaboration in non-center network computing environments.First,the three-dimensional hierarchical classified topology（3DHCT）is proposed,which provides a basic framework for realizations of the identity credibility,the behavior credibility and the capability credibility.Next,the agent technology is utilized to construct the credibility protection model.This article also proposes a new comprehensive credibility evaluation algorithm with simple,efficient,quantitative and able to meet the requirements of evaluating behavior credibility and the capability credibility evaluation as well.The Dempster-Shafer theory of evidence and the combination rule are used to achieve the evaluation of the capability credibility.The behavior credibility is evaluated with the current and historical performance of nodes for providers and consumers to realize more accurate prediction.Based on the non-center network computing simulation test platform,simulation is been conducted to test the performance and validity of the proposed algorithms.Experiment and analysis show that the proposed algorithms are suitable for large-scale,dynamic network computing environments,and able to maintain the credibility for networks without relying on central node,make a non-center network gradually evolve into an orderly,stable and reliable computing environment efficiently.

Fei LIU,Ping MA,Ming YANG,Guo-bing SUN,Zi-cai WANG

DOI: https://doi.org/10.3969/j.issn.1009-3087.2006.05.029

2006-01-01

Abstract:Based on the analysis of factors affecting credibility of large complex simulation systems, a credibility index system was given. Because credibility evaluation of large complex simulation systems involves lots of qualitative indices with multiple levels and granularities, hierarchical linguistic variables were used to acquire their evaluation information, and the two-tuple linguistic method was used to deal with the evaluation information with multiple sources and granularities, and the credibility quantification of large complex simulation systems was implemented. Practical applications proved that this quantification method is effective.

Liu Yingchun,Zheng Xiaolin,Chen Deren

DOI: https://doi.org/10.1109/ijcss.2011.42

2011-01-01

Abstract:It is important to construct a reliable service environment with security and credibility in e-service. The information gap between services providers and requestors on the credibility of services may give chances for bad behaviors. Requestors wandered outside of the web-based system not only for the security matters but also for their distrust of the services on the internet. In order to bridge the information asymmetry gap and construct a reliable service environment, a service detecting model with quality certification and trust evaluation is proposed in this paper. By applying the model it is ensured that the available services in e-service system are trustable services. The most credible service is recommended according to services' comprehensive credible degrees calculated by their quality and trust values. The case analyses show that the requestors' confidence of using services was enhanced and credible services with high quality were reused in the simulation platform.

LIU Fei,MA Ping,YANG Ming,WANG Zi-cai

DOI: https://doi.org/10.3321/j.issn:0367-6234.2007.01.001

2007-01-01

Abstract:In order to effectively quantify credibility of complex simulation systems,a new guiding framework of credibility quantification is presented.An index system of credibility evaluation suitable for complex simulation systems is given.And with a view to subjectivity and uncertainty,an approach to credibility quantification is presented: acquiring evaluation opinions for bottom indices based on fuzzy set,dealing with the inconsistency of evaluation opinions and simplifying them using rough set,and synthesizing evaluation opinions and evaluation indices in terms of evidence theory.Practice proves that this quantification method is effective.

LIU Xiong,ZHUO Xue-jun,TANG Yong-li,DAI Yi-qi

2010-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Many typical security models have been proposed, such as the BLP model and the nondeducibility model, however, these models have some disadvantages and limitations in theoretical analysis or implementation respectively. For instance, BLP model did not take the covert channel into account, and the nondeducibility model cannot be applied to the nondeterministic systems. Considering these shortages brought about by the existing works, this paper take the properties of the covert channel as a main consideration, and propose a novel finite-information-leakage-tolerance communication channel model based on the BLP model. The proposed model finds a tradeoff between the availability and security of the practical system by adjusting the upper bound of the channel capacity of the information leakage.

Wei LI,Shenglin LIN,Yuchen ZHOU,Ping MA,Ming YANG

DOI: https://doi.org/10.1360/n112018-00001

2018-01-01

Scientia Sinica Informationis

Abstract:Modeling and simulation have been used extensively, and they have become an important means to recognize and remold the real world. Whether the simulation system is credible has been a concern of simulation users. Various complexity characteristics of the simulation systems are presented with increasingly complex simulation objects and higher application requirements, creating some challenges in credibility assessment. First, the development process of the simulation credibility assessment is summarized. Next, the characteristics of complex simulation systems and the problems of the credibility assessment are analyzed, and some solutions and countermeasures for the assessment problems are provided. Finally, the challenges and opportunities of the credibility assessment for complex simulation systems are summarized, and the corresponding future research directions are indicated.

WU Qing-tao,ZHENG Rui-juan,HUA Bin,YANG Xin-tong

2011-01-01

Abstract:To cope with the shortage of quantitative evaluations in currently trusted network connection,this paper presented an evaluation method of network connection credibility with back propagation(BP) model and Levenberg-Marquardt(LM) optimization algorithm.It shows that the nonlinear relationship between the attributes and the credibility of network connections can be established by training neural-network using LM algorithm.Simulation results indicate this method an achieve high prediction and evaluation accuracy.

Caimei Wang,Yan Xiong,Wenjuan Cheng,Wenchao Huang,Huihua Xia,Jianmeng Huang

2017-01-01

Abstract:A selective disclosure attribute-based credential system (SDABCS) can provide a communication mechanism to protect both security and privacy in electronic communication, by issuing a kind of credential with attributes, which the user can disclose parts of attributes. We present a general framework for formally verification of SDABCS with applied Pi calculus, and provide three definitions of relevant security properties. The framework can implement secure communication among the user, service provider and trusted authority. Two important functions are implemented: the first allows the user to receive a credential encoded a list of attributes from a trusted authority; the second allows the user to convince a service provider with the credential. Particularly, the user can selectively reveal parts of the attributes according to the needs of service provider, while not revealing the rest of the attributes. In our experiments, we apply the framework to a concrete security protocol and successfully prove three security properties in the protocol using ProVerif.

Jinhua Ma,Shengmin Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3324736

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Bilateral access control model, emerging as a novel paradigm in access control, has garnered extensive deployment within the domain of fog computing. This model offers on-demand data services, enabling the efficient identification of sensitive data without resorting to resource-intensive decryption procedures. Nonetheless, prevailing solutions exhibit impracticalities. Specifically, they fall short in supporting adaptive security, while presuming unwavering trustworthiness of the central authority. In this paper, we introduce a pioneering fine-grained and adaptively secure bilateral access control system through enhancements to the matchmaking attribute-based encryption (MABE) framework. We give a formalized definition of MABE, incorporating desirable security features such as blindness and unlinkability, aimed at capturing potential misconduct by the central authority. We propose a generic construction of MABE, drawing upon attribute-based encryption (ABE) and anonymous credential schemes (ACS), with provable security via formal security reduction in the adaptive model. We present an efficient instantiation of the MABE framework by introducing a practical ACS solution, wherein a cryptographic accumulator is employed to enhance performance. Experimental simulations substantiate that our solution not only has superior functionalities but also demonstrates performance on par with state-of-the-art solutions.