JiangXing Wu

DOI: https://doi.org/10.1051/sands/2022001

2022-01-01

Abstract:The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety. In the current design of the cyber physical system (CPS), functional safety and cyber security are increasingly intertwined and inseparable, which evolve into the generalized functional safety (S&S) problem. The conventional reliability and cybersecurity technologies are unable to provide security assurance with quantifiable design and verification metrics in response to the cyberattacks in hardware and software with common endogenous security problems, and the functional safety of CPS facilities or device has become a frightening ghost. The dynamic heterogeneity redundancy (DHR) architecture and coding channel theory (CCT) proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner, and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation. As a generalized functional safety enabling structure, DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary fields of cyberspace.

Xiaoyu Liu,Haizhou Wang,Cuixia Li

DOI: https://doi.org/10.3390/electronics13112185

IF: 2.9

2024-06-04

Electronics

Abstract:The development of society has deepened the application of the Internet in production and daily life. At the same time, network security risks are becoming increasingly severe. For the security problems faced in cyberspace, most of the traditional defenses are currently focused on blocking the discovered vulnerabilities. However, these methods not only rely on prior knowledge of vulnerabilities but also fail to address the security issues brought about by the protection program itself. In view of this, endogenous security, which emphasizes the importance of not relying on a priori knowledge and not bringing in new security problems, has received increasing attention. This review provides a detailed introduction to endogenous security and its related issues, which is lacking in the field of network security. Firstly, this paper outlines the detrimental effects of vulnerabilities, identifies issues within moving target defense, and contrasts it with mimic defense. Additionally, the concepts, models, principles, and application scenarios of endogenous security are introduced. Finally, the challenges encountered by this technology are comprehensively summarized, and potential future development trends are further explored.

engineering, electrical & electronic,physics, applied,computer science, information systems

江兴 邬

DOI: https://doi.org/10.1360/ssi-2021-0272

2021-01-01

Scientia Sinica Informationis

Abstract:This paper tries to systematically explain the thinking perspectives and methodologies for cyberspace security developments from the perspective of scientific research paradigm, and points out the intrinsic reasons for the corresponding development paradigm evolution. Aiming at the cyberspace endogenous security common problems and the “unknown-unknown" security threats based on these common problems, this study proposes a new theory, a new methodology, and related practice norms to solve these problems. These aim to contribute to a replicable, successful model for the cyberspace endogenous safety and security area and a new generation ofinformation technologies and related industries using the new development paradigm. Based on a brief introduction of the concept and theory of the paradigm, this paper reviews the main development periods of cyberspace endogenous safety and security and insurmountable challenges in terms of the paradigm world outlook and methodology, summarizes cyberspace endogenous security ubiquitous problems, proposes a new development paradigm for cyberspace endogenous safety and security, and elaborates on the theoretical basis, practical norms, mechanism, and methods of the new paradigm.

Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Hongchao Hu,Zhen Ling,Yuewu Wang,Qi Li,Liang Jin,Jiangxing Wu

DOI: https://doi.org/10.23919/jcc.2021.9521141

2021-01-01

China Communications

Abstract:Computing is the foundation of cyberspace, and all activities in cyberspace are built on the basis of computing. At the same time, cyberspace and its underlying infrastructure are vulnerable to a wide range of risks stemming from both physical and cyber threats and hazards. With the further expan-sion of the scope of cyberspace, e.g., information technology being increasingly integrated with physi-cal infrastructure operations, computing and security still considered as one of the least investigated and exploited regions. In the past years, significant prog-ress has been made with respect to advanced com-puting and endogenous security theories and tech-nologies, and commercial advanced computing and endogenous security devices and systems are antici-pated to become a reality in the near future.

Wenyuan Xu

DOI: https://doi.org/10.1145/3579856.3596442

2023-01-01

Abstract:Vulnerabilities pose a significant challenge in ensuring cybersesecurity for information systems. In the past, vulnerabilities were mainly associated with functional defects in system software and hardware, known as "in-band vulnerabilities," whereby "band" refers to the functional domain. However, with the rapid development of the Internet of Things (IoT), new security issues have emerged that traditional vulnerability categorization may not fully cover. IoT devices rely on sensors and actuators to interact with the real world, but this interaction process between physical and digital systems has created defects that are difficult to analyze and detect. These defects include unintentional coupling effects of sensors from ambient analog signals or abnormal channels that were not intentionally designed, collectively known as "out-of-band vulnerabilities." Various security incidents have highlighted the prevalence of out-of-band vulnerabilities in IoT systems, and their activation can result in serious consequences. To address this issue, we propose a vulnerability categorization framework that includes out-of-band vulnerabilities and provides examples for each category. Our talk highlights the need to shift the research paradigm for system security to encompass both in-band and out-of-band vulnerabilities in the intelligence era. Finally, we explore potential solutions for mitigating out-of-band vulnerabilities and securing IoT devices.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Hao YIN,Dongchao GUO,Yongqiang LYU,Peng YANG,Zhiwei ZHAO,Yaoxue ZHANG

DOI: https://doi.org/10.1360/n112017-00171

2019-01-01

Abstract:Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security. In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture (well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed. Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.

Jiangxing Wu,Hong Zou,Xiangyang Xue,Fan Zhang,Yuting Shang

DOI: https://doi.org/10.15302/j-sscae-2023.06.018

2023-01-01

Abstract:Cyber resilience engineering is a technical approach embraced by countries and regions such as the United States and Europe to implement digital transformation and address network security challenges under new circumstances. It aims to keep the barriers to entry high for digital technologies based on the cyber resilience standard and to improve the digital infrastructure security capability of China from both the application service and device supply sides. This study focuses on the impact and challenges brought by the initiatives of cyber resilience engineering in the United States and Europe on the development of new-generation network information technology in China. It starts from a concept introduction of resilience, cyber resilience, and cyber resilience engineering. Subsequently, it elaborates on the application progress of cyber resilience engineering in the United States and Europe in terms of policy drivers, strategic considerations, and development dilemmas. Moreover, the study goes further to propose a dynamic heterogeneous redundancy architecture based on an endogenous security and safety (ESS) theory. It describes and illustrates the intrinsic mechanism, basic concepts, and application methods of cyber resilience empowered by ESS. Furthermore, we propose that China should accelerate innovation to offset the combined effects of cyber resilience engineering in developed countries, introduce a cyber resilience policy and law system with Chinese characteristics, establish corresponding regulatory systems to clarify the network security responsibilities, establish a quantifiable, verifiable, and credible testing and evaluation system, and boost the holistic implementation of cyber resilience with a multi-pronged approach including financial marketization, hoping to systematically enhance the cyber resilience and strength of China.

LIU Caixia,JI Xinsheng,WU Jiangxing

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022176

2022-01-01

Abstract:Based on the understanding of the mobile communication essential characteristics and the mobile communication network inherent characteristics, from a new perspective, the genetic defects existing in the mobile communication network inherent mechanism, especially in the mobility management mechanism were analyzed.These genetic defects would not disappear with the intergenerational development of mobile communication network, therefore, they were also known as endogenous security defects or endogenous security common problems of mobile communication networks.The endogenous security threats that may be introduced by security defects such as “acquiescence in information authenticity” and “ubiquitous data visibility” were pointed out.Under the guidance of the cyberspace endogenous security theory, the ideas and methods to solve the endogenous security common problems in mobile communication networks were proposed, such as breaking the “default trust” with “zero trust” and realizing the “user data limited visibility” with“variable implicit mapping”.

JI Xinsheng,HUANG Kaizhi,WU Jiangxing,CHEN Yajun,YOU Wei

DOI: https://doi.org/10.11959/j.issn.2096−8930.2023014

2023-01-01

Abstract:The space-integrated-ground information network in 6G is facing security challenges due to its characteristics, such as the high exposure of the network, high-speed movement of nodes, limited computing resources.Moreover, new security issues are certainly introduced in the development of new architectures, new applications, new technologies and so on.It is urgent to propose new universal security theories to overcome safety and security threats by the integrated solutions.For this purpose, this paper first expounded the cyberspace endogenous security and proposed its endogenous security architecture.Then, under the guidance of the cyberspace endogenous security theory, the relevant security theory and practice norms were respectively discussed for onboard systems, 6G ground mobile networks, and satellite-ground links.Finally, the authentication and encryption mechanism of the communication and security integration from the aspects of security authentication and high security communication encryption, and the integration of traditional security technology and endogenous security were analyzed.

Xu Shouhuai,Yung Moti,Wang Jingguo

DOI: https://doi.org/10.1007/s10796-021-10134-8

2021-01-01

Information Systems Frontiers

Abstract:Cyber security (or cybersecurity) has become a fundamental issue which deeply affects citizen's lives (including their privacy), the public's economic prosperity, and national security.The high frequency of media reports on highprofile cyber attacks, which cause substantial and, at times, catastrophic damages, highlights that cyberspace is a very fragile and vulnerable ecosystem, and that our understanding of cybersecurity and our capability of defending cyberspace are far from adequate.This is true despite the numerous advancements and breakthroughs in some fields of cybersecurity.One outstanding example is cryptography, which has been built on a firm foundation in Computational Complexity Theory, starting with a number of breakthroughs, e.g.Diffie and Hellman (1976), Rivest et al. (1978), Goldwasser and Micali (1982), and Yao (1982).However, there are many cyber attacks that go beyond the standard cryptographic threats models, such as attacks which can compromise cryptographic private keys by directly stealing memory pages (e.g., Harrison and Xu (2007)), or indirectly exploiting side-channel attacks (e.g., Kocher (1996)).The state-of-the-art is that we are far from being capable of adequately dealing with such attacks in

Jiang Zhiwen,Li Tao,Hu Aiqun

DOI: https://doi.org/10.1109/iccc51575.2020.9344972

2020-12-11

Abstract:At present, attacks on various information systems for cyberspace security are becoming more diverse and intense. In addition, the security of important information systems is threatened. The original security system is expert in preventing risks, but the shortcomings of lack of initiative and flexibility are gradually exposed. The high adaptability and strong evolution of biological systems can be used to fill this gap in capabilities and provide new ideas for cyberspace security. This paper proposes a security system based on the bionic immune mechanism, studies the human immune and neural reflex mechanisms, and arranges neurons in each part of the information system, so that every basic module in the system has both functional and security characteristics. In the process of task execution, the information of the module is continuously collected through neurons, and errors are sensed through feedback, and then strategies are set at the decision-making level of the information system to solve problems or even avoid problems. Through the analysis of the information system model, it shows that this endogenous security system based on bionic immunity is effective, and the correctness of the theory is supported by constructing a prototype system and analyzing the operating conditions of the system under different strategies.

Liang JIN,Yangming LOU,Xiaoli SUN,Zhou ZHONG,Xiaoming XU,Ming YI,Kaizhi HUANG,Xinsheng JI,Jiangxing WU

DOI: https://doi.org/10.1360/ssi-2021-0095

2021-01-01

Scientia Sinica Informationis

Abstract:The open integration, heterogeneous coexistence, and intelligent interconnection of 6G networks will cause unknown and complex security threats. The current pattern of security lagging behind the development of communications will inevitably be difficult to deal with. Hence, the 6G era must break the mindset and give birth to an iconic technology that has a truly intergenerational effect. Endogenous security technology starts from the common and inherent security problems caused by the inherent defects of wireless networks, which can resist unknown security threats and integrate communication/security/services endogenously through structure-oriented solutions. This paper discusses the endogenous security issues and concepts of 6G wireless networks; proposes the application vision of endogenous security in typical scenarios, such as 6G ultra-high-rate broadband communications, ultra-large connections and ultra-low latency, and integrated space -ground coverage; and presents several potential key technologies and solutions.

Marcel Böhme

2024-09-03

Abstract:Research in cybersecurity may seem reactive, specific, ephemeral, and indeed ineffective. Despite decades of innovation in defense, even the most critical software systems turn out to be vulnerable to attacks. Time and again. Offense and defense forever on repeat. Even provable security, meant to provide an indubitable guarantee of security, does not stop attackers from finding security flaws. As we reflect on our achievements, we are left wondering: Can security be solved once and for all? In this paper, we take a philosophical perspective and develop the first theory of cybersecurity that explains what precisely and *fundamentally* prevents us from making reliable statements about the security of a software system. We substantiate each argument by demonstrating how the corresponding challenge is routinely exploited to attack a system despite credible assurances about the absence of security flaws. To make meaningful progress in the presence of these challenges, we introduce a philosophy of cybersecurity.

Cryptography and Security,Software Engineering

Xinsheng JI,Jiangxing WU,Liang JIN,Kaizhi HUANG,Yajun CHEN,Xiaoli SUN,Wei YOU,Shumin HUO,Jing YANG

DOI: https://doi.org/10.1631/fitee.2200060

IF: 2.526

2022-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:The sixth-generation mobile communication (6G) networks will face more complex endogenous security problems, and it is urgent to propose new universal security theories and establish new practice norms to deal with the “unknown unknown” security threats in cyberspace. This paper first expounds the new paradigm of cyberspace endogenous security and introduces the vision of 6G cyberspace security. Then, it analyzes the security problems faced by the 6G core network, wireless access network, and emerging associated technologies in detail, as well as the corresponding security technology development status and the integrated development of endogenous security and traditional security. Furthermore, this paper describes the relevant security theories and technical concepts under the guidance of the new paradigm of endogenous security.

Guanghui Wen,Wenwu Yu,Xinghuo Yu,Jinhu Lü

DOI: https://doi.org/10.1007/s11424-017-6181-x

2017-01-01

Abstract:Complex cyber-physical network refers to a new generation of complex networks whose normal functioning significantly relies on tight interactions between its physical and cyber components. Many modern critical infrastructures can be appropriately modelled as complex cyber-physical networks. Typical examples of such infrastructures are electrical power grids, WWW, public transportation systems, state financial networks, and the Internet. These critical facilities play important roles in ensuring the stability of society as well as the development of economy. Advances in information and communication technology open opportunities for malicious attackers to launch coordinated attacks on cyber-physical critical facilities in networked infrastructures from any Internet-accessible place. Cybersecurity of complex cyber-physical networks has emerged as a hot topic within this context. In practice, it is also very crucial to understand the interplay between the evolution of underlying network structures and the collective dynamics on these complex networks and consequently to design efficient security control strategies to protect the evolution of these networks. In this paper, cybersecurity of complex cyber-physical networks is first outlined and then some security enhancing techniques,with particular emphasis on safety communications, attack detection and fault-tolerant control, are suggested. Furthermore, a new class of efficient secure control strategies are proposed for guaranteeing the achievement of desirable pinning synchronization behaviors in complex cyber-physical networks against malicious attacks on nodes. The authors hope that this paper motivates to design enhanced security strategies for complex cyber-physical network systems, to realize resilient and secure critical infrastructures.

Quan Ren,Jiangxing Wu,Ziyong Li,Zheng Zhang

DOI: https://doi.org/10.1109/iaecst54258.2021.9695571

2021-01-01

Abstract:Cyberspace endogenous security (CES) aims to construct a new controllable and trusted system. It integrates the characteristics of dynamic heterogeneous redundant system, achieving the security defense and threat perception. This paper proposes an SDN-based Endogenous Secure Domain Name System (ESDNS) framework, and we adopt generalized stochastic Petri nets (GSPN) to describe system’s architectures and analyze the availability and awareness security of the ESDNS, and we analyze the influence of different attacking strength and recovering ability. Besides, we establish the prototype of ESDNS, the results of simulation show that the proposed method can effectively block the persistent attack of vulnerability backdoor, the cost of network communication delay and throughput performance is less than 10%, and the analysis of parameters gives the situation of degradation performance, ability of recovering and coordinated attack which has useful guidance to the engineering practice of endogenous secure systems.

Xi Chen,Fan Zhang,Wei Huang,Ziwen Peng,Wei Guo,Ruiyang Huang,Jianpeng Li,Xinyuan Miao,Jiayu Du,Chenyu Zhou,Guangze Yang,Jiangxing Wu,Zijie Zhang

DOI: https://doi.org/10.1051/sands/2024011

2024-01-01

Security and Safety

Abstract:The rapid development of deep learning (DL) models has been accompanied by various safety and security challenges, such as adversarial attacks and backdoor attacks. By analyzing the current literature on attacks and defenses in DL, we find that the ongoing adaptation between attack and defense makes it impossible to completely resolve these issues. In this paper, we propose that this situation is caused by the inherent flaws of DL models, namely non-interpretability, non-recognizability, and non-identifiability. We refer to these issues as the Endogenous Safety and Security (ESS) problems. To mitigate the ESS problems in DL, we propose using the Dynamic Heterogeneous Redundant (DHR) architecture. We believe that introducing diversity is crucial for resolving the ESS problems. To validate the effectiveness of this approach, we conduct various case studies across multiple application domains of DL. Our experimental results confirm that constructing DL systems based on the DHR architecture is more effective than existing DL defense strategies.