zhi yong he,yue liang

DOI: https://doi.org/10.4028/www.scientific.net/AMM.738-739.1213

2015-01-01

Applied Mechanics and Materials

Abstract:The paper firstly analyzes security and stability existed in the DDS network, and then finds that present DDS regulations cannot guarantee information’s confidentiality and integrity when facing an attack. Based on this, the paper puts forward a core thought of data analysis. According to the draft of DDS information security regulation, the paper analyzes information security threats that the DDS system must face, provides corresponding information security strategies in accordance with data granularity and operation means, and designs and realizes an information security model based on DDS. The security model there into is divided into three levels: boundary security, transmission security and data application security of fine granularity. At the same time, the paper also analyzes several important elements which influence DDS network security in detail, and then designs again the data-centered publication/subscription model. Finally, through the model testing by a lot of experiments, the experimental results show that: the model not only largely improves security of DDS network information, but also has already promoted stability and reliability of data transmission process.

Ruffin White,Gianluca Caiazza,Chenxu Jiang,Xinyue Ou,Zhiyue Yang,Agostino Cortesi,Henrik Christensen

DOI: https://doi.org/10.48550/arXiv.1908.05310

2019-08-15

Abstract:Distribution Service (DDS) is a realtime peer-to-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

Cryptography and Security,Networking and Internet Architecture

Kaifang CHEN,Huiyun LI,Song LIU,Chunjie ZHOU

DOI: https://doi.org/10.3969/j.issn.1671-1122.2016.03.008

2016-01-01

Abstract:This paper analyzes the fundamental architecture of DDS Communicaiton Middleware and the technological traits of DDS’s application in shipboard system. For the current research on information security of DDS, this paper proposes the information security of DDS communication for the ifrst time. According to the feature of information system and the similarity between security domain and DDS domain, it develops the division strategy of DDS security domain.On the base of similar control of communication between information security strategy and QoS strategy, it puts forward the QoS stragety configuration of information attribute-information strategy-QoS strategy. Finally, this paper illustrates the feasibility of the method using an living example.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

Xining Li

DOI: https://doi.org/10.1007/978-3-540-72839-9_10

2007-01-01

Abstract:Mobile agent technology offers a new approach to mining information from data sources distributed over the Internet. However, the potential benefits of mobile agents must be weighted against the real security threats. An agent based Distributed Data Mining (DDM) system must cope with exposed data services and insecure communication channels in the Internet to protect the privacy, integrity and availability of agents and distributed resources. In this paper, we present the design of a mobile agent infrastructure for DDM applications and discuss the implementation of security mechanism that has been effectively integrated with the mobile agent virtual machine.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

CUI Jian-Ming,FAN Li-Lin,WANG Xiao-Dong

DOI: https://doi.org/10.3969/j.issn.1672-6871.2006.03.012

2007-01-01

Abstract:Security and reliability of Web Services-based distributed system is introduced.Main technologies of current Web Services data transfer are analyzed and their weak points discussed.On this base,a detailed solution,which is a combination of encryption and digital signature to communicate with customer-end with canonical XML,is put forward.The transfer security of share data and the reliable trust relation between Web Services Server and customer is enhanced by this solution.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.3969/j.issn1672-9722.2015.07.027

2015-01-01

Abstract:By analyzing the process of a security protocol ,the definition of Driving Module(DM ) is given .Then ,regu‐lar and penetrator DMs are formed according to the Strand Space Model(SSM ) .Finally ,a new method for analyzing session key distributed protocols is proposed based on these regular and penetrator DMs ,i .e .a model checking method based on DMs .Theorem proofs and case analysis show that the search breadth and depth of this method is prefect ,and it can avoid the state space explosion problem .

Zhi LI,Zhao-shun WANG,Gui-lan DAI,Feng-jun DAI

DOI: https://doi.org/10.1016/s1005-8885(13)60081-3

2013-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:This article presents a data management solution based on the data distribution service (DDS) communication model. The basic DDS communication model consists of a unidirectional data exchange where applications that publish data ‘push’ the relevant data, which is updated to the local caches of co-located subscribers to the data [1]. DDS has no specified center node to forward data packets and maintain the communication data. This type of publish-subscribe (P/S) model presents integrity and consistency challenges in data management. Unlike peer-to-peer (P2P) distributed storage, DDS applications have a hard real-time environment and fewer data features, and the core problem is ensuring the integrity and consistency of data in distributed systems under this hard real-time environment. This article begins with a brief introduction of the communication model used by DDS, then analyzes persistent data management problems caused by such model, and provides an appropriate solution to these problems. This solution has been implemented in a prototype system of the real-time service bus (RTSB) of Tsinghua University.

Junyi Deng,Zhiyi Fang,Yongbo Ma,Peng Xu,Xingchao An

DOI: https://doi.org/10.1109/wicom.2009.5302399

2009-01-01

Abstract:As an open architecture, SOA (Service-Oriented Architecture) provides developers with more freedom. However, its security problem goes from bad to worse. By taken a bank transfer with proxy as an example, this paper analyzed the security issue of SDO (Service Data Object) data model and proposed an mechanism to make sure that the integrity, confidentiality and non-repudiation of SDO data model are preserved by applying encryption/decryption, digest, digital signature and so on. Finally, by applying WIN and WPS tools, this mechanism was developed and its performance was evaluated.

Qifeng Luo,Ruisheng Shi

DOI: https://doi.org/10.1109/DSC53577.2021.00036

2021-01-01

Abstract:To avoid problems such as single point of failure caused by relying on central authorization, for Data Distribution Service (DDS), this paper presents the DAFD (“Decentralized Authorization Framework for DDS”) authorization framework. Compared with existing solutions and the DDS Security Framework, DAFD does not rely on permissions Certification Authority (CA) for authority management, which reduces the threat of malicious modification of permissions. DAFD also allows fast, automatic and low-traffic cross-administrative-domain authority verification to control the behavior of DDS participants and the subscription and publication of information made by DDS participants.

Jing Hu,Xueyan Song,Jizhou Sun

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.02.002

2016-01-01

Abstract:Existing NOTAM processing system uses C /S model,the coupling degree between client and server is very high,and the broadcast-based transmission means makes a lot of redundant NOTAM generated at the client.In view of the features of NOTAM that their generation places are clear and the receiver can be subscribed on demand,and combining with the characteristics of data distribution service (DDS)specification that it enables two communicating parties to reach the loose coupling in space,time and data communications,in this paper we present a DDS specification-based publishing and subscribing model.We design a NOTAM distribution service middleware which supports the QoS policies,define the data structure and work flow of it,as well as the managerial strategy of global data space.According to NOTAMdistribution scene,we use CPN Tools for modelling and simulation.Case simulation results show that the middleware can provide accurate subject-based NOTAMdistribution services,so that proves the feasibility and validity of the design scheme of middleware.

宋震,张艳,李舟军,陈火旺

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.08.007

2003-01-01

Computer Science

Abstract:Security protocols use cryptography system to complete the tasks of principal identity authentication andseccion key distribution. The correctness of security protocols is of vital importance to ensure the security of the Inter-net application. Formal methods have been proved to be a valid approach to analyze and verify security protocols. Thispaper briefly introduces the three main styles in the field of security protocol analysis and their representative work.After that,it points out the future deveopment direction.

Jiaqi Yin,Huibiao Zhu,Yuan Fei,Qiwen Xu

DOI: https://doi.org/10.1109/TASE52547.2021.00028

2021-01-01

Abstract:With the popularization and development of 5G, it is vital to guarantee the security of the whole data while transmitting them at high speed. Data Distribution Service (DDS), as the core technology of network data conununication, is one of the most significant protocols. The Real Time Publish Subscribe (RIPS) protocol is part of DDS, which emphasizes data publishing and receiving. In this paper, we focus on the Behavior module of the RIPS protocol, where the reliable modes are always to ensure the reliability of data. Thus, we adopt CSP to model eight core components and add corresponding intruders to attack the model in order to verify and detect the potential risks of the design. Specifically, we also improve our model by utilizing digital signature and digital certificate. Five properties abstracted from the specification have been verified through the model checker PAT. The result shows that once adding the digital signature and digital certificate together, there is no situation that publisher and subscriber are unauthorized; in addition, due to multiple encryption, data cannot be faked or intercepted. However, the historycache still can be faked for it has no identity authentication. That is to say, to be highly trustworthy, developers need to ensure mutual authentication between modules as much as possible. Consequently, we hope this method makes sense for researches on security of data distribution protocol and gives a meaningful guide for DDS middleware development.

ZHANG Jun,YIN Xunhe

DOI: https://doi.org/10.3969/j.issn.1673-0291.2011.05.007

2011-01-01

Abstract:The Data-Centric Publish-Subscription(DCPS) is introduced.It is analyzed in this paper that the Data Distribution Service(DDS) specification based on DCPS,which is defined by OMG.RTI DDS is used for the design and realization of the upgrade program of a navy's air traffic control simulation system based on DDS specification and the requirements of this simulation system.It is proved that the design can satisfy the requirement by validation,and it is practical.

Huiying Liu,Wenting Dong,Huibiao Zhu,Ziqing Su

DOI: https://doi.org/10.1109/compsac61105.2024.00349

2024-01-01

Abstract:AMQP, serving as the application layer standard protocol for advanced message queuing systems, has garnered widespread adoption in middleware systems, including Rab-bitMQ, ActiveMQ, and Qpid. However, the key properties and security of AMQP's messaging mechanism remain unverified. Hence, in this paper, we employ process algebra CSP to formalize the AMQP and verify properties such as deadlock freedom, data reachability, concurrency, sequence consistency, and scala-bility. The verification results indicate that AMQP satisfies these properties, demonstrating the reliability in message transmission. Moreover, to further analyze the security of AMQP messaging mechanism, the intruder model and SSL protocol model are introduced in this work. Meanwhile, the comparison of the verification results with and without SSL is also presented, showing an improvement of the AMQP messaging mechanism security.

LIU Hao,JIANG Ze-jun,CHEN Jin-chao

DOI: https://doi.org/10.3969/j.issn.1671-654X.2013.05.025

2013-01-01

Abstract:Data Distribution Service( DDS),published by OMG,is a specification on data distribution service for real-time systems. The core of the DDS system is DCPS information database node,which saves all the nodes in the system status information. This article,based on the research of DDS specification,uses the method of service oriented design and implements a DCPS information database,defines a global data space,which has implemented the space coupling,dynamic joining and exit features. Based on DCPS information database,The article has builds a publish-subscribe system,and analyzes real-time performance,the result shows that this design can ensure efficient and fast data distribution between the nodes.

Qing Gu

2011-01-01

Abstract:To meet the needs of distributed real-time applications,a new specification named Data Distribution Service for Real-time Systems(DDS) is proposed and issued by OMG(Object Management Group).Based on the specification,this paper carries out researches on the academic model of publish/subscribe system,and designs a flexible,reliable real-time middleware(RTDDS),decoupling each node,and providing a solution to the data transmission problem of QoS and real-time ability.Finally,the paper present a Stock Quote Example based on the RTDDS.

Li Dong,Xue Yibo

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.12.093

2008-01-01

Abstract:Network applications such as network behaviour and traffic analysis,etc.,have raised higher demands for handling the network stream along with the deepened research and application in information security fields.Stream analysis was re-characterized in terms of data stream management system,and the Data Stream Management System for Information Security(IS-DSMS) which could fit the gigabyte network was designed and implemented.The technologies of sample,synopsis and sliding windows were adopted to optimize five common aggregated queries in the system.The test experiments have proved that it has practical performance in gigabyte network condition and can be used as the real-time engine to query and make statistic of the network data flow.Meanwhile,it may provide a high and effective support to network invasion and network monitoring.

Simon Schneider,Nicolás E. Díaz Ferreyra,Pierre-Jean Quéval,Georg Simhandl,Uwe Zdun,Riccardo Scandariato

2024-01-09

Abstract:Models of software systems are used throughout the software development lifecycle. Dataflow diagrams (DFDs), in particular, are well-established resources for security analysis. Many techniques, such as threat modelling, are based on DFDs of the analysed application. However, their impact on the performance of analysts in a security analysis setting has not been explored before. In this paper, we present the findings of an empirical experiment conducted to investigate this effect. Following a within-groups design, participants were asked to solve security-relevant tasks for a given microservice application. In the control condition, the participants had to examine the source code manually. In the model-supported condition, they were additionally provided a DFD of the analysed application and traceability information linking model items to artefacts in source code. We found that the participants (n = 24) performed significantly better in answering the analysis tasks correctly in the model-supported condition (41% increase in analysis correctness). Further, participants who reported using the provided traceability information performed better in giving evidence for their answers (315% increase in correctness of evidence). Finally, we identified three open challenges of using DFDs for security analysis based on the insights gained in the experiment.

Software Engineering