基于博弈论的云存储数据安全问题研究

随着大数据时代的到来和网络存储技术的蓬勃发展,云计算环境依赖云存储系统为用户提供数据快速存储与检索等服务.越来越多的企业和个人将数据存储至云空间,数据完整性与数据访问控制成为用户最关心的问题.为了保障用户数据安全,针对近年来各大云服务提供商不断暴出安全事故问题,利用演化博弈理论和方法构建云存储服务方的演化博弈模型,并对策略选择进行稳定性分析.博弈分析结果表明:提高用户对云存储服务信誉度的重视程度,推动云存储技术发展及加强政府对信息安全问题的监管力度是保障云存储数据安全的有效途径.     

政府规制下制造商实施EPR的模式研究

根据消费者对新产品和再造品的偏好不同,考虑产品的需求差异性,本文研究在政府规制下,制造商实施EPR的模式选择问题。文章首先构建了制造商实施EPR的两种模式——闭环模式和外包模式,然后比较研究了两种模式下的最优结果,最后进行了数值分析。研究表明当消费者的环保意识δ较小时,实施闭环模式对制造商有利,而当δ较大时,实施外包模式对制造商更有利,并且外包模式有利于提高废旧品的回收量。但是消费者环保意识的增强给制造商带来了压力,而给第三方再造商带来了商机。     

基于云模型和熵权的离岸服务外包承接地能力综合评价

离岸服务外包承接地的选择直接影响着外包项目的实施效果,而合理有效的评估方法是正确选择离岸服务外包承接地的重要工具.基于云模型理论并结合熵权系数法提出一种新的服务外包承接地能力综合评估模型,实现了定性评价指标与其定量表示之间的转换,解决了承接能力评估过程中随机性和模糊性并存的问题,同时也减少了传统评估方法中权重确定问题上经常存在的主观偏差.最后,在相关研究基础上,选取了6个影响发展中国家承接离岸服务外包的主要因素,构建服务承接地的能力评价体系,通过实例说明该评估模型简便可行,合理有效.     

基于身份的动态数字签名方案

数字签名是解决信息安全问题的重要途径,用于鉴别用户身份.随着计算机、网络的发展,安全的用户数字签名显得尤为重要.目前,现代的数字签名技术正向智能化、密码化、多因素、大容量和快速响应方向发展.结合数论中的中国剩余定理及RSA公钥体制,提出了一种基于身份的动态数字签名方案.     

基于AHP的化工物流服务供应商选择研究

随着核心竞争力理论以及供应链理论在石油化工行业的应用,越来越多的石化企业倾向于外包本企业的非核心业务,比如说物流服务.尽管石化企业希望外包自己的物流服务,但在选择合适的物流服务供应商方面,却遇到了困难,由于没有合适的选择模型,大部分石化企业在选择物流服务供应商的过程中还沿袭传统采购的经验,价格作为主要选择指标,然而对于服务采购,由于采购对象的特殊性,采用传统采购方法很难找到合适的供应商.在此背景下,在研究化工物流特征的基础上,提出化工物流服务供应商评估指标,并运用层次分析法和专家打分结合的方法构建了化工物流服务供应商的评估体系,最后通过案例,检验新方法的有效性.研究成果为石化企业选择合适的物流供应商提供了依据.     

基于双层规划的高速公路收费费率优化模型

在全国联网收费的背景下,从动态收费的角度考虑,建立了双层规划模型,上层规划中将路网管理者作为领导者,以高速公路收费效益最大化为目标函数,同时考虑道路运营管理方的合理收益和养护成本支出情况,下层规划则以用户出行效用最大化为目标,充分考虑了道路使用者的道路选择差异性及道路拥堵对交通分布的影响,建立随机用户均衡模型.最后结合某地区AB地高速公路实际情况进行分析,采用了遗传模拟退火算法验证了模型的实用性,并与其他的算法对比,验证了算法的有效性。研究表明:优化模型可以有效提高高速公路的收费效益和用户的出行效用,可以分散高峰时的交通压力,提升高速公路的通行效率.     

考虑炒作效应的网络视频平台商业模式选择

随着网络视频产业迅猛发展,越来越多的视频节目依赖炒作宣传吸引关注度获取丰厚的商业收益。本文考虑时间因素和炒作因素,基于用户需求不确定性建立连续时间型收益模型。应用哈密顿方法求解非线性优化问题,得到了炒作效应影响下的视频用户支付意愿变化规律,网络视频商业模式的动态演化趋势,并确立了最优的视频节目定价和营销炒作策略。研究结果表明,选择收费模式用户人数随着炒作时间的增加而增加,而选择免费模式用户人数随着炒作时间的增加而减少;随着炒作效应的提高,混合型免费—收费模式会逐渐演化为单一收费模式,且视频平台利润呈现倒“U”型变化趋势。研究结论揭示了营销炒作对视频定价、用户支付意愿和收视行为的影响,为视频平台更好的了解用户需求,制定商业策略提供决策依据。     

制造商主导下的CLSC物流策略和供应链稳定性

针对制造商主导的闭环供应链系统,考虑物流策略对系统的影响,运用博弈论理论,分析了物流外包和物流自营时制造商和零售商的定价策略、物流策略以及供应链稳定性.分析发现,无论是物流自营还是物流外包,随着补贴的增大,批发价格的单位变动率和单位再制造节约成本的单位变动率相等,但是方向相反.关于物流策略,无论补贴高低,只要fg1或者fg~21,则制造商和零售商在物流策略选择上始终一致,供应链具有长期稳定性.但若fg1fg~2,则制造商和零售商在物流选择上产生分歧,供应链具有不稳定性.     

模糊层次分析法在资源外包对象选择中的应用

资源外包是现代企业的一种重要经营战略.本文利用模糊层次分析法对资源外包对象的选择进行了定性和定量相结合的研究,以期为企业有效开展资源外包实践提供相关的理论上的指导.     

规模效应下产品具有可替代性的竞争企业的外包决策

针对产品具有一定替代性的两个竞争企业(分别为企业1和企业2)和存在规模效应的上游供应商的外包决策问题, 构建了企业1 外包前后各方的利润模型,求解了下游企业的外包和自产的最优策略以及供应商的最佳批发价格,分析了企业1 的外包策略对企业2 和供应商的外包决策的影响,比较了产品替代性对外包前后各决策变量的影响。研究发现:当企业的单位生产成本高于外包成本时,企业也可能选择自产;而当企业的单位生产成本低于外包成本时,企业也可能选择产品外包。并对模型进行进一步的拓展,比较了下游企业作顺序和同时外包决策两种情景的异同。     

Service outsourcing under co-opetition and information asymmetry

Co-opetition refers to the phenomenon that firms simultaneously cooperate and compete in order to maximize their profits. This paper studies the contracting for an outsourcing supply chain (a user company vs. a service provider) in the presence of co-opetition and information asymmetry. The user company outsources part of his service capacity at a discount price to the service provider for sale. The service provider charges a commission for doing outsourcing work and competes with the user company for the service capacity to satisfy their respective demands. We solve for the service provider’s optimal commission decision and the user company’s optimal outsourcing decisions (outsourcing volume and price discount) when the user company has private information about his service capacity. Specifically, we highlight the following observations. For the service provider, a menu of two-part tariffs that consist of a fixed commission and a per-volume commission can reveal the true type of the user company’s capacity; the user company’s optimal outsourcing proportion is quasi-convex and the optimal price discount is non-decreasing in his capacity volume, which is counterintuitive.     

Making the information systems outsourcing decision: A transaction cost approach to analyzing outsourcing decision problems

During the last several years outsourcing has emerged as a major issue in information systems management. As competitive forces impinge on business firms, senior managers are re-structuring their organizations with an eye on attaining or maintaining competitive advantage. Various strategies to IS outsourcing have emerged, for example, some outsourcers contract with a sole vendor while others contract with several. To date no studies have been done to determine which strategies are appropriate under what conditions. And while some firms have achieved varying degrees of success with any of these strategies, many have encountered significant difficulties. How then are managers to choose from a set of options that which is most appropriate for their firm? Outsourcing problems are complex and entail considerable implications for the strategy of the firm. A wrong decision can result in loss of core competencies and capabilities, and exposure to unexpected risks. Although many articles have appeared on outsourcing, few have extended the discussion beyond simple cost–benefit analysis. In this paper we discuss a transaction cost theory approach to the analysis of outsourcing decision making. Our approach provides managers with a strategy and techniques for analyzing some of the more subtle issues they may face when dealing with complex outsourcing decisions problems.     

Managing risks in information systems outsourcing: An approach to analyzing outsourcing risks and structuring incentive contracts

Information systems outsourcing is now almost standard practice for many companies. Outsourcing the information processing activities is a complex issue that entails considerable implications for the strategy of the firm. An important mechanism for managing the performance of outsourcing vendors is incentive contracts. But to develop an outsourcing contract the IS manager must quantify risks and benefits. However methods and tools for analyzing and quantifying outsourcing risks that IS managers have at their disposal are rudimentary. In this paper we offer a method and some mathematical models for analyzing risks and constructing incentive contracts for IS outsourcing. We are aware that most managers do not like to use mathematical models, consequently we have minimized the technical discussion and have illustrated how this model could be implemented using spreadsheet software for ease of use.     

Efficient password authenticated key agreement using bilinear pairings

For providing a secure distributed computer environment, efficient and flexible user authentication and key agreement is very important. In addition to user authentication and key agreement, identity privacy is very useful for users. In this paper, we propose an efficient and flexible password authenticated key agreement scheme using bilinear pairings. The main merits include: (1) there is no need for any password or verification table in the server; (2) users can choose or change his own password freely; (3) both the server and a user can authenticate each other; (4) it can protect the user’s privacy; (5) the user and the server can generate a session key; (6) it does not have a serious synchronization-clock problem; (7) even if the secret information stored in a smart card is compromised, it can prevent the offline dictionary attack.     

Certificateless signature: a new security model and an improved generic construction

Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault’s Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification. A preliminary version of the extended abstract of partial results appeared in ACISP 2006 [9].     

An N-path user equilibrium for transportation networks

The traditional trip-based approach to transportation modeling has been employed for the past decade. The last step of the trip-based modeling approach is traffic assignment, which has been typically formulated as a user equilibrium (UE) problem. In the conventional perspective, the definition of UE traffic assignment is the condition that no road user can unilaterally change routes to reduce their travel time. An equivalent definition is that the travel times of all the used paths between any given origin–destination pair are equal and less than those of the unused paths. The underlying assumption of the UE definition is that road users have full information on the available transportation paths and can potentially use any path if the currently used path is overly congested. However, a more practical scenario is that each road user has a limited path set within which she/he can choose routes from. In this new scenario, we call the resulting user equilibrium an N-path user equilibrium (NPUE), in which each road user has only N paths to select from when making route choices in the network. We introduce a new formulation of the NPUE and derive optimality conditions based on this formulation. Different from traditional modeling framework, the constraints of the proposed model are of linear form, which makes it possible to solve the problem with conventional convex programming techniques. We also show that the traditional UE is a special case of an NPUE and prove the uniqueness of the resulting flow pattern of the NPUE. To efficiently solve this problem, we devise path-based and link-based solution algorithms. The proposed solution algorithms are empirically applied to networks of various sizes to examine the impact of constrained user path sets. Numerical results demonstrate that NPUE results can differ significantly from UE results depending on the number of paths available to road users. In addition, we observed an interesting phenomenon, where increasing the number of paths available to road users can sometimes decrease the overall system performance due to their selfish routing behaviors. This paradox demonstrates that network information should be provided with caution, as such information can do more harm than good in certain transportation systems.     

A dexterous feature selection artificial immune system algorithm for keystroke dynamics

The main problem in security protecting the computer or resources from intruders. The password and username are the most common means to provide security. But this method has many loop holes such as password sharing, shoulder surfing, brute-force attack, dictionary attack, guessing, and many more. Keystroke dynamics is one popular and inexpensive behavioral biometric technology, which identifies the authenticity of a user when the user is working via a keyboard. Keystroke features like dwell time and flight time of every user are evaluated in this paper by preprocessing techniques such as Hausdroff timing, mean, median, and standard deviation. The artificial immune system is used for feature selection, and comparison between preprocessing techniques is shown.     

一种灵活的基于身份的签名方案

在基于身份的密钥提取过程中,使密钥生成器在私钥中嵌入随机数,从而使得密钥提取具有较好的灵活性,使得用户对一个身份可具备多个私钥,这无疑会增加密钥使用的安全性;基于这种新的密钥提取思路,给出一个基于身份的签名体制,新的密钥提取方式使得它具有更好的安全性和灵活性;新的基于身份的签名体制中具有最少对运算,因此,与类似的方案相比,其具备较好的计算效率;新签名体制的安全性依赖于k-合谋攻击问题(k-CAAP)的困难性,其在适应性选择消息和ID攻击下具备强不可伪造性,并且其安全性证明具有紧规约性.