浅谈大数据风险与应对策略

<正>大数据应用通过分布式索引把全部索引数据水平切分后存储到多个节点上,这为黑客发起攻击提供了更多机会,利用大数据,黑客可以扩大攻击效果。大数据的低密度性使得现有的安全分析工具很难聚焦在关键点上,因此,大数据的安全保护面临着更多威胁。1.主要安全威胁(1)基本威胁基本威胁包括:1信息泄露,主要指大数据中的部分或全部信息被透露给某个未被授权的用户、软件或实体;2完整性破坏,由于非授权的增加、删除和修改等操作,大数据中的部分信息丢失,完整性遭到破坏;3拒绝服务,     

MTBAC： A Mutual Trust Based Access Control Model in Cloud Computing

As a new computing mode, cloud computing can provide users with virtualized and scalable web services, which faced with serious security challenges, however. Access control is one of the most important measures to ensure the security of cloud computing. But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing. In cloud computing environment, only when the security and reliability of both interaction parties are ensured, data security can be effectively guaranteed during interactions between users and the Cloud. Therefore, building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment. Combining with Trust Management（TM）, a mutual trust based access control （MTBAC） model is proposed in this paper. MTBAC model take both user＇s behavior trust and cloud services node＇s credibility into consideration. Trust relationships between users and cloud service nodes are established by mutual trust mechanism. Security problems of access control are solved by implementing MTBAC model into cloud computing environment. Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.     

Attribute Based DRM Scheme with Dynamic Usage Control in Cloud Computing

In order to achieve fine-grained access control in cloud computing, existing digital rights management （DRM） schemes adopt attribute-based encryption as the main encryption primitive. However, these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud. In this paper, we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing. We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption. Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content. The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users, and also enables the license server to implement immediate attribute and user revocation. Moreover, our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption, which allows the license server in the cloud to update the users＇ usage rights dynamically without disclosing the plaintext. Extensive analytical results indicate that our proposed scheme is secure and efficient.     

一种高效低时延的宽带电力线通信网多跳MAC协议

针对IEEE1901.1宽带电力线通信媒体接入控制(Medium Access Control,MAC)协议涉及到信标时隙利用不充分和控制开销过大等问题,提出了一种高效低时延的宽带电力线通信网多跳MAC协议(Efficient and Low Delay Multi-hop MAC,ELDM-MAC).采用基于节点层级...     

无线Mesh网络速率自适应算法研究

自适应速率选择是影响无线Mesh网性能的关键问题。提出了一种基于动态解调门限的速率自适应选择算法,该算法通过统计传输速率进行速率选择,能够针对不同信道环境对每种调制速率所需最小信噪比门限进行自动调整。同时,采用跨层设计思想,采用路由协议广播报文作为MESH设备间传输信噪比信息的载体,从而能够根据信噪比和传输成功率信息得到信道环境下的最佳发送速率。实际测试结果表明,所提算法能够在较短时间内选择出最佳速率,而且具有较低的抖动和稳定的吞吐量。     

分布式认证智能电网访问控制模型的研究

为实现智能电网数据的安全汇总和访问控制的有效结合,在同态加密的基础上,结合陷门秘密分享技术,提出一种基于多方认证的智能电网访问控制方案。通过对智能电表中数据密文进行同态加密处理,保证数据从智能电表到变电站传输过程的安全,同时对汇总的密文数据进行属性化,可实现对数据访问者的多方认证访问控制。实验数据结果表明,该方案具有可行性和实用性。     

D-PRMA：一种新的无线Ad Hoc网络资源预留MAC机制

支持资源预留的介质访问控制(MAC)机制是无线ad hoc网络提供服务质量保证的关键.本文在分析分组预留多址接入(PRMA)的基础上,给出了一种新的支持资源预留的无线ad hoc网络MAC机制:分布式PRMA(D-PRMA).D-PRMA的主要特点是分布式的,这适合无线ad hoc网络无中心的特点,同时,D-PRMA具有很短的碰撞持续时间,支持不同速率的实时业务,避免了对分组的分片和重组.通过仿真,本文进一步分析了D-PRMA的性能,仿真结果表明D-PRMA能保证实时业务的带宽和时延.     

基于身份认证的医疗信息数据库访问控制

传统的数据库访问控制方法会绑定访问请求与访问目的,增加医疗信息系统运行负担。为此,提出基于身份认证技术的医疗信息系统数据库访问控制方法。采用文档对象模型描述医疗信息系统;利用电子钥匙与X.509标准协议相结合的身份认证技术,根据信息发送、接收、加密、解密、随机数生成、证书验证六个步骤认证用户身份;根据认证结果定义数据库时间函数、授权、规则和授权基,并判断访问用户是否合法。实验结果表明：相比于系统原访问耗时,文中方法的总耗时更短,有效减轻了系统的运行负担。     

结合RDF实现对XML文档的RBAC

文章提出了一种面向XML文档的基于XMLschema并结合RDF的访问控制模型,它实现了对XML文档的细粒度的安全访问控制,同时提供了对XML文档中associationsecurityobject的安全访问控制。     

ACL、Qos和策略路由在数据中心的应用

随着网络技术的快速发展,新技术应用越来越广泛,但原有的一些老技术仍在焕发青春。2012年我校数据中心进行了部分改造,其中对新老技术的结合应用感受颇深,尤其是ACL、Qos和策略路由的这些常使用的命令,在此做以简单总结供大家参考。