Fu Zhongchuan

Security and trust research in M2M system

Machine to machine communication (M2M) has received increasing attention in recent years. However, its development and character cause new security challenge. The security and trust problems are serious in M2M system. A survey to security and trust in M2M system is necessary. Different visions of the M2M security and trust paradigm are reported and reviewed in this paper. They includes typical technology research progress and security product. All these will help to understand security and trustworthy in M2M system.

Multilabels-Based Scalable Access Control for Big Data Applications

Multidata sources and formats and multiuser types introduce new security and privacy challenges to big data applications. The authors propose a multilabels-based scalable access control framework for use in a Hadoop-based big data healthcare application. This framework combines active bundle, role-based access control (RBAC), attribute-based access control (ABAC), discretionary access control (DAC), and mandatory access control (MAC). The multilabels include data type, security degree, lifetime, number of replications, access policy, and hash value. In the framework, data type can be related to security degree. If the user has new access control requirements, the big data administrator can add, delete, or revise the labels to achieve a different access control granularity.

A Novel Trust Routing Scheme Based on Node Behaviour Evaluation for Mobile AD Hoc Networks

Abstract With the rapid application and development of mobile ad hoc network, security and trust aze important to the network. As the vazious attack models, we need trust routing scheme to guarantee the security and trust for the network. So trust routing scheme is the main issue in security mobile ad hoc network. As the cooperation chazacter of the network, trust routing is related to node behaviours. A novel trust routing scheme based on node behaviour evaluation is proposed to enhance security of the network. The defmition of trust routing is proposed in the paper. Ad hoc On-Demand Distance Vector (AODV) routing protocol is used to validate trust routing scheme, Route Reply (RREP) Message is extended to record node behaviour.Ns-2 simulator is used to simulate the trust scheme under different node behaviours and experiment scenarios. Simulation results show that trust routing scheme can improve the security and performance of network effectively.

CFCSS without Aliasing for SPARC Architecture

With the increasing popularity of COTS (commercial off the shelf) components and multi-core processor in space and aviation applications, software fault tolerance becomes attractive to overcome the primary bottleneck of their susceptibility to transient faults. CFCSS (Control Flow Checking by Software Signatures) is one of the most important pure software fault tolerance techniques in mitigating control flow errors in harsh environment. As the most prominent deficiency, aliasing is the research focus of this paper, and a novel algorithm, namely CFCSS without aliasing, is put forward. First and foremost, the cause of aliasing - the existence of branch-fan-in nodes in program control flow graph – is investigated in depth, and the minimal flow graph structure giving birth to aliasing, namely “3-2 structure”, is extracted. The typical “3-2 structure” can be extended to a broader class of flow graph, named “n-(n-1) structure” by this paper, which can not be settled by previous CFCSS algorithms. Second, basing on thorough analysis of the traditional CFCSS algorithm, a method of inserting an additional basic block in program control flow graph is proposed, and the algorithm of CFCSS without aliasing is elaborately designed. The feature of independence of the program flow graph makes this algorithm more general, and in theory any kinds of flow graph structures can be dealt with it, such as “n-(n-1) structure” and other typical flow graphs that are not covered by traditional algorithms. Third, the compilation time of the algorithm is in linear with the number of basic blocks of the program control flow graph. CFCSS without aliasing is implemented under GCC 4.2.1 for SPARC architecture, and the delay slot is supported. By fault injection campaigns carried out for representative integer-dominated benchmarks from MiBench and SPEC CINT2000, the correctness, fault detection capability, and overhead of this algorithm are investigated in great details.

FSFI: A Full System Simulator-Based Fault Injection Tool

With VLSI technology advances and the increasing popularity of COTS components and multi-core processor in space, aviation, and military harsh environment, dependability becomes more attractive to overcome the increasing susceptibility to transient, permanent, and wear-out induced intermittent fault. Fault injection is widely used in dependability evaluation and fault emulation. As compared to physical- and software based fault-injection tool, this paper presents a simulation based Fault Injection tool, namely FSFI, to study high-level propagations of faults and system-level manifestations, especially the underlying causes of fault manifestations, namely Symptoms in this paper. The primary contributions of this paper are as follows. First and foremost, FSFI - A Full System simulator based Fault Injection tool is designed and described in great details. FSFI is based on an open source full system simulator (SAM) and it is heavily modified to support different processor component such as ALU, decoder, integer register files, and AGEN (Address Generation Unit). Additional four modules are added to the FSFI-simulator: Fault Injector, Monitor, Analyzer, and Controller. Second, transient faults are injected into different SPARC processor components, such as ALU, decoder, integer register files, and AGEN to deliberately study fault high level manifestations and propagations from processor component, through SPARC architecture level, hyper visor, OS, to application. Third, the underlying causes of fault manifestations, namely Symptoms, such as fatal trap, high OS, high hyper, and hangs, are captured by FSFI Monitor. The distributions of Symptoms for different components against typical benchmarks are investigated, and the underlying reasons are analyzed in detail. Preliminary experiment results show that FSFI is effective for fault high level propagation and Symptom research, and some of our future work is prospected.

Multi-agent information fusion based trust routing framework for mobile ad hoc network

With the rapid development of mobile ad hoc network, security and trust are important to the network. Trust routing framework is the main issue in mobile ad hoc network. Trust routing is related to many factors such as hop number, node residual energy and node behavior. To use the multi-source information fully, multi-agent information fusion method is used to design trust routing framework. The definition of trust routing is proposed in the paper. Ad hoc On-Demand Distance Vector (AODV) routing protocol is used to validate trust routing framework, Route Reply (RREP) Message is extended to record node residual energy and behavior information. Ns-2 is used to simulate different network scenarios. Simulation results show that the trust routing framework can improve the efficiency of network and extend the service lifetime.

Research for current cloud computing and cloud security technology

This paper introduces the concept, development, key features, applications of cloud computing. The difference to grid computing is discussed. Eight kinds of typical open source cloud computing projects are described, the security reference models of cloud services are given. Cloud computing security challenges and countermeasures are discussed in this paper.