Ju Ren

DPPro: Differentially Private High-Dimensional Data Release via Random Projection

Releasing representative data sets without compromising the data privacy has attracted increasing attention from the database community in recent years. Differential privacy is an influential privacy framework for data mining and data release without revealing sensitive information. However, existing solutions using differential privacy cannot effectively handle the release of high-dimensional data due to the increasing perturbation errors and computation complexity. To address the deficiency of existing solutions, we propose DPPro, a differentially private algorithm for high-dimensional data release via random projection to maximize utility while guaranteeing privacy. We theoretically prove that DPPro can generate synthetic data set with the similar squared Euclidean distance between high-dimensional vectors while achieving

A scalable and manageable IoT architecture based on transparent computing

(epsilon,delta)

An adaptive and configurable protection framework against android privilege escalation threats

-differential privacy. Based on the theoretical analysis, we observed that the utility guarantees of released data depend on the projection dimension and the variance of the noise. Extensive experimental results demonstrate that DPPro substantially outperforms several state-of-the-art solutions in terms of perturbation error and privacy budget on high-dimensional data sets.

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

Abstract With the explosion of connected devices, the Internet-of-Things (IoT) is expected to be the fundamental infrastructure of the information society and receives a wide variety of applications in different scenarios. However, the fast-growing IoT technology is still facing many challenges posed by large-scale heterogeneous IoT devices. To address these challenges we propose a transparent computing based IoT architecture to build scalable and manageable IoT applications. The proposed architecture consists of five layers, i.e., end-user layer, edge network layer, core network layer, service&storage layer, and management layer. It can provide centralized management of various resources like operating systems, services and data for IoT applications, and enable on-demand services to be executed on heterogeneous IoT devices. We also build a prototype system to evaluate the performance of the proposed architecture in terms of the delay and energy consumption in remote service updating. The experimental results demonstrate that it can provide efficient management of various resources and achieve on-demand service provisioning for IoT devices.

Resource allocation for hybrid energy powered cloud radio access network with battery leakage

Abstract Android is a successful mobile platform with a thriving application ecosystem. However, despite its security precautions like permission mechanism, it is still vulnerable to privilege escalation threats and particularly confused deputy attacks that exploit the permission leak vulnerabilities of Android applications. Worse, most existing detection and protection techniques have become costly and unresponsive in current Android dynamic permission environments. In this paper, we propose a configurable Android security framework to prevent the exploitation of permission leak vulnerabilities of third-party applications via confused deputy attacks. Our framework collects the runtime states of applications and enforces policy and capability-based access control to restrain riskful inter-application communications, so as to provide more responsive, adaptive, and flexible application protection. Besides, our framework provides users with a flexible runtime policy configuration together with a complementary security mechanism to mitigate risks induced by inappropriate policies. Additionally, we present a sophisticated access decision cache system with a proactive maintenance method that ensures the efficiency and dependability of decision services. Theoretical analysis and experimental evaluation demonstrate that our approach provides configurable and effective protections for third-party applications against permission leak vulnerabilities at small performance and usability costs.

FABAC: A Flexible Fuzzy Attribute-Based Access Control Mechanism

Attribute-based access control (ABAC) is a maturing authorization technique with outstanding expressiveness and scalability, which shows its overwhelmingly competitive advantage, especially in complicated dynamic environments. Unfortunately, the absence of a flexible exceptional approval mechanism in ABAC impairs the resource usability and business time efficiency in current practice, which could limit its growth. In this paper, we propose a feasible fuzzy-extended ABAC (FBAC) technique to improve the flexibility in urgent exceptional authorizations and thereby improving the resource usability and business timeliness. We use the fuzzy assessment mechanism to evaluate the policy-matching degrees of the requests that do not comply with policies, so that the system can make special approval decisions accordingly to achieve unattended exceptional authorizations. We also designed an auxiliary credit mechanism accompanied by periodic credit adjustment auditing to regulate expediential authorizations for mitigating risks. Theoretical analyses and experimental evaluations show that the FBAC approach enhances resource immediacy and usability with controllable risk.

Interference Cooperation via Distributed Game in 5G Networks

This study proposes a resource allocation policy for hybrid energy powered cloud radio access network with battery leakage. To optimise the network utility, the authors first formulate a network utility maximisation problem while jointly considering multiple random processes, which include energy harvesting, data arrival, wireless channel condition, and grid energy prices. To tackle this problem, they exploit the Lyapunov optimisation technique to develop an online dynamic resource allocation framework, which contains four subproblems, i.e. data admission, hybrid energy management, power allocation and route scheduling. Based on the solutions of these subproblems, a network utility optimisation resource allocation (ORA) algorithm is proposed. Specifically, the ORA algorithm only needs to track the current system states without requiring a prior knowledge about channel and energy conditions. Theoretical performance analyses and simulation results verify that the proposed algorithm can achieve close-to-optimal utility with bounded data buffer and battery capacity.

A Survey on Emerging Computing Paradigms for Big Data

Attribute-Based Access Control (ABAC) is a promising approach for addressing intricate management requirements in dynamic and distributed environments. Nevertheless, because of lacking flexible access exception handling mechanism, rigid rules in ABAC influence the resource availability and ultimately the working efficiency. In this paper, we propose a novel fuzzy ABAC model (FABAC) that extends the ABAC with better usability. We introduce the fuzzy mechanism into decision-making process. Based on the membership grades of requests to rules and the spare credits of respective subjects, our framework permits additional requests failing in rule matching, thus enhancing the information flows in business processes. Furthermore, we develop the credit system with history-based recovery mechanism, wherein the subject’s credits and corresponding recovery rate are impacted by the past authorizations on substandard requests, for maintaining the risk of abuse under control. The analysis reveals that our model contributes to attaining better tradeoff between security and usability.

RF Energy Harvesting and Transfer in Cognitive Radio Sensor Networks: Opportunities and Challenges

Nash noncooperative power game is an effective method to implement interference cooperation in downlink multiuser multiple-input multiple-output (MU-MIMO). Power equilibrium point of Nash noncooperative power game can achieve a satisfactory tradeoff between self-benefits of Internet of Things (IoT) users and interference between IoT users which largely enhance the edge IoT user throughput. However, either power strategy space, i.e., the enabled range of power allocation for IoT users, or overall BS transmit power in the existing Nash noncooperative power games is generally static. This limits the performance of systems, especially in IoT systems, etc., in 5G. As an effort to address these problems, we design a novel framework of Nash noncooperative game with iterative convergence for downlink MU-MIMO. We first decompose the MU-MIMO into multiple virtual single-antenna transmit-receive pairs with a stream analytical model. Afterwards, based on streams, we propose a noncooperative water-filling power game with pricing (WFPGP) where the power strategy space of each stream can be dynamically determined by iterative water-filling. We derive the sufficient condition for the existence and uniqueness of WFPGP game, in which the verification of the sufficient condition can be executed in a distributed manner. By simulations, we verify the performance of WFPGP compared to other Nash noncooperative games.