A new multi-level analysis method of introducing the super-element modeling method, derived from the multi-level analysis method first proposed by O. F. Hughes, has been proposed in this paper to solve the problem of ...A new multi-level analysis method of introducing the super-element modeling method, derived from the multi-level analysis method first proposed by O. F. Hughes, has been proposed in this paper to solve the problem of high time cost in adopting a rational-based optimal design method for ship structural design. Furthermore,the method was verified by its effective application in optimization of the mid-ship section of a container ship. A full 3-D FEM model of a ship,suffering static and quasi-static loads, was used as the analyzing object for evaluating the structural performance of the mid-ship module, including static strength and buckling performance. Research results reveal that this new method could substantially reduce the computational cost of the rational-based optimization problem without decreasing its accuracy, which increases the feasibility and economic efficiency of using a rational-based optimal design method in ship structural design.展开更多
Cloud computing is very attractive for schools, research institutions and enterpri- ses which need reducing IT costs, improving computing platform sharing and meeting lice- nse constraints. Sharing, management and on-...Cloud computing is very attractive for schools, research institutions and enterpri- ses which need reducing IT costs, improving computing platform sharing and meeting lice- nse constraints. Sharing, management and on- demand allocation of network resources are particularly important in Cloud computing. Ho- wever, nearly all-current available cloud com- puting platforms are either proprietary or their software infrastructure is invisible to the rese- arch community except for a few open-source platforms. For universities and research insti- tutes, more open and testable experimental plat- forms are needed in a lab-level with PCs. In this paper, a platform of infrastructure resou- rce sharing system (Platform as a Service (PaaS)) is developed in virtual Cloud comput- hug environment. Its architecture, core modules, main functions, design and operational envir- onment and applications are introduced in de- tail. It has good expandability and can impr- ove resource sharing and utilization and is app- lied to regular computer science teaching and research process.展开更多
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this...with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.展开更多
Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated ...Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.展开更多
Processors have been playing important roles in both communication infrastructure systems and terminals.In this paper,both application specific and general purpose processors for communications are discussed including...Processors have been playing important roles in both communication infrastructure systems and terminals.In this paper,both application specific and general purpose processors for communications are discussed including the roles,the history,the current situations,and the trends.One trend is that ASIPs(Application Specific Instruction-set Processors) are taking over ASICs(Application Specific Integrated Circuits) because of the increasing needs both on performance and compatibility of multi-modes.The trend opened opportunities for researchers crossing the boundary between communications and computer architecture.Another trend is the serverlization,i.e.,more infrastructure equipments are replaced by servers.The trend opened opportunities for researchers working towards high performance computing for communication,such as research on communication algorithm kernels and real time programming methods on servers.展开更多
Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
基金Supported by the Project of Ministry of Education and Finance(No.200512)the Project of the State Key Laboratory of ocean engineering(GKZD010053-10)
文摘A new multi-level analysis method of introducing the super-element modeling method, derived from the multi-level analysis method first proposed by O. F. Hughes, has been proposed in this paper to solve the problem of high time cost in adopting a rational-based optimal design method for ship structural design. Furthermore,the method was verified by its effective application in optimization of the mid-ship section of a container ship. A full 3-D FEM model of a ship,suffering static and quasi-static loads, was used as the analyzing object for evaluating the structural performance of the mid-ship module, including static strength and buckling performance. Research results reveal that this new method could substantially reduce the computational cost of the rational-based optimization problem without decreasing its accuracy, which increases the feasibility and economic efficiency of using a rational-based optimal design method in ship structural design.
基金supported by the Coalition for National Science Fundingunder Grant No.61150110486the Central University Funding under Grant No.ZYGX2013J073
文摘Cloud computing is very attractive for schools, research institutions and enterpri- ses which need reducing IT costs, improving computing platform sharing and meeting lice- nse constraints. Sharing, management and on- demand allocation of network resources are particularly important in Cloud computing. Ho- wever, nearly all-current available cloud com- puting platforms are either proprietary or their software infrastructure is invisible to the rese- arch community except for a few open-source platforms. For universities and research insti- tutes, more open and testable experimental plat- forms are needed in a lab-level with PCs. In this paper, a platform of infrastructure resou- rce sharing system (Platform as a Service (PaaS)) is developed in virtual Cloud comput- hug environment. Its architecture, core modules, main functions, design and operational envir- onment and applications are introduced in de- tail. It has good expandability and can impr- ove resource sharing and utilization and is app- lied to regular computer science teaching and research process.
基金Supported by the National Natural Science Foundation of China under Grant No. 61370068
文摘with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.
基金supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190)the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010)the Program for Innovative Research Team in University of Ministry of Education of China (IRT201206)
文摘Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.
基金The National High-Tech Research and Development Program of China(863 Program)2014AA01A705
文摘Processors have been playing important roles in both communication infrastructure systems and terminals.In this paper,both application specific and general purpose processors for communications are discussed including the roles,the history,the current situations,and the trends.One trend is that ASIPs(Application Specific Instruction-set Processors) are taking over ASICs(Application Specific Integrated Circuits) because of the increasing needs both on performance and compatibility of multi-modes.The trend opened opportunities for researchers crossing the boundary between communications and computer architecture.Another trend is the serverlization,i.e.,more infrastructure equipments are replaced by servers.The trend opened opportunities for researchers working towards high performance computing for communication,such as research on communication algorithm kernels and real time programming methods on servers.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
