The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Tor is the most widely used anonymity network, currently serving millions of users each day. However, there is no access control in place for all these users, leaving the network vulnerable to botnet abuse and attacks. For example, criminals frequently use exit relays as stepping stones for attacks, causing service providers to serve CAPTCHAs to exit relay IP addresses or blacklisting them altogether,...
In response to increasing threats of malicious activity and data loss on servers, we propose a different and practical strategy for access control modeled after flight plans for pilots, which mixes existing role-based, object-based, and intention-based access models; it supports much finer grained, real-time, sequence-oriented anomaly detection. Users are required to declare their intended “flight...
The new face of networking is growing in the named data networking (NDN). It differs from traditional way in requesting in which request and data packet is delivered with the help of content identification and not the IP addresses of server and client. By using this trend we can apply more security to the clients because there will be no IP addresses available which will help to hide the identity...
Through the simplifying assumption that a Thing has a single use or a small number of intended uses, it is possible to reduce the threat surface of the device by constraining the communication paths needed for those uses. This is accomplished using a small number of extensions to IEEE 802.1AR, a YANG model, DHCP, and IEEE 802.1AB, where a manufacturer maintains an online presence that is used inter...
Cloud computing provides problem solving services, software services, data access services and storage accommodations that don't require end-users information of the materialistic positioning and hardware topology of the system. This also leads to the security threats in authentication and data access. To overcome the security threats during authentication we will implement a Remote Authentication...
Recently, cyber attacks become so sophisticated that conventional countermeasures that focus on preventing intrusion are becoming less effective. Thus, recent countermeasures are focusing on after intrusion such as an incident response. We previously proposed a system in order to support network administrators performing incident responses. However, our previous system uses only anomaly detection...
An algebra is proposed for constructing and reasoning about anomaly-free firewall policies. Based on the notion of refinement as safe replacement, the algebra provides operators for sequential composition, union and intersection of policies. The algebra is used to provide a uniform way to specify and reason about OpenStack host-based and network access controls, in particular, security group and perimeter...
In service oriented computing, authentication factors have their vulnerabilities when considered exclusively. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering...
Internet of Things (IoT) and Cyber-physical Systems (CPS) are two very hot research topics today, and more and more products are starting to appear on the market. Research has shown that the use of Service Oriented Architecture (SOA) can enable distributed application and devices to device communication, even on very resource constrained devices, and thus play an important role for IoT and CPS. In...
In this paper, we propose a solution to fast detect and limit Hot-IPs using Non-Adaptive Group Testing method and dynamic firewall rules. Hot-IPs are hosts appear with high frequency in network. They can be threats such as denial of service attacks or Internet worms. Therefore, fast detecting and limiting Hot-IPs are very important issues in network to decrease these risks. Non-adaptive group testing...
The enlargement of the current enterprise network scale makes the conflict between application systems and network devices inevitable. To address this issue, this paper proposed a verification method of network reach ability based on topology path. Our approach extracts communication need of application systems through formalization method, so the problem of whether the communication need will be...
City management platform based on conception of smart city is a public network platform in which internet of things, cloud computing and information intelligent analysis technologies are synthetically applied. Great information resources about city management are conserved in the platform, and some parts of resources are important information related to security and benefit of country. Therefore a...
In this paper a real-time video/voice over IP (VVoIP) applications has implemented in Hadoop cloud computing system and it is denoted CLC-IHU. It really outperforms the previous VVoIP using P2P connection (called SCTP-IHU) due to the easy-to-use and high-performance on video phone call. User does not need to know what is a real IP and web interface achieves interaction by adopt TCP-based RMTP instead...
Network-level access control policies are often specified by various people (network, application, and security administrators), and this may result in conflicts or suboptimal policies. We have defined a new formal model for policy representation that is independent of the actual enforcement elements, along with a procedure that allows the easy identification and removal of inconsistencies and anomalies...
Aiming at the independent distribution units of multi-access system, a remote door access management system is researched and designed based on Ethernet. The system uses MSP430F149, together with W5100, to be the control core of every access system unit, and to achieve real time data communication between the access controller and the upper monitor based on TCP/IP protocols. The communication mode...
Network Access Controls (NAC) are widely used to provide endpoint security typically complementing existing application-based security controls. NAC security mechanisms, for instance firewalls, are routinely prescribed as requirements for compliance to security standards such as PCI-DSS and ISO 27000. However, the effectiveness of a NAC configuration may be hampered by poor understanding and/or management...
With the pervasive computing and parallel computing time arrival, the traditional access control mechanism already ragged, this has prompted the dynamic access control technology, this technology makes access alter with the context of the changes, so it need to acquire dynamic context information. This paper gives the definition of the context information in dynamic access control, and on the bases...
This paper summarized applications of Fire Wall in e-Commerce security system and have set forth choice principle on fire wall; have studied e-Commerce network security technique on Fire Wall; analysed constructing e-Commerce network security technology and applied to actual e-Commerce system design on power.
To design a more secure and efficient single sign-on system, this paper analyzed the popular single sign-on systems and then introduced the original design model of SSO, due to the limitation of the original design model, we present the proposed design model named as PKI and password protected card-based single sign-on system (3PC-SSO), which combines the advantages of Kerberos and PKI-based single...
Access systems verify and validate accesses made by users to different resources according to some rules. Access systems can be implemented using IT infrastructure. A classical implementation refers to door access in large buildings. Such a system controls and validates the access in the rooms of a building (such as a company, an institution) according to some policies or access rights. This paper...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.