Since previous Multi-Authority Attribute-Based Encryption (MA-ABE) schemes limit each attribute to appear only once in the access structure, and suffer from superfluous computation overhead on repetitive encoding technique, an adaptively secure and unrestricted Multi-Authority Ciphertext-Policy ABE (MA-CP-ABE) scheme was proposed on prime order groups. Firstly, based on dual pairing vector space and linear secret-sharing schemes technology, an MA-CP-ABE scheme was constructed on prime order groups. Then, q-Parallel BDHE (Bilinear Diffie-Hellman Exponent) assumption was introduced to solve the problem that classical dual system encryption depends on a statistical hypothesis which requires each attribute to appear only once in the access structure, and a series of attacking games indistinguishable from each other was designed to prove that this scheme was adaptively secure in the standard model. Finally, performance analysis indicated that in comparison with another two adaptively secure MA-CP-ABE schemes on prime order groups, the speed of decryption was obviously improved by nearly 20%-40% and 0%-50% respectively as the number of participating attributes increasing, without considering the attribute repetition. This scheme is more efficient in real applications.
Concerning the problem that the network access control of Virtual Machines (VM) in the cloud computing Infrastructure as a Service (IaaS) platforms, a method of communication access control for VM in IaaS platforms was proposed. The method based on Software Defined Networking (SDN) was realized to customize the communication access control rules from Layer 2 to Layer 4. The experimental results show that the method can manage communication access permissions of tenants' VM flexibly, and ensure the security of tenants' network.
In view of the problem that verifying the conformance of e-government network structure, a conformance verification method for e-government network based on graph approximate matching was proposed. The method firstly abstracted the graph model of e-government network, then used the modular characteristic of network structure and k-hop neighboring relationship of vertices to realize extendible approximate graph matching which got all the similar structures between the two graphs. And then it proposed an improved graph similarity measure function by introducing the node importance factor and path distance attenuation factor so as to make the conformity assessment results more accurate. The experimental result shows that the method can accurately evaluate the conformance degree of e-government network structure, and fine-grainedly reflect the similarities or differences between the network structures which include all kinds of violations in the network topology and system deployment.
The virtual machines in cloud computing platform exchange data in the shared memory of physical machine. In view of the problem that the traffic cannot be captured and detected in firewall or other security components, the OpenFlow technology was analyzed, and a traffic redirection method based on OpenFlow was presented. To control traffic forwarding process and redirect it to security components, the method provided network connection for virtual machines with OpenFlow controller and virtual switches instead of physical switches, and built a traffic detection system composed of four modules including virtual switch, control unit, intrusion detection and system configuration management. The experimental results show that the proposed scheme can realize traffic redirection and the subsequent detection processing, and the system can provide switch-level and host-level control granularity. It also solves traffic detection problem under cloud computing environment in traditional scene by traffic redirection, and provides great expansion of the traffic processing based on OpenFlow.
In view of the problems that posture recognition based on vision requires a lot on environment and has low anti-interference capacity, a posture recognition method based on predefined bone was proposed. The algorithm detected human body by combining Kinect multi-scale depth and gradient information. And it recognized every part of body based on random forest which used positive and negative samples, built the body posture vector. According to the posture category, optimal separating hyperplane and kernel function were built by using improved support vector machine to classify postures. The experimental results show that the recognition rate of this scheme is 94.3%, and it has good real-time performance, strong anti-interference, good robustness, etc.