Visible to the public Biblio

Found 1510 results

Filters: First Letter Of Title is S  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R [S] T U V W X Y Z   [Show ALL]
Z
Zurek, E.E., Gamarra, A.M.R., Escorcia, G.J.R., Gutierrez, C., Bayona, H., Perez, R., Garcia, X..  2014.  Spectral analysis techniques for acoustic fingerprints recognition. Image, Signal Processing and Artificial Vision (STSIVA), 2014 XIX Symposium on. :1-5.

This article presents results of the recognition process of acoustic fingerprints from a noise source using spectral characteristics of the signal. Principal Components Analysis (PCA) is applied to reduce the dimensionality of extracted features and then a classifier is implemented using the method of the k-nearest neighbors (KNN) to identify the pattern of the audio signal. This classifier is compared with an Artificial Neural Network (ANN) implementation. It is necessary to implement a filtering system to the acquired signals for 60Hz noise reduction generated by imperfections in the acquisition system. The methods described in this paper were used for vessel recognition.

Zulkarnine, A. T., Frank, R., Monk, B., Mitchell, J., Davies, G..  2016.  Surfacing collaborated networks in dark web to find illicit and criminal content. 2016 IEEE Conference on Intelligence and Security Informatics (ISI). :109–114.
The Tor Network, a hidden part of the Internet, is becoming an ideal hosting ground for illegal activities and services, including large drug markets, financial frauds, espionage, child sexual abuse. Researchers and law enforcement rely on manual investigations, which are both time-consuming and ultimately inefficient. The first part of this paper explores illicit and criminal content identified by prominent researchers in the dark web. We previously developed a web crawler that automatically searched websites on the internet based on pre-defined keywords and followed the hyperlinks in order to create a map of the network. This crawler has demonstrated previous success in locating and extracting data on child exploitation images, videos, keywords and linkages on the public internet. However, as Tor functions differently at the TCP level, and uses socket connections, further technical challenges are faced when crawling Tor. Some of the other inherent challenges for advanced Tor crawling include scalability, content selection tradeoffs, and social obligation. We discuss these challenges and the measures taken to meet them. Our modified web crawler for Tor, termed the “Dark Crawler” has been able to access Tor while simultaneously accessing the public internet. We present initial findings regarding what extremist and terrorist contents are present in Tor and how this content is connected to each other in a mapped network that facilitates dark web crimes. Our results so far indicate the most popular websites in the dark web are acting as catalysts for dark web expansion by providing necessary knowledgebase, support and services to build Tor hidden services and onion websites.
Zonouz, S., Davis, C.M., Davis, K.R., Berthier, R., Bobba, R.B., Sanders, W.H..  2014.  SOCCA: A Security-Oriented Cyber-Physical Contingency Analysis in Power Infrastructures. Smart Grid, IEEE Transactions on. 5:3-13.

Contingency analysis is a critical activity in the context of the power infrastructure because it provides a guide for resiliency and enables the grid to continue operating even in the case of failure. In this paper, we augment this concept by introducing SOCCA, a cyber-physical security evaluation technique to plan not only for accidental contingencies but also for malicious compromises. SOCCA presents a new unified formalism to model the cyber-physical system including interconnections among cyber and physical components. The cyber-physical contingency ranking technique employed by SOCCA assesses the potential impacts of events. Contingencies are ranked according to their impact as well as attack complexity. The results are valuable in both cyber and physical domains. From a physical perspective, SOCCA scores power system contingencies based on cyber network configuration, whereas from a cyber perspective, control network vulnerabilities are ranked according to the underlying power system topology.
 

Zonouz, S., Davis, C.M., Davis, K.R., Berthier, R., Bobba, R.B., Sanders, W.H..  2014.  SOCCA: A Security-Oriented Cyber-Physical Contingency Analysis in Power Infrastructures. Smart Grid, IEEE Transactions on. 5:3-13.

Contingency analysis is a critical activity in the context of the power infrastructure because it provides a guide for resiliency and enables the grid to continue operating even in the case of failure. In this paper, we augment this concept by introducing SOCCA, a cyber-physical security evaluation technique to plan not only for accidental contingencies but also for malicious compromises. SOCCA presents a new unified formalism to model the cyber-physical system including interconnections among cyber and physical components. The cyber-physical contingency ranking technique employed by SOCCA assesses the potential impacts of events. Contingencies are ranked according to their impact as well as attack complexity. The results are valuable in both cyber and physical domains. From a physical perspective, SOCCA scores power system contingencies based on cyber network configuration, whereas from a cyber perspective, control network vulnerabilities are ranked according to the underlying power system topology.

Zhuang, Yuan, Pang, Qiaoyue, Wei, Min.  2019.  Secure and Fast Multiple Nodes Join Mechanism for IPv6-Based Industrial Wireless Network. 2019 International Conference on Information Networking (ICOIN). :1–6.
More and more industrial devices are expected to connect to the internet seamlessly. IPv6-based industrial wireless network can solve the address resources limitation problem. It is a challenge about how to ensure the wireless node join security after introducing the IPv6. In this paper, we propose a multiple nodes join mechanism, which includes a timeslot allocation method and secure join process for the IPv6 over IEEE 802.15.4e network. The timeslot allocation method is designed in order to configure communication resources in the join process for the new nodes. The test platform is implemented to verify the feasibility of the mechanism. The result shows that the proposed mechanism can reduce the communication cost for multiple nodes join process and improve the efficiency.
Zhu, Yuting, Lin, Liyong, Su, Rong.  2019.  Supervisor Obfuscation Against Actuator Enablement Attack. 2019 18th European Control Conference (ECC). :1760–1765.
In this paper, we propose and address the problem of supervisor obfuscation against actuator enablement attack, in a common setting where the actuator attacker can eavesdrop the control commands issued by the supervisor. We propose a method to obfuscate an (insecure) supervisor to make it resilient against actuator enablement attack in such a way that the behavior of the original closed-loop system is preserved. An additional feature of the obfuscated supervisor, if it exists, is that it has exactly the minimum number of states among the set of all the resilient and behavior-preserving supervisors. Our approach involves a simple combination of two basic ideas: 1) a formulation of the problem of computing behavior-preserving supervisors as the problem of computing separating finite state automata under controllability and observability constraints, which can be tackled by using SAT solvers, and 2) the use of a recently proposed technique for the verification of attackability in our setting, with a normality assumption imposed on both the actuator attackers and supervisors.
Zhu, Luqi, Wang, Jin, Shi, Lianmin, Zhou, Jingya, Lu, Kejie, Wang, Jianping.  2020.  Secure Coded Matrix Multiplication Against Cooperative Attack in Edge Computing. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :547–556.
In recent years, the computation security of edge computing has been raised as a major concern since the edge devices are often distributed on the edge of the network, less trustworthy than cloud servers and have limited storage/ computation/ communication resources. Recently, coded computing has been proposed to protect the confidentiality of computing data under edge device's independent attack and minimize the total cost (resource consumption) of edge system. In this paper, for the cooperative attack, we design an efficient scheme to ensure the information-theory security (ITS) of user's data and further reduce the total cost of edge system. Specifically, we take matrix multiplication as an example, which is an important module appeared in many application operations. Moreover, we theoretically analyze the necessary and sufficient conditions for the existence of feasible scheme, prove the security and decodeability of the proposed scheme. We also prove the effectiveness of the proposed scheme through considerable simulation experiments. Compared with the existing schemes, the proposed scheme further reduces the total cost of edge system. The experiments also show a trade-off between storage and communication.
Zhu, G., Zeng, Y., Guo, M..  2017.  A Security Analysis Method for Supercomputing Users \#x2019; Behavior. 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). :287–293.

Supercomputers are widely applied in various domains, which have advantage of high processing capability and mass storage. With growing supercomputing users, the system security receives comprehensive attentions, and becomes more and more important. In this paper, according to the characteristics of supercomputing environment, we perform an in-depth analysis of existing security problems in the process of using resources. To solve these problems, we propose a security analysis method and a prototype system for supercomputing users' behavior. The basic idea is to restore the complete users' behavior paths and operation records based on the supercomputing business process and track the use of resources. Finally, the method is evaluated and the results show that the security analysis method of users' behavior can help administrators detect security incidents in time and respond quickly. The final purpose is to optimize and improve the security level of the whole system.

Zhu, Fangzhou, Liu, Liang, Meng, Weizhi, Lv, Ting, Hu, Simin, Ye, Renjun.  2020.  SCAFFISD: A Scalable Framework for Fine-Grained Identification and Security Detection of Wireless Routers. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1194–1199.

The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.

Zhou, Yejun, Qiu, Lede, Yu, Hang, Sun, Chunhui.  2018.  Study on Security Technology of Internet of Things Based on Network Coding. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). :353–357.
Along with the continuous progress of the information technology, Internet of Things is the inevitable way for realizing the fusion of communication and traditional network technology. Network coding, an important breakthrough in the field of communication, has many applied advantages in information network. This article analyses the eavesdropping problem of Internet of Things and presents an information secure network coding scheme against the eavesdropping adversaries. We show that, if the number of links the adversaries can eavesdrop on is less than the max-flow of a network, the proposed coding scheme not only `achieves the prefect information secure condition but also the max-flow of the network.
Zhou, Yaqiu, Ren, Yongmao, Zhou, Xu, Yang, Wanghong, Qin, Yifang.  2019.  A Scientific Data Traffic Scheduling Algorithm Based on Software-Defined Networking. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :62–67.
Compared to ordinary Internet applications, the transfer of scientific data flows often has higher requirements for network performance. The network security devices and systems often affect the efficiency of scientific data transfer. As a new type of network architecture, Software-defined Networking (SDN) decouples the data plane from the control plane. Its programmability allows users to customize the network transfer path and makes the network more intelligent. The Science DMZ model is a private network for scientific data flow transfer, which can improve performance under the premise of ensuring network security. This paper combines SDN with Science DMZ, designs and implements an SDN-based traffic scheduling algorithm considering the load of link. In addition to distinguishing scientific data flow from common data flow, the algorithm further distinguishes the scientific data flows of different applications and performs different traffic scheduling of scientific data for specific link states. Experiments results proved that the algorithm can effectively improve the transmission performance of scientific data flow.
Zhou, Y., Shi, J., Zhang, J., Chi, N..  2018.  Spectral Scrambling for High-security PAM-8 Underwater Visible Light Communication System. 2018 Asia Communications and Photonics Conference (ACP). :1–3.
We propose a spectral scrambling scheme to enhance physical layer security for an underwater VLC system which also simplifies the real-value signal generation procedure. A 1.08-Gb/s PAM-8 encrypted data over 1.2m transmission is experimentally demonstrated.
Zhou, Xiaojun, Lin, Ping, Li, Zhiyong, Wang, Yunpeng, Tan, Wei, Huang, Meng.  2019.  Security of Big Data Based on the Technology of Cloud Computing. 2019 4th International Conference on Mechanical, Control and Computer Engineering (ICMCCE). :703—7033.
To solve the problem of big data security and privacy protection, and expound the concept of cloud computing, big data and the relationship between them, the existing security and privacy protection method characteristic and problems were studied. A reference model is proposed which is based on cloud platform. In this model the physical level, data layer, interface layer and application layer step by step in to implement the system security risk early warning and threat perception, this provides an effective solution for the research of big data security. At the same time, a future research direction that uses the blockchain to solve cloud security and privacy protection is also pointed out.
Zhou, Lu, Liu, Qiao, Wang, Yong, Li, Hui.  2017.  Secure Group Information Exchange Scheme for Vehicular Ad Hoc Networks. Personal Ubiquitous Comput.. 21:903–910.

In this paper, a novel secure information exchange scheme has been proposed for MIMO vehicular ad hoc networks (VANETs) through physical layer approach. In the scheme, a group of On Board Units (OBUs) exchange information with help of one Road Side Unit (RSU). By utilizing the key signal processing technique, i.e., Direction Rotation Alignment technique, the information to be exchanged of the two neighbor OBUs are aligned into a same direction to form summed signal at RSU or external eavesdroppers. With such summed signal, the RSU or the eavesdropper cannot recover the individual information from the OBUs. By regulating the transmission rate for each OBU, the information theoretic security could be achieved. The secrecy sum-rates of the proposed scheme are analyzed following the scheme. Finally, the numerical results are conducted to demonstrate the theoretical analysis.

Zhexiong Wei, Tang, H., Yu, F.R., Maoyu Wang, Mason, P..  2014.  Security Enhancements for Mobile Ad Hoc Networks With Trust Management Using Uncertain Reasoning. Vehicular Technology, IEEE Transactions on. 63:4647-4658.

The distinctive features of mobile ad hoc networks (MANETs), including dynamic topology and open wireless medium, may lead to MANETs suffering from many security vulnerabilities. In this paper, using recent advances in uncertain reasoning that originated from the artificial intelligence community, we propose a unified trust management scheme that enhances the security in MANETs. In the proposed trust management scheme, the trust model has two components: trust from direct observation and trust from indirect observation. With direct observation from an observer node, the trust value is derived using Bayesian inference, which is a type of uncertain reasoning when the full probability model can be defined. On the other hand, with indirect observation, which is also called secondhand information that is obtained from neighbor nodes of the observer node, the trust value is derived using the Dempster-Shafer theory (DST), which is another type of uncertain reasoning when the proposition of interest can be derived by an indirect method. By combining these two components in the trust model, we can obtain more accurate trust values of the observed nodes in MANETs. We then evaluate our scheme under the scenario of MANET routing. Extensive simulation results show the effectiveness of the proposed scheme. Specifically, throughput and packet delivery ratio (PDR) can be improved significantly with slightly increased average end-to-end delay and overhead of messages.

Zhenqi Huang, University of Illinois at Urbana-Champaign, Yu Wang, University of Illinois at Urbana-Champaign.  2015.  SMT-Based Controller Synthesis for Linear Dynamical Systems with Adversary.

We present a controller synthesis algorithm for a discrete time reach-avoid problem in the presence of adversaries. Our model of the adversary captures typical malicious attacks envisioned on cyber-physical systems such as sensor spoofing, controller corruption, and actuator intrusion. After formulating the problem in a general setting, we present a sound and complete algorithm for the case with linear dynamics and an adversary with a budget on the total L2-norm of its actions. The algorithm relies on a result from linear control theory that enables us to decompose and precisely compute the reachable states of the system in terms of a symbolic simulation of the adversary-free dynamics and the total uncertainty induced by the adversary. We provide constraint-based synthesis algorithms for synthesizing open-loop and a closed-loop controllers using SMT solvers.

Prestented at the Joint Trust and Security/Science of Security Seminar, November 3, 2015.

Zhenqi Huang, University of Illinois at Urbana-Champaign, Chuchu Fan, University of Illinois at Urbana-Champaign, Alexandru Mereacre, University of Oxford, Sayan Mitra, University of Illinois at Urbana-Champaign, Marta Kwiatkowska, University of Oxford.  2015.  Simulation-based Verification of Cardiac Pacemakers with Guaranteed Coverage. Special Issue of IEEE Design and Test. 32(5)

Design and testing of pacemaker is challenging because of the need to capture the interaction between the physical processes (e.g. voltage signal in cardiac tissue) and the embedded software (e.g. a pacemaker). At the same time, there is a growing need for design and certification methodologies that can provide quality assurance for the embedded software. We describe recent progress in simulation-based techniques that are capable of ensuring guaranteed coverage. Our methods employ discrep- ancy functions, which impose bounds on system dynamics, and proceed through iteratively constructing over-approximations of the reachable set of states. We are able to prove time bounded safety or produce counterexamples. We illustrate the techniques by analyzing a family of pacemaker designs against time duration requirements and synthesize safe parameter ranges. We conclude by outlining the potential uses of this technology to improve the safety of medical device designs.

Zhenlong Yuan, Cuilan Du, Xiaoxian Chen, Dawei Wang, Yibo Xue.  2014.  SkyTracer: Towards fine-grained identification for Skype traffic via sequence signatures. Computing, Networking and Communications (ICNC), 2014 International Conference on. :1-5.

Skype has been a typical choice for providing VoIP service nowadays and is well-known for its broad range of features, including voice-calls, instant messaging, file transfer and video conferencing, etc. Considering its wide application, from the viewpoint of ISPs, it is essential to identify Skype flows and thus optimize network performance and forecast future needs. However, in general, a host is likely to run multiple network applications simultaneously, which makes it much harder to classify each and every Skype flow from mixed traffic exactly. Especially, current techniques usually focus on host-level identification and do not have the ability to identify Skype traffic at the flow-level. In this paper, we first reveal the unique sequence signatures of Skype UDP flows and then implement a practical online system named SkyTracer for precise Skype traffic identification. To the best of our knowledge, this is the first time to utilize the strong sequence signatures to carry out early identification of Skype traffic. The experimental results show that SkyTracer can achieve very high accuracy at fine-grained level in identifying Skype traffic.

Zheng, Yanan, Wen, Lijie, Wang, Jianmin, Yan, Jun, Ji, Lei.  2017.  Sequence Modeling with Hierarchical Deep Generative Models with Dual Memory. Proceedings of the 2017 ACM on Conference on Information and Knowledge Management. :1369–1378.

Deep Generative Models (DGMs) are able to extract high-level representations from massive unlabeled data and are explainable from a probabilistic perspective. Such characteristics favor sequence modeling tasks. However, it still remains a huge challenge to model sequences with DGMs. Unlike real-valued data that can be directly fed into models, sequence data consist of discrete elements and require being transformed into certain representations first. This leads to the following two challenges. First, high-level features are sensitive to small variations of inputs as well as the way of representing data. Second, the models are more likely to lose long-term information during multiple transformations. In this paper, we propose a Hierarchical Deep Generative Model With Dual Memory to address the two challenges. Furthermore, we provide a method to efficiently perform inference and learning on the model. The proposed model extends basic DGMs with an improved hierarchically organized multi-layer architecture. Besides, our model incorporates memories along dual directions, respectively denoted as broad memory and deep memory. The model is trained end-to-end by optimizing a variational lower bound on data log-likelihood using the improved stochastic variational method. We perform experiments on several tasks with various datasets and obtain excellent results. The results of language modeling show our method significantly outperforms state-of-the-art results in terms of generative performance. Extended experiments including document modeling and sentiment analysis, prove the high-effectiveness of dual memory mechanism and latent representations. Text random generation provides a straightforward perception for advantages of our model.

Zheng, Tian, Hong, Qiao, Xi, Li, Yizheng, Sun, Jie, Deng.  2020.  A Security Defense Model for SCADA System Based on Game Theory. 2020 12th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). :253—258.

With the increase of the information level of SCADA system in recent years, the attacks against SCADA system are also increasing. Therefore, more and more scholars are beginning to study the safety of SCADA systems. Game theory is a balanced decision involving the main body of all parties. In recent years, domestic and foreign scholars have applied game theory to SCADA systems to achieve active defense. However, their research often focuses on the entire SCADA system, and the game theory is solved for the entire SCADA system, which is not flexible enough, and the calculation cost is also high. In this paper, a dynamic local game model (DLGM) for power SCADA system is proposed. This model first obtains normal data to form a whitelist, then dynamically detects each attack of the attacker's SCADA system, and through white list to determine the node location of the SCADA system attacked by the attacker, then obtains the smallest system attacked by SCADA system, and finally performs a local dynamic game algorithm to find the best defense path. Experiments show that DLGM model can find the best defense path more effectively than other game strategies.

Zheng, Shengbao, Zhou, Zhenyu, Tang, Heyi, Yang, Xiaowei.  2019.  SwitchMan: An Easy-to-Use Approach to Secure User Input and Output. 2019 IEEE Security and Privacy Workshops (SPW). :105—113.

Modern operating systems for personal computers (including Linux, MAC, and Windows) provide user-level APIs for an application to access the I/O paths of another application. This design facilitates information sharing between applications, enabling applications such as screenshots. However, it also enables user-level malware to log a user's keystrokes or scrape a user's screen output. In this work, we explore a design called SwitchMan to protect a user's I/O paths against user-level malware attacks. SwitchMan assigns each user with two accounts: a regular one for normal operations and a protected one for inputting and outputting sensitive data. Each user account runs under a separate virtual terminal. Malware running under a user's regular account cannot access sensitive input/output under a user's protected account. At the heart of SwitchMan lies a secure protocol that enables automatic account switching when an application requires sensitive input/output from a user. Our performance evaluation shows that SwitchMan adds acceptable performance overhead. Our security and usability analysis suggests that SwitchMan achieves a better tradeoff between security and usability than existing solutions.

Zheng, Junjun, Okamura, Hiroyuki, Dohi, Tadashi.  2019.  Security Evaluation of a VM-Based Intrusion-Tolerant System with Pull-Type Patch Management. 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE). :156–163.

Computer security has gained more and more attention in a public over the last years, since computer systems are suffering from significant and increasing security threats that cause security breaches by exploiting software vulnerabilities. The most efficient way to ensure the system security is to patch the vulnerable system before a malicious attack occurs. Besides the commonly-used push-type patch management, the pull-type patch management is also adopted. The main issues in the pull-type patch management are two-fold; when to check the vulnerability information and when to apply a patch? This paper considers the security patch management for a virtual machine (VM) based intrusion tolerant system (ITS), where the system undergoes the patch management with a periodic vulnerability checking strategy, and evaluates the system security from the availability aspect. A composite stochastic reward net (SRN) model is applied to capture the attack behavior of adversary and the defense behaviors of system. Two availability measures; interval availability and point-wise availability are formulated to quantify the system security via phase expansion. The proposed approach and metrics not only enable us to quantitatively assess the system security, but also provide insights on the patch management. In numerical experiments, we evaluate effects of the intrusion rate and the number of vulnerability checking on the system security.

Zheng, J.X., Dongfang Li, Potkonjak, M..  2014.  A secure and unclonable embedded system using instruction-level PUF authentication. Field Programmable Logic and Applications (FPL), 2014 24th International Conference on. :1-4.

In this paper we present a secure and unclonable embedded system design that can target either an FPGA or an ASIC technology. The premise of the security is that the executed machine code and the executing environment (the embedded processor) will authenticate each other at a per-instruction basis using Physical Unclonable Functions (PUFs) that are built into the processor. The PUFs ensure that the execution of the binary code may only proceed if the binary is compiled with the correct intrinsic knowledge of the PUFs, and that such intrinsic knowledge is virtually unique to each processor and therefore unclonable. We will explain how to implement and integrate the PUFs into the processor's execution environment such that each instruction is authenticated and de-obfuscated on-demand and how to transform an ordinary binary executable into PUF-aware, obfuscated binaries. We will also present a prototype system on a Xilinx Spartan6-based FPGA board.

Zheng-gang, He, Jing-ni, Guo.  2019.  Security Risk Assessment of Multimodal Transport Network Based on WBS-RBS and PFWA Operator. 2019 4th International Conference on Intelligent Transportation Engineering (ICITE). :203–206.
In order to effectively assess the security risks in multimodal transport networks, a security risk assessment method based on WBS-RBS and Pythagorean Fuzzy Weighted Average (PFWA) operator is proposed. The risk matrix 0-1 assignment of WBS-RBS is replaced by the Pythagorean Fuzzy Number (PFLN) scored by experts. The security risk ranking values of multimodal transport network are calculated from two processes of whole-stage and phased, respectively, and the security risk assessment results are obtained. Finally, an example of railway-highway-waterway intermodal transportation process of automobile parts is given to verify the validity of the method, the results show that the railway transportation is more stable than the waterway transportation, and the highway transportation has the greatest security risk, and for different security risk factors, personnel risk has the greatest impact. The risk of goods will change with the change of the attributes of goods, and the security risk of storage facilities is the smallest.
Zhe, D., Qinghong, W., Naizheng, S., Yuhan, Z..  2017.  Study on Data Security Policy Based on Cloud Storage. 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids). :145–149.

Along with the growing popularisation of Cloud Computing. Cloud storage technology has been paid more and more attention as an emerging network storage technology which is extended and developed by cloud computing concepts. Cloud computing environment depends on user services such as high-speed storage and retrieval provided by cloud computing system. Meanwhile, data security is an important problem to solve urgently for cloud storage technology. In recent years, There are more and more malicious attacks on cloud storage systems, and cloud storage system of data leaking also frequently occurred. Cloud storage security concerns the user's data security. The purpose of this paper is to achieve data security of cloud storage and to formulate corresponding cloud storage security policy. Those were combined with the results of existing academic research by analyzing the security risks of user data in cloud storage and approach a subject of the relevant security technology, which based on the structural characteristics of cloud storage system.