Security, trust, and resilience of distributed networks and systems

Abstract

The rapid growth of distributed and networking technologies has made our information system more vulnerable to attack threats, malicious behaviors, and unpredictable failures. As the emergence of botnets and advanced persistent threat attacks, the traditional defense technology cannot cope well with the new large-scale and obfuscated malwares. In distributed and virtualized environments, the trust risk of applications has been increased considerably, which made it vital to propose new trust access control technologies. In addition, the complicated system usually comprises a large number of components that are susceptible to unpredictable failures. We need new designs of resilient infrastructure and dependable services. The papers in this special issue focus on the security, trust, and resilience management for distributed and networking computing paradigms, such as wireless sensor network, P2P network, ad hoc networks, virtualized network, and software-defined network. The contributions of these papers are outlined next. To locate the real source of the Internet attacks, existing work is easy to be evaded by attackers and difficult to justify the stepping stones. Sheng Wen et al. introduce the consistent causality probability to detect the stepping stones. They formulate the ranges of abnormal causality probabilities according to the different network conditions and further implement self-adaptive methods to capture stepping stones. To extract signatures for malwares, most existing string-based signatures extracting methods have the problem of inaccuracy and time consuming. Sun Hao et al. present a system for automatically extracting signatures from large-scale malwares, named AutoMal. The system can extract both byte signatures and hashed signatures from the malware network flows with high accuracy. Multi-interface multi-channel can reduce the channel interference and improve the network capacity for multi-hop wireless ad hoc networks. Tong Zhao et al. design a dynamic channel assignment algorithm that can dynamically switch the channels to the less busy ones by monitoring the channel usages. Moreover, the algorithm is designed in a fully distributed way with low overhead For the task allocation in wireless sensor networks (WSNs), traditional solutions for high-performance computing cannot be directly used in WSNs because of limitations of resource availability and shared communication medium. Wenzhong Guo et al. design a discrete particle swarm optimization to generate a structure of the parallel coalitions, and then introduce the game theory and redesigned fitness function to find the Nash equilibrium point for the purpose of improving the effectiveness of scheduling and the reliability of the network. Clustering approach has been considered one of the most effective measures for wireless sensor networks. Xiao-Hui Kuang et al. propose a novel energy-efficient clustering approach based on convergence degree chain, which is named ECACD. ECACD can improve the stability of topology, reduce the energy consumption, and decrease the communication cost. The distributed hash table (DHT) technology is widely used, which needs to take into account the real-time response and dynamic network maintenance for distributed communication systems. Kai Shuang et al. propose a hierarchical DHT lookup service named Comb, which is organized as a two-layered architecture; workload is distributed evenly among nodes, and most queries can be routed in no more than two hops. Few access control models have been proposed for security issues of multi-domain and virtualized network management. Yang Luo et al. enhance the classic role-based access control model through two concepts: domain and virtual machine. They define the virtualized role based access control (VRBAC) model in which authorized users can migrate or copy virtual machines from one domain to another without causing a conflict. In software-defined networks, network operating systems (NOSes) are required to share or exchange reachability and topological information. Pingping Lin et al. proposes a west–east bridge mechanism for distributed heterogeneous NOSes to cooperate in enterprise/data center/intra-autonomous system networks. Monitoring Border Gateway Protocol (BGP) is an effective way to improve the security of inter-domain routing. Ning Hu et al. present a cooperative BGP monitoring method called the cooperative information sharing model (CoISM). CoISM can provide a more comprehensive information view by introducing information diffuse reflection based on initiative inquiry and making use of the relativity of monitoring information. Securing mobile devices such as smart phones is inherently difficult. René Mayrhofer et al. review recent research results, systematically analyze the technical issues of securing mobile device platforms against different threats, and suggest potential approaches to create human-verifiable secure communication with components or services within partially untrusted devices. We would like to thank the editor-in-chief, Professor Hsiao-Hwa Chen, and co-editor-in-chief, Professor Hamid R. Sharif, for providing us the opportunity to host this special issue. We thank Prof. Guojun Wang for his great help in the organization of the special issue. We also thank all the authors who contributed their papers. Last but not least, we appreciate the work of many reviewers for this special issue.