移动边缘计算中安全信息流建模与分析  被引量：4

作　　者：谢娜 谭文安[1,2] 曹彦 赵璐[1] XIE Na;TAN Wenan;CAO Yan;ZHAO Lu(School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China;School of Computer and Information Engineering,Shanghai Polytechnic University,Shanghai 201209,China;College of Information Engineering,Xuchang University,Xuchang,Henan 461000,China)

机构地区：[1]南京航空航天大学计算机科学与技术学院,南京211106 [2]上海第二工业大学计算机与信息工程学院,上海201209 [3]许昌学院信息工程学院,河南许昌461000

出　　处：《计算机工程》2022年第5期35-42,52,共9页Computer Engineering

基　　金：国家自然科学基金(61672022,U1904186);河南省科技公关项目(222102210048);河南省高等学校重点科研项目(22A520040)。

摘　　要：在移动边缘计算中,移动终端身份存在复杂性和动态性,对于高安全领域的任务卸载,需要对被卸载的任务进行实时跟踪,及时发现滥用行为才能保证任务卸载的安全性。然而,现有方法多基于信任评估机制选择高信任度节点进行卸载,并没有关注该节点自身发起的内部攻击问题。提出一种支持安全性分析的任务卸载方法。设计包含安全性分析的任务卸载流程,构建面向移动边缘计算的多级安全信息流模型,用于约束服务卸载、数据卸载和服务执行过程。在此基础上,基于偶图对任务卸载过程进行建模,构造标注迁移边的标号变迁系统,并利用模型检测技术验证是否满足相应的安全需求。案例分析和性能评估结果表明,该方法能够在秒级时间内预测任务卸载中的恶意行为,具有较好的可行性和有效性。In Mobile Edge Computing(MEC),the identity of mobile terminal is complex and dynamic.For task unloading in high security field,it is necessary to track the unloaded tasks in real time and find abuse in time to ensure the security of task unloading.However,most existing works focus on the trust evaluation method to select the high-trust node for offloading tasks and fail to pay attention to the problem of the node in launching internal attacks.Therefore,this study proposes a task offloading method that supports security analysis to solve this problem.A task offloading flow path supporting security analysis is presented,and a multilevel security information flow model for MEC is proposed to constrain service offloading,data offloading and service execution.Based on the formal method bigraph,the task offloading process is modeled as a labeled transition system which marks transfer edge.The satisfaction of the security requirements is verified using model-checking technology.The proposed method predicts malicious behavior during task unloading in seconds,and it has good feasibility and effectiveness.

关 键 词：移动边缘计算 任务卸载 安全信息流模型 偶图 模型检测 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]