Abstract Location-Based Services Technical and Business Issues

doi:10.3969/j.issn.1003-3114.2023.02.019引用格式:马龙,薛晨蕾,张乐.民航旅客隐私数据动态分级脱敏处理方法[J].无线电通信技术,2023,49(2):338-344.[MA Long,XUE Chenlei,ZHANG Le.Dynamic Hierarchical Desensitization Method of Civil Aviation Passenger Privacy Data [J].Radio Communications Technology,2023,49(2):338-344.]民航旅客隐私数据动态分级脱敏处理方法马㊀龙,薛晨蕾,张㊀乐(西安航空学院民航学院,陕西西安710077)摘㊀要:针对民航旅客个人隐私数据使用前脱敏时间长与复现应用差的问题,首先,根据网络信息安全技术,剖析了民航旅客隐私数据脱敏情景和动态角色分级控制问题,分别构建了动态角色分级控制模型和新型保留格式的隐私数据加密模型,实现了民航旅客隐私数据访问控制与加密处理的抽象化;其次,利用混合格式加密方法,提出了民航旅客隐私数据动态分级脱敏处理算法,解决了动态角色访问控制的分级脱敏处理问题;最后,通过10000条民航旅客的隐私数据验证了民航旅客隐私数据动态分级脱敏处理算法的性能,并将基本保留格式加密方法㊁混合格式加密方法和动态角色分级加密方法进行比较㊂结果表明,利用逆推变形关联剔除方法产生的重复率约为17%,这易于推导出原始敏感数据,而利用混合格式加密方法的重复率为20%,说明在逆推变形关联剔除方法的基础上进一步加密处理后的脱敏效果较好,强化了旅客隐私数据的深度保密性,且处理旅客敏感数据的时间较少,该算法具有较高的安全性和可靠性㊂关键词:民航旅客;隐私数据;分级控制;动态脱敏中图分类号:TN92㊀㊀㊀文献标志码:A㊀㊀㊀开放科学(资源服务)标识码(OSID):文章编号:1003-3114(2023)02-0338-07收稿日期:2022-12-30基金项目:陕西省科技厅软科学计划项目(2021KRM154);陕西省教育科学 十四五 规划项目(SGH21Y0251);西安航空学院校级自然科学专项基金(205012016);西安航空学院校级高等教育研究项目(2021GJ1006)Foundation Item :Soft Science Research Project of Science and Technology Department of Shaanxi Province (2021KRM154);Shaanxi Education ScienceFourteenth Five Year Plan Project (SGH21Y0251);Natural Science Special Fund Project of Xi an Aeronautics Institute (205012016);Higher Educa-tion Research Project of Xi an Aeronautics Institute (2021GJ1006)Dynamic Hierarchical Desensitization Method of Civil AviationPassenger Privacy DataMA Long,XUE Chenlei,ZHANG Le(School of Civil Aviation,Xi a n Aeronautical Institute,Xi a n 710077,China)Abstract :The problem of was caused by long desensitization time before used and poor reproduction of civil aviation passenger s personal privacy data.A solution was proposed.Firstly,the desensitization scenario of civil aviation passenger privacy data and the dynamic role hierarchical control problems were analyzed,depending on network information security technology.A dynamic role hierar-chical control model and the new reserved format privacy data encryption model was constructed respectively,for realizing the abstrac-tion of civil aviation passenger privacy data access control and encryption processing.Secondly,a dynamic hierarchical desensitization algorithm for civil aviation passenger privacy data was proposed using a hybrid format encryption method.And the hierarchical desensi-tization problem of dynamic role access control was solved.Finally,the performance of the dynamic hierarchical desensitization algorithm for civil aviation passenger privacy data was verified by privacy data of 10000civil aviation passengers.The basic reserved format en-cryption method,the mixed format encryption method and the dynamic role hierarchical encryption method were compared.Results showed that the repetition rate generated by the inverse deformation association elimination method was about 17%,the original sensitive data was still derived.The repetition rate of the mixed format encryption method was about 20%,which showed that the desensitization effect after further encryption processing based on the inverse deformation association elimination method was better.Also the depth con-fidentiality of passenger privacy data was strengthened,and the time to process passenger sensitive data was less.The algorithm has high security and reliability.Keywords :civil aviation passenger;privacy data;hierarchical control;dynamic desensitization0㊀引言民航旅客隐私数据是为旅客订座业务和货运业务需求提供的重要数据源,这些数据在企业应用系统之间频繁传输,由此会造成旅客隐私泄漏问题,势必使隐私敏感数据脱敏处理成为关键技术㊂目前,关于隐私数据脱敏处理方法的研究较多,例如,学者顾兆军等主要以敏感字段消除和关联处理为主,提出保留格式加密的数据关联模型,解决数据泄漏风险和实用问题[1];丁建立针对企业内部人员恶意或无意泄漏旅客隐私信息的问题,利用泛化加密方法,保障旅客信息安全[2];寇蒋恒在分析了民航信息系统数据库中的关键数据上,对敏感字段进行脱敏处理[3];然而这些研究成果无法反映企业人员角色动态变化要求和旅客隐私数据应用意图的辨识,由此众多研究成果以访问控制作为有效方法来解决隐私数据保护[4-8],但这些研究措施会使隐私数据共享应用和按需访问不足的问题㊂因此,如何将企业人员角色访问控制分级处理方法与混合格式加密方法进行协同应用,设计敏感数据脱敏情景下的隐私数据处理的深度研究成果较少㊂基于此,通过提出符合企业环境动态变化和旅客隐私数据使用意图辨识的加密处理方法,为解决民航旅客隐私数据供需双方透明化使用和高效处理敏感数据脱敏提供实用的参考和推广作用㊂1㊀提出问题1.1㊀脱敏数据的情景民航旅客个人隐私敏感数据构成结构复杂,且个人隐私信息在订座和货运等多种业务系统中频繁传输和复现应用,这样不可避免会出现旅客隐私数据的传输泄漏和复现使用困难问题,造成旅客隐私数据脱敏处理环境发生着显著变化,隐私数据脱敏方法和脱敏效果不理想㊂通常,民航旅客的隐私信息属性因业务需求而发生着不同的变化,但主要包括姓名㊁身份证号码㊁电话号码㊁订座信息和航班舱位信息等,特别是参考‘信息安全技术个人信息安全规范“GB/T35273-2020[9],个人隐私数据主要以相对敏感和不敏感的数据构成,其中,敏感的数据主要包括了旅客的姓名信息㊁身份证号码信息㊁电话号码㊁支付信息等,并将这些旅客隐私敏感数据作为脱敏处理的原始数据,其他信息按照特性差异的不同规则进行分级处理,如表1所示㊂根据表1的产生规则可以看出,不同类型的隐私数据的处理规则是不同的,这些隐私数据会衍生出其他隐私数据的子属性,由此必须采用不同的保留格式加密算法,见表2所示㊂表1㊀隐私敏感数据的产生规则Tab.1㊀Generated rule of privacy sensitive data敏感属性名称含义产生规则数据类型Passenger Name姓名姓+名Varchar(30) Passenger ID身份证号地址码(6)+出生日期(8)+顺序码(3)+校验码(1)Varchar(18) Telephone number电话号码网络识别号(3)+地区编号(4)+用户号码(4)Varchar(11) Payment method支付方式网银/微信/支付宝+账号+密码Varchar(19) Frequent Traveler Card No.常旅客卡号2位字母+9/12位数字Varchar(14) Ticket No.客票号3位机场代码+10位票号Varchar(13) Flight Number航班号航空公司两字代码+4位数字Varchar(30)表2㊀隐私敏感数据的子属性脱敏算法Tab.2㊀Sub-attribute desensitization algorithm for private sensitive data属性脱敏处理子属性相关脱敏算法姓名全部脱敏FF3身份证号出生日期字段的第11~14位IFX电话号码地区编号子属性FF1支付方式银行卡账号的第7~15位FF1航班号全部脱敏FF3出发机场全部脱敏FF3到达机场全部脱敏FF31.2㊀动态访问控制问题传统民航企业对旅客的隐私敏感数据的访问控制存在泛化制约问题,导致旅客的敏感数据访问受限或使用困难,主要表现为三方面:①未考虑业务人员的权限变化与业务需求数据的实时匹配问题,导致旅客隐私敏感数据的访问受限和应用难度增加;②未考虑旅客隐私数据分级分类访问控制方法,导致隐私敏感数据访问控制僵化处理;③未考虑隐私敏感数据提供者的授权选择,导致旅客无法确定个人隐私敏感数据的真实用途㊂2㊀民航旅客隐私数据的脱敏模型2.1㊀多重角色访问控制模型2.1.1分级访问控制模型理论为了从动态环境变化角度对民航旅客隐私敏感数据进行按需访问和变更权限问题,文献[10]研究了基于时间特性的角色访问控制模型,解决了网络用户的动态访问管理问题㊂由此,根据访问角色的分级控制策略,文中以企业业务人员访问权限动态变化来制定的隐私保护策略为主,利用授权控制服务器控制访问角色的权限等级和需求数据保护级别,按照访问请求者的权限等级给予隐私敏感数据量的控制㊂隐私数据授权访问控制,如图1所示㊂图1㊀隐私数据交互式访问模型Fig.1㊀Interactive access model for private data2.1.2访问角色动态分级处理模型根据访问控制交互控制过程,提出民航旅客隐私敏感数据访问角色动态分级处理模型,完成旅客隐私数据访问请求㊁访问角色识别㊁访问控制策略实施和访问信息授权决策应用的全过程交互式实施管理㊂如图2所示㊂图2㊀民航旅客隐私数据访问角色动态分级处理模型Fig.2㊀Dynamic hierarchical processed control model of privacy data for civil aviation passenger for access role㊀㊀①服务器端:民航旅客隐私数据处理服务器端是由授权㊁访问控制和数据库系统构成㊂按照授权等级分类访问常规信息数据库和隐私信息数据库,并根据业务人员环境变化动态变更访问级别,并向旅客端发起二次访问请求㊂②旅客端:民航旅客隐私数据主要源于旅客个人信息,而这些信息包含了常规信息和隐私信息,该端口主要为旅客提供友好的界面,便于旅客有选择地提供个人信息,同时,利用企业人员访问级别控制策略,通过服务器端向旅客发起二次访问请求,向旅客个人信息访问提供接口变换,动态访问不同需求条件下的旅客隐私数据㊂2.2㊀民航旅客隐私数据逆推变形关联剔除加密模型㊀㊀为了在民航企业旅客服务系统中能够正常应用旅客的隐私敏感数据,提出了民航旅客隐私数据逆推变形关联剔除加密模型,如图3所示㊂该模型在旅客隐私数据明文中增加关联属性剔除模块,对原始数据进行编码处理,形成整数型编码,对整数编码进行保留格式加密后,经过逆推变形处理后,解码处理形成旅客隐私数据的密文格式,建立旅客隐私数据的明文数据与加密数据的一对一关系,利用密钥复现原始属性信息,便于航空公司业务系统使用旅客隐私数据开展订座㊁值机和货运等销售业务㊂关于模型中涉及的基本理论可参考文献[1-2,11]㊂图3㊀逆推变形关联剔除加密模型Fig.3㊀Encryption model of inverse deformationassociation rejection根据图3的加密模型原理,主要是将民航旅客原始隐私数据中可能关联推断出隐私数据的关键属性进行剔除和遮掩操作,形成一种模糊的整数编码字符串,例如,一位民航旅客的身份证号码为passengerID ,经过逆推变形关联剔除加密后的身份证号码passengerIDᶄ,则参考表1定义的规则为r ,r :passengerID ɪ610118∗∗∗∗∗∗∗∗210∗,610118∗∗∗∗∗∗∗∗2102éëêêùûúú⇒passengerIDᶄ=610118∗∗∗∗∗∗∗∗2102㊂可以发现逆推变形关联剔除加密后的旅客身份证号码的中间部分完全模糊,无法真正辨识该身份证号码的全部内容,进而保护了民航旅客的重要隐私数据,而且通过该身份证号码的首尾部分数据,利用密钥可以快速复现身份证号码的原始信息,实现旅客隐私数据的实用性和高保真度㊂综合考虑表1的隐私敏感数据的产生规则,对旅客隐私数据的不同属性的加密过程如下[11]:①旅客姓名属性:旅客姓名是最为明显的信息,且会存在重名现象,在旅客服务系统中应用意义较小,需求全部脱敏处理;②身份证号码:对身份证号码中的前6位地区码保留,中间8位信息全部脱敏处理,后面3位顺序码全脱敏处理,最后1位校验码是从8~17位码推算处理;③旅客电话号码:对前3位电话运营商的网络识别号全部进行保留处理,对中间4~11位的各个地区号和用户个人编号进行保留格式加密处理;④支付方式:对前6位的支付方式进行保留处理,对7~11位的银行卡账号进行全脱敏处理,并推算出最后1位的校验位;⑤航班号:对前2位由航空公司二字代码构成的编码保留处理,对中间2位构成的各地区管理局编码和航班终点站管理局编码实施全保留处理,利用逆推变形关联法,可以推导计算出最后1位的去回程编码,并可得知航班的出发和到达机场位置㊂3㊀民航旅客隐私数据的脱敏算法根据第2节民航旅客隐私数据的脱敏分级处理理论和逆推变形关联剔除加密模型以及不同属性的加密过程,选取符合民航旅客个人隐私信息的脱敏算法,于是根据Dworkin 在2016年提出的具有代表性的单一保留格式加密(Format Preserving Encryp-tion,FPE)算法[12],即FF1和FF3,与Long 在2019年提出了混合格式的加密模型[13],这3种算法均使用了Feistel 网络结构[14],为此,考虑到FPE 和IPX 算法原理的相似性,提出适合单一格式和变长格式的混合保留格式加密算法,具体步骤如下[11]:步骤1㊀参数初始化[11],确定待加密隐私数据中全部属性X 的长度n ;给定变长属性信息的调整因子T ,定义轮值函数F K (n ,T ,i ,B )㊂步骤2㊀隐私数据中的部分属性加密[11];通过编码映射和关联剔除关系,将待加密的旅客隐私属性信息X 的转换到整数域中对应的数字m 1,获得逆推变形的Xᶄ,计算整数保留格式数据Y =⌊Xᶄ/2」,将Xᶄ分为左右两部分元组,计算L =Xᶄ[1,2, ,Y ]和R =Xᶄ[Y +1,Y +2, ,n ],将L 和R 作为Feistel 网络的输入值,经过20轮的计算,逆推变形后的Lᶄ和Rᶄ,获得旅客隐私信息密文Z =Lᶄ Rᶄ㊂步骤3㊀旅客隐私属性信息解密[11];根据输入的密文Z ,获得旅客隐私信息的明文结果㊂4㊀实验计算与结果分析4.1㊀实验环境为了验证在民航旅客隐私数据脱敏情景下的角色分级控制模型和混合格式隐私数据加密方法,必备的实验环境为[11]:Windows10企业版操纵系统,处理为Inter (R )Core (TM )i7-3520M CPU @2.90GHz,内存32GB㊂软件环境为:仿真软件为Matlab2018Ra,数据库系统为SQLite,使用classpath.txt 文件,实现Matlab 软件与数据库接口的连接㊂4.2㊀数据来源为了验证民航旅客隐私数据脱敏方法的处理效果,同时,综合考虑角色分级控制策略的影响,以旅客姓名㊁身份证号码㊁电话号码㊁支付方式㊁航班号等10000条实验数据,并涵盖了民航企业旅客服务系统所需的5种敏感属性数据,经过加密处理结果如表3所示㊂表3㊀民航旅客信息数据(以#号隐去部分数据)Tab.3㊀Information data of civil aviation passenger(part of data is hidden with#)序号姓名身份证号电话号码支付方式常旅客卡号航班号1罗##4206011948########138######85622577#########1689CA27#######49CZ5221 2曲##5126531931########186######52622188#########7090CA27#######20ZH2487 3王##5120651931########139######69622188#########5200CA33#######34FZ5208 4李##5223211948########138######25622126#########1883CA33#######23FM9620︙︙︙︙︙︙︙10000程##5201021942########131######79622577#########1883CA27#######81CZ56054.3㊀仿真应用结果分析4.3.1仿真结果分析1)单一格式保留加密处理结果利用数据库系统中的SQLite技术,运用结构化查询语言,对表5的基本数据进行查询,采用的基本查询语句是:Select旅客姓名㊁身份证号码㊁电话号码㊁支付方式㊁航班号from表3,运用逆推变形关联剔除加密算法对民航旅客隐私数据进行加密,结果如表4所示㊂表4㊀基本保留格式加密处理结果Tab.4㊀Encryption processing results of basic reserved format序号姓名身份证号电话号码支付方式常旅客卡号航班号1龒蹏敳420601194802287195138****91856225770921348421689CA273510856949CZ0996 2綦絲窳512653193106095323186****12526221885624678337090CA277688340220ZH3806 3甕辭篳512065193106497202139****30696221888755649635200CA335725659834FZ6731 4纞蝡螷522321194802179201138****89256221266532768551883CA337045328823FM4438︙︙︙︙︙︙︙10000膥戅5201021942052365817131****43796225770921664501883CA277815448681CZ7407㊀㊀由表4的处理结果可知,利用Dworkin提出的FF1和FF3单一格式加密算法,虽然对民航旅客隐私敏感数据处理后依旧保留原始数据中关键的信息,但是身份证号码中1~4位的出生年月还是完全相同,这是因为利用保留格式加密算法处理的旅客隐私数据明文与密文存在一对一联系,访问者获得旅客身份证号码后,在网络传输过程中攻击者可以逆推出完整的旅客隐私数据㊂2)混合格式加密处理结果为了弥补单一格式加密处理后的数据泄露问题,对旅客隐私数据进行分级加密处理,如表5所示㊂表5㊀出生年月元组脱敏处理结果Tab.5㊀Results of desensitization for tuple of birth序号身份证号基本保留格式加密数据逆推变形关联剔除数据混合格式加密数据14206011948########4206011948022871954206011849####519742060118490228####25126531931########5126531931060953235126531319####353251265313190609#### 35120651931########5120651931064972025120651139####702751206511390649#### 45223211948########5223211948021792015223211849####190252232118490217####︙︙︙︙︙100005201021942########52010219420523658175201021249####718552010212490523####㊀㊀从表5中1~4条的处理结果可以看出,旅客隐私数据中出生年份为 1948 和 1931 ,经过逆推变形后转变为 1849 和 1139 ,但是利用变长格式加密后,身份证号码最后4位成为密文信息,避免逆推后无法复现原始数据泄露的风险,提高了旅客隐私明文数据的保护效果㊂4.3.2隐私数据脱敏重复率效果分析为了客观判断逆推变形关联剔除加密模型和变长格式的混合保留格式加密算法的量化应用效果,以 1931 年为例,分别从1000㊁3000㊁5000和10000条元组中,选取身份证号码中的7~19位属性[11],利用文献[4]中计算脱敏重复率方法,比较了3种隐私数据脱敏方法的应用效果,如图4所示㊂图4㊀民航旅客敏感属性脱敏重复率效果Fig.4㊀Effect of desensitization repetition rate of sensitiveattributes of civil aviation passengers从图4的收敛曲线可知,使用3种加密方法分别对出生年份 1931 的重复率进行量化处理后,第1种方法加密后的重复率较低,无法很好地建立旅客隐私明文数据与密文数据的逻辑关系,而利用后2种方法加密后的重复率较高,保证利用密钥可以解密出隐私明文数据的真实内容,增强了隐私数据的复现应用效果㊂图5㊀民航旅客敏感数据处理时间比较Fig.5㊀Comparison of sensitive data processing time ofcivil aviation passengers从图5的收敛曲线可以发现,民航企业业务人员访问旅客隐私敏感数据量的增加与3种加密方法处理后的时间增加同时出现显著的递增关系,这是因为采用角色访问控制分级处理方法和混合格式加密算法后,业务需求访问请求和服务器处理时间都在增加,且隐私数据格式加密和解密处理时间增加,说明提出的分级访问控制和脱敏处理方法有着明显的实用价值㊂5　结束语民航旅客隐私数据的使用需要综合考虑应用需求㊁访问权限和复现重用的要求,经过角色访问控制分级处理方法和混合格式加密算法的系统性分析,并使用大量的实验数据进行仿真验证,为民航企业服务之需的旅客隐私数据脱敏处理提供理论方法和实用技术,但该方法还是会随着隐私数据访问量的增加而呈现明显的线性增长趋势,且隐私数据复现后的语义会发生变化,为了进一步解决上述方法的不足,还需要从多重语义分析和规则密钥方面展开深入研究,为民航企业应用系统的研发提供理论方向㊂参考文献[1]㊀顾兆军,蔡畅,王明.基于改进保留格式加密的民航旅客数据脱敏方法[J].信息网络安全,2021,21(5):39-47.[2]㊀丁建立,陈盼.基于泛化FPE 加密的民航旅客信息动态脱敏方法研究[J].信息网络安全,2021,21(2):45-52.[3]㊀寇蒋恒,何明星,陈爱良,等.民用机场航班信息系统数据脱敏[J].西华大学学报(自然科学版),2019,38(6):49-56.[4]㊀徐菲,何泾沙,徐晶,等.保护用户隐私的访问控制模型[J].北京工业大学学报,2012,38(3):406-409.[5]㊀ALLEN A L.Allen s Privacy Law and Society [M ].Eagan:Thomson West Publishers,2007.[6]㊀WILLIAMS M D.Privacy Management,the Law and Glo-bal Business Strategies:A Case for Privacy Driven Design[C]ʊProceedings of 2009International Conference onComputational Science and Engineerin,AI Magazine CSE2009.Vancouver:IEEE Computer Society Press,2009:60-67.[7]㊀霍成义.面向数据提供者的隐私保护访问控制模型[J].无线电工程,2014,44(2):5-8.[8]㊀HUNG P C K.Towards a Privacy Access Control Modelfor e-Healthcare Services[C]ʊThird Annual Conferenceon Privacy,Security and Trust.New Brunswick:DBLP,2005:12-14.[9]㊀全国信息安全标准化技术委员会.信息安全技术个人信息安全规范:GB/T35273-202[S].北京:中国标准出版社,2020.[10]黄建,卿斯汉,温红子.带时间特性的角色访问控制[J].软件学报,2003(11):1944-1954. [11]马龙,张兴,薛晨蕾,等.民航旅客隐私数据自适应分级控制与动态脱敏方法[J].中国科技信息,2023(2):117-121.[12]DWORKIN M.NIST Special Publication800-38G,Rec-ommendation for Block Cipher Modes of Operation:Meth-ods for Format-Preserving Encryption[EB/OL].[2022-12-20].http:ʊ/10.6028/NIST.SP.800-38G. [13]LONG C F,XIAO H.Construction of Big Data Hyper-chaotic Mixed Encryption Model for Mobile Network Pri-vacy[C]ʊ2019International Conference on VirtualReality and Intelligent Systems(ICVRIS).Jishou:IEEE,2019:90-93.[14]刘哲理,贾春福,李经纬.保留格式加密模型研究[J].通信学报,2011,32(6):184-190.作者简介:㊀㊀马㊀龙㊀西安航空学院副教授㊂主要研究方向:隐私信息安全㊁网络信息安全㊁航空应急救援物资优化管理等㊂㊀㊀薛晨蕾㊀西安航空学院讲师㊂主要研究方向:隐私信息安全㊁网络信息安全㊁交通运输规划管理等㊂㊀㊀张㊀乐㊀西安航空学院讲师㊂主要研究方向:民航隐私信息安全㊁民航隐私法规㊁民航信息系统等㊂。

2018年1月Journal on Communications January 2018 第39卷第1期通信学报V ol.39No.1基于强化学习的服务链映射算法魏亮，黄韬，张娇，王泽南，刘江，刘韵洁（北京邮电大学网络与交换技术国家重点实验室，北京 100876）摘要：提出基于人工智能技术的多智能体服务链资源调度架构，设计一种基于强化学习的服务链映射算法。

通过Q-learning的机制，根据系统状态、执行部署动作后的奖惩反馈来决定服务链中各虚拟网元的部署位置。

实验结果表明，与经典算法相比，该算法有效降低了业务的平均传输延时，提升了系统的负载均衡情况。

关键词：网络功能虚拟化；人工智能；服务链；强化学习中图分类号：TP302文献标识码：Adoi: 10.11959/j.issn.1000-436x.2018002Service chain mapping algorithm based onreinforcement learningWEI Liang, HUANG Tao, ZHANG Jiao, WANG Zenan, LIU Jiang, LIU Yunjie State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaAbstract: A service chain resource scheduling architecture of multi-agent based on artificial intelligence technology was proposed. Meanwhile, a service chain mapping algorithm based on reinforcement learning was designed. Through the Q-learning mechanism, the location of each virtual network element in the service chain was determined according to the system status and the reward and punishment feedback after the deployment. The experimental results show that com-pared with the classical algorithms, the algorithm effectively reduces the average transmission delay of the service and improves the load balance of the system.Key words: network function virtualization, artificial intelligence, service chain, reinforcement learning1引言网络功能虚拟化[1]（NFV, network function virtualization）是未来网络领域的重要研究方向。

1移动4G/5G VPDN业务路由组网实现面临的问题某金融机构因业务发展需要，办理开通运营商的VPDN 业务，用户利用移动办公终端可以直接进行拨号，业务使用正常。

但用户在新业务需求中，要使用VPDN拨号业务实现在分支机构引入4G/5G路由器接入，作为分支机构有线接入的冗余备份网络。

新业务开通测试时，将VPDN用户的UIM卡插入到4G/ 5G路由器上拨号，拨号成功并获取随机业务IP地，但用户要求实现拨号获取的IP地址必须为用户指定的静态固定IP地址，并需要由4G/5G路由器为下挂的信息终端，分配总部预规划的指定的业务IP地址。

按照用户需求完成相关IP路由指向配置后，测试下挂信息终端无法通过4G/5G路由器获取用户指定的业务IP实现与总部数据中心的数据交互。

2移动4G/5G VPDN业务组网架构拓扑及现场测试情况根据用户业务组网要求，按VPDN业务实现网络拓扑结构（如图1所示）。

在用户分支机构使用运营商移动4G/ 5G网络，通过VPDN业务拨号连通用户内部网络，使用总部根据不同业务分配的静态IP地址，安全、便捷、高效地与总部的数据库服务器、文件管理服务器、Web应用服务器、邮件服务器、视频服务器、网管服务器等进行数据的交互；总部可以对分支机构的信息终端通过图形化网管进行安全、灵活的管理、授权。

图1网络拓扑结构基于4G/5G网络应用VPDN业务专网的设计与实现The Design and Implementation of VPDN Service Private NetworkBased on the4G/5G Network Application冯亚军（中国电信股份有限公司河南分公司，郑州450000）FENG Ya-jun(Henan Branch of China Telecom,Zhengzhou450000,China)【摘要】随着信息通信技术（ICT）与人类生产生活持续深度融合，政务、金融、教育、医疗、工业等行业对泛在、高速、智能、安全的信息网络需求空前高涨，运营商提供的VPDN业务基于4G/5G的应用场景可提供更加安全、可靠、便捷的通信保障，相应业务的发展和应用场景越来越多。

第1期2021年1月Vol. 16 No. 1Jan. 2021Journal of C A E I T doi ： 10.3969/j. issn. 1673-5692.2021.01.002基于微服务架构的时空数据处理服务封装技术仇林遥1，王晓峰2，郑作亚1，柳圼1，王琼洁3 *(1.中国电子科学研究院，北京100041 ;2.中国人民解放军驻天津地区军事代表室，天津30024〇;3.中国电子信息产业发展研究院，北京100846)摘要：对地观测技术的快速发展使得卫星遥感数据的行业应用越来越普遍，随着国家遥感时空数 据共享开放的政策落地与实施，利用对地观测技术对国土、农业、交通、减灾、海洋等行业的技术应 用将进一步深入和普及。

但是遥感数据在行业应用仍存在专业技术门槛高、数据处理流程复杂、业 务灵活定制难度大等问题。

文中基于微服务架构，利用容器技术将算法资源封装为可灵活管理调 度的微服务节点，屏蔽不同算法模型在编译语言、运行环境和接口形式方面的差异问题，通过对服 务节点输入输出的标准化设计，将遥感数据的处理、分发、提取、专题产品制作等微服务进行业务进 行流编排，实现了整个业务算法的无缝封装和串联，通过服务的资源调度与管理实现对遥感数据应 用服务定制化，为遥感数据资源在行业的快速开发与应用深化提供技术支撑。

关键词：微服务架构；遥感数据处理；定制化服务中图分类号:T N 79文献标志码:A文章编号：1673-5692(2021)014)054)9A spatio-temporal data processing service packaging technologybased on microservice architectureQ I U Lin-yao1 , W A N G Xiao-feng', Z H E N G Z u o -y a 1 , L I U G a n g 1 , W A N G Qiong-jie3Abstract ： T h e rapid d e v e l o p m e n t of Earth observation technology m a k e s the application of satellite re-m o t e sensing data in the industry m o r e a n d m o r e c o m m o n 。

第32卷第6期电子科技大学学报V ol.32 No.6 2003年12月Journal of UEST of China Dec. 2003移动通信定位技术之比较邱善勤*1龚耀寰2(1. 中国科技集团公司第二十九研究所成都 610036; 2. 电子科技大学电子工程学院成都610054)【摘要】随着移动通信的发展，在移动通信中提供除语音通信外的新的服务功能成为增长热点，而定位服务是最重要的热点之一，其原因与E-911条例要求所有移动网络在运行时必须在一定的时限内提供定位服务有关，该文通过对国外大量文献的研究，详细介绍了现有的各种移动通信定位技术，通过对各种定位方法进行深入研究和比较后，指出了它们的实现方法及各自存在的优点和不足。

同时介绍了该技术领域的研究现状，并对今后技术的发展方向提出了相应的设想。

关键词定位技术; 到达时间差; 到达角度; 全球定位系统; 移动通信中图分类号TN929 文献标识码 AComparision of Cellular Location TechnologiesQiu Shanqin1 Gong Yaohuan2(1. China Electronic Technology Group Corporation NO. 29 Research Institute Chengdu 610036;2. School of Electronic Information UEST of China Chengdu 610054)Abstract By the mobile communication developing, location technology became new service of hotspot. More and more research organization have paid attention to this technology and it is necessarythat mobile proprietor must provide location service before 2001 years. This paper it introduce all kindsof cell location techniques, advantage and disadvantage of every method is also said. In the end it pointout the problems that have to be researched in the future and the trend of this technology.Key words location technology; TDOA; AOA; GPS; mobile communication为了改善针对移动电话用户的公共安全服务，美国联邦通信委员会(FCC)发布了E-911条例，其目的在于当求助者使用移动电话拨打紧急求助电话时，服务中心能够迅速并且较为准确的确定求助者的位置，从而为公众提供更为迅速有效的救助服务。

云计算外文翻译参考文献(文档含中英文对照即英文原文和中文翻译)原文:Technical Issues of Forensic Investigations in Cloud Computing EnvironmentsDominik BirkRuhr-University BochumHorst Goertz Institute for IT SecurityBochum, GermanyRuhr-University BochumHorst Goertz Institute for IT SecurityBochum, GermanyAbstract—Cloud Computing is arguably one of the most discussedinformation technologies today. It presents many promising technological and economical opportunities. However, many customers remain reluctant to move their business IT infrastructure completely to the cloud. One of their main concerns is Cloud Security and the threat of the unknown. Cloud Service Providers(CSP) encourage this perception by not letting their customers see what is behind their virtual curtain. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital investigations. This continues to fuel insecurity on the sides of both providers and customers. Cloud Forensics constitutes a new and disruptive challenge for investigators. Due to the decentralized nature of data processing in the cloud, traditional approaches to evidence collection and recovery are no longer practical. This paper focuses on the technical aspects of digital forensics in distributed cloud environments. We contribute by assessing whether it is possible for the customer of cloud computing services to perform a traditional digital investigation from a technical point of view. Furthermore we discuss possible solutions and possible new methodologies helping customers to perform such investigations.I. INTRODUCTIONAlthough the cloud might appear attractive to small as well as to large companies, it does not come along without its own unique problems. Outsourcing sensitive corporate data into the cloud raises concerns regarding the privacy and security of data. Security policies, companies main pillar concerning security, cannot be easily deployed into distributed, virtualized cloud environments. This situation is further complicated by the unknown physical location of the companie’s assets. Normally,if a security incident occurs, the corporate security team wants to be able to perform their own investigation without dependency on third parties. In the cloud, this is not possible anymore: The CSP obtains all the power over the environmentand thus controls the sources of evidence. In the best case, a trusted third party acts as a trustee and guarantees for the trustworthiness of the CSP. Furthermore, the implementation of the technical architecture and circumstances within cloud computing environments bias the way an investigation may be processed. In detail, evidence data has to be interpreted by an investigator in a We would like to thank the reviewers for the helpful comments and Dennis Heinson (Center for Advanced Security Research Darmstadt - CASED) for the profound discussions regarding the legal aspects of cloud forensics. proper manner which is hardly be possible due to the lackof circumstantial information. For auditors, this situation does not change: Questions who accessed specific data and information cannot be answered by the customers, if no corresponding logs are available. With the increasing demand for using the power of the cloud for processing also sensible information and data, enterprises face the issue of Data and Process Provenance in the cloud [10]. Digital provenance, meaning meta-data that describes the ancestry or history of a digital object, is a crucial feature for forensic investigations. In combination with a suitable authentication scheme, it provides information about who created and who modified what kind of data in the cloud. These are crucial aspects for digital investigations in distributed environments such as the cloud. Unfortunately, the aspects of forensic investigations in distributed environment have so far been mostly neglected by the research community. Current discussion centers mostly around security, privacy and data protection issues [35], [9], [12]. The impact of forensic investigations on cloud environments was little noticed albeit mentioned by the authors of [1] in 2009: ”[...] to our knowledge, no research has been published on how cloud computing environments affect digital artifacts,and on acquisition logistics and legal issues related to cloud computing env ironments.” This statement is also confirmed by other authors [34], [36], [40] stressing that further research on incident handling, evidence tracking and accountability in cloud environments has to be done. At the same time, massive investments are being made in cloud technology. Combined with the fact that information technology increasingly transcendents peoples’ private and professional life, thus mirroring more and more of peoples’actions, it becomes apparent that evidence gathered from cloud environments will be of high significance to litigation or criminal proceedings in the future. Within this work, we focus the notion of cloud forensics by addressing the technical issues of forensics in all three major cloud service models and consider cross-disciplinary aspects. Moreover, we address the usability of various sources of evidence for investigative purposes and propose potential solutions to the issues from a practical standpoint. This work should be considered as a surveying discussion of an almost unexplored research area. The paper is organized as follows: We discuss the related work and the fundamental technical background information of digital forensics, cloud computing and the fault model in section II and III. In section IV, we focus on the technical issues of cloud forensics and discuss the potential sources and nature of digital evidence as well as investigations in XaaS environments including thecross-disciplinary aspects. We conclude in section V.II. RELATED WORKVarious works have been published in the field of cloud security and privacy [9], [35], [30] focussing on aspects for protecting data in multi-tenant, virtualized environments. Desired security characteristics for current cloud infrastructures mainly revolve around isolation of multi-tenant platforms [12], security of hypervisors in order to protect virtualized guest systems and secure network infrastructures [32]. Albeit digital provenance, describing the ancestry of digital objects, still remains a challenging issue for cloud environments, several works have already been published in this field [8], [10] contributing to the issues of cloud forensis. Within this context, cryptographic proofs for verifying data integrity mainly in cloud storage offers have been proposed,yet lacking of practical implementations [24], [37], [23]. Traditional computer forensics has already well researched methods for various fields of application [4], [5], [6], [11], [13]. Also the aspects of forensics in virtual systems have been addressed by several works [2], [3], [20] including the notionof virtual introspection [25]. In addition, the NIST already addressed Web Service Forensics [22] which has a huge impact on investigation processes in cloud computing environments. In contrast, the aspects of forensic investigations in cloud environments have mostly been neglected by both the industry and the research community. One of the first papers focusing on this topic was published by Wolthusen [40] after Bebee et al already introduced problems within cloud environments [1]. Wolthusen stressed that there is an inherent strong need for interdisciplinary work linking the requirements and concepts of evidence arising from the legal field to what can be feasibly reconstructed and inferred algorithmically or in an exploratory manner. In 2010, Grobauer et al [36] published a paper discussing the issues of incident response in cloud environments - unfortunately no specific issues and solutions of cloud forensics have been proposed which will be done within this work.III. TECHNICAL BACKGROUNDA. Traditional Digital ForensicsThe notion of Digital Forensics is widely known as the practice of identifying, extracting and considering evidence from digital media. Unfortunately, digital evidence is both fragile and volatile and therefore requires the attention of special personnel and methods in order to ensure that evidence data can be proper isolated and evaluated. Normally, the process of a digital investigation can be separated into three different steps each having its own specificpurpose:1) In the Securing Phase, the major intention is the preservation of evidence for analysis. The data has to be collected in a manner that maximizes its integrity. This is normally done by a bitwise copy of the original media. As can be imagined, this represents a huge problem in the field of cloud computing where you never know exactly where your data is and additionallydo not have access to any physical hardware. However, the snapshot technology, discussed in section IV-B3, provides a powerful tool to freeze system states and thus makes digital investigations, at least in IaaS scenarios, theoretically possible.2) We refer to the Analyzing Phase as the stage in which the data is sifted and combined. It is in this phase that the data from multiple systems or sources is pulled together to create as complete a picture and event reconstruction as possible. Especially in distributed system infrastructures, this means that bits and pieces of data are pulled together for deciphering the real story of what happened and for providing a deeper look into the data.3) Finally, at the end of the examination and analysis of the data, the results of the previous phases will be reprocessed in the Presentation Phase. The report, created in this phase, is a compilation of all the documentation and evidence from the analysis stage. The main intention of such a report is that it contains all results, it is complete and clear to understand. Apparently, the success of these three steps strongly depends on the first stage. If it is not possible to secure the complete set of evidence data, no exhaustive analysis will be possible. However, in real world scenarios often only a subset of the evidence data can be secured by the investigator. In addition, an important definition in the general context of forensics is the notion of a Chain of Custody. This chain clarifies how and where evidence is stored and who takes possession of it. Especially for cases which are brought to court it is crucial that the chain of custody is preserved.B. Cloud ComputingAccording to the NIST [16], cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal CSP interaction. The new raw definition of cloud computing brought several new characteristics such as multi-tenancy, elasticity, pay-as-you-go and reliability. Within this work, the following three models are used: In the Infrastructure asa Service (IaaS) model, the customer is using the virtual machine provided by the CSP for installing his own system on it. The system can be used like any other physical computer with a few limitations. However, the additive customer power over the system comes along with additional security obligations. Platform as a Service (PaaS) offerings provide the capability to deploy application packages created using the virtual development environment supported by the CSP. For the efficiency of software development process this service model can be propellent. In the Software as a Service (SaaS) model, the customer makes use of a service run by the CSP on a cloud infrastructure. In most of the cases this service can be accessed through an API for a thin client interface such as a web browser. Closed-source public SaaS offers such as Amazon S3 and GoogleMail can only be used in the public deployment model leading to further issues concerning security, privacy and the gathering of suitable evidences. Furthermore, two main deployment models, private and public cloud have to be distinguished. Common public clouds are made available to the general public. The corresponding infrastructure is owned by one organization acting as a CSP and offering services to its customers. In contrast, the private cloud is exclusively operated for an organization but may not provide the scalability and agility of public offers. The additional notions of community and hybrid cloud are not exclusively covered within this work. However, independently from the specific model used, the movement of applications and data to the cloud comes along with limited control for the customer about the application itself, the data pushed into the applications and also about the underlying technical infrastructure.C. Fault ModelBe it an account for a SaaS application, a development environment (PaaS) or a virtual image of an IaaS environment, systems in the cloud can be affected by inconsistencies. Hence, for both customer and CSP it is crucial to have the ability to assign faults to the causing party, even in the presence of Byzantine behavior [33]. Generally, inconsistencies can be caused by the following two reasons:1) Maliciously Intended FaultsInternal or external adversaries with specific malicious intentions can cause faults on cloud instances or applications. Economic rivals as well as former employees can be the reason for these faults and state a constant threat to customers and CSP. In this model, also a malicious CSP is included albeit he isassumed to be rare in real world scenarios. Additionally, from the technical point of view, the movement of computing power to a virtualized, multi-tenant environment can pose further threads and risks to the systems. One reason for this is that if a single system or service in the cloud is compromised, all other guest systems and even the host system are at risk. Hence, besides the need for further security measures, precautions for potential forensic investigations have to be taken into consideration.2) Unintentional FaultsInconsistencies in technical systems or processes in the cloud do not have implicitly to be caused by malicious intent. Internal communication errors or human failures can lead to issues in the services offered to the costumer(i.e. loss or modification of data). Although these failures are not caused intentionally, both the CSP and the customer have a strong intention to discover the reasons and deploy corresponding fixes.IV. TECHNICAL ISSUESDigital investigations are about control of forensic evidence data. From the technical standpoint, this data can be available in three different states: at rest, in motion or in execution. Data at rest is represented by allocated disk space. Whether the data is stored in a database or in a specific file format, it allocates disk space. Furthermore, if a file is deleted, the disk space is de-allocated for the operating system but the data is still accessible since the disk space has not been re-allocated and overwritten. This fact is often exploited by investigators which explore these de-allocated disk space on harddisks. In case the data is in motion, data is transferred from one entity to another e.g. a typical file transfer over a network can be seen as a data in motion scenario. Several encapsulated protocols contain the data each leaving specific traces on systems and network devices which can in return be used by investigators. Data can be loaded into memory and executed as a process. In this case, the data is neither at rest or in motion but in execution. On the executing system, process information, machine instruction and allocated/de-allocated data can be analyzed by creating a snapshot of the current system state. In the following sections, we point out the potential sources for evidential data in cloud environments and discuss the technical issues of digital investigations in XaaS environmentsas well as suggest several solutions to these problems.A. Sources and Nature of EvidenceConcerning the technical aspects of forensic investigations, the amount of potential evidence available to the investigator strongly diverges between thedifferent cloud service and deployment models. The virtual machine (VM), hosting in most of the cases the server application, provides several pieces of information that could be used by investigators. On the network level, network components can provide information about possible communication channels between different parties involved. The browser on the client, acting often as the user agent for communicating with the cloud, also contains a lot of information that could be used as evidence in a forensic investigation. Independently from the used model, the following three components could act as sources for potential evidential data.1) Virtual Cloud Instance: The VM within the cloud, where i.e. data is stored or processes are handled, contains potential evidence [2], [3]. In most of the cases, it is the place where an incident happened and hence provides a good starting point for a forensic investigation. The VM instance can be accessed by both, the CSP and the customer who is running the instance. Furthermore, virtual introspection techniques [25] provide access to the runtime state of the VM via the hypervisor and snapshot technology supplies a powerful technique for the customer to freeze specific states of the VM. Therefore, virtual instances can be still running during analysis which leads to the case of live investigations [41] or can be turned off leading to static image analysis. In SaaS and PaaS scenarios, the ability to access the virtual instance for gathering evidential information is highly limited or simply not possible.2) Network Layer: Traditional network forensics is knownas the analysis of network traffic logs for tracing events that have occurred in the past. Since the different ISO/OSI network layers provide several information on protocols and communication between instances within as well as with instances outside the cloud [4], [5], [6], network forensics is theoretically also feasible in cloud environments. However in practice, ordinary CSP currently do not provide any log data from the network components used by the customer’s instances or applications. For instance, in case of a malware infection of an IaaS VM, it will be difficult for the investigator to get any form of routing information and network log datain general which is crucial for further investigative steps. This situation gets even more complicated in case of PaaS or SaaS. So again, the situation of gathering forensic evidence is strongly affected by the support the investigator receives from the customer and the CSP.3) Client System: On the system layer of the client, it completely depends on the used model (IaaS, PaaS, SaaS) if and where potential evidence could beextracted. In most of the scenarios, the user agent (e.g. the web browser) on the client system is the only application that communicates with the service in the cloud. This especially holds for SaaS applications which are used and controlled by the web browser. But also in IaaS scenarios, the administration interface is often controlled via the browser. Hence, in an exhaustive forensic investigation, the evidence data gathered from the browser environment [7] should not be omitted.a) Browser Forensics: Generally, the circumstances leading to an investigation have to be differentiated: In ordinary scenarios, the main goal of an investigation of the web browser is to determine if a user has been victim of a crime. In complex SaaS scenarios with high client-server interaction, this constitutes a difficult task. Additionally, customers strongly make use of third-party extensions [17] which can be abused for malicious purposes. Hence, the investigator might want to look for malicious extensions, searches performed, websites visited, files downloaded, information entered in forms or stored in local HTML5 stores, web-based email contents and persistent browser cookies for gathering potential evidence data. Within this context, it is inevitable to investigate the appearance of malicious JavaScript [18] leading to e.g. unintended AJAX requests and hence modified usage of administration interfaces. Generally, the web browser contains a lot of electronic evidence data that could be used to give an answer to both of the above questions - even if the private mode is switched on [19].B. Investigations in XaaS EnvironmentsTraditional digital forensic methodologies permit investigators to seize equipment and perform detailed analysis on the media and data recovered [11]. In a distributed infrastructure organization like the cloud computing environment, investigators are confronted with an entirely different situation. They have no longer the option of seizing physical data storage. Data and processes of the customer are dispensed over an undisclosed amount of virtual instances, applications and network elements. Hence, it is in question whether preliminary findings of the computer forensic community in the field of digital forensics apparently have to be revised and adapted to the new environment. Within this section, specific issues of investigations in SaaS, PaaS and IaaS environments will be discussed. In addition, cross-disciplinary issues which affect several environments uniformly, will be taken into consideration. We also suggest potential solutions to the mentioned problems.1) SaaS Environments: Especially in the SaaS model, the customer does notobtain any control of the underlying operating infrastructure such as network, servers, operating systems or the application that is used. This means that no deeper view into the system and its underlying infrastructure is provided to the customer. Only limited userspecific application configuration settings can be controlled contributing to the evidences which can be extracted fromthe client (see section IV-A3). In a lot of cases this urges the investigator to rely on high-level logs which are eventually provided by the CSP. Given the case that the CSP does not run any logging application, the customer has no opportunity to create any useful evidence through the installation of any toolkit or logging tool. These circumstances do not allow a valid forensic investigation and lead to the assumption that customers of SaaS offers do not have any chance to analyze potential incidences.a) Data Provenance: The notion of Digital Provenance is known as meta-data that describes the ancestry or history of digital objects. Secure provenance that records ownership and process history of data objects is vital to the success of data forensics in cloud environments, yet it is still a challenging issue today [8]. Albeit data provenance is of high significance also for IaaS and PaaS, it states a huge problem specifically for SaaS-based applications: Current global acting public SaaS CSP offer Single Sign-On (SSO) access control to the set of their services. Unfortunately in case of an account compromise, most of the CSP do not offer any possibility for the customer to figure out which data and information has been accessed by the adversary. For the victim, this situation can have tremendous impact: If sensitive data has been compromised, it is unclear which data has been leaked and which has not been accessed by the adversary. Additionally, data could be modified or deleted by an external adversary or even by the CSP e.g. due to storage reasons. The customer has no ability to proof otherwise. Secure provenance mechanisms for distributed environments can improve this situation but have not been practically implemented by CSP [10]. Suggested Solution: In private SaaS scenarios this situation is improved by the fact that the customer and the CSP are probably under the same authority. Hence, logging and provenance mechanisms could be implemented which contribute to potential investigations. Additionally, the exact location of the servers and the data is known at any time. Public SaaS CSP should offer additional interfaces for the purpose of compliance, forensics, operations and security matters to their customers. Through an API, the customers should have the ability to receive specific information suchas access, error and event logs that could improve their situation in case of aninvestigation. Furthermore, due to the limited ability of receiving forensic information from the server and proofing integrity of stored data in SaaS scenarios, the client has to contribute to this process. This could be achieved by implementing Proofs of Retrievability (POR) in which a verifier (client) is enabled to determine that a prover (server) possesses a file or data object and it can be retrieved unmodified [24]. Provable Data Possession (PDP) techniques [37] could be used to verify that an untrusted server possesses the original data without the need for the client to retrieve it. Although these cryptographic proofs have not been implemented by any CSP, the authors of [23] introduced a new data integrity verification mechanism for SaaS scenarios which could also be used for forensic purposes.2) PaaS Environments: One of the main advantages of the PaaS model is that the developed software application is under the control of the customer and except for some CSP, the source code of the application does not have to leave the local development environment. Given these circumstances, the customer obtains theoretically the power to dictate how the application interacts with other dependencies such as databases, storage entities etc. CSP normally claim this transfer is encrypted but this statement can hardly be verified by the customer. Since the customer has the ability to interact with the platform over a prepared API, system states and specific application logs can be extracted. However potential adversaries, which can compromise the application during runtime, should not be able to alter these log files afterwards. Suggested Solution:Depending on the runtime environment, logging mechanisms could be implemented which automatically sign and encrypt the log information before its transfer to a central logging server under the control of the customer. Additional signing and encrypting could prevent potential eavesdroppers from being able to view and alter log data information on the way to the logging server. Runtime compromise of an PaaS application by adversaries could be monitored by push-only mechanisms for log data presupposing that the needed information to detect such an attack are logged. Increasingly, CSP offering PaaS solutions give developers the ability to collect and store a variety of diagnostics data in a highly configurable way with the help of runtime feature sets [38].3) IaaS Environments: As expected, even virtual instances in the cloud get compromised by adversaries. Hence, the ability to determine how defenses in the virtual environment failed and to what extent the affected systems havebeen compromised is crucial not only for recovering from an incident. Also forensic investigations gain leverage from such information and contribute to resilience against future attacks on the systems. From the forensic point of view, IaaS instances do provide much more evidence data usable for potential forensics than PaaS and SaaS models do. This fact is caused throughthe ability of the customer to install and set up the image for forensic purposes before an incident occurs. Hence, as proposed for PaaS environments, log data and other forensic evidence information could be signed and encrypted before itis transferred to third-party hosts mitigating the chance that a maliciously motivated shutdown process destroys the volatile data. Although, IaaS environments provide plenty of potential evidence, it has to be emphasized that the customer VM is in the end still under the control of the CSP. He controls the hypervisor which is e.g. responsible for enforcing hardware boundaries and routing hardware requests among different VM. Hence, besides the security responsibilities of the hypervisor, he exerts tremendous control over how customer’s VM communicate with the hardware and theoretically can intervene executed processes on the hosted virtual instance through virtual introspection [25]. This could also affect encryption or signing processes executed on the VM and therefore leading to the leakage of the secret key. Although this risk can be disregarded in most of the cases, the impact on the security of high security environments is tremendous.a) Snapshot Analysis: Traditional forensics expect target machines to be powered down to collect an image (dead virtual instance). This situation completely changed with the advent of the snapshot technology which is supported by all popular hypervisors such as Xen, VMware ESX and Hyper-V.A snapshot, also referred to as the forensic image of a VM, providesa powerful tool with which a virtual instance can be clonedby one click including also the running system’s mem ory. Due to the invention of the snapshot technology, systems hosting crucial business processes do not have to be powered down for forensic investigation purposes. The investigator simply creates and loads a snapshot of the target VM for analysis(live virtual instance). This behavior is especially important for scenarios in which a downtime of a system is not feasible or practical due to existing SLA. However the information whether the machine is running or has been properly powered down is crucial [3] for the investigation. Live investigations of running virtual instances become more common providing evidence data that。

Telecom Power Technology电源与节能技术的无线网络节能技术应用探析张磊（中通服网盈科技有限公司，江苏南京在移动通信技术快速发展的背景下，超密集小蜂窝网络与异构网络备受关注，为技术的功耗相对较高，只有应用节能技术才能够降低功耗，因此利用文献资料法等方法对基于节能技术进行了研究与探讨。

在探究过程中先分析了5G与无线网络，之后分析了基于的无线网络节能技术是以HetNets因此需要充分发挥设备级、站点级以及网络级节能技术的作用，从而降低Analysis the Application of Wireless Network Energy Saving Technology Based on 5GZHANG Lei(China Comservice Wangying Technology Co., Ltd., NanjingAbstract: Against the backdrop of rapid advancements in mobile communication technology, ultra-dense small cell networks and heterogeneous networks have garnered significant attention, providing support for 2023年12月10日第40卷第23期145 Telecom Power TechnologyDec. 10, 2023, Vol.40 No.23张 磊：基于5G 的无线网络节能技术 应用探析有利于降低网络的功耗。

SCN 具有高效可靠、易于集成、全面保障以及高效支持等特点，且其成本相对较低、能耗较低、具有较高的能量效率，在无线网络节能中具有重要作用。

2.2 HetNets 自组织架构自组织网络以自动管理为核心，主要包括监测、分析、规划、评估等功能，为充分发挥这些功能的作用，需要采集大量的数据信息。

Location based services using geographical information systemsBalqies Sadoun *,Omar Al-BayariSurveying and Geomatics Engineering Department,Al-Balqa’Applied University,Al-Salt,JordanAvailable online 27June 2007AbstractOne of the most obvious technologies behind Location Based Services (LBS)is positioning,with the most widely recognized system being the Global Positioning System (GPS).There are,however,other means of positioning in addition to GPS.These other technologies are network based positioning and typically rely on various means of triangulation of the signal from cell sites serving a mobile phone.In addition,the serving cell site can be used as a fix for location of the user.More and more organizations have started to apply location-based services over Wireless LANs to enable improvements to appli-cations.Generally,a LBS keeps track of the position of users on the network as they roam through the facility.A central system collects and integrates this position information to drive additional functions that identify the position of users in relation to the facility and pertinent areas,such as information on hospitals and medical centers,booths,emergency centers,stores,police stations,gas stations,etc.LBSs offer personalized services to the subscribers based on their current position using Global Navigation Satellite System (GNSS),Geographic Information System (GIS)and Wireless Communications and Networking technologies.LBSs offer modern world the tool for efficient management and continuous control.More and more people involve LBS in their industry and day-to-day life to better achieve their goals.In this paper,we present a review of LBS using Geographical Information Systems and two applications that we developed.These are auto-matic vehicle location,which can provide better management and control for a moving fleet of vehicles and police traffic information system.Ó2007Elsevier B.V.All rights reserved.Keywords:Location based service (LBS);Geographic information system (GIS);Global navigation satellite system (GNSS);Global positioning system (GPS)and Wireless networks (WNs);Wireless communications (WCs)1.IntroductionThe increasing demand for commercial LBS has driven scientists to focus on more accurate positioning solutions.LBS employs accurate,real-time positioning to connect users to points of interest and advises them of the current conditions,such as traffic and weather conditions,or pro-vides routing and tracking information using wireless devices.It is important to integrate the mobile computing technology and the GIS technology in order to meet the needs of LBS,which is considered one of the most promis-ing applications of GIS.The location of the caller could be determined by other position determination techniques.These include Cell-ID,Enhanced Observed Time Differ-ence (E-OTD),Observed Timed Difference of Arrival (OTDOA),Wireless Assisted GNSS (A-GNSS)and hybrid technologies (combining A-GNSS with other standard technologies).Cell-ID is used for positioning purposes,but it is not accurate.In the following,we will present an introduction on the LBS,its combination with GIS and WC,and some of our recent related work [1–4].LBS systems aim at improving user-friendly info-mobil-ity services for position determination by combining wire-less communications (WCs),GNSS and GIS based on mobile client/server architecture [1].Location determina-tion may be based on GNSS Technologies (mainly location intelligence is stored within terminal GPS),or on Network Technologies that exploit the cellular infrastructure to obtain geo-location information (Wireless Technology).Positioning techniques based on the use of a GNSS/GIS0140-3664/$-see front matter Ó2007Elsevier B.V.All rights reserved.doi:10.1016/com.2007.05.059*Corresponding author.E-mail addresses:balqiessadoun@ (B.Sadoun),obayari@.jo (O.Al-Bayari)./locate/comcomAvailable online at Computer Communications 30(2007)3154–3160and cellular network infrastructure are progressing at an impressive pace.GNSS receivers determine the position,precise time and velocity in the coordinate reference system.Then saves these data in the National Marine Electronics Association format(NMEA)to be transmitted to the control center via wireless communication means or downloaded directly via serial ports,such as RS-232,USB2.0,etc.GNSS is the technical interoperability and compatibility between various satellite navigation systems which are the modernized GPS,Galileo and GLONASS to be used glob-ally by the public and the industry with no regard to the nationality of each system in order to promote the safety and convenience of life[2,3].GNSS means the compatibil-ity and interoperability of the three main satellite technol-ogies:GPS,GLONASS and Galileo.At the time of writing this paper,the only complete Global Navigation Satellite System(GNSS)is basically the GPS system and most of the existing worldwide related applications are based on the GPS system/technology.The GNSS technology will become clearer after the operation of European Galileo and the reconstruction of Russian GLONASS by the end of2008.GNSS applications in allfields will play a key role,mov-ing its use from the transportation domain to multimodal use,outdoors and indoors.It is expected that GNSS will increase significantly the precision in position domain[4]. The combined and competitive benefits of GPS and Galileo will result in major improvements in navigation,timing, accuracy and related applications and services[5].To real-ize these benefits,Galileo receivers must be made available to enable the commercial exploitation and market penetra-tion of the Galileo system and services.These should be based onflexible system design principles and equallyflex-ible implementation.Precise positioning using GNSS technology is limited by the availability of satellite signals in specific locations.With Galileo system,more satellites have been added to the current GPS and GLONASS systems,users will have the possibility to track a large number of the total75avail-able satellites.2.GNSS positioning techniqueThe basic concept of point position depends on the trila-teration between the receiver and satellite.Range measure-ments from four satellites are needed to determine the four unknown X,Y,Z and receiver clock offset(D d).The ana-lytical solution for receiver A and four satellites could be written as[6]:R1 A ðtÞ¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiðX1ðtÞÀX AÞ2þðY1ðtÞÀY AÞ2þðZ1ðtÞÀZ AÞ2qþcÁD dR2 A ðtÞ¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiðX2ðtÞÀX AÞ2þðY2ðtÞÀY AÞ2þðZ2ðtÞÀZ AÞ2qþcÁD dR2 A ðtÞ¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiðX3ðtÞÀX AÞ2þðY3ðtÞÀY AÞ2þðZ3ðtÞÀZ AÞ2qþcÁD dR4 A ðtÞ¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiðX4ðtÞÀX AÞ4þðY4ðtÞÀY AÞ2þðZ4ðtÞÀZ AÞ2qþcÁD dThe range R is measured by the receiver and the coordi-nates of satellite are extracted from the navigation message.The unknowns in the above equation are X,Y,Z and theclock error D d.In case of observing more than four satel-lites,the least square adjustment is performed to estimatethe unknowns.Hence,coordinates of the receiver and time offset couldbe obtained directly in real time with one epoch measure-ment.Due to un-modeled errors in pseudo range,such asionosphere,troposphere and orbital errors,the accuracylevel of absolute positioning is within10m[7].The basic concept of LBS network-based techniques isto calculate the time difference between the transmittedand received signal.Then multiply the calculated time difference by thevelocity of light to obtain the distance.To calculate the caller location(x,y),we need two equa-tions.If we have more than three Towers(Base Stations),the position will be more precise and least square computa-tion is needed[8].f iðXÞ¼cðs iÀsÞÀffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiðx iÀxÞ2þðy iÀyÞ2qThe most common non-GNSS solutions for mobile posi-tioning are:(i)Cell-ID(taking into consideration cell sizeand timing advance),(ii)TOA(Time of Arrival),(iii)Angleof Arrival(AOA)and(iv)Enhanced Observed Time Differ-ence(EOTD);all make use of the wireless telecommunica-tions system itself[9].Cell-ID is the most straightforward solution,and usesthe cell identification information within the mobile tele-phony network to identify the approximate location ofthe caller.However,this technique is often not very usefulbecause of the low positioning accuracy.GNSS based location technology(currently Assisted-GPS)can also be combined with ETOA or TDOA.Thisapproach requires spot deployment of ETOD and TDOA,allowing A-GPS to be used in the majority of the networkin order to provide basis for most location information(Fig.1).Hybrid approach generally improves performanceof location technology[8,10].The LBS system consists of three main components;seeFig.2.Thefirst component is the mobile positioningsystem,Fig.1.Time Difference of Arrival(TDOA)approach.B.Sadoun,O.Al-Bayari/Computer Communications30(2007)3154–31603155which can be the GNSS,Hybrid GNSS/A-GPS based,or network-based (AOA,TOA,TDOA).The second compo-nent is the mobile telephony network to deliver the service to users.The third is the location-based service application,which consists of a server and a spatial database.The three components communicate with each other through application programming interfaces (API).The API are designed to help wireless Internet developers to integrate location-based services into mobile telephony net-works and allow the application server to communicate with the spatial database and the billing server.The control center for a LBS platform is the server that handles user interface functions and communicates with the spatial database or data warehouse.3.LBS applicationsThe LBS applications are divided into four main areas:rmation and navigation services:These services pro-vide data directly to end-users,in particular for destina-tion location and criteria for trip optimization.Moving map displays guided by navigation GNSS (currently GPS)receivers are provided by the Automobile manu-facturers as a new option in their modern vehicles.Many rental car companies have GPS-equipped vehicles that give directions to drivers on display screens and through synthesized voice instructions.Moreover,the displays can be removed and taken into a home to plan a trip.A new international industry is born (such as Navtique and Tele Atlas),which is specialized in preparing the maps and voice guidance for navigation system to be used in old and new modern vehicles.2.Emergency assistance:This type of service provides the location of mobile users in case of distress and need for assistance,such as E-911in US and E-112in Europe.GIS capabilities are essential in such services.3.Tracking services:In general,an AVL system consists of a GNSS receiver integrated with GSM/GPRS module mounted on the vehicle,communication link between the vehicle and the dispatcher,and PC-based tracking software for dispatching [11].work related services:Location can be achieved by integrating a GNSS receiver in the mobile phone (hand-held solution)or by using the communication network itself,where knowledge of user’s position improves com-munication services.The combination of GNSS receivers and GIS software for data collection and updating is usually sent via wireless communication links to the server and then,posted so as it will be globally accessible and available on the Internet.Most web GIS software packages have the capability to deal with the data via Internet and distribute these data to users in real time.Developing software under web GIS systems gives a high possibility to integrate the Web GIS Server with wire-less communication to be used for mobile GIS with any application,such as AVL [11].One important factor in integrating of GIS and GNSS application is the working in the same coordinate system or datum.Working in differ-ent coordinate systems creates data miss-matching in GIS/GNSS applications.LBS techniques based on GSM,GPRS and WCDMA (Wideband Code Division Multiple Access)networks alone do not offer high accuracy.Moreover,GNSS alone is insuf-ficient to maintain continuous positioning due to the inev-itable difficulties caused by obstacles.When GNSS signals are blocked or lost,the precision of positioning will be min-imized to unacceptable level.It is expected that the GNSS will increase significantly the precision in the position domain [4,10].Wide-area augmentation systems should be imple-mented as they allow a significant improvement of accu-racy and integrity performance.WAAS,EGNOS and MSAS provide a useful augmentation to GPS,GLONASS and Galileo services over US,Europe and Japan,respec-tively [11].The applications of GNSS/GIS/LBS are growing rap-idly,but they have some limitations such as:•GIS data and maps should be periodically updated.•There should be standards to control the quality of the GIS data.•Transformation between GNSS reference system such as WGS 84and the local coordinate systems should be well known for those working in the GIS data collection.•Limitation of wireless communication (high cost),limi-tation of GPRS (number of lines for each base station)and rooming problems.•Customization of GNSS solution (high cost).•Integration between GNSS technology and other posi-tioning technologies such as odometer,gyros and map matching is still not used.•Standards for developing GNSS/LBS/GIS solution are not discussed yet.•Combination between wireless location technology such as Cell-ID,TOA,AOA and ETOA is not implemented in ourcountry.Fig.2.The location technology and LBS system.3156 B.Sadoun,O.Al-Bayari /Computer Communications 30(2007)3154–31604.Applications and case studiesGNSS/LBS/GIS applications that we have developed for local use are:(i)AVL system applied to the public transportation company in the capital city,Amman,and (ii)Police traffic information system to report and update about accidents’locations,the level of danger and the fre-quency of accidents at the location,etc.4.1.Application 14.1.1.AVL system for local public transportation company We have applied AVL system to the public transporta-tion company that operates in Amman city.Vehicle track-ing is one of the fastest-growing GNSS applications today.GPS-equipped fleet buses (public transportation systems)use GNSS receivers to monitor their locations at all times.The principal benefit of AVL system in fleet management is the opportunity for increasing and improving the efficient use of human and environmental resources in effective manners.Transportation infrastructure represents one of the largest and most critical investments by any country.Movements of people are vital to every aspect of the coun-try’s economy.GIS and AVL based asset management for road trans-portation system can greatly improve the efficiency of oper-ations (optimize services,cost and fleet usage),while at the same time,can make significant contributions to safety,including responses to natural and man-made disasters.A software package has been developed under web GIS soft-ware to integrate the Web GIS Server with wireless com-munication to be used for Mobile GIS with the LBS application as AVL (Fig.3)for the transportation com-pany control and management.The system has operated properly.It will change the local culture of public transpor-tation to be dependable,efficient and time saving,which was never before.This has helped to give more confidence to the local transportation company.Local residents start to rely more on the local transportation system as such new mechanism has improved the working schedule and confidence of people in the accuracy of the entire operation.Moreover,it will offer the management a tool for monitoring the fleet activities and resolving problems before they occur.We hope that bettermanagementFig.3.Web Tracking Software applied for fleet management of the transportation company in Amman city.B.Sadoun,O.Al-Bayari /Computer Communications 30(2007)3154–31603157and control on the operating vehicles will provide integ-rity and prosperity to the operating transportation company.It is expected that such a mechanism will improve the confidence in the local transportation company in Amman and improve its image among the citizens of the city as in the past the company has an unfavorable reputation.Also this will help to save time,money,pollution and energy for the citizen and the country.The developed Web tracking software provides the control center with all needed infor-mation about the operation process.Continuous contact with drivers and follow up is also provided by the control center to avoid accidents,traffic and time schedule prob-lems.We had to build a GIS system for the roads and the surrounding environment of Amman.Moreover,we included buffer zones to keep vehicles on track and to warn the control in case of mishaps.4.2.Application 24.2.1.The police traffic information systemInformation system –all accidents’information have to be localized using GNSS technology (mainly GPS)then,the information and location have to be sent to the server via wireless communication means,downloaded directly via serial port or transmitted to the server via Internet.The location Information server will be connected with all police stations in all cities for data updating via web GIS;see Fig.4.The database part is very critical in this application.There are two different types of database,the spatial data-base (street,district,etc.)and the entity database (driver,car,etc.).The arrangement of the data within the database and their interrelation will affect the efficiency of the soft-ware and lead to better management of the generation of reports and consequently the decision-making process;see Fig.5.Interrelation within the database could be designed to allow certain tasks to improve a certain deci-sion-making process,such as the total number of accidents at a certain location within a specific period of time.The report warning would require new traffic planning.The asset management process in GIS/LBS application is developed on top of GIS software capabilities to facili-tate the analysis,management and decision-making,espe-cially when it is directly related to life saving.In case of accident,the captured area will be determined as a buffer circle with a 100-m radius,then the location of the accident will be highlighted on the screen if the number of accidents (at the location)exceeded a specific number;without the need to read the report.Asset management will help the decision makers to localize accident locations and to take the action needed to reduce or eliminate the accident causes automatically.The software classifies the accident danger level according to certain factors predefined by the police committee on road accidents.The success in such projects depends heav-ily on the GIS data quality in the initiation process and on its maintenanceafterward.Fig.4.GNSS/LBS/GIS combination.3158 B.Sadoun,O.Al-Bayari /Computer Communications 30(2007)3154–31605.ConclusionsTo conclude,increasing demand for commercial LBS is pushing at improving user mobility services for position determination by combining WC/GNSS/GIS technologies.Location may be based on GNSS Technologies or on Net-work Technologies (Wireless Technology),but the GNSS technology provides more accurate positions.GNSS/LBS/GIS applications are at high demand for the time being,but they still have some limitations.LBS industry includes:Information and navigation services,emergency assistance,tracking services and network related services.It is an essential tool for better manage-ment of moving vehicles and is urgent for life saving in emergencies.In this paper,we introduced two GNSS/LBS/GIS appli-cations that we have developed for local use.These are:AVL system applied to a local public transportation com-pany and police traffic information system to report and update about accidents’locations,the level of danger and the frequency of accidents at the location.Automatic vehicle location application can provide bet-ter management and control for a moving fleet of vehicles,which may keep time schedules,increase operating effi-ciency and avoid/minimize accidents and traffic problems.Other LBS application is to create a police traffic informa-tion system to help in emergency management,better plan-ning and prevention.Applications are increasing at an impressive rate.This area is becoming an attractive industry.AcknowledgementsThe authors gratefully acknowledge the support of GCE Company and Mr.S.Aqel.References[1]E.Lohnert,E.Wittmann,J.Pielmeier,F.Sayda,Pramount Public Safety &Commercial Info-mobility Applications and Services in the Mountains,ION GPS 2001,Salt Lake City,UT,2001,pp.319–325.[2]GALILEO,Mission Requirement Document (MRD),European Commission,Issue 5–Rev.1.1,27.March 2003.Available from: .[3]Y.Feng,Combined galileo and GPS:a technical perspective,Journal of Global Positioning Systems (1)(2003)67–72.[4]chapelle,M.E.Cannon,K.O’Keefe,P.Alves,How will galileo improve positioning performance,GPS World 13(9)(2002)38–48.[5]P.Mulassano,F.Dovis,F.Cllomb,European projects for innovative GNSS-related applications,GPS Solutions 7(2004)268–270.Fig.5.The police traffic information system flowchart.B.Sadoun,O.Al-Bayari /Computer Communications 30(2007)3154–31603159[6]B.Hofmann-Wellenhof,H.Lichtenegger,J.Collins,Global Posi-tioning System:Theory and Practice,fifth ed.,Springer Verlag,New York,2001.[7]A.Leick,GPS Satellite Surveying,third ed.,John Wiley and Sons,New York,2003.[8]J.J.Caffery,G.L.Stu¨ber,Overview of radiolocation in CDMA,IEEECommunications Magazine(1998)38–45.[9]R.Jain,A.Puri,R.Sengupta,Geographical routing using partialinformation for wireless ad hoc networks,IEEE Journal of Personal Communications8(1)(2001)48–57.[10]G.Heinrichs,G.Germany,J.Winkel,C.Drewes,L.Maurer,A.Springer,R.Stuhlberger, C.Wicpalek,A Hybrid Galileo/UMTS Receiver Architecture for Mass-Market Applications,GNSS2005, Available from:/publications/ IfEN_Paper_GAWAIN_GNSS2005.pdf.[11]O.Al-Bayari,B.Sadoun,New centralized automatic vehicle locationcommunications software system under GIS environment,Interna-tional Journal of Communication System18(9)(2005)833–846.Dr.Balqies Sadoun received her M.S.in CivilEngineering from the Ecole Nationale DesTravaux Publique de L’Etat,Lyon,France.Shereceived another M.S.and Ph.D.degrees in Cityand Regional Planning Engineering,College ofEngineering of The Ohio State University,Columbus,Ohio,USA.Currently,she is theChairperson and an Associate Professor in theDepartment of Surveying Engineering and Geo-matics,Faculty of Engineering,at the Al-Balqa’Applied University,Jordan.Previous positions include Chair of the Department of Architectural Engineering at Applied Science University,Amman,Jordan.Other previous academic experiences include working as a faculty member at the Faculty of Engineering of Yarmouk University and Jordan University of Science and Technology. Dr.Sadoun has worked also as a faculty member at the City University of New York,USA.Dr.Sadoun has authored or co-authored about sixty (60)refereed journals,and conference articles and book chapters.She served on the program and organization committees of several interna-tional conferences.In1999,she served as the Program Co-chair of the 1999Summer Computer Simulation Conference,SCSC’99,and co-edited the Proceedings of the1999Summer Computer Simulation Conference. Her article‘‘An efficient simulation methodology for the design of traffic lights at intersections in urban areas,’’by published in the Simulation Journal:Transactions of the Society for Modeling and Simulation Inter-national,Sage79(2003)243–251,’’has been ranked on the top of the50 most-frequently-read articles in the Simulation Journal(October2003–February2007);see:</reports/mfr1.dtl>.Dr. Sadoun’s research interests include:modeling and simulation,Geo-graphical Information Systems(GIS)and Global Navigation Satellite Systems(GNSS)applications,applications of information and commu-nication technology to city planning/engineering,surveying and Geo-matics engineering,transportation engineering and planning, environmental planning and engineering,applied neural networks,passive solar design,quantitative analysis and methods,system recognition and identification.Dr.Sadoun is a member of the Society for Modeling and Simulation andASCE.Dr.Omar Al-Bayari is an Assistant Professor inthe Department of Surveying and GeomaticsEngineering at Al-Balqa’Applied University,Jordan.He worked between1999and2001asPost Doctor at DISTART Engineering Depart-ment,University of Bologna,Italy.He obtainedhis B.S.in Civil Engineering from the Universityof Jordan,and his Ph.D.in Geodetic Sciencesand Topography from the University of Bologna,Italy,in1998.Dr.Al-Bayari has authored or co-authored more thanfifteen articles in refereed international journals and conferences.His area of research include Geodetic Surveying and GPS Applications,Integration between GPS,GIS and GSM communicationsystems for Automatic Vehicle Location system, Global Geodesy and Geoid determination,and Airborne laser scanning system.3160 B.Sadoun,O.Al-Bayari/Computer Communications30(2007)3154–3160。

一篇英语科技文献摘要范文Title: "Advancements in Quantum Computing: Exploring the Frontier of Superposition and Entanglement for Solving Complex Problems"Abstract:Quantum computing, a revolutionary paradigm that harnesses the unique properties of quantum mechanics, has emerged as a promising field with the potential to transform various sectors from materials science to cryptography. This article delves into the recent advancements in quantum computing, focusing on two fundamental principles: superposition and entanglement, and their applications in solving classically intractable problems.First, we provide an overview of the theoretical foundations of quantum computing, emphasizing the concept of a qubit—the quantum equivalent of a classical bit—which can exist in a superposition of states, enabling parallel computation. This inherent parallelism is then leveraged to explain how quantum algorithms, such as Grover's search algorithm and Shor's factorization algorithm, can achieve exponential speedups over their classical counterparts.Next, we explore the realm of quantum entanglement, a phenomenon where the states of two or more quantum particles become intricately linked, such that measurements on one particle instantaneously affect the state of the others, regardless of the distance between them. This non-local correlation is a cornerstone of quantum computing, enabling complex information processing tasks that would be impossible with classical systems.The article then highlights recent experimental breakthroughs in quantum hardware, including the development of more stable and scalable qubit platforms like superconducting qubits, trapped ions, and topological quantum bits. These advancements have paved the way for the realization of quantum processors with increasing numbers of qubits, enabling the execution of increasingly complex quantum circuits.Furthermore, we discuss the challenges and opportunities in quantum error correction, a crucial aspect of realizing fault-tolerant quantum computers capable of executing algorithms with high fidelity. Recent progress in quantum error-correcting codes and their implementation strategies are presented, outlining how they can mitigate the detrimental effects of decoherence and other noise sources in quantum systems.Finally, we explore the potential impact of quantum computing on various industries, including drug discovery, optimization problems, finance, and cryptography. We discuss how quantum algorithms tailored for these domains can unlock new capabilities and drive innovation, while also acknowledging the ethical and societal implications of this technology's development.In conclusion, this article offers a comprehensive overview of the latest advancements in quantum computing, emphasizing the fundamental principles, experimental progress, and potential applications that are poised to reshape our understanding of computation and its impact on society.。