{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,1]],"date-time":"2025-06-01T04:09:04Z","timestamp":1748750944434,"version":"3.41.0"},"reference-count":43,"publisher":"Wiley","issue":"13","license":[{"start":{"date-parts":[[2015,10,30]],"date-time":"2015-10-30T00:00:00Z","timestamp":1446163200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"name":"NUPTSF","award":["NY212012"],"award-info":[{"award-number":["NY212012"]}]},{"DOI":"10.13039\/501100001809","name":"Chinese National Science Foundation","doi-asserted-by":"crossref","award":["61373168","61202387"],"award-info":[{"award-number":["61373168","61202387"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm Networks"],"published-print":{"date-parts":[[2016,9,10]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>With the big\u2010data and mobile Internet era coming, sensitive information (SI) in various applications plays a key role; even more, they can be an important part of the authentication between clients and servers. However, how to measure security or sensitivity degrees of SI is an open issue. Furthermore, no effective method can detect covert channel of SI thieves in Advanced Persistent Threat attacks. To deal with these problems, we propose a new design, called software\u2010defined networking (SDN)\u2010based SI Protection, in which sensitivity degree can be measured by using Analytic Hierarchy Process and Technique for Order Preference by Similarity to an Ideal Solution, and SI covert channel can be detected based on OpenFlow in SDN. To our best knowledge, it is the first defined sensitivity degree for SI and novel flow\u2010table design in SI data flow switch. Most significantly, our proposal can apply integrated semantics of leakage points and accident attacks into security analysis and switch protocol in Operating System or network. To verify our proposal, experimental tests are performed in social network platforms, field test results have demonstrated that this proposal can capture security level for SI as expected, detect any kinds of potential leakage points in data lifetime, describe fine\u2010grained semantics of accidental attacks, and detect illegal data flow of SI in network layer. Copyright \u00a9 2015 John Wiley &amp; Sons, Ltd.<\/jats:p>","DOI":"10.1002\/sec.1367","type":"journal-article","created":{"date-parts":[[2015,10,30]],"date-time":"2015-10-30T05:50:43Z","timestamp":1446184243000},"page":"1944-1957","source":"Crossref","is-referenced-by-count":2,"title":["SDN\u2010based Sensitive Information (SI) protection: sensitivity\u2010degree measurement in software and data lifetime supervisor in software defined network"],"prefix":"10.1002","volume":"9","author":[{"given":"Letian","family":"Sha","sequence":"first","affiliation":[{"name":"Nanjing University of Posts and Telecommunications School of Computer Science &amp; Technology Nanjing 210046 China"}]},{"given":"Liwen","family":"He","sequence":"additional","affiliation":[{"name":"Nanjing University of Posts and Telecommunications School of Computer Science &amp; Technology Nanjing 210046 China"}]},{"given":"Jianming","family":"Fu","sequence":"additional","affiliation":[{"name":"School of Computer Wuhan University Wuhan 430072 China"}]},{"given":"Jing","family":"Sun","sequence":"additional","affiliation":[{"name":"Nanjing Telecommunication Technology Institute Nanjing 210007 China"}]},{"given":"Pengwei","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Wuhan University Wuhan 430072 China"}]}],"member":"311","published-online":{"date-parts":[[2015,10,30]]},"reference":[{"key":"e_1_2_8_2_1","doi-asserted-by":"crossref","unstructured":"GarfinkelT PfaffB ChowJ et al.Data life time is a systems problem.Proc of the 11th workshop on ACM SIGOPS european workshop. ACM:New York 2004;64\u201375.","DOI":"10.1145\/1133572.1133599"},{"key":"e_1_2_8_3_1","unstructured":"JimC BenP TalG et al.Shredding your garbage: reducing data lifetime through secure deallocation.Proc of the 14th USENIX Security Symp. ACM:New York 2005;104\u2013118."},{"key":"e_1_2_8_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1945023.1945039"},{"key":"e_1_2_8_5_1","unstructured":"Microsoft.MSDN: about keyboard input [EB\/OL]. Silicon Valley 2013[2013\u201002\u201017].http:\/\/msdn.microsoft.com\/en\u2010us\/library\/ms646267(VS.85).aspx"},{"key":"e_1_2_8_6_1","unstructured":"BlackHat2011.Spy\u2010Sense: spyware tool for executing stealthy exploits against sensor networks [EB\/OL].https:\/\/media.blackhat.com\/bh\u2010us\u201011\/Giannetsos\/BH_US_11_Giannetsos_SpySense_Spyware_WP.pdf[Accessed on 3 October 2013]."},{"key":"e_1_2_8_7_1","unstructured":"GarfinkelT PfaffB ChowJ et al.Understanding data lifetime via whole system simulation.Proc of the 13th USENIX Security Symp. ACM:New York 2004;87\u201396."},{"key":"e_1_2_8_8_1","doi-asserted-by":"crossref","unstructured":"Wikipedia.Stuxnet [EB\/OL].http:\/\/en.wikipedia.org\/wiki\/Stuxnet[Accessed on 7 November 2012].","DOI":"10.7328\/jurpcb20122711174"},{"key":"e_1_2_8_9_1","unstructured":"Wikipedia.Duqu [EB\/OL].http:\/\/en.wikipedia.org\/wiki\/Duqu[Accessed on 23 November 2012]."},{"key":"e_1_2_8_10_1","unstructured":"Wikipedia.Flame(malware) [EB\/OL].http:\/\/en.wikipedia.org\/wiki\/Flame_(malware)[Accessed on 8 September 2013]."},{"key":"e_1_2_8_11_1","unstructured":"MattW SudhirA MichaelC et al.Testing metrics for password creation policies by attacking large sets of revealed passwords.Proc of the 17th ACM Conf on computer and communications security. ACM:New York 2010;162\u2013175."},{"key":"e_1_2_8_12_1","doi-asserted-by":"crossref","unstructured":"ZYinqiang FabianM MichaelK et al.The security of modern password expiration: an algorithmic framework and empirical analysis.Proc of the 17th ACM Conf on computer and communications security. ACM:New York 2010;176\u2013186.","DOI":"10.1145\/1866307.1866328"},{"issue":"1","key":"e_1_2_8_13_1","first-page":"3","article-title":"Collecting sensitive information from windows physical memory","volume":"4","author":"Zhao Q","year":"2009","journal-title":"Journal of Computers January"},{"key":"e_1_2_8_14_1","doi-asserted-by":"crossref","unstructured":"BRaghavan MCasado TKoponen SRatnasamy AGhodsi andSShenker.Software\u2010defined internet architecture: decoupling architecture from infrastructure.Proceedings of the 11th ACMWorkshop on Hot Topics in Networks. ACM: New York 2012;43\u201348.","DOI":"10.1145\/2390231.2390239"},{"key":"e_1_2_8_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2014.012214.00180"},{"key":"e_1_2_8_16_1","unstructured":"Software\u2010defined networking research group (SDNRG) [EB\/OL].2013.http:\/\/irtf.org\/sdnrg[Accessed on 9 November 2013]."},{"key":"e_1_2_8_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_2_8_18_1","unstructured":"Open networking summit [EB\/OL].2012.http:\/\/opennetsummit.org\/archives\/apr12\/hoelzle \u2010tue\u2010openflow.pdf[Accessed on 9 November 2013]."},{"key":"e_1_2_8_19_1","doi-asserted-by":"publisher","DOI":"10.1587\/transcom.E97.B.375"},{"key":"e_1_2_8_20_1","doi-asserted-by":"crossref","unstructured":"CohenR Lewin\u2010EytanL NaorJ RazD.On the effect of forwarding table size on SDN network utilization.Proc.of the IEEE INFOCOM. IEEE: Piscataway 2014;1734\u20131742.","DOI":"10.1109\/INFOCOM.2014.6848111"},{"key":"e_1_2_8_21_1","unstructured":"MonsantoC ReichJ FosterN RexfordJ WalkerD.Composing software\u2010defined networks.Proc.of the USENIX NSDI.2013;1\u201313.https:\/\/www.usenix.org\/system\/files\/conference\/nsdi13\/ nsdi13\u2010final232.pdf[Accessed on 9 November 2013]."},{"key":"e_1_2_8_22_1","doi-asserted-by":"crossref","unstructured":"NaousJ EricksonD CovingtonG AppenzellerG McKeownN.Implementing an OpenFlow switch on the NetFPGA.In:Proc.of the 4th ACM\/IEEE Symp.on Architectures for Networking and Communications Systems(ANCS). ACM:New York 2008;1\u20139.","DOI":"10.1145\/1477942.1477944"},{"key":"e_1_2_8_23_1","doi-asserted-by":"crossref","unstructured":"Pere\u0161\u00edniP Ku\u017aniarM Vasi\u0107N CaniniM Kosti\u0107D.OF.CPP: consistent packet processing for OpenFlow.Proc.of the ACM SIGCOMM Workshop on HotSDN.2013;97\u2013102.","DOI":"10.1145\/2491185.2491205"},{"key":"e_1_2_8_24_1","first-page":"408","volume-title":"Lightweight DdoS Flooding Attack Detection Using NOX\/OpenFlow","author":"Braga R","year":"2010"},{"key":"e_1_2_8_25_1","first-page":"13","volume-title":"Proc. of the 1st USENIX Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot\u2010ICE)","author":"Jose L","year":"2011"},{"key":"e_1_2_8_26_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1201\/b11032","volume-title":"Multiple Attribute Decision Making: Methods and Applications","author":"Tzeng G","year":"2011"},{"key":"e_1_2_8_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0305-0548(99)00069-6"},{"key":"e_1_2_8_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.autcon.2008.02.011"},{"key":"e_1_2_8_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.12.013"},{"key":"e_1_2_8_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.apm.2009.09.022"},{"key":"e_1_2_8_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2006.03.023"},{"volume-title":"The Casebook of AHP","year":"1990","author":"Tone K","key":"e_1_2_8_32_1"},{"volume-title":"The Analytic Hierarchy Process","year":"1980","author":"Saaty TL","key":"e_1_2_8_33_1"},{"volume-title":"Fundamentals of Decision Making with the Analytic Hierarchy Process","year":"2000","author":"Saaty TL","key":"e_1_2_8_34_1"},{"volume-title":"Decision Making with Dependence and Feedback: The Analytic Network Process","year":"2001","author":"Saaty TL","key":"e_1_2_8_35_1"},{"key":"e_1_2_8_36_1","unstructured":"OYuschuk.Ollydbg [EB\/OL].http:\/\/baike.baidu.com\/view\/939483.htm[Accessed on 20 June 2013]."},{"key":"e_1_2_8_37_1","unstructured":"Hex\u2010rays.IDA Pro [EB\/OL].https:\/\/www.hex\u2010rays.com\/products\/ida\/[Accessed on 3 January 2012]."},{"key":"e_1_2_8_38_1","unstructured":"NirSoft.MessenPas[EB\/OL].http:\/\/www.nirsoft.net\/utils\/ms pass.html[Accessed on 11 July 2013]."},{"key":"e_1_2_8_39_1","unstructured":"NirSoft.PasswordRecovery[EB\/OL].Http:\/\/www.nirsoft.net\/password_recovery_tools.html[Accessed on 11 July 2013]."},{"key":"e_1_2_8_40_1","unstructured":"PCoulibaly.Hotmail& MSN Password Recovery 1[EB\/OL].https:\/\/2ra5\u2010downloads.phpnuke.org\/en\/c98679\/hotmail\u2010msn\u2010password\u2010recovery#.VCTPtmeSyo0[Accessed on 4 August 2013]."},{"key":"e_1_2_8_41_1","unstructured":"FeiXun Password Record [EB\/OL].http:\/\/www.downxia.com\/downinfo\/44514.html[Accessed on 4 August 2013]."},{"key":"e_1_2_8_42_1","unstructured":"YuChen Password Record [EB\/OL].http:\/\/download.pcpop.com\/shoujigongju\/wangluofuzhu\/156582.html[Accessed on 4 August 2013]."},{"key":"e_1_2_8_43_1","unstructured":"KeySafe [EB\/OL].http:\/\/www.pen88.com\/download\/keysafe.rar[Accessed on 4 August 2013]."},{"key":"e_1_2_8_44_1","doi-asserted-by":"publisher","DOI":"10.3778\/j.issn.1673-9418.1407061"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.1367","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.1367","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/sec.1367","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T07:16:08Z","timestamp":1748675768000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.1367"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,30]]},"references-count":43,"journal-issue":{"issue":"13","published-print":{"date-parts":[[2016,9,10]]}},"alternative-id":["10.1002\/sec.1367"],"URL":"https:\/\/doi.org\/10.1002\/sec.1367","archive":["Portico"],"relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2015,10,30]]}}}