Abstract: Embodiments of the present disclosure relate to devices, methods, apparatuses and computer readable storage media for data sharing. In example embodiments, a method for data sharing is provided. The method comprises, in response to receiving a first request to share data of a user from a data sharing agent, creating a data sharing smart contract for the user. The method further comprises publishing the data sharing smart contract to one or more data consumers. The method further comprises, in response to receiving a second request to access the data from a data consumer, generating, by executing the data sharing smart contract, an indication that the data consumer is authorized to access the data. In addition, the method further comprises sending the indication to the data consumer. In this way, end users are enabled to manage and share their personal data by themselves.

Abstract: Embodiments of the present disclosure relate to methods, devices and computer readable storage medium for tracing an attack source in a service function chain overlay network. In example embodiments, a request for tracing an attack source of an attacking data is sent at the attack tracer to a first service function chain domain of a plurality of service function chain domains through which the attacking data flow passes subsequently. The request includes flow characteristics of the attacking data flow. Then, the attack tracer receives a first set of results of flow matching based on the flow characteristics from the first service function chain domain. The attack tracer identifies the attack source in the plurality of service function chain domains at least in part based on the first set of results. In this way, the attack source may be traced efficiently in the service function chain overlay network.

Abstract: Embodiments of the disclosure provide a method, device and computer readable medium for protecting MAC addresses. According to embodiments of the present disclosure, the terminal device may obtain a set of virtual MAC addressed from a network device and may connect with a further network device (for example, Wi-Fi AP or Bluetooth devices) using the virtual MAC addresses. In this way, tracking the terminal device with MAC address is prevented so that user privacy protection could be enhanced.

Abstract: Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.

Abstract: Embodiments of the present disclosure relate to devices, methods, apparatuses and computer readable storage media of data security for network slice management. The method comprises transmitting at least one entry associated with attributes of data generated by the first device to a second device; in response to a request for accessing the data received from a third device, determining whether the third device has an authority for accessing the data based on the request; and in response to a determination that the third device has the authority for accessing the data, causing the third device to check the integrity of the data based on the attributes of the data obtained from the second device. In this way, the service consumer may detect the data tampering.

Abstract: Embodiments of the present disclosure relate to devices, methods, apparatuses and computer readable storage media for data sharing. In example embodiments, a method for data sharing is provided. The method comprises, in response to receiving a first request to share data of a user from a data sharing agent, creating a data sharing smart contract for the user. The method further comprises publishing the data sharing smart contract to one or more data consumers. The method further comprises, in response to receiving a second request to access the data from a data consumer, generating, by executing the data sharing smart contract, an indication that the data consumer is authorized to access the data. In addition, the method further comprises sending the indication to the data consumer. In this way, end users are enabled to manage and share their personal data by themselves.

Abstract: A method, a device, an apparatus and a computer-readable storage medium for MAC address conflict detection. The method includes: in response to detecting a wireless local area network, transmitting, at a first device, a dummy MAC address of the first device to a second device in the wireless local area network, the dummy MAC address being different from a real MAC address of the first device; transmitting an address conflict detection request for the dummy MAC address to the second device; and in response to an address conflict detection response from the second device indicating that there is no conflict for the dummy MAC address, establishing a connection with the wireless local area network. The method may effectively protect privacy information for a user of a terminal device, while avoiding a MAC address conflict, such that the user can communicate in a secure network environment.

Abstract: Embodiments of the disclosure provide a method, device and computer readable medium for protecting MAC addresses. According to embodiments of the present disclosure, the terminal device may obtain a set of virtual MAC addressed from a network device and may connect with a further network device (for example, Wi-Fi AP or Bluetooth devices) using the virtual MAC addresses. In this way, tracking the terminal device with MAC address is prevented so that user privacy protection could be enhanced.

Abstract: Embodiments of the present disclosure relate to methods, devices and computer readable storage medium for tracing an attack source in a service function chain overlay network. In example embodiments, a request for tracing an attack source of an attacking data is sent at the attack tracer to a first service function chain domain of a plurality of service function chain domains through which the attacking data flow passes subsequently. The request includes flow characteristics of the attacking data flow. Then, the attack tracer receives a first set of results of flow matching based on the flow characteristics from the first service function chain domain. The attack tracer identifies the attack source in the plurality of service function chain domains at least in part based on the first set of results. In this way, the attack source may be traced efficiently in the service function chain overlay network.

Abstract: Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.

Abstract: A method, a device, an apparatus and a computer-readable storage medium for MAC address conflict detection. The method includes: in response to detecting a wireless local area network, transmitting, at a first device, a dummy MAC address of the first device to a second device in the wireless local area network, the dummy MAC address being different from a real MAC address of the first device; transmitting an address conflict detection request for the dummy MAC address to the second device; and in response to an address conflict detection response from the second device indicating that there is no conflict for the dummy MAC address, establishing a connection with the wireless local area network. The method may effectively protect privacy information for a user of a terminal device, while avoiding a MAC address conflict, such that the user can communicate in a secure network environment.