Abstract: In this paper the problem of the application of
temporal reasoning and case-based reasoning in intelligent decision
support systems is considered. The method of case-based reasoning
with temporal dependences for the solution of problems of real-time
diagnostics and forecasting in intelligent decision support systems is
described. This paper demonstrates how the temporal case-based
reasoning system can be used in intelligent decision support systems
of the car access control. This work was supported by RFBR.
Abstract: This paper describes a logical method to enhance
security on the grid computing to restrict the misuse of the grid
resources. This method is an economic and efficient one to avoid the
usage of the special devices. The security issues, techniques and
solutions needed to provide a secure grid computing environment are
described. A well defined process for security management among
the resource accesses and key holding algorithm is also proposed. In
this method, the identity management, access control and
authorization and authentication are effectively handled.
Abstract: Access control is one of the most challenging issues
facing information security. Access control is defined as, the ability to
permit or deny access to a particular computational resource or digital
information by an unauthorized user or subject. The concept of usage
control (UCON) has been introduced as a unified approach to capture a
number of extensions for access control models and systems. In
UCON, an access decision is determined by three factors:
authorizations, obligations and conditions. Attribute mutability and
decision continuity are two distinct characteristics introduced by
UCON for the first time. An observation of UCON components
indicates that, the components are predefined and static. In this paper,
we propose a new and flexible model of usage control for the creation
and elimination of some of these components; for example new
objects, subjects, attributes and integrate these with the original
UCON model. We also propose a model for concurrent usage
scenarios in UCON.
Abstract: Compared with traditional distributed environment, the
net-centric environment brings on more demanding challenges for
information sharing with the characteristics of ultra-large scale and
strong distribution, dynamic, autonomy, heterogeneity, redundancy.
This paper realizes an information sharing model and a series of core
services, through which provides an open, flexible and scalable
information sharing platform.
Abstract: The topic of enhancing security in XML databases is important as it includes protecting sensitive data and providing a secure environment to users. In order to improve security and provide dynamic access control for XML databases, we presented XLog file to calculate user trust values by recording users’ bad transaction, errors and query severities. Severity-aware trust-based access control for XML databases manages the access policy depending on users' trust values and prevents unauthorized processes, malicious transactions and insider threats. Privileges are automatically modified and adjusted over time depending on user behaviour and query severity. Logging in database is an important process and is used for recovery and security purposes. In this paper, the Xlog file is presented as a dynamic and temporary log file for XML databases to enhance the level of security.
Abstract: This paper investigates the possibility of improving throughputs of some Media Access Controls protocols such as ALOHA, slotted ALOHA and Carrier Sense Multiple Access with Collision Avoidance with the aim of increasing the performance of Powerline access networks. In this investigation, the real Powerline network topology in Tanzania located in Dar es Salaam City, Kariakoo area was used as a case study. During this investigation, Wireshark Network Protocol Analyzer was used to analyze data traffic of similar existing network for projection purpose and then the data were simulated using MATLAB. This paper proposed and analyzed three improvement techniques based on collision domain, packet length and combination of the two. From the results, it was found that the throughput of Carrier Sense Multiple Access with Collision Avoidance protocol improved noticeably while ALOHA and slotted ALOHA showed insignificant changes especially when the hybrid techniques were employed.
Abstract: In this paper, we propose a general mandatory access framework for distributed systems. The framework can be applied into multiple operating systems and can handle multiple stakeholders. Despite considerable advancements in the area of mandatory access control, a certain approach to enforcing mandatory access control can only be applied in a specific operating system. Other than PC market in which windows captures the overwhelming shares, there are a number of popular operating systems in the emerging smart phone environment, i.e. Android, Windows mobile, Symbian, RIM. It should be noted that more and more stakeholders are involved in smartphone software, such as devices owners, service providers and application providers. Our framework includes three parts—local decision layer, the middle layer and the remote decision layer. The middle layer takes charge of managing security contexts, OS API, operations and policy combination. The design of the remote decision layer doesn’t depend on certain operating systems because of the middle layer’s existence. We implement the framework in windows, linux and other popular embedded systems.
Abstract: This paper will present the implementation of QoS
policy based system by utilizing rules on Access Control List (ACL)
over Layer 3 (L3) switch. Also presented is the architecture on that
implementation; the tools being used and the result were gathered.
The system architecture has an ability to control ACL rules which are
installed inside an external L3 switch. ACL rules used to instruct the
way of access control being executed, in order to entertain all traffics
through that particular switch. The main advantage of using this
approach is that the single point of failure could be prevented when
there are any changes on ACL rules inside L3 switches. Another
advantage is that the agent could instruct ACL rules automatically
straight away based on the changes occur on policy database without
configuring them one by one. Other than that, when QoS policy
based system was implemented in distributed environment, the
monitoring process can be synchronized easily due to the automate
process running by agent over external policy devices.
Abstract: In this paper, we describe a rule-based message passing method to support developing collaborative applications, in which multiple users share resources in distributed environments. Message communications of applications in collaborative environments tend to be very complex because of the necessity to manage context situations such as sharing events, access controlling of users, and network places. In this paper, we propose a message communications method based on unification of artificial intelligence and logic programming for defining rules of such context information in a procedural object-oriented programming language. We also present an implementation of the method as java classes.
Abstract: In the current decade, wireless sensor networks are
emerging as a peculiar multi-disciplinary research area. By this
way, energy efficiency is one of the fundamental research themes
in the design of Medium Access Control (MAC) protocols for
wireless sensor networks. Thus, in order to optimize the energy
consumption in these networks, a variety of MAC protocols are
available in the literature. These schemes were commonly evaluated
under simple network density and a few results are published on
their robustness in realistic network-s size. We, in this paper, provide
an analytical study aiming to highlight the energy waste sources in
wireless sensor networks. Then, we experiment three energy efficient
hybrid CSMA/CA based MAC protocols optimized for wireless
sensor networks: Sensor-MAC (SMAC), Time-out MAC (TMAC)
and Traffic aware Energy Efficient MAC (TEEM). We investigate
these protocols with different network densities in order to discuss
the end-to-end performances of these schemes (i.e. in terms of energy
efficiency, delay and throughput). Through Network Simulator (NS-
2) implementations, we explore the behaviors of these protocols with
respect to the network density. In fact, this study may help the multihops
sensor networks designers to design or select the MAC layer
which matches better their applications aims.
Abstract: As a security mechanism, authorization is to provide access control to the system resources according to the polices and rules specified by the security strategies. Either by update or in the initial specification, conflicts in authorization is an issue needs to be solved. In this paper, we propose a new approach to solve conflict by using prioritized logic programs and discuss the uniqueness of its answer set. Addressing conflict resolution from logic programming viewpoint and the uniqueness analysis of the answer set provide a novel, efficient approach for authorization conflict resolution.
Abstract: Wireless sensor networks is an emerging technology
that serves as environment monitors in many applications. Yet
these miniatures suffer from constrained resources in terms of
computation capabilities and energy resources. Limited energy
resource in these nodes demands an efficient consumption of that
resource either by developing the modules itself or by providing
an efficient communication protocols. This paper presents a
comprehensive summarization and a comparative study of the
available MAC protocols proposed for Wireless Sensor Networks
showing their capabilities and efficiency in terms of energy
consumption and delay guarantee.
Abstract: Because nodes are usually battery-powered, the energy
presents a very scarce resource in wireless sensor networks. For this
reason, the design of medium access control had to take energy
efficiency as one of its hottest concerns. Accordingly, in order to
improve the energy performance of MAC schemes in wireless sensor
networks, several ways can be followed. In fact, some researchers try
to limit idle listening while others focus on mitigating overhearing
(i.e. a node can hear a packet which is destined to another node)
or reducing the number of the used control packets. We, in this
paper, propose a new hybrid MAC protocol termed ELE-MAC
(i.e. Energy Latency Efficient MAC). The ELE-MAC major design
goals are energy and latency efficiencies. It adopts less control
packets than SMAC in order to preserve energy. We carried out ns-
2 simulations to evaluate the performance of the proposed protocol.
Thus, our simulation-s results prove the ELE-MAC energy efficiency.
Additionally, our solution performs statistically the same or better
latency characteristic compared to adaptive SMAC.
Abstract: The home in these days has not one computer connected to the Internet but rather a network of many devices within the home, and that network might be connected to the Internet. In such an environment, the potential for attacks is greatly increased. The general security technology can not apply because of the use of various wired and wireless network, middleware and protocol in digital home environment and a restricted system resource of home information appliances. To offer secure home services home network environments have need of access control for various home devices and information when users want to access. Therefore home network access control for user authorization is a very important issue. In this paper we propose access control model using RBAC in home network environments to provide home users with secure home services.
Abstract: Recently, the RFID (Radio Frequency
Identification) technology attracts the world market attention as
essential technology for ubiquitous environment. The RFID
market has focused on transponders and reader development.
But that concern has shifted to RFID software like as
high-valued e-business applications, RFID middleware and
related development tools. However, due to the high sensitivity
of data and service transaction within the RFID network,
security consideration must be addressed. In order to guarantee
trusted e-business based on RFID technology, we propose a
security enhanced RFID middleware system. Our proposal is
compliant with EPCglobal ALE (Application Level Events),
which is standard interface for middleware and its clients. We
show how to provide strengthened security and trust by
protecting transported data between middleware and its client,
and stored data in middleware. Moreover, we achieve the
identification and service access control against illegal service
abuse. Our system enables secure RFID middleware service
and trusted e-business service.
Abstract: Grid computing provides a virtual framework for
controlled sharing of resources across institutional boundaries.
Recently, trust has been recognised as an important factor for
selection of optimal resources in a grid. We introduce a new method
that provides a quantitative trust value, based on the past interactions
and present environment characteristics. This quantitative trust value
is used to select a suitable resource for a job and eliminates run time
failures arising from incompatible user-resource pairs. The proposed
work will act as a tool to calculate the trust values of the various
components of the grid and there by improves the success rate of the
jobs submitted to the resource on the grid. The access to a resource
not only depend on the identity and behaviour of the resource but
also upon its context of transaction, time of transaction, connectivity
bandwidth, availability of the resource and load on the resource. The
quality of the recommender is also evaluated based on the accuracy
of the feedback provided about a resource. The jobs are submitted for
execution to the selected resource after finding the overall trust value
of the resource. The overall trust value is computed with respect to
the subjective and objective parameters.
Abstract: The lack of security obstructs a large scale de- ployment of the multicast communication model. There- fore, a host of research works have been achieved in order to deal with several issues relating to securing the multicast, such as confidentiality, authentication, non-repudiation, in- tegrity and access control. Many applications require au- thenticating the source of the received traffic, such as broadcasting stock quotes and videoconferencing and hence source authentication is a required component in the whole multicast security architecture. In this paper, we propose a new and efficient source au- thentication protocol which guarantees non-repudiation for multicast flows, and tolerates packet loss. We have simu- lated our protocol using NS-2, and the simulation results show that the protocol allows to achieve improvements over protocols fitting into the same category.
Abstract: As various mobile sensing technologies, remote
control and ubiquitous infrastructure are developing and expectations
on quality of life are increasing, a lot of researches and developments
on home network technologies and services are actively on going,
Until now, we have focused on how to provide users with high-level
home network services, while not many researches on home network
security for guaranteeing safety are progressing. So, in this paper, we
propose an access control model specific to home network that
provides various kinds of users with home network services up one-s
characteristics and features, and protects home network systems from
illegal/unnecessary accesses or intrusions.
Abstract: Through the analysis of the process digital design
based on digital mockup, the fact indicates that a distributed
cooperative supporting environment is the foundation conditions to
adopt design approach based on DMU. Data access authorization is
concerned firstly because the value and sensitivity of the data for the
enterprise. The access control for administrators is often rather weak
other than business user. So authors established an enhanced system to
avoid the administrators accessing the engineering data by potential
approach and without authorization. Thus the data security is
improved.
Abstract: Keystroke authentication is a new access control system
to identify legitimate users via their typing behavior. In this paper,
machine learning techniques are adapted for keystroke authentication.
Seven learning methods are used to build models to differentiate user
keystroke patterns. The selected classification methods are Decision
Tree, Naive Bayesian, Instance Based Learning, Decision Table, One
Rule, Random Tree and K-star. Among these methods, three of them
are studied in more details. The results show that machine learning
is a feasible alternative for keystroke authentication. Compared to
the conventional Nearest Neighbour method in the recent research,
learning methods especially Decision Tree can be more accurate. In
addition, the experiment results reveal that 3-Grams is more accurate
than 2-Grams and 4-Grams for feature extraction. Also, combination
of attributes tend to result higher accuracy.