面向普适计算的自适应模糊访问控制方法

普适环境中的上下文信息是普适访问控制的关键因素,对主体的授权和对主体使用权限过程的控制具有决定性影响。系统安全强度和安全策略应随上下文的变化而动态改变。传统访问控制模型均未考虑上下文对安全强度和安全策略的动态影响,不适合普适计算环境。提出了普适环境下安全强度和安全策略随上下文动态变化的思想,基于区间值模糊集合理论建立了上下文信息相关的产生式规则,设计了一种简单高效的区间值模糊访问控制方法,以提高普适计算系统中安全强度和安全策略的自适应性,更符合普适环境。     

A fault tolerant mutual exclusion algorithm for mobile ad hoc networks

In this paper, we propose a permission-based message efficient mutual exclusion (MUTEX) algorithm for mobile ad hoc networks (MANETs). To reduce messages cost, the algorithm uses the “look-ahead” technique, which enforces MUTEX only among the hosts currently competing for the critical section. We propose mechanisms to handle dozes and disconnections of mobile hosts. The assumption of FIFO channel in the original “look-ahead” technique is also relaxed. The proposed algorithm can also tolerate link or host failures, using timeout-based mechanisms. Both analytical and simulation results show that the proposed algorithm works well under various conditions, especially when the mobility is high or load level is low. To our knowledge, this is the first permission-based MUTEX algorithm for MANETs.     

The resource access authorization route problem in a collaborative manufacturing system

Most of collaborative manufacturing systems are based on or involved in distributed information systems. Access control model, as an important infrastructure facility of information system, is frequently employed to control the resource sharing and cooperation in a collaborative manufacturing system. However, Configuring and running an access control model in a collaborative manufacturing system is a more complex problem. The reason is that there are more resources to be accessed and more complex security policies and rules from different partners to be obeyed in such a system than these in an individual information system. Un-intuitional semantic of security policies directly result in administrators’ confusion in judging the legitimacy of authorization actions. They don’t even know which authorization actions should be performed and what performing order should be executed by. So, it is necessary to configure an authority action sequence, including an authority action set and the performing order, to help the administrators to perform the given authorization task without violating these multisource security policies and rules. In this paper, how to configure the authority action sequence is defined as an authorization route problem at first. Then, the problem is modeled as a classical planning problem and a GraphPlan algorithm is revised to solve it. Based on the modeled problem and the revised algorithm, a prototype system named PolicyProber is developed to provide an authority action sequence for administrators in a visual way. Several cases are used to demonstrate the effectiveness of the presented model, method and algorithm. The research achievements and its application in industry can help administrators make correct decisions, which can strength the safety of a collaborative manufacturing system indirectly.     

Work flow methodology : A proposed approach for analysis and conceptual design of large scale computer based information systems

The objective of this paper is to explain our approach called “Work Flow Methodology for Analysis and Conceptual Data Base Design of Large Scale Computer Based Information System”. The user fills in, through the different steps of the methodology and in the light of the definition of dynamic adaptive system, a number of forms which relate the topological dimension to the time dimension for each application of a given system. In addition, we obtain the “Unit Subschema” which defines the responsibilities of issuing and authorization of receiving information at the proper time. Finally, we apply our methodology to the Registration System in Kuwait University.     

工作流系统上下文相关访问控制模型

访问控制是提高工作流系统安全性的重要机制。基于角色的访问控制（RBAC）被绝大多数工作流系统所采用，已成为工作流领域研究的热点。但是，现有的基于角色的访问控制模型没有考虑工作流上下文对任务执行授权安全的影响，容易造成权限冗余，也不支持职责分离策略。该文提出一种工作流上下文相关访问控制模型WfCAC，首先，定义该模型的构成要素和体系结构，然后讨论工作流职责分离和访问控制机制，并对模型性质进行分析。WfCAC模型支持用户组及其层次结构，支持最小权限授权策略和职责分离策略，实现了工作流上下文相关访问控制。     

A model for evaluation and administration of security inobject-oriented databases

The integration of object-oriented programming concepts with databases is one of the most significant advances in the evolution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop an authorization model for object-oriented databases. This model consists of a set of policies, a structure for authorization rules, and algorithms to evaluate access requests against the authorization rules. User access policies are based on the concept of inherited authorization applied along the class structure hierarchy. We propose also a set of administrative policies that allow the control of user access and its decentralization. Finally, we study the effect of class structuring changes on authorization     

A meta-control architecture for orchestrating policy enforcement across heterogeneous information sources

There is increasing demand from both organizations and individuals for technology capable of enforcing sophisticated, context-sensitive policies, whether security and privacy policies, corporate policies or policies reflecting various regulatory requirements. In open environments, enforcing such policies requires the ability to reason about the policies themselves as well as the ability to dynamically identify and access heterogeneous sources of information. This article introduces a semantic web framework and a meta-control model to orchestrate policy reasoning with the identification and access of relevant sources of information. Specifically, sources of information are modeled as web services with rich semantic profiles. Policy Enforcing Agents rely on meta-control strategies to dynamically interleave semantic web reasoning and service discovery and access. Meta-control rules can be customized to best capture the requirements associated with different domains and different sets of policies. This architecture has been validated in the context of different environments, including a collaborative enterprise domain as well as several mobile and pervasive computing applications deployed on Carnegie Mellon's campus. We show that, in the particular instance of access control policies, the proposed framework can be viewed as an extension of the XACML architecture, in which Policy Enforcing Agents offer a particularly powerful way of implementing XACML's Policy Information Point (PIP) and Context Handler functionality. At the same time, our proposed architecture extends to a much wider range of policies and regulations. Empirical results suggest that the semantic framework introduced in this article scales favorably on problems with up to hundreds of services and tens of service directories.     

Partitioning knowledge bases between advanced notification and clinical decision support systems

Clinical decision support system (CDSS) and their logic syntax include the coding of notifications (e.g., Arden Syntax). The following paper will describe the rationale for segregating policies, user preferences and clinical monitoring rules into “advanced notification” and” clinical” components, which together form a novel and complex CDSS. Notification rules and hospital policies are respectively abstracted from care-provider roles and alerting mechanisms. User-defined preferences determine which devices are to be used for receiving notifications. Our design differs from previous notification systems because it integrates a versatile notification platform supporting a wide range of mobile devices with a XML/HL-7 compliant communication protocol.     

Being bored? Recognising natural interest by extensive audiovisual integration for real-life application

Automatic detection of the level of human interest is of high relevance for many technical applications, such as automatic customer care or tutoring systems. However, the recognition of spontaneous interest in natural conversations independently of the subject remains a challenge. Identification of human affective states relying on single modalities only is often impossible, even for humans, since different modalities contain partially disjunctive cues. Multimodal approaches to human affect recognition generally are shown to boost recognition performance, yet are evaluated in restrictive laboratory settings only. Herein we introduce a fully automatic processing combination of Active–Appearance–Model-based facial expression, vision-based eye-activity estimation, acoustic features, linguistic analysis, non-linguistic vocalisations, and temporal context information in an early feature fusion process. We provide detailed subject-independent results for classification and regression of the Level of Interest using Support-Vector Machines on an audiovisual interest corpus (AVIC) consisting of spontaneous, conversational speech demonstrating “theoretical” effectiveness of the approach. Further, to evaluate the approach with regards to real-life usability a user-study is conducted for proof of “practical” effectiveness.     

基于信息流的SELinux策略分析模型

针对SELinux安全策略分析和管理上的困难,提出了一种SELinux信息流分析模型SELIF。首先构造有效安全上下文集合和安全上下文的授权关系,然后根据许可权的信息流语义,用标记转换系统表示的安全上下文关系来刻画信息流。SELIF信息流模型可以直观地表达SELinux策略所描述的安全上下文之间的信息流路径,实现对复杂策略的直观分析和管理。     

PBAC: Provision-based access control model

Over the years a wide variety of access control models and policies have been proposed, and almost all the models have assumed “grant the access request or deny it.” They do not provide any mechanism that enables us to bind authorization rules with required operations such as logging and encryption. We propose the notion of a “provisional action” that tells the user that his request will be authorized provided he (and/or the system) takes certain actions. The major advantage of our approach is that arbitrary actions such as cryptographic operations can all coexist in the access control policy rules. We define a fundamental authorization mechanism and then formalize a provision-based access control model. We also present algorithms and describe their algorithmic complexity. Finally, we illustrate how provisional access control policy rules can be specified effectively in practical usage scenarios. Published online: 22 January 2002     

Steering rules for AGV based on primitive function and elementary movement control

The complete structure of an AGV control system is described in the first part of this paper. The AGV control system is hierarchical and consists of five levels. The structure of one level does not depend on the structures of the other levels. This means that the control system depends on the design of the AGV at the lowest level only, at the actuator servo-control level and its coordination in realizing AGV primitive functions.The second part of the paper describes rules applicable to AGV steering. The structure of these rules depends on two groups of factors. The first group is dependent on information groups fed to the AGV processor by the position sensor. The second group of factors represents aims and conditions and AGV steering such as positioning accuracy, positioning time, allowed room for maneuver, the shape of the given trajectory, etc. The AGV steering rules contain sequences of primitive functions. These primitive functions are of such types as “turn left”, “straighten” (correct), “go straight on”, etc. Trajectory, as one of the basic factors, is defined at the level of controlling an elementary movement. The term “to control an elementary movement” means to select a transport road throughout the transport network and to code it using “elementary movement” such as “go straight” (relating to road section), “turn left” (relating to turning at a crossroad) etc.The results of the AGV steering simulation are presented in the third part of the paper. An exact kinematic AGV model used for stimulating control models is also presented.     

普适计算环境下的动态访问控制模型

普适计算环境下,主体、客体的状态和上下文信息对授权结果具有决定性影响。针对已有授权模型由于主体、客体状态和上下文信息的缺失而导致模型不适合普适计算环境的问题,提出了一种基于主体、客体的状态和环境上下文信息对主体进行动态授权的访问控制模型,论述了模型的构成元素、体系结构和授权算法。与已有模型相比新模型采用统一的模式描述上下文信息对授权的影响,既保证了模型的简单性,又增强了模型的表达能力,更适合于普适计算环境。     

普适计算环境下基于信任度的模糊自适应访问控制模型*

在信任模型基础上,提出一种基于信任度的模糊自适应访问控制模型。该模型扩展信任度的概念,建立权限的区间值模糊策略规则,通过对与主体相关的上下文信息的模糊推理实现授权的有效控制。描述模型的构成要素,研究模型的区间值模糊推理算法,为解决普适计算环境下动态访问控制授权问题提供了一定的技术手段。     

Semantic-based authorization architecture for Grid

There are a few issues that still need to be covered regarding security in the Grid area. One of them is authorization where there exist good solutions to define, manage and enforce authorization policies in Grid scenarios. However, these solutions usually do not provide Grid administrators with semantic-aware components closer to the particular Grid domain and easing different administration tasks such as conflict detection or resolution. This paper defines a proposal based on Semantic Web to define, manage and enforce security policies in a Grid scenario. These policies are defined by means of semantic-aware rules which help the administrator to create higher-level definitions with more expressiveness. These rules also permit performing added-value tasks such as conflict detection and resolution, which can be of interest in medium and large scale scenarios where different administrators define the authorization rules that should be followed before accessing a resource in the Grid. The proposed solution has been also tested providing some reasonable response times in the authorization decision process.     

Personalization of internet telephony services for presence with SIP and extended CPL

This paper discusses issues of personalization of presence services in the context of Internet Telephony. Such services take into consideration the willingness and ability of a user to communicate in a network, as well as possibly other factors such as time, address, etc. Via a three-layer service architecture for communications in the session initiation protocol (SIP) standard, presence system basic services and personalized services (personal policies) are clearly separated and discussed. To enrich presence related services, presence information is illustratively extended from the well known “online” and “offline” indicators to a much broader meaning that includes “location”, “lineStatus”, “role”, “availability”, etc. Based on this, the call processing language (CPL) is extended in order to describe presence related personalized services for both call processing systems and presence systems using information such as a person’s presence status, time, address, language, or any of their combinations. A web-based system is designed and implemented to simulate these advanced services. In the implementation, personal policies are programmed by end users via a graphic user interface (GUI) and are automatically translated into extended CPL. The simulation system clearly displays when, where and what CPL policies should be used for the provision of personalized presence services and call processing services. Policy conflicts are also addressed by setting policy priorities in the system.     

An Adaptive Middleware for Context-Sensitive Communications for Real-Time Applications in Ubiquitous Computing Environments

Context-sensitivity is an important expected capability in applications in ubiquitous computing (ubicomp) environments. These applications need to use different contextual information from the user, host device, on board sensors, network, and the ambient environments to systematically adapt their actions. In addition, some context-sensitive applications may use specific contextual conditions to trigger impromptu and possibly short-lived interactions with applications in other devices. This property, referred to as context-sensitive or context-aware communications, allows applications to form short-range mobile ad hoc networks consisting of mobile and stationary devices, sensors, and other computing resources. Real-time applications, especially those having reactive behavior, running on embedded devices and requiring context-sensitive communications support, pose new challenges related to systematic representation of specific contexts, associations of contexts with real-time actions, timely context data collection and propagation, and transparent context-sensitive connection establishment. An object-based middleware can be effective to meet these challenges if such a middleware can provide a well-defined development framework as well as lightweight runtime services. In this paper, an adaptive and object-based middleware, called reconfigurable context-sensitive middleware (RCSM) is presented to facilitate context-sensitive communications in ubicomp environments. To facilitates context-sensitive communications, RCSM provides a context-aware interface definition language for specifying context-sensitive interfaces of real-time objects, an object container framework for generating interfaces-specific context-analyzers, and a context-sensitive object request broker for context-sensitive object discovery and impromptu connection management. RCSM is adaptive in the sense that depending on the context-sensitive behavior of the applications, it adapts its object discovery and connection management mechanisms.     

Towards an algebraic theory of information integration

Information integration systems provide uniform interfaces to varieties of heterogeneous information sources. For query answering in such systems, the current generation of query answering algorithms in local-as-view (source-centric) information integration systems all produce what has been thought of as “the best obtainable” answer, given the circumstances that the source-centric approach introduces incomplete information into the virtual global relations. However, this “best obtainable” answer does not include all information that can be extracted from the sources because it does not allow partial information. Neither does the “best obtainable” answer allow for composition of queries, meaning that querying a result of a previous query will not be equivalentto the composition of the two queries. In this paper, we provide a foundation for information integration, based on the algebraic theory of incomplete information. Our framework allows us to define the semantics of partial facts and introduce the notion of the exact answer—that is the answer that includes partial facts. We show that querying under the exact answer semantics is compositional. We also present two methods for actually computing the exact answer. The first method is tableau-based, and it is a generalization of the “inverse-rules” approach. The second, much more efficient method, is a generalization of the rewriting approach, and it is based on partial containment mappings introduced in the paper.     

A network access control approach based on the AAA architecture and authorization attributes

Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or Mobile IP. This paper presents a particular scenario where access rules are based not only on the identity of the different users but also on authorization data related to those users. In order to accomplish this general goal, it will be necessary to add to the traditional system-specific services for authentication and authorization, and also some entities able to manage the information related to identity, roles and permissions. Network access will be based on the 802.1X framework and the Authentication, Authorization, and Accounting (AAA) architecture, as they constitute the basis for most of the existing proposals for limiting the access to a restricted network. These proposals will be extended making use of an authorization infrastructure based on SAML statements, the RBAC model, and XACML as the main language for expressing authorization policies. The solution that we present in this paper is a consequence of an exhaustive and non-trivial analysis of the different mechanisms that could be used to provide this kind of service. As we will see, the correct integration of these different mechanisms leads to the definition of a scalable and versatile network access control system which conforms to the guidelines outlined by the AAA initiative.     

普适计算环境中基于上下文的使用控制模型

使用控制模型可以解决普适计算环境中访问控制的动态授权问题,但该模型没有考虑上下文信息。为此,提出一种普适计算环境中基于上下文的使用控制模型。在使用决策因素中增加上下文信息,包括时间、位置和环境因素,采用行为时态逻辑定义模型的核心规则集。以基于普适计算的智能教室为实例进行分析,证明该模型在普适计算环境中的有效性。