Supporting flexible streaming media protection through privacy-aware secure processors

Due to the explosion of Internet technology in the last decade, there is an increasing demand for secure and effective streaming media protection (SMP) in the new computing environment. Since end users usually have the full control of their machines, pure software based approaches such as user/password validation and group key based content encryption, are not sufficient to defend many attacks, in particular, malicious key sharing. On the other hand, existing hardware-based approaches tend to be too restrictive to adopt.The emerging secure processor designs provide a new direction for hardware assisted streaming media protection (H-SMP). The research in the computer architecture community has shown that secure processors can help to defend various types of attacks such as those with a hijacked and malicious OS. However existing designs focus on securing point-to-point data transfers and face both privacy and performance issues when supporting group-oriented applications, e.g. video on-demand. In this paper, we present privacy-aware secure processor designs for H-SMP against key sharing. We first categorize different protection policies, compare their advantages and disadvantages, and then discuss the novel hardware enhancements including instruction set extensions for supporting these policies. We elaborate the implementation details and present the security and performance analyses.     

Mobile services access and payment through reusable tickets

Third-generation mobile systems (3G) such as Universal Mobile Telecommunications Service (UMTS) bring mobile users a broad range of new value-added services (VASs). For mobile access across multiple service domains, the traditional access mechanisms require the exchange of authentication information between the home domain and the foreign domain using roaming agreements. This requirement involves complicated and expensive authentication activities in large scale mobile networks. This paper proposes a lightweight service access mechanism in which the computation complexity is low on the mobile device and the ticket can be reused. It introduces two hash chains: an authentication chain and a payment chain. The authentication chain allows a ticket to be reused and achieves mutual authentication and non-repudiation. The payment chain is lightweight, practical and likely to avoid re-initialization. Security analysis and comparison with related works indicate that our proposal is more appropriate for mobile communication networks.     

A secure and flexible authentication system for digital images

Authentication of image data is a challenging task. Unlike data authentication systems that detect a single bit change in the data, image authentication systems must remain tolerant to changes resulting from acceptable image processing or compression algorithms while detecting malicious tampering with the image. Tolerance to the changes due to lossy compression systems is particularly important because in the majority of cases images are stored and transmitted in compressed form, and so it is important for verification to succeed if the compression is within the allowable range.In this paper we consider an image authentication system that generates an authentication tag that can be appended to an image to allow the verifier to verify the authenticity of the image. We propose a secure, flexible, and efficeint image authentication algorithm that is tolerant to image degradation due to JPEG lossy compression within designed levels. (JPEG is the most widely used image compression system and is the de facto industry standard.) By secure we mean that the cost of the best known attack againt the system is high, by flexible we mean that the level of protection can be adjusted so that higher security can be obtained with increased length of the authentication tag, and by efficient we mean that the computation can be performed largely as part of the JPEG compression, allowing the generation of the authentication tag to be efficiently integrated into the compression system. The authentication tag consists of a number of feature codes that can be computed in parallel, and thus computing the tag is effectively equivalent to computing a single feature code. We prove the soundness of the algorithm and show the security of the system. Finally, we give the results of our experiments.     

Achieving Incremental Compilation through Fine-grained Builds

Traditional programming environments represent program source code as a set of source files. These files have various ‘dependencies’ on each other, such that a file needs recompilation if it depends on a file which has changed. A ‘build tool’ is used to process these dependencies and bring the application ‘up-to-date’. An example of a build tool is the UNIX ‘make’. This paper examines what happens when the dependencies used by the build tool are expressed between functions (or objects) rather than between files. Qualitative differences arise from the difference in granularity. The result is an effective incremental compilation programming environment, based on the C++ language. It is called ‘Barbados’, and is fully implemented. The environment resembles an interpreter in that changes to source code appear to be immediately reflected in all object code, except that errors are reported early as in compiled systems. Incremental compilation is not a well-used technology, possibly because the ‘fine-grain build’ problem is not well understood. Nevertheless, incremental compilation systems do exist. The advantages of the system described here are that it works with relatively standard compilation technology, it works for the C++ language including the preprocessor, it is an elegant solution and it is more efficient than competing algorithms. © 1997 by John Wiley & Sons, Ltd.     

Achieving competitive advantage through information management

Healthcare organizations exist to deliver quality services at appropriate prices. The issue, of course, is how to define quality services and appropriate prices--or, in other words, how to compete. To ignore this question is to invite erosion of market share and deterioration of margins--the twin components of superior performance.     

Achieving distributed control through model checking

We apply model checking of knowledge properties to the design of distributed controllers that enforce global constraints on concurrent systems. The problem of synthesizing a distributed controller is undecidable in the general case. We thus look at a variant of the synthesis problem that allows adding temporary synchronizations between processes. We calculate when processes can decide autonomously, based on their knowledge, whether to take or block an action so that the global constraint is not violated. The local knowledge of processes may not suffice to control the processes so as to achieve the global constraint without introducing new deadlocks. When individual processes cannot take a decision alone based on their knowledge, one may coordinate several processes to achieve joint knowledge in order to take joint decisions. A fixed coordination among sets of processes may severely degrade concurrency. Therefore, we propose the use of temporary coordinations. Since realizing such coordinations on a distributed platform induces communication overhead, we strive to minimize their number. We show how this framework is applied to the case of synthesizing a distributed controller for enforcing a priority order. Finally, we show that the general undecidability of distributed synthesis without adding synchronization holds even for the particular problem of enforcing a priority order.     

Achieving secure data access control and efficient key updating in mobile multimedia sensor networks

Multimedia Tools and Applications - MMSN is a new type of wireless sensor networks, which can satisfy the demands of capturing various structures of multimedia data. Due to its better performance...     

ASEP: a secure and flexible commit protocol for MLS distributeddatabase systems

The classical Early Prepare (EP) commit protocol, used in many commercial systems, is not suitable for use in multi-level secure (MLS) distributed database systems that employ a locking protocol for concurrency control. This is because EP requires that read locks are not released by a participant during their window of uncertainty; however, it is not possible for a locking protocol to provide this guarantee in a MLS system (since the read lock of a higher-level transaction on a lower-level data object must be released whenever a lower-level transaction wants to write the same data). The only available work in the literature, namely the Secure Early Prepare (SEP) protocol, overcomes this difficulty by aborting those distributed transactions that release their low-level read locks prematurely. We see this approach as being too restrictive. One of the major benefits of distributed processing is its robustness to failures, and SEP fails to take advantage of this. In this paper, we propose the Advanced Secure Early Prepare (ASEP) commit protocol to solve the above problem, together with a number of language primitives that can be used as system calls in distributed transactions. These primitives permit features like partial rollback and forward recovery to be incorporated within the transaction model, and allow a distributed transaction to proceed even when a participant has released its low-level read locks prematurely. This not only offers flexibility, but can also be used, if desired, by a sophisticated programmer to trade off consistency for atomicity of the distributed transaction     

Achieving adaptively secure data access control with privacy protection for lightweight IoT devices

The Internet of things (IoT) technology has been used in a wide range of fields,ranging from industrial manufacturing to daily lives.The IoT system contains num...     

Flexible secure inter-domain interoperability through attribute conversion

The access control policy of an application that is composed of interoperating components/services is defined in terms of the access control policies enforced by the respective services. These individual access control policies are heterogenous in the sense that the services may be independently developed and managed and it is not practical to assume that all policies are defined with respect to some uniform domain vocabulary of policy attributes. A framework is described that provides a domain mapping for heterogenous policies. A fuzzy-based conversion mechanism determines the degree to which an access control attribute of one (service) policy may safely interoperate with an access control attribute of another (service) policy. The approach is scalable in the sense that it is not necessary to a priori specify every pairwise policy interoperation relationship, rather, where obvious interpretations exist then policy relationships are specified, while other relationships are inferred using the fuzzy mechanism.     

Achieving Learning Objectives through E-Voting Case Studies

The rapidly increasing use of electronic voting machines in US elections provides a wonderful opportunity to teach students about computer security. In this article, we present an informal e-voting case study to achieve five learning outcomes for students in a typical college (or even high school) classroom. Our intent is to motivate a set of lessons specifically involving e-voting, as well as illustrate the usefulness of mapping outcomes to simplified case studies: (i) understanding how to write a "security specification", (ii) learning about different forms of security policies, (iii) understanding confidentiality, privacy, and information flow, (iv) recognizing the importance of considering usability from a security perspective, and (v) identifying assurances role in establishing confidence in results     

Achieving Mobile Agent Systems interoperability through software layering

Interoperability is a key issue for a wider adoption of mobile agent systems (MASs) in heterogeneous and open distributed environments where agents, in order to fulfill their tasks, must interact with non-homogeneous agents and traverse different agent platforms to access remote resources. To date, while several approaches have been proposed to deal with different aspects of MAS interoperability, they all lack the necessary flexibility to provide an adequate degree of interoperability among the currently available MASs. In this paper, we propose an application-level approach grounded in the software layering concept, which enables execution, migration and communication interoperability between Java-based mobile agent systems, thus overcoming major setbacks affecting the other approaches currently proposed for supporting MAS interoperability. In particular, we define a Java-based framework, named JIMAF, which relies on an event-driven, proxy-based mobile agent model and supports interoperable mobile agents which can be easily coded and adapted to existing MASs without any modifications of the MAS infrastructures. Results from the performance evaluation of MAS interoperability was carried by using JIMAF atop Aglets, Ajanta, Grasshopper, and Voyager, demonstrating that the high-level JIMAF approach offers high efficacy while maintaining overhead at acceptable levels for target computing environments.     

Achieving it consultant objectives through client project success

Improving project performance is an important objective in IS project management. In consultant-assisted IS projects, however, consulting organizations may have additional objectives, such as knowledge acquisition and future business growth. In this study, we examined the relationship between client and consultant objectives and the role of coordination in affecting the achievement of these objectives. A research model was developed and tested using 199 consultant-assisted projects. The results showed that the achievement of consultant objectives was dependent upon the achievement of client objectives and that coordination had a positive impact on both client and consultant objectives.     

Achieving high-precision laparoscopic manipulation through adaptive force control

In this paper, we present a new solution to laparoscopic manipulation based on forcefeedback control. This method allows us to both explicitely control the forces applied to the patient through the trocar and to precisely control the position of the surgical instrument. It does not require any geometrical model of the operative environment nor any fine robot base placement prior to the instrument insertion. Different adaptive control strategies involving different kinds of sensory equipments are proposed. These strategies are experimentally validated on a laboratory apparatus. An experiment is also presented where a laparoscope held by the robot's arm tracks a target through visual servoing.     

一种基于球面调和函数的柔性体建模方法实现

给出了球面调和函数表达柔性体模型的原理,重点探讨了一种新的基于球面调和函数多尺度性的虚拟柔性体建模方法的实现机理。实验结果表明,该方法可以实现柔性物体的精确建模和实时表达,适合应用于虚拟现实的柔性物体碰撞检测、虚拟手术等对场景实时性要求较高的领域。     

Rapid and flexible prototyping through a dual-robot workcell

With the advancement of CAD/CAM and robot technologies, applying robots for rapid prototyping applications has become a growing trend. However, a single robot can only perform limited prototyping tasks. Compared to a single robot, a dual-robot workcell can have greater structure flexibility, production efficiency, and system reliability due to the inherent parallelism and duality of robots. This paper presents the development and implementation of a dual-robot workcell for prototyping of 3D models. First, kinematic models of both robots in the workcell are established. Then, the concepts of five-axis machining configurations, postprocessing, off-line robot path generation and the dual-robot control scheme are presented. Finally, details of cutting experiments are provided to demonstrate the effectiveness of the system. The results show that the proposed dual-robot workcell is flexible and efficient for prototyping complex components in the current industrial environment.     

Window环境下搭建基于OpenSSL的安全Apache服务

Internet上的Web服务越来越多,网络安全的形势日益严峻,如何在一个可靠的WEB服务器上搭建安全的信息通道的问题显得越来越突出,Apache由于其开源、高效、稳定、免费等优势,在Web服务器中所占的份额越来越大,对此,本文介绍了一种在Apache中通过OpenSSL来增加Web安全的方法。