A unified and flexible solution for integrating CRL and OCSP into PKI applications

Public key certificates (PKCs) are used nowadays in several security protocols and applications, so as to secure data exchange via transport layer security channels, or to protect data at the application level by means of digital signatures. However, many security applications often fail to manage properly the PKCs, in particular when checking their validity status. These failures are partly due to the lack of experience (or training) of the users who configure these applications or protocols, and partly due to the scarce support offered by some common cryptographic libraries to the application developers. This paper describes the design and implementation of a light middleware dealing with certificate validation in a unified way. Our middleware exploits on one side the libraries that have already been defined or implemented for certificate validation, and it constructs a thin layer, which provides flexibility and security features to the upper layer applications. In our current approach, this layer boasts an integrated approach to support various certificate revocation mechanisms, it protects the applications from some common security attacks, and offers several configuration and performance options to the programmers and to the end users. We describe the architecture of this approach as well as its practical implementation in the form of a library based on the famous OpenSSL security library, and that can be easily integrated with other certificate‐aware security applications. Copyright © 2009 John Wiley & Sons, Ltd.     

Methods for evaluating volunteers’ contributions in a deforestation detection citizen science project

Today, due to the availability of free remote sensing data, efficient algorithms for image classification and increased connectivity and computing power, together with international policy initiatives, such as the United Nations Programme on Reducing Emissions from Deforestation and Forest Degradation (UN-REDD), more and more countries are investing in their own national forest monitoring schemes. However, tropical forests remain under threat worldwide. Recently, a citizen science project that enables citizens around the globe to be involved in forest monitoring tasks has been proposed, called “ForestWatchers” (www.forestwatchers.net). Its main goal is to allow volunteers (many of them with no scientific training) around the globe, with their own smartphones, tablets and notebooks, review satellite images of forested regions and confirm whether automatic assignments of forested and deforested regions are correct. Inspected images are then sent to a central database where the results are integrated to generate up-to-date deforestation maps. This approach offers a low-cost way to both strengthen the scientific infrastructure and engage members of the public in science. Here, we describe the methods developed within the scope of the ForestWatchers project to assess the volunteers’ performance. These tools have been evaluated with data of two of the project’s preliminary tasks. The first, called “BestTile”, asks volunteers to select which of several images of the same area has the least cloud cover, while in the second, called “Deforestation”, volunteers draw polygons on satellite images delimiting areas they believe have been deforested. The results from more than 500 volunteers show that using simple statistical tests, it is possible to achieve a triple goal: to increase the overall efficiency of the data collecting tasks by reducing the required number of volunteers per task, to identify malicious behavior and outliers, and to motivate volunteers to continue their contributions.     

A rule‐based approach to detect and prevent inconsistency in the domain‐engineering process

A medium‐sized domain‐engineering process can contain thousands of features that all have constraint dependency rules between them. Therefore, the validation of the content of domain‐engineering process is vital to produce high‐quality software products. However, it is not feasible to do this manually. This paper aims to improve the quality of the software products generated by the domain‐engineering process by ensuring the validity of the results of that process. We propose rules for two operations: inconsistency detection and inconsistency prevention. We introduce first‐order logic (FOL) rules to detect three types of inconsistency and prevent the direct inconsistency in the domain‐engineering process. Developing FOL rules to detect and prevent inconsistency in the domain‐engineering process directly without the need to the configuration process is our main contribution. We performed some experiments to test the scalability and applicability of our approach on domain‐engineered software product lines containing 1000 assets to 20000 assets. The results show that our approach is scalable and could be utilized to improve the domain‐engineering process.     

关于仿真模型验证

本文对国内外仿真模型的发展进行了述评,陈述了仿真模型验证的定义和有关概念,提出了模型验证的区间假设检验法,介绍了自相关函数检验法。     

仿真可信性的研究综述

从概念性研究、技术方法和工程应用等三个方面综述了仿真可信性研究的发展。．     

Identification schemes for unmanned excavator arm parameters

Parameter identification is a key requirement in the field of automated control of unmanned excavators （UEs）. Furthermore, the UE operates in unstructured, often hazardous environments, and requires a robust parameter identification scheme for field applications. This paper presents the results of a research study on parameter identification for UE. Three identification methods, the Newton-Raphson method, the generalized Newton method, and the least squares method are used and compared for prediction accuracy, robustness to noise and computational speed. The techniques are used to identify the link parameters （mass, inertia, and length） and friction coefficients of the full-scale UE. Using experimental data from a full-scale field UE, the values of link parameters and the friction coefficient are identified. Some of the identified parameters are compared with measured physical values. Furthermore, the joint torques and positions computed by the proposed model using the identified parameters are validated against measured data. The comparison shows that both the Newton-Raphson method and the generalized Newton method are better in terms of prediction accuracy. The Newton-Raphson method is computationally efficient and has potential for real time application, but the generalized Newton method is slightly more robust to measurement noise. The experimental data were obtained in collaboration with QinetiQ Ltd.     

Safe design of high-performance embedded systems in an MDE framework

In this paper, we use the UML MARTE profile to model high-performance embedded systems (HPES) in the GASPARD2 framework. We address the design correctness issue on the UML model by using the formal validation tools associated with synchronous languages, i.e., the SIGALI model checker, etc. This modeling and validation approach benefits from the advantages of UML as a standard, and from the number of validation tools built around synchronous languages. In our context, model transformations act as a bridge between UML and the chosen validation technologies. They are implemented according to a model-driven engineering approach. The modeling and validation are illustrated using the multimedia functionality of a new-generation cellular phone.     

Business Object Modeling, Validation, and Mediation for Integrating Heterogeneous Application Systems

When different business organizations come together to conduct a joint business in a virtual enterprise environment, their application systems need to have a convenient way to specify the services needed from other systems and to transfer data needed by these services. The transferred data needs to be validated and, in some cases, mediated to meet the constraints and data representation requirements of both the source and target application systems. Ideally, the validation and mediation tasks should be done outside of the legacy application systems so that these systems do not have to be modified. In this work, the Business Object Documents (BODs) introduced by the Open Applications Group (OAG) are used for specifying business operations and transferring data among application systems. We use an active object model to model BODs. The model captures not only the data attributes and methods associated with these business objects, but also events and rules for specifying and triggering the enforcement of attribute constraints and inter-attribute constraints and the activation of data mediation operations. The conceptual models of these BODs with their added semantics are used to generate entity classes, converters and skeletal programs needed for enforcing constraints and for converting data. These generated object classes and software components in Java constitute the platform-independent adapters through which heterogeneous application systems inter-operate over CORBA and RMI communication infrastructures. A distributed approach to data validation and mediation is used. It allows the generated code for validation and mediation to be distributed and processed at different sites, thus avoiding the potential network bottleneck of a centralized approach to the validation and mediation of business object documents.     

Empirical validation of referential integrity metrics

Databases are the core of Information Systems (IS). It is, therefore, necessary to ensure the quality of the databases in order to ensure the quality of the IS. Metrics are useful mechanisms for controlling database quality. This paper presents two metrics related to referential integrity, number of foreign keys (NFK) and depth of the referential tree (DRT) for controlling the quality of a relational database. However, to ascertain the practical utility of the metrics, experimental validation is necessary. This validation can be carried out through controlled experiments or through case studies. The controlled experiments must also be replicated in order to obtain firm conclusions. With this objective in mind, we have undertaken different empirical work with metrics for relational databases. As a part of this empirical work, we have conducted a case study with some metrics for relational databases and a controlled experiment with two metrics presented in this paper. The detailed experiment described in this paper is a replication of the later one. The experiment was replicated in order to confirm the results obtained from the first experiment.

As a result of all the experimental works, we can conclude that the NFK metric is a good indicator of relational database complexity. However, we cannot draw such firm conclusions regarding the DRT metric.     

改进的选择神经网络结构的方法

有关人工神经网络作为在线状态估计器组成基于神经网络的传感器故障检测的研究已有报导。但是这些文章中没有提到如何选择神经网络的结构。神经网络的输入延迟数和隐基单元数影响其对系统的拟合精度,从而影响故障检测的灵敏度。研究了一些现有的选择神经网络结构的方法,以系统化的交叉证实法为基础,经过改进,提出了针对作为在线状态估计器的神经网络选择输入延迟数和隐层单元数的系统化的方法,并用某船在试验场中航行时平台罗经输出的一段数据作了仿真,结果证明该法可行,具有工程实用意义。