Semantic service provisioning for smart objects: Integrating IoT applications into the web

Internet of Things (IoT) applications residing on the Web are the next logical development of the recent effort from academia and industry to design and standardize new communication protocols for smart objects. This paper proposes the service provisioning architecture for smart objects with semantic annotation to enables the integration of IoT applications into the Web. We aim to bring smart object services to the Web and make them accessible by plenty of existing Web APIs in consideration of its constraints such as limited resources (ROM, RAM, and CPU), low-power microcontrollers, and low-bitrate communication links.     

An innovative simulation environment for cross-domain policy enforcement

With the development of policy management systems, policy-based management has been introduced in cross-domain organization collaborations and system integrations. Theoretically, cross-domain policy enforcement is possible, but in reality different systems from different organizations or domains have very different high-level policy representations and low-level enforcement mechanisms, such as security policies and privacy configurations. To ensure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed prior to actual policy deployment and enforcement code development. In most cases, we have to manually write enforcement codes for all organizations or domains involved in every collaboration activity, which is a huge task. The goal of this paper is to propose an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire environment is used to simulate the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span multiple domains. The middleware derived from this simulation environment can also be used to generate policy enforcement components directly for permanent integration or temporary interaction. This middleware provides various functions to enforce policies automatically or semi-automatically across domains, such as collecting policies of each participant domain in a new collaboration, generating policy models for each domain, and mapping specific policy rules following these models to different enforcement mechanisms of participant domains.     

IEEE1451标准智能传感器中网络应用处理器的实现

IEEE1451智能传感器接口标准为网络化传感器的互操作性与互换性提供了解决方案,在该协议的基础上,研制了系列IEEE1451标准网络化智能传感器,关键模块包括网络应用处理器(NCAP)和智能传感器模块(STIM)。详细介绍NCAP的实现方法;重点讨论关键技术的实现及其注意事项,最后,给出测试结果。通过实际测试,NCAP符合IEEE1451国际标准,传输速率达到8Mb it/s以上,能够应用于大型分布式测控领域。     

Specification and enforcement of flexible security policy for active cooperation

Interoperation and services sharing among different systems are becoming new paradigms for enterprise collaboration. To keep ahead in strong competition environments, an enterprise should provide flexible and comprehensive services to partners and support active collaborations with partners and customers. Achieving such goals requires enterprises to specify and enforce flexible security policies for their information systems. Although the area of access control has been widely investigated, current approaches still do not support flexible security policies able to account for different weighs that typically characterize the various attributes of the requesting parties and transactions and reflect the access control criteria that are relevant for the enterprise. In this paper we propose a novel approach that addresses such flexibility requirements while at the same time reducing the complexity of security management. To support flexible policy specification, we define the notion of restraint rules for authorization management processes and introduce the concept of impact weight for the conditions in these restraint rules. We also introduce a new data structure for the encoding of the condition tree as well as the corresponding algorithm for efficiently evaluating conditions. Furthermore, we present a system architecture that implements above approach and supports interoperation among heterogeneous platforms.     

Attribute-based encryption and sticky policies for data access control in a smart home scenario: a comparison on networked smart object middleware

International Journal of Information Security - Regulating the access to the Internet of Things (IoT) network’s resources is a complex-prone task, which requires to pay a great attention on...     

Steps towards a method for the formal modeling of dynamic objects

Fragments of a method to formally specify object-oriented models of a universe of discourse are presented. The task of finding such models is divided into three subtasks, object classification, event specification, and the specification of the life cycle of an object. Each of these subtasks is further subdivided, and for each of the subtasks heuristics are given that can aid the analyst in deciding how to represent a particular aspect of the real world. The main sources of inspiration are Jackson System Development, algebraic specification of data- and object types, and algebraic specification of processes.     

A policy enforcement framework for verification and control of service collaboration

This paper proposes a policy enforcement framework to dynamically verify and control the collaboration process in Service-Oriented Architecture (SOA). Dynamic SOA collaboration is different from traditional service collaboration where the workflow is pre-defined at design time while the services used can be discovered at runtime. In dynamic collaboration, both the workflows and services can be determined at runtime. As they will be determined at runtime, many verification activities can be performed at runtime. This paper proposes a dynamic policy enforcement framework that follows the dynamic SOA collaboration process to ensure that various system constraints can be enforced at runtime. The framework includes a policy specification language, a policy completeness and consistency checking, and distributed policy enforcement. Finally, this paper presents the construction of a sample example to illustrate these features with quantitative performance data.     

A meta-control architecture for orchestrating policy enforcement across heterogeneous information sources

There is increasing demand from both organizations and individuals for technology capable of enforcing sophisticated, context-sensitive policies, whether security and privacy policies, corporate policies or policies reflecting various regulatory requirements. In open environments, enforcing such policies requires the ability to reason about the policies themselves as well as the ability to dynamically identify and access heterogeneous sources of information. This article introduces a semantic web framework and a meta-control model to orchestrate policy reasoning with the identification and access of relevant sources of information. Specifically, sources of information are modeled as web services with rich semantic profiles. Policy Enforcing Agents rely on meta-control strategies to dynamically interleave semantic web reasoning and service discovery and access. Meta-control rules can be customized to best capture the requirements associated with different domains and different sets of policies. This architecture has been validated in the context of different environments, including a collaborative enterprise domain as well as several mobile and pervasive computing applications deployed on Carnegie Mellon's campus. We show that, in the particular instance of access control policies, the proposed framework can be viewed as an extension of the XACML architecture, in which Policy Enforcing Agents offer a particularly powerful way of implementing XACML's Policy Information Point (PIP) and Context Handler functionality. At the same time, our proposed architecture extends to a much wider range of policies and regulations. Empirical results suggest that the semantic framework introduced in this article scales favorably on problems with up to hundreds of services and tens of service directories.     

IEEE1451.2智能传感器标准在纺织厂中的应用探讨

现代信息技术的发展对纺织行业的发展有着重要的贡献,在纺织企业生产测控系统中有着良好的应用。本文分析了纺织企业测控系统中传感器的应用现状,介绍了基于IEEE1451.2标准的传感器结构,对该标准在纺织行业测控系统中应用分析表明：基于该标准的传感器在纺织企业中应用是可行和必要的。     

安全增强的智能电网轻量级匿名认证方案

现有的智能电网身份认证方案大多存在计算成本高和认证流程复杂的问题,不适用于智能电网中资源受限的智能设备。而一些轻量级的方案却存在各种安全漏洞,这些方案都无法在效率和安全性之间实现所需的权衡。针对上述问题,基于椭圆曲线加密算法设计了一个增强的可证明安全的智能电网轻量级匿名认证方案。引入辅助验证器,摆脱在认证阶段对于电力供应商的依赖,在保护智能电表真实身份的条件下实现网关和智能电表之间的相互认证。同时,可以通过伪身份对恶意智能电表进行身份的溯源和撤销。通过在随机预言模型下的安全性分析和仿真工具ProVerif证明了方案具备较高的安全属性。性能分析表明,所提方案能够满足智能电网环境下对于安全性和高效性的要求。     

Human control of complex objects: towards more dexterous robots

Manipulation of objects with underactuated dynamics remains a challenge for robots. In contrast, humans excel at ‘tool use’ and more insight into human control strategies may inform robotic control architectures. We examined human control of objects that exhibit complex – underactuated, nonlinear, and potentially chaotic dynamics, such as transporting a cup of coffee. Simple control strategies appropriate for unconstrained movements, such as maximizing smoothness, fail as interaction forces have to be compensated or preempted. However, predictive control based on internal models appears daunting when the objects have nonlinear and unpredictable dynamics. We hypothesized that humans learn strategies that make these interactions predictable. Using a virtual environment subjects interacted with a virtual cup and rolling ball using a robotic visual and haptic interface. Two different metrics quantified predictability: stability or contraction, and mutual information between controller and object. In point-to-point displacements subjects exploited the contracting regions of the object dynamics to safely navigate perturbations. Control contraction metrics showed that subjects used a controller that exponentially stabilized trajectories. During continuous cup-and-ball displacements subjects developed predictable solutions sacrificing smoothness and energy efficiency. These results may stimulate control strategies for dexterous robotic manipulators and human–robot interaction.     

Security distributed state estimation for nonlinear networked systems against DoS attacks

This paper is concerned with security distributed state estimation for nonlinear networked systems against denial‐of‐service attacks. By taking the effects of resource constraints into consideration, an event‐triggered scheme and a quantization mechanism are employed to alleviate the burden of network. A mathematical model of distributed state estimation is constructed for nonlinear networked systems against denial‐of‐service attacks. Sufficient conditions ensuring the exponential stability of the estimation error systems are obtained by utilizing the Lyapunov stability theory. The explicit expressions of the designed state estimators are acquired in terms of the linear matrix inequalities. Finally, a numerical example is used to testify the feasibility of the proposed method.     

SEMD: Secure and efficient message dissemination with policy enforcement in VANET

Vehicular ad hoc network (VANET) is an increasing important paradigm, which not only provides safety enhancement but also improves roadway system efficiency. However, the security issues of data confidentiality, and access control over transmitted messages in VANET have remained to be solved. In this paper, we propose a secure and efficient message dissemination scheme (SEMD) with policy enforcement in VANET, and construct an outsourcing decryption of ciphertext-policy attribute-based encryption (CP-ABE) to provide differentiated access control services, which makes the vehicles delegate most of the decryption computation to nearest roadside unit (RSU). Performance evaluation demonstrates its efficiency in terms of computational complexity, space complexity, and decryption time. Security proof shows that it is secure against replayable choosen-ciphertext attacks (RCCA) in the standard model.     

基于语义Web技术的策略安全方法

基于语义Web技术延伸策略管理的范畴,在实现Web安全访问控制的同时通过推理也实现了策略的动态调整过程,提出了一种实现安全Web服务访问的多层策略方法,对下一代Web服务应用进行了有益的探索.     

面向优先级用户的移动边缘计算任务调度策略

随着移动终端处理的数据量及计算规模不断增加,为降低任务处理时延、满足任务的优先级调度需求,结合任务优先级及时延约束,提出了基于任务优先级的改进min-min调度算法（task priority-based min-min,TPMM）。该算法根据任务的处理价值及任务的数据量计算任务的优先级,结合任务截止时间、服务器调度次数制定资源匹配方案,解决了边缘网络中服务器为不同优先级的用户进行计算资源分配的问题。仿真实验结果表明,该算法可以均衡服务器利用率,并有效降低计算处理的时延,提高服务器在任务截止处理时间内完成任务计算的成功率,相比min-min调度算法,TPMM算法最多可降低78.45%的时延,提高80%的计算成功率;相比max-min调度算法,TPMM算法最多可降低80.15%的时延并提高59.7%的计算成功率;相比高优先级（high priority first,HPF）调度算法,TPMM算法最多降低59.49%的时延,提高57.7%的计算成功率。