A queueing network model for a distributed database testbed system

A queuing network model for analyzing the performance of a distributed database testbed system with a transaction workload is developed. The model includes the effects of the concurrency control protocol (two-phase locking with distributed deadlock detection), the transaction recovery protocol (write-ahead logging of before-images), and the commit protocol (centralized two-phase commit) used in the testbed system. The queuing model differs from previous analytical models in three major aspects. First, it is a model for a distributed transaction processing system. Second, it is more general and integrated than previous analytical models. Finally, it reflects a functioning distributed database testbed system and is validated against performance measurements     

A distributed semantic network model for a collaborative intelligent system

A methodology based on topology theory to model a semantic network for a collaborative system is given. This framework is used to support the creation of a semantic network and to define the associated intelligent cooperative system. Our methodology is illustrated via a set of agents whose knowledge-base is a semantic network. By a series of functions applied on a base of entities, issued from the application domain, a family of sets are synthesized with their subspaces correlated. The resultant subspaces and their relations form a network of elementary and complex concepts that can be naturally represented with the IDEF1x language. A prototype Multi-Agent System (MAS), set up with the Zeus platform,¹ was developed for the Process Plan domain, which was used as a case study. Full correspondence among the subspaces, the semantic network IDEF1x information model and the MAS implementation is obtained by employing this framework.     

A distributed collaborative product design environment based on semantic norm model and role-based access control

With the boom of Internet Technology, it becomes possible to combine designers from different disciplines into one team to support product design globally. In this paper, a distributed collaborative product design environment is presented to support top-down process oriented product design. In conceptual design stage, the artifact is managed by semantic norm model (SNM). In SNM, the designers can define virtual components at early design stage and instantiate those components at later detailed design stage. By role-based access control (RBAC), different roles with corresponding permissions could be assigned to distributed designers, and the designers could concurrently modify different components of the product relevant to his or her roles. Based on the SNM and RBAC system, a distributed collaborative product design environment is developed and the top-down oriented product design process is demonstrated.     

A role-involved purpose-based access control model

This paper presents a role-involved purpose-based access control (RPAC) model, where a conditional purpose is defined as the intention of data accesses or usages under certain conditions. RPAC allows users using some data for a certain purpose with Conditions (For instance, Tony agrees that his income information can be used for marketing purposes by removing his name). The structure of RPAC model is investigated after defining access purposes, intended purposes and conditional purposes. An algorithm is developed with role-based access control (RBAC) to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects). Access purpose authorization and authentication in the RPAC model are studied with the hierarchical purpose structure. According to the model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers’ data. It extends role-based access control models to a further coverage of privacy preservation in database management systems by adopting purposes and conditional intended purposes and to achieve a fine-grained access control. The work in this paper helps enterprises to circulate a clear privacy promise, and to collect and manage user preferences and consent.     

Policy-based spectrum access control for dynamic spectrum access network radios

We describe the design of a policy-based spectrum access control system for the Defense Advanced Research Projects Agency (DARPA) NeXt Generation (XG) communications program to overcome harmful interference caused by a malfunctioning device or a malicious user. In tandem with signal-detection-based interference-avoidance algorithms employed by cognitive software-defined radios (SDR), we design a set of policy-based components, tightly integrated with the accredited kernel on the radio device. The policy conformance and enforcement components ensure that a radio does not violate machine understandable policies, which are encoded in a declarative language and which define stakeholders’ goals and requirements. We report on our framework experimentation, illustrating the capability offered to radios for enforcing policies and the capability for managing radios and securing access control to interfaces changing the radios’ policies.     

Resource access control for dynamic priority distributed real-time systems

Many of today’s complex computer applications are being modeled and constructed using the principles inherent to real-time distributed object systems. In response to this demand, the Object Management Group’s (OMG) Real-Time Special Interest Group (RT SIG) has worked to extend the Common Object Request Broker Architecture (CORBA) standard to include real-time specifications. This group’s most recent efforts focus on the requirements of dynamic distributed real-time systems. One open problem in this area is resource access synchronization for tasks employing dynamic priority scheduling. This paper presents two resource synchronization protocols that meet the requirements of dynamic distributed real-time systems as specified by Dynamic Scheduling Real-Time CORBA 2.0 (DSRT CORBA). The proposed protocols can be applied to both Earliest Deadline First (EDF) and Least Laxity First (LLF) dynamic scheduling algorithms, allow distributed nested critical sections, and avoid unnecessary runtime overhead. These protocols are based on (i) distributed resource preclaiming that allocates resources in the message-based distributed system for deadlock prevention, (ii) distributed priority inheritance that bounds local and remote priority inversion, and (iii) distributed preemption ceilings that delimit the priority inversion time further. Chen Zhang is an Assistant Professor of Computer Information Systems at Bryant University. He received his M.S. and Ph.D. in Computer Science from the University of Alabama in 2000 and 2002, a B.S. from Tsinghua University, Beijing, China. Dr. Zhang’s primary research interests fall into the areas of distributed systems and telecommunications. He is a member of ACM, IEEE and DSI. David Cordes is a Professor of Computer Science at the University of Alabama; he has also served as Department Head since 1997. He received his Ph.D. in Computer Science from Louisiana State University in 1988, an M.S. in Computer Science from Purdue University in 1984, and a B.S. in Computer Science from the University of Arkansas in 1982. Dr. Cordes’s primary research interests fall into the areas of software engineering and systems. He is a member of ACM and a Senior Member of IEEE.     

A computer network based control architecture for autonomous distributed multirobot systems

This paper presents the specification and implementation procedure using a microcomputer network based autonomous distributed control architecture for industrial multirobot systems. The procedure is based on the concept of data flow network controlled by communicating sequential processes to perform coordinated tasks. Robots and other computerized industrial devices such as conveyors and manufacturing machines are defined as object-oriented Petri nets. A modular and hierarchical approach is adopted to define a set of Petri net type diagrams which represent concurrent activities of control processes for such devices. Asynchronous and synchronous interactions are modelled by places and transitions, respectively, in global process interaction nets. The control software is implemented on a computer network using Inmos transputers with true parallel processing and message passing primitives efficiently handled in hardware. Petri net based models are directly and efficiently transformed to corresponding codes in occam, the high level parallel programming language defined for the transputer.     

A practical mandatory access control model for XML databases

A practical mandatory access control (MAC) model for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of different applications. In order to preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been implemented in an XML database. Test results demonstrated that our approach provides rational and scalable performance.     

大型分布式组播访问控制系统MDAC

组播安全领域的研究主要集中在端到端的数据保护方面。针对大型组播系统访问控制问题的研究成果不多,已有的研究结果存在很多局限。提出了基于SPKI技术的组播分布式访问控制系统MDAC,和现有的其它方案相比,MDAC不仅具有优越的性能,而且具备分布式、支持非对称组播、授权委托和隐私保护等特性。     

分布式协作系统中基于任务-角色的访问控制研究

针对现有基于任务-角色的访问控制模型中存在的角色继承和工作流责权和表达问题进行了研究,提出了面向协作的角色继承关系和任务组合原语,以适应分布式协作系统的需求.面向协作的角色继承根据系统中角色之间的管理关系将角色对任务的操作权分为三类,不同操作权代表了不同的职责.任务组合原语根据工作流基本形式和任务统一管理的需求,定义了组合任务和任务组合关系,给出了语言的文法描述,并结合面向协作的角色继承规范了角色定义组合任务的能力范围.实验结果表明,提出的两个方案提高了访问控制系统的安全性,灵活性和扩展性.     

DISOPE distributed model predictive control of cascade systems with network communication

A novel distributed model predictive control scheme based on dynamic integrated system optimization and parameter estimation （DISOPE） was proposed for nonlinear cascade systems under network environment. Under the distributed control structure, online optimization of the cascade system was composed of several cascaded agents that can cooperate and exchange information via network communication. By iterating on modified distributed linear optimal control problems on the basis of estimating parameters at every iteration the correct optimal control action of the nonlinear model predictive control problem of the cascade system could be obtained, assuming that the algorithm was convergent. This approach avoids solving the complex nonlinear optimization problem and significantly reduces the computational burden. The simulation results of the fossil fuel power unit are illustrated to verify the effectiveness and practicability of the proposed algorithm.     

A robust distributed model predictive control algorithm

Although distributed model predictive control (DMPC) has received significant attention in the literature, the robustness of DMPC with respect to model errors has not been explicitly addressed. In this paper, a novel online algorithm that deals explicitly with model errors for DMPC is proposed. The algorithm requires decomposing the entire system into N subsystems and solving N convex optimization problems to minimize an upper bound on a robust performance objective by using a time-varying state-feedback controller for each subsystem. Simulations examples were considered to illustrate the application of the proposed method.     

一种扩展的RBAC访问控制模型的安全性研究

就如何评价访问控制模型,用基于N维安全熵的方法进行量化分析研究。首先,根据信息论中对信息熵的定义和描述,介绍了自主访问控制模型的N维安全熵定义。然后以N维安全熵的方法对RBAC模型的安全性进行量化分析。为了解决管理信息系统中的多类别、多层次角色访问的安全性度量问题,提出了扩展的RBAC访问控制(EXRBAC)模型,并用N维安全熵的方法进行了量化分析。最后对这三种访问控制模型的安全性进行分析和比较,结果显示,在多类别、多层次角色访问前提下,扩展的RBAC模型其安全性有明显提升。     

A generalized temporal role-based access control model

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time periods. Furthermore, roles may only be invoked on prespecified intervals of time depending upon when certain actions are permitted. To capture such dynamic aspects of a role, a temporal RBAC (TRBAC) model has been recently proposed. However, the TRBAC model addresses the role enabling constraints only. In This work, we propose a generalized temporal role-based access control (GTRBAC) model capable of expressing a wider range of temporal constraints. In particular, the model allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments. In an interval, activation of a role can further be restricted as a result of numerous activation constraints including cardinality constraints and maximum active duration constraints. The GTRBAC model extends the syntactic structure of the TRBAC model and its event and trigger expressions subsume those of TRBAC. Furthermore, GTRBAC allows expressing role hierarchies and separation of duty (SoD) constraints for specifying fine-grained temporal semantics.     

一种用于事件监测的传感器网络拓扑控制策略

针对事件驱动型传感器网络应用系统,基于简化的ＡＯＤＶ（ａｄｈｏｃ ｏｎｄｅｍａｎｄｄｉｓｔａｎｃｅｖｅｃｔｏｒｒｏｕｔｉｎｇ）（Ｓ-ＡＯＤＶ）算法,提出一种结合预先路由和按需路由的混合拓扑控制策略,通过随机选择一部分节点预先运行Ｓ-ＡＯＤＶ算法来减小事件发生时任务节点的初始拓扑建立时延．仿真实验表明,该策略能以较小的能耗代价换取较快的系统响应速度,满足了事件监测类应用的实时性要求．     

一种新型在线社交网络协作访问控制机制

在线社交网络可以为数字用户提供社会互动和信息共享,但是它存在隐私安全问题。针对用户隐私保护问题,提出了一种保护机制,允许用户在协作条件下控制访问共享资源。这种新的在线社交网路协作访问控制机制,通过定义数据拥有者、利益相关者和信任度三个因素来描述其控制机制,对于新方案重点协作策略规则和信任度的计算,给出了具体的解释。研究结果表明,用户共享内容的安全问题很大程度上得到保护,且不论单用户访问还是多用户访问,隐私安全大大得到加强。     

A formal model for access control with supporting spatial context

There is an emerging recognition of the importance of utilizing contextual informa tion in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented, and the role is assigned a logical location domain to specify the spatial boundary. Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints, location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.