An extended XACML model to ensure secure information access for web services

More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just “allow or reject” policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service.     

Providing location based information/advertising for existing mobile phone users

In the emerging world of m-commerce potential users consistently cite location based information as one of the emergent services that they would most likely utilise. However, solutions for obtaining the specific location of a mobile user predominately rely on the provision of additional hardware and/or software within either the mobile phone or system infrastructure. Further, these techniques are often inappropriate for indoor and highly urban environments, where they are often most useful, as the line of sight to the location measurement unit is often obscured resulting in inaccurate and unreliable positional information. In this paper we present a system that can be used with any current mobile phone system to provide location based information/advertisements to any mobile phone, equipped with Bluetooth technology, without any necessity of installing client side software. The system is readily deployable and can be used to provide systems such as location based information for tourist in cities or museums or indeed location based advertisements.     

Queueing networks with mobile servers: The mean-field approach

We consider queueing networks which are made from servers exchanging their positions on a graph. When two servers exchange their positions, they take their customers with them. Each customer has a fixed destination. Customers use the network to reach their destinations, which is complicated by movements of the servers. We develop the general theory of such networks and establish the convergence of the symmetrized version of such a network to some nonlinear Markov process.     

Providing multi-user access to distributed array processors

This paper describes the integration of two ICL Distributed Array Processors (DAPs) into a dual ICL 2976 configuration running the Edinburgh Multi-Access System (EMAS). The principles underlying the general multi-access service are not compromised; special scheduling arrangements provide effective control and use of the DAP resource while allowing multi-user access to the DAPs for DAP program development.     

Role-based access control with X.509 attribute certificates

We adapted the standard X.509 privilege management infrastructure to build an efficient role-based trust management system in which role assignments can be widely distributed among organizations, and an XML-based local policy determines which roles to trust and which privileges to grant. A simple Java API lets target applications easily incorporate the system. The Permis API has already proven its general utility in four very different applications throughout Europe.     

A provably secure and efficient authentication scheme for access control in mobile pay-TV systems

To guarantee the secure access by authorized subscribers in mobile pay-TV systems, user authentication is required. User authentication is a security mechanism used to verify the identity of a legal subscriber. In 2012, Yeh and Tsaur proposed an authentication scheme for access control in mobile pay-TV systems to improve the Sun and Leu’s scheme. Yeh and Tsaur claimed that their scheme meets all security requirements for mobile pay-TV systems. However, this paper indicates that Yeh and Tsaur’s scheme suffers from some critical weaknesses. An attacker without knowing secret information can successfully impersonate both mobile sets and head-end system. As a remedy, we propose an improved authentication scheme for mobile pay-TV systems using bilinear pairings. The proposed scheme maintains the merits and covers the demerits of the previous schemes, and provides a higher level of the efficiency for mobile pay-TV systems.     

Achieving secure data access control and efficient key updating in mobile multimedia sensor networks

Multimedia Tools and Applications - MMSN is a new type of wireless sensor networks, which can satisfy the demands of capturing various structures of multimedia data. Due to its better performance...     

MCSOSA: multimedia content share using ontology and secure access agent in mobile cloud

Mobile cloud is not just a traditional cloud, but a concept of virtualization that has expanded into mobile technology. It provides access to the data created and used by a user and content service by cloud platform. A feature of mobile cloud is supported that is the convenience of multimedia content sharing by mobile devices. However, there is a problem of inaccuracy of information retrieval in the process of sharing as well as personal information leakage and service inability status due to the malicious access to the mobile terminal in the retrieval process. This paper suggests the model to which the protective technique of multimedia content retrieval & access in mobile cloud is applied. The model stores and manages the individually different forms of content, and constructs the multimedia ontology in order to enhance the reliability in mismatched problems occurring in the retrieval process, and also suggests the response technique to security vulnerability occurring in the content access.     

Providing proper affordances when transferring source metaphors from information appliances to a 3G mobile multipurpose handset

The idea of merging different information appliances, each tailored to fit a specific task, into a multipurpose 3G mobile handset has become an interesting research area. This paper describes what considerations must be met from an efficiency point of view when designing a multipurpose handset concept including, e.g., camera functionality. The lessons learned when trading well-known previously acquired source metaphors for the computer metaphor was investigated in a small usability evaluation with 14 users, evaluating a multipurpose prototype. High task accuracy (effectiveness) was obtained (72% pass), but the efficiency with which the tasks were performed compared to using dedicated information appliances was low. Leaving out well-known affordances effectively prevented transfer of previously acquired source metaphors, which resulted in lack of feedback, inconsistency and errors. In order to validate usability, a combination of both objective and subjective metrics has to be used.     

Distributed and intelligent information access in manufacturing enterprises through mobile devices

Due to the distributed nature of todays enterprises and the growing number of employees who are mobile, newer models of communication are required to cater to the information needs of manufacturing personnel. Mobile applications such as information alerts, disconnected information processing and background processing are applications gaining significant attention in manufacturing companies. In this paper, we describe the framework and architecture of a mobile-agent-based system, which provides mobile information services to the workforce in motion in manufacturing enterprises. We emphasize on background and disconnected processing and demonstrate the use of a Mobile-agent-based system to achieve it. Recognizing the need to exchange information between various distributed information sources, we explore the use of XML-based agent communication and discuss how XML can be used for inter-agent communication. We describe the design and implementation of a prototype system and discuss application scenarios.     

如何构建安全的企业信息网络

随着企业的信息化程度的提高,越来越多的企业将它们的内部网络联入了互联网,这在给企业带来巨大的便利的同时,也带来了不容忽视的安全问题。本文对企业网络的安全防护所能采取的各种措施作了介绍,并分析了不同方式的优缺点,为构建安全的企业信息网络提供了有价值的参考意见。     

AudioBrowser: a mobile browsable information access for the visually impaired

Although a large amount of research has been conducted on building interfaces for the visually impaired that allows users to read web pages and generate and access information on computers, little development addresses two problems faced by the blind users. First, sighted users can rapidly browse and select information they find useful, and second, sighted users can make much useful information portable through the recent proliferation of personal digital assistants (PDAs). These possibilities are not currently available for blind users. This paper describes an interface that has been built on a standard PDA and allows its user to browse the information stored on it through a combination of screen touches coupled with auditory feedback. The system also supports the storage and management of personal information so that addresses, music, directions, and other supportive information can be readily created and then accessed anytime and anywhere by the PDA user. The paper describes the system along with the related design choices and design rationale. A user study is also reported.     

A secure mutual authenticated key agreement of user with multiple servers for critical systems

Recent technological advances in almost all critical systems’ domains have led to an explosive growth of multimedia big data. Those advances encompass the ever increasing innovative digital and remote mobile devices being operated on the users’ end. Due to the openness of critical system, the service providers in such networks are facing security challenges to authenticate those mobile devices on the field, and delivering services. In this scenario, the Multi-server authentication (MSA) framework seems to be a promising solution that enables its subscribers to avail services from different servers without getting registered to each server individually. In last few years many MSA protocols depending on RC-Offline authentication during mutual authentication, have been presented. However, to date, there is no efficient MSA scheme to our knowledge that is free of all three weaknesses, simultaneously. That is, 1) free from storage of server-based parameters (public keys or other values) in smart card by registration authority, 2) free from the assumption of publishing of server-based public keys publicly and 3) free from a single secret sharing with all servers so that it could avoid server masquerading (insider) attack. Considering these limitations, we present a multi-server authentication protocol that withstands above drawbacks using lightweight cryptographic operations. The rationale of the proposed work was to present an efficient RC-Offline MSA scheme. Our scheme is also backed by formal security analysis based on GNY logic and automated security verification using ProVerif tool.

     

Computer-supported access to engineering information

A computer-based documentation system is described that provides access to the information stored in written documents and drawings. This system contains the syntax of a documentation language, several computer programs, and special methods. The latter enable users to formulate the semantics of their own documentation language, to employ that language when describing the information content of documents and formulating queries, and to organize the storage and retrieval procedure. The system is explained by its application to nuclear power plant documentation. Finally, a layer model of an integrated software system is presented that is suited to support eigineers' work continuously.     

On-line access to government information

In January, Speaker of the House Newt Gingrich unveiled "Thomas," the new Internet access point to congressional information (http://thomas.loc.gov). The plan is for Thomas to give citizens access to the full text of legislative bills and to the congressional record, among other things. There are nits to pick, of course: While Thomas shows how easily people can electronically access legislative information, the Web page also exemplifies the enormous gulf that separates the government as provider, from citizens as consumers, of information. Few people have the motivation, time, or expertise to read full-text bills or the congressional record. (Congressional information output quickly fills thousands of pages per day with results of House and Senate deliberations; countless hearings; legislative and investigative committee reports; and agency studies and reports.) The essential question is, to what extent should-and can-government try to bridge the gap between its ability to provide information and people's ability to consume it? Even for those individuals who stand four-square in favour of openness and access, the answer is neither easy nor obvious     

A neural network model of a communication network with information servers

This paper models information flow in a communication network. The network consists of nodes that communicate with each other, and information servers that have a predominantly one-way communication to their customers. A neural network is used as a model for the communication network. The existence of multiple equilibria in the communication network is established. The network operator observes only one equilibrium, but if he knows the other equilibria, he can influence the free parameters, for example by providing extra bandwidth, so that the network settles in another equilibrium that is more profitable for the operator. The influence of several network parameters on the dynamics is studied both by simulation and by theoretical methods.The author was with the Intelligent Systems Unit, BT Laboratories, Martlesham Heath, Ipswich IP5 7RE, UK.     

MILC: A secure and privacy-preserving mobile instant locator with chatting

The key issue for any mobile application or service is the way it is delivered and experienced by users, who eventually may decide to keep it on their software portfolio or not. Without doubt, security and privacy have both a crucial role to play towards this goal. Very recently, Gartner has identified the top ten of consumer mobile applications that are expected to dominate the market in the near future. Among them one can earmark location-based services in number 2 and mobile instant messaging in number 9. This paper presents a novel application namely MILC that blends both features. That is, MILC offers users the ability to chat, interchange geographic co-ordinates and make Splashes in real-time. At present, several implementations provide these services separately or jointly, but none of them offers real security and preserves the privacy of the end-users at the same time. On the contrary, MILC provides an acceptable level of security by utilizing both asymmetric and symmetric cryptography, and most importantly, put the user in control of her own personal information and her private sphere. The analysis and our contribution are threefold starting from the theoretical background, continuing to the technical part, and providing an evaluation of the MILC system. We present and discuss several issues, including the different services that MILC supports, system architecture, protocols, security, privacy etc. Using a prototype implemented in Google’s Android OS, we demonstrate that the proposed system is fast performing, secure, privacy-preserving and potentially extensible.