9 resultados para Access control
em Cambridge University Engineering Department Publications Database
Resumo:
There is growing interest in Discovery Services for locating RFID and supply chain data between companies globally, to obtain product lifecycle information for individual objects. Discovery Services are heralded as a means to find serial-level data from previously unknown parties, however more realistically they provide a means to reduce the communications load on the information services, the network and the requesting client application. Attempts to design a standardised Discovery Service will not succeed unless security is considered in every aspect of the design. In this paper we clearly show that security cannot be bolted-on in the form of access control, although this is also required. The basic communication model of the Discovery Service critically affects who shares what data with whom, and what level of trust is required between the interacting parties. © 2009 IEEE.
Resumo:
RFID is a technology that enables the automated capture of observations of uniquely identified physical objects as they move through supply chains. Discovery Services provide links to repositories that have traceability information about specific physical objects. Each supply chain party publishes records to a Discovery Service to create such links and also specifies access control policies to restrict who has visibility of link information, since it is commercially sensitive and could reveal inventory levels, flow patterns, trading relationships, etc. The requirement of being able to share information on a need-to-know basis, e.g. within the specific chain of custody of an individual object, poses a particular challenge for authorization and access control, because in many supply chain situations the information owner might not have sufficient knowledge about all the companies who should be authorized to view the information, because the path taken by an individual physical object only emerges over time, rather than being fully pre-determined at the time of manufacture. This led us to consider novel approaches to delegate trust and to control access to information. This paper presents an assessment of visibility restriction mechanisms for Discovery Services capable of handling emergent object paths. We compare three approaches: enumerated access control (EAC), chain-of-communication tokens (CCT), and chain-of-trust assertions (CTA). A cost model was developed to estimate the additional cost of restricting visibility in a baseline traceability system and the estimates were used to compare the approaches and to discuss the trade-offs. © 2012 IEEE.
Resumo:
Service-Oriented Architecture (SOA) and Web Services (WS) offer advanced flexibility and interoperability capabilities. However they imply significant performance overheads that need to be carefully considered. Supply Chain Management (SCM) and Traceability systems are an interesting domain for the use of WS technologies that are usually deemed to be too complex and unnecessary in practical applications, especially regarding security. This paper presents an externalized security architecture that uses the eXtensible Access Control Markup Language (XACML) authorization standard to enforce visibility restrictions on trace-ability data in a supply chain where multiple companies collaborate; the performance overheads are assessed by comparing 'raw' authorization implementations - Access Control Lists, Tokens, and RDF Assertions - with their XACML-equivalents. © 2012 IEEE.
Resumo:
This paper studies a noncoherent multiple-input multiple-output (MIMO) fading multiple-access channel (MAC). The rate region that is achievable with nearest neighbour decoding and pilot-assisted channel estimation is analysed and the corresponding pre-log region, defined as the limiting ratio of the rate region to the logarithm of the signal-to-noise ratio (SNR) as the SNR tends to infinity, is determined. © 2011 IEEE.
Resumo:
We investigate performance bounds for feedback control of distributed plants where the controller can be centralized (i.e. it has access to measurements from the whole plant), but sensors only measure differences between neighboring subsystem outputs. Such "distributed sensing" can be a technological necessity in applications where system size exceeds accuracy requirements by many orders of magnitude. We formulate how distributed sensing generally limits feedback performance robust to measurement noise and to model uncertainty, without assuming any controller restrictions (among others, no "distributed control" restriction). A major practical consequence is the necessity to cut down integral action on some modes. We particularize the results to spatially invariant systems and finally illustrate implications of our developments for stabilizing the segmented primary mirror of the European Extremely Large Telescope. © 2013 Elsevier Ltd. All rights reserved.
Resumo:
This paper presents an achievable second-order rate region for the discrete memoryless multiple-access channel. The result is obtained using a random-coding ensemble in which each user's codebook contains codewords of a fixed composition. It is shown that this ensemble performs at least as well as i.i.d. random coding in terms of second-order asymptotics, and an example is given where a strict improvement is observed. © 2013 IEEE.