Security considerations in the design and peering of RFID discovery services

There is growing interest in Discovery Services for locating RFID and supply chain data between companies globally, to obtain product lifecycle information for individual objects. Discovery Services are heralded as a means to find serial-level data from previously unknown parties, however more realistically they provide a means to reduce the communications load on the information services, the network and the requesting client application. Attempts to design a standardised Discovery Service will not succeed unless security is considered in every aspect of the design. In this paper we clearly show that security cannot be bolted-on in the form of access control, although this is also required. The basic communication model of the Discovery Service critically affects who shares what data with whom, and what level of trust is required between the interacting parties. © 2009 IEEE.

Assessment of visibility restriction mechanisms for RFID data Discovery Services

RFID is a technology that enables the automated capture of observations of uniquely identified physical objects as they move through supply chains. Discovery Services provide links to repositories that have traceability information about specific physical objects. Each supply chain party publishes records to a Discovery Service to create such links and also specifies access control policies to restrict who has visibility of link information, since it is commercially sensitive and could reveal inventory levels, flow patterns, trading relationships, etc. The requirement of being able to share information on a need-to-know basis, e.g. within the specific chain of custody of an individual object, poses a particular challenge for authorization and access control, because in many supply chain situations the information owner might not have sufficient knowledge about all the companies who should be authorized to view the information, because the path taken by an individual physical object only emerges over time, rather than being fully pre-determined at the time of manufacture. This led us to consider novel approaches to delegate trust and to control access to information. This paper presents an assessment of visibility restriction mechanisms for Discovery Services capable of handling emergent object paths. We compare three approaches: enumerated access control (EAC), chain-of-communication tokens (CCT), and chain-of-trust assertions (CTA). A cost model was developed to estimate the additional cost of restricting visibility in a baseline traceability system and the estimates were used to compare the approaches and to discuss the trade-offs. © 2012 IEEE.

Performance assessment of XACML authorizations for supply chain traceability web services

Service-Oriented Architecture (SOA) and Web Services (WS) offer advanced flexibility and interoperability capabilities. However they imply significant performance overheads that need to be carefully considered. Supply Chain Management (SCM) and Traceability systems are an interesting domain for the use of WS technologies that are usually deemed to be too complex and unnecessary in practical applications, especially regarding security. This paper presents an externalized security architecture that uses the eXtensible Access Control Markup Language (XACML) authorization standard to enforce visibility restrictions on trace-ability data in a supply chain where multiple companies collaborate; the performance overheads are assessed by comparing 'raw' authorization implementations - Access Control Lists, Tokens, and RDF Assertions - with their XACML-equivalents. © 2012 IEEE.

Normal shock boundary layer control with various vortex generator geometries

Various vortex generators which include ramp, split-ramp and a new hybrid concept "ramped-vane" are investigated under normal shock conditions with a diffuser at Mach number of 1.3. The dimensions of the computational domain were designed using Reynolds Average Navier-Stokes studies to be representative of the flow in an external-compression supersonic inlet. Using this flow geometry, various vortex generator concepts were studied with Implicit Large Eddy Simulation. In general, the ramped-vane provided increased vorticity compared to the other devices and reduced the separation length downstream of the device centerline. In addition, the size, edge gap and streamwise position respect to the shock were studied for the ramped-vane and it was found that a height of about half the boundary thickness and a large trailing edge gap yielded a fully attached flow downstream of the device. This ramped-vane also provided the largest reduction in the turbulent kinetic energy and pressure fluctuations. Additional benefits include negligible drag while the reductions in boundary layer displacement thickness and shape factor were seen compared to other devices. © 2011 Elsevier Ltd.

Fault tolerant flight control - A survey

Nowadays, control systems are involved in nearly all aspects of our lives. They are all around us, but their presence is not always really apparent. They are in our kitchens, in our DVD-players, computers and our cars. They are found in elevators, ships, aircraft and spacecraft. Control systems are present in every industry, they are used to control chemical reactors, distillation columns, and nuclear power plants. They are constantly and inexhaustibly working, making our life more comfortable and more efficient...until the system fails. © 2010 Springer-Verlag Berlin Heidelberg.

Nearest neighbour decoding with pilot-assisted channel estimation for fading multiple-access channels

This paper studies a noncoherent multiple-input multiple-output (MIMO) fading multiple-access channel (MAC). The rate region that is achievable with nearest neighbour decoding and pilot-assisted channel estimation is analysed and the corresponding pre-log region, defined as the limiting ratio of the rate region to the logarithm of the signal-to-noise ratio (SNR) as the SNR tends to infinity, is determined. © 2011 IEEE.

Control limitations from distributed sensing: Theory and Extremely Large Telescope application

We investigate performance bounds for feedback control of distributed plants where the controller can be centralized (i.e. it has access to measurements from the whole plant), but sensors only measure differences between neighboring subsystem outputs. Such "distributed sensing" can be a technological necessity in applications where system size exceeds accuracy requirements by many orders of magnitude. We formulate how distributed sensing generally limits feedback performance robust to measurement noise and to model uncertainty, without assuming any controller restrictions (among others, no "distributed control" restriction). A major practical consequence is the necessity to cut down integral action on some modes. We particularize the results to spatially invariant systems and finally illustrate implications of our developments for stabilizing the segmented primary mirror of the European Extremely Large Telescope. © 2013 Elsevier Ltd. All rights reserved.

Second-order rate region of constant-composition codes for the multiple-access channel

This paper presents an achievable second-order rate region for the discrete memoryless multiple-access channel. The result is obtained using a random-coding ensemble in which each user's codebook contains codewords of a fixed composition. It is shown that this ensemble performs at least as well as i.i.d. random coding in terms of second-order asymptotics, and an example is given where a strict improvement is observed. © 2013 IEEE.