865 resultados para Privacy Based Access Control
Resumo:
Traditionally, we've focussed on the question of how to make a system easy to code the first time, or perhaps on how to ease the system's continued evolution. But if we look at life cycle costs, then we must conclude that the important question is how to make a system easy to operate. To do this we need to make it easy for the operators to see what's going on and to then manipulate the system so that it does what it is supposed to. This is a radically different criterion for success. What makes a computer system visible and controllable? This is a difficult question, but it's clear that today's modern operating systems with nearly 50 million source lines of code are neither. Strikingly, the MIT Lisp Machine and its commercial successors provided almost the same functionality as today's mainstream sytsems, but with only 1 Million lines of code. This paper is a retrospective examination of the features of the Lisp Machine hardware and software system. Our key claim is that by building the Object Abstraction into the lowest tiers of the system, great synergy and clarity were obtained. It is our hope that this is a lesson that can impact tomorrow's designs. We also speculate on how the spirit of the Lisp Machine could be extended to include a comprehensive access control model and how new layers of abstraction could further enrich this model.
Resumo:
Wireless Personal Area Networks (WPANs) are offering high data rates suitable for interconnecting high bandwidth personal consumer devices (Wireless HD streaming, Wireless-USB and Bluetooth EDR). ECMA-368 is the Physical (PHY) and Media Access Control (MAC) backbone of many of these wireless devices. WPAN devices tend to operate in an ad-hoc based network and therefore it is important to successfully latch onto the network and become part of one of the available piconets. This paper presents a new algorithm for detecting the Packet/Fame Sync (PFS) signal in ECMA-368 to identify piconets and aid symbol timing. The algorithm is based on correlating the received PFS symbols with the expected locally stored symbols over the 24 or 12 PFS symbols, but selecting the likely TFC based on the highest statistical mode from the 24 or 12 best correlation results. The results are very favorable showing an improvement margin in the order of 11.5dB in reference sensitivity tests between the required performance using this algorithm and the performance of comparable systems.
Resumo:
Given that the next and current generation networks will coexist for a considerable period of time, it is important to improve the performance of existing networks. One such improvement recently proposed is to enhance the throughput of ad hoc networks by using dual-hop relay-based transmission schemes. Since in ad hoc networks throughput is normally related to their energy consumption, it is important to examine the impact of using relay-based transmissions on energy consumption. In this paper, we present an analytical energy consumption model for dual-hop relay-based medium access control (MAC) protocols. Based on the recently reported relay-enabled Distributed Coordination Function (rDCF), we have shown the efficacy of the proposed analytical model. This is a generalized model and can be used to predict energy consumption in saturated relay-based ad hoc networks. This model can predict energy consumption in ideal environment and with transmission errors. It is shown that using a relay results in not only better throughput but also better energy efficiency. Copyright (C) 2009 Rizwan Ahmad et al.
Resumo:
This paper describes the design, implementation and testing of an intelligent knowledge-based supervisory control (IKBSC) system for a hot rolling mill process. A novel architecture is used to integrate an expert system with an existing supervisory control system and a new optimization methodology for scheduling the soaking pits in which the material is heated prior to rolling. The resulting IKBSC system was applied to an aluminium hot rolling mill process to improve the shape quality of low-gauge plate and to optimise the use of the soaking pits to reduce energy consumption. The results from the trials demonstrate the advantages to be gained from the IKBSC system that integrates knowledge contained within data, plant and human resources with existing model-based systems. (c) 2005 Elsevier Ltd. All rights reserved.
Resumo:
The problems encountered by individuals with disabilities when accessing large public buildings is described and a solution based on the generation of virtual models of the built environment is proposed. These models are superimposed on a control network infrastructure, currently utilised in intelligent building applications such as lighting, heating and access control. The use of control network architectures facilitates the creation of distributed models that closely mirror both the physical and control properties of the environment. The model of the environment is kept local to the installation which allows the virtual representation of a large building to be decomposed into an interconnecting series of smaller models. This paper describes two methods of interacting with the virtual model, firstly a two dimensional aural representation that can be used as the basis of a portable navigational device. Secondly an augmented reality called DAMOCLES that overlays additional information on a user’s normal field of view. The provision of virtual environments offers new possibilities in the man-machine interface so that intuitive access to network based services and control functions can be given to a user.
Resumo:
As distributed collaborative applications and architectures are adopting policy based management for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such policy based systems. In large-scale distributed collaborative applications like web services, there is the need of analyzing policy interactions and integrating policies. In this thesis, we propose and implement EXAM-S, a comprehensive environment for policy analysis and management, which can be used to perform a variety of functions such as policy property analyses, policy similarity analysis, policy integration etc. As part of this environment, we have proposed and implemented new techniques for the analysis of policies that rely on a deep study of state of the art techniques. Moreover, we propose an approach for solving heterogeneity problems that usually arise when considering the analysis of policies belonging to different domains. Our work focuses on analysis of access control policies written in the dialect of XACML (Extensible Access Control Markup Language). We consider XACML policies because XACML is a rich language which can represent many policies of interest to real world applications and is gaining widespread adoption in the industry.
Resumo:
The Internet of Things (IoT) is the next industrial revolution: we will interact naturally with real and virtual devices as a key part of our daily life. This technology shift is expected to be greater than the Web and Mobile combined. As extremely different technologies are needed to build connected devices, the Internet of Things field is a junction between electronics, telecommunications and software engineering. Internet of Things application development happens in silos, often using proprietary and closed communication protocols. There is the common belief that only if we can solve the interoperability problem we can have a real Internet of Things. After a deep analysis of the IoT protocols, we identified a set of primitives for IoT applications. We argue that each IoT protocol can be expressed in term of those primitives, thus solving the interoperability problem at the application protocol level. Moreover, the primitives are network and transport independent and make no assumption in that regard. This dissertation presents our implementation of an IoT platform: the Ponte project. Privacy issues follows the rise of the Internet of Things: it is clear that the IoT must ensure resilience to attacks, data authentication, access control and client privacy. We argue that it is not possible to solve the privacy issue without solving the interoperability problem: enforcing privacy rules implies the need to limit and filter the data delivery process. However, filtering data require knowledge of how the format and the semantics of the data: after an analysis of the possible data formats and representations for the IoT, we identify JSON-LD and the Semantic Web as the best solution for IoT applications. Then, this dissertation present our approach to increase the throughput of filtering semantic data by a factor of ten.
Resumo:
Over the past several years, a number of design approaches in wireless mesh networks have been introduced to support the deployment of wireless mesh networks (WMNs). We introduce a novel wireless mesh architecture that supports authentication and authorisation functionalities, giving the possibility of a seamless WMN integration into the home's organization authentication and authorisation infrastructure. First, we introduce a novel authentication and authorisation mechanism for wireless mesh nodes. The mechanism is designed upon an existing federated access control approach, i.e. the AAI infrastructure that is using just the credentials at the user's home organization in a federation. Second, we demonstrate how authentication and authorisation for end users is implemented by using an existing web-based captive portal approach. Finally, we observe the difference between the two and explain in detail the process flow of authorized access to network resources in wireless mesh networks. The goal of our wireless mesh architecture is to enable easy broadband network access to researchers at remote locations, giving them additional advantage of a secure access to their measurements, irrespective of their location. It also provides an important basis for the real-life deployment of wireless mesh networks for the support of environmental research.
Resumo:
Los servicios telemáticos han transformando la mayoría de nuestras actividades cotidianas y ofrecen oportunidades sin precedentes con características como, por ejemplo, el acceso ubicuo, la disponibilidad permanente, la independencia del dispositivo utilizado, la multimodalidad o la gratuidad, entre otros. No obstante, los beneficios que destacan en cuanto se reflexiona sobre estos servicios, tienen como contrapartida una serie de riesgos y amenazas no tan obvios, ya que éstos se nutren de y tratan con datos personales, lo cual suscita dudas respecto a la privacidad de las personas. Actualmente, las personas que asumen el rol de usuarios de servicios telemáticos generan constantemente datos digitales en distintos proveedores. Estos datos reflejan parte de su intimidad, de sus características particulares, preferencias, intereses, relaciones sociales, hábitos de consumo, etc. y lo que es más controvertido, toda esta información se encuentra bajo la custodia de distintos proveedores que pueden utilizarla más allá de las necesidades y el control del usuario. Los datos personales y, en particular, el conocimiento sobre los usuarios que se puede extraer a partir de éstos (modelos de usuario) se han convertido en un nuevo activo económico para los proveedores de servicios. De este modo, estos recursos se pueden utilizar para ofrecer servicios centrados en el usuario basados, por ejemplo, en la recomendación de contenidos, la personalización de productos o la predicción de su comportamiento, lo cual permite a los proveedores conectar con los usuarios, mantenerlos, involucrarlos y en definitiva, fidelizarlos para garantizar el éxito de un modelo de negocio. Sin embargo, dichos recursos también pueden utilizarse para establecer otros modelos de negocio que van más allá de su procesamiento y aplicación individual por parte de un proveedor y que se basan en su comercialización y compartición con otras entidades. Bajo esta perspectiva, los usuarios sufren una falta de control sobre los datos que les refieren, ya que esto depende de la voluntad y las condiciones impuestas por los proveedores de servicios, lo cual implica que habitualmente deban enfrentarse ante la disyuntiva de ceder sus datos personales o no acceder a los servicios telemáticos ofrecidos. Desde el sector público se trata de tomar medidas que protejan a los usuarios con iniciativas y legislaciones que velen por su privacidad y que aumenten el control sobre sus datos personales, a la vez que debe favorecer el desarrollo económico propiciado por estos proveedores de servicios. En este contexto, esta tesis doctoral propone una arquitectura y modelo de referencia para un ecosistema de intercambio de datos personales centrado en el usuario que promueve la creación, compartición y utilización de datos personales y modelos de usuario entre distintos proveedores, al mismo tiempo que ofrece a los usuarios las herramientas necesarias para ejercer su control en cuanto a la cesión y uso de sus recursos personales y obtener, en su caso, distintos incentivos o contraprestaciones económicas. Las contribuciones originales de la tesis son la especificación y diseño de una arquitectura que se apoya en un proceso de modelado distribuido que se ha definido en el marco de esta investigación. Éste se basa en el aprovechamiento de recursos que distintas entidades (fuentes de datos) ofrecen para generar modelos de usuario enriquecidos que cubren las necesidades específicas de terceras entidades, considerando la participación del usuario y el control sobre sus recursos personales (datos y modelos de usuario). Lo anterior ha requerido identificar y caracterizar las fuentes de datos con potencial de abastecer al ecosistema, determinar distintos patrones para la generación de modelos de usuario a partir de datos personales distribuidos y heterogéneos y establecer una infraestructura para la gestión de identidad y privacidad que permita a los usuarios expresar sus preferencias e intereses respecto al uso y compartición de sus recursos personales. Además, se ha definido un modelo de negocio de referencia que sustenta las investigaciones realizadas y que ha sido particularizado en dos ámbitos de aplicación principales, en concreto, el sector de publicidad en redes sociales y el sector financiero para la implantación de nuevos servicios. Finalmente, cabe destacar que las contribuciones de esta tesis han sido validadas en el contexto de distintos proyectos de investigación industrial aplicada y también en el marco de proyectos fin de carrera que la autora ha tutelado o en los que ha colaborado. Los resultados obtenidos han originado distintos méritos de investigación como dos patentes en explotación, la publicación de un artículo en una revista con índice de impacto y diversos artículos en congresos internacionales de relevancia. Algunos de éstos han sido galardonados con premios de distintas instituciones, así como en las conferencias donde han sido presentados. ABSTRACT Information society services have changed most of our daily activities, offering unprecedented opportunities with certain characteristics, such as: ubiquitous access, permanent availability, device independence, multimodality and free-of-charge services, among others. However, all the positive aspects that emerge when thinking about these services have as counterpart not-so-obvious threats and risks, because they feed from and use personal data, thus creating concerns about peoples’ privacy. Nowadays, people that play the role of user of services are constantly generating digital data in different service providers. These data reflect part of their intimacy, particular characteristics, preferences, interests, relationships, consumer behavior, etc. Controversy arises because this personal information is stored and kept by the mentioned providers that can use it beyond the user needs and control. Personal data and, in particular, the knowledge about the user that can be obtained from them (user models) have turned into a new economic asset for the service providers. In this way, these data and models can be used to offer user centric services based, for example, in content recommendation, tailored-products or user behavior, all of which allows connecting with the users, keeping them more engaged and involved with the provider, finally reaching customer loyalty in order to guarantee the success of a business model. However, these resources can be used to establish a different kind of business model; one that does not only processes and individually applies personal data, but also shares and trades these data with other entities. From that perspective, the users lack control over their referred data, because it depends from the conditions imposed by the service providers. The consequence is that the users often face the following dilemma: either giving up their personal data or not using the offered services. The Public Sector takes actions in order to protect the users approving, for example, laws and legal initiatives that reinforce privacy and increase control over personal data, while at the same time the authorities are also key players in the economy development that derives from the information society services. In this context, this PhD Dissertation proposes an architecture and reference model to achieve a user-centric personal data ecosystem that promotes the creation, sharing and use of personal data and user models among different providers, while offering users the tools to control who can access which data and why and if applicable, to obtain different incentives. The original contributions obtained are the specification and design of an architecture that supports a distributed user modelling process defined by this research. This process is based on leveraging scattered resources of heterogeneous entities (data sources) to generate on-demand enriched user models that fulfill individual business needs of third entities, considering the involvement of users and the control over their personal resources (data and user models). This has required identifying and characterizing data sources with potential for supplying resources, defining different generation patterns to produce user models from scattered and heterogeneous data, and establishing identity and privacy management infrastructures that allow users to set their privacy preferences regarding the use and sharing of their resources. Moreover, it has also been proposed a reference business model that supports the aforementioned architecture and this has been studied for two application fields: social networks advertising and new financial services. Finally, it has to be emphasized that the contributions obtained in this dissertation have been validated in the context of several national research projects and master thesis that the author has directed or has collaborated with. Furthermore, these contributions have produced different scientific results such as two patents and different publications in relevant international conferences and one magazine. Some of them have been awarded with different prizes.
Resumo:
Flow control in Computer Communication systems is generally a multi-layered structure, consisting of several mechanisms operating independently at different levels. Evaluation of the performance of networks in which different flow control mechanisms act simultaneously is an important area of research, and is examined in depth in this thesis. This thesis presents the modelling of a finite resource computer communication network equipped with three levels of flow control, based on closed queueing network theory. The flow control mechanisms considered are: end-to-end control of virtual circuits, network access control of external messages at the entry nodes and the hop level control between nodes. The model is solved by a heuristic technique, based on an equivalent reduced network and the heuristic extensions to the mean value analysis algorithm. The method has significant computational advantages, and overcomes the limitations of the exact methods. It can be used to solve large network models with finite buffers and many virtual circuits. The model and its heuristic solution are validated by simulation. The interaction between the three levels of flow control are investigated. A queueing model is developed for the admission delay on virtual circuits with end-to-end control, in which messages arrive from independent Poisson sources. The selection of optimum window limit is considered. Several advanced network access schemes are postulated to improve the network performance as well as that of selected traffic streams, and numerical results are presented. A model for the dynamic control of input traffic is developed. Based on Markov decision theory, an optimal control policy is formulated. Numerical results are given and throughput-delay performance is shown to be better with dynamic control than with static control.
Resumo:
Existing wireless systems are normally regulated by a fixed spectrum assignment strategy. This policy leads to an undesirable situation that some systems may only use the allocated spectrum to a limited extent while others have very serious spectrum insufficiency situation. Dynamic Spectrum Access (DSA) is emerging as a promising technology to address this issue such that the unused licensed spectrum can be opportunistically accessed by the unlicensed users. To enable DSA, the unlicensed user shall have the capability of detecting the unoccupied spectrum, controlling its spectrum access in an adaptive manner, and coexisting with other unlicensed users automatically. In this article, we propose a radio system Transmission Opportunity-based spectrum access control protocol with the aim to improve spectrum access fairness and ensure safe coexistence of multiple heterogeneous unlicensed radio systems. In the scheme, multiple radio systems will coexist and dynamically use available free spectrum without interfering with licensed users. Simulation is carried out to evaluate the performance of the proposed scheme with respect to spectrum utilisation, fairness and scalability. Comparing with the existed studies, our strategy is able to achieve higher scalability and controllability without degrading spectrum utilisation and fairness performance.
Resumo:
IEEE 802.16 network is widely viewed as a strong candidate solution for broadband wireless access systems. Various flexible mechanisms related to QoS provisioning have been specified for uplink traffic at the medium access control (MAC) layer in the standards. Among the mechanisms, bandwidth request scheme can be used to indicate and request bandwidth demands to the base station for different services. Due to the diverse QoS requirements of the applications, service differentiation (SD) is desirable for the bandwidth request scheme. In this paper, we propose several SD approaches. The approaches are based on the contention-based bandwidth request scheme and achieved by the means of assigning different channel access parameters and/or bandwidth allocation priorities to different services. Additionally, we propose effective analytical model to study the impacts of the SD approaches, which can be used for the configuration and optimization of the SD services. It is observed from simulations that the analytical model has high accuracy. Service can be efficiently differentiated with initial backoff window in terms of throughput and channel access delay. Moreover, the service differentiation can be improved if combined with the bandwidth allocation priority approach without adverse impacts on the overall system throughput.
Resumo:
To fully utilize second-life batteries on the grid system, a hybrid battery scheme needs to be considered for several reasons: the uncertainty over using a single source supply chain for second-life batteries, the differences in evolving battery chemistry and battery configuration by different suppliers to strive for greater power levels, and the uncertainty of degradation within a second-life battery. Therefore, these hybrid battery systems could have widely different module voltage, capacity, and initial state of charge and state of health. In order to suitably integrate and control these widely different batteries, a suitable multimodular converter topology and an associated control structure are required. This paper addresses these issues proposing a modular boost-multilevel buck converter based topology to integrate these hybrid second-life batteries to a grid-tie inverter. Thereafter, a suitable module-based distributed control architecture is introduced to independently utilize each converter module according to its characteristics. The proposed converter and control architecture are found to be flexible enough to integrate widely different batteries to an inverter dc link. Modeling, analysis, and experimental validation are performed on a single-phase modular hybrid battery energy storage system prototype to understand the operation of the control strategy with different hybrid battery configurations.
Resumo:
All information systems have to be protected. As the number of information objects and the number of users increase the task of information system’s protection becomes more difficult. One of the most difficult problems is access rights assignment. This paper describes the graph model of access rights inheritance. This model takes into account relations and dependences between different objects and between different users. The model can be implemented in the information systems controlled by the metadata, describing information objects and connections between them, such as the systems based on CASE-technology METAS.
Resumo:
The purpose of this study was to design a preventive scheme using directional antennas to improve the performance of mobile ad hoc networks. In this dissertation, a novel Directionality based Preventive Link Maintenance (DPLM) Scheme is proposed to characterize the performance gain [JaY06a, JaY06b, JCY06] by extending the life of link. In order to maintain the link and take preventive action, signal strength of data packets is measured. Moreover, location information or angle of arrival information is collected during communication and saved in the table. When measured signal strength is below orientation threshold , an orientation warning is generated towards the previous hop node. Once orientation warning is received by previous hop (adjacent) node, it verifies the correctness of orientation warning with few hello pings and initiates high quality directional link (a link above the threshold) and immediately switches to it, avoiding a link break altogether. The location information is utilized to create a directional link by orienting neighboring nodes antennas towards each other. We call this operation an orientation handoff, which is similar to soft-handoff in cellular networks. ^ Signal strength is the indicating factor, which represents the health of the link and helps to predict the link failure. In other words, link breakage happens due to node movement and subsequently reducing signal strength of receiving packets. DPLM scheme helps ad hoc networks to avoid or postpone costly operation of route rediscovery in on-demand routing protocols by taking above-mentioned preventive action. ^ This dissertation advocates close but simple collaboration between the routing, medium access control and physical layers. In order to extend the link, the Dynamic Source Routing (DSR) and IEEE 802.11 MAC protocols were modified to use the ability of directional antennas to transmit over longer distance. A directional antenna module is implemented in OPNET simulator with two separate modes of operations: omnidirectional and directional. The antenna module has been incorporated in wireless node model and simulations are performed to characterize the performance improvement of mobile ad hoc networks. Extensive simulations have shown that without affecting the behavior of the routing protocol noticeably, aggregate throughput, packet delivery ratio, end-to-end delay (latency), routing overhead, number of data packets dropped, and number of path breaks are improved considerably. We have done the analysis of the results in different scenarios to evaluate that the use of directional antennas with proposed DPLM scheme has been found promising to improve the performance of mobile ad hoc networks. ^
