Role based access control design using Triadic concept analysis

Institute of Scientific and Technical Information of China (English)

Ch Aswani Kumar; S Chandra Mouliswaran; LI Jin-hai; C Chandrasekar

2016-01-01

Role based access control is one of the widely used access control models. There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis (FCA), description logics, and Ontology for representing access control mechanism. However, while using FCA, investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts. This transformation is mainly to derive the formal concepts, lattice structure and implications to represent role hierarchy and constraints of RBAC. In this work, we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts. Our discussion is on two lines of inquiry. We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.

An application-layer based centralized information access control for VPN

Institute of Scientific and Technical Information of China (English)

OUYANG Kai; ZHOU Jing-li; XIA Tao; YU Sheng-sheng

2006-01-01

With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the internal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that ifone vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem.To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC-the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC's constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.

Fine-Grained Access Control for Electronic Health Record Systems

Science.gov (United States)

Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

Access control and confidentiality in radiology

Science.gov (United States)

Noumeir, Rita; Chafik, Adil

2005-04-01

A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

Traffic management mechanism for intranets with available-bit-rate access to the Internet

Science.gov (United States)

Hassan, Mahbub; Sirisena, Harsha R.; Atiquzzaman, Mohammed

1997-10-01

The design of a traffic management mechanism for intranets connected to the Internet via an available bit rate access- link is presented. Selection of control parameters for this mechanism for optimum performance is shown through analysis. An estimate for packet loss probability at the access- gateway is derived for random fluctuation of available bit rate of the access-link. Some implementation strategies of this mechanism in the standard intranet protocol stack are also suggested.

Dynamically Authorized Role-Based Access Control for Grid Applications

Institute of Scientific and Technical Information of China (English)

YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan

2006-01-01

Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.

An Efficient Radio Access Control Mechanism for Wireless Network-On-Chip Architectures

Directory of Open Access Journals (Sweden)

Maurizio Palesi

2015-03-01

Full Text Available Modern systems-on-chip (SoCs today contain hundreds of cores, and this number is predicted to reach the thousands by the year 2020. As the number of communicating elements increases, there is a need for an efficient, scalable and reliable communication infrastructure. As technology geometries shrink to the deep submicron regime, however, the communication delay and power consumption of global interconnections become the major bottleneck. The network-on-chip (NoC design paradigm, based on a modular packet-switched mechanism, can address many of the on-chip communication issues, such as the performance limitations of long interconnects and integration of large number of cores on a chip. Recently, new communication technologies based on the NoC concept have emerged with the aim of improving the scalability limitations of conventional NoC-based architectures. Among them, wireless NoCs (WiNoCs use the radio medium for reducing the performance and energy penalties of long-range and multi-hop communications. As the radio medium can be accessed by a single transmitter at a time, a radio access control mechanism (RACM is needed. In this paper, we present a novel RACM, which allows one to improve both the performance and energy figures of the WiNoC. Experiments, carried out on both synthetic and real traffic scenarios, have shown the effectiveness of the proposed RACM. On average, a 30% reduction in communication delay and a 25% energy savings have been observed when the proposed RACM is applied to a known WiNoC architecture.

Requirements for Scalable Access Control and Security Management Architectures

National Research Council Canada - National Science Library

Keromytis, Angelos D; Smith, Jonathan M

2005-01-01

Maximizing local autonomy has led to a scalable Internet. Scalability and the capacity for distributed control have unfortunately not extended well to resource access control policies and mechanisms...

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

Institute of Scientific and Technical Information of China (English)

YANG Chang; CHEN Xiaolin; ZHANG Huanguo

2006-01-01

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members' access control and distributing authorization of traditional IP multicast.

Task Delegation Based Access Control Models for Workflow Systems

Science.gov (United States)

Gaaloul, Khaled; Charoy, François

e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.

Two Mechanisms to Avoid Control Conflicts Resulting from Uncoordinated Intent

Science.gov (United States)

Mishkin, Andrew H.; Dvorak, Daniel L.; Wagner, David A.; Bennett, Matthew B.

2013-01-01

This software implements a real-time access control protocol that is intended to make all connected users aware of the presence of other connected users, and which of them is currently in control of the system. Here, "in control" means that a single user is authorized and enabled to issue instructions to the system. The software The software also implements a goal scheduling mechanism that can detect situations where plans for the operation of a target system proposed by different users overlap and interact in conflicting ways. In such situations, the system can either simply report the conflict (rejecting one goal or the entire plan), or reschedule the goals in a way that does not conflict. The access control mechanism (and associated control protocol) is unique. Other access control mechanisms are generally intended to authenticate users, or exclude unauthorized access. This software does neither, and would likely depend on having some other mechanism to support those requirements.

Access Request Trustworthiness in Weighted Access Control Framework

Institute of Scientific and Technical Information of China (English)

WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min

2005-01-01

Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.

Capability-based Access Control Delegation Model on the Federated IoT Network

DEFF Research Database (Denmark)

Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

2012-01-01

Flexibility is an important property for general access control system and especially in the Internet of Things (IoT), which can be achieved by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has...... no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...

Mechanical engineers' handbook, design, instrumentation, and controls

CERN Document Server

Kutz, Myer

2015-01-01

Full coverage of electronics, MEMS, and instrumentation andcontrol in mechanical engineering This second volume of Mechanical Engineers' Handbookcovers electronics, MEMS, and instrumentation and control, givingyou accessible and in-depth access to the topics you'll encounterin the discipline: computer-aided design, product design formanufacturing and assembly, design optimization, total qualitymanagement in mechanical system design, reliability in themechanical design process for sustainability, life-cycle design,design for remanufacturing processes, signal processing, dataacquisition and dis

Formalization of the Access Control on ARM-Android Platform with the B Method

Science.gov (United States)

Ren, Lu; Wang, Wei; Zhu, Xiaodong; Man, Yujia; Yin, Qing

2018-01-01

ARM-Android is a widespread mobile platform with multi-layer access control mechanisms, security-critical in the system. Many access control vulnerabilities still exist due to the course-grained policy and numerous engineering defects, which have been widely studied. However, few researches focus on the mechanism formalization, including the Android permission framework, kernel process management and hardware isolation. This paper first develops a comprehensive formal access control model on the ARM-Android platform using the B method, from the Android middleware to hardware layer. All the model specifications are type checked and proved to be well-defined, with 75%of proof obligations demonstrated automatically. The results show that the proposed B model is feasible to specify and verify access control schemes in the ARM-Android system, and capable of implementing a practical control module.

External access to ALICE controls conditions data

International Nuclear Information System (INIS)

Jadlovský, J; Jadlovská, A; Sarnovský, J; Jajčišin, Š; Čopík, M; Jadlovská, S; Papcun, P; Bielek, R; Čerkala, J; Kopčík, M; Chochula, P; Augustinus, A

2014-01-01

ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead – users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data – an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

A New Key-lock Method for User Authentication and Access Control

Institute of Scientific and Technical Information of China (English)

JI Dongyao; ZHANG Futai; WANG Yumin

2001-01-01

We propose a new key-lock methodfor user authentication and access control based onChinese remainder theorem, the concepts of the ac-cess control matrix, key-lock-pair, time stamp, and the NS public key protocol. Our method is dynamicand needs a minimum amount of computation in thesense that it only updates at most one key/lock foreach access request. We also demonstrate how an au-thentication protocol can be integrated into the ac-cess control method. By applying a time stamp, themethod can not only withstand replay attack, butalso strengthen the authenticating mechanism, whichcould not be achieved simultaneously in previous key-lock methods.

Simple measurement-based admission control for DiffServ access networks

Science.gov (United States)

Lakkakorpi, Jani

2002-07-01

In order to provide good Quality of Service (QoS) in a Differentiated Services (DiffServ) network, a dynamic admission control scheme is definitely needed as an alternative to overprovisioning. In this paper, we present a simple measurement-based admission control (MBAC) mechanism for DiffServ-based access networks. Instead of using active measurements only or doing purely static bookkeeping with parameter-based admission control (PBAC), the admission control decisions are based on bandwidth reservations and periodically measured & exponentially averaged link loads. If any link load on the path between two endpoints is over the applicable threshold, access is denied. Link loads are periodically sent to Bandwidth Broker (BB) of the routing domain, which makes the admission control decisions. The information needed in calculating the link loads is retrieved from the router statistics. The proposed admission control mechanism is verified through simulations. Our results prove that it is possible to achieve very high bottleneck link utilization levels and still maintain good QoS.

Regulatory accessibility and social influences on state self-control.

Science.gov (United States)

vanDellen, Michelle R; Hoyle, Rick H

2010-02-01

The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals' state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-control leads to increases in state self-control and thinking of others with bad trait or state self-control leads to decreases in state self-control. Study 5 provides evidence that the salience of significant others influences both regulatory accessibility and state self-control. Combined, these studies suggest that the effects of social influences on state self-control occur through multiple mechanisms.

Information Security and Wireless: Alternate Approaches for Controlling Access to Critical Information

National Research Council Canada - National Science Library

Nandram, Winsome

2004-01-01

.... Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.

Android Access Control Extension

Directory of Open Access Journals (Sweden)

Anton Baláž

2015-12-01

Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.

Efficient key management for cryptographically enforced access control

NARCIS (Netherlands)

Zych, Anna; Petkovic, Milan; Jonker, Willem

Cryptographic enforcement of access control mechanisms relies on encrypting protected data with the keys stored by authorized users. This approach poses the problem of the distribution of secret keys. In this paper, a key management scheme is presented where each user stores a single key and is

A method to implement fine-grained access control for personal health records through standard relational database queries.

Science.gov (United States)

Sujansky, Walter V; Faus, Sam A; Stone, Ethan; Brennan, Patricia Flatley

2010-10-01

Online personal health records (PHRs) enable patients to access, manage, and share certain of their own health information electronically. This capability creates the need for precise access-controls mechanisms that restrict the sharing of data to that intended by the patient. The authors describe the design and implementation of an access-control mechanism for PHR repositories that is modeled on the eXtensible Access Control Markup Language (XACML) standard, but intended to reduce the cognitive and computational complexity of XACML. The authors implemented the mechanism entirely in a relational database system using ANSI-standard SQL statements. Based on a set of access-control rules encoded as relational table rows, the mechanism determines via a single SQL query whether a user who accesses patient data from a specific application is authorized to perform a requested operation on a specified data object. Testing of this query on a moderately large database has demonstrated execution times consistently below 100ms. The authors include the details of the implementation, including algorithms, examples, and a test database as Supplementary materials. Copyright © 2010 Elsevier Inc. All rights reserved.

Audit-Based Access Control for Electronic Health Records

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, Sandro

2006-01-01

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori

Audit-Based Access Control for Electronic Health Records

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, Sandro; Gadducci, F.

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

OpenAIRE

Luis Cruz-Piris; Diego Rivera; Ivan Marsa-Maestre; Enrique de la Hoz; Juan R. Velasco

2018-01-01

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to o...

Human engineering considerations in designing a computerized controlled access security system

International Nuclear Information System (INIS)

Moore, J.W.; Banks, W.W.

1988-01-01

This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad

A utility perspective on radiation worker access control systems

International Nuclear Information System (INIS)

Watson, B.A.; Goff, T.E.

1984-01-01

Based on an evaluation of the current commercial Radiation Worker Access Control Software Systems, Baltimore Gas and Electric Company has elected to design and develop a site specific access control and accountability system for the Calvert Cliffs Nuclear Power Plant. The vendor provided systems allow for radiation worker access control based on training and external exposure records and authorizations. These systems do not afford internal exposure control until after bioassay measurements or maximum permissible concentration-hours are tabulated. The vendor provided systems allow for data trending for ALARA purposes, but each software package must be modified to meet site specific requirements. Unlike the commercial systems, the Calvert Cliffs Radiological Controls and Accountability System (RCAS) will provide radiation worker exposure control, both internal and external. The RCAS is designed to fulfill the requirements by integrating the existing Radiation Safety, Dosemetry, and Training data bases with a comprehensive radiological surveillance program. Prior to each worker's entry into the Radiological Control Area; his training and qualifications, radiation exposure history and authorization, will be compared with administrative controls, such as radiation work permits, and respiratory protection requirements and the radiological conditions in the work area. The RCAS, a computer based applied health physics access control system is described as it is presently configured for development. The mechanisms for enhancing worker internal and external exposure controls are discussed. Proposed data application to both the Calvert Cliffs ALARA and outage planning programs is included

A Federated Capability-based Access Control Mechanism for Internet of Things (IoTs)

OpenAIRE

Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

2018-01-01

The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide intelligent services with or without human intervention. While leveraging the large-scale IoT-based applications like Smart Gird and Smart Cities, IoT also incurs more concerns on privacy and security. Among the top security challenges that IoTs face is that access authorization is critical in resource and information protection over IoTs. Traditional access control approaches, l...

A Key Management Method for Cryptographically Enforced Access Control

NARCIS (Netherlands)

Zych, Anna; Petkovic, Milan; Jonker, Willem; Fernández-Medina, Eduardo; Yagüe, Mariemma I.

Cryptographic enforcement of access control mechanisms relies on encrypting protected data with the keys stored by authorized users. This approach poses the problem of the distribution of secret keys. In this paper, a key management scheme is presented where each user stores a single key and is

Access control system operation

International Nuclear Information System (INIS)

Barnes, L.D.

1981-06-01

An automated method for the control and monitoring of personnel movement throughout the site was developed under contract to the Department of Energy by Allied-General Nuclear Services (AGNS) at the Barnwell Nuclear Fuel Plant (BNFP). These automated features provide strict enforcement of personnel access policy without routine patrol officer involvement. Identification methods include identification by employee ID number, identification by voice verification and identification by physical security officer verification. The ability to grant each level of access authority is distributed over the organization to prevent any single individual at any level in the organization from being capable of issuing an authorization for entry into sensitive areas. Each access event is recorded. As access events occur, the inventory of both the entered and the exited control area is updated so that a current inventory is always available for display. The system has been operated since 1979 in a development mode and many revisions have been implemented in hardware and software as areas were added to the system. Recent changes have involved the installation of backup systems and other features required to achieve a high reliability. The access control system and recent operating experience are described

A service-oriented data access control model

Science.gov (United States)

Meng, Wei; Li, Fengmin; Pan, Juchen; Song, Song; Bian, Jiali

2017-01-01

The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

Enterprise Dynamic Access Control (EDAC)

National Research Council Canada - National Science Library

Fernandez, Richard

2005-01-01

.... Resources can represent software applications, web services and even facility access. An effective access control model should be capable of evaluating resource access based on user characteristics and environmentals...

Access Agent Improving The Performance Of Access Control Lists

Directory of Open Access Journals (Sweden)

Thelis R. S.

2015-08-01

Full Text Available The main focus of the proposed research is maintaining the security of a network. Extranet is a popular network among most of the organizations where network access is provided to a selected group of outliers. Limiting access to an extranet can be carried out using Access Control Lists ACLs method. However handling the workload of ACLs is an onerous task for the router. The purpose of the proposed research is to improve the performance and to solidify the security of the ACLs used in a small organization. Using a high performance computer as a dedicated device to share and handle the router workload is suggested in order to increase the performance of the router when handling ACLs. Methods of detecting and directing sensitive data is also discussed in this paper. A framework is provided to help increase the efficiency of the ACLs in an organization network using the above mentioned procedures thus helping the organizations ACLs performance to be improved to be more secure and the system to perform faster. Inbuilt methods of Windows platform or Software for open source platforms can be used to make a computer function as a router. Extended ACL features allow the determining of the type of packets flowing through the router. Combining these mechanisms allows the ACLs to be improved and perform in a more efficient manner.

Incentive Mechanism for P2P Content Sharing over Heterogenous Access Networks

Science.gov (United States)

Sato, Kenichiro; Hashimoto, Ryo; Yoshino, Makoto; Shinkuma, Ryoichi; Takahashi, Tatsuro

In peer-to-peer (P2P) content sharing, users can share their content by contributing their own resources to one another. However, since there is no incentive for contributing contents or resources to others, users may attempt to obtain content without any contribution. To motivate users to contribute their resources to the service, incentive-rewarding mechanisms have been proposed. On the other hand, emerging wireless technologies, such as IEEE 802.11 wireless local area networks, beyond third generation (B3G) cellular networks and mobile WiMAX, provide high-speed Internet access for wireless users. Using these high-speed wireless access, wireless users can use P2P services and share their content with other wireless users and with fixed users. However, this diversification of access networks makes it difficult to appropriately assign rewards to each user according to their contributions. This is because the cost necessary for contribution is different in different access networks. In this paper, we propose a novel incentive-rewarding mechanism called EMOTIVER that can assign rewards to users appropriately. The proposed mechanism uses an external evaluator and interactive learning agents. We also investigate a way of appropriately controlling rewards based on the system service's quality and managing policy.

Flexible Access Control for Dynamic Collaborative Environments

NARCIS (Netherlands)

Dekker, M.A.C.

2009-01-01

Access control is used in computer systems to control access to confidential data. In this thesis we focus on access control for dynamic collaborative environments where multiple users and systems access and exchange data in an ad hoc manner. In such environments it is difficult to protect

Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

OpenAIRE

Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

2007-01-01

This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.

TRBAC:基于信任的访问控制模型%TRBAC: Trust Based Access Control Model

Institute of Scientific and Technical Information of China (English)

刘武; 段海新; 张洪; 任萍; 吴建平

2011-01-01

访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.

Keep on Blockin' in the Free World: Personal Access Control for Low-Cost RFID Tags

NARCIS (Netherlands)

Rieback, M.R.; Crispo, B.; Tanenbaum, A.S.

2005-01-01

This paper introduces an off-tag RFID access control mechanism called "Selective RFID Jamming". Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an

Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

NARCIS (Netherlands)

Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

2007-01-01

This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an

Access Control Based on Trail Inference

Directory of Open Access Journals (Sweden)

ALBARELO, P. C.

2015-06-01

Full Text Available Professionals are constantly seeking qualification and consequently increasing their knowledge in their area of expertise. Thus, it is interesting to develop a computer system that knows its users and their work history. Using this information, even in the case of professional role change, the system could allow the renewed authorization for activities, based on previously authorized use. This article proposes a model for user access control that is embedded in a context-aware environment. The model applies the concept of trails to manage access control, recording activities usage in contexts and applying this history as a criterion to grant new accesses. Despite the fact that previous related research works consider contexts, none of them uses the concept of trails. Hence, the main contribution of this work is the use of a new access control criterion, namely, the history of previous accesses (trails. A prototype was implemented and applied in an evaluation based on scenarios. The results demonstrate the feasibility of the proposal, allowing for access control systems to use an alternative way to support access rights.

Secure Access Control and Authority Delegation Based on Capability and Context Awareness for Federated IoT

DEFF Research Database (Denmark)

Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

2013-01-01

Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... the Capability-based Context Aware Access Control (CCAAC) model including the authority delegation method, along with specification and protocol evaluation intended for federated Machine-to-Machine (M2M)/IoT. By using the identity and capability-based access control approach together with the contextual...

BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs

Science.gov (United States)

Frias-Martinez, Vanessa; Stolfo, Salvatore J.; Keromytis, Angelos D.

Mobile Ad-hoc Networks (MANETs) are very dynamic networks with devices continuously entering and leaving the group. The highly dynamic nature of MANETs renders the manual creation and update of policies associated with the initial incorporation of devices to the MANET (admission control) as well as with anomaly detection during communications among members (access control) a very difficult task. In this paper, we present BARTER, a mechanism that automatically creates and updates admission and access control policies for MANETs based on behavior profiles. BARTER is an adaptation for fully distributed environments of our previously introduced BB-NAC mechanism for NAC technologies. Rather than relying on a centralized NAC enforcer, MANET members initially exchange their behavior profiles and compute individual local definitions of normal network behavior. During admission or access control, each member issues an individual decision based on its definition of normalcy. Individual decisions are then aggregated via a threshold cryptographic infrastructure that requires an agreement among a fixed amount of MANET members to change the status of the network. We present experimental results using content and volumetric behavior profiles computed from the ENRON dataset. In particular, we show that the mechanism achieves true rejection rates of 95% with false rejection rates of 9%.

IAACaaS: IoT Application-Scoped Access Control as a Service

Directory of Open Access Journals (Sweden)

Álvaro Alonso

2017-10-01

Full Text Available access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability.

A universal data access and protocol integration mechanism for smart home

Science.gov (United States)

Shao, Pengfei; Yang, Qi; Zhang, Xuan

2013-03-01

With the lack of standardized or completely missing communication interfaces in home electronics, there is no perfect solution to address every aspect in smart homes based on existing protocols and technologies. In addition, the central control unit (CCU) of smart home system working point-to-point between the multiple application interfaces and the underlying hardware interfaces leads to its complicated architecture and unpleasant performance. A flexible data access and protocol integration mechanism is required. The current paper offers a universal, comprehensive data access and protocol integration mechanism for a smart home. The universal mechanism works as a middleware adapter with unified agreements of the communication interfaces and protocols, offers an abstraction of the application level from the hardware specific and decoupling the hardware interface modules from the application level. Further abstraction for the application interfaces and the underlying hardware interfaces are executed based on adaption layer to provide unified interfaces for more flexible user applications and hardware protocol integration. This new universal mechanism fundamentally changes the architecture of the smart home and in some way meets the practical requirement of smart homes more flexible and desirable.

Joint control algorithm in access network

Institute of Scientific and Technical Information of China (English)

2008-01-01

To deal with long probing delay and inaccurate probing results in the endpoint admission control method,a joint local and end-to-end admission control algorithm is proposed,which introduces local probing of access network besides end-to-end probing.Through local probing,the algorithm accurately estimated the resource status of the access network.Simulation shows that this algorithm can improve admission control performance and reduce users' average waiting time when the access network is heavily loaded.

Access control and personal identification systems

CERN Document Server

Bowers, Dan M

1988-01-01

Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

An Attribute Based Access Control Framework for Healthcare System

Science.gov (United States)

Afshar, Majid; Samet, Saeed; Hu, Ting

2018-01-01

Nowadays, access control is an indispensable part of the Personal Health Record and supplies for its confidentiality by enforcing policies and rules to ensure that only authorized users gain access to requested resources in the system. In other words, the access control means protecting patient privacy in healthcare systems. Attribute-Based Access Control (ABAC) is a new access control model that can be used instead of other traditional types of access control such as Discretionary Access Control, Mandatory Access Control, and Role-Based Access Control. During last five years ABAC has shown some applications in both recent academic fields and industry purposes. ABAC by using user’s attributes and resources, makes a decision according to an access request. In this paper, we propose an ABAC framework for healthcare system. We use the engine of ABAC for rendering and enforcing healthcare policies. Moreover, we handle emergency situations in this framework.

Access control and service-oriented architectures

NARCIS (Netherlands)

Leune, C.J.

2007-01-01

Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the

Network Access Control For Dummies

CERN Document Server

Kelley, Jay; Wessels, Denzil

2009-01-01

Network access control (NAC) is how you manage network security when your employees, partners, and guests need to access your network using laptops and mobile devices. Network Access Control For Dummies is where you learn how NAC works, how to implement a program, and how to take real-world challenges in stride. You'll learn how to deploy and maintain NAC in your environment, identify and apply NAC standards, and extend NAC for greater network security. Along the way you'll become familiar with what NAC is (and what it isn't) as well as the key business drivers for deploying NAC.Learn the step

Mining Roles and Access Control for Relational Data under Privacy and Accuracy Constraints

Science.gov (United States)

Pervaiz, Zahid

2013-01-01

Access control mechanisms protect sensitive information from unauthorized users. However, when sensitive information is shared and a Privacy Protection Mechanism (PPM) is not in place, an authorized insider can still compromise the privacy of a person leading to identity disclosure. A PPM can use suppression and generalization to anonymize and…

A novel and efficient user access control scheme for wireless body area sensor networks

Directory of Open Access Journals (Sweden)

Santanu Chatterjee

2014-07-01

Full Text Available Wireless body area networks (WBANs can be applied to provide healthcare and patient monitoring. However, patient privacy can be vulnerable in a WBAN unless security is considered. Access to authorized users for the correct information and resources for different services can be provided with the help of efficient user access control mechanisms. This paper proposes a new user access control scheme for a WBAN. The proposed scheme makes use of a group-based user access ID, an access privilege mask, and a password. An elliptic curve cryptography-based public key cryptosystem is used to ensure that a particular legitimate user can only access the information for which he/she is authorized. We show that our scheme performs better than previously existing user access control schemes. Through a security analysis, we show that our scheme is secure against possible known attacks. Furthermore, through a formal security verification using the AVISPA (Automated Validation of Internet Security Protocols and Applications tool, we show that our scheme is also secure against passive and active attacks.

Research of user access control for networked manufacturing system

Institute of Scientific and Technical Information of China (English)

ZHENG Xiao-lin; LEI Yu; CHEN De-ren

2006-01-01

An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

Perti Net-Based Workflow Access Control Model%基于Perti网的工作流访问控制模型研究

Institute of Scientific and Technical Information of China (English)

陈卓; 骆婷; 石磊; 洪帆

2004-01-01

Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.

Time dependent policy-based access control

DEFF Research Database (Denmark)

Vasilikos, Panagiotis; Nielson, Flemming; Nielson, Hanne Riis

2017-01-01

also on other attributes of the environment such as the time. In this paper, we use systems of Timed Automata to model distributed systems and we present a logic in which one can express time-dependent policies for access control. We show how a fragment of our logic can be reduced to a logic......Access control policies are essential to determine who is allowed to access data in a system without compromising the data's security. However, applications inside a distributed environment may require those policies to be dependent on the actual content of the data, the flow of information, while...... that current model checkers for Timed Automata such as UPPAAL can handle and we present a translator that performs this reduction. We then use our translator and UPPAAL to enforce time-dependent policy-based access control on an example application from the aerospace industry....

An Effective Massive Sensor Network Data Access Scheme Based on Topology Control for the Internet of Things.

Science.gov (United States)

Yi, Meng; Chen, Qingkui; Xiong, Neal N

2016-11-03

This paper considers the distributed access and control problem of massive wireless sensor networks' data access center for the Internet of Things, which is an extension of wireless sensor networks and an element of its topology structure. In the context of the arrival of massive service access requests at a virtual data center, this paper designs a massive sensing data access and control mechanism to improve the access efficiency of service requests and makes full use of the available resources at the data access center for the Internet of things. Firstly, this paper proposes a synergistically distributed buffer access model, which separates the information of resource and location. Secondly, the paper divides the service access requests into multiple virtual groups based on their characteristics and locations using an optimized self-organizing feature map neural network. Furthermore, this paper designs an optimal scheduling algorithm of group migration based on the combination scheme between the artificial bee colony algorithm and chaos searching theory. Finally, the experimental results demonstrate that this mechanism outperforms the existing schemes in terms of enhancing the accessibility of service requests effectively, reducing network delay, and has higher load balancing capacity and higher resource utility rate.

Break-glass handling exceptional situations in access control

CERN Document Server

Petritsch, Helmut

2014-01-01

Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres

Geospacial information utilized under the access control strategy

Institute of Scientific and Technical Information of China (English)

TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming

2007-01-01

This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.

Usage Control Enhanced Access Control Based on XACML%使用控制支持的基于XACML的访问控制

Institute of Scientific and Technical Information of China (English)

陶宇炜; 符彦惟

2011-01-01

针对网格环境下资源访问控制的特点,提出了一个基于使用控制模型UCON,结合XACML和SAML的访问控制模型.用可扩展访问标记语占XACML描述访问控制的授权策略,结合SAML声明和请求/响应机制,根据用户、资源、环境的属性进行访问控制决策,可动态地评估访问请求,提供细粒度的访问控制和良好的互操作性.%Combining the feature of resource access control in the grid environment, this paper presents an access control model based on UCON, combined with XACML and SAML. The paper describes authorization policy about access control by XACML, combines SAML statement and request/response mechanism, executes access control decision based on user, resource and environment attributes, evaluates access request dynamically, and provides fine-grained access control and good interoperability.

Content sensitivity based access control framework for Hadoop

Directory of Open Access Journals (Sweden)

T.K. Ashwin Kumar

2017-11-01

Full Text Available Big data technologies have seen tremendous growth in recent years. They are widely used in both industry and academia. In spite of such exponential growth, these technologies lack adequate measures to protect data from misuse/abuse. Corporations that collect data from multiple sources are at risk of liabilities due to the exposure of sensitive information. In the current implementation of Hadoop, only file-level access control is feasible. Providing users with the ability to access data based on the attributes in a dataset or the user’s role is complicated because of the sheer volume and multiple formats (structured, unstructured and semi-structured of data. In this paper, we propose an access control framework, which enforces access control policies dynamically based on the sensitivity of the data. This framework enforces access control policies by harnessing the data context, usage patterns and information sensitivity. Information sensitivity changes over time with the addition and removal of datasets, which can lead to modifications in access control decisions. The proposed framework accommodates these changes. The proposed framework is automated to a large extent as the data itself determines the sensitivity with minimal user intervention. Our experimental results show that the proposed framework is capable of enforcing access control policies on non-multimedia datasets with minimal overhead.

Access Control Management for SCADA Systems

Science.gov (United States)

Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

Feasibility Assessment of a Fine-Grained Access Control Model on Resource Constrained Sensors.

Science.gov (United States)

Uriarte Itzazelaia, Mikel; Astorga, Jasone; Jacob, Eduardo; Huarte, Maider; Romaña, Pedro

2018-02-13

Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that provide services that can adapt to user behavior or be managed to achieve greater productivity. In such environments, smart things are inexpensive and, therefore, constrained devices. However, they are also critical components because of the importance of the information that they provide. Given this, strong security is a requirement, but not all security mechanisms in general and access control models in particular are feasible. In this paper, we present the feasibility assessment of an access control model that utilizes a hybrid architecture and a policy language that provides dynamic fine-grained policy enforcement in the sensors, which requires an efficient message exchange protocol called Hidra. This experimental performance assessment includes a prototype implementation, a performance evaluation model, the measurements and related discussions, which demonstrate the feasibility and adequacy of the analyzed access control model.

Task-role-based Access Control Model in Smart Health-care System

Directory of Open Access Journals (Sweden)

Wang Peng

2015-01-01

Full Text Available As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for the medical health-care environment, task-role-based access control model, which overcomes the disadvantages of traditional access control models. The task-role-based access control (T-RBAC model introduces a task concept, dividing tasks into four categories. It also supports supervision role hierarchy. T-RBAC is a proper access control model for Smart Health-care System, and it improves the management of access rights. This paper also proposes an implementation of T-RBAC, a binary two-key-lock pair access control scheme using prime factorization.

An Effective Massive Sensor Network Data Access Scheme Based on Topology Control for the Internet of Things

Directory of Open Access Journals (Sweden)

Meng Yi

2016-11-01

Full Text Available This paper considers the distributed access and control problem of massive wireless sensor networks’ data access center for the Internet of Things, which is an extension of wireless sensor networks and an element of its topology structure. In the context of the arrival of massive service access requests at a virtual data center, this paper designs a massive sensing data access and control mechanism to improve the access efficiency of service requests and makes full use of the available resources at the data access center for the Internet of things. Firstly, this paper proposes a synergistically distributed buffer access model, which separates the information of resource and location. Secondly, the paper divides the service access requests into multiple virtual groups based on their characteristics and locations using an optimized self-organizing feature map neural network. Furthermore, this paper designs an optimal scheduling algorithm of group migration based on the combination scheme between the artificial bee colony algorithm and chaos searching theory. Finally, the experimental results demonstrate that this mechanism outperforms the existing schemes in terms of enhancing the accessibility of service requests effectively, reducing network delay, and has higher load balancing capacity and higher resource utility rate.

Access Control of Web- and Java-Based Applications

Science.gov (United States)

Tso, Kam S.; Pajevski, Michael J.

2013-01-01

Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

LANSCE personnel access control system (PACS)

International Nuclear Information System (INIS)

Sturrock, J.C.; Gallegos, F.R.; Hall, M.J.

1997-01-01

The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described

Information-flow-based Access Control for Virtualized Systems

Directory of Open Access Journals (Sweden)

Dmitriy Aleksandrovich Postoev

2014-12-01

Full Text Available The article is devoted to the method of information-flow-based access control, adopted for virtualized systems. General structure of access control system for virtual infrastructure is proposed.

An IEEE 802.3 Compatible Real Time Medium Access Control with Length-based Priority

Institute of Scientific and Technical Information of China (English)

无

2006-01-01

A new medium access control method is proposed over the predominant Ethernet broadcast channel. Taking advantages of intrinsic variable length characteristic of standard Ethernet frame, message-oriented dynamic priority mechanism is established. Prioritized medium access control operates under a so-called block mode in event of collisions.High priority messages have a chance to preempt block status incurred by low priority ones. By this means, the new MAC provides a conditional deterministic real time performance beyond a statistical one. Experiments demonstrate effectiveness and attractiveness of the proposed scheme. Moreover, this new MAC is completely compatible with IEEE802.3.

Task-role-based Access Control Model in Smart Health-care System

OpenAIRE

Wang Peng; Jiang Lingyun

2015-01-01

As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for...

Analysing Access Control Specifications

DEFF Research Database (Denmark)

Probst, Christian W.; Hansen, René Rydhof

2009-01-01

When prosecuting crimes, the main question to answer is often who had a motive and the possibility to commit the crime. When investigating cyber crimes, the question of possibility is often hard to answer, as in a networked system almost any location can be accessed from almost anywhere. The most...... common tool to answer this question, analysis of log files, faces the problem that the amount of logged data may be overwhelming. This problems gets even worse in the case of insider attacks, where the attacker’s actions usually will be logged as permissible, standard actions—if they are logged at all....... Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set...

Disk access controller for Multi 8 computer

International Nuclear Information System (INIS)

Segalard, Jean

1970-01-01

After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements

The linked medical data access control framework.

Science.gov (United States)

Kamateri, Eleni; Kalampokis, Evangelos; Tambouris, Efthimios; Tarabanis, Konstantinos

2014-08-01

The integration of medical data coming from multiple sources is important in clinical research. Amongst others, it enables the discovery of appropriate subjects in patient-oriented research and the identification of innovative results in epidemiological studies. At the same time, the integration of medical data faces significant ethical and legal challenges that impose access constraints. Some of these issues can be addressed by making available aggregated instead of raw record-level data. In many cases however, there is still a need for controlling access even to the resulting aggregated data, e.g., due to data provider's policies. In this paper we present the Linked Medical Data Access Control (LiMDAC) framework that capitalizes on Linked Data technologies to enable controlling access to medical data across distributed sources with diverse access constraints. The LiMDAC framework consists of three Linked Data models, namely the LiMDAC metadata model, the LiMDAC user profile model, and the LiMDAC access policy model. It also includes an architecture that exploits these models. Based on the framework, a proof-of-concept platform is developed and its performance and functionality are evaluated by employing two usage scenarios. Copyright © 2014 Elsevier Inc. All rights reserved.

Access Control Model for Sharing Composite Electronic Health Records

Science.gov (United States)

Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

Access control based on attribute certificates for medical intranet applications.

Science.gov (United States)

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

Research and Design of Dynamic Migration Access Control Technology Based on Heterogeneous Network

Directory of Open Access Journals (Sweden)

Wang Feng

2017-01-01

Full Text Available With the continuous development of wireless networks, the amount of privacy services in heterogeneous mobile networks is increasing, such as information storage, user access, and so on. Access control security issues for heterogeneous mobile radio network, this paper proposes a dynamic migration access control technology based on heterogeneous network. Through the system architecture of the mutual trust system, we can understand the real-time mobile node failure or abnormal state. To make the service can be terminated for the node. And adopt the 802.1X authentication way to improve the security of the system. Finally, it by combining the actual running test data, the trust update algorithm of the system is optimized to reduce the actual security threats in the environment. Experiments show that the system’s anti-attack, the success rate of access, bit error rate is in line with the expected results. This system can effectively reduce the system authentication information is illegally obtained after the network security protection mechanism failure and reduce the risk of user data leakage.

Role Based Access Control system in the ATLAS experiment

International Nuclear Information System (INIS)

Valsan, M L; Dumitru, I; Darlea, G L; Bujor, F; Dobson, M; Miotto, G Lehmann; Schlenker, S; Avolio, G; Scannicchio, D A; Filimonov, V; Khomoutnikov, V; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Twomey, M

2011-01-01

The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (∼3000), roles (∼320), groups (∼80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.

RFID Based Security Access Control System with GSM Technology

OpenAIRE

Peter Adole; Joseph M. Môm; Gabriel A. Igwue

2016-01-01

The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

A New Data Access Mechanism for HDFS

Science.gov (United States)

Li, Qiang; Sun, Zhenyu; Wei, Zhanchen; Sun, Gongxing

2017-10-01

With the era of big data emerging, Hadoop has become the de facto standard of big data processing platform. However, it is still difficult to get legacy applications, such as High Energy Physics (HEP) applications, to run efficiently on Hadoop platform. There are two reasons which lead to the difficulties mentioned above: firstly, random access is not supported on Hadoop File System (HDFS), secondly, it is difficult to make legacy applications adopt to HDFS streaming data processing mode. In order to address the two issues, a new read and write mechanism of HDFS is proposed. With this mechanism, data access is done on the local file system instead of through HDFS streaming interfaces. To enable files modified by users, three attributes including permissions, owner and group are imposed on Block objects. Blocks stored on Datanodes have the same attributes as the file they are owned by. Users can modify blocks when the Map task running locally, and HDFS is responsible to update the rest replicas later after the block modification finished. To further improve the performance of Hadoop system, a complete localization task execution mechanism is implemented for I/O intensive jobs. Test results show that average CPU utilization is improved by 10% with the new task selection strategy, data read and write performances are improved by about 10% and 30% separately.

Role Based Access Control system in the ATLAS experiment

CERN Document Server

Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G

2011-01-01

The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...

Role Based Access Control System in the ATLAS Experiment

CERN Document Server

Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F

2010-01-01

The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...

STAR-TYPE LOCAL AREA NETWORK ACCESS CONTROL

Institute of Scientific and Technical Information of China (English)

逯昭义; 齐藤忠夫

1990-01-01

The multiple access fashion is a new resolution for the star-type local area network (LAN) access control and star-type optical fibre LAN. Arguments about this network are discussed, and the results are introduced.

Owner-Based Role-Based Access Control OB-RBAC

NARCIS (Netherlands)

Saffarian, M.; Sadighi, Babak

Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based

Towards an Approach of Semantic Access Control for Cloud Computing

Science.gov (United States)

Hu, Luokai; Ying, Shi; Jia, Xiangyang; Zhao, Kai

With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

METHOD AND ABSTRACT MODEL FOR CONTROL AND ACCESS RIGHTS BY REQUESTS REDIRECTION

Directory of Open Access Journals (Sweden)

K. A. Shcheglov

2015-11-01

Full Text Available We have researched implementation problems of control and access rights of subjects to objects in modern computer systems. We have suggested access control method based on objects access requests redirection. The method possesses a distinctive feature as compared to discretional access control. In case when a subject needs to deny writing (object modification, it is not denied but redirected (access rights are not changed, but operation is performed with another object. This gives the possibility to implement access policies to system objects without breaking the system and applications operability, and share correctly access objects between subjects. This important property of suggested access control method enables to solve fundamentally new system objects securing problems like system resources virtualization aimed to protect system objects from users’ and applications attacks. We have created an abstract model, and it shows that this method (access control from subjects to objects based on requests redirection can be used as self-sufficient access control method, implementing any access control policy (from subjects to objects, thus being an alternative to discretional access control method.

Task-and-role-based access-control model for computational grid

Institute of Scientific and Technical Information of China (English)

LONG Tao; HONG Fan; WU Chi; SUN Ling-li

2007-01-01

Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.

Distributed Role-based Access Control for Coaliagion Application

Institute of Scientific and Technical Information of China (English)

HONG Fan; ZHU Xian; XING Guanglin

2005-01-01

Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.

XACML to build access control policies for Internet of Things

OpenAIRE

Atlam, Hany F.; Alassafi, Madini, Obad; Alenezi, Ahmed; Walters, Robert; Wills, Gary

2018-01-01

Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an ef...

Flexible and Lightweight Access Control for Online Healthcare Social Networks in the Context of the Internet of Things

Directory of Open Access Journals (Sweden)

Zhen Qin

2017-01-01

Full Text Available Online healthcare social networks (OHSNs play an essential role in sharing information among medical experts and patients who are equipped with similar experiences. To access other patients’ data or experts’ diagnosis anywhere and anytime, it is necessary to integrate the OHSN into the Internet as part of the Internet of Things (IoT. Therefore, it is crucial to design an efficient and versatile access control scheme that can grant and revoke a user to access the OHSN. In this paper, we propose novel attribute-based encryption (ABE features with user revocation and verifiable decryption outsourcing to control the access privilege of the users. The security of the proposed ABE scheme is given in the well-studied random oracle model. With the proposed ABE scheme, the malicious users can be excluded from the system and the user can offload most of the overhead in the decryption to an untrusted cloud server in a verifiable manner. An access control scheme for the OHSN has been given in the context of the IoT based on the proposed ABE scheme. The simulation demonstrates that our access control mechanism is practical.

A Theorem on Grid Access Control

Institute of Scientific and Technical Information of China (English)

XU ZhiWei(徐志伟); BU GuanYing(卜冠英)

2003-01-01

The current grid security research is mainly focused on the authentication of grid systems. A problem to be solved by grid systems is to ensure consistent access control. This problem is complicated because the hosts in a grid computing environment usually span multiple autonomous administrative domains. This paper presents a grid access control model, based on asynchronous automata theory and the classic Bell-LaPadula model. This model is useful to formally study the confidentiality and integrity problems in a grid computing environment. A theorem is proved, which gives the necessary and sufficient conditions to a grid to maintain confidentiality.These conditions are the formalized descriptions of local (node) relations or relationship between grid subjects and node subjects.

An Attribute-Based Access Control with Efficient and Secure Attribute Revocation for Cloud Data Sharing Service

Institute of Scientific and Technical Information of China (English)

Nyamsuren Vaanchig; Wei Chen; Zhi-Guang Qin

2017-01-01

Nowadays, there is the tendency to outsource data to cloud storage servers for data sharing purposes. In fact, this makes access control for the outsourced data a challenging issue. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution for this challenge. It gives the data owner (DO) direct control on access policy and enforces the access policy cryptographically. However, the practical application of CP-ABE in the data sharing service also has its own inherent challenge with regard to attribute revocation. To address this challenge, we proposed an attribute-revocable CP-ABE scheme by taking advantages of the over-encryption mechanism and CP-ABE scheme and by considering the semi-trusted cloud service provider (CSP) that participates in decryption processes to issue decryption tokens for authorized users. We further presented the security and performance analysis in order to assess the effectiveness of the scheme. As compared with the existing attribute-revocable CP-ABE schemes, our attribute-revocable scheme is reasonably efficient and more secure to enable attribute-based access control over the outsourced data in the cloud data sharing service.

How Drug Control Policy and Practice Undermine Access to Controlled Medicines.

Science.gov (United States)

Burke-Shyne, Naomi; Csete, Joanne; Wilson, Duncan; Fox, Edward; Wolfe, Daniel; Rasanathan, Jennifer J K

2017-06-01

Drug conventions serve as the cornerstone for domestic drug laws and impose a dual obligation upon states to prevent the misuse of controlled substances while ensuring their adequate availability for medical and scientific purposes. Despite the mandate that these obligations be enforced equally, the dominant paradigm enshrined in the drug conventions is an enforcement-heavy criminal justice response to controlled substances that prohibits and penalizes their misuse. Prioritizing restrictive control is to the detriment of ensuring adequate availability of and access to controlled medicines, thereby violating the rights of people who need them. This paper argues that the drug conventions' prioritization of criminal justice measures-including efforts to prevent non-medical use of controlled substances-undermines access to medicines and infringes upon the right to health and the right to enjoy the benefits of scientific progress. While the effects of criminalization under drug policy limit the right to health in multiple ways, we draw on research and documented examples to highlight the impact of drug control and criminalization on access to medicines. The prioritization and protection of human rights-specifically the right to health and the right to enjoy the benefits of scientific progress-are critical to rebalancing drug policy.

NASA Access Mechanism - Graphical user interface information retrieval system

Science.gov (United States)

Hunter, Judy F.; Generous, Curtis; Duncan, Denise

1993-01-01

Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited by factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.

NASA access mechanism: Graphical user interface information retrieval system

Science.gov (United States)

Hunter, Judy; Generous, Curtis; Duncan, Denise

1993-01-01

Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited to factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.

ACCESS: Thermal Mechanical Design, Performance, and Status

Science.gov (United States)

Kaiser, Mary Elizabeth; Morris, M. J.; McCandliss, S. R.; Rauscher, B. J.; Kimble, R. A.; Kruk, J. W.; Wright, E. L.; Bohlin, R.; Kurucz, R. L.; Riess, A. G.; Pelton, R.; Deustua, S. E.; Dixon, W. V.; Sahnow, D. J.; Benford, D. J.; Gardner, J. P.; Feldman, P. D.; Moos, H. W.; Lampton, M.; Perlmutter, S.; Woodgate, B. E.

2014-01-01

Systematic errors associated with astrophysical data used to probe fundamental astrophysical questions, such as SNeIa observations used to constrain dark energy theories, are now rivaling and exceeding the statistical errors associated with these measurements. ACCESS: Absolute Color Calibration Experiment for Standard Stars is a series of rocket-borne sub-orbital missions and ground-based experiments designed to enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 - 1.7μm bandpass. Achieving this level of accuracy requires characterization and stability of the instrument and detector including a thermal background that contributes less than 1% to the flux per resolution element in the NIR. We will present the instrument and calibration status with a focus on the thermal mechanical design and associated performance data. The detector control and performance will be presented in a companion poster (Morris, et al). NASA APRA sounding rocket grant NNX08AI65G supports this work.

An electronically controlled automatic security access gate

Directory of Open Access Journals (Sweden)

Jonathan A. ENOKELA

2014-11-01

Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.

Foundation for a Time Interval Access Control Model

National Research Council Canada - National Science Library

Afinidad, Francis B; Levin, Timothy E; Irvine, Cynthia E; Nguyen, Thuy D

2005-01-01

A new model for representing temporal access control policies is introduced. In this model, temporal authorizations are represented by time attributes associated with both subjects and objects, and a time interval access graph...

Performance estimates for personnel access control systems

International Nuclear Information System (INIS)

Bradley, R.G.

1980-10-01

Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems

An Expressive, Lightweight and Secure Construction of Key Policy Attribute-Based Cloud Data Sharing Access Control

Science.gov (United States)

Lin, Guofen; Hong, Hanshu; Xia, Yunhao; Sun, Zhixin

2017-10-01

Attribute-based encryption (ABE) is an interesting cryptographic technique for flexible cloud data sharing access control. However, some open challenges hinder its practical application. In previous schemes, all attributes are considered as in the same status while they are not in most of practical scenarios. Meanwhile, the size of access policy increases dramatically with the raise of its expressiveness complexity. In addition, current research hardly notices that mobile front-end devices, such as smartphones, are poor in computational performance while too much bilinear pairing computation is needed for ABE. In this paper, we propose a key-policy weighted attribute-based encryption without bilinear pairing computation (KP-WABE-WB) for secure cloud data sharing access control. A simple weighted mechanism is presented to describe different importance of each attribute. We introduce a novel construction of ABE without executing any bilinear pairing computation. Compared to previous schemes, our scheme has a better performance in expressiveness of access policy and computational efficiency.

HYDRAULIC SERVO CONTROL MECHANISM

Science.gov (United States)

Hussey, R.B.; Gottsche, M.J. Jr.

1963-09-17

A hydraulic servo control mechanism of compact construction and low fluid requirements is described. The mechanism consists of a main hydraulic piston, comprising the drive output, which is connected mechanically for feedback purposes to a servo control piston. A control sleeve having control slots for the system encloses the servo piston, which acts to cover or uncover the slots as a means of controlling the operation of the system. This operation permits only a small amount of fluid to regulate the operation of the mechanism, which, as a result, is compact and relatively light. This mechanism is particuiarly adaptable to the drive and control of control rods in nuclear reactors. (auth)

The Practice of Hospital Intranet Terminal Access Control Solution

Institute of Scientific and Technical Information of China (English)

QI Shi-tao; TANG Li-ming

2016-01-01

Along with the increasingly urgent management needs of intranet terminals in hospital, and large scaled deployment of terminal management system, terminal access control has become one of the standard functions of terminal management. This paper mainly aims at some simple research for the system construction of hospital intranet terminal access control.

Experience with ActiveX control for simple channel access

International Nuclear Information System (INIS)

Timossi, C.; Nishimura, H.; McDonald, J.

2003-01-01

Accelerator control system applications at Berkeley Lab's Advanced Light Source (ALS) are typically deployed on operator consoles running Microsoft Windows 2000 and utilize EPICS[2]channel access for data access. In an effort to accommodate the wide variety of Windows based development tools and developers with little experience in network programming, ActiveX controls have been deployed on the operator stations. Use of ActiveX controls for use in the accelerator control environment has been presented previously[1]. Here we report on some of our experiences with the use and development of these controls

Access Control of Web and Java Based Applications

Science.gov (United States)

Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

2011-01-01

Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

Mandatory and Location-Aware Access Control for Relational Databases

Science.gov (United States)

Decker, Michael

Access control is concerned with determining which operations a particular user is allowed to perform on a particular electronic resource. For example, an access control decision could say that user Alice is allowed to perform the operation read (but not write) on the resource research report. With conventional access control this decision is based on the user's identity whereas the basic idea of Location-Aware Access Control (LAAC) is to evaluate also a user's current location when making the decision if a particular request should be granted or denied. LAAC is an interesting approach for mobile information systems because these systems are exposed to specific security threads like the loss of a device. Some data models for LAAC can be found in literature, but almost all of them are based on RBAC and none of them is designed especially for Database Management Systems (DBMS). In this paper we therefore propose a LAAC-approach for DMBS and describe a prototypical implementation of that approach that is based on database triggers.

Development of an access control system for the LHD experimental hall

International Nuclear Information System (INIS)

Kawano, T.; Inoue, N.; Sakuma, Y.; Uda, T.; Yamanishi, H.; Miyake, H.; Tanahashi, S.; Motozima, O.

2000-01-01

An access control system for the LHD (Large Helical Device) experimental hall had been constructed and its practical operation started in March 1998. Continuously, the system has been improved. The present system keeps watch on involved entrance and exit for the use of persons at four entrances by using five turnstile gates while watching on eight shielding doors at eight positions (four entrances, three carriage entrances and a hall overview) and a stairway connecting the LHD main hall with the LHD basement. Besides, for the security of safety operation of the LHD, fifteen kinds of interlock signals are exchanged between the access control system and the LHD control system. Seven of the interlock signals are properly sent as the occasional demands from the access control system to the LHD control system, in which three staple signals are B Personnel Access to Controlled Area, D Shielding Door Closed, and E No Entrance. It is important that any plasma experiments of the LHD are not permitted while the signal B being sent or D being not sent. The signal E is sent to inform the LHD control system that the turnstile gates are locked. All the plasma experiments should not be done unless the lock procedure of the turnstile is confirmed. When the turnstile gates are locked, any persons cannot enter into the LHD controlled area, but are permissible to exit only. Six of the interlock signals are used to send the information of the working at that time in the LHD controlled area to the access control system. When one signal of the operation mode is sent to the access control system from the LHD, the access control system sets the turnstile gate in situation corresponding to the operation mode, A Equipment Operation, B Vacuum Pumping, C Coil Cooling, D Coil Excitation, and E Plasma Experiment. If the access control system receives, for example, the signal B, this system sets the turnstile gate in the condition of control such that only persons assigned to the work of vacuum

Open versus Controlled-Access Data | Office of Cancer Genomics

Science.gov (United States)

OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

An Extended Role Based Access Control Method for XML Documents

Institute of Scientific and Technical Information of China (English)

MENG Xiao-feng; LUO Dao-feng; OU Jian-bo

2004-01-01

As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

Controlled switching of single-molecule junctions by mechanical motion of a phenyl ring

Directory of Open Access Journals (Sweden)

Yuya Kitaguchi

2015-10-01

Full Text Available Mechanical methods for single-molecule control have potential for wide application in nanodevices and machines. Here we demonstrate the operation of a single-molecule switch made functional by the motion of a phenyl ring, analogous to the lever in a conventional toggle switch. The switch can be actuated by dual triggers, either by a voltage pulse or by displacement of the electrode, and electronic manipulation of the ring by chemical substitution enables rational control of the on-state conductance. Owing to its simple mechanics, structural robustness, and chemical accessibility, we propose that phenyl rings are promising components in mechanical molecular devices.

Admission Control and Interference Management in Dynamic Spectrum Access Networks

Directory of Open Access Journals (Sweden)

Jorge Martinez-Bauset

2010-01-01

Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.

A Mechanism for Identity Delegation at Authentication Level

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2009-01-01

operating systems, by delegating privileges at the identity level. The complexity of classic delegation models, especially if it strictly fol- lows the principle of least privileges, often leads to poor usability which motivates a user to circumvent the default delegation mechanism. On the other hand......Authentication and access control are normally considered separate security concepts that have separate goals and are supported by separate security mechanisms. In most operating systems, however, access control is exclusively based on the identity of the requesting principal, e.g., an access...... control mechanism based on Access Control Lists simply verifies that the authenticated identity of the requesting principal is on the list of authorized users. In this paper we propose a delegation mechanism for nomadic users, which exploits the amalgamation of authentication and access control in most...

Access control and privilege management in electronic health record: a systematic literature review.

Science.gov (United States)

Jayabalan, Manoj; O'Daniel, Thomas

2016-12-01

This study presents a systematic literature review of access control for electronic health record systems to protect patient's privacy. Articles from 2006 to 2016 were extracted from the ACM Digital Library, IEEE Xplore Digital Library, Science Direct, MEDLINE, and MetaPress using broad eligibility criteria, and chosen for inclusion based on analysis of ISO22600. Cryptographic standards and methods were left outside the scope of this review. Three broad classes of models are being actively investigated and developed: access control for electronic health records, access control for interoperability, and access control for risk analysis. Traditional role-based access control models are extended with spatial, temporal, probabilistic, dynamic, and semantic aspects to capture contextual information and provide granular access control. Maintenance of audit trails and facilities for overriding normal roles to allow full access in emergency cases are common features. Access privilege frameworks utilizing ontology-based knowledge representation for defining the rules have attracted considerable interest, due to the higher level of abstraction that makes it possible to model domain knowledge and validate access requests efficiently.

Object oriented programming techniques applied to device access and control

International Nuclear Information System (INIS)

Goetz, A.; Klotz, W.D.; Meyer, J.

1992-01-01

In this paper a model, called the device server model, has been presented for solving the problem of device access and control faced by all control systems. Object Oriented Programming techniques were used to achieve a powerful yet flexible solution. The model provides a solution to the problem which hides device dependancies. It defines a software framework which has to be respected by implementors of device classes - this is very useful for developing groupware. The decision to implement remote access in the root class means that device servers can be easily integrated in a distributed control system. A lot of the advantages and features of the device server model are due to the adoption of OOP techniques. The main conclusion that can be drawn from this paper is that 1. the device access and control problem is adapted to being solved with OOP techniques, 2. OOP techniques offer a distinct advantage over traditional programming techniques for solving the device access problem. (J.P.N.)

Medium Access Control Protocols for Cognitive Radio Ad Hoc Networks: A Survey

Directory of Open Access Journals (Sweden)

Mahdi Zareei

2017-09-01

Full Text Available New wireless network paradigms will demand higher spectrum use and availability to cope with emerging data-hungry devices. Traditional static spectrum allocation policies cause spectrum scarcity, and new paradigms such as Cognitive Radio (CR and new protocols and techniques need to be developed in order to have efficient spectrum usage. Medium Access Control (MAC protocols are accountable for recognizing free spectrum, scheduling available resources and coordinating the coexistence of heterogeneous systems and users. This paper provides an ample review of the state-of-the-art MAC protocols, which mainly focuses on Cognitive Radio Ad Hoc Networks (CRAHN. First, a description of the cognitive radio fundamental functions is presented. Next, MAC protocols are divided into three groups, which are based on their channel access mechanism, namely time-slotted protocol, random access protocol and hybrid protocol. In each group, a detailed and comprehensive explanation of the latest MAC protocols is presented, as well as the pros and cons of each protocol. A discussion on future challenges for CRAHN MAC protocols is included with a comparison of the protocols from a functional perspective.

Biomedical Big Data: New Models of Control Over Access, Use and Governance.

Science.gov (United States)

Vayena, Effy; Blasimme, Alessandro

2017-12-01

Empirical evidence suggests that while people hold the capacity to control their data in high regard, they increasingly experience a loss of control over their data in the online world. The capacity to exert control over the generation and flow of personal information is a fundamental premise to important values such as autonomy, privacy, and trust. In healthcare and clinical research this capacity is generally achieved indirectly, by agreeing to specific conditions of informational exposure. Such conditions can be openly stated in informed consent documents or be implicit in the norms of confidentiality that govern the relationships of patients and healthcare professionals. However, with medicine becoming a data-intense enterprise, informed consent and medical confidentiality, as mechanisms of control, are put under pressure. In this paper we explore emerging models of informational control in data-intense healthcare and clinical research, which can compensate for the limitations of currently available instruments. More specifically, we discuss three approaches that hold promise in increasing individual control: the emergence of data portability rights as means to control data access, new mechanisms of informed consent as tools to control data use, and finally, new participatory governance schemes that allow individuals to control their data through direct involvement in data governance. We conclude by suggesting that, despite the impression that biomedical big data diminish individual control, the synergistic effect of new data management models can in fact improve it.

Controlling Access to Suicide Means

Directory of Open Access Journals (Sweden)

Miriam Iosue

2011-12-01

Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.

Antiretroviral therapy (ART) rationing and access mechanisms and their impact on youth ART utilization in Malawi.

Science.gov (United States)

Dixon, Jimmy-Gama; Gibson, Sarah; McPake, Barbara; Maleta, Ken

2011-06-01

The World Health Organization (WHO) staging is a commonly used rationing mechanism for highly active antiretroviral therapy (HAART) among various HIV infected populations including youths in most developing countries. Rationing is defined as any policy or practice that restricts consumption of or access to certain goods due to its limited supply. However, as HIV prevalence is rapidly increasing among youth, understanding the capacity of the staging approach to achieve HAART uptake in youth is of considerable importance. This study aimed to explore how HAART rationing and access mechanisms impact on youth's utilization of HAART in Malawi. The study used mixed methods with quantitative analysis of existing Ministry of Health Clinical HIV Unit data used to determine existing levels of youth HAART use. Qualitative methods employed in-depth interviews that interviewed nine ART providers, nine HIV positive youth on HAART and nine HIV positive youth not on HAART; and field observations to nine ART clinics were used to understand HAART rationing and access mechanisms and how such mechanisms impact youth uptake of HAART. The findings revealed that ART providers use both explicit rationing mechanisms like WHO clinical staging and implicit rationing mechanisms like use of waiting lists, queues and referral in ART provision. However, the WHO staging approach had some challenges in its implementation. It was also observed that factors like non-comprehensive approach to HAART provision, costs incurred to access HAART, negative beliefs and misconceptions about HAART and HIV were among the key factors that limit youth access to HAART. The study recommends that while WHO staging is successful as a rationing mechanism in Malawi, measures should be put in place to improve access to CD4 assessment for clients who may need it. ART providers also need to be made aware of the implicit rationing mechanisms that may affect HAART access. There is also need to improve monitoring of those HIV

A General Attribute and Rule Based Role-Based Access Control Model

Institute of Scientific and Technical Information of China (English)

无

2007-01-01

Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.

Bandwidth Analysis of Functional Interconnects Used as Test Access Mechanism

NARCIS (Netherlands)

Van den Berg, A.; Ren, P.; Marinissen, E.J.; Gaydadjiev, G.; Goossens, K.

2010-01-01

Test data travels through a System on Chip (SOC) from the chip pins to the Core-Under-Test (CUT) and vice versa via a Test Access Mechanism (TAM). Conventionally, a TAM is implemented using dedicated communication infrastructure. However, also existing functional interconnect, such as a bus or

Bandwidth analysis of functional interconnects used as test access mechanism

NARCIS (Netherlands)

Berg, van den Ardy; Ren, P.; Marinissen, Erik Jan; Gaydadjiev, G.N.; Goossens, K.G.W.

2010-01-01

Test data travels through a System on Chip (SOC) from the chip pins to the Core-Under-Test (CUT) and vice versa via a Test Access Mechanism (TAM). Conventionally, a TAM is implemented using dedicated communication infrastructure. However, also existing functional interconnect, such as a bus or

Implementing Discretionary Access Control with Time Character in Linux and Performance Analysis

Institute of Scientific and Technical Information of China (English)

TAN Liang; ZHOU Ming-Tian

2006-01-01

DAC (Discretionary Access Control Policy) is access control based on ownership relations between subject and object, the subject can discretionarily decide on that who, by what methods, can access his owns object. In this paper, the system time is looked as a basic secure element. The DAC_T (Discretionary Access Control Policy with Time Character) is presented and formalized. The DAC_T resolves that the subject can discretionarily decide that who, on when, can access his owns objects. And then the DAC_T is implemented on Linux based on GFAC (General Framework for Access Control), and the algorithm is put forward. Finally, the performance analysis for the DAC_T_Linux is carried out. It is proved that the DAC_T_Linux not only can realize time constraints between subject and object but also can still be accepted by us though its performance have been decreased.

Access and control of information and intellectual property

Science.gov (United States)

Lang, Gerald S.

1996-03-01

This paper introduces the technology of two pioneering patents for the secure distribution of information and intellectual property. The seminal technology has been used in the control of sensitive material such as medical records and imagery in distributed networks. It lends itself to the implementation of an open architecture access control system that provides local or remote user selective access to digital information stored on any computer system or storage medium, down to the data element, pixel, and sub-pixel levels. Use of this technology is especially suited for electronic publishing, health care records, MIS, and auditing.

Forgetting: availability, accessibility, and intentional control problem

Directory of Open Access Journals (Sweden)

Veronika V. Nourkova

2016-09-01

Full Text Available The paper focuses on the phenomenon of forgetting as a primal and generally productive memory process. The cases that require a temporary and permanent forgetting of the material stored in the long-term memory are contrasted. The main methodological obstacle in forgetting research is identified as arising from the logical prohibition to argument from the negative, i.e. “the evidence of absence is not the evidence of absence”. Two mechanisms of forgetting are discussed in the paper: transformation of the memory trace and modulation of trace accessibility. The former mechanism of forgetting consists of memory trace destruction (memory trace decay, retroactive and proactive interference, and «catastrophic» interference or its transformation that leads to forming a new memory representation. We speculate that the most promising way to legitimize the trace destruction mechanism is narrowing the further research to episodic memory subsystem. The latter mechanism of forgetting consists of both passive failure in access to appropriate memory content (the tip of the tongue phenomenon, the category size effect, the fan effect and the process of active retrieval inhibition. This phenomenon represents temporary inhibition of competing semantically similar responses in semantic memory, and motivational inhibition of self-deprecating memories in autobiographical memory. Then we put into consideration a variety of experimental paradigms in intentional forgetting research. Contrary to the common claim that forgetting is а universal and homogeneous phenomenon, we propose that forgetting strategies might vary in different memory subsystems, and also depend on activity characteristics during encoding, storage and retrieval.

Hopping control channel MAC protocol for opportunistic spectrum access networks

Institute of Scientific and Technical Information of China (English)

FU Jing-tuan; JI Hong; MAO Xu

2010-01-01

Opportunistic spectrum access （OSA） is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access （CHMA） protocol,we introduce a hopping control channel medium access control （MAC） protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users＇ occupancy of the channel,we use a primary user （PU） detection model to calculate the channel availability for unlicensed users＇ access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.

Delay-aware adaptive sleep mechanism for green wireless-optical broadband access networks

Science.gov (United States)

Wang, Ruyan; Liang, Alei; Wu, Dapeng; Wu, Dalei

2017-07-01

Wireless-Optical Broadband Access Network (WOBAN) is capacity-high, reliable, flexible, and ubiquitous, as it takes full advantage of the merits from both optical communication and wireless communication technologies. Similar to other access networks, the high energy consumption poses a great challenge for building up WOBANs. To shot this problem, we can make some load-light Optical Network Units (ONUs) sleep to reduce the energy consumption. Such operation, however, causes the increased packet delay. Jointly considering the energy consumption and transmission delay, we propose a delay-aware adaptive sleep mechanism. Specifically, we develop a new analytical method to evaluate the transmission delay and queuing delay over the optical part, instead of adopting M/M/1 queuing model. Meanwhile, we also analyze the access delay and queuing delay of the wireless part. Based on such developed delay models, we mathematically derive ONU's optimal sleep time. In addition, we provide numerous simulation results to show the effectiveness of the proposed mechanism.

75 FR 4007 - Risk Management Controls for Brokers or Dealers With Market Access

Science.gov (United States)

2010-01-26

... 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access AGENCY: Securities and... or other persons, to implement risk management controls and supervisory procedures reasonably... access may not utilize any pre-trade risk management controls (i.e., ``unfiltered'' or ``naked'' access...

Authenticated IGMP for Controlling Access to Multicast Distribution Tree

Science.gov (United States)

Park, Chang-Seop; Kang, Hyun-Sun

A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

Macro-mechanics controls quantum mechanics: mechanically controllable quantum conductance switching of an electrochemically fabricated atomic-scale point contact.

Science.gov (United States)

Staiger, Torben; Wertz, Florian; Xie, Fangqing; Heinze, Marcel; Schmieder, Philipp; Lutzweiler, Christian; Schimmel, Thomas

2018-01-12

Here, we present a silver atomic-scale device fabricated and operated by a combined technique of electrochemical control (EC) and mechanically controllable break junction (MCBJ). With this EC-MCBJ technique, we can perform mechanically controllable bistable quantum conductance switching of a silver quantum point contact (QPC) in an electrochemical environment at room temperature. Furthermore, the silver QPC of the device can be controlled both mechanically and electrochemically, and the operating mode can be changed from 'electrochemical' to 'mechanical', which expands the operating mode for controlling QPCs. These experimental results offer the perspective that a silver QPC may be used as a contact for a nanoelectromechanical relay.

Nonholonomic mechanics and control

CERN Document Server

Murray, RM

2015-01-01

This book explores some of the connections between control theory and geometric mechanics; that is, control theory is linked with a geometric view of classical mechanics in both its Lagrangian and Hamiltonian formulations and in particular with the theory of mechanical systems subject to motion constraints. The synthesis of the topic is appropriate as there is a particularly rich connection between mechanics and nonlinear control theory. The book provides a unified treatment of nonlinear control theory and constrained mechanical systems and illustrates the elegant mathematics behind many simple, interesting, and useful mechanical examples. It is intended for graduate students who wish to learn this subject and researchers in the area who want to enhance their techniques. The book contains sections focusing on physical examples and elementary terms, as well as theoretical sections that use sophisticated analysis and geometry. The first four chapters offer preliminaries and background information, while the...

Role-Based Access Control in Retrospect

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Wieringa, Roelf J.

Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of

A Comparative Analysis of Wiki Discretionary Access Control in a CONOPS Environment

National Research Council Canada - National Science Library

Crawford, Frederick L

2008-01-01

This research conducts a comparative analysis of discretionary access controls of current wikis by experimenting with their discretionary access controls and functionality, comparing the wiki software...

Urban Studies: A Study of Bibliographic Access and Control.

Science.gov (United States)

Anderson, Barbara E.

This paper analyzes: (1) the bibliographic access to publications in urban studies via printed secondary sources; (2) development and scope of classification systems and of vocabulary control for urban studies; and (3) currently accessible automated collections of bibliographic citations. Urban studies is defined as "an agglomeration of…

Database design for Physical Access Control System for nuclear facilities

Energy Technology Data Exchange (ETDEWEB)

Sathishkumar, T., E-mail: satishkumart@igcar.gov.in; Rao, G. Prabhakara, E-mail: prg@igcar.gov.in; Arumugam, P., E-mail: aarmu@igcar.gov.in

2016-08-15

Highlights: • Database design needs to be optimized and highly efficient for real time operation. • It requires a many-to-many mapping between Employee table and Doors table. • This mapping typically contain thousands of records and redundant data. • Proposed novel database design reduces the redundancy and provides abstraction. • This design is incorporated with the access control system developed in-house. - Abstract: A (Radio Frequency IDentification) RFID cum Biometric based two level Access Control System (ACS) was designed and developed for providing access to vital areas of nuclear facilities. The system has got both hardware [Access controller] and software components [server application, the database and the web client software]. The database design proposed, enables grouping of the employees based on the hierarchy of the organization and the grouping of the doors based on Access Zones (AZ). This design also illustrates the mapping between the Employee Groups (EG) and AZ. By following this approach in database design, a higher level view can be presented to the system administrator abstracting the inner details of the individual entities and doors. This paper describes the novel approach carried out in designing the database of the ACS.

Database design for Physical Access Control System for nuclear facilities

International Nuclear Information System (INIS)

Sathishkumar, T.; Rao, G. Prabhakara; Arumugam, P.

2016-01-01

Highlights: • Database design needs to be optimized and highly efficient for real time operation. • It requires a many-to-many mapping between Employee table and Doors table. • This mapping typically contain thousands of records and redundant data. • Proposed novel database design reduces the redundancy and provides abstraction. • This design is incorporated with the access control system developed in-house. - Abstract: A (Radio Frequency IDentification) RFID cum Biometric based two level Access Control System (ACS) was designed and developed for providing access to vital areas of nuclear facilities. The system has got both hardware [Access controller] and software components [server application, the database and the web client software]. The database design proposed, enables grouping of the employees based on the hierarchy of the organization and the grouping of the doors based on Access Zones (AZ). This design also illustrates the mapping between the Employee Groups (EG) and AZ. By following this approach in database design, a higher level view can be presented to the system administrator abstracting the inner details of the individual entities and doors. This paper describes the novel approach carried out in designing the database of the ACS.

First Experiences Using XACML for Access Control in Distributed Systems

Science.gov (United States)

Lorch, Marcus; Proctor, Seth; Lepro, Rebekah; Kafura, Dennis; Shah, Sumit

2003-01-01

Authorization systems today are increasingly complex. They span domains of administration, rely on many different authentication sources, and manage permissions that can be as complex as the system itself. Worse still, while there are many standards that define authentication mechanisms, the standards that address authorization are less well defined and tend to work only within homogeneous systems. This paper presents XACML, a standard access control language, as one component of a distributed and inter-operable authorization framework. Several emerging systems which incorporate XACML are discussed. These discussions illustrate how authorization can be deployed in distributed, decentralized systems. Finally, some new and future topics are presented to show where this work is heading and how it will help connect the general components of an authorization system.

Optical label-controlled transparent metro-access network interface

DEFF Research Database (Denmark)

Osadchiy, Alexey Vladimirovich

This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges...... control. Highlights of my research include my proposal and experimental proof of principle of an optical coherent detection based optical access network architecture providing support for a large number of users over a single distribution fiber; a spectral amplitude encoded label detection technique...... are arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...

A slotted access control protocol for metropolitan WDM ring networks

Science.gov (United States)

Baziana, P. A.; Pountourakis, I. E.

2009-03-01

In this study we focus on the serious scalability problems that many access protocols for WDM ring networks introduce due to the use of a dedicated wavelength per access node for either transmission or reception. We propose an efficient slotted MAC protocol suitable for WDM ring metropolitan area networks. The proposed network architecture employs a separate wavelength for control information exchange prior to the data packet transmission. Each access node is equipped with a pair of tunable transceivers for data communication and a pair of fixed tuned transceivers for control information exchange. Also, each access node includes a set of fixed delay lines for synchronization reasons; to keep the data packets, while the control information is processed. An efficient access algorithm is applied to avoid both the data wavelengths and the receiver collisions. In our protocol, each access node is capable of transmitting and receiving over any of the data wavelengths, facing the scalability issues. Two different slot reuse schemes are assumed: the source and the destination stripping schemes. For both schemes, performance measures evaluation is provided via an analytic model. The analytical results are validated by a discrete event simulation model that uses Poisson traffic sources. Simulation results show that the proposed protocol manages efficient bandwidth utilization, especially under high load. Also, comparative simulation results prove that our protocol achieves significant performance improvement as compared with other WDMA protocols which restrict transmission over a dedicated data wavelength. Finally, performance measures evaluation is explored for diverse numbers of buffer size, access nodes and data wavelengths.

Tri-party agreement databases, access mechanism and procedures. Revision 2

International Nuclear Information System (INIS)

Brulotte, P.J.

1996-01-01

This document contains the information required for the Washington State Department of Ecology (Ecology) and the U.S. Environmental Protection Agency (EPA) to access databases related to the Hanford Federal Facility Agreement and Consent Order (Tri-Party Agreement). It identifies the procedure required to obtain access to the Hanford Site computer networks and the Tri-Party Agreement related databases. It addresses security requirements, access methods, database availability dates, database access procedures, and the minimum computer hardware and software configurations required to operate within the Hanford Site networks. This document supersedes any previous agreements including the Administrative Agreement to Provide Computer Access to U.S. Environmental Protection Agency (EPA) and the Administrative Agreement to Provide Computer Access to Washington State Department of Ecology (Ecology), agreements that were signed by the U.S. Department of Energy (DOE), Richland Operations Office (RL) in June 1990, Access approval to EPA and Ecology is extended by RL to include all Tri-Party Agreement relevant databases named in this document via the documented access method and date. Access to databases and systems not listed in this document will be granted as determined necessary and negotiated among Ecology, EPA, and RL through the Tri-Party Agreement Project Managers. The Tri-Party Agreement Project Managers are the primary points of contact for all activities to be carried out under the Tri-Party Agreement. Action Plan. Access to the Tri-Party Agreement related databases and systems does not provide or imply any ownership on behalf of Ecology or EPA whether public or private of either the database or the system. Access to identified systems and databases does not include access to network/system administrative control information, network maps, etc

Optimizing data access in the LAMPF control system

International Nuclear Information System (INIS)

Schaller, S.C.; Corley, J.K.; Rose, P.A.

1985-01-01

The LAMPF control system data access software offers considerable power and flexibility to application programs through symbolic device naming and an emphasis on hardware independence. This paper discusses optimizations aimed at improving the performance of the data access software while retaining these capabilities. The only aspects of the optimizations visible to the application programs are ''vector devices'' and ''aggregate devices.'' A vector device accesses a set of hardware related data items through a single device name. Aggregate devices allow run-time optimization of references to groups of unrelated devices. Optimizations not visible on the application level include careful handling of: network message traffic; the sharing of global resources; and storage allocation

Policy reconciliation for access control in dynamic cross-enterprise collaborations

Science.gov (United States)

Preuveneers, D.; Joosen, W.; Ilie-Zudor, E.

2018-03-01

In dynamic cross-enterprise collaborations, different enterprises form a - possibly temporary - business relationship. To integrate their business processes, enterprises may need to grant each other limited access to their information systems. Authentication and authorization are key to secure information handling. However, access control policies often rely on non-standardized attributes to describe the roles and permissions of their employees which convolutes cross-organizational authorization when business relationships evolve quickly. Our framework addresses the managerial overhead of continuous updates to access control policies for enterprise information systems to accommodate disparate attribute usage. By inferring attribute relationships, our framework facilitates attribute and policy reconciliation, and automatically aligns dynamic entitlements during the evaluation of authorization decisions. We validate our framework with a Industry 4.0 motivating scenario on networked production where such dynamic cross-enterprise collaborations are quintessential. The evaluation reveals the capabilities and performance of our framework, and illustrates the feasibility of liberating the security administrator from manually provisioning and aligning attributes, and verifying the consistency of access control policies for cross-enterprise collaborations.

[Public control and equity of access to hospitals under non-State public administration].

Science.gov (United States)

Carneiro Junior, Nivaldo; Elias, Paulo Eduardo

2006-10-01

To analyze social health organizations in the light of public control and the guarantee of equity of access to health services. Utilizing the case study technique, two social health organizations in the metropolitan region of São Paulo were selected. The analytical categories were equity of access and public control, and these were based on interviews with key informants and technical-administrative reports. It was observed that the overall funding and administrative control of the social health organizations are functions of the state administrator. The presence of a local administrator is important for ensuring equity of access. Public control is expressed through supervisory actions, by means of accounting and financial procedures. Equity of access and public control are not taken into consideration in the administration of these organizations. The central question lies in the capacity of the public authorities to have a presence in implementing this model at the local level, thereby ensuring equity of access and taking public control into consideration.

Access Control from an Intrusion Detection Perspective

NARCIS (Netherlands)

Nunes Leal Franqueira, V.

Access control and intrusion detection are essential components for securing an organization's information assets. In practice, these components are used in isolation, while their fusion would contribute to increase the range and accuracy of both. One approach to accomplish this fusion is the

Automated biometric access control system for two-man-rule enforcement

International Nuclear Information System (INIS)

Holmes, J.P.; Maxwell, R.L.; Henderson, R.W.

1991-01-01

This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule

An Access Control Model for the Uniframe Framework

National Research Council Canada - National Science Library

Crespi, Alexander M

2005-01-01

... security characteristics from the properties of individual components would aid in the creation of more secure systems In this thesis, a framework for characterizing the access control properties...

Identity driven Capability based Access Control (ICAC) Scheme for the Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2012-01-01

Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...... to complexity and dynamics of device identities. ICAC is implemented for 802.11 and results shows that ICAC has less scalability issues and better performance analysis compared with other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against...

Efficient medium access control protocol for geostationary satellite systems

Institute of Scientific and Technical Information of China (English)

王丽娜; 顾学迈

2004-01-01

This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.

Random access procedures and radio access network (RAN) overload control in standard and advanced long-term evolution (LTE and LTE-A) networks

DEFF Research Database (Denmark)

Kiilerich Pratas, Nuno; Thomsen, Henning; Popovski, Petar

2015-01-01

In this chapter, we describe and discuss the current LTE random access procedure and the Radio Access Network Load Control solution within LTE/LTE-A. We provide an overview of the several considered load control solutions and give a detailed description of the standardized Extended Access Class B...

Requirements and Challenges of Location-Based Access Control in Healthcare Emergency Response

DEFF Research Database (Denmark)

Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel

2009-01-01

Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC), are not suf...... to such settings. We overview the main technical issues to be addressed, and we describe the architecture for policy decision and enforcement points....

Macro-mechanics controls quantum mechanics: mechanically controllable quantum conductance switching of an electrochemically fabricated atomic-scale point contact

Science.gov (United States)

Staiger, Torben; Wertz, Florian; Xie, Fangqing; Heinze, Marcel; Schmieder, Philipp; Lutzweiler, Christian; Schimmel, Thomas

2018-01-01

Here, we present a silver atomic-scale device fabricated and operated by a combined technique of electrochemical control (EC) and mechanically controllable break junction (MCBJ). With this EC-MCBJ technique, we can perform mechanically controllable bistable quantum conductance switching of a silver quantum point contact (QPC) in an electrochemical environment at room temperature. Furthermore, the silver QPC of the device can be controlled both mechanically and electrochemically, and the operating mode can be changed from ‘electrochemical’ to ‘mechanical’, which expands the operating mode for controlling QPCs. These experimental results offer the perspective that a silver QPC may be used as a contact for a nanoelectromechanical relay.

Control-rod driving mechanism

International Nuclear Information System (INIS)

Jodoi, Takashi.

1976-01-01

Purpose: To prevent falling of control rods due to malfunction. Constitution: The device of the present invention has a scram function in particular, and uses principally a fluid pressure as a scram accelerating means. The control rod is held by upper and lower holding devices, which are connected by a connecting mechanism. This connecting mechanism is designed to be detachable only at the lower limit of driving stroke of the control rod so that there occurs no erroneous scram resulting from careless disconnection of the connecting mechanism. Further, scramming operation due to own weight of the scram operating portion such as control rod driving shaft may be effected to increase freedom. (Kamimura, M.)

A Trusted Host's Authentication Access and Control Model Faced on User Action

Institute of Scientific and Technical Information of China (English)

ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian

2006-01-01

The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.

Controlling Access to Input/Output Peripheral Devices

Directory of Open Access Journals (Sweden)

E. Y. Rodionov

2010-03-01

Full Text Available In this paper the author proposes a system that manages information security policy on enterprise. Problems related to managing information security policy on enterprise and access to peripheral devices in computer systems functioning under control of Microsoft Windows NT operating systems are considered.

An Internet of Things Based Multi-Level Privacy-Preserving Access Control for Smart Living

Directory of Open Access Journals (Sweden)

Usama Salama

2018-05-01

Full Text Available The presence of the Internet of Things (IoT in healthcare through the use of mobile medical applications and wearable devices allows patients to capture their healthcare data and enables healthcare professionals to be up-to-date with a patient’s status. Ambient Assisted Living (AAL, which is considered as one of the major applications of IoT, is a home environment augmented with embedded ambient sensors to help improve an individual’s quality of life. This domain faces major challenges in providing safety and security when accessing sensitive health data. This paper presents an access control framework for AAL which considers multi-level access and privacy preservation. We focus on two major points: (1 how to use the data collected from ambient sensors and biometric sensors to perform the high-level task of activity recognition; and (2 how to secure the collected private healthcare data via effective access control. We achieve multi-level access control by extending Public Key Infrastructure (PKI for secure authentication and utilizing Attribute-Based Access Control (ABAC for authorization. The proposed access control system regulates access to healthcare data by defining policy attributes over healthcare professional groups and data classes classifications. We provide guidelines to classify the data classes and healthcare professional groups and describe security policies to control access to the data classes.

Need an Information Security in Access Control System?

Directory of Open Access Journals (Sweden)

V. R. Petrov

2011-12-01

Full Text Available The purpose of this paper is the general problems of information security in access control system. The field of using is the in project of reconstruction Physical protection system.

Controlling user access to electronic resources without password

Science.gov (United States)

Smith, Fred Hewitt

2015-06-16

Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

Science.gov (United States)

Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

2014-02-01

Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies "bridges" that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources-the ability to read and write contacts list, local files, etc.-to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign-origin Web content

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks

Science.gov (United States)

Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

2014-01-01

Hybrid mobile applications (apps) combine the features of Web applications and “native” mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies “bridges” that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources—the ability to read and write contacts list, local files, etc.—to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign

The new biometric access control system resembles a big electronic eye. It will be used to control access to the LHC from 2007 onwards.

CERN Multimedia

Maximilien Brice

2006-01-01

The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.

Basic mechanisms in the laser control of non-Markovian dynamics

Science.gov (United States)

Puthumpally-Joseph, R.; Mangaud, E.; Chevet, V.; Desouter-Lecomte, M.; Sugny, D.; Atabek, O.

2018-03-01

Referring to a Fano-type model qualitative analogy we develop a comprehensive basic mechanism for the laser control of the non-Markovian bath response and fully implement it in a realistic control scheme, in strongly coupled open quantum systems. Converged hierarchical equations of motion are worked out to numerically solve the master equation of a spin-boson Hamiltonian to reach the reduced electronic density matrix of a heterojunction in the presence of strong terahertz laser pulses. Robust and efficient control is achieved increasing by a factor of 2 the non-Markovianity measured by the time evolution of the volume of accessible states. The consequences of such fields on the central system populations and coherence are examined, putting the emphasis on the relation between the increase of non-Markovianity and the slowing down of decoherence processes.

Predictive access control for distributed computation

DEFF Research Database (Denmark)

Yang, Fan; Hankin, Chris; Nielson, Flemming

2013-01-01

We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future beh...... behavior of a program. A novel feature of our approach is that we can define policies concerning secondary use of data....

Controlling user access to electronic resources without password

Science.gov (United States)

Smith, Fred Hewitt

2017-08-22

Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes obtaining an image from a communication device of a user. An individual and a landmark are identified within the image. Determinations are made that the individual is the user and that the landmark is a predetermined landmark. Access to a restricted computing resource is granted based on the determining that the individual is the user and that the landmark is the predetermined landmark. Other embodiments are disclosed.

Collaborative Access Control For Critical Infrastructures

Science.gov (United States)

Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

Accessibility to tuberculosis control services and tuberculosis programme performance in southern Ethiopia

Directory of Open Access Journals (Sweden)

Mesay Hailu Dangisso

2015-11-01

Full Text Available Background: Despite the expansion of health services and community-based interventions in Ethiopia, limited evidence exists about the distribution of and access to health facilities and their relationship with the performance of tuberculosis (TB control programmes. We aim to assess the geographical distribution of and physical accessibility to TB control services and their relationship with TB case notification rates (CNRs and treatment outcome in the Sidama Zone, southern Ethiopia. Design: We carried out an ecological study to assess physical accessibility to TB control facilities and the association of physical accessibility with TB CNRs and treatment outcome. We collected smear-positive pulmonary TB (PTB cases treated during 2003–2012 from unit TB registers and TB service data such as availability of basic supplies for TB control and geographic locations of health services. We used ArcGIS 10.2 to measure the distance from each enumeration location to the nearest TB control facilities. A linear regression analysis was employed to assess factors associated with TB CNRs and treatment outcome. Results: Over a decade the health service coverage (the health facility–to-population ratio increased by 36% and the accessibility to TB control facilities also improved. Thus, the mean distance from TB control services was 7.6 km in 2003 (ranging from 1.8 to 25.5 km between kebeles (the smallest administrative units and had decreased to 3.2 km in 2012 (ranging from 1.5 to 12.4 km. In multivariate linear regression, as distance from TB diagnostic facilities (b-estimate=−0.25, p<0.001 and altitude (b-estimate=−0.31, p<0.001 increased, the CNRs of TB decreased, whereas a higher population density was associated with increased TB CNRs. Similarly, distance to TB control facilities (b-estimate=−0.27, p<0.001 and altitude (b-estimate=−0.30, p<0.001 were inversely associated with treatment success (proportion of treatment completed or cured cases

Key Based Mutual Authentication (KBMA Mechanism for Secured Access in MobiCloud Environment

Directory of Open Access Journals (Sweden)

Donald A. Cecil

2016-01-01

Full Text Available Mobile Cloud Computing (MCC fuels innovation in Mobile Computing and opens new pathways between mobile devices and infrastructures. There are several issues in MCC environment as it integrates various technologies. Among all issues, security lies on the top where many users are not willing to adopt the cloud services. This paper focuses on the authentication. The objective of this paper is to provide a mechanism for authenticating all the entities involved in accessing the cloud services. A mechanism called Key Based Mutual Authentication (KBMA is proposed which is divided into two processes namely registration and authentication. Registration is a one-time process where the users are registered for accessing the cloud services by giving the desired unique information. Authentication process is carried out mutually to verify the identities of Device and Cloud Service Provider (CSP. Scyther tool is used for analysing the vulnerability in terms of attacks. The result claims show that the proposed mechanism is resilient against various attacks.

Problems and Concerns Regarding Access Control System Construction in Radiation Facilities Based on the NIFS Experience

International Nuclear Information System (INIS)

Kawano, T.; Inoue, N.; Sakuma, Y.; Motojima, O.

2001-01-01

Full text: In 1998, access control system for the large helical device (LHD) experimental hall was constructed and put into operation at the National Institute for Fusion Science (NIFS) in Toki, Japan. Since then, the system has been continuously improved. It now controls access into the LHD controlled area through four entrances. The system has five turnstile gates and enables control of access at the four entrances. The system is always checking whether the shielding doors are open or closed at eight positions. The details pertaining to the construction of the system were reported at IRPA-10 held in Hiroshima, Japan, in 2000. Based on our construction experience of the NIFS access control system, we will discuss problems related to software and operational design of the system. We will also discuss some concerns regarding the use of the system in radiation facilities. The problems we will present concern, among other thing, individual registration, time control, turnstile control, interlock signal control, data aggregation and transactions, automatic and manual control, and emergency procedures. For example, in relation to the time control and turnstile control functions, we will discuss the gate-opening time interval for an access event, the timing of access data recording, date changing, turn bar control, double access, and access error handling. (author)

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks

Directory of Open Access Journals (Sweden)

Ki-Wook Kim

2017-09-01

Full Text Available Many Internet of Things (IoT services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism.

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks.

Science.gov (United States)

Kim, Ki-Wook; Han, Youn-Hee; Min, Sung-Gi

2017-09-21

Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism.

Evaluation of secure capability-based access control in the M2M local cloud platform

DEFF Research Database (Denmark)

Anggorojati, Bayu; Prasad, Neeli R.; Prasad, Ramjee

2016-01-01

delegation. Recently, the capability based access control has been considered as method to manage access in the Internet of Things (IoT) or M2M domain. In this paper, the implementation and evaluation of a proposed secure capability based access control in the M2M local cloud platform is presented......Managing access to and protecting resources is one of the important aspect in managing security, especially in a distributed computing system such as Machine-to-Machine (M2M). One such platform known as the M2M local cloud platform, referring to BETaaS architecture [1], which conceptually consists...... of multiple distributed M2M gateways, creating new challenges in the access control. Some existing access control systems lack in scalability and flexibility to manage access from users or entity that belong to different authorization domains, or fails to provide fine grained and flexible access right...

CSchema: A Downgrading Policy Language for XML Access Control

Institute of Scientific and Technical Information of China (English)

Dong-Xi Liu

2007-01-01

The problem of regulating access to XML documents has attracted much attention from both academic and industry communities.In existing approaches, the XML elements specified by access policies are either accessible or inac-cessible according to their sensitivity.However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible.This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them.The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations.CSchema language has a type system to guarantee the type correctness of the embedded calcula-tion expressions and moreover this type system also generates a security view after type checking a CSchema policy.Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies.These released documents are then ready tobe accessed by, for instance, XML query engines.By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.

Designing a Secure E-commerce with Credential Purpose-based Access Control

OpenAIRE

Norjihan Abdul Ghani; Harihodin Selamat; Zailani Mohamed Sidek

2014-01-01

The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only tho...

36 CFR 1256.70 - What controls access to national security-classified information?

Science.gov (United States)

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Consistency maintenance for constraint in role-based access control model

Institute of Scientific and Technical Information of China (English)

韩伟力; 陈刚; 尹建伟; 董金祥

2002-01-01

Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule-based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-oriented product data management (PDM) system.

Consistency maintenance for constraint in role-based access control model

Institute of Scientific and Technical Information of China (English)

韩伟力; 陈刚; 尹建伟; 董金祥

2002-01-01

Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.

Regulatory Accessibility and Social Influences on State Self-Control

OpenAIRE

vanDellen, Michelle R.; Hoyle, Rick H.

2009-01-01

The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...

An Efficient Role and Object Based Access Control Model Implemented in a PDM System

Institute of Scientific and Technical Information of China (English)

HUANG Xiaowen; TAN Jian; HUANG Xiangguo

2006-01-01

An effective and reliable access control is crucial to a PDM system. This article has discussed the commonly used access control models, analyzed their advantages and disadvantages, and proposed a new Role and Object based access control model that suits the particular needs of a PDM system. The new model has been implemented in a commercial PDM system, which has demonstrated enhanced flexibility and convenience.

A Fine-Grained Data Access Control System in Wireless Sensor Network

Directory of Open Access Journals (Sweden)

Boniface K. Alese

2015-12-01

Full Text Available The evolving realities of Wireless Sensor Network (WSN deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.

A Distributed Architecture for Sharing Ecological Data Sets with Access and Usage Control Guarantees

DEFF Research Database (Denmark)

Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres

2014-01-01

new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....

Physical Access Control Database -

Data.gov (United States)

Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...

A novel decentralized hierarchical access control scheme for the medical scenario

DEFF Research Database (Denmark)

Eskeland, Sigurd; Prasad, Neeli R.

2006-01-01

to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover......Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered......, the hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....

A novel decentralized hierarchical access control scheme for the medical scenario

DEFF Research Database (Denmark)

Eskeland, Sigurd; Prasad, Neeli R.

2006-01-01

Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered...... to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover......, the hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....

Database application research in real-time data access of accelerator control system

International Nuclear Information System (INIS)

Chen Guanghua; Chen Jianfeng; Wan Tianmin

2012-01-01

The control system of Shanghai Synchrotron Radiation Facility (SSRF) is a large-scale distributed real-time control system, It involves many types and large amounts of real-time data access during the operating. Database system has wide application prospects in the large-scale accelerator control system. It is the future development direction of the accelerator control system, to replace the differently dedicated data structures with the mature standardized database system. This article discusses the application feasibility of database system in accelerators based on the database interface technology, real-time data access testing, and system optimization research and to establish the foundation of the wide scale application of database system in the SSRF accelerator control system. Based on the database interface technology, real-time data access testing and system optimization research, this article will introduce the application feasibility of database system in accelerators, and lay the foundation of database system application in the SSRF accelerator control system. (authors)

Sun-mediated mechanical LINC between nucleus and cytoskeleton regulates βcatenin nuclear access.

Science.gov (United States)

Uzer, Gunes; Bas, Guniz; Sen, Buer; Xie, Zhihui; Birks, Scott; Olcum, Melis; McGrath, Cody; Styner, Maya; Rubin, Janet

2018-06-06

βcatenin acts as a primary intracellular signal transducer for mechanical and Wnt signaling pathways to control cell function and fate. Regulation of βcatenin in the cytoplasm has been well studied but βcatenin nuclear trafficking and function remains unclear. In a previous study we showed that, in mesenchymal stem cells (MSC), mechanical blockade of adipogenesis relied on inhibition of βcatenin destruction complex element GSK3β (glycogen synthase kinase 3β) to increase nuclear βcatenin as well as the function of Linker of Cytoskeleton and Nucleoskeleton (LINC) complexes, suggesting that these two mechanisms may be linked. Here we show that shortly after inactivation of GSK3β due to either low intensity vibration (LIV), substrate strain or pharmacologic inhibition, βcatenin associates with the nucleoskeleton, defined as the insoluble nuclear fraction that provides structure to the integrated nuclear envelope, nuclear lamina and chromatin. Co-depleting LINC elements Sun-1 and Sun-2 interfered with both nucleoskeletal association and nuclear entry of βcatenin, resulting in decreased nuclear βcatenin levels. Our findings reveal that the insoluble structural nucleoskeleton actively participates in βcatenin dynamics. As the cytoskeleton transmits applied mechanical force to the nuclear surface to influence the nucleoskeleton and its LINC mediated interaction, our results suggest a pathway by which LINC mediated connectivity may play a role in signaling pathways that depend on nuclear access of βcatenin. Copyright © 2018 Elsevier Ltd. All rights reserved.

Access control system for two person rule at Rokkasho Reprocessing Plant

International Nuclear Information System (INIS)

Yanagisawa, Sawako; Ino, Munekazu; Yamada, Noriyuki; Oota, Hiroto; Iwasaki, Mitsuaki; Kodani, Yoshiki; Iwamoto, Tomonori

2014-01-01

Following the amendment and enforcement of Regulation of Reprocessing Activity on March 29th 2012, two person rule has become compulsory for the specific rooms to counter and prevent the sabotage or theft of nuclear materials by the insiders at reprocessing plant in Japan. The rooms will include those which contains cooling systems for decay heat removal from spent fuels and so on, scavenging systems to prevent the hydrogen accumulation, and those which contains nuclear material. To ensure the two person rule at Rokkasho Reprocessing Plant, JNFL has recently, after comprehensive study, introduced efficient and effective access control system for the rooms mentioned above. The system is composed of bio-attestation devices, surveillance cameras and electronic locks to establish access control system. This report outlines the access control system for two person rule and introduces the operation. (author)

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2013-01-01

In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...

Distributed medium access control in wireless networks

CERN Document Server

Wang, Ping

2013-01-01

This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi

Identity Establishment and Capability Based Access Control (IECAC) Scheme for Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2012-01-01

Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...

The design and implementation of access control management system in IHEP network

International Nuclear Information System (INIS)

Wang Yanming; An Dehai; Qi Fazhi

2010-01-01

In campus network environment of Institute of High Energy Physics, because of the number of Network devices and computers are large scale, ensuring the access validity of network devices and user's computer, and aiming at effective control the exceptional network communication are technological means to achieve network normal running. The access control system of Campus network of institute of High Energy Physics using MySQL database in the behind, and using CGI PHP HTML language to develop the front interface. The System achieves user information management, user computer access control, cutting down the exceptional network communication and alarm function. Increasing the management effective of network, to ensure campus network safety and reliable running. (authors)

An Optimal Medium Access Control with Partial Observations for Sensor Networks

Directory of Open Access Journals (Sweden)

Servetto Sergio D

2005-01-01

Full Text Available We consider medium access control (MAC in multihop sensor networks, where only partial information about the shared medium is available to the transmitter. We model our setting as a queuing problem in which the service rate of a queue is a function of a partially observed Markov chain representing the available bandwidth, and in which the arrivals are controlled based on the partial observations so as to keep the system in a desirable mildly unstable regime. The optimal controller for this problem satisfies a separation property: we first compute a probability measure on the state space of the chain, namely the information state, then use this measure as the new state on which the control decisions are based. We give a formal description of the system considered and of its dynamics, we formalize and solve an optimal control problem, and we show numerical simulations to illustrate with concrete examples properties of the optimal control law. We show how the ergodic behavior of our queuing model is characterized by an invariant measure over all possible information states, and we construct that measure. Our results can be specifically applied for designing efficient and stable algorithms for medium access control in multiple-accessed systems, in particular for sensor networks.

Design Strategies for Efficient Access to Mobile Device Users via Amazon Mechanical Turk

OpenAIRE

Jacques, Jason; Kristensson, Per Ola

2017-01-01

It is often challenging to access a pool of mobile device users and instruct them to perform an interactive task. Yet such data is often vital to provide design insight at various stages of the design process of a mobile application, service or system. We propose accessing a pool of mobile device users via the microtask market Amazon Mechanical Turk (MTurk). While mobile device users are still a minority on MTurk, they provide unique opportunities for requesters. Not only does catering to mob...

Dynamic Cognitive Self-Organized TDMA for Medium Access Control in Real-Time Vehicle to Vehicle Communications

Directory of Open Access Journals (Sweden)

Mario Manzano

2013-01-01

Full Text Available The emergence of intelligent transport systems has brought out a new set of requirements on wireless communication. To cope with these requirements, several proposals are currently under discussion. In this highly mobile environment, the design of a prompt, efficient, flexible, and reliable medium access control, able to cover the specific constraints of the named real-time communications applications, is still unsolved. This paper presents the original proposal integrating Non-Cooperative Cognitive Time Division Multiple Access (NCC-TDMA based on Cognitive Radio (CR techniques to obtain a mechanism which complies with the requirements of real-time communications. Though the proposed MAC uses a slotted channel, it can be adapted to operate on the physical layer of different standards. The authors’ analysis considers the IEEE WAVE and 802.11p as the standards of reference. The mechanism also offers other advantages, such as avoiding signalling and the adaptation capacity to channel conditions and interferences. The solution is applied to the problem of units merging a convoy. Comparison results between NCC-TDMA and Slotted-Aloha are included.

Design and Implementation of Linux Access Control Model

Institute of Scientific and Technical Information of China (English)

Wei Xiaomeng; Wu Yongbin; Zhuo Jingchuan; Wang Jianyun; Haliqian Mayibula

2017-01-01

In this paper,the design and implementation of an access control model for Linux system are discussed in detail. The design is based on the RBAC model and combines with the inherent characteristics of the Linux system,and the support for the process and role transition is added.The core idea of the model is that the file is divided into different categories,and access authority of every category is distributed to several roles.Then,roles are assigned to users of the system,and the role of the user can be transited from one to another by running the executable file.

Automated personal identification: a new technique for controlling access to nuclear materials and facilities

International Nuclear Information System (INIS)

Eccles, D.R.

1975-01-01

Special nuclear materials must be protected against the threat of diversion or theft, and nuclear facilities against the threat of industrial sabotage. Implicit in this protection is the means of controlling access to protected areas, material access areas, and vital areas. With the advent of automated personal identification technology, the processes of access control can be automated to yield both higher security and reduced costs. This paper first surveys the conventional methods of access control; next, automated personal identification concepts are presented and various systems approaches are highlighted; finally, Calspan's FINGERSCAN /sub TM/ system for identity verification is described

ACCESS: Detector Control and Performance

Science.gov (United States)

Morris, Matthew J.; Kaiser, M.; McCandliss, S. R.; Rauscher, B. J.; Kimble, R. A.; Kruk, J. W.; Wright, E. L.; Bohlin, R.; Kurucz, R. L.; Riess, A. G.; Pelton, R.; Deustua, S. E.; Dixon, W. V.; Sahnow, D. J.; Mott, D. B.; Wen, Y.; Benford, D. J.; Gardner, J. P.; Feldman, P. D.; Moos, H. W.; Lampton, M.; Perlmutter, S.; Woodgate, B. E.

2014-01-01

ACCESS, Absolute Color Calibration Experiment for Standard Stars, is a series of rocket-borne sub-orbital missions and ground-based experiments that will enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass (companion poster, Kaiser et al.). The flight detector and detector spare have been selected and integrated with their electronics and flight mount. The controller electronics have been flight qualified. Vibration testing to launch loads and thermal vacuum testing of the detector, mount, and housing have been successfully performed. Further improvements to the flight controller housing have been made. A cryogenic ground test system has been built. Dark current and read noise tests have been performed, yielding results consistent with the initial characterization tests of the detector performed by Goddard Space Flight Center’s Detector Characterization Lab (DCL). Detector control software has been developed and implemented for ground testing. Performance and integration of the detector and controller with the flight software will be presented. NASA APRA sounding rocket grant NNX08AI65G supports this work.

Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

Science.gov (United States)

Kim, Seungjoo

2014-01-01

There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information. PMID:25374943

Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

Directory of Open Access Journals (Sweden)

Seungsoo Baek

2014-01-01

Full Text Available There has been an explosive increase in the population of the OSN (online social network in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information.

Control of a mechanical gripper with a fuzzy controller

International Nuclear Information System (INIS)

Alberdi, J.; Barcala, J.M.; Gamero, E.; Navarrete, J.J.

1995-01-01

A fuzzy logic system is used to control a mechanical gripper. System is based in a NLX230 fuzzy micro controller. Control rules are programmed by a 68020 microprocessor in the micro controller memory. Stress and its derived are used as feedback signals in the control. This system can adapt its effort to the mechanical resistance of the object between the fingers. (Author)

Control rod driving mechanism

International Nuclear Information System (INIS)

Ooshima, Yoshio.

1983-01-01

Purpose: To perform reliable scram operation, even if abnormality should occur in a system instructing scram operation in FBR type reactors. Constitution: An aluminum alloy member to be melt at a predetermined temperature (about 600sup(o)C) is disposed to a connection part between a control rod and a driving mechanism, whereby the control rod is detached from the driving mechanism and gravitationally fallen to the reactor core. (Ikeda, J.)

Automated Biometric Voice-Based Access Control in Automatic Teller Machine (ATM)

OpenAIRE

Yekini N.A.; Itegboje A.O.; Oyeyinka I.K.; Akinwole A.K.

2012-01-01

An automatic teller machine requires a user to pass an identity test before any transaction can be granted. The current method available for access control in ATM is based on smartcard. Efforts were made to conduct an interview with structured questions among the ATM users and the result proofed that a lot of problems was associated with ATM smartcard for access control. Among the problems are; it is very difficult to prevent another person from attaining and using a legitimate persons card, ...

Analysis and modeling of resistive switching mechanisms oriented to resistive random-access memory

International Nuclear Information System (INIS)

Huang Da; Wu Jun-Jie; Tang Yu-Hua

2013-01-01

With the progress of the semiconductor industry, the resistive random-access memory (RAM) has drawn increasing attention. The discovery of the memristor has brought much attention to this study. Research has focused on the resistive switching characteristics of different materials and the analysis of resistive switching mechanisms. We discuss the resistive switching mechanisms of different materials in this paper and analyze the differences of those mechanisms from the view point of circuitry to establish their respective circuit models. Finally, simulations are presented. We give the prospect of using different materials in resistive RAM on account of their resistive switching mechanisms, which are applied to explain their resistive switchings

Control mechanisms for ecological-economic systems

CERN Document Server

Burkov, Vladimir N; Shchepkin, Alexander V

2015-01-01

This monograph presents and analyzes the optimization, game-theoretic and simulation models of control mechanisms for ecological-economic systems. It is devoted to integrated assessment mechanisms for total risks and losses, penalty mechanisms, risk payment mechanisms, financing and costs compensation mechanisms for risk level reduction, sales mechanisms for risk level quotas, audit mechanisms, mechanisms for expected losses reduction, economic motivation mechanisms, optimization mechanisms for regional environmental (risk level reduction) programs, and mechanisms for authorities' interests coordination. The book is aiming at undergraduate and postgraduate students, as well as at experts in mathematical modeling and control of ecological economic, socioeconomic and organizational systems.

Access control issues and solutions for large sites

International Nuclear Information System (INIS)

Warren, F.E.

1992-07-01

The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them

Cognitive radio networks medium access control for coexistence of wireless systems

CERN Document Server

Bian, Kaigui; Gao, Bo

2014-01-01

This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing.  From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources.  Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems.   • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...

The OPL Access Control Policy Language

Science.gov (United States)

Alm, Christopher; Wolf, Ruben; Posegga, Joachim

Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use complicated and complex language constructs to express such concepts. The latter, however, is cumbersome and error-prone for humans dealing with policy administration.

A novel technique to extract events from access control system and locate persons

International Nuclear Information System (INIS)

Vincent, M.; Vaidyanathan, Mythili; Patidar, Suresh Chandra; Prabhakara Rao, G.

2011-01-01

Indira Gandhi Centre for Atomic Research houses many laboratories which handle radioactive materials and classified materials. Protection and accounting of men and material and critical facilities are important aspect of nuclear security. Access Control System (ACS) is used to enhance the protective measures against elevated threat environment. Access control system hardware consists of hand geometry readers, RFID readers, Controllers, Electromagnetic door locks, Turnstiles, fiber cable laying and termination etc. Access Control System controls and monitors the people accessing the secured facilities. Access Control System generates events on: 1. Showing of RFID card, 2. Rotation of turnstile, 3. Download of valid card numbers, 4. Generation of alarms etc. Access control system turnstiles are located in main entrance of a facility, entrance of inside laboratory and door locks are fixed on secured facilities. Events are stored in SQL server database. From the events stored in database a novel technique is developed to extract events and list the persons in a particular facility, list all entry/exit events on one day, list the first in and last out entries. This paper discusses the complex multi level group by queries and software developed to extract events from database, locate persons and generate reports. Software is developed as a web application in ASP.Net and query is written in SQL. User can select the doors, type of events and generate reports. Reports are generated using the master data stored about employees RFID cards and events data stored in tables. Four types of reports are generated 1. Plant Emergency Report, 2. Locate User Report, 3. Entry - Exit Report, 4. First in Last out Report. To generate plant emergency report for whole plant only events generated in outer gates have to be considered. To generate plant emergency report for inside laboratory, events generated in entrance gates have to be ignored. (author)

RESEARCH Improving access and quality of care in a TB control ...

African Journals Online (AJOL)

or treatment. Improving access and quality of care in a. TB control programme. Vera Scott, Virginia Azevedo, Judy Caldwell. Objectives. To use a quality improvement approach to improve access to and quality of tuberculosis (TB) diagnosis and care in. Cape Town. Methods. Five HIV/AIDS/sexually transmitted infections/TB.

Capabilities and Limitations of Tissue Size Control through Passive Mechanical Forces.

Directory of Open Access Journals (Sweden)

Jochen Kursawe

2015-12-01

Full Text Available Embryogenesis is an extraordinarily robust process, exhibiting the ability to control tissue size and repair patterning defects in the face of environmental and genetic perturbations. The size and shape of a developing tissue is a function of the number and size of its constituent cells as well as their geometric packing. How these cellular properties are coordinated at the tissue level to ensure developmental robustness remains a mystery; understanding this process requires studying multiple concurrent processes that make up morphogenesis, including the spatial patterning of cell fates and apoptosis, as well as cell intercalations. In this work, we develop a computational model that aims to understand aspects of the robust pattern repair mechanisms of the Drosophila embryonic epidermal tissues. Size control in this system has previously been shown to rely on the regulation of apoptosis rather than proliferation; however, to date little work has been done to understand the role of cellular mechanics in this process. We employ a vertex model of an embryonic segment to test hypotheses about the emergence of this size control. Comparing the model to previously published data across wild type and genetic perturbations, we show that passive mechanical forces suffice to explain the observed size control in the posterior (P compartment of a segment. However, observed asymmetries in cell death frequencies across the segment are demonstrated to require patterning of cellular properties in the model. Finally, we show that distinct forms of mechanical regulation in the model may be distinguished by differences in cell shapes in the P compartment, as quantified through experimentally accessible summary statistics, as well as by the tissue recoil after laser ablation experiments.

Access Control in IoT/M2M - Cloud Platform

DEFF Research Database (Denmark)

Anggorojati, Bayu

Billions of devices are connected to the Internet nowadays, and the number will continue to grow in the future thanks to the advances in the electronics and telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity...... and quality of life. This paradigm, which is often called Internet of Things (IoT) or Machine-to-Machine (M2M), will provide an unprecedented opportunity to create applications and services that go far beyond the mere purpose of each participant. Many studies on the both technical and social aspects of Io......T have shown that the concern about the security and privacy play a huge role for the mass adoption of the IoT/M2M as cloud services. Among the important topics within the security and privacy, the access control is an important mechanism, which essentially manages how the important assets or resource...

Spatiotemporal Access Model Based on Reputation for the Sensing Layer of the IoT

Directory of Open Access Journals (Sweden)

Yunchuan Guo

2014-01-01

Full Text Available Access control is a key technology in providing security in the Internet of Things (IoT. The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC. STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM and the election-based update mechanism (EUM. We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model.

Spatiotemporal access model based on reputation for the sensing layer of the IoT.

Science.gov (United States)

Guo, Yunchuan; Yin, Lihua; Li, Chao; Qian, Junyan

2014-01-01

Access control is a key technology in providing security in the Internet of Things (IoT). The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC). STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM) and the election-based update mechanism (EUM). We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model.

Optimizing data access for wind farm control over hierarchical communication networks

DEFF Research Database (Denmark)

Madsen, Jacob Theilgaard; Findrik, Mislav; Madsen, Tatiana Kozlova

2016-01-01

delays and also by the choice of the time instances at which sensor information is accessed. In order to optimize the latter, we introduce an information quality metric and a mathematical model based on Markov chains, which are compared performance-wise to a heuristic approach for finding this parameter......In this paper we investigate a centralized wind farm controller which runs periodically. The controller attempts to reduce the damage a wind turbine sustains during operation by estimating fatigue based on the wind turbine state. The investigation focuses on the impact of information access...

A mobile console for local access to accelerator control systems.

CERN Multimedia

1981-01-01

Microprocessors were installed as auxiliary crate controllers (ACCs) in the CAMAC interface of control systems for various accelerators. The same ACC was also at the hearth of a stand-alone system in the form of a mobile console. This was also used for local access to the control systems for tests and development work (Annual Report 1981, p. 80, Fig. 10).

Integrity Based Access Control Model for Multilevel XML Document

Institute of Scientific and Technical Information of China (English)

HONG Fan; FENG Xue-bin; HUANO Zhi; ZHENG Ming-hui

2008-01-01

XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents and discussion of the integrity properties of multilevel XML document. Then, the algorithms for decomposition/recovery multilevel XML document into/from single level document are given, and the manipulation rules for typical operations of XQuery and XUpdate: QUERY, INSERT,UPDATE, and REMOVE, are elaborated. The multilevel XML document access model can meet the requirement of sensitive information processing application.

Health Information System Role-Based Access Control Current Security Trends and Challenges.

Science.gov (United States)

de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

2018-01-01

This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

Access Control with RFID in the Internet of Things

DEFF Research Database (Denmark)

Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg

2013-01-01

, to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....

Improving the Authentication Scheme and Access Control Protocol for VANETs

Directory of Open Access Journals (Sweden)

Wei-Chen Wu

2014-11-01

Full Text Available Privacy and security are very important in vehicular ad hoc networks (VANETs. VANETs are negatively affected by any malicious user’s behaviors, such as bogus information and replay attacks on the disseminated messages. Among various security threats, privacy preservation is one of the new challenges of protecting users’ private information. Existing authentication protocols to secure VANETs raise challenges, such as certificate distribution and reduction of the strong reliance on tamper-proof devices. In 2011, Yeh et al. proposed a PAACP: a portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks. However, PAACP in the authorization phase is breakable and cannot maintain privacy in VANETs. In this paper, we present a cryptanalysis of an attachable blind signature and demonstrate that the PAACP’s authorized credential (AC is not secure and private, even if the AC is secretly stored in a tamper-proof device. An eavesdropper can construct an AC from an intercepted blind document. Any eavesdropper can determine who has which access privileges to access which service. For this reason, this paper copes with these challenges and proposes an efficient scheme. We conclude that an improving authentication scheme and access control protocol for VANETs not only resolves the problems that have appeared, but also is more secure and efficient.

RFID-Based Monitoring And Access Control System For Parliamentary Campus

Directory of Open Access Journals (Sweden)

Sai Thu Rein Htun

2015-08-01

Full Text Available This paper is to implement monitoring and access control system based on RFID and Zigbee technology which can be used at Parliamentary Campus. Nowadays RFID technology is widely used for access control system because it is cheap waterproof and easy to use as well as it contains unique EPC electronic protect code .In addition Zigbee wireless module is cost-effective and can be reliable for security. Sothis system consists of RFID tag RFID reader Arduino Uno and Zigbee. This system can also be used for industrial amp commercial and security HVAC closures. This paper describes the results of point-to-point connection and point-to-multipoint connection using Zigbee and RFID technology.

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks

OpenAIRE

Kim, Ki-Wook; Han, Youn-Hee; Min, Sung-Gi

2017-01-01

Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X aut...

Dynamic Resource Allocation in Hybrid Access Femtocell Network

Directory of Open Access Journals (Sweden)

Afaz Uddin Ahmed

2014-01-01

Full Text Available Intercell interference is one of the most challenging issues in femtocell deployment under the coverage of existing macrocell. Allocation of resources between femtocell and macrocell is essential to counter the effects of interference in dense femtocell networks. Advances in resource management strategies have improved the control mechanism for interference reduction at lower node density, but most of them are ineffective at higher node density. In this paper, a dynamic resource allocation management algorithm (DRAMA for spectrum shared hybrid access OFDMA femtocell network is proposed. To reduce the macro-femto-tier interference and to improve the quality of service, the proposed algorithm features a dynamic resource allocation scheme by controlling them both centrally and locally. The proposed scheme focuses on Femtocell Access Point (FAP owners’ satisfaction and allows maximum utilization of available resources based on congestion in the network. A simulation environment is developed to study the quantitative performance of DRAMA in hybrid access-control femtocell network and compare it to closed and open access mechanisms. The performance analysis shows that higher number of random users gets connected to the FAP without compromising FAP owners’ satisfaction allowing the macrocell to offload a large number of users in a dense heterogeneous network.

Temporal neural mechanisms underlying conscious access to different levels of facial stimulus contents.

Science.gov (United States)

Hsu, Shen-Mou; Yang, Yu-Fang

2018-04-01

An important issue facing the empirical study of consciousness concerns how the contents of incoming stimuli gain access to conscious processing. According to classic theories, facial stimuli are processed in a hierarchical manner. However, it remains unclear how the brain determines which level of stimulus content is consciously accessible when facing an incoming facial stimulus. Accordingly, with a magnetoencephalography technique, this study aims to investigate the temporal dynamics of the neural mechanism mediating which level of stimulus content is consciously accessible. Participants were instructed to view masked target faces at threshold so that, according to behavioral responses, their perceptual awareness alternated from consciously accessing facial identity in some trials to being able to consciously access facial configuration features but not facial identity in other trials. Conscious access at these two levels of facial contents were associated with a series of differential neural events. Before target presentation, different patterns of phase angle adjustment were observed between the two types of conscious access. This effect was followed by stronger phase clustering for awareness of facial identity immediately during stimulus presentation. After target onset, conscious access to facial identity, as opposed to facial configural features, was able to elicit more robust late positivity. In conclusion, we suggest that the stages of neural events, ranging from prestimulus to stimulus-related activities, may operate in combination to determine which level of stimulus contents is consciously accessed. Conscious access may thus be better construed as comprising various forms that depend on the level of stimulus contents accessed. NEW & NOTEWORTHY The present study investigates how the brain determines which level of stimulus contents is consciously accessible when facing an incoming facial stimulus. Using magnetoencephalography, we show that prestimulus

Information access for event-driven smart grid controllers

DEFF Research Database (Denmark)

Kristensen, Thomas Le Fevre; Olsen, Rasmus Løvenstein; Rasmussen, Jakob Gulddahl

2018-01-01

grids, which targets a reduction of over- and under voltage level situations by adjusting reactive power production of selected low voltage grid assets. The paper models different information access schemes between remote assets and controller, which is activated only when certain voltage thresholds...... stochastic models. We investigate in this paper the suitability for using these two metrics for optimization in a voltage grid control scenario. We conclude that, while the mismatch probability is very useful compared to the simpler information age metric from a network designers and operators point of view...

A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure

Institute of Scientific and Technical Information of China (English)

ZHANG Shaomin; WANG Baoyi; ZHOU Lihua

2006-01-01

PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.

C-DAM: CONTENTION BASED DISTRIBUTED RESERVATION PROTOCOL ALLOCATION ALGORITHM FOR WIMEDIA MEDIUM ACCESS CONTROL

Directory of Open Access Journals (Sweden)

UMADEVI K. S.

2017-07-01

Full Text Available WiMedia Medium Access Control (MAC provides high rate data transfer for wireless networking thereby enables construction of high speed home networks. It facilitates data communication between the nodes through two modes namely: i Distributed Reservation Protocol (DRP for isochronous traffic and ii Prioritized Contention Access (PCA for asynchronous traffic. PCA mode enables medium access using CSMA/CA similar to IEEE 802.11e. In the presence of DRP, the throughput of PCA saturates when there is an increase in the number of devices accessing PCA channel. Researchers suggest that the better utilization of medium resolves many issues in an effective way. To demonstrate the effective utilization of the medium, Contention Based Distributed Reservation Protocol Allocation Algorithm for WiMedia Medium Access Control is proposed for reserving Medium Access Slots under DRP in the presence of PCA. The proposed algorithm provides a better medium access, reduces energy consumption and enhances the throughput when compared to the existing methodologies.

On the Impact of information access delays on remote control of a wind turbine

DEFF Research Database (Denmark)

Madsen, Jacob Theilgaard; Barradas Berglind, Jose de Jesus; Madsen, Tatiana Kozlova

2015-01-01

farm controller. The controller attempts to reduce fatigue on the wind turbine, which is used as a measure of the controller performance. Via simulation analysis, we show the degradation of the controller performance when subject to network delays. We analyse different access strategies useable...... by the controller to gather sensor information and and quantitatively characterize the impact of these access strategies on the controller performance......It is important to reduce the impact of renewable production in the power grid by means of control, due to increased frequency deviations and imbalances caused by these assets. Cost efficient deployment of asset control frequently results in a distributed control architecture where the controller...

Mechanisms controlling the impact of multi-year drought on mountain hydrology.

Science.gov (United States)

Bales, Roger C; Goulden, Michael L; Hunsaker, Carolyn T; Conklin, Martha H; Hartsough, Peter C; O'Geen, Anthony T; Hopmans, Jan W; Safeeq, Mohammad

2018-01-12

Mountain runoff ultimately reflects the difference between precipitation (P) and evapotranspiration (ET), as modulated by biogeophysical mechanisms that intensify or alleviate drought impacts. These modulating mechanisms are seldom measured and not fully understood. The impact of the warm 2012-15 California drought on the heavily instrumented Kings River basin provides an extraordinary opportunity to enumerate four mechanisms that controlled the impact of drought on mountain hydrology. Two mechanisms intensified the impact: (i) evaporative processes have first access to local precipitation, which decreased the fractional allocation of P to runoff in 2012-15 and reduced P-ET by 30% relative to previous years, and (ii) 2012-15 was 1 °C warmer than the previous decade, which increased ET relative to previous years and reduced P-ET by 5%. The other two mechanisms alleviated the impact: (iii) spatial heterogeneity and the continuing supply of runoff from higher elevations increased 2012-15 P-ET by 10% relative to that expected for a homogenous basin, and iv) drought-associated dieback and wildfire thinned the forest and decreased ET, which increased 2016 P-ET by 15%. These mechanisms are all important and may offset each other; analyses that neglect one or more will over or underestimate the impact of drought and warming on mountain runoff.

Benefits of Location-Based Access Control:A Literature Study

NARCIS (Netherlands)

van Cleeff, A.; Pieters, Wolter; Wieringa, Roelf J.

2010-01-01

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been

Parametric study of control mechanism of cortical bone remodeling under mechanical stimulus

Science.gov (United States)

Wang, Yanan; Qin, Qing-Hua

2010-03-01

The control mechanism of mechanical bone remodeling at cellular level was investigated by means of an extensive parametric study on a theoretical model described in this paper. From a perspective of control mechanism, it was found that there are several control mechanisms working simultaneously in bone remodeling which is a complex process. Typically, an extensive parametric study was carried out for investigating model parameter space related to cell differentiation and apoptosis which can describe the fundamental cell lineage behaviors. After analyzing all the combinations of 728 permutations in six model parameters, we have identified a small number of parameter combinations that can lead to physiologically realistic responses which are similar to theoretically idealized physiological responses. The results presented in the work enhanced our understanding on mechanical bone remodeling and the identified control mechanisms can help researchers to develop combined pharmacological-mechanical therapies to treat bone loss diseases such as osteoporosis.

A Logic for Reasoning About Time-Dependent Access Control Policies

National Research Council Canada - National Science Library

DeYoung, Henry

2008-01-01

.... Because of the number and complexity of authorization policies in access control systems, it is clear that ad hoc methods for specifying and enforcing policies cannot inspire a high degree of trust...

Forgetting: the availability, accessibility, and intentional control problem. Part 2

Directory of Open Access Journals (Sweden)

Veronika V. Nourkova

2016-12-01

Full Text Available The paper focuses on the phenomenon of forgetting as a primal and generally productive memory process. The cases that require temporary and permanent forgetting of the data stored in the long-term memory are contrasted. The main methodological obstacle in forgetting research is identified as arising from the logical prohibition to argument from the negative, i.e. “the evidence of absence is not the evidence of absence”. Two mechanisms of forgetting are discussed in the paper: transformation of the memory trace and modulation of trace accessibility. The former mechanism of forgetting consists of memory trace destruction (memory trace decay, retroactive and proactive interference, and «catastrophic» interference or its transformation that leads to forming a new memory representation. The most promising way to legitimize the trace destruction mechanism is narrowing the further research to episodic memory subsystem. The latter mechanism of forgetting consists of both passive failure in access to appropriate memory content (the tip of the tongue phenomenon, the category size effect, the fan effect and the process of active retrieval inhibition. This phenomenon represents temporary inhibition of competing semantically similar responses in semantic memory, and motivational inhibition of self-deprecating memories in autobiographical memory. Thus, a variety of experimental paradigms in intentional forgetting research are considered. Contrary to the common claim that forgetting is а universal and homogeneous phenomenon, we propose that forgetting strategies might vary in different memory subsystems, and also depend on activity characteristics during encoding, storage and retrieval.

Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System

Institute of Scientific and Technical Information of China (English)

Wen-Min Li; Xue-Lei Li; Qiao-Yan Wen; Shuo Zhang; Hua Zhang

2017-01-01

In hybrid cloud computing, encrypted data access control can provide a fine-grained access method for orga-nizations to enact policies closer to organizational policies. This paper presents an improved CP-ABE (ciphertext-policy attribute-based encryption) scheme to construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. In our improvement, we split the original decryption keys into a control key, a secret key and a set of transformation keys. The private cloud managed by the organization administrator takes charge of updating the transformation keys using the control key. It helps to handle the situation of flexible access management and attribute alteration. Meanwhile, the mobile user's single secret key remains unchanged as well as the ciphertext even if the data user's attribute has been revoked. In addition, we modify the access control list through adding the attributes with corresponding control key and transformation keys so as to manage user privileges depending upon the system version. Finally, the analysis shows that our scheme is secure, flexible and efficient to be applied in mobile hybrid cloud computing.

Scalable Lunar Surface Networks and Adaptive Orbit Access

Science.gov (United States)

Wang, Xudong

2015-01-01

Teranovi Technologies, Inc., has developed innovative network architecture, protocols, and algorithms for both lunar surface and orbit access networks. A key component of the overall architecture is a medium access control (MAC) protocol that includes a novel mechanism of overlaying time division multiple access (TDMA) and carrier sense multiple access with collision avoidance (CSMA/CA), ensuring scalable throughput and quality of service. The new MAC protocol is compatible with legacy Institute of Electrical and Electronics Engineers (IEEE) 802.11 networks. Advanced features include efficiency power management, adaptive channel width adjustment, and error control capability. A hybrid routing protocol combines the advantages of ad hoc on-demand distance vector (AODV) routing and disruption/delay-tolerant network (DTN) routing. Performance is significantly better than AODV or DTN and will be particularly effective for wireless networks with intermittent links, such as lunar and planetary surface networks and orbit access networks.

A Novel Medium Access Control for Ad hoc Networks Based on OFDM System

Institute of Scientific and Technical Information of China (English)

YU Yi-fan; YIN Chang-chuan; YUE Guang-xin

2005-01-01

Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%～80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.

A novel asynchronous access method with binary interfaces

Directory of Open Access Journals (Sweden)

Torres-Solis Jorge

2008-10-01

Full Text Available Abstract Background Traditionally synchronous access strategies require users to comply with one or more time constraints in order to communicate intent with a binary human-machine interface (e.g., mechanical, gestural or neural switches. Asynchronous access methods are preferable, but have not been used with binary interfaces in the control of devices that require more than two commands to be successfully operated. Methods We present the mathematical development and evaluation of a novel asynchronous access method that may be used to translate sporadic activations of binary interfaces into distinct outcomes for the control of devices requiring an arbitrary number of commands to be controlled. With this method, users are required to activate their interfaces only when the device under control behaves erroneously. Then, a recursive algorithm, incorporating contextual assumptions relevant to all possible outcomes, is used to obtain an informed estimate of user intention. We evaluate this method by simulating a control task requiring a series of target commands to be tracked by a model user. Results When compared to a random selection, the proposed asynchronous access method offers a significant reduction in the number of interface activations required from the user. Conclusion This novel access method offers a variety of advantages over traditionally synchronous access strategies and may be adapted to a wide variety of contexts, with primary relevance to applications involving direct object manipulation.

Making Mechanization Accessible to Smallholder Farmers in Sub-Saharan Africa

Directory of Open Access Journals (Sweden)

Brian Sims

2016-04-01

Full Text Available This paper summarizes the deliberations at a meeting convened by the Bill & Melinda Gates Foundation held in Beijing in October 2015. Farm power and mechanization are agricultural production inputs that will be essential to raise the labor and land productivity required if Sustainable Development Goals 1 and 2 (ending poverty and hunger are to be achieved. The smallholder farm sector demand for mechanization needs to be raised to stimulate the product value chain and activate input supply (that is to raise farm productivity, stimulate value addition, and encourage private sector custom hire service provision. The sustainability of mechanization from a natural resource conservation point of view is discussed with reference to conservation agriculture principles. Mechanization appropriate for the smallholder sector covers the range of possible power sources human, draft animal and motorized. The key is to engage all the stakeholders in the supply chain and offer a range of suitable options from which the user can select. Sustainability of mechanization includes financial and social, as well as environmental factors. Local manufacturers should be supported where feasible as they can provide implements and machines adapted to local conditions—and better technical service and replacement part supply. The public sector role in providing access to mechanization should be restricted to promulgating enabling policies, building technical and business management skills and stimulating demand. The lessons to be learnt from Chinese experience in making mechanization available to smallholder farmers include subsidies, strong extension services, infrastructure development and a solid manufacturing sector that prioritizes the smallholder sector. The implications for sub-Saharan Africa appear to be that group ownership and custom hire service provision are the models to follow. Finally, the relevance of an African Center for Sustainable Agricultural

Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

Science.gov (United States)

Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

2012-01-01

As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are

An intelligent trust-based access control model for affective ...

African Journals Online (AJOL)

In this study, a fuzzy expert system Trust-Based Access Control (TBAC) model for improving the Quality of crowdsourcing using emotional affective computing is presented. This model takes into consideration a pre-processing module consisting of three inputs such as crowd-workers category, trust metric and emotional ...

MAINTAINING VEHICLE SPEED USING A MECHANICAL CRUISE CONTROL

Directory of Open Access Journals (Sweden)

Peter GIROVSKÝ

2017-06-01

Full Text Available In this article we would like to present cruise control realization. This cruise control is presented as mechanical device for vehicle speed maintenance and has been proposed as a low cost solution. Principle of function in mechanical cruise control is based on a position control of throttle. For the right action of mechanical cruise control it was need to solve some particular tasks related with speed sensing, construct of device for control of throttle position and design of control system of whole mechanical cruise control. Information about car velocity we have gained using Hall sensor attached on a magnetic ring of car tachometer. For control of the throttle was used a small servo drive and as the control unit was used Arduino. The designed solution of mechanical cruise control have been realized for car Škoda Felicia.

Integrating CERN e-groups into TWiki access control.

CERN Document Server

Jones, PL; Hoymr, N; CERN. Geneva. IT Department

2010-01-01

Wikis allow for easy collaborative editing of documents on the web for users located in different buildings, cities or even countries. TWiki culture lends to open free form editing and most pages are world readable and editable by CERN authenticated users, however access control is possible and is used to protect sensitive documents. This note discusses the integration of E-groups for authorisation purposes at CERN.

Secure access control and large scale robust representation for online multimedia event detection.

Science.gov (United States)

Liu, Changyu; Lu, Bin; Li, Huiling

2014-01-01

We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

Secure Access Control and Large Scale Robust Representation for Online Multimedia Event Detection

Directory of Open Access Journals (Sweden)

Changyu Liu

2014-01-01

Full Text Available We developed an online multimedia event detection (MED system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study Platforms : A Comprehensive Access Control Scheme Applied to the GENIDA Project - Study of Genetic Forms of Intellectual Disabilities and Autism Spectrum Disorders.

Science.gov (United States)

Parrend, Pierre; Mazzucotelli, Timothée; Colin, Florent; Collet, Pierre; Mandel, Jean-Louis

2017-11-16

Cohort Study Platforms (CSP) are emerging as a key tool for collecting patient information, providing new research data, and supporting family and patient associations. However they pose new ethics and regulatory challenges since they cross the gap between patients and medical practitioners. One of the critical issues for CSP is to enforce a strict control on access privileges whilst allowing the users to take advantage of the breadth of the available data. We propose Cerberus, a new access control scheme spanning the whole life-cycle of access right management: design, implementation, deployment and maintenance, operations. Cerberus enables switching from a dual world, where CSP data can be accessed either from the users who entered it or fully de-identified, to an access-when-required world, where patients, practitioners and researchers can access focused medical data through explicit authorisation by the data owner. Efficient access control requires application-specific access rights, as well as the ability to restrict these rights when they are not used. Cerberus is implemented and evaluated in the context of the GENIDA project, an international CSP for Genetically determined Intellectual Disabilities and Autism Spectrum Disorders. As a result of this study, the software is made available for the community, and validated specifications for CSPs are given.

78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Science.gov (United States)

2013-07-22

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

Control mechanisms in franchise systems

OpenAIRE

Hass, Jörg

2012-01-01

This dissertation answers the question which different control mechanisms exist in a franchise system. It is the first two-sided franchise empirical analysis, regarding all outlets of the franchise system (franchisees and company-owned) as well as the franchisor. On the theoretical side, this dissertation integrates the two main management theories: principal-agent-theory and transaction cost analysis. The results show that there are used different control mechanisms in a franchise sys...

Conviviality-driven access control policy

NARCIS (Netherlands)

El Kateb, Donia; Zannone, N.; Moawad, Assaad; Caire, Patrice; Nain, Grégory; Mouelhi, Tejeddine; Le Traon, Yves

2015-01-01

Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to information. Such policies, however, are often too restrictive, and users do not have the rights

Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

OpenAIRE

Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin

2013-01-01

This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...

Robust Position Control of Electro-mechanical Systems

OpenAIRE

Rong Mei; Mou Chen

2013-01-01

In this work, the robust position control scheme is proposed for the electro-mechanical system using the disturbance observer and backstepping control method. To the external unknown load of the electro-mechanical system, the nonlinear disturbance observer is given to estimate the external unknown load. Combining the output of the developed nonlinear disturbance observer with backstepping technology, the robust position control scheme is proposed for the electro-mechanical system. The stabili...

Access control system for ISABELLE

International Nuclear Information System (INIS)

Potter, K.; Littenberg, L.

1977-01-01

An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release

Mechanisms and maneouvers of forest resource access and its implications for rural livelihoods in the high forest zone of Ghana

OpenAIRE

Tetteh, Herbert

2015-01-01

The management of Ghana's Forests has attracted diverse social actors with multiple interests from the state (Forestry Commission, FC) to local level (local forest users). This has resulted in processes and mechanisms within and outside the legal system of gaining access to the forests and related resources. Mechanisms within the legal system include the forest governance policies which necessitates gaining access through a permit from the FC. The bureaucratic an...

Intelligent Security Auditing Based on Access Control of Devices in Ad Hoc Network

Institute of Scientific and Technical Information of China (English)

XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying

2006-01-01

Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.

Application-Defined Decentralized Access Control

Science.gov (United States)

Xu, Yuanzhong; Dunn, Alan M.; Hofmann, Owen S.; Lee, Michael Z.; Mehdi, Syed Akbar; Witchel, Emmett

2014-01-01

DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%–9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications’ security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes. PMID:25426493

Privacy, security and access with sensitive health information.

Science.gov (United States)

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

The SH2 domain of Abl kinases regulates kinase autophosphorylation by controlling activation loop accessibility

Science.gov (United States)

Lamontanara, Allan Joaquim; Georgeon, Sandrine; Tria, Giancarlo; Svergun, Dmitri I.; Hantschel, Oliver

2014-11-01

The activity of protein kinases is regulated by multiple molecular mechanisms, and their disruption is a common driver of oncogenesis. A central and almost universal control element of protein kinase activity is the activation loop that utilizes both conformation and phosphorylation status to determine substrate access. In this study, we use recombinant Abl tyrosine kinases and conformation-specific kinase inhibitors to quantitatively analyse structural changes that occur after Abl activation. Allosteric SH2-kinase domain interactions were previously shown to be essential for the leukemogenesis caused by the Bcr-Abl oncoprotein. We find that these allosteric interactions switch the Abl activation loop from a closed to a fully open conformation. This enables the trans-autophosphorylation of the activation loop and requires prior phosphorylation of the SH2-kinase linker. Disruption of the SH2-kinase interaction abolishes activation loop phosphorylation. Our analysis provides a molecular mechanism for the SH2 domain-dependent activation of Abl that may also regulate other tyrosine kinases.

On the Protection of Personal Data in the Access Control System

Directory of Open Access Journals (Sweden)

A. P. Durakovskiy

2012-03-01

Full Text Available The aim is to prove the qualification system of access control systems (ACS as an information system for personal data (ISPDn. Applications: systems of physical protection of facilities.

Role-Based Access Control for Coalition Partners in Maritime Domain Awareness

National Research Council Canada - National Science Library

McDaniel, Christopher R; Tardy, Matthew L

2005-01-01

The need for Shared Situational Awareness (SSA) in accomplishing joint missions by coalition militaries, law enforcement, the intelligence community, and the private sector creates a unique challenge to providing access control...

Receiver-initiated medium access control protocols for wireless sensor networks

DEFF Research Database (Denmark)

Fafoutis, Xenofon; Di Mauro, Alessio; Vithanage, Madava D.

2015-01-01

One of the fundamental building blocks of a Wireless Sensor Network (WSN) is the Medium Access Control (MAC) protocol, that part of the system governing when and how two independent neighboring nodes activate their respective transceivers to directly interact. Historically, data exchange has always...

Access control and interlock system at the Advanced Photon Source

International Nuclear Information System (INIS)

Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D.

1997-01-01

The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS's design philosophy, configuration, hardware, functionality, validation requirements, and operational experience

76 FR 38293 - Risk Management Controls for Brokers or Dealers With Market Access

Science.gov (United States)

2011-06-30

... 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access AGENCY: Securities and... of risk management controls and supervisory procedures that, among other things, is reasonably... relevant risk management controls and supervisory procedures required under the Rule. DATES: The effective...

Development of a wireless protection against imitation system for identification and control of vehicle access

Directory of Open Access Journals (Sweden)

Aleksei A. Gavrishev

2018-03-01

Full Text Available This article deals with wireless systems for identification and control of vehicle access to protected objects. Known systems are considered. As a result, it has been established that one of the most promising approaches to identifying and controlling vehicle access to protected objects is the use of systems based on the "friend or foe" principle. Among these systems, there are "one-directional" and "bedirectional" identification and access control systems. "Bidirectional" systems are more preferable for questions of identification and access control. However, at present, these systems should have a reduced probability of recognizing the structure of the request and response signals because the potential attacker can easily perform unauthorized access to the radio channel of the system. On this basis, developed a wireless system identification and control vehicle access to protected objects based on the principle of "friend or foe", featuring increased protection from unauthorized access and jamming through the use of rewritable drives chaotic sequences. In addition, it’s proposed to use to identify the vehicle's RFID tag containing additional information about it. Are some specifications of the developed system (the possible frequency range of the request-response signals, the communication range, data rate, the size of the transmitted data, guidelines for choosing RFID. Also, with the help of fuzzy logic, was made the security assessment from unauthorized access request-response signals based on the system of "friend or foe", which are transferred via radio channel, developed systems and analogues. The security assessment of the developed system shows an adequate degree of protection against complex threats (view, spoofing, interception and jamming of traffic in comparison with known systems of this class. Among the main advantages of the developed system it’s necessary to mention increased security from unauthorized access and jamming

F2AC: A Lightweight, Fine-Grained, and Flexible Access Control Scheme for File Storage in Mobile Cloud Computing

Directory of Open Access Journals (Sweden)

Wei Ren

2016-01-01

Full Text Available Current file storage service models for cloud servers assume that users either belong to single layer with different privileges or cannot authorize privileges iteratively. Thus, the access control is not fine-grained and flexible. Besides, most access control methods at cloud servers mainly rely on computationally intensive cryptographic algorithms and, especially, may not be able to support highly dynamic ad hoc groups with addition and removal of group members. In this paper, we propose a scheme called F2AC, which is a lightweight, fine-grained, and flexible access control scheme for file storage in mobile cloud computing. F2AC can not only achieve iterative authorization, authentication with tailored policies, and access control for dynamically changing accessing groups, but also provide access privilege transition and revocation. A new access control model called directed tree with linked leaf model is proposed for further implementations in data structures and algorithms. The extensive analysis is given for justifying the soundness and completeness of F2AC.

Gender Relations in Access to and Control over Resources in Awra ...

African Journals Online (AJOL)

Administrator

participant observation of gender roles and relations in the study community. ..... in domestic and public spheres, access to and control over locally available ...... Proposal on Leadership Initiatives in Awra Amba Community Case Study on.

Modelling and Analysing Access Control Policies in XACML 3.0

DEFF Research Database (Denmark)

Ramli, Carroline Dewi Puspa Kencana

(c.f. GM03,Mos05,Ris13) and manual analysis of the overall effect and consequences of a large XACML policy set is a very daunting and time-consuming task. In this thesis we address the problem of understanding the semantics of access control policy language XACML, in particular XACML version 3.0....... The main focus of this thesis is modelling and analysing access control policies in XACML 3.0. There are two main contributions in this thesis. First, we study and formalise XACML 3.0, in particular the Policy Decision Point (PDP). The concrete syntax of XACML is based on the XML format, while its standard...... semantics is described normatively using natural language. The use of English text in standardisation leads to the risk of misinterpretation and ambiguity. In order to avoid this drawback, we define an abstract syntax of XACML 3.0 and a formal XACML semantics. Second, we propose a logic-based XACML analysis...

Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

Directory of Open Access Journals (Sweden)

Wen-Jye Shyr

2013-02-01

Full Text Available This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC and WebAccess. A mechatronics module, a Web-CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equipment from a remote location. Mechatronics control and long-distance monitoring were realized by establishing communication between the PLC and WebAccess. Analytical results indicate that the proposed system is feasible. The suitability of this system is demonstrated in the department of industrial education and technology at National Changhua University of Education, Taiwan. Preliminary evaluation of the system was encouraging and has shown that it has achieved success in helping students understand concepts and master remote monitoring and control techniques.

Adaptive Media Access Control for Energy Harvesting - Wireless Sensor Networks

DEFF Research Database (Denmark)

Fafoutis, Xenofon; Dragoni, Nicola

2012-01-01

ODMAC (On-Demand Media Access Control) is a recently proposed MAC protocol designed to support individual duty cycles for Energy Harvesting — Wireless Sensor Networks (EH-WSNs). Individual duty cycles are vital for EH-WSNs, because they allow nodes to adapt their energy consumption to the ever-ch...

Enforcing access control in virtual organizations using hierarchical attribute-based encryption

NARCIS (Netherlands)

Asim, M.; Ignatenko, T.; Petkovic, M.; Trivellato, D.; Zannone, N.

2012-01-01

Virtual organizations are dynamic, interorganizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed

Developing Access Control Model of Web OLAP over Trusted and Collaborative Data Warehouses

Science.gov (United States)

Fugkeaw, Somchart; Mitrpanont, Jarernsri L.; Manpanpanich, Piyawit; Juntapremjitt, Sekpon

This paper proposes the design and development of Role- based Access Control (RBAC) model for the Single Sign-On (SSO) Web-OLAP query spanning over multiple data warehouses (DWs). The model is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of RBAC authorization based on dimension privilege specified in attribute certificate (AC) and user identification. Particularly, the way of attribute mapping between DW user authentication and privilege of dimensional access is illustrated. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the paper culminates in the prototype system A-COLD (Access Control of web-OLAP over multiple DWs) that incorporates the OLAP features and authentication and authorization enforcement in the multi-user and multi-data warehouse environment.

DOE's nation-wide system for access control can solve problems for the federal government

International Nuclear Information System (INIS)

Callahan, S.; Tomes, D.; Davis, G.; Johnson, D.; Strait, S.

1996-07-01

The U.S. Department of Energy's (DOE's) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by many different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location's level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals

Control rod drive mechanism

International Nuclear Information System (INIS)

Futatsugi, Masao; Goto, Mikihiko.

1976-01-01

Purpose: To provide a control rod drive mechanism using water as an operating source, which prevents a phenomenon for forming two-layers of water in the neighbourhood of a return nozzle in a reactor to limit formation of excessive thermal stress to improve a safety. Constitution: In the control rod drive mechanism of the present invention, a heating device is installed in the neighbourhood of a pressure container for a reactor. This heating device is provided to heat return water in the reactor to a level equal to the temperature of reactor water thereby preventing a phenomenon for forming two-layers of water in the reactor. This limits formation of thermal stress in the return nozzle in the reactor. Accordingly, it is possible to minimize damages in the return nozzle portion and yet a possibility of failure in reactor water. (Kawakami, Y.)

Enforcing access control in virtual organizations using hierarchical attribute-based encryption

NARCIS (Netherlands)

Asim, M.; Ignatenko, T.; Petkovic, M.; Trivellato, D.; Zannone, N.

2012-01-01

Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed

Natural variation in stomatal response to closing stimuli among Arabidopsis thaliana accessions after exposure to low VPD as a tool to recognize the mechanism of disturbed stomatal functioning.

Science.gov (United States)

Aliniaeifard, Sasan; van Meeteren, Uulke

2014-12-01

Stomatal responses to closing stimuli are disturbed after long-term exposure of plants to low vapour pressure deficit (VPD). The mechanism behind this disturbance is not fully understood. Genetic variation between naturally occurring ecotypes can be helpful to elucidate the mechanism controlling stomatal movements in different environments. We characterized the stomatal responses of 41 natural accessions of Arabidopsis thaliana to closing stimuli (ABA and desiccation) after they had been exposed for 4 days to moderate VPD (1.17 kPa) or low VPD (0.23 kPa). A fast screening system was used to test stomatal response to ABA using chlorophyll fluorescence imaging under low O2 concentrations of leaf discs floating on ABA solutions. In all accessions stomatal conductance (gs) was increased after prior exposure to low VPD. After exposure to low VPD, stomata of 39 out of 41 of the accessions showed a diminished ABA closing response; only stomata of low VPD-exposed Map-42 and C24 were as responsive to ABA as moderate VPD-exposed plants. In response to desiccation, most of the accessions showed a normal stomata closing response following low VPD exposure. Only low VPD-exposed Cvi-0 and Rrs-7 showed significantly less stomatal closure compared with moderate VPD-exposed plants. Using principle component analysis (PCA), accessions could be categorized to very sensitive, moderately sensitive, and less sensitive to closing stimuli. In conclusion, we present evidence for different stomatal responses to closing stimuli after long-term exposure to low VPD across Arabidopsis accessions. The variation can be a useful tool for finding the mechanism of stomatal malfunctioning. © The Author 2014. Published by Oxford University Press on behalf of the Society for Experimental Biology.

Nonsmooth mechanics models, dynamics and control

CERN Document Server

Brogliato, Bernard

2016-01-01

Now in its third edition, this standard reference is a comprehensive treatment of nonsmooth mechanical systems refocused to give more prominence to control and modelling. It covers Lagrangian and Newton–Euler systems, detailing mathematical tools such as convex analysis and complementarity theory. The ways in which nonsmooth mechanics influence and are influenced by well-posedness analysis, numerical analysis and simulation, modelling and control are explained. Contact/impact laws, stability theory and trajectory-tracking control are given in-depth exposition connected by a framework formed from complementarity systems and measure-differential inclusions. Links are established with electrical circuits with set-valued nonsmooth elements and with other nonsmooth dynamical systems like impulsive and piecewise linear systems. Nonsmooth Mechanics (third edition) has been substantially rewritten, edited and updated to account for the significant body of results that have emerged in the twenty-first century—incl...

Privacy and Access Control for IHE-Based Systems

Science.gov (United States)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

Secure Dynamic access control scheme of PHR in cloud computing.

Science.gov (United States)

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

Drive mechanism nuclear reactor control rod

International Nuclear Information System (INIS)

Brooks, J.G. Jr.; Maure, D.R.; Meijer, C.H.

1978-01-01

An improved method and apparatus for operating magnetic stepping-type mechanisms. The current flowing in the coils of magnetic stepping-type mechanisms of the kind, for instance, that are used in control-element drive mechanisms is sensed and used to monitor operation of the mechanism. Current waveforms that characterize the motion of the mechanism are used to trigger changes in drive voltage and to verify that the drive mechanism is operating properly. In addition, incipient failures are detected through the observation of differences between the observed waveform and waveforms that characterize proper operation

A Comparative Analysis of Wiki Discretionary Access Control in a CONOPS Environment

National Research Council Canada - National Science Library

Crawford, Frederick L

2008-01-01

.... The derivation of the author's thesis focuses awareness on effective information allocation that is reliable and accurate while maintaining its confidentiality based upon some level of discretionary access control (DAC...

Rural providers' access to online resources: a randomized controlled trial

Science.gov (United States)

Hall, Laura J.; McElfresh, Karen R.; Warner, Teddy D.; Stromberg, Tiffany L.; Trost, Jaren; Jelinek, Devin A.

2016-01-01

Objective The research determined the usage and satisfaction levels with one of two point-of-care (PoC) resources among health care providers in a rural state. Methods In this randomized controlled trial, twenty-eight health care providers in rural areas were stratified by occupation and region, then randomized into either the DynaMed or the AccessMedicine study arm. Study participants were physicians, physician assistants, and nurses. A pre- and post-study survey measured participants' attitudes toward different information resources and their information-seeking activities. Medical student investigators provided training and technical support for participants. Data analyses consisted of analysis of variance (ANOVA), paired t tests, and Cohen's d statistic to compare pre- and post-study effects sizes. Results Participants in both the DynaMed and the AccessMedicine arms of the study reported increased satisfaction with their respective PoC resource, as expected. Participants in both arms also reported that they saved time in finding needed information. At baseline, both arms reported too little information available, which increased to “about right amounts of information” at the completion of the study. DynaMed users reported a Cohen's d increase of +1.50 compared to AccessMedicine users' reported use of 0.82. DynaMed users reported d2 satisfaction increases of 9.48 versus AccessMedicine satisfaction increases of 0.59 using a Cohen's d. Conclusion Participants in the DynaMed arm of the study used this clinically oriented PoC more heavily than the users of the textbook-based AccessMedicine. In terms of user satisfaction, DynaMed users reported higher levels of satisfaction than the users of AccessMedicine. PMID:26807050

Socio-economic status influences blood pressure control despite equal access to care

DEFF Research Database (Denmark)

Paulsen, M S; Andersen, M; Munck, A P

2012-01-01

OBJECTIVE: Denmark has a health care system with free and equal access to care irrespective of age and socio-economic status (SES). We conducted a cross-sectional study to investigate a possible association between SES and blood pressure (BP) control of hypertensive patients treated in general...... Statistics Denmark. The outcome measure was BP control defined as BP...

Lexical Access in L2 Speech Production: a controlled serial search task

Directory of Open Access Journals (Sweden)

Gicele Vergine Vieira

2017-09-01

Full Text Available When it comes to lexical access in L2 speech production, working memory (WM seems to play a central role as for less automatized procedures require more WM capacity to be executed (Prebianca, 2007. With that in mind, this paper aims at claiming that bilingual lexical access qualifies as a controlled serial strategic search task susceptible to individual differences in WM capacity. Evidence in support of such claim is provided by the results of AUTHOR's (2010 study conducted so as to investigate the relationship between L2 lexical access, WMC and L2 proficiency. AUTHOR's (2010 findings indicate that bilingual lexical access entails underlying processes such as cue generation, set delimitation, serial search and monitoring, which to be carried out, require the allocation of attention. Attention is limited and, as a result, only higher spans were able to perform these underlying processes automatically.

Cardea: Dynamic Access Control in Distributed Systems

Science.gov (United States)

Lepro, Rebekah

2004-01-01

Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This . paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functionality goals are examined. Next, critical features of the system architecture and its handling of the authorization process are then examined. Then the S A M L and XACML standards, as incorporated into the system, are analyzed. Finally, the future directions of this project are outlined and connection points with general components of an authorization system are highlighted.

Revisiting of Channel Access Mechanisms in Mobile Wireless Networks through Exploiting Physical Layer Technologies

Directory of Open Access Journals (Sweden)

Junmei Yao

2018-01-01

Full Text Available The wireless local area networks (WLANs have been widely deployed with the rapid development of mobile devices and have further been brought into new applications with infrastructure mobility due to the growth of unmanned aerial vehicles (UAVs. However, the WLANs still face persistent challenge on increasing the network throughput to meet the customer’s requirement and fight against the node mobility. Interference is a well-known issue that would degrade the network performance due to the broadcast characteristics of the wireless signals. Moreover, with infrastructure mobility, the interference becomes the key obstacle in pursuing the channel capacity. Legacy interference management mechanism through the channel access control in the MAC layer design of the 802.11 standard has some well-known drawbacks, such as exposed and hidden terminal problems, inefficient rate adaptation, and retransmission schemes, making the efficient interference management an everlasting research topic over the years. Recently, interference management through exploiting physical layer mechanisms has attracted much research interest and has been proven to be a promising way to improve the network throughput, especially under the infrastructure mobility scenarios which provides more indicators for node dynamics. In this paper, we introduce a series of representative physical layer techniques and analyze how they are exploited for interference management to improve the network performance. We also provide some discussions about the research challenges and give potential future research topics in this area.

Gender Relations in Access to and Control over Resources in Awra ...

African Journals Online (AJOL)

This paper explores gender relations in access to and control over resources in Awra Amba Community of Amhara Region, Ethiopia. The study employed primary and secondary data sources. The primary data were gathered through semistructured interviews with selected community members and key informants, focus ...

Bell trajectories for revealing quantum control mechanisms

International Nuclear Information System (INIS)

Dennis, Eric; Rabitz, Herschel

2003-01-01

The dynamics induced while controlling quantum systems by optimally shaped laser pulses have often been difficult to understand in detail. A method is presented for quantifying the importance of specific sequences of quantum transitions involved in the control process. The method is based on a ''beable'' formulation of quantum mechanics due to John Bell that rigorously maps the quantum evolution onto an ensemble of stochastic trajectories over a classical state space. Detailed mechanism identification is illustrated with a model seven-level system. A general procedure is presented to extract mechanism information directly from closed-loop control experiments. Application to simulated experimental data for the model system proves robust with up to 25% noise

Hybrid Solution for Privacy-Preserving Access Control for Healthcare Data

Directory of Open Access Journals (Sweden)

SMITHAMOL, M. B.

2017-05-01

Full Text Available The booming in cloud and IoT technologies has accelerated the growth of healthcare system. The IoT devices monitor the patient's health, and upload collected data as Electronic Medical Records (EMRs to the cloud for storage and sharing. Outsourcing EMRs to the cloud introduce new security and privacy challenges. In this paper, we proposed a novel architecture ensuring security and privacy for the outsourced health records. The proposed model uses partially ordered set (POSET for constructing the group based access structure and Ciphertext-Policy Attribute-Based Encryption (CP-ABE to provide fine-grained EMR access control. The modified group based CP-ABE (G-CP-ABE minimizes the computational overhead by reducing the number of leaf nodes in the access tree. Also, the proposed G-CP-ABE framework merges symmetric encryption and CP-ABE scheme to minimize the overall encryption time. As a result, G-CP-ABE can be used to monitor health conditions even from a resource constrained IoT device. The performance analysis shows the efficiency of the proposed model, making it suitable for practical use.

A Model-driven Role-based Access Control for SQL Databases

Directory of Open Access Journals (Sweden)

Raimundas Matulevičius

2015-07-01

Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.

Rural providers’ access to online resources: a randomized controlled trial

Directory of Open Access Journals (Sweden)

Jonathan D. Eldredge

2016-01-01

Full Text Available Objective: The research determined the usage and satisfaction levels with one of two point-of-care (PoC resources among health care providers in a rural state. Methods: In this randomized controlled trial, twenty-eight health care providers in rural areas were stratified by occupation and region, then randomized into either the DynaMed or the AccessMedicine study arm. Study participants were physicians, physician assistants, and nurses. A pre- and post-study survey measured participants’ attitudes toward different information resources and their information-seeking activities. Medical student investigators provided training and technical support for participants. Data analyses consisted of analysis of variance (ANOVA, paired t tests, and Cohen’s d statistic to compare pre- and post-study effects sizes. Results: Participants in both the DynaMed and the AccessMedicine arms of the study reported increased satisfaction with their respective PoC resource, as expected. Participants in both arms also reported that they saved time in finding needed information. At baseline, both arms reported too little information available, which increased to ‘‘about right amounts of information’’ at the completion of the study. DynaMed users reported a Cohen’s d increase of þ1.50 compared to AccessMedicine users’ reported use of 0.82. DynaMed users reported d2 satisfaction increases of 9.48 versus AccessMedicine satisfaction increases of 0.59 using a Cohen’s d. Conclusion: Participants in the DynaMed arm of the study used this clinically oriented PoC more heavily than the users of the textbook-based AccessMedicine. In terms of user satisfaction, DynaMed users reported higher levels of satisfaction than the users of AccessMedicine.

Mechanisms in environmental control

International Nuclear Information System (INIS)

Lindeneg, K.

1994-01-01

The theory of implementation provides methods for decentralization of decisions in societies. By using mechanisms (game forms) it is possible (in theory) to implement attractive states in different economic environments. As an example the market mechanisms can implement Pareto-efficient and individual rational allocations in an Arrow-Debreu economic environment without market failures. And even when there exists externalities the market mechanism sometime can be used if it is possible to make a market for the goods not allocated on a market already - examples are marketable emission permits, and deposit refund systems. But environmental problems can often be explained by the existence of other market failures (e.g. asymmetric information), and then the market mechanism do not work properly. And instead of using regulation or traditional economic instruments (subsidies, charges, fees, liability insurance, marketable emission permits, or deposit refund systems) to correct the problems caused by market failures, some other methods can be used to deal with these problems. This paper contains a survey of mechanisms that can be used in environmental control when the problems are caused by the existence of public goods, externalities, asymmetric information, and indivisible goods in the economy. By examples it will be demonstrated how the Clarke-Groves mechanism, the Cournot-Lindahl mechanism, and other mechanisms can be used to solve specific environmental problems. This is only theory and examples, but a recent field study have used the Cournot-Lindahl mechanism to solve the problem of lake liming in Sweden. So this subject may be of some interests for environmental policy in the future. (au) 23 refs

Mechanical perturbation control of cardiac alternans

Science.gov (United States)

Hazim, Azzam; Belhamadia, Youssef; Dubljevic, Stevan

2018-05-01

Cardiac alternans is a disturbance in heart rhythm that is linked to the onset of lethal cardiac arrhythmias. Mechanical perturbation control has been recently used to suppress alternans in cardiac tissue of relevant size. In this control strategy, cardiac tissue mechanics are perturbed via active tension generated by the heart's electrical activity, which alters the tissue's electric wave profile through mechanoelectric coupling. We analyze the effects of mechanical perturbation on the dynamics of a map model that couples the membrane voltage and active tension systems at the cellular level. Therefore, a two-dimensional iterative map of the heart beat-to-beat dynamics is introduced, and a stability analysis of the system of coupled maps is performed in the presence of a mechanical perturbation algorithm. To this end, a bidirectional coupling between the membrane voltage and active tension systems in a single cardiac cell is provided, and a discrete form of the proposed control algorithm, that can be incorporated in the coupled maps, is derived. In addition, a realistic electromechanical model of cardiac tissue is employed to explore the feasibility of suppressing alternans at cellular and tissue levels. Electrical activity is represented in two detailed ionic models, the Luo-Rudy 1 and the Fox models, while two active contractile tension models, namely a smooth variant of the Nash-Panfilov model and the Niederer-Hunter-Smith model, are used to represent mechanical activity in the heart. The Mooney-Rivlin passive elasticity model is employed to describe passive mechanical behavior of the myocardium.

Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network.

Science.gov (United States)

Omala, Anyembe Andrew; Mbandu, Angolo Shem; Mutiria, Kamenyi Domenic; Jin, Chunhua; Li, Fagen

2018-04-28

Wireless body area network (WBAN) provides a medium through which physiological information could be harvested and transmitted to application provider (AP) in real time. Integrating WBAN in a heterogeneous Internet of Things (IoT) ecosystem would enable an AP to monitor patients from anywhere and at anytime. However, the IoT roadmap of interconnected 'Things' is still faced with many challenges. One of the challenges in healthcare is security and privacy of streamed medical data from heterogeneously networked devices. In this paper, we first propose a heterogeneous signcryption scheme where a sender is in a certificateless cryptographic (CLC) environment while a receiver is in identity-based cryptographic (IBC) environment. We then use this scheme to design a heterogeneous access control protocol. Formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model is presented. In comparison with some of the existing access control schemes, our scheme has lower computation and communication cost.

Does open access improve the process and outcome of podiatric care?

Science.gov (United States)

Wrobel, James S; Davies, Michael L; Robbins, Jeffrey M

2011-05-19

Open access to clinics is a management strategy to improve healthcare delivery. Providers are sometimes hesitant to adopt open access because of fear of increased visits for potentially trivial complaints. We hypothesized open access clinics would result in decreased wait times, increased number of podiatry visits, fewer no shows, higher rates of acute care visits, and lower minor amputation rates over control clinics without open access. This study was a national retrospective case-control study of VHA (Veterans Hospital Administration) podiatry clinics in 2008. Eight case facilities reported to have open podiatry clinic access for at least one year were identified from an email survey. Sixteen control facilities with similar structural features (e.g., full time podiatrists, health tech, residency program, reconstructive foot surgery, vascular, and orthopedic surgery) were identified in the same geographic region as the case facilities. Twenty-two percent of facilities responded to the survey. Fifty-four percent reported open access and 46% did not. There were no differences in facility or podiatry panel size, podiatry visits, or visit frequency between the cases and controls. Podiatry visits trended higher for control facilities but didn't reach statistical significance. Case facilities had more new consults seen within 30 days (96%, 89%; P = 0.050) and lower minor amputation rates (0.62/1,000, 1.0/1,000; P = 0.041). The VHA is the worlds largest managed care organization and it relies on clinical efficiencies as one mechanism to improve the quality of care. Open access clinics had more timely access for new patients and lower rates of minor amputations.

Cloud security mechanisms

OpenAIRE

2014-01-01

Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...

The equipment access software for a distributed UNIX-based accelerator control system

International Nuclear Information System (INIS)

Trofimov, Nikolai; Zelepoukine, Serguei; Zharkov, Eugeny; Charrue, Pierre; Gareyte, Claire; Poirier, Herve

1994-01-01

This paper presents a generic equipment access software package for a distributed control system using computers with UNIX or UNIX-like operating systems. The package consists of three main components, an application Equipment Access Library, Message Handler and Equipment Data Base. An application task, which may run in any computer in the network, sends requests to access equipment through Equipment Library calls. The basic request is in the form Equipment-Action-Data and is routed via a remote procedure call to the computer to which the given equipment is connected. In this computer the request is received by the Message Handler. According to the type of the equipment connection, the Message Handler either passes the request to the specific process software in the same computer or forwards it to a lower level network of equipment controllers using MIL1553B, GPIB, RS232 or BITBUS communication. The answer is then returned to the calling application. Descriptive information required for request routing and processing is stored in the real-time Equipment Data Base. The package has been written to be portable and is currently available on DEC Ultrix, LynxOS, HPUX, XENIX, OS-9 and Apollo domain. ((orig.))

Enhancing Security and Privacy in Video Surveillance through Role-Oriented Access Control Mechanism

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim

sensitive regions, e.g. faces, from the videos. However, very few research efforts have focused on addressing the security aspects of video surveillance data and on authorizing access to this data. Interestingly, while PETs help protect the privacy of individuals, they may also hinder the usefulness....... Pervasive usage of such systems gives substantial powers to those monitoring the videos and poses a threat to the privacy of anyone observed by the system. Aside from protecting privacy from the outside attackers, it is equally important to protect the privacy of individuals from the inside personnel...... involved in monitoring surveillance data to minimize the chances of misuse of the system, e.g. voyeurism. In this context, several techniques to protect the privacy of individuals, called privacy enhancing techniques (PET) have therefore been proposed in the literature which detect and mask the privacy...

Optimal Control of Mechanical Systems

Directory of Open Access Journals (Sweden)

Vadim Azhmyakov

2007-01-01

Full Text Available In the present work, we consider a class of nonlinear optimal control problems, which can be called “optimal control problems in mechanics.” We deal with control systems whose dynamics can be described by a system of Euler-Lagrange or Hamilton equations. Using the variational structure of the solution of the corresponding boundary-value problems, we reduce the initial optimal control problem to an auxiliary problem of multiobjective programming. This technique makes it possible to apply some consistent numerical approximations of a multiobjective optimization problem to the initial optimal control problem. For solving the auxiliary problem, we propose an implementable numerical algorithm.

Tracking Control of Nonlinear Mechanical Systems

NARCIS (Netherlands)

Lefeber, A.A.J.

2000-01-01

The subject of this thesis is the design of tracking controllers for certain classes of mechanical systems. The thesis consists of two parts. In the first part an accurate mathematical model of the mechanical system under consideration is assumed to be given. The goal is to follow a certain

76 FR 60398 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

Science.gov (United States)

2011-09-29

... ``access'' to copyrighted works, e.g., decryption or hacking of access controls such as passwords or serial... availability for use of copyrighted works is whether the measure supports a distribution model that benefits... work, those limitations may benefit the public by providing ``use-facilitating'' models that allow...

An Internet of Things Example: Classrooms Access Control over Near Field Communication

Science.gov (United States)

Palma, Daniel; Agudo, Juan Enrique; Sánchez, Héctor; Macías, Miguel Macías

2014-01-01

The Internet of Things is one of the ideas that has become increasingly relevant in recent years. It involves connecting things to the Internet in order to retrieve information from them at any time and from anywhere. In the Internet of Things, sensor networks that exchange information wirelessly via Wi-Fi, Bluetooth, Zigbee or RF are common. In this sense, our paper presents a way in which each classroom control is accessed through Near Field Communication (NFC) and the information is shared via radio frequency. These data are published on the Web and could easily be used for building applications from the data collected. As a result, our application collects information from the classroom to create a control classroom tool that displays access to and the status of all the classrooms graphically and also connects this data with social networks. PMID:24755520

An internet of things example: classrooms access control over near field communication.

Science.gov (United States)

Palma, Daniel; Agudo, Juan Enrique; Sánchez, Héctor; Macías, Miguel Macías

2014-04-21

The Internet of Things is one of the ideas that has become increasingly relevant in recent years. It involves connecting things to the Internet in order to retrieve information from them at any time and from anywhere. In the Internet of Things, sensor networks that exchange information wirelessly via Wi-Fi, Bluetooth, Zigbee or RF are common. In this sense, our paper presents a way in which each classroom control is accessed through Near Field Communication (NFC) and the information is shared via radio frequency. These data are published on the Web and could easily be used for building applications from the data collected. As a result, our application collects information from the classroom to create a control classroom tool that displays access to and the status of all the classrooms graphically and also connects this data with social networks.

An Internet of Things Example: Classrooms Access Control over Near Field Communication

Directory of Open Access Journals (Sweden)

Daniel Palma

2014-04-01

Full Text Available The Internet of Things is one of the ideas that has become increasingly relevant in recent years. It involves connecting things to the Internet in order to retrieve information from them at any time and from anywhere. In the Internet of Things, sensor networks that exchange information wirelessly via Wi-Fi, Bluetooth, Zigbee or RF are common. In this sense, our paper presents a way in which each classroom control is accessed through Near Field Communication (NFC and the information is shared via radio frequency. These data are published on the Web and could easily be used for building applications from the data collected. As a result, our application collects information from the classroom to create a control classroom tool that displays access to and the status of all the classrooms graphically and also connects this data with social networks.

State of the Art Authentication, Access Control, and Secure Integration in Smart Grid

Directory of Open Access Journals (Sweden)

Neetesh Saxena

2015-10-01

Full Text Available The smart grid (SG is a promising platform for providing more reliable, efficient, and cost effective electricity to the consumers in a secure manner. Numerous initiatives across the globe are taken by both industry and academia in order to compile various security issues in the smart grid network. Unfortunately, there is no impactful survey paper available in the literature on authentications in the smart grid network. Therefore, this paper addresses the required objectives of an authentication protocol in the smart grid network along with the focus on mutual authentication, access control, and secure integration among different SG components. We review the existing authentication protocols, and analyze mutual authentication, privacy, trust, integrity, and confidentiality of communicating information in the smart grid network. We review authentications between the communicated entities in the smart grid, such as smart appliance, smart meter, energy provider, control center (CC, and home/building/neighborhood area network gateways (GW. We also review the existing authentication schemes for the vehicle-to-grid (V2G communication network along with various available secure integration and access control schemes. We also discuss the importance of the mutual authentication among SG entities while providing confidentiality and privacy preservation, seamless integration, and required access control with lower overhead, cost, and delay. This paper will help to provide a better understanding of current authentication, authorization, and secure integration issues in the smart grid network and directions to create interest among researchers to further explore these promising areas.

CROWN: A service grid middleware with trust management mechanism

Institute of Scientific and Technical Information of China (English)

HUAI Jinpeng; HU Chunming; LI Jianxin; SUN Hailong; WO Tianyu

2006-01-01

Based on a proposed Web service-based grid architecture, a service grid middleware system called CROWN is designed in this paper. As the two kernel points of the middleware, the overlay-based distributed grid resource management mechanism is proposed, and the policy-based distributed access control mechanism with the capability of automatic negotiation of the access control policy and trust management and negotiation is also discussed in this paper. Experience of CROWN testbed deployment and application development shows that the middleware can support the typical scenarios such as computing-intensive applications, data-intensive applications and mass information processing applications.

Access Control with Delegated Authorization Policy Evaluation for Data-Driven Microservice Workflows

Directory of Open Access Journals (Sweden)

Davy Preuveneers

2017-09-01

Full Text Available Microservices offer a compelling competitive advantage for building data flow systems as a choreography of self-contained data endpoints that each implement a specific data processing functionality. Such a ‘single responsibility principle’ design makes them well suited for constructing scalable and flexible data integration and real-time data flow applications. In this paper, we investigate microservice based data processing workflows from a security point of view, i.e., (1 how to constrain data processing workflows with respect to dynamic authorization policies granting or denying access to certain microservice results depending on the flow of the data; (2 how to let multiple microservices contribute to a collective data-driven authorization decision and (3 how to put adequate measures in place such that the data within each individual microservice is protected against illegitimate access from unauthorized users or other microservices. Due to this multifold objective, enforcing access control on the data endpoints to prevent information leakage or preserve one’s privacy becomes far more challenging, as authorization policies can have dependencies and decision outcomes cross-cutting data in multiple microservices. To address this challenge, we present and evaluate a workflow-oriented authorization framework that enforces authorization policies in a decentralized manner and where the delegated policy evaluation leverages feature toggles that are managed at runtime by software circuit breakers to secure the distributed data processing workflows. The benefit of our solution is that, on the one hand, authorization policies restrict access to the data endpoints of the microservices, and on the other hand, microservices can safely rely on other data endpoints to collectively evaluate cross-cutting access control decisions without having to rely on a shared storage backend holding all the necessary information for the policy evaluation.

Alternating access mechanisms of LeuT-fold transporters: trailblazing towards the promised energy landscapes.

Science.gov (United States)

Kazmier, Kelli; Claxton, Derek P; Mchaourab, Hassane S

2017-08-01

Secondary active transporters couple the uphill translocation of substrates to electrochemical ion gradients. Transporter conformational motion, generically referred to as alternating access, enables a central ligand binding site to change its orientation relative to the membrane. Here we review themes of alternating access and the transduction of ion gradient energy to power this process in the LeuT-fold class of transporters where crystallographic, computational and spectroscopic approaches have converged to yield detailed models of transport cycles. Specifically, we compare findings for the Na + -coupled amino acid transporter LeuT and the Na + -coupled hydantoin transporter Mhp1. Although these studies have illuminated multiple aspects of transporter structures and dynamics, a number of questions remain unresolved that so far hinder understanding transport mechanisms in an energy landscape perspective. Copyright © 2016 Elsevier Ltd. All rights reserved.

Mechanical components design for PWR - control rod drive mechanism

International Nuclear Information System (INIS)

Leme, Francisco Louzano; Mattar Neto, Miguel

2002-01-01

The Control Rod Drive Mechanism (CRDM) is usually - a high precision - equipment incorporating mechanical and electrical components designed to move the control rods. The 'control rods' refer to all rods or assemblies that are moved to assess the performance of the reactor. The CRDM here presented is the Nut and Lead Screw type. This type is basically a power screw type magnetically coupled to a slow speed reluctance electric motor that provides a means of axially positioning the movable fuel assemblies in the reactor core for purpose of controlling core reactivity. A helically threaded lead screw assembly, comprising one element of power screw, is attached to a movable fuel assemblies. The CRDM usually has closer and more consistent contact with environment peculiar to the reactor than has only other machinery component. This environment includes not only the radiation field of the reactor, but also the temperature, pressure and chemical properties associated with the material used as the coolant for reactor fuel. Specific and special materials are needed because of the above mentioned application. Due to the importance of the above described CRDM functions, this paper will also consider the nuclear functions and their safety classes as well as the CRDM nuclear design criteria. (author)

Control Mechanism and Security Region for Intentional Islanding Transition

DEFF Research Database (Denmark)

Chen, Yu; Xu, Zhao; Østergaard, Jacob

2009-01-01

in the grid. The concept of Islanding Security Region (ISR) has been proposed as an organic composition of the developed control mechanism. The purpose of this control mechanism is to maintain the frequency stability and eventually the security of power supply to the customers, by utilizing resources from...... generation and demand sides. The control mechanism can be extended to consider the distributed generations like wind power and other innovative technologies such as the Demand as Frequency controlled Reserve (DFR) technique in the future....

Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns

NARCIS (Netherlands)

Demchenko, Y.; Ngo, C.; de Laat, C.; Lee, C.

2014-01-01

This paper presents on-going research to define the basic models and architecture patterns for federated access control in heterogeneous (multi-provider) multi-cloud and inter-cloud environment. The proposed research contributes to the further definition of Intercloud Federation Framework (ICFF)

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

Science.gov (United States)

Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

2015-01-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

Directory of Open Access Journals (Sweden)

José L. Hernández-Ramos

2015-07-01

Full Text Available As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

Science.gov (United States)

Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

2015-07-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

BlendCAC: A BLockchain-ENabled Decentralized Capability-based Access Control for IoTs

OpenAIRE

Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

2018-01-01

The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide smart services with or without human intervention. While leveraging the large scale IoT based applications like Smart Gird or Smart Cities, IoTs also incur more concerns on privacy and security. Among the top security challenges that IoTs face, access authorization is critical in resource sharing and information protection. One of the weaknesses in today's access control (AC) is ...

Controlling chaos based on an adaptive adjustment mechanism

International Nuclear Information System (INIS)

Zheng Yongai

2006-01-01

In this paper, we extend the ideas and techniques developed by Huang [Huang W. Stabilizing nonlinear dynamical systems by an adaptive adjustment mechanism. Phys Rev E 2000;61:R1012-5] for controlling discrete-time chaotic system using adaptive adjustment mechanism to continuous-time chaotic system. Two control approaches, namely adaptive adjustment mechanism (AAM) and modified adaptive adjustment mechanism (MAAM), are investigated. In both case sufficient conditions for the stabilization of chaotic systems are given analytically. The simulation results on Chen chaotic system have verified the effectiveness of the proposed techniques

SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing.

Science.gov (United States)

Huang, Qinlong; Yang, Yixian; Shi, Yuxiang

2018-02-24

With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC.

Wi-Fi Networks Security and Accessing Control

OpenAIRE

Tarek S. Sobh

2013-01-01

As wireless networks access gains popularity in corporate, private and personal networks, the nature of wireless networks opens up new possibilities for network attacks. This paper negotiating Wi-Fi security against scanning of rogue Wi-Fi networks and other related activities and considers the monitoring of Wi-Fi traffic effects. The unauthorized access point (AP) problem has raised more attention and resulted in obtaining wireless access without subscriber permission.This work assumes Wi-Fi...

A highly efficient SDRAM controller supporting variable-length burst access and batch process for discrete reads

Science.gov (United States)

Li, Nan; Wang, Junzheng

2016-03-01

A highly efficient Synchronous Dynamic Random Access Memory (SDRAM) controller supporting variable-length burst access and batch process for discrete reads is proposed in this paper. Based on the Principle of Locality, command First In First Out (FIFO) and address range detector are designed within this controller to accelerate its responses to discrete read requests, which dramatically improves the average Effective Bus Utilization Ratio (EBUR) of SDRAM. Our controller is finally verified by driving the Micron 256-Mb SDRAM MT48LC16M16A2. Successful simulation and verification results show that our controller exhibits much higher EBUR than do most existing designs in case of discrete reads.

WWW--Wealth, Weariness or Waste. Controlled Vocabulary and Thesauri in Support of Online Information Access.

Science.gov (United States)

Batty, David

1998-01-01

Discusses the problems of access to information in a machine-sensible environment, and the potential of modern library techniques to help in solving them. Explains how authors and publishers can make information more accessible by providing indexing information that uses controlled vocabulary, terms from a thesaurus, or other linguistic assistance…

The assessment of exploitation process of power for access control system

Science.gov (United States)

Wiśnios, Michał; Paś, Jacek

2017-10-01

The safety of public utility facilities is a function not only of effectiveness of the electronic safety systems, used for protection of property and persons, but it also depends on the proper functioning of their power supply systems. The authors of the research paper analysed the power supply systems, which are used in buildings for the access control system that is integrated with the closed-circuit TV. The Access Control System is a set of electronic, electromechanical and electrical devices and the computer software controlling the operation of the above-mentioned elements, which is aimed at identification of people, vehicles allowed to cross the boundary of the reserved area, to prevent from crossing the reserved area and to generate the alarm signal informing about the attempt of crossing by an unauthorised entity. The industrial electricity with appropriate technical parameters is a basis of proper functioning of safety systems. Only the electricity supply to the systems is not equivalent to the operation continuity provision. In practice, redundant power supply systems are used. In the carried out reliability analysis of the power supply system, various power circuits of the system were taken into account. The reliability and operation requirements for this type of system were also included.

A Multistage Control Mechanism for Group-Based Machine-Type Communications in an LTE System

Directory of Open Access Journals (Sweden)

Wen-Chien Hung

2013-01-01

Full Text Available When machine-type communication (MTC devices perform the long-term evolution (LTE attach procedure without bit rate limitations, they may produce congestion in the core network. To prevent this congestion, the LTE standard suggests using group-based policing to regulate the maximum bit rate of all traffic generated by a group of MTC devices. However, previous studies on the access point name-aggregate maximum bit rate based on group-based policing are relatively limited. This study proposes a multistage control (MSC mechanism to process the operations of maximum bit rate allocation based on resource-use information. For performance evaluation, this study uses a Markov chain with to analyze MTC application in a 3GPP network. Traffic flow simulations in an LTE system indicate that the MSC mechanism is an effective bandwidth allocation method in an LTE system with MTC devices. Experimental results show that the MSC mechanism achieves a throughput 22.5% higher than that of the LTE standard model using the group-based policing, and it achieves a lower delay time and greater long-term fairness as well.

H∞ control of piezo actuated tilting mirror mechanism

NARCIS (Netherlands)

Van Dijk, J.

2015-01-01

In here the high bandwidth (2000 Hz.) feedback control of a precision mechanisms driven by a piezo actuator demanding a high absolute accuracy is discussed. The mechanism considered is rotating a mirror for laser bundle manipulation. It will be shown that a loopshaping controller design using the

Targeting health subsidies through a non-price mechanism: A randomized controlled trial in Kenya

Science.gov (United States)

Dupas, Pascaline; Hoffmann, Vivian; Kremer, Michael; Zwane, Alix Peterson

2016-01-01

Free provision of preventive health products can dramatically increase access in low income countries. A cost concern about free provision is that some recipients may not use the product, wasting resources (over-inclusion). Yet charging a price to screen out non-users may screen out poor people who need and would use the product (over-exclusion). We report on a randomized controlled trial of a screening mechanism that combines the free provision of chlorine solution for water treatment with a small non-monetary cost (household vouchers that need to be redeemed monthly in order). Relative to a non-voucher free distribution program, this mechanism reduces the quantity of chlorine procured by 60 percentage points, but reduces the share of households whose stored water tests positive for chlorine residual by only one percentage point, dramatically improving the tradeoff between over-inclusion and over-exclusion. PMID:27563091

New dimensions in mechanical plaque control: An overview

Directory of Open Access Journals (Sweden)

Arnab Mandal

2017-01-01

Full Text Available Plaque control is the daily removal of dental plaque, oral biofilm and also prevention of their accumulation on the teeth and other parts of oral cavity. Dental plaque is the major etiology of maximum gingival and periodontal diseases. It is also related with various dental problems. Mechanical plaque control is a very effective method to get rid of plaque accumulation in oral cavity. In 3000 BC there was the first toothbrush invented by human beings. With time several modifications came in toothbrushes to make mechanical plaque control more effective in day to day oral hygiene practice. This article emphasizes on the advanced and emerging tools in mechanical plaque control methods in attaining an optimal level of oral hygiene standards and maintenance of oral health.

Dynamic RACH Partition for Massive Access of Differentiated M2M Services

Directory of Open Access Journals (Sweden)

Qinghe Du

2016-03-01

Full Text Available In machine-to-machine (M2M networks, a key challenge is to overcome the overload problem caused by random access requests from massive machine-type communication (MTC devices. When differentiated services coexist, such as delay-sensitive and delay-tolerant services, the problem becomes more complicated and challenging. This is because delay-sensitive services often use more aggressive policies, and thus, delay-tolerant services get much fewer chances to access the network. To conquer the problem, we propose an efficient mechanism for massive access control over differentiated M2M services, including delay-sensitive and delay-tolerant services. Specifically, based on the traffic loads of the two types of services, the proposed scheme dynamically partitions and allocates the random access channel (RACH resource to each type of services. The RACH partition strategy is thoroughly optimized to increase the access performances of M2M networks. Analyses and simulation demonstrate the effectiveness of our design. The proposed scheme can outperform the baseline access class barring (ACB scheme, which ignores service types in access control, in terms of access success probability and the average access delay.

Mechanisms Involved in Nematode Control by Endophytic Fungi.

Science.gov (United States)

Schouten, Alexander

2016-08-04

Colonization of plants by particular endophytic fungi can provide plants with improved defenses toward nematodes. Evidently, such endophytes can be important in developing more sustainable agricultural practices. The mechanisms playing a role in this quantitative antagonism are poorly understood but most likely multifactorial. This knowledge gap obstructs the progress regarding the development of endophytes or endophyte-derived constituents into biocontrol agents. In part, this may be caused by the fact that endophytic fungi form a rather heterogeneous group. By combining the knowledge of the currently characterized antagonistic endophytic fungi and their effects on nematode behavior and biology with the knowledge of microbial competition and induced plant defenses, the various mechanisms by which this nematode antagonism operates or may operate are discussed. Now that new technologies are becoming available and more accessible, the currently unresolved mechanisms can be studied in greater detail than ever before.

Disentangling the Impact of Control-Enhancing Mechanisms on Firm Performance

DEFF Research Database (Denmark)

Zattoni, Alessandro; Pedersen, Torben

2011-01-01

shareholders to expropriate minority shareholders. The aim of this article is to contribute to the current debate investigating the implications of these control-enhancing mechanisms on firm performance. To reach this purpose, we collected ownership data on the (100) largest listed companies per capitalization......Governance scholars and investors traditionally advocate against the use of control enhancing mechanisms, i.e. mechanisms aimed at separating voting and cash flow rights. These mechanisms may, in fact, determine a deviation from the proportionality principle and may encourage large and controlling...... in five European countries (i.e. France, Germany, Italy, Spain, and the UK). Then we tested the consequences of control-enhancing mechanisms for firm performance using 2SLS regression models. Our results show that (i) mechanisms that lock-in control do have a direct and negative impact on firm performance...

Control of a mechanical gripper with a fuzzy controller; Control de una garra robotizada mediante un controlador borroso

Energy Technology Data Exchange (ETDEWEB)

Alberdi, J.; Barcala, J.M.; Gamero, E.; Navarrete, J.J.

1995-07-01

A fuzzy logic system is used to control a mechanical gripper. System is based in a NLX230 fuzzy micro controller. Control rules are programmed by a 68020 microprocessor in the micro controller memory. Stress and its derived are used as feedback signals in the control. This system can adapt its effort to the mechanical resistance of the object between the fingers.

Control of a mechanical gripper with a fuzzy controller; Control de una garra robotizada mediante un controlador borroso

Energy Technology Data Exchange (ETDEWEB)

Alberdi, J.; Barcala, J.M.; Gamero, E.; Navarrete, J.J.

1995-07-01

A fuzzy logic system is used to control a mechanical gripper. System is based in a NLX230 fuzzy micro controller. Control rules are programmed by a 68020 microprocessor in the micro controller memory. Stress and its derived are used as feedback signals in the control. This system can adapt its effort to the mechanical resistance of the object between the fingers. (Author)

Control mechanism of double-rotator-structure ternary optical computer

Science.gov (United States)

Kai, SONG; Liping, YAN

2017-03-01

Double-rotator-structure ternary optical processor (DRSTOP) has two characteristics, namely, giant data-bits parallel computing and reconfigurable processor, which can handle thousands of data bits in parallel, and can run much faster than computers and other optical computer systems so far. In order to put DRSTOP into practical application, this paper established a series of methods, namely, task classification method, data-bits allocation method, control information generation method, control information formatting and sending method, and decoded results obtaining method and so on. These methods form the control mechanism of DRSTOP. This control mechanism makes DRSTOP become an automated computing platform. Compared with the traditional calculation tools, DRSTOP computing platform can ease the contradiction between high energy consumption and big data computing due to greatly reducing the cost of communications and I/O. Finally, the paper designed a set of experiments for DRSTOP control mechanism to verify its feasibility and correctness. Experimental results showed that the control mechanism is correct, feasible and efficient.

RCT: Module 2.10, Access Control and Work Area Setup, Course 8776

Energy Technology Data Exchange (ETDEWEB)

Hillmer, Kurt T. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2017-08-11

This course presents information on radiological work permits (RWPs), various types of postings used in radiological areas, radiological area setups, access controls, and releases of material from radiological areas. All of these are fundamental duties of RCTs. This course will prepare the student with the skills necessary for radiological control technician (RCT) qualification by passing quizzes, tests, and the RCT Comprehensive Phase 1, Unit 2 Examination (TEST 27566) and providing in-thefield skills.

Mechanical engineers' handbook, materials and engineering mechanics

CERN Document Server

Kutz, Myer

2015-01-01

Full coverage of materials and mechanical design inengineering Mechanical Engineers' Handbook, Fourth Edition provides aquick guide to specialized areas you may encounter in your work,giving you access to the basics of each and pointing you towardtrusted resources for further reading, if needed. The accessibleinformation inside offers discussions, examples, and analyses ofthe topics covered. This first volume covers materials and mechanical design, givingyou accessible and in-depth access to the most common topics you'llencounter in the discipline: carbon and alloy steels, stainlesssteels, a

An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environments

Science.gov (United States)

Zhang, Yue

2010-01-01

Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and…

Matlab/simMechanics based control of four-bar passive lower-body mechanism for rehabilitation

Directory of Open Access Journals (Sweden)

Ashish Singla

2016-09-01

Full Text Available In recent times, use of wearable devices is becoming popular for providing precise ways of rehabilitation. The focus of this paper is to propose a passive lower body mechanism using a four-bar linkage, which can be actuated via the hip joint to move the other two joints at knee and ankle as well. Simulations are performed here by considering an average male human (height six feet by modelling the gait cycle in CAD software and executing the control strategy in the SimMechanics, which provides a convenient way to study without use of detailed computational mathematics. The study of the controller aspects of the passive mechanism is presented with both PD and PID controllers with auto- and manual-tuned gains. Significant reduction in actuator torques is observed with the manually-tuned PID controller over automatically-tuned PID controller with marginal degradation in the overshoot and settling time.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

Science.gov (United States)

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

Science.gov (United States)

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-01-01

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

Channel Access and Power Control for Mobile Crowdsourcing in Device-to-Device Underlaid Cellular Networks

Directory of Open Access Journals (Sweden)

Yue Ma

2018-01-01

Full Text Available With the access of a myriad of smart handheld devices in cellular networks, mobile crowdsourcing becomes increasingly popular, which can leverage omnipresent mobile devices to promote the complicated crowdsourcing tasks. Device-to-device (D2D communication is highly desired in mobile crowdsourcing when cellular communications are costly. The D2D cellular network is more preferable for mobile crowdsourcing than conventional cellular network. Therefore, this paper addresses the channel access and power control problem in the D2D underlaid cellular networks. We propose a novel semidistributed network-assisted power and a channel access control scheme for D2D user equipment (DUE pieces. It can control the interference from DUE pieces to the cellular user accurately and has low information feedback overhead. For the proposed scheme, the stochastic geometry tool is employed and analytic expressions are derived for the coverage probabilities of both the cellular link and D2D links. We analyze the impact of key system parameters on the proposed scheme. The Pareto optimal access threshold maximizing the total area spectral efficiency is obtained. Unlike the existing works, the performances of the cellular link and D2D links are both considered. Simulation results show that the proposed method can improve the total area spectral efficiency significantly compared to existing schemes.

Controlling the opto-mechanics of a cantilever in an interferometer via cavity loss

Energy Technology Data Exchange (ETDEWEB)

Schmidsfeld, A. von, E-mail: avonschm@uos.de; Reichling, M., E-mail: reichling@uos.de [Fachbereich Physik, Universität Osnabrück, Barbarastraße 7, 49076 Osnabrück (Germany)

2015-09-21

In a non-contact atomic force microscope, based on interferometric cantilever displacement detection, the optical return loss of the system is tunable via the distance between the fiber end and the cantilever. We utilize this for tuning the interferometer from a predominant Michelson to a predominant Fabry-Pérot characteristics and introduce the Fabry-Pérot enhancement factor as a quantitative measure for multibeam interference in the cavity. This experimentally easily accessible and adjustable parameter provides a control of the opto-mechanical interaction between the cavity light field and the cantilever. The quantitative assessment of the light pressure acting on the cantilever oscillating in the cavity via the frequency shift allows an in-situ measurement of the cantilever stiffness with remarkable precision.

Expanding the Enzyme Universe: Accessing Non-Natural Reactions by Mechanism-Guided Directed Evolution

Science.gov (United States)

Renata, Hans; Wang, Z. Jane

2015-01-01

High selectivities and exquisite control over reaction outcomes entice chemists to use biocatalysts in organic synthesis. However, many useful reactions are not accessible because they are not in nature’s known repertoire. We will use this review to outline an evolutionary approach to engineering enzymes to catalyze reactions not found in nature. We begin with examples of how nature has discovered new catalytic functions and how such evolutionary progressions have been recapitulated in the laboratory starting from extant enzymes. We then examine non-native enzyme activities that have been discovered and exploited for chemical synthesis, emphasizing reactions that do not have natural counterparts. The new functions have mechanistic parallels to the native reaction mechanisms that often manifest as catalytic promiscuity and the ability to convert from one function to the other with minimal mutation. We present examples of how non-natural activities have been improved by directed evolution, mimicking the process used by nature to create new catalysts. Examples of new enzyme functions include epoxide opening reactions with non-natural nucleophiles catalyzed by a laboratory-evolved halohydrin dehalogenase, cyclopropanation and other carbene transfer reactions catalyzed by cytochrome P450 variants, and non-natural modes of cyclization by a modified terpene synthase. Lastly, we describe discoveries of non-native catalytic functions that may provide future opportunities for expanding the enzyme universe. PMID:25649694

Soft Time-Suboptimal Controlling Structure for Mechanical Systems

DEFF Research Database (Denmark)

Kulczycki, Piotr; Wisniewski, Rafal; Kowalski, Piotr

2004-01-01

The paper presents conception of a soft control structure based on the time-optimal approach. Its parameters are selected in accordance with the rules of the statistical decision theory and additionally it allows to eliminate rapid changes in control values. The object is a basic mechanical system......, with uncertain (also non-stationary) mass treated as a stochastic process. The methodology proposed here is of a universal nature and may easily be applied with respect to other uncertainty elements of timeoptimal controlled mechanical systems....

A distributed Synchronous reservation multiple access control protocol for mobile Ad hoc networks

Institute of Scientific and Technical Information of China (English)

ZHANG Yanling; SUN Xianpu; LI Jiandong

2007-01-01

This study proposes a new multiple access control protocol named distributed synchronous reservation multiple access control protocol.in which the hidden and exposed terminal problems are solved,and the quality of service(QoS)requirements for real-time traffic are guaranteed.The protocol is founded on time division multiplex address and a different type of traffic is assigned to difierent priority,according to which a node should compete for and reserve the free slots in a different method.Moreover,there is a reservation acknowledgement process before data transmit in each reserved slot,so that the intruded terminal problem is solved.The throughput and average packets drop probability of this protocol are analyzed and simulated in a fully connected network.the results of which indicate that this protocol is efficient enough to support the real-time traffic.and it is more suitable to MANETs.

Secure and Efficient Access Control Scheme for Wireless Sensor Networks in the Cross-Domain Context of the IoT

Directory of Open Access Journals (Sweden)

Ming Luo

2018-01-01

Full Text Available Nowadays wireless sensor network (WSN is increasingly being used in the Internet of Things (IoT for data collection, and design of an access control scheme that allows an Internet user as part of IoT to access the WSN becomes a hot topic. A lot of access control schemes have been proposed for the WSNs in the context of the IoT. Nevertheless, almost all of these schemes assume that communication nodes in different network domains share common system parameters, which is not suitable for cross-domain IoT environment in practical situations. To solve this shortcoming, we propose a more secure and efficient access control scheme for wireless sensor networks in the cross-domain context of the Internet of Things, which allows an Internet user in a certificateless cryptography (CLC environment to communicate with a sensor node in an identity-based cryptography (IBC environment with different system parameters. Moreover, our proposed scheme achieves known session-specific temporary information security (KSSTIS that most of access control schemes cannot satisfy. Performance analysis is given to show that our scheme is well suited for wireless sensor networks in the cross-domain context of the IoT.

Burn Control Mechanisms in Tokamaks

Science.gov (United States)

Hill, M. A.; Stacey, W. M.

2015-11-01

Burn control and passive safety in accident scenarios will be an important design consideration in future tokamak reactors, in particular fusion-fission hybrid reactors, e.g. the Subcritical Advanced Burner Reactor. We are developing a burning plasma dynamics code to explore various aspects of burn control, with the intent to identify feedback mechanisms that would prevent power excursions. This code solves the coupled set of global density and temperature equations, using scaling relations from experimental fits. Predictions of densities and temperatures have been benchmarked against DIII-D data. We are examining several potential feedback mechanisms to limit power excursions: i) ion-orbit loss, ii) thermal instability density limits, iii) MHD instability limits, iv) the degradation of alpha-particle confinement, v) modifications to the radial current profile, vi) ``divertor choking'' and vii) Type 1 ELMs. Work supported by the US DOE under DE-FG02-00ER54538, DE-FC02-04ER54698.

Versatile cable handling mechanisms for remote operator control

Energy Technology Data Exchange (ETDEWEB)

Collie, A.A.; White, T.S.; Christopher, M.D.; Hewer, N.D. [Portech Ltd., Portsmouth (United Kingdom)

1996-12-31

This paper describes a system of cable management for keeping the umbilical cables of remote operating vehicles and manipulators tidy and contained without direct intervention by operators. Two distinct types of winding mechanism have been designed. One mechanism is a fixed reel type where the cable is wound onto the reel by a rotating bail arm. The other mechanism consists of a pair of curved belts held against each other between which cable is passed. The complete system includes tension measuring and slack loop take-up devices. The whole system is controlled by a servo system in conjunction with a PC based visual graphic environment which allows a variety of mechanisms to be built up into a system able to handle up to four umbilical cables simultaneously. The control system provides additional tension sensors and cable odometers connected to the control system so that the operator has immediate perception of all the cable parameters, and by defining rules, can set up a variety of alarm situations. (Author).

Versatile cable handling mechanisms for remote operator control

International Nuclear Information System (INIS)

Collie, A.A.; White, T.S.; Christopher, M.D.; Hewer, N.D.

1996-01-01

This paper describes a system of cable management for keeping the umbilical cables of remote operating vehicles and manipulators tidy and contained without direct intervention by operators. Two distinct types of winding mechanism have been designed. One mechanism is a fixed reel type where the cable is wound onto the reel by a rotating bail arm. The other mechanism consists of a pair of curved belts held against each other between which cable is passed. The complete system includes tension measuring and slack loop take-up devices. The whole system is controlled by a servo system in conjunction with a PC based visual graphic environment which allows a variety of mechanisms to be built up into a system able to handle up to four umbilical cables simultaneously. The control system provides additional tension sensors and cable odometers connected to the control system so that the operator has immediate perception of all the cable parameters, and by defining rules, can set up a variety of alarm situations. (Author)

Versatile cable handling mechanisms for remote operator control

International Nuclear Information System (INIS)

Collie, A.A.; White, T.S.; Christopher, M.D.; Hewer, N.D.

1996-01-01

This paper describes a system of cable management for keeping the umbilical cables of remote operating vehicles and manipulators tidy and contained without direct intervention by operators. Two distinct types of winding mechanism have been designed. One mechanism is a fixed reel type where the cable is wound onto the reel by a rotating bail arm. The other mechanism consists of a pair of curved belts held against each other, between which cable is passed. The complete system includes tension measuring and slack loop take-up devices. The whole system is controlled by a servo system in conjunction with a PC based visual graphic environment which allows a variety of mechanisms to be built up into a system able to handle up to four umbilical cables simultaneously. The control system provides additional tension sensors and cable odometers connected to the control system so that the operator has immediate perception of all the cable parameters, and by defining rules, can set up a variety of alarm situations. (UK)

Muscle mechanics and neuromuscular control

NARCIS (Netherlands)

Hof, AL

The purpose of this paper is to demonstrate that the properties of the mechanical system, especially muscle elasticity and limb mass, to a large degree determine force output and movement. This makes the control demands of the central nervous system simpler and more robust. In human triceps surae, a

Urban search mobile platform modeling in hindered access conditions

Science.gov (United States)

Barankova, I. I.; Mikhailova, U. V.; Kalugina, O. B.; Barankov, V. V.

2018-05-01

The article explores the control system simulation and the design of the experimental model of the rescue robot mobile platform. The functional interface, a structural functional diagram of the mobile platform control unit, and a functional control scheme for the mobile platform of secure robot were modeled. The task of design a mobile platform for urban searching in hindered access conditions is realized through the use of a mechanical basis with a chassis and crawler drive, a warning device, human heat sensors and a microcontroller based on Arduino platforms.

Towards a Unified Representation of Mechanisms for Robotic Control Software

Directory of Open Access Journals (Sweden)

Antonio Diaz-Calderon

2008-11-01

Full Text Available This article gives an overview of the Mechanism Model paradigm. The mechanism model paradigm provides a framework to modeling mechanisms for robotic control. The emphasis is on the unification of mathematical models of kinematics/dynamics, geometric information and control system parameters for a variety of robotic systems (including serial manipulators, wheeled and legged locomotors, with algorithms that are needed for typical robot control applications.

Group Theoretical Approach for Controlled Quantum Mechanical Systems

National Research Council Canada - National Science Library

Tarn, Tzyh-Jong

2007-01-01

The aim of this research is the study of controllability of quantum mechanical systems and feedback control of de-coherence in order to gain an insight on the structure of control of quantum systems...

A Brief Survey of Media Access Control, Data Link Layer, and Protocol Technologies for Lunar Surface Communications

Science.gov (United States)

Wallett, Thomas M.

2009-01-01

This paper surveys and describes some of the existing media access control and data link layer technologies for possible application in lunar surface communications and the advanced wideband Direct Sequence Code Division Multiple Access (DSCDMA) conceptual systems utilizing phased-array technology that will evolve in the next decade. Time Domain Multiple Access (TDMA) and Code Division Multiple Access (CDMA) are standard Media Access Control (MAC) techniques that can be incorporated into lunar surface communications architectures. Another novel hybrid technique that is recently being developed for use with smart antenna technology combines the advantages of CDMA with those of TDMA. The relatively new and sundry wireless LAN data link layer protocols that are continually under development offer distinct advantages for lunar surface applications over the legacy protocols which are not wireless. Also several communication transport and routing protocols can be chosen with characteristics commensurate with smart antenna systems to provide spacecraft communications for links exhibiting high capacity on the surface of the Moon. The proper choices depend on the specific communication requirements.

Access Denied! Contrasting Data Access in the United States and Ireland

Directory of Open Access Journals (Sweden)

Grogan Samuel

2016-07-01

Full Text Available The ability of an Internet user to access data collected about himself as a result of his online activity is a key privacy safeguard. Online, data access has been overshadowed by other protections such as notice and choice. This paper describes attitudes about data access. 873 US and Irish Internet users participated in a survey designed to examine views on data access to information held by online companies and data brokers. We observed low levels of awareness of access mechanisms along with a high desire for access in both participant groups. We tested three proposed access systems in keeping with industry programs and regulatory proposals. User response was positive. We conclude that access remains an important privacy protection that is inadequately manifested in practice. Our study provides insight for lawmakers and policymakers, as well as computer scientists who implement these systems.

Cellular mechanisms that control mistranslation

DEFF Research Database (Denmark)

Reynolds, Noah M; Lazazzera, Beth A; Ibba, Michael

2010-01-01

Mistranslation broadly encompasses the introduction of errors during any step of protein synthesis, leading to the incorporation of an amino acid that is different from the one encoded by the gene. Recent research has vastly enhanced our understanding of the mechanisms that control mistranslation...... at the molecular level and has led to the discovery that the rates of mistranslation in vivo are not fixed but instead are variable. In this Review we describe the different steps in translation quality control and their variations under different growth conditions and between species though a comparison...

Chaotic dynamic and control for micro-electro-mechanical systems of massive storage with harmonic base excitation

International Nuclear Information System (INIS)

Perez Polo, Manuel F.; Perez Molina, Manuel; Gil Chica, Javier

2009-01-01

This paper explores chaotic behaviour and control of micro-electro-mechanical systems (MEMS), which consist of thousands of small read/write probe tips that access gigabytes of data stored in a non-volatile magnetic surface. The model of the system is formed by two masses connected by a nonlinear spring and a viscous damping. The paper shows that, by means of an adequate feedback law, the masses can behave as two coupled Duffing's oscillators, which may reach chaotic behaviour when harmonic forces are applied. The chaotic motion is destroyed by applying the following control strategies: (i) static output feedback control law with constant forces and (ii) geometric nonlinear control. The aim is to drive the masses to a set point even with harmonic base excitation, by using chaotic dynamics and nonlinear control. The paper shows that it is possible to obtain a positioning time around a few ms with sub-nanometre accuracy, velocities, accelerations and forces, as it appears in the design of present MEMS devices. Numerical simulations are used to verify the mathematical discussions.

Chaotic dynamic and control for micro-electro-mechanical systems of massive storage with harmonic base excitation

Energy Technology Data Exchange (ETDEWEB)

Perez Polo, Manuel F. [Departamento de Fisica, Ingenieria de Sistemas y Teoria de la Senal, Universidad de Alicante, Escuela Politecnica Superior, Campus de San Vicente, 03071 Alicante (Spain)], E-mail: manolo@dfists.ua.es; Perez Molina, Manuel [Facultad de Ciencias Matematicas, Universidad Nacional de Educacion a Distancia. UNED, C/Boyero 12-1A, Alicante 03007 (Spain)], E-mail: ma_perez_m@hotmail.com; Gil Chica, Javier [Departamento de Fisica, Ingenieria de Sistemas y Teoria de la Senal, Universidad de Alicante, Escuela Politecnica Superior, Campus de San Vicente, 03071 Alicante (Spain)], E-mail: gil@dfists.ua.es

2009-02-15

This paper explores chaotic behaviour and control of micro-electro-mechanical systems (MEMS), which consist of thousands of small read/write probe tips that access gigabytes of data stored in a non-volatile magnetic surface. The model of the system is formed by two masses connected by a nonlinear spring and a viscous damping. The paper shows that, by means of an adequate feedback law, the masses can behave as two coupled Duffing's oscillators, which may reach chaotic behaviour when harmonic forces are applied. The chaotic motion is destroyed by applying the following control strategies: (i) static output feedback control law with constant forces and (ii) geometric nonlinear control. The aim is to drive the masses to a set point even with harmonic base excitation, by using chaotic dynamics and nonlinear control. The paper shows that it is possible to obtain a positioning time around a few ms with sub-nanometre accuracy, velocities, accelerations and forces, as it appears in the design of present MEMS devices. Numerical simulations are used to verify the mathematical discussions.

Design of IP Camera Access Control Protocol by Utilizing Hierarchical Group Key

Directory of Open Access Journals (Sweden)

Jungho Kang

2015-08-01

Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.

Performance Evaluation of TDMA Medium Access Control Protocol in Cognitive Wireless Networks

Directory of Open Access Journals (Sweden)

Muhammed Enes Bayrakdar

2017-02-01

Full Text Available Cognitive radio paradigm has been revealed as a new communication technology that shares channels in wireless networks. Channel assignment is a crucial issue in the field of cognitive wireless networks because of the spectrum scarcity. In this work, we have evaluated the performance of TDMA medium access control protocol. In our simulation scenarios, primary users and secondary users utilize TDMA as a medium access control protocol. We have designed a network environment in Riverbed simulation software that consists of primary users, secondary users, and base stations. In our system model, secondary users sense the spectrum and inform the base station about empty channels. Then, the base station decides accordingly which secondary user may utilize the empty channel. Energy detection technique is employed as a spectrum sensing technique because it is the best when information about signal of primary user is acquired. Besides, different number of users is selected in simulation scenarios in order to obtain accurate delay and throughput results. Comparing analytical model with simulation results, we have shown that performance analysis of our system model is consistent and accurate.

Mechanics and model-based control of advanced engineering systems

CERN Document Server

Irschik, Hans; Krommer, Michael

2014-01-01

Mechanics and Model-Based Control of Advanced Engineering Systems collects 32 contributions presented at the International Workshop on Advanced Dynamics and Model Based Control of Structures and Machines, which took place in St. Petersburg, Russia in July 2012. The workshop continued a series of international workshops, which started with a Japan-Austria Joint Workshop on Mechanics and Model Based Control of Smart Materials and Structures and a Russia-Austria Joint Workshop on Advanced Dynamics and Model Based Control of Structures and Machines. In the present volume, 10 full-length papers based on presentations from Russia, 9 from Austria, 8 from Japan, 3 from Italy, one from Germany and one from Taiwan are included, which represent the state of the art in the field of mechanics and model based control, with particular emphasis on the application of advanced structures and machines.

The Effect of Headquarter Integration Mechanisms on Subsidiaries’ New Product Success: From Control to Coordination Mechanism

Directory of Open Access Journals (Sweden)

Firmanzah Firmanzah

2013-07-01

Full Text Available New product launching (NPL to the local market by subsidiary managers is a strategic activity, which requires organizational supports from MNC global network. The NPL activity is marked by high level of uncertainty, risk, and market failure. Thus, a headquarter needs to integrate the subsidiary NPL into global strategy. There are two mechanisms to integrate subsidiaries’ activities during NPL process; coordination and control process. By testing the effect of each mechanism on role clarity and functional conflict, I found that coordination mechanism increase role clarity between headquarter and subsidiaries’ managers. In contrast, exercising control mechanism reduces role clarity and functional conflict between headquarter and subsidiaries’ managers during NPL. This research shows that both role clarity and functional conflict increase new product commercial performance introduced by subsidiary in the local market. Keywords: new product launching (NPL, coordination mechanism, control mechanism, and new product performance

Installing and detaching apparatus for a control rod drive mechanism

International Nuclear Information System (INIS)

Akimoto, Seiichi; Watanabe, Mitsuhiro; Yoshida, Tomiharu; Sugaya, Jun-ichi; Saito, Takashi.

1976-01-01

Object: To facilitate maintenance and repair of a control rod drive mechanism. Structure: The apparatus comprises a means moving in a moving direction of a control rod within a reactor vessel, said moving means having a housing mounted thereon, a means mounted on the reactor vessel to release a connection between a control rod drive mechanism connected to the control rod and the control rod, and a means for mounting and removing a fixing means which connects the reactor vessel to the control rod drive means. With this arrangement, cooling water of high radioactivity level may not be leaked outside to thereby notably reduce dangerousness of exposure and materially cut time required for mounting and removing the control rod drive mechanism. (Ohara, T.)

Mechanical systems a unified approach to vibrations and controls

CERN Document Server

Gans, Roger F

2015-01-01

This essential textbook covers analysis and control of engineering mechanisms, which include almost any apparatus with moving parts used in daily life, from musical instruments to robots. The text  presents both vibrations and controls with considerable breadth and depth using a unified notation. It strikes a nice balance between the analytical and the practical.  This text contains enough material for a two semester sequence, but it can also be used in a single semester course combining the two topics. Mechanical Systems: A Unified Approach to Vibrations and Controls presents a common notation and approach to these closely related areas. Examples from the both vibrations and controls components are integrated throughout this text. This book also: ·         Presents a unified approach to vibrations and controls, including an excellent diagram that simultaneously discusses embedding classical vibrations (mechanical systems) in a discussion of models, inverse models, and open and closed loop control ...

Control mechanisms for Nordic ship emissions

Energy Technology Data Exchange (ETDEWEB)

Martinsen, K. [DNV, Oslo (Norway); Torvanger, A. [Cicero, Oslo (Norway)

2013-04-15

Shipping today operates under a complex set of international and domestic regulations. However, the environmental regulations have lagged behind those of other industries. This situation is now changing quite dramatically. The increased focus on environmental issues, combined with the growing realisation of the actual pollution burden imposed by shipping, has led to an upsurge in both international and national regulations. Some are ready and will enter into force in the near future, while others are still being developed. On behalf of the Nordic Council of Ministers DNV has carried out a study on possible control mechanisms for Nordic ship emission. The aim is to assess the baseline shipping emissions and reduction potential and the possible controlling mechanisms (both incentives and regulations) available for reducing the emissions to air from shipping within the Nordic region. (Author)

Modeling Human Error Mechanism for Soft Control in Advanced Control Rooms (ACRs)

Energy Technology Data Exchange (ETDEWEB)

Aljneibi, Hanan Salah Ali [Khalifa Univ., Abu Dhabi (United Arab Emirates); Ha, Jun Su; Kang, Seongkeun; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

2015-10-15

To achieve the switch from conventional analog-based design to digital design in ACRs, a large number of manual operating controls and switches have to be replaced by a few common multi-function devices which is called soft control system. The soft controls in APR-1400 ACRs are classified into safety-grade and non-safety-grade soft controls; each was designed using different and independent input devices in ACRs. The operations using soft controls require operators to perform new tasks which were not necessary in conventional controls such as navigating computerized displays to monitor plant information and control devices. These kinds of computerized displays and soft controls may make operations more convenient but they might cause new types of human error. In this study the human error mechanism during the soft controls is studied and modeled to be used for analysis and enhancement of human performance (or human errors) during NPP operation. The developed model would contribute to a lot of applications to improve human performance (or reduce human errors), HMI designs, and operators' training program in ACRs. The developed model of human error mechanism for the soft control is based on assumptions that a human operator has certain amount of capacity in cognitive resources and if resources required by operating tasks are greater than resources invested by the operator, human error (or poor human performance) is likely to occur (especially in 'slip'); good HMI (Human-machine Interface) design decreases the required resources; operator's skillfulness decreases the required resources; and high vigilance increases the invested resources. In this study the human error mechanism during the soft controls is studied and modeled to be used for analysis and enhancement of human performance (or reduction of human errors) during NPP operation.

Modeling Human Error Mechanism for Soft Control in Advanced Control Rooms (ACRs)

International Nuclear Information System (INIS)

Aljneibi, Hanan Salah Ali; Ha, Jun Su; Kang, Seongkeun; Seong, Poong Hyun

2015-01-01

To achieve the switch from conventional analog-based design to digital design in ACRs, a large number of manual operating controls and switches have to be replaced by a few common multi-function devices which is called soft control system. The soft controls in APR-1400 ACRs are classified into safety-grade and non-safety-grade soft controls; each was designed using different and independent input devices in ACRs. The operations using soft controls require operators to perform new tasks which were not necessary in conventional controls such as navigating computerized displays to monitor plant information and control devices. These kinds of computerized displays and soft controls may make operations more convenient but they might cause new types of human error. In this study the human error mechanism during the soft controls is studied and modeled to be used for analysis and enhancement of human performance (or human errors) during NPP operation. The developed model would contribute to a lot of applications to improve human performance (or reduce human errors), HMI designs, and operators' training program in ACRs. The developed model of human error mechanism for the soft control is based on assumptions that a human operator has certain amount of capacity in cognitive resources and if resources required by operating tasks are greater than resources invested by the operator, human error (or poor human performance) is likely to occur (especially in 'slip'); good HMI (Human-machine Interface) design decreases the required resources; operator's skillfulness decreases the required resources; and high vigilance increases the invested resources. In this study the human error mechanism during the soft controls is studied and modeled to be used for analysis and enhancement of human performance (or reduction of human errors) during NPP operation

Control protocol: the proposed new CERN standard access procedure to accelerator equipment

International Nuclear Information System (INIS)

Baribaud, G.; Barnett, I.; Benincasa, G.

1992-01-01

Control protocol provides a normalized access procedure for equipment of the same kind from a control system. Modelisation and the subsequent identification of functionalities with their parameters, variables and attributes have now been carried out at CERN for representative families of devices. ISO specifications, such as the ASN.1 metalanguage for data structure representation and MMS definitions and services have, to some extent, been introduced in the design for generality and compatibility with external world. The final product of this design is totally independent of the control systems and permits object oriented implementations in any controls frame. The present paper describes the different phases of the project with a short overview of the various implementations under development at CERN. (author)

A review of promoting access to medicines in China - problems and recommendations.

Science.gov (United States)

Sun, Jing; Hu, Cecile Jia; Stuntz, Mark; Hogerzeil, Hans; Liu, Yuanli

2018-02-20

Despite recent reforms, distorting funding mechanisms and over-prescribing still maintain severe financial barriers to medicines access in China. Complicated and interrelated problems in the pharmaceutical sector require a common framework to be resolved as fragmented solutions do not work. We present a preliminary assessment of the impact of the national healthcare reforms on access to medicines, and propose policy recommendations for promoting universal access to medicines in China. Drawing on multiple sources of information, including a review of published literatures and official national data, field investigations in six provinces and interviews with key opinion leaders, this paper presents a preliminary assessment of the impact of the national healthcare reforms on access to medicines, and proposes policy recommendations for promoting universal access to medicines in China. Public expenditure on medicines has been strictly controlled since the national healthcare reforms of 2009. Yet total pharmaceutical expenditure (TPE) and total health expenditure growth rates continuously outpaced the growth of gross domestic product (GDP). With 2.4% of GDP, TPE now exceeds that of most high income countries. The distorted provider and consumer incentives in the Chinese health system have not fundamentally changed. Price-setting and reimbursement mechanisms do not promote cost-effective use of medicines. Inappropriate price controls and perverse financial incentives are the un-resolved root causes of preference of originator brands for some major diseases and shortages of low-cost and low-consumption medicines. In addition, access to expensive life-saving medicines is yet systematically addressed. The complicated and interdependent problems interact in a way that leads to significant system problems in China, which create dual challenges that both the developing country and the developed countries are facing. To further promote access to medicines, China should speed up

A review of promoting access to medicines in China - problems and recommendations

Directory of Open Access Journals (Sweden)

Jing Sun

2018-02-01

Full Text Available Abstract Background Despite recent reforms, distorting funding mechanisms and over-prescribing still maintain severe financial barriers to medicines access in China. Complicated and interrelated problems in the pharmaceutical sector require a common framework to be resolved as fragmented solutions do not work. We present a preliminary assessment of the impact of the national healthcare reforms on access to medicines, and propose policy recommendations for promoting universal access to medicines in China. Methods Drawing on multiple sources of information, including a review of published literatures and official national data, field investigations in six provinces and interviews with key opinion leaders, this paper presents a preliminary assessment of the impact of the national healthcare reforms on access to medicines, and proposes policy recommendations for promoting universal access to medicines in China. Results Public expenditure on medicines has been strictly controlled since the national healthcare reforms of 2009. Yet total pharmaceutical expenditure (TPE and total health expenditure growth rates continuously outpaced the growth of gross domestic product (GDP. With 2.4% of GDP, TPE now exceeds that of most high income countries. The distorted provider and consumer incentives in the Chinese health system have not fundamentally changed. Price-setting and reimbursement mechanisms do not promote cost-effective use of medicines. Inappropriate price controls and perverse financial incentives are the un-resolved root causes of preference of originator brands for some major diseases and shortages of low-cost and low-consumption medicines. In addition, access to expensive life-saving medicines is yet systematically addressed. Conclusions The complicated and interdependent problems interact in a way that leads to significant system problems in China, which create dual challenges that both the developing country and the developed countries are

Public access of environmental information. Report of an Interdepartmental Working Party on public access to information held by Pollution Control Authorities

International Nuclear Information System (INIS)

1986-01-01

The working party was set up to report to the Government ways of implementing the recommendations of the Royal Commission on Environmental Pollution that 'there should be a presumption in favour of unrestricted public access to the information which the pollution control authorities obtain or receive by virtue of their statutory powers'. Chapter 6 deals with Radioactive wastes. The present situation (eg on how the information is gathered, which department or bodies are involved etc) and the current state of the law are discussed. Licensed nuclear sites, sea disposal, inspections and defence wastes are all considered briefly. The case for improving public access to information and, recommendations on how to achieve this made, and the resource implications considered. On control of radioactive wastes there is currently no power for the responsible Government Departments to make information public. It is recommended that new legislation should confer powers to make information available, including a power to require public registers to be kept at prescribed places giving information related to certificates issued under the Radioactive Substances Act 1960. (UK)

Biomechanics and energetics of walking in powered ankle exoskeletons using myoelectric control versus mechanically intrinsic control.

Science.gov (United States)

Koller, Jeffrey R; Remy, C David; Ferris, Daniel P

2018-05-25

Controllers for assistive robotic devices can be divided into two main categories: controllers using neural signals and controllers using mechanically intrinsic signals. Both approaches are prevalent in research devices, but a direct comparison between the two could provide insight into their relative advantages and disadvantages. We studied subjects walking with robotic ankle exoskeletons using two different control modes: dynamic gain proportional myoelectric control based on soleus muscle activity (neural signal), and timing-based mechanically intrinsic control based on gait events (mechanically intrinsic signal). We hypothesized that subjects would have different measures of metabolic work rate between the two controllers as we predicted subjects would use each controller in a unique manner due to one being dependent on muscle recruitment and the other not. The two controllers had the same average actuation signal as we used the control signals from walking with the myoelectric controller to shape the mechanically intrinsic control signal. The difference being the myoelectric controller allowed step-to-step variation in the actuation signals controlled by the user's soleus muscle recruitment while the timing-based controller had the same actuation signal with each step regardless of muscle recruitment. We observed no statistically significant difference in metabolic work rate between the two controllers. Subjects walked with 11% less soleus activity during mid and late stance and significantly less peak soleus recruitment when using the timing-based controller than when using the myoelectric controller. While walking with the myoelectric controller, subjects walked with significantly higher average positive and negative total ankle power compared to walking with the timing-based controller. We interpret the reduced ankle power and muscle activity with the timing-based controller relative to the myoelectric controller to result from greater slacking effects

The Design of the M-B-Quadro Optical Switch and Its Access Control Strategies

Institute of Scientific and Technical Information of China (English)

无

2003-01-01

This paper proposes a new simple contention resolution switching architecture, M-B-Quadro, and its underlying access control strategies. By incorporating delay and buffer lines, the switching node can effectively obtain very low packet deflection probability.

Access to the Birth Control Pill and the Career Plans of Young Men and Women

DEFF Research Database (Denmark)

Steingrimsdottir, Herdis

The paper explores the effect of unrestricted access to the birth control pill on young people’s career plans, using annual surveys of college freshmen from 1968 to 1980. In particular it addresses the question of who was affected by the introduction of the birth control pill by looking at career...

智能门禁系统设计要点探讨%Discussion on the Design of Intelligent Access Control System

Institute of Scientific and Technical Information of China (English)

朱矩龙

2015-01-01

Access control system is the basis and security of the use of building security, the use of advanced technology to design intelligent access control system is conducive to improve the safety of the building. Discusses a based on TM card intelligent access control system design, expounds the main problems existing in traditional access control system, comprehensive description of the hardware design and software design of the intelligent access control system, and the system is simulated and tested.%门禁系统是建筑使用安全性的基础和保障，使用先进技术对智能门禁系统进行设计有利于提高建筑的安全性能。探讨了一种基于TM卡技术的智能门禁系统设计，阐述了传统门禁系统存在的主要问题，综合说明了智能门禁系统的硬件设计和软件设计，并对系统进行了仿真测试。

Proximity Displays for Access Control

Science.gov (United States)

Vaniea, Kami

2012-01-01

Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…

Access and Resilience: Analyzing the Construction of Social Resilience to the Threat of Water Scarcity

Directory of Open Access Journals (Sweden)

Ruth Langridge

2006-12-01

Full Text Available Resilience is a vital attribute that characterizes a system's capacity to cope with stress. Researchers have examined the measurement of resilience in ecosystems and in social-ecological systems, and the comparative vulnerability of social groups. Our paper refocuses attention on the processes and relations that create social resilience. Our central proposition is that the creation of social resilience is linked to a community's ability to access critical resources. We explore this proposition through an analysis of how community resilience to the stress of water scarcity is influenced by historically contingent mechanisms to gain, control, and maintain access to water. Access is defined broadly as the ability of a community to actually benefit from a resource, and includes a wider range of relations than those derived from property rights alone. We provide a framework for assessing the construction of social resilience and use it to examine, first, the different processes and relations that enabled four communities in northern California to acquire access to water, and second, how access contributed to their differential levels of resilience to potential water scarcity. Legal water rights are extremely difficult to alter, and given the variety of mechanisms that can generate access, our study suggests that strengthening and diversifying a range of structural and relational mechanisms to access water can enhance a community's resilience to water scarcity.

Controlling Hydrogel Mechanics via Bio-Inspired Polymer-Nanoparticle Bond Dynamics.

Science.gov (United States)

Li, Qiaochu; Barrett, Devin G; Messersmith, Phillip B; Holten-Andersen, Niels

2016-01-26

Interactions between polymer molecules and inorganic nanoparticles can play a dominant role in nanocomposite material mechanics, yet control of such interfacial interaction dynamics remains a significant challenge particularly in water. This study presents insights on how to engineer hydrogel material mechanics via nanoparticle interface-controlled cross-link dynamics. Inspired by the adhesive chemistry in mussel threads, we have incorporated iron oxide nanoparticles (Fe3O4 NPs) into a catechol-modified polymer network to obtain hydrogels cross-linked via reversible metal-coordination bonds at Fe3O4 NP surfaces. Unique material mechanics result from the supra-molecular cross-link structure dynamics in the gels; in contrast to the previously reported fluid-like dynamics of transient catechol-Fe(3+) cross-links, the catechol-Fe3O4 NP structures provide solid-like yet reversible hydrogel mechanics. The structurally controlled hierarchical mechanics presented here suggest how to develop hydrogels with remote-controlled self-healing dynamics.

Working principle and structure characteristics analysis of the reactivity control drive mechanism

International Nuclear Information System (INIS)

Zhao Tianyu; Huang Zhiyong; Chen Feng; He Xuedong

2010-01-01

The startup, power regulation and safety shutdown of the nuclear reactor are operated by the reactivity control devices. Reactivity control drive mechanism is a key mechanical transmission component, which directly control the location of the neutron absorber in the core. Its working condition is complex, and its service life should be long., which requires high reliability. PWR as well as newly developed different type of reactors have different control devices drive mechanism. This paper mainly do analysis and comparison about the working environment, mechanical transmission principle, structure, performance, service life and other aspects of PWR, HTR control devices drive mechanism. In addition, this paper is also based on the working principles of reactive control devices drive mechanism, also consider the trends of its design and test verification by the international countries, and discussed the method and feasibility of improving and perfecting the structure and function of drive mechanism. (authors)

Electromagnetic interference-aware transmission scheduling and power control for dynamic wireless access in hospital environments.

Science.gov (United States)

Phunchongharn, Phond; Hossain, Ekram; Camorlinga, Sergio

2011-11-01

We study the multiple access problem for e-Health applications (referred to as secondary users) coexisting with medical devices (referred to as primary or protected users) in a hospital environment. In particular, we focus on transmission scheduling and power control of secondary users in multiple spatial reuse time-division multiple access (STDMA) networks. The objective is to maximize the spectrum utilization of secondary users and minimize their power consumption subject to the electromagnetic interference (EMI) constraints for active and passive medical devices and minimum throughput guarantee for secondary users. The multiple access problem is formulated as a dual objective optimization problem which is shown to be NP-complete. We propose a joint scheduling and power control algorithm based on a greedy approach to solve the problem with much lower computational complexity. To this end, an enhanced greedy algorithm is proposed to improve the performance of the greedy algorithm by finding the optimal sequence of secondary users for scheduling. Using extensive simulations, the tradeoff in performance in terms of spectrum utilization, energy consumption, and computational complexity is evaluated for both the algorithms.

Bank Access Control of Electronic Payment Based on SPKI%基于SPKI电子支付中的银行端访问控制

Institute of Scientific and Technical Information of China (English)

王茜; 王富强; 傅鹤岗; 朱庆生

2003-01-01

In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.

The LHC access system LACS and LASS

CERN Document Server

Ninin, P

2005-01-01

The LHC complex is divided into a number of zones with different levels of access controls.Inside the interlocked areas, the personnel protection is ensured by the LHC Access System.The system is made of two parts:the LHC Access Safety System and the LHC Access Control System. During machine operation,the LHC Access Safety System ensures the collective protection of the personnel against the radiation hazards arising from the operation of the accelerator by interlocking the LHC key safety elements. When the beams are off, the LHC Access Control System regulates the access to the accelerator and its many subsystems.It allows a remote, local or automatic operation of the access control equipment which verifies and identifies all users entering the controlled areas.The global architecture of the LHC Access System is now designed and is being validated to ensure that it meets the safety requirements for operation of the LHC.A pilot installation will be tested in the summer 2005 to validate the concept with the us...

Intrusion Prevention System Based on the Aççess Control Mechanism in the Operating System Miçrosoft Windows

Directory of Open Access Journals (Sweden)

V. S. Matveeva

2012-03-01

Full Text Available It is suggested to implement an intrusion prevention system based on the access control mechanism of Microsoft Windows operating system to restrict the execution of malicious code. Most of the existing computer security facilities use behavioral and heuristic analyses based on an undocumented method of system calls interception that is not an uniform approach in designing of proactive security mechanism. The IPS is portable among different versions of the OS because it is implemented with documented functions only, it does not need to be updated and uses less system resources in comparison with another protection systems. The system protects from zero-day malware and therefore prevents companies from online-banking fraud that is a very actual problem of information security nowadays.

A METHOD OF AND A SYSTEM FOR CONTROLLING ACCESS TO A SHARED RESOURCE

DEFF Research Database (Denmark)

2006-01-01

A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority...

A methodology for identification and control of electro-mechanical actuators.

Science.gov (United States)

Tutunji, Tarek A; Saleem, Ashraf

2015-01-01

Mechatronic systems are fully-integrated engineering systems that are composed of mechanical, electronic, and computer control sub-systems. These integrated systems use electro-mechanical actuators to cause the required motion. Therefore, the design of appropriate controllers for these actuators are an essential step in mechatronic system design. In this paper, a three-stage methodology for real-time identification and control of electro-mechanical actuator plants is presented, tested, and validated. First, identification models are constructed from experimental data to approximate the plants' response. Second, the identified model is used in a simulation environment for the purpose of designing a suitable controller. Finally, the designed controller is applied and tested on the real plant through Hardware-in-the-Loop (HIL) environment. The described three-stage methodology provides the following practical contributions: •Establishes an easy-to-follow methodology for controller design of electro-mechanical actuators.•Combines off-line and on-line controller design for practical performance.•Modifies the HIL concept by using physical plants with computer control (rather than virtual plants with physical controllers). Simulated and experimental results for two case studies, induction motor and vehicle drive system, are presented in order to validate the proposed methodology. These results showed that electromechanical actuators can be identified and controlled using an easy-to-duplicate and flexible procedure.

Improved efficiency access control equipment and explosive, weapons and drug abuse detection

International Nuclear Information System (INIS)

Jenkins, A.; Milford, A.; Woollven, J.

1985-01-01

The second generation portal explosives detector has been designed with increased detection capability and convenience in service. The method of detection and performance relative to the first generation is described. A novel method of auto-calibration and self diagnosis is described and results are discussed. Improvements in convenience of operation have been achieved and operating space and costs reduced by combining metal detection capability, together with explosives detection. This allows both alarm signal and diagnostic outputs to be combined on a single remote panel in the guard room, and reduces the number of guards needed to man the access control. This type of access control is entirely a defensive measure against attack but a further additional feature is proposed which will also check the state of mind of all personnel passing through the check point. Any person suffering from the effect of narcotic or alcohol will be detected by their inability to reproduce their normal signature. A new method of signature analysis in five dimensions is described together with proposals for integrating the check without increasing the time in the test area. Some recent results on the effects of alcohol on signature reproduction is given

Multi-level access control in the data pipeline of the international supply chain system

NARCIS (Netherlands)

Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.

2013-01-01

The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to