WorldWideScience

Sample records for access control system

  1. ACCESS Pointing Control System

    Science.gov (United States)

    Brugarolas, Paul; Alexander, James; Trauger, John; Moody, Dwight; Egerman, Robert; Vallone, Phillip; Elias, Jason; Hejal, Reem; Camelo, Vanessa; Bronowicki, Allen; O'Connor, David; Partrick, Richard; Orzechowski, Pawel; Spitter, Connie; Lillie, Chuck

    2010-01-01

    ACCESS (Actively-Corrected Coronograph for Exoplanet System Studies) was one of four medium-class exoplanet concepts selected for the NASA Astrophysics Strategic Mission Concept Study (ASMCS) program in 2008/2009. The ACCESS study evaluated four major coronograph concepts under a common space observatory. This paper describes the high precision pointing control system (PCS) baselined for this observatory.

  2. Access control and personal identification systems

    CERN Document Server

    Bowers, Dan M

    1988-01-01

    Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

  3. Access Control in Data Management Systems

    CERN Document Server

    Ferrari, Elena

    2010-01-01

    Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary,

  4. Research of user access control for networked manufacturing system

    Institute of Scientific and Technical Information of China (English)

    ZHENG Xiao-lin; LEI Yu; CHEN De-ren

    2006-01-01

    An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

  5. Speed control system for an access gate

    Science.gov (United States)

    Bzorgi, Fariborz M.

    2012-03-20

    An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.

  6. Campus Access Control System RFID Based

    Directory of Open Access Journals (Sweden)

    Mr. SANTHOSH S

    2012-06-01

    Full Text Available Radio frequency identification (RFID technology has helped many organizations to reduce cost. Nevertheless, there are challenges and issues associated with RFID adoption. The most common internal challenge for many organizations is justifying the investment and modification of processes. The focus of this project is to show the business value of RFID technology and its applications. The important issue is the security level of the whole campus because it needs to be carefully differentiated. Dormitories and special research laboratories should benefit from higher levels of security than any other campuses. The key to the problem is represented by the new Radio Frequency Identification (RFID which can support contactless cards with memory. The most important feature of the proposed system is the updating of access permission level at any time for the user based on the availability of that user. The data transfer from the reader to the database was done using wireless communication (RF communication. To achieve this here RF transmitter and the RF receiver is used. The data which is read by the reader is sent to the microcontroller. Then from the controller we can transfer the data to the database by using the UART module (serial communication which is inbuilt in the microcontroller through RF transmitter. RF receiver of the same frequency at the receiver end receives and then stores the data in the database. RF transmitter and Receiver – frequency for transmitting and receiving the data depends on the user as per the requirement for the application and it is based on the range of distance. For the data encoding and decoding process HCS-101 protocol is used.

  7. Context-Based E-Health System Access Control Mechanism

    Science.gov (United States)

    Al-Neyadi, Fahed; Abawajy, Jemal H.

    E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.

  8. 49 CFR 1542.207 - Access control systems.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  9. Analysis of Access Control Policies in Operating Systems

    Science.gov (United States)

    Chen, Hong

    2009-01-01

    Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

  10. Analysis of Access Control Policies in Operating Systems

    Science.gov (United States)

    Chen, Hong

    2009-01-01

    Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

  11. Task Delegation Based Access Control Models for Workflow Systems

    Science.gov (United States)

    Gaaloul, Khaled; Charoy, François

    e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.

  12. A mobile console for local access to accelerator control systems.

    CERN Multimedia

    1981-01-01

    Microprocessors were installed as auxiliary crate controllers (ACCs) in the CAMAC interface of control systems for various accelerators. The same ACC was also at the hearth of a stand-alone system in the form of a mobile console. This was also used for local access to the control systems for tests and development work (Annual Report 1981, p. 80, Fig. 10).

  13. Personnel Access Control System Evaluation for National Ignition Facility Operations

    Energy Technology Data Exchange (ETDEWEB)

    Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.

    2001-06-01

    The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.

  14. A new access control system by fingerprint for radioisotope facilities

    Energy Technology Data Exchange (ETDEWEB)

    Kawamura, Hiroko; Hirata, Yasuki [Kyushu Univ., Fukuoka (Japan). Radioisotope Center; Kondo, Takahiro; Takatsuki, Katsuhiro

    1998-04-01

    We applied a new fingerprint checker for complete access control to the radiation controlled area and to the radioisotope storage room, and prepared softwares for the best use of this checker. This system consists of a personal computer, access controllers, a fingerprint register, fingerprint checkers, a tenkey and mat sensors, permits ten thousand users to register their fingerprints and its hard disk to keep more than a million records of user`s access. Only 1% of users could not register their fingerprints worn-out, registered four numbers for a fingerprint. The softwares automatically provide varieties of reports, caused a large reduction in manual works. (author)

  15. Efficient medium access control protocol for geostationary satellite systems

    Institute of Scientific and Technical Information of China (English)

    王丽娜; 顾学迈

    2004-01-01

    This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.

  16. Database design for Physical Access Control System for nuclear facilities

    Energy Technology Data Exchange (ETDEWEB)

    Sathishkumar, T., E-mail: satishkumart@igcar.gov.in; Rao, G. Prabhakara, E-mail: prg@igcar.gov.in; Arumugam, P., E-mail: aarmu@igcar.gov.in

    2016-08-15

    Highlights: • Database design needs to be optimized and highly efficient for real time operation. • It requires a many-to-many mapping between Employee table and Doors table. • This mapping typically contain thousands of records and redundant data. • Proposed novel database design reduces the redundancy and provides abstraction. • This design is incorporated with the access control system developed in-house. - Abstract: A (Radio Frequency IDentification) RFID cum Biometric based two level Access Control System (ACS) was designed and developed for providing access to vital areas of nuclear facilities. The system has got both hardware [Access controller] and software components [server application, the database and the web client software]. The database design proposed, enables grouping of the employees based on the hierarchy of the organization and the grouping of the doors based on Access Zones (AZ). This design also illustrates the mapping between the Employee Groups (EG) and AZ. By following this approach in database design, a higher level view can be presented to the system administrator abstracting the inner details of the individual entities and doors. This paper describes the novel approach carried out in designing the database of the ACS.

  17. Authorisation and access control for electronic health record systems.

    Science.gov (United States)

    Blobel, Bernd

    2004-03-31

    Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented.

  18. Privacy and Access Control for IHE-Based Systems

    Science.gov (United States)

    Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

    Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

  19. Access Control in Decentralised Publish/Subscribe Systems

    Directory of Open Access Journals (Sweden)

    Lauri I.W. Pesonen

    2007-04-01

    Full Text Available Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. Large scale publish/subscribe systems are likely to employ components of the event transport network owned by cooperating, but independent organisations. As the number of participants in the network increases, security becomes an increasing concern. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. This paper extends our previous work to present and evaluate a secure multi-domain publish/subscribe infrastructure that supports and enforces fine-grained access control over the individual attributes of event types.

  20. Safety systems and access control in the National Ignition Facility.

    Science.gov (United States)

    Reed, Robert K; Bell, Jayce C

    2013-06-01

    The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design.

  1. Ontology Based Access Control

    Directory of Open Access Journals (Sweden)

    Özgü CAN

    2010-02-01

    Full Text Available As computer technologies become pervasive, the need for access control mechanisms grow. The purpose of an access control is to limit the operations that a computer system user can perform. Thus, access control ensures to prevent an activity which can lead to a security breach. For the success of Semantic Web, that allows machines to share and reuse the information by using formal semantics for machines to communicate with other machines, access control mechanisms are needed. Access control mechanism indicates certain constraints which must be achieved by the user before performing an operation to provide a secure Semantic Web. In this work, unlike traditional access control mechanisms, an "Ontology Based Access Control" mechanism has been developed by using Semantic Web based policies. In this mechanism, ontologies are used to model the access control knowledge and domain knowledge is used to create policy ontologies.

  2. 77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

    Science.gov (United States)

    2012-04-30

    ... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...

  3. Application of Attribute Based Access Control Model for Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Erkan Yalcinkaya

    2017-02-01

    Full Text Available The number of reported security vulnerabilities and incidents related to the industrial control systems (ICS has increased recent years. As argued by several researchers, authorization issues and poor access control are key incident vectors. The majority of ICS are not designed security in mind and they usually lack strong and granular access control mechanisms. The attribute based access control (ABAC model offers high authorization granularity, central administration of access policies with centrally consolidated and monitored logging properties. This research proposes to harness the ABAC model to address the present and future ICS access control challenges. The proposed solution is also implemented and rigorously tested to demonstrate the feasibility and viability of ABAC model for ICS.

  4. 78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-08-21

    ... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...

  5. 76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-08-16

    ... Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  6. Android Access Control Extension

    Directory of Open Access Journals (Sweden)

    Anton Baláž

    2015-12-01

    Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.

  7. Fine-Grained Access Control for Electronic Health Record Systems

    Science.gov (United States)

    Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

    There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

  8. Navy Commercial Access Control System Did Not Effectively Mitigate Access Control Risks

    Science.gov (United States)

    2013-09-16

    the capability to perform NCIC checks to vet contractor employees, and not all Navy installations nave the ability to access NCIC, NCACS is not...Management Corp 10,017 REA to contract N40085-06-D-1260 Goodwill Industries 199,148 Overhead charge to contract N00189-09- C-Z003 DynCorp international

  9. 78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-05-24

    ...: RTCA Special Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation... 224, Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty-second meeting of the RTCA Special Committee 224, Airport Security Access...

  10. 76 FR 9632 - Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-02-18

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Access Control Systems (Update to DO-230B): Agenda March 10, 2011 Welcome/Introductions/Administrative... Federal Aviation Administration Fifth Meeting: RTCA Special Committee 224: Airport Security Access...

  11. 78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-03-18

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from...

  12. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-07-22

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20,...

  13. 77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-11-30

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13,...

  14. 77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-03-15

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Notice of meeting RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... 224, Airport Security Access Control Systems DATES: The meeting will be held April 5, 2012, from 10...

  15. 78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-04-12

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10,...

  16. 77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-09-11

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28,...

  17. 76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-07-01

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is... Access Control Systems. DATES: The meeting will be held July 15, 2011, from 10 a.m. to 1 p.m....

  18. 77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-10-23

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15,...

  19. 78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-02-04

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21,...

  20. 76 FR 3931 - Fourth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-01-21

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 Meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is... Access Control Systems. DATES: The meeting will be held February 8, 2011, from 10 a.m. to 5...

  1. 75 FR 71790 - Second Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2010-11-24

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is... Access Control Systems. DATES: The meeting will be held December 9, 2010, from 10 a.m. to 5...

  2. 77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-01-17

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10...

  3. Task-role-based Access Control Model in Smart Health-care System

    Directory of Open Access Journals (Sweden)

    Wang Peng

    2015-01-01

    Full Text Available As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for the medical health-care environment, task-role-based access control model, which overcomes the disadvantages of traditional access control models. The task-role-based access control (T-RBAC model introduces a task concept, dividing tasks into four categories. It also supports supervision role hierarchy. T-RBAC is a proper access control model for Smart Health-care System, and it improves the management of access rights. This paper also proposes an implementation of T-RBAC, a binary two-key-lock pair access control scheme using prime factorization.

  4. Database Security System for Applying Sophisticated Access Control via Database Firewall Server

    OpenAIRE

    Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim

    2014-01-01

    Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...

  5. An Efficient Role and Object Based Access Control Model Implemented in a PDM System

    Institute of Scientific and Technical Information of China (English)

    HUANG Xiaowen; TAN Jian; HUANG Xiangguo

    2006-01-01

    An effective and reliable access control is crucial to a PDM system. This article has discussed the commonly used access control models, analyzed their advantages and disadvantages, and proposed a new Role and Object based access control model that suits the particular needs of a PDM system. The new model has been implemented in a commercial PDM system, which has demonstrated enhanced flexibility and convenience.

  6. A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems.

    Science.gov (United States)

    Choi, Donghee; Kim, Dohoon; Park, Seog

    2015-01-01

    Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment.

  7. 76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-09-26

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  8. Characterization of accessibility for affine connection control systems at some points with nonzero velocity

    CERN Document Server

    Barbero-Liñán, María

    2011-01-01

    Affine connection control systems are mechanical control systems that model a wide range of real systems such as robotic legs, hovercrafts, planar rigid bodies, rolling pennies, snakeboards and so on. In 1997 the accessibility and a particular notion of controllability was intrinsically described by A. D. Lewis and R. Murray at points of zero velocity. Here, we present a novel generalization of the description of accessibility algebra for those systems at some points with nonzero velocity as long as the affine connection restricts to the distribution given by the symmetric closure. The results are used to describe the accessibility algebra of different mechanical control systems.

  9. 75 FR 47464 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Science.gov (United States)

    2010-08-06

    ... circumvention of copyright protection systems for access control technologies which was published July 27, 2010... Copyright Office 37 CFR Part 201 Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies AGENCY: Copyright Office, Library of Congress. ACTION: Final...

  10. 75 FR 61819 - First Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2010-10-06

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Control Systems (Update to DO-230B): November 2, 2010 Welcome/Introductions/Administrative Remarks Agenda... Federal Aviation Administration First Meeting: RTCA Special Committee 224: Airport Security Access...

  11. 76 FR 16470 - Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-03-23

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Control Systems (Update to DO-230B): Agenda April 13, 2011 Welcome/Introductions/Administrative Remarks... Federal Aviation Administration Sixth Meeting: RTCA Special Committee 224: Airport Security Access...

  12. 75 FR 80886 - Third Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2010-12-23

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Control Systems (Update to DO-230B): Agenda January 13, 2011 Welcome/Introductions/Administrative Remarks... Federal Aviation Administration Third Meeting: RTCA Special Committee 224: Airport Security Access...

  13. H-RBAC: A Hierarchical Access Control Model for SaaS Systems

    Directory of Open Access Journals (Sweden)

    Dancheng Li

    2011-08-01

    Full Text Available SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1 role name conflicts (2 cross-level management (3 the isomerism of tenants' access control (4 temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.

  14. The Model and Control Methods of Access to Information and Technology Resources of Automated Control Systems in Water Supply Industry

    Science.gov (United States)

    Rytov, M. Yu; Spichyack, S. A.; Fedorov, V. P.; Petreshin, D. I.

    2017-01-01

    The paper describes a formalized control model of access to information and technological resources of automated control systems at water supply enterprises. The given model considers the availability of various communication links with information systems and technological equipment. There are also studied control methods of access to information and technological resources of automated control systems at water supply enterprises. On the basis of the formalized control model and appropriate methods there was developed a software-hardware complex for rapid access to information and technological resources of automated control systems, which contains an administrator’s automated workplace and ultimate users.

  15. A Generic Role Based Access Control Model for Wind Power Systems

    DEFF Research Database (Denmark)

    Nagarajan, Anand; Jensen, Christian D.

    2010-01-01

    infrastructure in a software domain in a manufacturer independent manner as well as establishing secure communication and authenticating the other parties in electrical power infrastructures, but they do not address the problem of access control. We therefore propose a generic model for access control in wind...... power systems, which is based on the widely used role-based access control model. The proposed model is tested using a prototype designed in conformance with the standards that are in use in modern wind power infrastructure and the results are presented to determine the overhead in communication caused...... while adhering to the proposed access model....

  16. A Fault-Tolerant Emergency-Aware Access Control Scheme for Cyber-Physical Systems

    CERN Document Server

    Wu, Guowei; Xia, Feng; Yao, Lin

    2012-01-01

    Access control is an issue of paramount importance in cyber-physical systems (CPS). In this paper, an access control scheme, namely FEAC, is presented for CPS. FEAC can not only provide the ability to control access to data in normal situations, but also adaptively assign emergency-role and permissions to specific subjects and inform subjects without explicit access requests to handle emergency situations in a proactive manner. In FEAC, emergency-group and emergency-dependency are introduced. Emergencies are processed in sequence within the group and in parallel among groups. A priority and dependency model called PD-AGM is used to select optimal response-action execution path aiming to eliminate all emergencies that occurred within the system. Fault-tolerant access control polices are used to address failure in emergency management. A case study of the hospital medical care application shows the effectiveness of FEAC.

  17. The new biometric access control system resembles a big electronic eye. It will be used to control access to the LHC from 2007 onwards.

    CERN Multimedia

    Maximilien Brice

    2006-01-01

    The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.

  18. Generalized access control strategies for integrated services token passing systems

    Science.gov (United States)

    Pang, Joseph W. M.; Tobagi, Fouad A.; Boyd, Stephen

    1994-08-01

    The demand for integrated services local area networks is increasing at a rapid pace with the advent of many new and exciting applications: office and factory automation, distributed computing, and multimedia communications. To support these new applications, it is imperative to integrate traffic with diverse statistical characteristics and differing delay requirements on the same network. An attractive approach for integrating traffic has been adopted in two token passing local area network standards, the IEEE 802.4 token bus standard and FDDI. The idea is to control the transmissions of each station based on a distributed timing algorithm, so as to achieve the following goals: (1) to limit the token cycles so that time-critical traffic can be accommodated, and (2) to allocate pre-specified bandwidths to different stations when the network is overloaded. We have investigated the analysis and design of this protocol. In this paper, we generalize the transmission control algorithm used previously. The major advantages of the generalization over the original protocol are: (1) it provides a much expanded design space, (2) it guarantees convergent behavior, and (3) it gives meaningful insights into the dynamics of the basic control algorithm.

  19. Access Control for Monitoring System-Spanning Business Processes

    NARCIS (Netherlands)

    Bassil, S.; Reichert, M.U.; Bobrik, R.; Bauer, Th.

    2007-01-01

    Integrated process support is highly desirable in environ- ments where data related to a particular (business) process are scattered over distributed and heterogeneous information systems (IS). A process monitoring component is a much-needed module in order to provide an integrated view on all these

  20. Multi-tag content access control in RFID system

    OpenAIRE

    2010-01-01

    Radio Frequency Identification (RFID) makes great flexibility and high efficiency for data acquisition in industry and daily life. At the other side, it brings the privacy risks and multiple tags collision issue. Current research in RFID system focuses on the security and privacy issue which is based on authentication protocols between a tag and a Reader. There is a need to design a reasonable protocol which takes care of both multi-tag anti-collision and security issue. This thesis presen...

  1. Analysing Access Control Specifications

    DEFF Research Database (Denmark)

    Probst, Christian W.; Hansen, René Rydhof

    2009-01-01

    . Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set......When prosecuting crimes, the main question to answer is often who had a motive and the possibility to commit the crime. When investigating cyber crimes, the question of possibility is often hard to answer, as in a networked system almost any location can be accessed from almost anywhere. The most...... of credentials needed to reach a certain location in a system. This knowledge allows to identify a set of (inside) actors who have the possibility to commit an insider attack at that location. This has immediate applications in analysing log files, but also nontechnical applications such as identifying possible...

  2. Cognitive radio networks medium access control for coexistence of wireless systems

    CERN Document Server

    Bian, Kaigui; Gao, Bo

    2014-01-01

    This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing.  From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources.  Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems.   • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...

  3. A Fine-Grained Data Access Control System in Wireless Sensor Network

    Directory of Open Access Journals (Sweden)

    Boniface K. Alese

    2015-12-01

    Full Text Available The evolving realities of Wireless Sensor Network (WSN deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.

  4. Multi-level access control in the data pipeline of the international supply chain system

    NARCIS (Netherlands)

    Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.

    2013-01-01

    The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to b

  5. A test bed for the future access control system the AD Project

    CERN Document Server

    Scibile, L

    1999-01-01

    This paper describes the design, management and development of the new access control system for the Antiproton Deceleration experimental area, called the AD Project. As this project includes all the elements for the industrial evolution of the present access control system it is an ideal test bed for future access systems. The adoption of new technologies and techniques are described, and the benefits and the shortfalls are highlighted. The open redundant architecture solution, based on a PROFIBUS network and standard industrial components (HP-UNIX, Siemens S7 PLC, Siemens Industrial PC, door locks), guarantees reliability, safety and optimal integration. The project team took advantage of the Goal Directed Project Management technique and managed to define a clear and effective strategy.

  6. Access Control Enforcement Testing

    OpenAIRE

    El Kateb, Donia; Elrakaiby, Yehia; Mouelhi, Tejeddine; Le Traon, Yves

    2012-01-01

    A policy-based access control architecture com- prises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the co...

  7. Quality Test Template toward Multi-user Access Control of Internet-Based System

    Directory of Open Access Journals (Sweden)

    Nan Nie

    2011-06-01

    Full Text Available Aiming at three kinds of Internet-based system quality problems, which is performance, liability and security, the paper proposes a kind of test template during multi-user login and resource access control, which includes test requirement, login script, role-resource correlating and mutation test technique. Some Internet-based systems are tested and diagnosed by automation test technique of test template. At last, system quality can be verified and improved through the realization mechanism of test template.

  8. Request Stream Control for the Access to Broadband Multimedia Educational Resources in the Distance Learning System

    Directory of Open Access Journals (Sweden)

    Irina Pavlovna Bolodurina

    2013-10-01

    Full Text Available This article presents a model of queuing system for broadband multimedia educational resources, as well as a model of access to a hybrid cloud system storage. These models are used to enhance the efficiency of computing resources in a distance learning system. An additional OpenStack control module has been developed to achieve the distribution of request streams and balance the load between cloud nodes.

  9. RFID-Based Monitoring And Access Control System For Parliamentary Campus

    Directory of Open Access Journals (Sweden)

    Sai Thu Rein Htun

    2015-08-01

    Full Text Available This paper is to implement monitoring and access control system based on RFID and Zigbee technology which can be used at Parliamentary Campus. Nowadays RFID technology is widely used for access control system because it is cheap waterproof and easy to use as well as it contains unique EPC electronic protect code .In addition Zigbee wireless module is cost-effective and can be reliable for security. Sothis system consists of RFID tag RFID reader Arduino Uno and Zigbee. This system can also be used for industrial amp commercial and security HVAC closures. This paper describes the results of point-to-point connection and point-to-multipoint connection using Zigbee and RFID technology.

  10. Design and Implementation of File Access and Control System Based on Dynamic Web

    Institute of Scientific and Technical Information of China (English)

    GAO Fuxiang; YAO Lan; BAO Shengfei; YU Ge

    2006-01-01

    A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.

  11. A Novel Medium Access Control for Ad hoc Networks Based on OFDM System

    Institute of Scientific and Technical Information of China (English)

    YU Yi-fan; YIN Chang-chuan; YUE Guang-xin

    2005-01-01

    Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%~80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.

  12. Flexible access control for dynamic collaborative environments

    NARCIS (Netherlands)

    Dekker, Mari Antonius Cornelis

    2009-01-01

    Access control is used in computer systems to control access to confidential data. In this thesis we focus on access control for dynamic collaborative environments where multiple users and systems access and exchange data in an ad hoc manner. In such environments it is difficult to protect confident

  13. Frequency-selective design of wireless power transfer systems for controlled access applications

    Science.gov (United States)

    Maschino, Tyler Stephen

    Wireless power transfer (WPT) has become a common way to charge or power many types of devices, ranging from cell phones to electric toothbrushes. WPT became popular through the introduction of a transmission mode known as strongly coupled magnetic resonance (SCMR). This means of transmission is non-radiative and enables mid-range WPT. Shortly after the development of WPT via SCMR, a group of researchers introduced the concept of resonant repeaters, which allows power to hop from the source to the device. These repeaters are in resonance with the WPT system, which enables them to propagate the power wirelessly with minimal losses to the environment. Resonant repeaters have rekindled the dream of ubiquitous wireless power. Inherent risks come with the realization of such a dream. One of the most prominent risks, which we set out in this thesis to address, is that of accessibility to the WPT system. We propose the incorporation of a controlled access schema within a WPT system to prevent unwarranted use of wireless power. Our thesis discusses the history of electromagnetism, examines the inception of WPT via SCMR, evaluates recent developments in WPT, and further elaborates on the controlled access schema we wish to contribute to the field.

  14. A fuzzy expert system to Trust-Based Access Control in crowdsourcing environments

    Directory of Open Access Journals (Sweden)

    Olusegun Folorunso

    2015-07-01

    Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.

  15. An extended smart utilization medium access control (ESU-MAC) protocol for ad hoc wireless systems

    Science.gov (United States)

    Vashishtha, Jyoti; Sinha, Aakash

    2006-05-01

    The demand for spontaneous setup of a wireless communication system has increased in recent years for areas like battlefield, disaster relief operations etc., where a pre-deployment of network infrastructure is difficult or unavailable. A mobile ad-hoc network (MANET) is a promising solution, but poses a lot of challenges for all the design layers, specifically medium access control (MAC) layer. Recent existing works have used the concepts of multi-channel and power control in designing MAC layer protocols. SU-MAC developed by the same authors, efficiently uses the 'available' data and control bandwidth to send control information and results in increased throughput via decreasing contention on the control channel. However, SU-MAC protocol was limited for static ad-hoc network and also faced the busy-receiver node problem. We present the Extended SU-MAC (ESU-MAC) protocol which works mobile nodes. Also, we significantly improve the scheme of control information exchange in ESU-MAC to overcome the busy-receiver node problem and thus, further avoid the blockage of control channel for longer periods of time. A power control scheme is used as before to reduce interference and to effectively re-use the available bandwidth. Simulation results show that ESU-MAC protocol is promising for mobile, ad-hoc network in terms of reduced contention at the control channel and improved throughput because of channel re-use. Results show a considerable increase in throughput compared to SU-MAC which could be attributed to increased accessibility of control channel and improved utilization of data channels due to superior control information exchange scheme.

  16. Presidential Management Fellows (PMF) Talent Acquisition System, PMF-TAS (ACCESS CONTROLLED)

    Data.gov (United States)

    Office of Personnel Management — Application and Assessment system for Presidential Management Fellows (PMF) and PMF Science, Technology, Engineering, and Math (STEM) programs. This sytem is access...

  17. Face Recognition for Access Control Systems Combining Image-Difference Features Based on a Probabilistic Model

    Science.gov (United States)

    Miwa, Shotaro; Kage, Hiroshi; Hirai, Takashi; Sumi, Kazuhiko

    We propose a probabilistic face recognition algorithm for Access Control System(ACS)s. Comparing with existing ACSs using low cost IC-cards, face recognition has advantages in usability and security that it doesn't require people to hold cards over scanners and doesn't accept imposters with authorized cards. Therefore face recognition attracts more interests in security markets than IC-cards. But in security markets where low cost ACSs exist, price competition is important, and there is a limitation on the quality of available cameras and image control. Therefore ACSs using face recognition are required to handle much lower quality images, such as defocused and poor gain-controlled images than high security systems, such as immigration control. To tackle with such image quality problems we developed a face recognition algorithm based on a probabilistic model which combines a variety of image-difference features trained by Real AdaBoost with their prior probability distributions. It enables to evaluate and utilize only reliable features among trained ones during each authentication, and achieve high recognition performance rates. The field evaluation using a pseudo Access Control System installed in our office shows that the proposed system achieves a constant high recognition performance rate independent on face image qualities, that is about four times lower EER (Equal Error Rate) under a variety of image conditions than one without any prior probability distributions. On the other hand using image difference features without any prior probabilities are sensitive to image qualities. We also evaluated PCA, and it has worse, but constant performance rates because of its general optimization on overall data. Comparing with PCA, Real AdaBoost without any prior distribution performs twice better under good image conditions, but degrades to a performance as good as PCA under poor image conditions.

  18. Proximity-based access control for context-sensitive information provision in SOA-based systems

    Science.gov (United States)

    Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew

    2014-06-01

    Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.

  19. Preliminary assessment of Tongue Drive System in medium term usage for computer access and wheelchair control.

    Science.gov (United States)

    Yousefi, Behnaz; Huo, Xueliang; Ghovanloo, Maysam

    2011-01-01

    Tongue Drive System (TDS) is a wireless, wearable assistive technology that enables individuals with severe motor impairments access computers, drive wheelchairs, and control their environments using tongue motion. In this paper, we have evaluated the TDS performance as a computer input device using ISO9241-9 standard tasks for pointing and selecting, based on the well known Fitts' Law, and as a powered wheelchair controller through an obstacle course navigation task. Nine able-bodied subjects who already had tongue piercing participated in this trial over 5 sessions during 5 weeks, allowing us to study the TDS learning process and its current limiting factors. Subjects worn tongue rings made of titanium in the form of a barbell with a small rare earth magnetic tracer hermetically sealed inside the upper ball. Comparing the results between 1(st) and 5(th) sessions showed that subjects' performance improved in all the measures through 5 sessions, demonstrating the effects of learning.

  20. Study on Mandatory Access Control in a Secure Database Management System

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

  1. OGIS Access System

    Data.gov (United States)

    National Archives and Records Administration — The OGIS Access System (OAS) provides case management, stakeholder collaboration, and public communications activities including a web presence via a web portal.

  2. DESIGN AND IMPLEMENTATION OF ROLE BASE ACCESS CONTROL SYSTEM FOR NETWORK RESOURCES

    Directory of Open Access Journals (Sweden)

    S.R. Kodituwakku

    2010-11-01

    Full Text Available Role Based Access Control is very useful for providing a high level description of access control for organizational applications. This paper proposes a role based framework that deals with security problems in an intranet environment. The proposed framework protects intranet resources from unauthorized users. The salient feature of the framework is that it allows intranet users to access only authorized resources. It consists of two kinds of role hierarchies: global role hierarchy and local role hierarchy, and two levels of permissions: server permission and object permission. They simplify the way of structuring authority and responsibility in the whole intranet and the allocation of privileges for different objects within a particular server. The proposed framework is implemented over Windows platform and tested for the validity. The test results indicated that it can successfully be used to control accessing network objects.

  3. An Access Control Framework for Reflective Middleware

    Institute of Scientific and Technical Information of China (English)

    Gang Huang; Lian-Shan Sun

    2008-01-01

    Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

  4. Authenticated Blind Issuing of Symmetric Keys for Mobile Access Control System without Trusted Parties

    Directory of Open Access Journals (Sweden)

    Shin-Yan Chiou

    2013-01-01

    Full Text Available Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.

  5. The IEO Data Center Management System: Tools for quality control, analysis and access marine data

    Science.gov (United States)

    Casas, Antonia; Garcia, Maria Jesus; Nikouline, Andrei

    2010-05-01

    Since 1994 the Data Centre of the Spanish Oceanographic Institute develops system for archiving and quality control of oceanographic data. The work started in the frame of the European Marine Science & Technology Programme (MAST) when a consortium of several Mediterranean Data Centres began to work on the MEDATLAS project. Along the years, old software modules for MS DOS were rewritten, improved and migrated to Windows environment. Oceanographic data quality control includes now not only vertical profiles (mainly CTD and bottles observations) but also time series of currents and sea level observations. New powerful routines for analysis and for graphic visualization were added. Data presented originally in ASCII format were organized recently in an open source MySQL database. Nowadays, the IEO, as part of SeaDataNet Infrastructure, has designed and developed a new information system, consistent with the ISO 19115 and SeaDataNet standards, in order to manage the large and diverse marine data and information originated in Spain by different sources, and to interoperate with SeaDataNet. The system works with data stored in ASCII files (MEDATLAS, ODV) as well as data stored within the relational database. The components of the system are: 1.MEDATLAS Format and Quality Control - QCDAMAR: Quality Control of Marine Data. Main set of tools for working with data presented as text files. Includes extended quality control (searching for duplicated cruises and profiles, checking date, position, ship velocity, constant profiles, spikes, density inversion, sounding, acceptable data, impossible regional values,...) and input/output filters. - QCMareas: A set of procedures for the quality control of tide gauge data according to standard international Sea Level Observing System. These procedures include checking for unexpected anomalies in the time series, interpolation, filtering, computation of basic statistics and residuals. 2. DAMAR: A relational data base (MySql) designed to

  6. Access Request Trustworthiness in Weighted Access Control Framework

    Institute of Scientific and Technical Information of China (English)

    WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min

    2005-01-01

    Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.

  7. Towards Accessible Search Systems

    NARCIS (Netherlands)

    Serdyukov, Pavel; Hiemstra, Djoerd; Ruthven, Ian

    2010-01-01

    The SIGIR workshop Towards Accessible Search Systems was the first workshop in the field to raise the discussion on how to make search engines accessible for different types of users. We report on the results of the workshop that was held on 23 July 2010 in conjunction with the 33rd Annual ACM SIGIR

  8. Physical Access Control Database -

    Data.gov (United States)

    Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...

  9. Function-Based Access Control (FBAC): From Access Control Matrix to Access Control Tensor

    OpenAIRE

    Desmedt, Yvo; Shaghaghi, Arash

    2016-01-01

    Security researchers have stated that the core concept behind current implementations of access control predates the Internet. These assertions are made to pinpoint that there is a foundational gap in this field, and one should consider revisiting the concepts from the ground up. Moreover, Insider threats, which are an increasing threat vector against organizations are also associated with the failure of access control. Access control models derived from access control matrix encompass three ...

  10. Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

    Directory of Open Access Journals (Sweden)

    Wen-Jye Shyr

    2013-02-01

    Full Text Available This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equipment from a remote location. Mechatronics control and long‐distance monitoring were realized by establishing communication between the PLC and WebAccess. Analytical results indicate that the proposed system is feasible. The suitability of this system is demonstrated in the department of industrial education and technology at National Changhua University of Education, Taiwan. Preliminary evaluation of the system was encouraging and has shown that it has achieved success in helping students understand concepts and master remote monitoring and control techniques.

  11. Controlling Access to RDF Graphs

    Science.gov (United States)

    Flouris, Giorgos; Fundulaki, Irini; Michou, Maria; Antoniou, Grigoris

    One of the current barriers towards realizing the huge potential of Future Internet is the protection of sensitive information, i.e., the ability to selectively expose (or hide) information to (from) users depending on their access privileges. Given that RDF has established itself as the de facto standard for data representation over the Web, our work focuses on controlling access to RDF data. We present a high-level access control specification language that allows fine-grained specification of access control permissions (at triple level) and formally define its semantics. We adopt an annotation-based enforcement model, where a user can explicitly associate data items with annotations specifying whether the item is accessible or not. In addition, we discuss the implementation of our framework, propose a set of dimensions that should be considered when defining a benchmark to evaluate the different access control enforcement models and present the results of our experiments conducted on different Semantic Web platforms.

  12. An Effective Security Mechanism for M-Commerce Applications Exploiting Ontology Based Access Control Model for Healthcare System

    Directory of Open Access Journals (Sweden)

    S.M. Roychoudri

    2016-09-01

    Full Text Available Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has provided the way for personalization. Personalization is a term which refers to the delivery of information that is relevant to individual or group of individuals in the format, layout specified and in time interval. In this paper we propose an Ontology Based Access Control (OBAC Model that can address the permitted access control among the service providers and users. Personal Health Records sharing is highly expected by the users for the acceptance in mobile commerce applications in health care systems.

  13. Error control and channel access technique of the computer-based truck dispatching system in the open-pit mine

    Energy Technology Data Exchange (ETDEWEB)

    Zhang, G.; Wang, Y.; Huang, Z. [China University of Mining and Technology (China)

    1994-06-01

    The disposition of hardware and software of a computer-based truck dispatching system for open-pit mine are described in the paper. The advantages of random channel access technique of the CSMA/CA/CD of the SWARQ error control and of encoding of constant proportion code were proved by theoretical analysis. The block diagram of the main communication software is given. 3 refs., 4 figs.

  14. Network Access Control For Dummies

    CERN Document Server

    Kelley, Jay; Wessels, Denzil

    2009-01-01

    Network access control (NAC) is how you manage network security when your employees, partners, and guests need to access your network using laptops and mobile devices. Network Access Control For Dummies is where you learn how NAC works, how to implement a program, and how to take real-world challenges in stride. You'll learn how to deploy and maintain NAC in your environment, identify and apply NAC standards, and extend NAC for greater network security. Along the way you'll become familiar with what NAC is (and what it isn't) as well as the key business drivers for deploying NAC.Learn the step

  15. Effectiveness and Safety of Computer-controlled Periodontal Ligament Injection System in Endodontic Access to the Mandibular Posterior Teeth

    Institute of Scientific and Technical Information of China (English)

    Quan Jing; Kuo Wan; Xiao-jun Wang; Lin Ma

    2014-01-01

    Objective To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. Methods A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth:the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4%articaine and 1∶100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. Results The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively;χ2=34.3, P Conclusion The computer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.

  16. Effectiveness and safety of computer-controlled periodontal ligament injection system in endodontic access to the mandibular posterior teeth.

    Science.gov (United States)

    Jing, Quan; Wan, Kuo; Wang, Xiao-jun; Ma, Lin

    2014-03-01

    To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth: the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4% articaine and 1:100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively; χ² = 34.3, Pcomputer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.

  17. 门禁系统在博物馆的应用%Application of Access Control Systems in Museums

    Institute of Scientific and Technical Information of China (English)

    王振

    2015-01-01

    got rapid development in the rapid development of digital technology, network technology today access technology. Access control systems have already gone beyond the simple road and key management, it has gradual y developed into a complete access control system. It plays a great role in administrative work environment safety, personnel at endance management etc. In this paper, the museum entrance guard system in the research on the application of.%在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理,它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。

  18. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    Science.gov (United States)

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

  19. Design and Implementation of a Multi-Modal Biometric System for Company Access Control

    Directory of Open Access Journals (Sweden)

    Elisabetta Stefani

    2017-05-01

    Full Text Available This paper is about the design, implementation, and deployment of a multi-modal biometric system to grant access to a company structure and to internal zones in the company itself. Face and iris have been chosen as biometric traits. Face is feasible for non-intrusive checking with a minimum cooperation from the subject, while iris supports very accurate recognition procedure at a higher grade of invasivity. The recognition of the face trait is based on the Local Binary Patterns histograms, and the Daughman’s method is implemented for the analysis of the iris data. The recognition process may require either the acquisition of the user’s face only or the serial acquisition of both the user’s face and iris, depending on the confidence level of the decision with respect to the set of security levels and requirements, stated in a formal way in the Service Level Agreement at a negotiation phase. The quality of the decision depends on the setting of proper different thresholds in the decision modules for the two biometric traits. Any time the quality of the decision is not good enough, the system activates proper rules, which ask for new acquisitions (and decisions, possibly with different threshold values, resulting in a system not with a fixed and predefined behaviour, but one which complies with the actual acquisition context. Rules are formalized as deduction rules and grouped together to represent “response behaviors” according to the previous analysis. Therefore, there are different possible working flows, since the actual response of the recognition process depends on the output of the decision making modules that compose the system. Finally, the deployment phase is described, together with the results from the testing, based on the AT&T Face Database and the UBIRIS database.

  20. A service-oriented data access control model

    Science.gov (United States)

    Meng, Wei; Li, Fengmin; Pan, Juchen; Song, Song; Bian, Jiali

    2017-01-01

    The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

  1. Access Control Based on Trail Inference

    Directory of Open Access Journals (Sweden)

    ALBARELO, P. C.

    2015-06-01

    Full Text Available Professionals are constantly seeking qualification and consequently increasing their knowledge in their area of expertise. Thus, it is interesting to develop a computer system that knows its users and their work history. Using this information, even in the case of professional role change, the system could allow the renewed authorization for activities, based on previously authorized use. This article proposes a model for user access control that is embedded in a context-aware environment. The model applies the concept of trails to manage access control, recording activities usage in contexts and applying this history as a criterion to grant new accesses. Despite the fact that previous related research works consider contexts, none of them uses the concept of trails. Hence, the main contribution of this work is the use of a new access control criterion, namely, the history of previous accesses (trails. A prototype was implemented and applied in an evaluation based on scenarios. The results demonstrate the feasibility of the proposal, allowing for access control systems to use an alternative way to support access rights.

  2. Automated Computer Access Request System

    Science.gov (United States)

    Snook, Bryan E.

    2010-01-01

    The Automated Computer Access Request (AutoCAR) system is a Web-based account provisioning application that replaces the time-consuming paper-based computer-access request process at Johnson Space Center (JSC). Auto- CAR combines rules-based and role-based functionality in one application to provide a centralized system that is easily and widely accessible. The system features a work-flow engine that facilitates request routing, a user registration directory containing contact information and user metadata, an access request submission and tracking process, and a system administrator account management component. This provides full, end-to-end disposition approval chain accountability from the moment a request is submitted. By blending both rules-based and rolebased functionality, AutoCAR has the flexibility to route requests based on a user s nationality, JSC affiliation status, and other export-control requirements, while ensuring a user s request is addressed by either a primary or backup approver. All user accounts that are tracked in AutoCAR are recorded and mapped to the native operating system schema on the target platform where user accounts reside. This allows for future extensibility for supporting creation, deletion, and account management directly on the target platforms by way of AutoCAR. The system s directory-based lookup and day-today change analysis of directory information determines personnel moves, deletions, and additions, and automatically notifies a user via e-mail to revalidate his/her account access as a result of such changes. AutoCAR is a Microsoft classic active server page (ASP) application hosted on a Microsoft Internet Information Server (IIS).

  3. The LHC access system LACS and LASS

    CERN Document Server

    Ninin, P

    2005-01-01

    The LHC complex is divided into a number of zones with different levels of access controls.Inside the interlocked areas, the personnel protection is ensured by the LHC Access System.The system is made of two parts:the LHC Access Safety System and the LHC Access Control System. During machine operation,the LHC Access Safety System ensures the collective protection of the personnel against the radiation hazards arising from the operation of the accelerator by interlocking the LHC key safety elements. When the beams are off, the LHC Access Control System regulates the access to the accelerator and its many subsystems.It allows a remote, local or automatic operation of the access control equipment which verifies and identifies all users entering the controlled areas.The global architecture of the LHC Access System is now designed and is being validated to ensure that it meets the safety requirements for operation of the LHC.A pilot installation will be tested in the summer 2005 to validate the concept with the us...

  4. Perti Net-Based Workflow Access Control Model

    Institute of Scientific and Technical Information of China (English)

    陈卓; 骆婷; 石磊; 洪帆

    2004-01-01

    Access control is an important protection mechanism for information systems. This paper shows how to make access control in workflow system. We give a workflow access control model (WACM) based on several current access control models. The model supports roles assignment and dynamic authorization. The paper defines the workflow using Petri net. It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM). Finally, an example of an e-commerce workflow access control model is discussed in detail.

  5. A new access scheme in OFDMA systems

    Institute of Scientific and Technical Information of China (English)

    GU Xue-lin; YAN Wei; TIAN Hui; ZHANG Ping

    2006-01-01

    This article presents a dynamic random access scheme for orthogonal frequency division multiple access (OFDMA) systems. The key features of the proposed scheme are:it is a combination of both the distributed and the centralized schemes, it can accommodate several delay sensitivity classes,and it can adjust the number of random access channels in a media access control (MAC) frame and the access probability according to the outcome of Mobile Terminals access attempts in previous MAC frames. For floating populated packet-based networks, the proposed scheme possibly leads to high average user satisfaction.

  6. Towards a quality-controlled and accessible Pitzer model for seawater and related systems

    Directory of Open Access Journals (Sweden)

    David Turner

    2016-09-01

    Full Text Available We elaborate the need for a quality-controlled chemical speciation model for seawater and related natural waters, work which forms the major focus of SCOR Working Group 145. Model development is based on Pitzer equations for the seawater electrolyte and trace components. These equations can be used to calculate activities of dissolved ions and molecules and, in combination with thermodynamic equilibrium constants, chemical speciation. The major tasks to be addressed are ensuring internal consistency of the Pitzer model parameters (expressing the interactions between pairs and triplets of species, which ultimately determines the calculated activities, assessing uncertainties, and identifying important data gaps that should be addressed by new measurements. It is recognised that natural organic matter plays an important role in many aquatic ecosystems, and options for including this material in a Pitzer-based model are discussed. The process of model development begins with the core components which include the seawater electrolyte and the weak acids controlling pH. This core model can then be expanded by incorporating additional chemical components, changing the standard seawater composition and/or broadening the range of temperature and pressure, without compromising its validity. Seven important areas of application are identified: open ocean acidification; micro-nutrient biogeochemistry and geochemical tracers; micro-nutrient behaviour in laboratory studies; water quality in coastal and estuarine waters; cycling of nutrients and trace metals in pore waters; chemical equilibria in hydrothermal systems; brines and salt lakes.

  7. Proposal for the award of a contract for the supply, installation and maintenance of access control systems

    CERN Document Server

    2000-01-01

    This document concerns the award of a contract for the supply, installation and maintenance of access control systems. Following a market survey carried out among 93 firms in fifteen Member States, a call for tenders (IT-2681/ST) was sent on 23 June 2000 to two firms, nine consortia each consisting of two firms and one consortium consisting of three firms, in nine Member States. By the closing date, CERN had received three tenders from three consortia in five Member States. The Finance Committee is invited to agree to the negotiation of a contract with the consortium GTD (ES) - ALSTOM (FR), the lowest bidder, for the supply, installation and maintenance of access control systems for a total amount of 4 305 892 euros (6 581 987 Swiss francs), not subject to revision. The above amount in Swiss francs has been calculated using the rate of exchange indicated in the tender. The firm has indicated the following distribution by country of the contract value covered by this adjudication proposal: ES-36%, FR-36%, GB-1...

  8. Development and Validation of Project Management Constructs of Security Door Access Control Systems: A Pilot Study in Macau

    Directory of Open Access Journals (Sweden)

    Chan Brenda Wing Han

    2016-06-01

    Full Text Available A Security Door Access Control System (SDACS project involves a number of teams from different organizations with diverse project goals. One of the main challenges of such projects is the lack of a standard approach or common understanding to achieve a common goal among project parties. This research examines various management concerns for SDACS projects, highlights the expected common understanding for project participants, develops the project management constructs, and emphasizes on the resulting value of the project to all participants. A two-stage process of scale development and validation was conducted. First, six generic constructs were identified based on the Security Access Control System Framework. Next, a multi-item scale for each construct was developed with reference to the Result-Oriented Management Framework. Expert judges were invited to conduct manual sorting of the items iteratively until reliability and validity was reached. In the next stage, further refinement and validation were carried out with a synthesized survey instrument and a series of statistical testing followed. The finalized SDACS project management constructs and the related findings help reinforce the importance of a standardized management practice for SDACS projects. The value of this research not only benefits SDACS project managers but everyone who works on the project.

  9. Proposal for the award of a blanket contract for the supply, installation and maintenance of the LHC access control system

    CERN Document Server

    2004-01-01

    This document concerns the award of a blanket contract for the supply, installation and maintenance of the LHC access control system. Following a market survey carried out among 134 firms in fifteen Member States, a call for tenders (IT-3026/TS/LHC) was sent on 22 January 2004 to eight firms and eight consortia in six Member States. By the closing date, CERN had received nine tenders from two firms and seven consortia in five Member States. The Finance Committee is invited to agree to the negotiation of a blanket contract with the consortium CEGELEC CENTRE EST (FR) - CEGELEC (NL), the lowest technically compliant bidder, for the supply, installation and maintenance of the LHC access control system for a total amount not exceeding 4 600 000 euros (7 141 000 Swiss francs), subject to revision for inflation from 1 January 2007. The rate of exchange used is that stipulated in the tender. The firm has indicated the following distribution by country of the contract value covered by this adjudication proposal: FR - ...

  10. Apparatus, method and system to control accessibility of platform resources based on an integrity level

    Science.gov (United States)

    Jenkins, Chris; Pierson, Lyndon G.

    2016-10-25

    Techniques and mechanism to selectively provide resource access to a functional domain of a platform. In an embodiment, the platform includes both a report domain to monitor the functional domain and a policy domain to identify, based on such monitoring, a transition of the functional domain from a first integrity level to a second integrity level. In response to a change in integrity level, the policy domain may configure the enforcement domain to enforce against the functional domain one or more resource accessibility rules corresponding to the second integrity level. In another embodiment, the policy domain automatically initiates operations in aid of transitioning the platform from the second integrity level to a higher integrity level.

  11. Apparatus, method and system to control accessibility of platform resources based on an integrity level

    Energy Technology Data Exchange (ETDEWEB)

    Jenkins, Chris; Pierson, Lyndon G.

    2016-10-25

    Techniques and mechanism to selectively provide resource access to a functional domain of a platform. In an embodiment, the platform includes both a report domain to monitor the functional domain and a policy domain to identify, based on such monitoring, a transition of the functional domain from a first integrity level to a second integrity level. In response to a change in integrity level, the policy domain may configure the enforcement domain to enforce against the functional domain one or more resource accessibility rules corresponding to the second integrity level. In another embodiment, the policy domain automatically initiates operations in aid of transitioning the platform from the second integrity level to a higher integrity level.

  12. Electromagnetic malfunction of semiconductor-type electronic personal dosimeters caused by access control systems for radiation facilities.

    Science.gov (United States)

    Deji, Shizuhiko; Ito, Shigeki; Ariga, Eiji; Mori, Kazuyuki; Hirota, Masahiro; Saze, Takuya; Nishizawa, Kunihide

    2006-08-01

    High frequency electromagnetic fields in the 120 kHz band emitted from card readers for access control systems in radiation control areas cause abnormally high and erroneous indicated dose readings on semiconductor-type electronic personal dosimeters (SEPDs). All SEPDs malfunctioned but recovered their normal performance by resetting after the exposure ceased. The minimum distances required to prevent electromagnetic interference varied from 5.0 to 38.0 cm. The electric and magnetic immunity levels ranged from 35.1 to 267.6 V m(-1) and from 1.0 to 16.6 A m(-1), respectively. Electromagnetic immunity levels of SEPDs should be strengthened from the standpoint of radiation protection.

  13. Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

    Science.gov (United States)

    Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

    2012-01-01

    As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are

  14. Access control mechanisms for distributed healthcare environments.

    Science.gov (United States)

    Sergl-Pommerening, Marita

    2004-01-01

    Today's IT-infrastructure provides more and more possibilities to share electronic patient data across several healthcare organizations and hospital departments. A strong requirement is sufficient data protection and security measures complying with the medical confidentiality and the data protection laws of each state or country like the European directive on data protection or the U.S. HIPAA privacy rule. In essence, the access control mechanisms and authorization structures of information systems must be able to realize the Need-To-Access principle. This principle can be understood as a set of context-sensitive access rules, regarding the patient's path across the organizations. The access control mechanisms of today's health information systems do not sufficiently satisfy this requirement, because information about participation of persons or organizations is not available within each system in a distributed environment. This problem could be solved by appropriate security services. The CORBA healthcare domain standard contains such a service for obtaining authorization decisions and administrating access decision policies (RAD). At the university hospital of Mainz we have developed an access control system (MACS), which includes the main functionality of the RAD specification and the access control logic that is needed for such a service. The basic design principles of our approach are role-based authorization, user rights with static and dynamic authorization data, context rules and the separation of three cooperating servers that provide up-to-date knowledge about users, roles and responsibilities. This paper introduces the design principles and the system design and critically evaluates the concepts based on practical experience.

  15. A Framework for Concrete Reputation-Systems with Applications to History-Based Access Control

    DEFF Research Database (Denmark)

    Krukow, Karl Kristian; Nielsen, Mogens; Sassone, Vladimiro

    2005-01-01

    -based trust-management systems provide no formal security-guarantees. In this extended abstract, we describe a mathematical framework for a class of simple reputation-based systems. In these systems, decisions about interaction are taken based on policies that are exact requirements on agents' past histories...... to encode other policies known from the literature, e.g., `one-out-of-k'. The problem of checking a history with respect to a policy is efficient for the basic language, and tractable for the quantified language when policies do not have too many variables....

  16. Controlling Access to Suicide Means

    Directory of Open Access Journals (Sweden)

    Miriam Iosue

    2011-12-01

    Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.

  17. CDC STATE System Tobacco Legislation - Youth Access

    Data.gov (United States)

    U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. Legislation—Youth Access. The STATE...

  18. Control of optics in random access analysers

    OpenAIRE

    Truchaud, A.

    1988-01-01

    The technology behind random access analysers involves flexible optical systems which can measure absorbances for one reaction at different scheduled times, and for several reactions performed simultaneously at different wavelengths. Optics control involves light sources (continuous and flash mode), indexing of monochromatic filters, injection-moulded plastic cuvettes, optical fibres, and polychromatic analysis.

  19. An electronically controlled automatic security access gate

    Directory of Open Access Journals (Sweden)

    Jonathan A. ENOKELA

    2014-11-01

    Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.

  20. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  1. Research and Application of Role-Based Access Control Model in Web Application System%Web应用系统中RBAC模型的研究与实现

    Institute of Scientific and Technical Information of China (English)

    黄秀文

    2015-01-01

    Access control is the main strategy of security and protection in Web system, the traditional access control can not meet the needs of the growing security. With using the role based access control (RBAC) model and introducing the concept of the role in the web system, the user is mapped to a role in an organization, access to the corresponding role authorization, access authorization and control according to the user's role in an organization, so as to improve the web system flexibility and security permissions and access control.%访问控制是Web系统中安全防范和保护的主要策略,传统的访问控制已不能满足日益增长的安全性需求。本文在web应用系统中,使用基于角色的访问控制(RBAC)模型,通过引入角色的概念,将用户映射为在一个组织中的某种角色,将访问权限授权给相应的角色,根据用户在组织内所处的角色进行访问授权与控制,从而提高了在web系统中权限分配和访问控制的灵活性与安全性。

  2. RBAC模型在医疗系统中的研究与应用%Research and application of role-based access control model in medical system

    Institute of Scientific and Technical Information of China (English)

    杨光明; 李先国

    2013-01-01

    Role-based access control(RBAC)is a mainstream technology applied to the system control user access. Accord-ing to the characteristics of the medical system,an access control algorithm is put forward in this paper. On the basis of RBAC model,the access subject and object in the medical system is analyzed,the role is introduced into the system,the permissions is associated with role,and the control for different users’access to records is investigated emphatically. by assigning a role to the appropriate user,then confering an appropriate access privilege on the user,and making the user and access logic separated, the flexibility and security of the permission assignment and access control in the medical system are improved.%基于角色的访问控制是目前应用在系统控制用户访问中比较主流的一门技术。在此针对医疗系统的特点,在基于角色的访问控制模型的基础上,分析医疗系统中的访问主体和客体,引入角色,将权限和角色相关联,重点研究不同用户对记录的访问控制,提出一个访问控制算法,通过分配用户适当的角色,然后授予用户适当的访问权限,使用户和访问权限逻辑分离,从而提高了在医疗系统中权限分配和访问控制的灵活性与安全性。

  3. Break-glass handling exceptional situations in access control

    CERN Document Server

    Petritsch, Helmut

    2014-01-01

    Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres

  4. Development of an Algorithm for Fiber-to-the-Home Passive Optical Network Automatic Self-restoration Scheme Using Access Control System

    OpenAIRE

    Mohammad S. Ab-Rahman; Siti R.A. Mahir

    2011-01-01

    Problem statement: Cables that are installed outdoors are subjected to harsh environmental conditions which make break down inevitable. When this happen it will disrupt the services and cause trouble to the users. To overcome this is to provide a means of restoring the network in case of failure. We introduced the Access Control System (ACS) and Customer Access Protection Unit (CAPU) to provide FTTH-PON monitoring, fault detection and protection. Approach: To design the C ...

  5. Access Agent Improving The Performance Of Access Control Lists

    Directory of Open Access Journals (Sweden)

    Thelis R. S.

    2015-08-01

    Full Text Available The main focus of the proposed research is maintaining the security of a network. Extranet is a popular network among most of the organizations where network access is provided to a selected group of outliers. Limiting access to an extranet can be carried out using Access Control Lists ACLs method. However handling the workload of ACLs is an onerous task for the router. The purpose of the proposed research is to improve the performance and to solidify the security of the ACLs used in a small organization. Using a high performance computer as a dedicated device to share and handle the router workload is suggested in order to increase the performance of the router when handling ACLs. Methods of detecting and directing sensitive data is also discussed in this paper. A framework is provided to help increase the efficiency of the ACLs in an organization network using the above mentioned procedures thus helping the organizations ACLs performance to be improved to be more secure and the system to perform faster. Inbuilt methods of Windows platform or Software for open source platforms can be used to make a computer function as a router. Extended ACL features allow the determining of the type of packets flowing through the router. Combining these mechanisms allows the ACLs to be improved and perform in a more efficient manner.

  6. 单片机门禁系统的设计与研究%The design and research of the access control system of single chip microcomputer

    Institute of Scientific and Technical Information of China (English)

    刘裕舸

    2016-01-01

    本文对单片机门禁系统的设计进行深层次的分析,希望能够促使今后的单片机门禁系统设计更加合理,更加可靠。%In this paper,the design of access control system based on MCU were in-depth analysis, hope to be able to promote future access control system based on MCU design more reasonable,more reliable.

  7. A Theorem on Grid Access Control

    Institute of Scientific and Technical Information of China (English)

    XU ZhiWei(徐志伟); BU GuanYing(卜冠英)

    2003-01-01

    The current grid security research is mainly focused on the authentication of grid systems. A problem to be solved by grid systems is to ensure consistent access control. This problem is complicated because the hosts in a grid computing environment usually span multiple autonomous administrative domains. This paper presents a grid access control model, based on asynchronous automata theory and the classic Bell-LaPadula model. This model is useful to formally study the confidentiality and integrity problems in a grid computing environment. A theorem is proved, which gives the necessary and sufficient conditions to a grid to maintain confidentiality.These conditions are the formalized descriptions of local (node) relations or relationship between grid subjects and node subjects.

  8. Predictive access control for distributed computation

    DEFF Research Database (Denmark)

    Yang, Fan; Hankin, Chris; Nielson, Flemming

    2013-01-01

    We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future...... behavior of a program. A novel feature of our approach is that we can define policies concerning secondary use of data....

  9. Efficient Access Control in Multimedia Social Networks

    Science.gov (United States)

    Sachan, Amit; Emmanuel, Sabu

    Multimedia social networks (MMSNs) have provided a convenient way to share multimedia contents such as images, videos, blogs, etc. Contents shared by a person can be easily accessed by anybody else over the Internet. However, due to various privacy, security, and legal concerns people often want to selectively share the contents only with their friends, family, colleagues, etc. Access control mechanisms play an important role in this situation. With access control mechanisms one can decide the persons who can access a shared content and who cannot. But continuously growing content uploads and accesses, fine grained access control requirements (e.g. different access control parameters for different parts in a picture), and specific access control requirements for multimedia contents can make the time complexity of access control to be very large. So, it is important to study an efficient access control mechanism suitable for MMSNs. In this chapter we present an efficient bit-vector transform based access control mechanism for MMSNs. The proposed approach is also compatible with other requirements of MMSNs, such as access rights modification, content deletion, etc. Mathematical analysis and experimental results show the effectiveness and efficiency of our proposed approach.

  10. Managing Delegation in Access Control Models

    CERN Document Server

    Ghorbel-Talbi, Meriam Ben; Cuppens-Boulahia, Nora; Bouhoula, Adel; 10.1109/ADCOM.2007.105

    2010-01-01

    In the field of access control, delegation is an important aspect that is considered as a part of the administration mechanism. Thus, a complete access control must provide a flexible administration model to manage delegation. Unfortunately, to our best knowledge, there is no complete model for describing all delegation requirements for role-based access control. Therefore, proposed models are often extended to consider new delegation characteristics, which is a complex task to manage and necessitate the redefinition of these models. In this paper we describe a new delegation approach for extended role-based access control models. We show that our approach is flexible and is sufficient to manage all delegation requirements.

  11. Web Access Control on Petrochemical Information Service System%石油化工信息系统Web权限管理的研究

    Institute of Scientific and Technical Information of China (English)

    贾红阳; 郭力; 李晓霞; 杨章远; 姜林; 陈晓青

    2001-01-01

    对Web权限控制进行了研究分析和应用。首先分析了进行权限控制的必要性;介绍了进行权限控制的几种实现形式,包括利用Web Server本身权限管理工具,通过在ASP/PHP页面中嵌入权限认证代码,或是将二者结合;最后,基于Apache服务器开发了图形化的权限管理系统,并已将它应用在Internet石化信息服务系统中。该软件可以方便地完成增删改用户/组,为用户/组设定权限,限制某些IP对本系统的访问等功能;并可以方便地移植到其他类似系统中。%Web Access Control is analyzed and applied to information service system in this article. First, the need of Access Control is discussed. Second, a few of implementation methods are introduced . Web servers have access control functions by itself. In addition, we may insert some codes in ASP/PHP page to check access rights. CGI/ISAPI may use either or both of the above methods. As to Internet Petrochemical Information Service System, we design and complete a software to finish this job. It has a series of functions such as add, delete, edit users/groups' information, grant or revoke access to users/groups, allow or deny some IPs to access the information system, etc. It can also be applied to other similar information systems conveniently.

  12. Remotely Accessible Management System (RAMS).

    Science.gov (United States)

    Wood, Rex

    Oakland Schools, an Intermediate School District for Administration, operates a Remotely Accessible Management System (RAMS). RAMS is composed of over 100 computer programs, each of which performs procedures on the files of the 28 local school districts comprising the constituency of Oakland Schools. This regional service agency covers 900 square…

  13. Law-Aware Access Control and its Information Model

    CERN Document Server

    Stieghahn, Michael

    2010-01-01

    Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation dir...

  14. Exploration and application of intelligent access control system%浅谈智能门禁系统的探索与应用

    Institute of Scientific and Technical Information of China (English)

    李伟良

    2013-01-01

      智能门禁系统是一种新型现代化安全管理系统,集自动识别技术和现代安全管理措施与一体,本文主要介绍目前比较常用的远距离RFID射频识别技术和生物识别技术两种智能门禁系统,并阐述了其各自特点及应用情况。%Intelligent Access Control System is a new kind of modern security management system, a set of automatic identification technology and modern safety management measures and one, This paper introduces the commonly used long-range RFID radio frequency identification technology and biometric technology two intelligent access control system, and expounded their respective characteristics and application.

  15. Proximity Displays for Access Control

    Science.gov (United States)

    Vaniea, Kami

    2012-01-01

    Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…

  16. The Application of Mobile Phone Keys in Electronic Access Control Systems%手机钥匙在电子门禁系统中的应用

    Institute of Scientific and Technical Information of China (English)

    张楠

    2015-01-01

    With the rapid development of mobile communication technology,the application of mobile phones is increasingly extensive.The mobile phones combined with RFID as electronic access keys become possible.This paper introduces the application of RFID technology in the mobile phones to open electronic access control systems.Through the comparison between the passwords or patterns stored in the RFID cards and those in the touch keys from electronic ac-cess control system,eventually the electronic access is opened safely and reliably.Mobile phones,a new way of utilization as the keys of electronic access control systems,have the ad-vantages of flexibility,convenience,safety and higher reliability.%随着移动通信技术的飞速发展,手机的应用越来越广泛,手机和 RFID 技术结合作为电子门禁钥匙已成为可能。介绍使用手机中的 RFID 技术打开电子门禁系统的应用方法,阐述了把手机解锁屏幕的密码或者图案存储到 RFID 卡中,电子门禁系统读出该密码或者图案,与通过电子门禁的触摸按键输入的密码或者图案进行比对,从而安全可靠地打开电子门禁系统的方法。手机作为电子门禁系统的钥匙使用,具有灵活、携带方便、保密性、可靠性高等优点,是一个另辟蹊径的应用。

  17. Analysis and Design of Access Control in Network File System for IMA System%面向IMA的网络文件系统访问控制分析与设计

    Institute of Scientific and Technical Information of China (English)

    段海军; 叶宏; 雷清; 郭勇; 张鹏

    2011-01-01

    In order to solve the problem of access control in network file system for IMA system, we analyse access control and put forward a design scheme of access control. We use the Network File Lock to realize multiple partitions mutually exclusive access to remote files by locking files and unlocking files. We use the module of access control to authenticate the rights of the user. The user can access to files only if through verification. Log files save the whole operation process of accessing remote files. The paper draws principle of network file lock and purview control and modular of log.%为了解决面向IMA的网络文件系统访问控制问题,分析了其中的访问控制,并提出一种访问控制的设计方案.采用网络文件锁,通过对文件的上锁和解锁,实现多个分区互斥访问远程文件;使用权限控制模块验证用户对文件的访问权限,用户通过验证后才能访问文件;日志文件记录整个访问远程文件的过程.给出了网络文件锁、权限控制和日志模块的工作原理.

  18. OpenCV-based design of embedded intelligent access control system%基于OpenCV的嵌入式智能门禁系统设计

    Institute of Scientific and Technical Information of China (English)

    韩进; 秦宏超; 杨颖超; 刘文武

    2015-01-01

    Smart Home Security System based on security requirements to Samsung S3C6410 embedded core chip as a platform to OpenCV technology as the core, designed and implemented with face recognition features intelligent security access control system. The intelligent access control system will first donor's human face Gray, dimensionality reduction and eigenvalue calculations and other processing, and then prepare training to be authorized in the relevant information. Then the camera to capture the information processing of the human face. The donor's human face to face with the collected information for comparison to determine whether the open access system. After testing, the intelligent access control system completed a face recognition function better, to achieve the access control system design requirements. The design has been successfully applied to smart home security system.%基于智能家居安防系统中安全性的需求,以三星S3C6410嵌入式核心芯片为平台,以OpenCV技术为核心,设计实现了具有人脸识别功能的智能安防门禁系统。本智能门禁系统首先将授权人的人脸信息进行灰度化、降维及计算特征值等处理,再进行准备训练,得到授权人的相关信息。然后对摄像头采集到的人脸信息进行处理。将授权人的人脸信息与采集到的人脸信息进行比对,判定门禁系统是否开放。经过测试,该智能门禁系统较好的完成了人脸识别功能,实现了门禁系统的设计要求。本设计已成功应用于智能家居安防系统中。

  19. Access control, security, and trust a logical approach

    CERN Document Server

    Chin, Shiu-Kai

    2010-01-01

    Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti

  20. Testing Efficiency Improved by Addition of Remote Access Control Room

    Science.gov (United States)

    1996-01-01

    The NASA Lewis Research Center's Remote Access Control Room (RACR) uses off-the-shelf video conferencing software integrated with existing facility data systems to provide access to the test data by networking from virtually anywhere in the country. The system allows research engineers in remote locations to participate in tests and monitor data in real time just as if they were present in the control room.

  1. Access control management for e-Healthcare in cloud environment

    Directory of Open Access Journals (Sweden)

    Lili Sun

    2014-03-01

    Full Text Available Data outsourcing is a major component for cloud computing that allows data owners to distribute resources to external services for users and organizations who can apply the resources. A crucial problem for owners is how to make sure their sensitive information accessed by legitimate users only using the trusted services but not authorized to read the actual information. With the increased development of cloud computing, it brings challenges for data security and access control when outsourcing users’ data and sharing sensitive data in cloud environment since it is not within the same trusted domain as data owners’. Access control policies have become an important issue in the security filed in cloud computing. Semantic web technologies represent much richer forms of relationships among users, resources and actions among different web applications such as clouding computing. However, Semantic web applications pose new requirements for security mechanisms especially in the access control models. This paper addresses existing access control methods and presents a semantic based access control model which considers semantic relations among different entities in cloud computing environment. We have enriched the research for semantic web technology with role-based access control that is able to be applied in the field of medical information system or e-Healthcare system. This work shows how the semantic web technology provides efficient solutions for the management of complex and distributed data in heterogeneous systems, and it can be used in the medical information systems as well.

  2. Urban Studies: A Study of Bibliographic Access and Control.

    Science.gov (United States)

    Anderson, Barbara E.

    This paper analyzes: (1) the bibliographic access to publications in urban studies via printed secondary sources; (2) development and scope of classification systems and of vocabulary control for urban studies; and (3) currently accessible automated collections of bibliographic citations. Urban studies is defined as "an agglomeration of…

  3. Radio access selection in multi-radio access systems

    NARCIS (Netherlands)

    Jorgušeski, L.; Litjens, R.; Zhiyi, C.; Nikookar, H.

    2007-01-01

    Future wireless access systems will be characterized by their heterogeneity from technological point of view. It is envisaged that in certain areas end-users will have a choice between various radio accesses (RAs) such as e.g. classical cellular networks (GSM, UMTS, WiMAX, etc), WLAN hot-spots, or o

  4. Access control in quality problem management system for aerospace product development%多级质量归零管理系统中的访问控制

    Institute of Scientific and Technical Information of China (English)

    王美清; 潘尚洁

    2011-01-01

    针对航天企业在质量归零管理信息化过程中遇到的对归零信息和归零过程的多级、多任务和多角色访问控制问题展开研究.在构建面向集团-院-厂所的三级归零管理业务模型的基础上,分析质量归零过程中对归零信息和归零流程的访问控制需求,提出基于任务和角色的扩展访问控制( Extended Task&Role Based Access Control,ETRBAC)模型,该模型将型号权限、产品权限、组织权限和任务权限进行综合,实现了对归零信息和归零流程的多维度访问控制.在理论研究的基础上,设计开发了访问控制组件,并通过软件的实施,验证该访问控制策略的有效性.%Multi-level, multi-task and multi-role is the prominent characteristics of the close-loop control of quality problem process in the process of aerospace product development. In the development of software system for quality problem management, the access control function need to cover above three parts. On the basis of setting up a three-layer business model for close-loop control of quality problem process, the requirements of access control on information and workflow of close-loop control of quality problem were analyzed. The model of Extended Task and Role Based Access Control(ETRBAC) is proposed in which the product, organization,task and role are integrated in authority configuration. Based on the ETRBAC model,an access control component was developed, and its validity was verified through the application in enterprise.

  5. Assessing and Improving the Access Control System in Radiation Control Area at Nuclear Power Plant%核电厂辐射控制区出入控制模式优化

    Institute of Scientific and Technical Information of China (English)

    沈恩伟; 薛大海

    2012-01-01

    Electronic personal dosimeter system is the most important part of access control system in radiation control area. At present the system developed by MGP inc (France) is widely used at nuclear power plants. This paper mainly discusses the fingerprint identification feasibility on the basis of linking electronic personal dosimeter system asociated with access control system.%电子剂量计系统是核电厂辐射控制区人员出入许可控制环节中最重要的手段,目前我国核电厂中广泛使用法国MGP公司的电子剂量系统。本文探讨核电厂在电子剂量计系统与出入控制联动的基础上实现人员指纹识别的可行性和识别系统的初步设计。

  6. Design and Implementation of Access Control Channel Management System%高校门禁通道管理系统的设计与实现

    Institute of Scientific and Technical Information of China (English)

    游海英

    2015-01-01

    The access control channel management system is an important component, it has function to safeguard property safety for teacher and student of college. The successful running of system improves college's security work which has positive reality significance. The dissertation design access control channel management system utilizes C/S architecture model. System function is divided into basic setting, card user management, controlling down sending, controlling up sending, query reporter and system management modules. System program language is C#, background database is SQL Server 2008. Whole system developing and debugging environment is Visual Studio 2010.%门禁通道管理系统属于学校安全保卫系统中的一个重要组成部分,具有保护学校广大教师和学生人生以及财产安全的作用,系统的成功运行对提高学校的安全保卫工作具有积极现实的意义.高校门禁通道管理系统在设计过程中,体系架构上选择的是C/S模式,具有基本设置、卡用户管理、控制下传、控制上传、通道监控、查询报表和系统设置7大功能模块.系统的编程语言为C#,SQL Server 2008为后台数据库,整个系统的开发调试是在Visual Studio 2010环境下开发的.

  7. Design and Realization of Embedded Web Access Control System%嵌入式Web访问控制系统的设计与实现

    Institute of Scientific and Technical Information of China (English)

    谯倩; 毛燕琴; 沈苏彬

    2011-01-01

    针对嵌入式Web系统自身的安全,结合嵌入式Web系统的特点,在对基于角色的访问控制模型研究的基础上对其进行简化修改,去掉角色继承的复杂模式,在此基础上提出了适用于嵌入式Web系统的“用户-角色-权限集(业务-页面-操作)”访问控制设计方案.并利用CGI技术实现了特定的嵌入式Web应用系统的访问控制功能,限制了合法用户对嵌入式Web系统资源的访问,防止了非法用户的侵入或因合法用户的不慎操作而造成的破坏.对实现的Web应用系统进行了测试,测试结果表明该模型具有良好的功能.%For the security of embedded Web system itself, combined with the characteristics of embedded Web system and based on the research on the model, it simplifies RBAC model to remove the role of complex patterns of inheritance and gives the embedded Web solution for access control system that is "user-role-privilege set (business-page-operation("model. The embedded Web access control system is achieved through CGI technology, limiting user access to embedded Web systems resources, and preventing the intrusion of unauthorized users or the damage caused by careless operation of legitimate users. The Web application system was tested, and the test results show that the model has good functions.

  8. Proximity Displays for Access Control

    Science.gov (United States)

    2012-09-01

    conference on Human factors in computing systems, 2011. 8.2 [35] Willis D. Ellis. A Source Book of Gestalt Psychology . Psychology Press, 1999. 3.3...Engineering agrees, listing cybersecurity as one of their Grand Challenges and specifically noting that understanding the psychology of computer users is...should support users in these behaviors. 2.5 Behavioral models Research from cognitive psychology , behavioral economics and the warning sciences pro- vide

  9. Service-Oriented Access Control

    Science.gov (United States)

    2014-09-01

    Language HTTP Hypertext Transfer Protocol HTTPS Secure Hypertext Transfer Protocol IDS intrusion detection system IEEE Institute for Electrical and...so we limit our focus to a subset of these services in order to convey the basic concepts of the framework. Specifically, we focus on Hypertext ...Transfer Protocol (HTTP), Secure Hypertext Transfer Protocol (HTTPS), and Internet Relay Chat (IRC). We also constrain our work in terms of network size

  10. An Extended Role Based Access Control Method for XML Documents

    Institute of Scientific and Technical Information of China (English)

    MENG Xiao-feng; LUO Dao-feng; OU Jian-bo

    2004-01-01

    As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

  11. Cryptographically Enforced Distributed Data Access Control

    NARCIS (Netherlands)

    Ibraimi, L.

    2011-01-01

    Outsourcing data storage reduces the cost of ownership. However, once data is stored on a remote server, users lose control over their sensitive data. There are two approaches to control the access to outsourced data. The first approach assumes that the outsourcee is fully trusted. This approach is

  12. Implementation of Flexible Access System

    Science.gov (United States)

    Wu, Chen-Hsiang; Peng, Jan-Wen; Shao, Shou-Kuo; Chen, Tzooming E.; Chen, Shih Chang; Lee, Meng-Shu; Yen, K.-Y.; Chen, Tsung-Mao; Wang, Ching Sheu; Tu, Yuan-Kuang

    1998-06-01

    In this paper we present the architecture, operation, and the implementation of a prototype system, flexible access system (FAS), developed by CHT T.L. for FITL applications. FAS adopts fiber to the curb (FTTC) topology and provides POTS, ISDN BRA, and T1 services. The system consists of three main parts, namely, fiber central office terminal (FCOT) at switch side, fiber nodes (FN) at customer side, and a monitor station. FCOT and FNs are connected through an STM-1 fiber distribution ring. The hardware structure and the operation principle for each module are described. FAS contains the mux-demux module, POTS, ISDN, and T1 central office/customer service modules, operation modules, and power module. In the design, each central office service module in FCOT simulates as a CPE to terminate signals from switch, and will separate the data and signaling and map them into DS1 format. Mux/demux module will add/drop these DS1, put the operation information in data communication channel (DCC), and convert them to STM-1 optical link. Each customer service module in FN simulates switch line cart to regenerate the signal for customers. The prototype system implementation confirms the benefits of introducing SDH add/drop technologies to FITL system to provide basic telecommunication services. The design experience reveals that the clock synchronization method and noise reduction technique can significantly influence the performance in such a system. The test results that demonstrate and verify the designed functionality and the service quality of the prototype system will be presented.

  13. A secure solution on hierarchical access control

    CERN Document Server

    Wei, Chuan-Sheng; Huang, Tone-Yau; Ong, Yao Lin

    2011-01-01

    Hierarchical access control is an important and traditional problem in information security. In 2001, Wu et.al. proposed an elegant solution for hierarchical access control by the secure-filter. Jeng and Wang presented an improvement of Wu et. al.'s method by the ECC cryptosystem. However, secure-filter method is insecure in dynaminc access control. Lie, Hsu and Tripathy, Paul pointed out some secure leaks on the secure-filter and presented some improvements to eliminate these secure flaws. In this paper, we revise the secure-filter in Jeng-Wang method and propose another secure solutions in hierarchical access control problem. CA is a super security class (user) in our proposed method and the secure-filter of $u_i$ in our solutions is a polynomial of degree $n_i+1$ in $\\mathbb{Z}_p^*$, $f_i(x)=(x-h_i)(x-a_1)...(x-a_{n_i})+L_{l_i}(K_i)$. Although the degree of our secure-filter is larger than others solutions, our solution is secure and efficient in dynamics access control.

  14. The linked medical data access control framework.

    Science.gov (United States)

    Kamateri, Eleni; Kalampokis, Evangelos; Tambouris, Efthimios; Tarabanis, Konstantinos

    2014-08-01

    The integration of medical data coming from multiple sources is important in clinical research. Amongst others, it enables the discovery of appropriate subjects in patient-oriented research and the identification of innovative results in epidemiological studies. At the same time, the integration of medical data faces significant ethical and legal challenges that impose access constraints. Some of these issues can be addressed by making available aggregated instead of raw record-level data. In many cases however, there is still a need for controlling access even to the resulting aggregated data, e.g., due to data provider's policies. In this paper we present the Linked Medical Data Access Control (LiMDAC) framework that capitalizes on Linked Data technologies to enable controlling access to medical data across distributed sources with diverse access constraints. The LiMDAC framework consists of three Linked Data models, namely the LiMDAC metadata model, the LiMDAC user profile model, and the LiMDAC access policy model. It also includes an architecture that exploits these models. Based on the framework, a proof-of-concept platform is developed and its performance and functionality are evaluated by employing two usage scenarios.

  15. Remote device access in the new accelerator controls middleware

    CERN Document Server

    Baggiolini, V; Jensen, S; Kostro, K; Risso, A; Trofimov, N N; SL

    2001-01-01

    This paper presents the Remote Device Access (RDA) package developed at CERN in the framework of the joint PS/SL Controls Middleware project. The package design reflects the Accelerator Device Model in which devices, named entities in the control system, can be controlled via properties. RDA implements this model in a distributed environment with devices residing in servers that can run anywhere in the controls network. It provides a location-independent and reliable access to the devices from control programs. By invoking the device access methods, clients can read, write and subscribe to device property values. We describe the architecture and design of RDA its API, and CORBA-based implementations in Java and C++. First applications of RDA in the CERN accelerator control systems are described as well.

  16. Experience with ActiveX control for simple channel access

    Energy Technology Data Exchange (ETDEWEB)

    Timossi, C.; Nishimura, H.; McDonald, J.

    2003-05-15

    Accelerator control system applications at Berkeley Lab's Advanced Light Source (ALS) are typically deployed on operator consoles running Microsoft Windows 2000 and utilize EPICS[2]channel access for data access. In an effort to accommodate the wide variety of Windows based development tools and developers with little experience in network programming, ActiveX controls have been deployed on the operator stations. Use of ActiveX controls for use in the accelerator control environment has been presented previously[1]. Here we report on some of our experiences with the use and development of these controls.

  17. 带有通讯约束的网络化控制系统容错控制技术研究%Fault Tolerant Control for Networked Control Systems with Access Constraints

    Institute of Scientific and Technical Information of China (English)

    ZHAO Ming-Yue; LIU He-Ping; LI Zhi-Jun; SUN De-Hui; LIU Ke-Ping

    2012-01-01

    In this paper,the problem of fault tolerant control (FTC) considering actuator fault for networked control systems (NCSs) with access constraints is addressed.A static scheduling method,periodic communication sequence (PCS),is applied to allocate network resource and schedule the access to the network.The novelty of this work lies in that the NCS with PCS and actuator fault are modeled as a periodic switching system and the schedule-dependent Lyapunov function method is used to design the fault tolerant controller.For the data packets dropped by scheduling strategy at each sampling time,0 and the value of previous sampling time are respectively considered to recover them.Additionally,the problem of robust FTC for the controlled plant with external energy-bounded disturbance is also respectively discussed under these two situations.Numerical examples are given to illustrate the effectiveness of the proposed design methods.

  18. Access control mechanism of wireless gateway based on open flow

    Science.gov (United States)

    Peng, Rong; Ding, Lei

    2017-08-01

    In order to realize the access control of wireless gateway and improve the access control of wireless gateway devices, an access control mechanism of SDN architecture which is based on Open vSwitch is proposed. The mechanism utilizes the features of the controller--centralized control and programmable. Controller send access control flow table based on the business logic. Open vSwitch helps achieve a specific access control strategy based on the flow table.

  19. A Digitally Addressable Random-Access Image Selector and Random-Access Audio System.

    Science.gov (United States)

    Bitzer, Donald L.; And Others

    The requirements of PLATO IV, a computer based education system at the University of Illinois, have led to the development of an improved, digitally addressable, random access image selector and a digitally addressable, random access audio device. Both devices utilize pneumatically controlled mechanical binary adders to position the mecahnical…

  20. 不同密级系统间基于BLP的访问控制机制%BLP Based Access Control Mechanism in Multi-level Network Systems

    Institute of Scientific and Technical Information of China (English)

    刘苏娜; 潘理; 姚立红

    2012-01-01

    将传统的BLP(Bell—La Padula)模型扩展,提出了一种适用于网络访问控制的N-BLP模型,通过定义网络元素和构造新的状态转换规则,实现了主体间通信行为的控制,并采用有限状态机理论验证了N—BLP模型的安全性,同时,基于LSM(Linux Security Modules)架构和TCP/IP协议构造了一个符合N—BLP模型的网络访问控制系统原型.结果表明,该系统能够精确控制连接的建立和数据流的传输,保障了不同密级网络系统之间信息交换的安全性.%N-BLP model for network access control was proposed based on the traditional BLP model. The new model can control the communication behavior between subjects by defining network elements and constructing new states transition rules. Also, the security validation of the model was given using the finite state machine theory. Further, an N-BLP access control prototype system based on LSM architecture and TCP/IP protocol was implemented. The results show that this system can fine-grainedly control the connection establishment and data flow transmission, and guarantee the security of information exchanging between multi-level network systems.

  1. An Effective Security Mechanism for M-Commerce Applications Exploiting Ontology Based Access Control Model for Healthcare System

    OpenAIRE

    S.M. Roychoudri; Dr. M. Aramudhan

    2016-01-01

    Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has pr...

  2. Role-based access control in retrospect

    NARCIS (Netherlands)

    Franqueira, Virginia N.L.; Wieringa, Roel

    2012-01-01

    Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of R

  3. Atom-Role-Based Access Control Model

    Science.gov (United States)

    Cai, Weihong; Huang, Richeng; Hou, Xiaoli; Wei, Gang; Xiao, Shui; Chen, Yindong

    Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.

  4. Access Control from an Intrusion Detection Perspective

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.

    Access control and intrusion detection are essential components for securing an organization's information assets. In practice, these components are used in isolation, while their fusion would contribute to increase the range and accuracy of both. One approach to accomplish this fusion is the

  5. Session Types for Access and Information Flow Control

    OpenAIRE

    Capecchi, Sara; Castellani, Ilaria; Dezani-Ciancaglini, Mariangiola; Rezk, Tamara

    2010-01-01

    We consider a calculus for multiparty sessions with delegation, enriched with security levels for session participants and data. We propose a type system that guarantees both session safety and a form of access control. Moreover, this type system ensures secure information flow, including controlled forms of declassification. In particular, it prevents leaks due to the specific control constructs of the calculus, such as session opening, selection, branching and delegation. We illustrate the ...

  6. Implementing context and team based access control in healthcare intranets.

    Science.gov (United States)

    Georgiadis, Christos K; Mavridis, Ioannis K; Nikolakopoulou, Georgia; Pangalos, George I

    2002-09-01

    The establishment of an efficient access control system in healthcare intranets is a critical security issue directly related to the protection of patients' privacy. Our C-TMAC (Context and Team-based Access Control) model is an active security access control model that layers dynamic access control concepts on top of RBAC (Role-based) and TMAC (Team-based) access control models. It also extends them in the sense that contextual information concerning collaborative activities is associated with teams of users and user permissions are dynamically filtered during runtime. These features of C-TMAC meet the specific security requirements of healthcare applications. In this paper, an experimental implementation of the C-TMAC model is described. More specifically, we present the operational architecture of the system that is used to implement C-TMAC security components in a healthcare intranet. Based on the technological platform of an Oracle Data Base Management System and Application Server, the application logic is coded with stored PL/SQL procedures that include Dynamic SQL routines for runtime value binding purposes. The resulting active security system adapts to current need-to-know requirements of users during runtime and provides fine-grained permission granularity. Apart from identity certificates for authentication, it uses attribute certificates for communicating critical security metadata, such as role membership and team participation of users.

  7. Dynamically Authorized Role-Based Access Control for Grid Applications

    Institute of Scientific and Technical Information of China (English)

    YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan

    2006-01-01

    Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.

  8. Easy Access: Auditing the System Network

    Science.gov (United States)

    Wiech, Dean

    2013-01-01

    In today's electronic learning environment, access to appropriate systems and data is of the utmost importance to students, faculty, and staff. Without proper access to the school's internal systems, teachers could be prevented from logging on to an online learning system and students might be unable to submit course work to an online…

  9. VHDL IMPLEMENTATION OF TEST ACCESS PORT CONTROLLER

    Directory of Open Access Journals (Sweden)

    MANPREET KAUR

    2012-06-01

    Full Text Available In this paper, an implementation of IEEE 1149.7 standard is used for designing Test Access Port (TAP Controller and testing of interconnects is done using boundary scan. By c-JTAG the pin count gets reduced which increases the performance and simplifies the connection between devices. TAP Controller is a synchronous Moore type finite state machine that is changed when the TMS and TCK signals of the test access port gets change. This controls the sequence operation of the circuitry conveyed by JTAG and c-JTAG. JTAGmainly used four pins with TAP and fifth pin is for optional use in Boundary scan. But c-JTAG uses only two pins with TAP. In this approach TDI and TDO gets multiplexed by using class T4 and T5 of c-JTAG. Various instructions are used for testing interconnects using IEEE 1149.7 standard (std.

  10. Development of an Algorithm for Fiber-to-the-Home Passive Optical Network Automatic Self-restoration Scheme Using Access Control System

    Directory of Open Access Journals (Sweden)

    Mohammad S. Ab-Rahman

    2011-01-01

    Full Text Available Problem statement: Cables that are installed outdoors are subjected to harsh environmental conditions which make break down inevitable. When this happen it will disrupt the services and cause trouble to the users. To overcome this is to provide a means of restoring the network in case of failure. We introduced the Access Control System (ACS and Customer Access Protection Unit (CAPU to provide FTTH-PON monitoring, fault detection and protection. Approach: To design the C programs for ACS and CAPU, we will come up with the algorithms which describe the switching configuration in general. The switching configurations are tabulated in truth tables and flow charts are constructed. Based on the flow charts, the respective C programs for ACS and CAPU will be written. The C programs will then be tested through simulation. After successful simulations, the programs will be downloaded into the respective PIC microcontrollers in the ACS and CAPU for lab testing. Results: When several faults occur at various lines, each Multi Access Detection System (MADS informs ACS and all CAPUs of the current line conditions. As programmed, ACS and CAPU will configure their switches to restore the network. When one of the working lines fail, the optical signal will be routed to its dedicated protection line. But when both its working and protection line fail, the optical signal will be routed to its neighboring protection line. Conclusion: We have successfully simulated the restoration of the optical signal when fault occur at its working line by restoring it to its dedicated protection line

  11. Access Control with RFID in the Internet of Things

    DEFF Research Database (Denmark)

    Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg

    2013-01-01

    , to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....

  12. Evaluation of secure capability-based access control in the M2M local cloud platform

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Prasad, Neeli R.; Prasad, Ramjee

    2016-01-01

    of multiple distributed M2M gateways, creating new challenges in the access control. Some existing access control systems lack in scalability and flexibility to manage access from users or entity that belong to different authorization domains, or fails to provide fine grained and flexible access right...... delegation. Recently, the capability based access control has been considered as method to manage access in the Internet of Things (IoT) or M2M domain. In this paper, the implementation and evaluation of a proposed secure capability based access control in the M2M local cloud platform is presented...

  13. CSchema: A Downgrading Policy Language for XML Access Control

    Institute of Scientific and Technical Information of China (English)

    Dong-Xi Liu

    2007-01-01

    The problem of regulating access to XML documents has attracted much attention from both academic and industry communities.In existing approaches, the XML elements specified by access policies are either accessible or inac-cessible according to their sensitivity.However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible.This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them.The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations.CSchema language has a type system to guarantee the type correctness of the embedded calcula-tion expressions and moreover this type system also generates a security view after type checking a CSchema policy.Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies.These released documents are then ready tobe accessed by, for instance, XML query engines.By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.

  14. CDC STATE System E-Cigarette Legislation - Youth Access

    Data.gov (United States)

    U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. E-Cigarette Legislation—Youth Access....

  15. Distributed medium access control in wireless networks

    CERN Document Server

    Wang, Ping

    2013-01-01

    This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi

  16. Digital Autonomous Terminal Access Communication (DATAC) system

    Science.gov (United States)

    Novacki, Stanley M., III

    1987-01-01

    In order to accommodate the increasing number of computerized subsystems aboard today's more fuel efficient aircraft, the Boeing Co. has developed the DATAC (Digital Autonomous Terminal Access Control) bus to minimize the need for point-to-point wiring to interconnect these various systems, thereby reducing total aircraft weight and maintaining an economical flight configuration. The DATAC bus is essentially a local area network providing interconnections for any of the flight management and control systems aboard the aircraft. The task of developing a Bus Monitor Unit was broken down into four subtasks: (1) providing a hardware interface between the DATAC bus and the Z8000-based microcomputer system to be used as the bus monitor; (2) establishing a communication link between the Z8000 system and a CP/M-based computer system; (3) generation of data reduction and display software to output data to the console device; and (4) development of a DATAC Terminal Simulator to facilitate testing of the hardware and software which transfer data between the DATAC's bus and the operator's console in a near real time environment. These tasks are briefly discussed.

  17. 基于角色的细粒度访问控制系统的研究与实现%Research and Implementation of Role Based Access Control System

    Institute of Scientific and Technical Information of China (English)

    杨亚平; 李伟琴; 刘怀宇

    2001-01-01

    First, a theory of access control—role based access control was analyzed, and the characters and advantages of RBAC were discussed. Then, the infrastructure and implementary techniques of our own access control system based on this theory were given. This system can provide access control service for FTP、WWW、TELNET. Its framework is presented with some core components: access filter server(AFS), access control server (ACS) and role & authorization management server (RAS).These three servers have distinct functions, while communicating and cooperating with each other as an integrated system.Finally, an instance using this system was given.%首先介绍了基于角色的访问控制理论,讨论了其主要特征和优势,然后给出了一个以该理论为基础的访问控制系统的设计框架及实现技术.该系统可以为FTP、WWW 、TELNET提供访问控制服务.系统的总体结构分为:访问控制服务器、访问控制请求过滤器、角色及授权管理服务器,它们各司其职,协同服务,共同构成完整的访问控制系统.

  18. Access Control Framework Based on Mobile P2P System%一种基于移动P2P系统的访问控制框架

    Institute of Scientific and Technical Information of China (English)

    方芳; 陈世平; 裘慧奇; 王佳炳

    2011-01-01

    针对移动P2P网络中的对等端容易耗尽系统资源、受到拒绝服务攻击等问题,提出了一种访问控制框架.在RBAC模型的基础上提出MT-RBAC访问控制框架,模型使用了空间上下文、信任约束和资源控制来实现移动P2P系统的访问控制机制.有效地避免了恶意节点的资源请求对系统资源的消耗,提高了系统可用性.%In order to solve the problem which has existed in the mobile p2p network, for example, the excessive consumption of system resources and the attacks of denial service, a new access control is proposed in this paper. Based on RB AC access control framework, MT-RB AC access control framework adopts the techniques of spatial context, trust constraint and resource control to achieve the access control mechanism of the Mobile P2P System. The new access control framework can effectively and efficiently increase the usability of the system, and prevent the system from the irrational resource request from spite nodes.

  19. Embedded systems for supporting computer accessibility.

    Science.gov (United States)

    Mulfari, Davide; Celesti, Antonio; Fazio, Maria; Villari, Massimo; Puliafito, Antonio

    2015-01-01

    Nowadays, customized AT software solutions allow their users to interact with various kinds of computer systems. Such tools are generally available on personal devices (e.g., smartphones, laptops and so on) commonly used by a person with a disability. In this paper, we investigate a way of using the aforementioned AT equipments in order to access many different devices without assistive preferences. The solution takes advantage of open source hardware and its core component consists of an affordable Linux embedded system: it grabs data coming from the assistive software, which runs on the user's personal device, then, after processing, it generates native keyboard and mouse HID commands for the target computing device controlled by the end user. This process supports any operating system available on the target machine and it requires no specialized software installation; therefore the user with a disability can rely on a single assistive tool to control a wide range of computing platforms, including conventional computers and many kinds of mobile devices, which receive input commands through the USB HID protocol.

  20. Access Control of Web and Java Based Applications

    Science.gov (United States)

    Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

    2011-01-01

    Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

  1. Design and Implementation of Joint Detection Access Control System%一种联合检测门禁系统的设计与实现

    Institute of Scientific and Technical Information of China (English)

    孙科学; 洪櫆; 章康宁; 王星稚; 刘康

    2016-01-01

    门禁系统作为目前物联网中发展应用较为成熟的产品,与物联网行业的发展密切相关。现在市场上的门禁系统有基于射频识别、指纹识别、密码识别等方式,但单一识别方式较为容易破解。文中设计综合了语音识别、指纹识别、无线数传与 GSM 网络通讯的联合检测门禁系统,系统中由语音识别与指纹识别完成身份认证,无线传输负责系统内通信, GSM 网络通讯作为向外界报警手段。针对系统整体结构,关键技术的开发过程,系统工作流程做了详细介绍,并对系统的双重认证,无线数传分体式设计,加密通信方式等特点进行了总结。提出并设计实现了一种将语音识别、指纹识别相结合的复合认证门禁系统。%Entrance guard system,as a mature product,is closely related to the development of the Internet of Things industry. Now the market includes entrance guard system based on RFID,fingerprint identification,password identification and so on,but the way is relative-ly easy to identify a single crack. The design proposes an integrated access control combined detection entrance guard system of speech recognition,fingerprint recognition,wireless data transmission and GSM network communications. In the system,the identity authentica-tion is done by speech recognition and fingerprint recognition,a wireless transmission system is responsible for communication,GSM net-work alarms to the outside world as a means of communication. In view of the overall system structure and key technology development process,the system working process is introduced in detail,and the system of dual certification,wireless digital separation design,encryp-tion communication characteristics are summarized. Present and design a dual authentication entrance guard system combined speech rec-ognition and fingerprint recognition.

  2. Integrating Attributes into Role-Based Access Control

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram

    2015-01-01

    Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area...

  3. Attributes Enhanced Role-Based Access Control Model

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram

    2015-01-01

    as an important area of research. In this paper, we propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control...

  4. Secure Dynamic access control scheme of PHR in cloud computing.

    Science.gov (United States)

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  5. On application of intelligent access control system in energy-saving of heating ventilation air-conditioner system%谈智能门禁系统在暖通空调系统节能中的应用

    Institute of Scientific and Technical Information of China (English)

    苏伟; 焦春玲; 罗炜

    2012-01-01

    The paper introduces the basic components and functions of the intelligent access control system,illustrates the application of the intelligent access control system in the various energy-saving of heating ventilation air-conditioner systems,including the workhouse heating system,the ventilation system,and the air-conditioner system,so as to direct the practice and to enhance the development of the energy-saving technique of the heating ventilation air-conditioner.%针对智能门禁系统的基本组成及功能进行了具体介绍,分别阐述了智能门禁系统在厂房采暖系统、通风系统、空调系统等不同的暖通空调系统节能中的应用,以期指导实践,促进暖通空调领域节能技术的发展。

  6. Controllability of nonlinear systems.

    Science.gov (United States)

    Sussmann, H. J.; Jurdjevic, V.

    1972-01-01

    Discussion of the controllability of nonlinear systems described by the equation dx/dt - F(x,u). Concepts formulated by Chow (1939) and Lobry (1970) are applied to establish criteria for F and its derivatives to obtain qualitative information on sets which can be obtained from x which denotes a variable of state in an arbitrary, real, analytical manifold. It is shown that controllability implies strong accessibility for a large class of manifolds including Euclidean spaces.-

  7. Common Control System Vulnerability

    Energy Technology Data Exchange (ETDEWEB)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an

  8. Access Control Design and Implementations in the ATLAS Experiment

    CERN Document Server

    Leahu, M C; Avolio, G

    2008-01-01

    The ATLAS experiment operates with a significant number of hardware and software resources. Their protection against misuse is an essential task to ensure a safe and optimal operation. To achieve this goal, the Role Based Access Control (RBAC) model has been chosen for its scalability, flexibility, ease of administration and usability from the lowest operating system level to the highest software application level. This paper presents the overall design of RBAC implementation in the ATLAS experiment and the enforcement solutions in different areas such as the system administration, control room desktops and the data acquisition software. The users and the roles are centrally managed using a directory service based on Lightweight Directory Access Protocol which is kept in synchronization with the human resources and IT datab

  9. Distributed Access View Integrated Database (DAVID) system

    Science.gov (United States)

    Jacobs, Barry E.

    1991-01-01

    The Distributed Access View Integrated Database (DAVID) System, which was adopted by the Astrophysics Division for their Astrophysics Data System, is a solution to the system heterogeneity problem. The heterogeneous components of the Astrophysics problem is outlined. The Library and Library Consortium levels of the DAVID approach are described. The 'books' and 'kits' level is discussed. The Universal Object Typer Management System level is described. The relation of the DAVID project with the Small Business Innovative Research (SBIR) program is explained.

  10. 基于RBAC的文件级分布式安全访问控制系统的研究%Research on a File Level Distributed Secure Access Control System Based on RBAC

    Institute of Scientific and Technical Information of China (English)

    王俊; 贾连兴; 姚海潮; 何建平

    2011-01-01

    访问控制技术能够有效避免对数据的非法访问,增强对用户行为的管理.依托分布式并行文件系统GlusterFS,结合RBAC思想,设计了一个文件级分布式安全访问控制系统—Distributed Secure Access Control System(DSAS).重点研究了存储系统中RBAC机制的实现方法,提出了基于角色证书的用户身份验证及角色授权机制.测试结果表明,DSAS系统在满足数据安全性需求的同时,同样能够较好地满足存储系统性能需求.%Access control technology can effectively avoid the unauthorized access for data and strengthen the management to the customer behavior. Depended on the distributed parallel file system GlusterFS and combined with the principles of RBAC, this paper designed a file level Distributed Secure Access Control System(DSAS), mainly studied the carrying out of RBAC mechanism method in the storage system, put forward customer identity verification and role authorization mechanism based on the role credential. Test results illustrated that DSAS system can be well fulfill the need for data reliability and security and the need for storage system performance.

  11. The ISOLDE control system

    Science.gov (United States)

    Deloose, I.; Pace, A.

    1994-12-01

    The two CERN isotope separators named ISOLDE have been running on the new Personal Computer (PC) based control system since April 1992. The new architecture that makes heavy use of the commercial software and hardware of the PC market has been implemented on the 1700 geographically distributed control channels of the two separators and their experimental area. Eleven MSDOS Intel-based PCs with approximately 80 acquisition and control boards are used to access the equipment and are controlled from three PCs running Microsoft Windows used as consoles through a Novell Local Area Network. This paper describes the interesting solutions found and discusses the reduced programming workload and costs that have been obtained.

  12. Access Safety Systems – New Concepts from the LHC Experience

    CERN Document Server

    Ladzinski, T; di Luca, S; Hakulinen, T; Hammouti, L; Riesco, T; Nunes, R; Ninin, P; Juget, J-F; Havart, F; Valentini, F; Sanchez-Corral Mena, E

    2011-01-01

    The LHC Access Safety System has introduced a number of new concepts into the domain of personnel protection at CERN. These can be grouped into several categories: organisational, architectural and concerning the end-user experience. By anchoring the project on the solid foundations of the IEC 61508/61511 methodology, the CERN team and its contractors managed to design, develop, test and commission on time a SIL3 safety system. The system uses a successful combination of the latest Siemens redundant safety programmable logic controllers with a traditional relay logic hardwired loop. The external envelope barriers used in the LHC include personnel and material access devices, which are interlocked door-booths introducing increased automation of individual access control, thus removing the strain from the operators. These devices ensure the inviolability of the controlled zones by users not holding the required credentials. To this end they are equipped with personnel presence detectors and th...

  13. Research on role-based lightweight access control system%基于角色的轻量级访问控制系统的研究

    Institute of Scientific and Technical Information of China (English)

    曹磊; 吕良双

    2006-01-01

    介绍了基于角色的访问控制(Role-Based Access Control,RBAC)模型的理论基础与特点,并根据轻量级应用的需要设计并实现了一个具有一定可重用性的访问控制模型系统,为相关系统的设计提供了应用范例.

  14. A formal model for access control with supporting spatial context

    Institute of Scientific and Technical Information of China (English)

    ZHANG Hong; HE YePing; SHI ZhiGuo

    2007-01-01

    There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented,and the role is assigned a logical location domain to specify the spatial boundary.Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints,location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.

  15. 基于角色-功能的Web应用系统访问控制方法%Access Control Method for Web Application System Based on Role-function

    Institute of Scientific and Technical Information of China (English)

    庞希愚; 王成; 仝春玲

    2014-01-01

    The access control requirements of Web application system and the shortcomings in Web application system with Role-based Access Control(RBAC) model are analyzed, a fundamental idea of access control based on role-function model is proposed and its implementation details are discussed. Based on naturally formed Web page organization structure according to the business function requirements of the system and access control requirements of users, business functions of pages are partitioned in bottom menu in order to form the basic unit of permissions configuration. Through configuring the relation between user, role, page, menu, function to control user access to system resources such as Web page, the html element and operation in the page. Through the practical application of scientific research management system in Shandong Jiaotong University, application shows that implementation of access control in the page and menu to achieve business function, can well meet the enterprise requirements for user access control of Web system. It has the advantages of simple operation, strong versatility, and effectively reduces the workload of Web system development.%分析现有基于角色的访问控制模型在Web应用系统中的不足,提出一种基于角色-功能模型的用户访问控制方法,并对其具体的实现进行讨论。以系统业务功能需求自然形成的Web页面组织结构和用户访问控制需求为基础,划分最底层菜单中页面实现的业务功能,以业务功能作为权限配置的基本单位,通过配置用户、角色、页面、菜单、功能之间的关系,控制用户对页面、页面中所包含的html元素及其操作等Web系统资源的访问。在山东交通学院科研管理系统中的实际应用结果表明,该方法在菜单及页面实现的业务功能上实施访问控制,可使Web系统用户访问控制较好地满足用户要求,有效降低Web系统开发的工作量。

  16. 基于校园一卡通的机房门禁与考勤系统研究%Study on the Room Access Control and Attendance System Based on Campus Card System

    Institute of Scientific and Technical Information of China (English)

    俞浩平; 方匡钿

    2014-01-01

    针对目前机房管理存在问题,对机房门禁与考勤系统进行需求分析,给出了该系统的架构和设计过程,深入研究了提高系统安全性和运行效率的方法,并对该系统所涉及的难点给予了解决。%Aiming at the problems in computer room management, carries on the demand analysis to the room access control and attendance system, the system architecture and design process are presented, research the method to enhance the system security and efficiency, and the difficulties involved in the system to solve.

  17. Channel Access Algorithm Design for Automatic Identification System

    Institute of Scientific and Technical Information of China (English)

    Oh Sang-heon; Kim Seung-pum; Hwang Dong-hwan; Park Chan-sik; Lee Sang-jeong

    2003-01-01

    The Automatic Identification System (AIS) is a maritime equipment to allow an efficient exchange of the navigational data between ships and between ships and shore stations. It utilizes a channel access algorithm which can quickly resolve conflicts without any intervention from control stations. In this paper, a design of channel access algorithm for the AIS is presented. The input/output relationship of each access algorithm module is defined by drawing the state transition diagram, dataflow diagram and flowchart based on the technical standard, ITU-R M.1371. In order to verify the designed channel access algorithm, the simulator was developed using the C/C++ programming language. The results show that the proposed channel access algorithm can properly allocate transmission slots and meet the operational performance requirements specified by the technical standard.

  18. Control systems under attack?

    CERN Document Server

    Lüders, Stefan

    2005-01-01

    The enormous growth of the Internet during the last decade offers new means to share and distribute both information and data. In Industry, this results in a rapprochement of the production facilities, i.e. their Process Control and Automation Systems, and the data warehouses. At CERN, the Internet opens the possibility to monitor and even control (parts of) the LHC and its four experiments remotely from anywhere in the world. However, the adoption of standard IT technologies to Distributed Process Control and Automation Systems exposes inherent vulnerabilities to the world. The Teststand On Control System Security at CERN (TOCSSiC) is dedicated to explore the vulnerabilities of arbitrary Commercial-Of-The-Shelf hardware devices connected to standard Ethernet. As such, TOCSSiC should discover their vulnerabilities, point out areas of lack of security, and address areas of improvement which can then be confidentially communicated to manufacturers. This paper points out risks of accessing the Control and Automa...

  19. 基于角色和任务的工作流访问控制管理模型%An Administrative Model for Task-Role Based on Access Control in Workflow Systems

    Institute of Scientific and Technical Information of China (English)

    张晶; 杨国林; 萨智海

    2011-01-01

    针对现有访问控制模型在工作流系统安全方面存在的不足,提出一种基于角色和任务的工作流访问控制管理模型(ATRBAC).该模型将ARBAC模型中的管理思想融入TRBAC模型,并引入管理员及管理权限,同时对管理员实行层次管理,解决了系统管理员的权限过大而产生的隐患,加强了系统的安全性.%To overcome the weaknesses of security existing in the old access control models of workflow systems,a new model called Administrative Model for Task-Role Based Access Control (ATRBAC) is presented in this paper.In this model the administrative idea of ARBAC (Administrative Model for Role Based Access Control) is integrated into the TRBAC (Task-Role Based Access Control) through adding administrator and administrative privilege.By applying hierarchical management on administrators, the hidden risk caused by the excessive privileges of system administrator is solved, and the security of workflow system is further strengthened.

  20. 智能建筑区门禁系统自动化识别技术分析%Analysis on Automatic Identification Technology of Intelligent Building Access Control System

    Institute of Scientific and Technical Information of China (English)

    张卉

    2015-01-01

    门禁系统是智能建筑区必备设施,可对建筑区提供安全防护、自动调控等多方面功能.指纹识别系统是人工智能改造的新系统,为门禁系统自动识别提供了科技化措施.本文分析了智能建筑发展趋势及指纹识别系统的基本构成,介绍了智能建筑门禁系统自动化识别技术的应用方法.%The access control system of intelligent building is a necessary facility, which provides security protection, automatic control and so on. Fingerprint identification system is a new artificial intelligence system, providing technological measures for the automatic identification of access control system. This paper analyzes the development trend of intelligent building and the basic structure of fingerprint identification system, introduces the application of automatic recognition technology in intelligent building access control system.

  1. Task-and-role-based access-control model for computational grid

    Institute of Scientific and Technical Information of China (English)

    LONG Tao; HONG Fan; WU Chi; SUN Ling-li

    2007-01-01

    Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.

  2. Capability-based Access Control Delegation Model on the Federated IoT Network

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

    2012-01-01

    Flexibility is an important property for general access control system and especially in the Internet of Things (IoT), which can be achieved by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has...... no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...

  3. Open versus Controlled-Access Data | Office of Cancer Genomics

    Science.gov (United States)

    OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

  4. An approach to access control in electronic health record.

    Science.gov (United States)

    Sucurovic, Snezana

    2010-08-01

    OASIS is a non-for-profit consortium that drives the development convergence and adoption of open standards for the global information society. It involves more than 600 organizations and individuals as well as IT leaders Sun, Microsoft, IBM and Oracle. One of its standards is XACML which appeared a few years ago and now there are about 150,000 hits on Google. XACML (eXtensible Access Control Markup Language) is not technology related. Sun published in 2004 open source Sun XACML which is in compliance with XACML 1.0. specification and now works to make it comply with XACML 2.0. The heart of XACML are attributes values of defined type and name that is to be attached to a subject, a resource, an action and an environment in which a subject request action on resource. In that way XACML is to replace Role Based Access Control which dominated for years. The paper examines performances in CEN 13 606 and ISO 22 600 based healthcare system which uses XACML for access control.

  5. 基于角色访问控制模型及其在操作系统中的实现%Role-Based Access Control Model and its Implementation in Operating System

    Institute of Scientific and Technical Information of China (English)

    刘伟; 孙玉芳

    2003-01-01

    Since Role-based access control shows great advantage in meeting the security need in large-scale, enter-prise-wide system, RBAC becomes the hot topic in access control research area. Researchers have proposed severalRBAC models, which include the famous RBAC96 model. However, these frameworks are sometimes hard for sys-tem developers to understand because the models defined are too abstract or focus on application-oriented solutions.In this paper, a new model (OSRBAC)is discussed, which is the improved model to RBAC3 model in RBAC96 modelfamily. Compared with RBAC3 model, OSRBAC model is more concrete and easilier to understand. At the end, thispaper describes the implementation of OSRBAC model in RedFlag Secure Operating System(RFSOS).

  6. Research on System Access Control Based on Spring Security ACL%基于Spring Security ACL的系统访问控制研究

    Institute of Scientific and Technical Information of China (English)

    张朝日

    2011-01-01

    Spring Security ACL is an access control security framework, it can control all kinds of resource authority. This article introduces the concept and mechanism of Spring Security ACL, at the same time describes the implementation and process of Spring Security ACL security framework by example.%Spring Security ACL是一个权限访问控制框架,主要用采控制各种资源的访问权限.本文讲述Spring Security ACL的机制原理和理论研究,同时也通过一个简单的权限控制实现的例子演示Spring Security ACL的安全框架的实现方法和过程.

  7. Design of Networked Access Control and Attendance System Based on ARM-Linux and JavaEE%基于ARM-Linux与JavaEE网络化门禁考勤系统的设计

    Institute of Scientific and Technical Information of China (English)

    房好帅; 李志鹏; 郑哲豪; 王春景

    2014-01-01

    Proposes a design proposal of networked access control and attendance system, includes access control and attendance clients connect server via network. The hardware of access control and attendance client consists of ARM as the core processor, connects the RFID card reader, camera, LCD and access controller. Develops the service interfaces using JavaEE technology, and then deployed in Tomcat which the server has installed. The access control attendance record information can saved in database and by FTP file transferring. The overall architecture of this design has a preferable expansibility, only after a few secondary devel-opments, existing personnel management systems can be integrated with the design proposal.%提出了一种网络化门禁考勤系统的设计方案,由门禁考勤机和后台服务器通过网络连接构成。门禁考勤机以ARM处理器为核心,连接RFID读卡器、摄像头、LCD显示屏、门禁控制器等构成硬件系统,移植Linux作为嵌入式操作系统;采用JavaEE技术实现后台服务接口,部署在后台服务器安装的Tomcat中;利用数据库和FTP文件传输保存门禁考勤信息记录;整体架构设计扩展性较好,现有的人事管理系统经过少量的二次开发便可与本方案进行集成。

  8. Access Control Model for Sharing Composite Electronic Health Records

    Science.gov (United States)

    Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

    The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

  9. Quantum control without access to the controlling interaction

    CERN Document Server

    Janzing, D; Zeier, R; Beth, T; Janzing, Dominik; Armknecht, Frederik; Zeier, Robert; Beth, Thomas

    2001-01-01

    In our model a fixed Hamiltonian acts on the joint Hilbert space of a quantum system and its controller. We show under which conditions measurements, state preparations, and unitary implementations on the system can be performed by quantum operations on the controller only. It turns out that a measurement of the observable A and an implementation of the one-parameter group exp(iAr) can be performed by almost the same sequence of control operations. Furthermore measurement procedures for A+B, for (AB+BA), and for i[A,B] can be constructed from measurements of A and B. This shows that the algebraic structure of the set of observables can be explained by the Lie group structure of the unitary evolutions on the joint Hilbert space of the measuring device and the measured system. A spin chain model with nearest neighborhood coupling shows that the border line between controller and system can be shifted consistently.

  10. Distributed Role-based Access Control for Coaliagion Application

    Institute of Scientific and Technical Information of China (English)

    HONG Fan; ZHU Xian; XING Guanglin

    2005-01-01

    Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.

  11. Privacy Enhanced Access Control by Means of Policy Blinding

    NARCIS (Netherlands)

    Sedghi, Saeed; Hartel, Pieter; Jonker, Willem; Nikova, Svetla; Bao, Feng; Weng, Jian

    2011-01-01

    Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean som

  12. Dynamic User Role Assignment in Remote Access Control

    NARCIS (Netherlands)

    Saffarian, Mohsen; Tang, Qiang; Jonker, Willem; Hartel, Pieter

    2009-01-01

    The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,

  13. Dynamic User Role Assignment in Remote Access Control

    NARCIS (Netherlands)

    Saffarian, M.; Tang, Qiang; Jonker, Willem; Hartel, Pieter H.

    2009-01-01

    The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,

  14. A study of multiple access schemes in satellite control network

    Science.gov (United States)

    Mo, Zijian; Wang, Zhonghai; Xiang, Xingyu; Wang, Gang; Chen, Genshe; Nguyen, Tien; Pham, Khanh; Blasch, Erik

    2016-05-01

    Satellite Control Networks (SCN) have provided launch control for space lift vehicles; tracking, telemetry and commanding (TTC) for on-orbit satellites; and, test support for space experiments since the 1960s. Currently, SCNs encounter a new challenge: how to maintain the high reliability of services when sharing the spectrum with emerging commercial services. To achieve this goal, the capability of multiple satellites reception is deserved as an update/modernization of SCN in the future. In this paper, we conducts an investigation of multiple access techniques in SCN scenario, e.g., frequency division multiple access (FDMA) and coded division multiple access (CDMA). First, we introduce two upgrade options of SCN based on FDMA and CDMA techniques. Correspondingly, we also provide their performance analysis, especially the system improvement in spectrum efficiency and interference mitigation. Finally, to determine the optimum upgrade option, this work uses CRISP, i.e., Cost, Risk, Installation, Supportability and Performance, as the baseline approach for a comprehensive trade study of these two options. Extensive numerical and simulation results are presented to illustrate the theoretical development.

  15. A Model of Workflow-oriented Attributed Based Access Control

    Directory of Open Access Journals (Sweden)

    Guoping Zhang

    2011-02-01

    Full Text Available the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC, and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.

  16. Secure Access Control and Authority Delegation Based on Capability and Context Awareness for Federated IoT

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

    2013-01-01

    Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...

  17. The ISOLDE control system

    Energy Technology Data Exchange (ETDEWEB)

    Deloose, I. (CERN, PS Division, CH-1211 Geneva 23 (Switzerland)); Pace, A. (CERN, PS Division, CH-1211 Geneva 23 (Switzerland))

    1994-12-15

    The two CERN isotope separators named ISOLDE have been running on the new Personal Computer (PC) based control system since April 1992. The new architecture that makes heavy use of the commercial software and hardware of the PC market has been implemented on the 1700 geographically distributed control channels of the two separators and their experimental area. Eleven MSDOS Intel-based PCs with approximately 80 acquisition and control boards are used to access the equipment and are controlled from three PCs running Microsoft Windows used as consoles through a Novell Local Area Network. This paper describes the interesting solutions found and discusses the reduced programming workload and costs that have been obtained. ((orig.))

  18. THE MODEL OF DISTINCTION OF ACCESS RIGHTS TO INFORMATION OBJECTS OF THE SYSTEM OF CONTROLLING OF BUSINESS PROCESSES OF AN AVIATION ENTERPRISE

    Directory of Open Access Journals (Sweden)

    Andrey V. Degtyarev

    2014-01-01

    Full Text Available On the basis of the analysis of controlling system of business processes ofaviation enterprise was formulated the approach for set up an hierarchicalmodel of personal permissions to information resources of an automatic of thesystem of controlling of projects and contracts (ASCPC on the instrumentaland procedure levels. On the model base structure of personalized key wasdeveloped. This model reflective of possibilities of the every category of userswhen working with ASCPC.

  19. Implementing Discretionary Access Control with Time Character in Linux and Performance Analysis

    Institute of Scientific and Technical Information of China (English)

    TAN Liang; ZHOU Ming-Tian

    2006-01-01

    DAC (Discretionary Access Control Policy) is access control based on ownership relations between subject and object, the subject can discretionarily decide on that who, by what methods, can access his owns object. In this paper, the system time is looked as a basic secure element. The DAC_T (Discretionary Access Control Policy with Time Character) is presented and formalized. The DAC_T resolves that the subject can discretionarily decide that who, on when, can access his owns objects. And then the DAC_T is implemented on Linux based on GFAC (General Framework for Access Control), and the algorithm is put forward. Finally, the performance analysis for the DAC_T_Linux is carried out. It is proved that the DAC_T_Linux not only can realize time constraints between subject and object but also can still be accepted by us though its performance have been decreased.

  20. 云计算中的虚拟身份认证技术研究%Access Control System in the Cloud Computing Platform of Application

    Institute of Scientific and Technical Information of China (English)

    孙赢

    2013-01-01

    云计算是不同计算实体的结合,电子相连,分布在世界各地.随着云计算的地理位置朝着分散服务器机房联合的方向发展,伴随着大量的安全问题.例如虚拟化安全,应用安全,身份管理,访问控制和虚拟身份认证等.尽管如此,虚拟身份认证是云计算最重要的需求,用来限制非法访问云服务器.本文提出了一种虚拟身份认证的算法,只有用户的合法性经强验证核实才能接入云.该算法提供了身份管理互相认证,用户建立会话密钥等.安全性分析实现了云计算建议算法的可行性和实现效率.%Cloud computing is a combination of different computational entities, connected to the electronic, located around the world.With geographically dispersed server room joint in the direction of cloud development, accompanied by a large number of security issues.Such as virtualization, security, application security, identity management, access control and virtual identity authentication, and so on.Nevertheless, virtual identity is the most important cloud computing needs to limit illegal access to the cloud server.This article presents an algorithm for virtual identity authentication, only users with strong verification of the legality of the cloud.The algorithm provides mutual authentication of identity management, user session keys, and so on.Security analysis of cloud computing recommends that the feasibility and efficiency of the algorithm.

  1. Permission to Speak: A Novel Formal Foundation for Access Control

    Science.gov (United States)

    2016-06-21

    Permission to Speak: A Novel Formal Foundation for Access Control Oleg Sokolsky Nikhil Dinesh, Insup Lee, Aravind Joshi Report Documentation Page...comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 04 NOV 2009 2. REPORT TYPE 3...DATES COVERED 00-00-2009 to 00-00-2009 4. TITLE AND SUBTITLE Permission to Speak: A Novel Formal Foundation for Access Control 5a. CONTRACT

  2. Science information systems: Archive, access, and retrieval

    Science.gov (United States)

    Campbell, William J.

    1991-01-01

    The objective of this research is to develop technology for the automated characterization and interactive retrieval and visualization of very large, complex scientific data sets. Technologies will be developed for the following specific areas: (1) rapidly archiving data sets; (2) automatically characterizing and labeling data in near real-time; (3) providing users with the ability to browse contents of databases efficiently and effectively; (4) providing users with the ability to access and retrieve system independent data sets electronically; and (5) automatically alerting scientists to anomalies detected in data.

  3. Decentralized energy systems for clean electricity access

    Science.gov (United States)

    Alstone, Peter; Gershenson, Dimitry; Kammen, Daniel M.

    2015-04-01

    Innovative approaches are needed to address the needs of the 1.3 billion people lacking electricity, while simultaneously transitioning to a decarbonized energy system. With particular focus on the energy needs of the underserved, we present an analytic and conceptual framework that clarifies the heterogeneous continuum of centralized on-grid electricity, autonomous mini- or community grids, and distributed, individual energy services. A historical analysis shows that the present day is a unique moment in the history of electrification where decentralized energy networks are rapidly spreading, based on super-efficient end-use appliances and low-cost photovoltaics. We document how this evolution is supported by critical and widely available information technologies, particularly mobile phones and virtual financial services. These disruptive technology systems can rapidly increase access to basic electricity services and directly inform the emerging Sustainable Development Goals for quality of life, while simultaneously driving action towards low-carbon, Earth-sustaining, inclusive energy systems.

  4. Secure Access Control and Authority Delegation Based on Capability and Context Awareness for Federated IoT

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

    2013-01-01

    Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... the Capability-based Context Aware Access Control (CCAAC) model including the authority delegation method, along with specification and protocol evaluation intended for federated Machine-to-Machine (M2M)/IoT. By using the identity and capability-based access control approach together with the contextual...

  5. Geospacial information utilized under the access control strategy

    Institute of Scientific and Technical Information of China (English)

    TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming

    2007-01-01

    This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.

  6. Study on library access control system based on face recognition technology%基于人脸识别技术的图书馆门禁系统的研究

    Institute of Scientific and Technical Information of China (English)

    张静端

    2016-01-01

    通过对人脸识别技术与其他身份识别技术的对比,分析不同技术之间的优缺点,进而提出基于人脸识别的图书馆门禁系统优于传统图书馆门禁系统,同时对系统的组成结构、工作原理、算法代码编写流程以及系统测试等进行了研究。传统图书馆门禁系统存在三个关键问题:存在不安全隐患、存在5%左右的误识率和识别速度慢。针对上述三个关键问题分别提出了解决方案。由于人脸识别技术有着“人脸无法替代”、非侵犯性的特性,因此将人脸识别技术应用于图书馆门禁系统,排除了传统图书馆门禁系统存在安全隐患的现象;从系统设备选型、网络设计、软件设计方面提升了人脸识别终端机对人脸的识别率;由于人脸的识别时间小于1 s,从根本上解决了图书馆门禁系统识别速度慢的问题。%The facial recognition technology and other identification technologies are compared,and their advantages and disadvantages are analyzed. And then it is proposed that the library access control system based on face recognition is superior to the traditional library access control system. The composing structure and working principle of the system,code programming process of the algorithm , and system testing for the library access control system are studied. There are three key problems existing in traditional library entrance guard system,such as potential safety hazard,about 5% false recognition rate,and slow identification speed. The solutions to solve the above three key problems are proposed respectively. Since the face recognition technology has the“irreplacable”and non⁃invasiveness characteristics,the face recognition technology is applied to the library access control system,so as to exclude the potential safety hazard existing in traditional library access control system. The face recognition rate of the face recognition terminal was improved in the

  7. Role-Based Access Control for the Large Hadron Collider at CERN

    CERN Document Server

    Yastrebov, I

    2010-01-01

    Large Hadron Collider (LHC) is the largest scientific instrument ever created. It was built with the intention of testing the most extreme conditions of the matter. Taking into account the significant dangers of LHC operations, European Organization for Nuclear Research (CERN) has developed multi-pronged approach for machine safety, including access control system. This system is based on role-based access control (RBAC) concept. It was designed to protect from accidental and unauthorized access to the LHC and injector equipment. This paper introduces the new model of the role-based access control developed at CERN and gives detailed mathematical description of it. We propose a new technique called dynamic authorization that allows deploying RBAC gradually in the large systems. Moreover, we show how the protection for the very large distributed equipment control system may be implemented in efficient way. This paper also describes motivation of the project, requirements and overview of the main components: au...

  8. 基于RBAC的ERP系统权限设计优化研究%Access Control Optimization Design Based on RBAC in ERP System

    Institute of Scientific and Technical Information of China (English)

    林友谅; 刘星

    2016-01-01

    为保障电网企业ERP系统的信息安全和解决权限管理难的问题,以ERP系统的权限管理模块为对象,对基于角色的访问控制(Role Based Access Control,RBAC)基本模型进行了改进,在角色集和用户集之外增加岗位集,在已有数据库基础上二次开发,维护用户集、岗位集与角色集的对应关系,将岗位所需权限的知识固化于ERP系统,优化电网企业ERP系统的权限管理.实践表明,当用户岗位变更时,只需在ERP系统中维护该人员的岗位,即可从数据库中自动匹配所需的权限,并进行准确授权.

  9. Access Control of Web- and Java-Based Applications

    Science.gov (United States)

    Tso, Kam S.; Pajevski, Michael J.

    2013-01-01

    Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

  10. Modeling Access Control Policy of a Social Network

    Directory of Open Access Journals (Sweden)

    Chaimaa Belbergui

    2016-06-01

    Full Text Available Social networks bring together users in a virtual platform and offer them the ability to share -within the Community- personal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information, privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work.

  11. Access control and privilege management in electronic health record: a systematic literature review.

    Science.gov (United States)

    Jayabalan, Manoj; O'Daniel, Thomas

    2016-12-01

    This study presents a systematic literature review of access control for electronic health record systems to protect patient's privacy. Articles from 2006 to 2016 were extracted from the ACM Digital Library, IEEE Xplore Digital Library, Science Direct, MEDLINE, and MetaPress using broad eligibility criteria, and chosen for inclusion based on analysis of ISO22600. Cryptographic standards and methods were left outside the scope of this review. Three broad classes of models are being actively investigated and developed: access control for electronic health records, access control for interoperability, and access control for risk analysis. Traditional role-based access control models are extended with spatial, temporal, probabilistic, dynamic, and semantic aspects to capture contextual information and provide granular access control. Maintenance of audit trails and facilities for overriding normal roles to allow full access in emergency cases are common features. Access privilege frameworks utilizing ontology-based knowledge representation for defining the rules have attracted considerable interest, due to the higher level of abstraction that makes it possible to model domain knowledge and validate access requests efficiently.

  12. Advent of Biometric Sensors in Field of Access Control

    Directory of Open Access Journals (Sweden)

    Ali Anas

    2015-09-01

    Full Text Available Biometrics is the science of measuring and analyzing biological data. It is used to uniquely identify individuals by their physical characteristics or personal behavior traits.The results from scrutiny of various themes including unimodal, multimodal, physiological, behavioural bio-metrics. Bio-metrics, Physiological and behavioural are compared in the review. The article addresses a particular aspect of utilizing biometrics for authentication, identification and access control. The use of systems like fingerprint, face recognition, hand geometry, Palm print, DNA analysis, iris recognition, retina and odour/scent will be dealt with herewith. This study deals with various applications of this technology, like surveillance, employee identification, device access etc with mentions respective of hardware used. The influence of such features is yet to be documented properly, but it is safe to say that it has been a huge step towards better information security and identification control.Over the course of this text, we will try to bring to light our analysis of the subject and provide an in-depth examination of contemporary and futuristic technologies pertaining to this field.

  13. D0 Cryo System Control System Autodialer

    Energy Technology Data Exchange (ETDEWEB)

    Urbin, J.; /Fermilab

    1990-04-17

    The DO cryogenic system is controlled by a TI565-PLC based control system. This allows the system to be unmanned when in steady state operation. System experts will need to be contacted when system parameters exceed normal operating points and reach alarm setpoints. The labwide FIRUS system provides one alarm monitor and communication link. An autodialer provides a second and more flexible alarm monitor and communication link. The autodialer monitors contact points in the control system and after receiving indication of an alarm accesses a list of experts which it calls until it receives an acknowledgement. There are several manufacturers and distributors of autodialer systems. This EN explains the search process the DO cryo group used to fmd an autodialer system that fit the cryo system's needs and includes information and specs for the unit we chose.

  14. 基于Web服务的学生公寓门禁管理系统设计与研究%Design and Research on the Access Control Management System of Student Apartments Based on Web Services

    Institute of Scientific and Technical Information of China (English)

    汤新昌

    2013-01-01

    随着网络技术的进一步发展,Web服务(Web Services)技术逐渐被应用于各类管理系统中,Web服务本身具有组件模型无关性、平台无关性、编程语言无关性的优良特性,使得Web服务可以用于系统的集成。本文着重介绍一种基于Web服务的学生公寓门禁管理系统,从系统结构、系统设计模式、Web服务关键性技术等方面阐释系统的设计,构建于Web服务基础上的学生公寓门禁管理系统的数据能够被其它应用系统直接调用,用于高校信息系统集成化建设。%With the in-depth development of network technology, web services technology is gradually applied to vari-ous types of management systems. Web services can be used for the integration of the system due to the excellent characteristics of its own component model-independent, platform independent, programming language independence. In this paper, a kind of access control management system is designed for student apartments based on web services;the system design is illustrated with system architecture, system design patterns and web services critical technology. The data of building the students the apartment access control management system based on web services can be directly transferred by other applying system and applied for the other applications with the construction of university information systems integration.

  15. Assessment of current practices in creating and using passwords as a control mechanism for information access

    Directory of Open Access Journals (Sweden)

    P. L. Wessels

    2007-11-01

    Full Text Available One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.

  16. Design of Intelligent Bus Overload Preventing System with Access Controls%客车智能门禁防超载系统

    Institute of Scientific and Technical Information of China (English)

    邓如丰; 刘伟铭

    2011-01-01

    According to the present problems in the transportation coach overload, a design of intelligent overload system of no-human consumption is presented. Using differential pressure sensor to distinguish the number of up-and-down is counted. When passengers number have been equal to capacity, there would be a warning signal and voice reminders, and the interior door would unlock immediately. If someone continue to get on, the door should shut down automatically to prevent overload,and realizing intelligent process control. Experiments show that the system is valuable or alleviating the pressure of traffic control and ensuring traffic safety.%针对目前交通运输中客车超载问题,提出一种无人力消耗的智能防超载系统.采用压差式传感嚣实现上下人数的判别和计数.当乘客达到车载客量时,发出报警信号和语音提醒,同时解锁防超载门,如果继续有人上车,防超载门立即关闭,达到阻止超员效果,从而实现智能化的过程控制.实验表明,该系统对减缳交通控制压力、保证交通安全等方面有一定的实用价值.

  17. 76 FR 38293 - Risk Management Controls for Brokers or Dealers With Market Access

    Science.gov (United States)

    2011-06-30

    ... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... establish, document, and maintain a system of risk management controls and supervisory procedures that... develop, test, and implement the relevant risk management controls and supervisory procedures...

  18. Use of CDMA access technology in mobile satellite systems

    Science.gov (United States)

    Ramasastry, Jay; Wiedeman, Bob

    1995-01-01

    Use of Code Division Multiple Access (CDMA) technology in terrestrial wireless systems is fairly well understood. Similarly, design and operation of Power Control in a CDMA-based system in a terrestrial environment is also well established. Terrestrial multipath characteristics, and optimum design of the CDMA receiver to deal with multipath and fading conditions are reliably established. But the satellite environment is different. When the CDMA technology is adopted to the satellite environment, other design features need to be incorporated (for example; interleaving, open-loop and closed-loop power control design, diversity characteristics) to achieve comparable level of system performance. In fact, the GLOBALSTAR LEO/MSS system has incorporated all these features. Contrary to some published reports, CDMA retains the advantages in the satellite environment that are similar to those achieved in the terrestrial environment. This document gives a description of the CDMA waveform and other design features adopted for mobile satellite applications.

  19. Software interface system for Geophysical Data Access and Management System (GPDAMS-CD)

    Digital Repository Service at National Institute of Oceanography (India)

    Kunte, P.D.

    -friendly access to large volume of data and means to visualize and extract selected data as per need. The software requires a minimum of computing expertise as it is controlled by a system of `pull down' menus, backed up by a context-sensitive system...

  20. Ground Control System Description Document

    Energy Technology Data Exchange (ETDEWEB)

    Eric Loros

    2001-07-31

    The Ground Control System contributes to the safe construction and operation of the subsurface facility, including accesses and waste emplacement drifts, by maintaining the configuration and stability of the openings during construction, development, emplacement, and caretaker modes for the duration of preclosure repository life. The Ground Control System consists of ground support structures installed within the subsurface excavated openings, any reinforcement made to the rock surrounding the opening, and inverts if designed as an integral part of the system. The Ground Control System maintains stability for the range of geologic conditions expected at the repository and for all expected loading conditions, including in situ rock, construction, operation, thermal, and seismic loads. The system maintains the size and geometry of operating envelopes for all openings, including alcoves, accesses, and emplacement drifts. The system provides for the installation and operation of sensors and equipment for any required inspection and monitoring. In addition, the Ground Control System provides protection against rockfall for all subsurface personnel, equipment, and the engineered barrier system, including the waste package during the preclosure period. The Ground Control System uses materials that are sufficiently maintainable and that retain the necessary engineering properties for the anticipated conditions of the preclosure service life. These materials are also compatible with postclosure waste isolation performance requirements of the repository. The Ground Control System interfaces with the Subsurface Facility System for operating envelopes, drift orientation, and excavated opening dimensions, Emplacement Drift System for material compatibility, Monitored Geologic Repository Operations Monitoring and Control System for ground control instrument readings, Waste Emplacement/Retrieval System to support waste emplacement operations, and the Subsurface Excavation System

  1. A RAMP CODE FOR FINE-GRAINED ACCESS CONTROL

    Directory of Open Access Journals (Sweden)

    Kannan Karthik

    2013-02-01

    Full Text Available Threshold ramp secret sharing schemes are designed so that (i certain subsets of shares have no information about the secret, (ii some subsets have partial information about the secret and (iii some subsets have complete information to recover the secret. However most of the ramp schemes in present literature do not control the leakage of information in partial access sets, due to which the information acquired by these sets is devoid of structure and not useful for fine-grained access control. Through a non-perfect secret sharing scheme called MIX-SPLIT, an encoding methodology for controlling the leakage in partial access sets is proposed and this is used for fine-grained access to binary strings. The ramp code generated using MIX-SPLIT requires a much smaller share size of O(n, as compared to Shamir's ramp adaptation which incurs a share size of atleast O(n2 for the same multi-access structure. The proposed ramp code is finally applied towards the protection and fine-grained access of industrial design drawings.

  2. TRBAC:基于信任的访问控制模型%TRBAC: Trust Based Access Control Model

    Institute of Scientific and Technical Information of China (English)

    刘武; 段海新; 张洪; 任萍; 吴建平

    2011-01-01

    访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.

  3. In-Depth Design and Application of Access Control System in the Electric Power Industry%准入控制系统在电力行业的深入设计与应用

    Institute of Scientific and Technical Information of China (English)

    陈沛金

    2012-01-01

    With the information technology in power system is ceaseless and thorough application, network security has become the important factor in relation to the country people's livelihood, in order to further realize the security requirements the country request of the Power Grid Corp, and to ensure the safe and stable operation of power system information network, deploys the compre- hensive network access control system, and it is contribute to give a comprehensive solution for the information security problem of power grid, such as to illegal terminal random access net-work, legitimate users from unauthorized access service system, illegal connection, ARP attack, as well as safety measures difficult to realize, to ensure safe production.%随着信息化在电网的不断深入应用,电网安全已成为关系国家民生的重要因素,为进一步落实国家对电网公司的安全要求,确保电网信息网络的安全稳定运行,部署全面的网络准入控制系统,有助于全面解决非法终端随意接入网络,合法用户越权访问业务系统,非法外联,ARP攻击,以及安全管理措施难以落实等电网信息安全问题,为电网安全生产提供保障。

  4. Controlling user access to electronic resources without password

    Science.gov (United States)

    Smith, Fred Hewitt

    2015-06-16

    Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

  5. Privacy Preservation in Role-based Access Control Model

    Directory of Open Access Journals (Sweden)

    Zuo Chen

    2011-08-01

    Full Text Available Privacy preservation is a crucial problem in resource sharing and collaborating among multi-domains. Based on this problem, we propose a role-based access control model for privacy preservation. This scheme avoided the privacy leakage of resources while implementing access control, and it has the advantage of lower communication overhead. We demonstrate this scheme meets the IND-CCA2 semantic security by using random oracle. The simulation result shows this scheme has better execution efficiency and application effects.

  6. TEMPORAL, DELEGABLE AND CHEAP UPDATE ACCESS CONTROL TO PUBLISHED XML DOCUMENTS

    Directory of Open Access Journals (Sweden)

    Waleed Halboob

    2013-01-01

    Full Text Available Providing access control for published XML documents on the Web is an important topic. It involves the use of cryptographic techniques, addressing different requirements and, as a result, facing several challenges. Existing solutions still have some weaknesses such as system update cost, number of required secret encryption/decryption keys, size of encrypted document and supporting temporal and delegable access. This study propose a push--based access control policy enforcement mechanism for addressing these issues using a Dynamic Key Management Table (DKMT and based on Identity Based Encryption (IBE. The proposed mechanism addresses the existing challenges and provides a more acceptable solution.

  7. 基于WebAccess的远程实验物流控制系统设计%Design of a Remote Logistics Control System Based on WebAccess

    Institute of Scientific and Technical Information of China (English)

    朱光灿; 郑萍; 邵子惠; 彭昱; 温百东

    2012-01-01

    根据对远程监控的需求,提出了一种完全基于IE浏览器的网际组态软件WebAccess实现对实验室物流控制系统的远程监控设计.该设计构建了一个具有现场控制对象、控制层、网络层以及基于西门子组态软件WinCC的监控管理层3层网络的物流控制系统,同时充分利用网际组态软件WebAccess便捷的网际功能,通过OPC方式与监控管理层的WinCC服务器进行数据交换,实现了系统的远程控制、远程组态以及远程访问的客户监控数无限扩展.实际运行证明,该系统成本低,网络层次分明,是一种可激发学生创新能力,可实现现代大综合设计实验的良好平台.%With the application of configuration software fully based on IE browser-WebAccess, a design to fulfill the remote monitoring and control of the laboratory logistics control system is presented. The logistics control system with control objects at the scene has been constructed by three layers: the control layer, the network layer, and the management and monitoring layer based on Siemens configuration software WinCC. Meanwhile, by making sufficient use of the WebAccess' s convenient internet function, through internal data exchanging with the WinCC server in the management and monitoring layer by OPC , the number of the clients monitored, remote configuration and remote access can be infinitely expanded. Actual practice proves that the proposed system is economical and clearly structured, and is a good platform for modern comprehensive design experiment,which can arouse students' innovative ability.

  8. Design and Implementation of Business Application Access Control Model in Campus Social Network System%校园社交网络业务应用访问控制模型的设计

    Institute of Scientific and Technical Information of China (English)

    杜炤; 刘婷; 刘奇峰

    2013-01-01

    As the network platform to support the collaboration in teaching,research and management activities of students,teachers and staff members of colleges and universities,campus social network system has gained increasing popularity and is becoming an important part of the digital campus.In order to combine campus social network system more closely with the ERP system of colleges and universities,in this paper,an access control model for business applications in campus social network system was designed and implemented based on role-based access control model,which also supports effective time for authorization,hierarchical authorization and permission delegation.With this model,campus social network system is expected to provide more flexible,convenient and thoughtful information services for students,teachers and staff members.%作为支持高校师生员工进行教学、科研和管理中的协作型活动的网络平台,高校校园社交网络日益受到关注并逐渐成为高校数字校园的重要组成部分.为了使校园社交网络与电子校务系统紧密结合,扩展了基于角色的访问模型,设计并实现了支持授权有效期、分级授权和权限代理的高校校园社交网络业务应用访问控制模型,从而为高校师生员工提供更加灵活、方便和周到的信息化服务.

  9. Review of Access Control Models for Cloud Computing

    Directory of Open Access Journals (Sweden)

    Natarajan Meghanathan

    2013-05-01

    Full Text Available The relationship between users and resources is dyn amic in the cloud, and service providers and users are typically not in the same security do main. Identity-based security (e.g., discretionary or mandatory access control models c annot be used in an open cloud computing environment, where each resource node may not be fa miliar, or even do not know each other. Users are normally identified by their attributes o r characteristics and not by predefined identities. There is often a need for a dynamic acc ess control mechanism to achieve cross- domain authentication. In this paper, we will focus on the following three broad categories of access control models for cloud computing: (1 Role -based models; (2 Attribute-based encryption models and (3 Multi-tenancy models. We will review the existing literature on each of the above access control models and their varian ts (technical approaches, characteristics, applicability, pros and cons, and identify future research directions for developing access control models for cloud computing environments .

  10. Regulatory Accessibility and Social Influences on State Self-Control

    OpenAIRE

    vanDellen, Michelle R.; Hoyle, Rick H.

    2009-01-01

    The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...

  11. 基于分级保护的OA系统应用层访问控制%An application layer access control model based on gradational security protection in an office automation system

    Institute of Scientific and Technical Information of China (English)

    张天白; 王晶

    2011-01-01

    本文着眼于一个涉密信息系统的建设角度,在应用层访问控制上深化分级保护的思想,并提出了合理的解决方案.系统采用C/S与B/S相结合的结构,引入主客体分级保护和部门属性,来改进基于角色的访问控制以实现用户和权限的分离、并采用管理员角色分权制衡、系统数据库的综合审计和对审计日志的分布式存储等技术手段,实现了应用层上的分级保护访问控制.这些方法充分体现了将系统访问控制环节的对象差异化,对重点对象进行重点防护和特殊对待的分级保护思想.该方法能够使目前涉密信息系统的安全性得到有效提升,充分保护其系统的安全.%Nowadays the access control in a security office automation (OA) system focus on three layers of the International Standards Organization (ISO) seven-layer architecture, namely the physical layer, the network layer and the application layer. Here new methods are adopted in a model where the system architecture is composed of Client/Server (C/S) and Browser/Server (B/S) , such as the improved role-based access control (RBAC) method with a correlation between the subjects and objects of the access course, the subdivision and restriction of administrator users, an integrated audit to database, as well as the distributed storage of the audit logs. Discriminating between the objects in the access control process in this way affords gradational security protection to national standards, and offers operational benefits.

  12. A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure

    Institute of Scientific and Technical Information of China (English)

    ZHANG Shaomin; WANG Baoyi; ZHOU Lihua

    2006-01-01

    PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.

  13. Perti Net-Based Workflow Access Control Model%基于Perti网的工作流访问控制模型研究

    Institute of Scientific and Technical Information of China (English)

    陈卓; 骆婷; 石磊; 洪帆

    2004-01-01

    Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.

  14. Research of Communication of Lubrication Station Control System Based on WebAccess%基于WebAccess的润滑站控制系统通信的研究

    Institute of Scientific and Technical Information of China (English)

    巴鹏; 张雨; 焦圳

    2015-01-01

    Through establishing the communication between site plant and IPC configuration software WebAccess, it achieves the filling oil monitoring, operation control and data processing of the lubrication station control system. This arti-cle uses VB to establish procedures for communication as the data exchange program, combining configuration software WebAccess to build the lubrication station automation injection oil monitoring and management system. It can effectively solve the configuration software lack of driver and monitoring system of data transmission is not timely, inaccurate data re-cords, and other issues. The experiment results show that the system is easy to operate, accurate data transmission, and stable running and easy to maintain. It is the development trend of lubrication station in the future.%通过建立现场设备与工控机组态软件WebAccess的通信,实现了对润滑站控制系统加注油品监测、运行控制和数据处理。本文采用VB建立通讯连接程序作为数据交换程序,结合组态软件WebAccess建立润滑站自动加注油品的监控与管理系统,有效地解决了组态软件缺乏驱动和监控系统数据传递不及时、数据记录不准确等问题。实验结果表明:该系统易于操作,数据传输准确,运行稳定和便于维护,是润滑站今后发展的趋势。

  15. Ubiquitous access control and policy management in personal networks

    DEFF Research Database (Denmark)

    Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.

    2006-01-01

    In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures-having in this case...

  16. Audit-Based Access Control for Electronic Health Records

    NARCIS (Netherlands)

    Dekker, M.A.C.; Etalle, Sandro

    2006-01-01

    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori

  17. Access Control for Agent-based Computing: A Distributed Approach.

    Science.gov (United States)

    Antonopoulos, Nick; Koukoumpetsos, Kyriakos; Shafarenko, Alex

    2001-01-01

    Discusses the mobile software agent paradigm that provides a foundation for the development of high performance distributed applications and presents a simple, distributed access control architecture based on the concept of distributed, active authorization entities (lock cells), any combination of which can be referenced by an agent to provide…

  18. Compulsory licensing, price controls, and access to patented foreign products

    OpenAIRE

    Eric Bond; Kamal Saggi

    2012-01-01

    Motivated by existing multilateral rules regarding intellectual property, we develop a North-South model to highlight the dual roles price controls and compulsory licensing play in determining Southern access to a patented Northern product. The Northern patent-holder chooses whether and how to work its patent in the South (either via entry or voluntarily licensing) while the South determines the price control and whether to issue a compulsory license. The threat of compulsory licensing benefi...

  19. Modemless Multiple Access Communications over Powerlines for DC Microgrid Control

    OpenAIRE

    Angjelichinoski, Marko; Stefanovic, Cedomir; Popovski, Petar

    2016-01-01

    We present a communication solution tailored specifically for DC microgrids (MGs) that exploits: (i) the communication potential residing in power electronic converters interfacing distributed generators to powerlines and (ii) the multiple access nature of the communication channel presented by powerlines. The communication is achieved by modulating the parameters of the primary control loop implemented by the converters, fostering execution of the upper layer control applications. We present...

  20. Cognitive Self-Scheduled Mechanism for Access Control in Noisy Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Mario Manzano

    2015-01-01

    Full Text Available Within the challenging environment of intelligent transportation systems (ITS, networked control systems such as platooning guidance of autonomous vehicles require innovative mechanisms to provide real-time communications. Although several proposals are currently under discussion, the design of a rapid, efficient, flexible, and reliable medium access control mechanism which meets the specific constraints of such real-time communications applications remains unsolved in this highly dynamic environment. However, cognitive radio (CR combines the capacity to sense the radio spectrum with the flexibility to adapt to transmission parameters in order to maximize system performance and has thus become an effective approach for the design of dynamic spectrum access (DSA mechanisms. This paper presents the enhanced noncooperative cognitive division multiple access (ENCCMA proposal combining time division multiple access (TDMA and frequency division multiple access (FDMA schemes with CR techniques to obtain a mechanism fulfilling the requirements of real-time communications. The analysis presented here considers the IEEE WAVE and 802.11p as reference standards; however, the proposed medium access control (MAC mechanism can be adapted to operate on the physical layer of different standards. The mechanism also offers the advantage of avoiding signaling, thus enhancing system autonomy as well as behavior in adverse scenarios.

  1. Control system design method

    Science.gov (United States)

    Wilson, David G [Tijeras, NM; Robinett, III, Rush D.

    2012-02-21

    A control system design method and concomitant control system comprising representing a physical apparatus to be controlled as a Hamiltonian system, determining elements of the Hamiltonian system representation which are power generators, power dissipators, and power storage devices, analyzing stability and performance of the Hamiltonian system based on the results of the determining step and determining necessary and sufficient conditions for stability of the Hamiltonian system, creating a stable control system based on the results of the analyzing step, and employing the resulting control system to control the physical apparatus.

  2. Embedded real-time control of optically amplified repeaters in broadband access networks

    Science.gov (United States)

    Stubbe, Brecht; Vaes, Peter; Gouwy, Lieven; Coene, Chris; Qiu, Xing-Zhi; Staelens, Bart; Vandewege, Jan; Slabbinck, B. Hans; Martin, Claire M.; Van de Voorde, Ingrid

    1997-10-01

    This paper presents the use of distributed, intelligent control and management in optically amplified repeaters. These optical repeater units (ORUs) are used in an optical access network. A semiconductor optical amplifier (SOA) has been used in the upstream direction because of the possibility of fast switching. The real time control platform consists of both a hard- and a software part. The software control is handled with the embedded control system FORTRESS developed by IMEC.

  3. Integrity Based Access Control Model for Multilevel XML Document

    Institute of Scientific and Technical Information of China (English)

    HONG Fan; FENG Xue-bin; HUANO Zhi; ZHENG Ming-hui

    2008-01-01

    XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents and discussion of the integrity properties of multilevel XML document. Then, the algorithms for decomposition/recovery multilevel XML document into/from single level document are given, and the manipulation rules for typical operations of XQuery and XUpdate: QUERY, INSERT,UPDATE, and REMOVE, are elaborated. The multilevel XML document access model can meet the requirement of sensitive information processing application.

  4. Controlling user access to electronic resources without password

    Energy Technology Data Exchange (ETDEWEB)

    Smith, Fred Hewitt

    2017-08-22

    Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes obtaining an image from a communication device of a user. An individual and a landmark are identified within the image. Determinations are made that the individual is the user and that the landmark is a predetermined landmark. Access to a restricted computing resource is granted based on the determining that the individual is the user and that the landmark is the predetermined landmark. Other embodiments are disclosed.

  5. Benefits of Location-Based Access Control:A Literature Study

    NARCIS (Netherlands)

    Cleeff, van André; Pieters, Wolter; Wieringa, Roel

    2010-01-01

    Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been inve

  6. Ultrasound-fluoroscopy guided access to the intrarenal excretory system.

    Science.gov (United States)

    Montanari, E; Serrago, M; Esposito, N; Rocco, B; Kartalas-Goumas, I; Del Nero, A; Zanetti, G; Trinchieri, A; Pisani, E

    1999-01-01

    The access to the collecting system can be performed under fluoroscopy computerized tomography, ultrasonographic, mixed ultrasonographic and fluoroscopic guidance. In this paper the creation of a percutaneous transparenchymal ultrasound-fluoroscopy guided access to the intrarenal collecting system completely performed by urologist for different purposes is presented. In five years 297 patients underwent 330 percutaneous kidney accesses to perform derivative nephrostomies (217 pts), percutaneous nephrolithotomies (37 pts), antegrade ureteral manoeuvres (34 pts), antegrade endopyelotomies (7 pts), transitional cell carcinoma of the upper tract resection (2 pts). 11 patients out of these had a percutaneous kidney access in a transplanted kidney. The percutaneous access was successful in 98% of the attemps. A posterior calyx of the lower group (74%), of the medium group (25%) or of the upper group (1%) was accessed. In 73 accesses the mean target calyx diameter was 12.8 mm (range 5-45 mm), the mean operative time 5.4 minutes and the mean fluoroscopy time 5.1 seconds. In 84.5% of the patients the access was performed under local anesthesia when a dilation of the tract was not required. Gross haematuria was observed in 3.9% of the accesses and an arterial lesion treated by embolization in 0.9% of the accesses. Blood transfusion was required in 0.3% of the patients. The ultrasound-fluoroscopy guided access is at least as precise as the fluoroscopy guided one moreover it makes the procedure less invasive and it makes more precise the surgical planning.

  7. On the performance of shared access control strategy for femtocells

    KAUST Repository

    Magableh, Amer M.

    2013-02-18

    Femtocells can be employed in cellular systems to enhance the indoor coverage, especially in the areas with high capacity growing demands and high traffic rates. In this paper, we propose an efficient resource utilization protocol, named as shared access protocol (SAP), to enable the unauthorized macrocell user equipment to communicate with partially closed-access femtocell base station to improve and enhance the system performance. The system model considers a femtocell that is equipped with a total of N separated antennas or channels to multiplex independent traffic. Then, a set of N1 channels is used for closed access only by the authorized users, and the remaining set of channel resources can be used for open access by either authorized or unauthorized users upon their demands and spatial locations. For this system model, we obtain the signal-to-interference ratio characteristics, such as the distribution and the moment generating function, in closed forms for two fading models of indoor and outdoor environments. The signal-tointerference ratio statistics are then used to derive some important performance measures of the proposed SAP in closed form, such as the average bit error rate, outage probability, and average channel capacity for the two fading models under consideration. Numerical results for the obtained expressions are provided and supported by Monte Carlo simulations to validate the analytical development and study the effectiveness of the proposed SAP under different conditions. Copyright © 2012 John Wiley and Sons, Ltd.

  8. Distributed reservation control protocols for random access broadcasting channels

    Science.gov (United States)

    Greene, E. P.; Ephremides, A.

    1981-05-01

    Attention is given to a communication network consisting of an arbitrary number of nodes which can communicate with each other via a time-division multiple access (TDMA) broadcast channel. The reported investigation is concerned with the development of efficient distributed multiple access protocols for traffic consisting primarily of single packet messages in a datagram mode of operation. The motivation for the design of the protocols came from the consideration of efficient multiple access utilization of moderate to high bandwidth (4-40 Mbit/s capacity) communication satellite channels used for the transmission of short (1000-10,000 bits) fixed length packets. Under these circumstances, the ratio of roundtrip propagation time to packet transmission time is between 100 to 10,000. It is shown how a TDMA channel can be adaptively shared by datagram traffic and constant bandwidth users such as in digital voice applications. The distributed reservation control protocols described are a hybrid between contention and reservation protocols.

  9. Distributed computer control systems

    Energy Technology Data Exchange (ETDEWEB)

    Suski, G.J.

    1986-01-01

    This book focuses on recent advances in the theory, applications and techniques for distributed computer control systems. Contents (partial): Real-time distributed computer control in a flexible manufacturing system. Semantics and implementation problems of channels in a DCCS specification. Broadcast protocols in distributed computer control systems. Design considerations of distributed control architecture for a thermal power plant. The conic toolset for building distributed systems. Network management issues in distributed control systems. Interprocessor communication system architecture in a distributed control system environment. Uni-level homogenous distributed computer control system and optimal system design. A-nets for DCCS design. A methodology for the specification and design of fault tolerant real time systems. An integrated computer control system - architecture design, engineering methodology and practical experience.

  10. Embedded Systems Programming: Accessing Databases from Esterel

    Directory of Open Access Journals (Sweden)

    White David

    2008-01-01

    Full Text Available Abstract A current limitation in embedded controller design and programming is the lack of database support in development tools such as Esterel Studio. This article proposes a way of integrating databases and Esterel by providing two application programming interfaces (APIs which enable the use of relational databases inside Esterel programs. As databases and Esterel programs are often executed on different machines, result sets returned as responses to database queries may be processed either locally and according to Esterel's synchrony hypothesis, or remotely along several of Esterel's execution cycles. These different scenarios are reflected in the design and usage rules of the two APIs presented in this article, which rely on Esterel's facilities for extending the language by external data types, external functions, and procedures, as well as tasks. The APIs' utility is demonstrated by means of a case study modelling an automated warehouse storage system, which is constructed using Lego Mindstorms robotics kits. The robot's controller is programmed in Esterel in a way that takes dynamic ordering information and the warehouse's floor layout into account, both of which are stored in a MySQL database.

  11. Embedded Systems Programming: Accessing Databases from Esterel

    Directory of Open Access Journals (Sweden)

    2009-03-01

    Full Text Available A current limitation in embedded controller design and programming is the lack of database support in development tools such as Esterel Studio. This article proposes a way of integrating databases and Esterel by providing two application programming interfaces (APIs which enable the use of relational databases inside Esterel programs. As databases and Esterel programs are often executed on different machines, result sets returned as responses to database queries may be processed either locally and according to Esterel’s synchrony hypothesis, or remotely along several of Esterel’s execution cycles. These different scenarios are reflected in the design and usage rules of the two APIs presented in this article, which rely on Esterel’s facilities for extending the language by external data types, external functions, and procedures, as well as tasks. The APIs’ utility is demonstrated by means of a case study modelling an automated warehouse storage system, which is constructed using Lego Mindstorms robotics kits. The robot’s controller is programmed in Esterel in a way that takes dynamic ordering information and the warehouse’s floor layout into account, both of which are stored in a MySQL database.

  12. Principles of Eliminating Access Control Lists within a Domain

    Directory of Open Access Journals (Sweden)

    Vic Grout

    2012-04-01

    Full Text Available The infrastructure of large networks is broken down into areas that have a common security policy called a domain. Security within a domain is commonly implemented at all nodes. However this can have a negative effect on performance since it introduces a delay associated with packet filtering. When Access Control Lists (ACLs are used within a router for this purpose then a significant overhead is introduced associated with this process. It is likely that identical checks are made at multiple points within a domain prior to a packet reaching its destination. Therefore by eliminating ACLs within a domain by modifying the ingress/egress points with equivalent functionality an improvement in the overall performance can be obtained. This paper considers the effect of the delays when using router operating systems offering different levels of functionality. It considers factors which contribute to the delay particularly due to ACLs and by using theoretical principles modified by practical calculation a model is created. Additionally this paper provides an example of an optimized solution which reduces the delay through network routers by distributing the security rules to the ingress/egress points of the domain without affecting the security policy.

  13. Secure Remote Access Issues in a Control Center Environment

    Science.gov (United States)

    Pitts, Lee; McNair, Ann R. (Technical Monitor)

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  14. A hybrid medium access control for convergence of broadband wireless and wireline ATM networks

    DEFF Research Database (Denmark)

    Liu, Hong; Gliese, Ulrik Bo; Dittmann, Lars

    2000-01-01

    of contention, reservation and polling access techniques based on the dynamic TDMA system. Extensive simulation results using realistic data traffic sources, show that the proposed medium access scheme may provide QoS guarantees to different ATM traffic including the realistic MPEG video traces with low cell......In this paper, we propose a hybrid medium access control protocol for supporting broadband integrated services in the wireless ATM networks. The integrated services include CBR, VBR and ABR traffic varying from low bit-rate to very high bit-rate. The proposed protocol is an excellent compromise...

  15. PRESENTATION OF MANDATORY POLICY OF ACCESS CONTROL VIA THE HARRISONRUSSO-WILLIAM’S MODEL

    Directory of Open Access Journals (Sweden)

    Korolev I. D.

    2015-03-01

    Full Text Available The accepted model of the access control is realized with the monitor of safety in the protected automated information system. Models of safety are considered, as a rule, as a system which is a single whole and has the uniform monitor of safety. Nevertheless, the architecture of the real automated information systems and processes of their functioning can be characterized by distribution. The distributed automated information system consists more than of one local segment representing isolated set of subjects and objects of access. In the distributed system local segments can be realized both on the basis of discretionary, and on the basis of mandatory models of safety (i.e. to be diverse. One of directions of a safety in this case is realization of the general monitor of the safety providing the uniform (coordinated policy of access control. For safe interaction of patchwork systems it’s necessary to bring them to a single model. Hence, while the integration of information systems the problem of their interaction becomes persistent. Thus in the systems processing the information of a various level of confidentiality, it is necessary to realize mandatory access control. In given clause the mandatory policy of the safety presented by classical model of Bell-LaPadula, is described by the elements of classical model of Harrison-Russo-William. Using the mechanisms of change of a matrix access the opportunity of assignment and change of confidentiality marks is described and the observance of safe practices within the limits of mandatory access control is analyzed. The safety of application of the given approach has been proved. The perspective direction of research has been defined

  16. Spacelab system analysis: The modified free access protocol: An access protocol for communication systems with periodic and Poisson traffic

    Science.gov (United States)

    Ingels, Frank; Owens, John; Daniel, Steven

    1989-01-01

    The protocol definition and terminal hardware for the modified free access protocol, a communications protocol similar to Ethernet, are developed. A MFA protocol simulator and a CSMA/CD math model are also developed. The protocol is tailored to communication systems where the total traffic may be divided into scheduled traffic and Poisson traffic. The scheduled traffic should occur on a periodic basis but may occur after a given event such as a request for data from a large number of stations. The Poisson traffic will include alarms and other random traffic. The purpose of the protocol is to guarantee that scheduled packets will be delivered without collision. This is required in many control and data collection systems. The protocol uses standard Ethernet hardware and software requiring minimum modifications to an existing system. The modification to the protocol only affects the Ethernet transmission privileges and does not effect the Ethernet receiver.

  17. Optimum feedback strategy for access control mechanism modelled as stochastic differential equation in computer network

    Directory of Open Access Journals (Sweden)

    Ahmed N. U.

    2004-01-01

    Full Text Available We consider optimum feedback control strategy for computer communication network, in particular, the access control mechanism. The dynamic model representing the source and the access control system is described by a system of stochastic differential equations developed in our previous works. Simulated annealing (SA was used to optimize the parameters of the control law based on neural network. This technique was found to be computationally intensive. In this paper, we have proposed to use a more powerful algorithm known as recursive random search (RRS. By using this technique, we have been able to reduce the computation time by a factor of five without compromising the optimality. This is very important for optimization of high-dimensional systems serving a large number of aggregate users. The results show that the proposed control law can improve the network performance by improving throughput, reducing multiplexor and TB losses, and relaxing, not avoiding, congestion.

  18. Secure Communication and Access Control for Mobile Web Service Provisioning

    CERN Document Server

    Srirama, Satish Narayana

    2010-01-01

    It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.

  19. Developing Access Control Model of Web OLAP over Trusted and Collaborative Data Warehouses

    Science.gov (United States)

    Fugkeaw, Somchart; Mitrpanont, Jarernsri L.; Manpanpanich, Piyawit; Juntapremjitt, Sekpon

    This paper proposes the design and development of Role- based Access Control (RBAC) model for the Single Sign-On (SSO) Web-OLAP query spanning over multiple data warehouses (DWs). The model is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of RBAC authorization based on dimension privilege specified in attribute certificate (AC) and user identification. Particularly, the way of attribute mapping between DW user authentication and privilege of dimensional access is illustrated. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the paper culminates in the prototype system A-COLD (Access Control of web-OLAP over multiple DWs) that incorporates the OLAP features and authentication and authorization enforcement in the multi-user and multi-data warehouse environment.

  20. An anonymous access control and authenticated key exchange protocol for Mobile RFID systems in the internet of things%物联网移动RFID系统匿名访问控制认证密钥交换协议

    Institute of Scientific and Technical Information of China (English)

    朱炜玲; 喻建平

    2012-01-01

    针对物联网移动RFID系统标签隐私信息的访问控制以及用户身份隐私保护问题,本文采用身份加密和属性加密相结合的方法,建立了IB-AB-eCK安全模型,设计了基于身份及属性的认证密钥交换协议IB-AB-AKE.基于IB-AB-AKE协议,提出了移动RFID手机与信息服务器之间认证密钥交换协议,实现了在保护移动RFID手机用户身份隐私的同时,根据标签所有者定制的访问控制策略进行标签信息的访问控制认证和会话密钥交换,防止了隐私信息被非法访问.分析表明,IB-AB-AKE协议在IB-AB-eCK模型下是安全的,且在通信次数、通信量及计算量方面具有优势.%For the access control of a tag’s privacy information and the privacy protection of a user' s identity in Mobile RFID systems in the internet of things, a security model called IB-AB-eCK is introduced, and an identity-based and attribute-based authenticated key exchange (IB-AB-AKE) protocol is proposed in this paper. Based on IB-AB-AKE protocol, an authenticated key exchange scheme is then established between mobile RFID phones and information servers of mobile RFID systems in the internet of things. The scheme not only preserves the identity privacy of the user of mobile RFID phone, but also completes the authentication and agrees upon a session key for the access to the tag' s information according to the owner' s access control policy. The analyses show that IB-AB-AKE protocol is secure in IB-AB-eCK model and it has advantages for communication round, communication traffic and computing complexity.

  1. ACCESS: Design and Sub-System Performance

    Science.gov (United States)

    Kaiser, Mary Elizabeth; Morris, Matthew J.; McCandliss, Stephan R.; Rasucher, Bernard J.; Kimble, Randy A.; Kruk, Jeffrey W.; Pelton, Russell; Mott, D. Brent; Wen, Hiting; Foltz, Roger; Quijada, Manuel A.; Gum, Jeffery S.; Gardner, Jonathan P.; Kahle, Duncan M.; Benford, Dominic J.; Woodgate, Bruce E.; Wright, Edward L.; Feldman, Paul D.; Hart, Murdock; Moos, H. Warren; Reiss, Adam G.; Bohlin, Ralph; Deustua, Susana E.; Dixon, W. V.; Sahnow, David J.

    2012-01-01

    Establishing improved spectrophotometric standards is important for a broad range of missions and is relevant to many astrophysical problems. ACCESS, "Absolute Color Calibration Experiment for Standard Stars", is a series of rocket-borne sub-orbital missions and ground-based experiments designed to enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 -1.7 micrometer bandpass.

  2. Scheduling Heterogeneous Wireless Systems for Efficient Spectrum Access

    Directory of Open Access Journals (Sweden)

    Liao Shenghui

    2010-01-01

    Full Text Available The spectrum scarcity problem emerged in recent years, due to unbalanced utilization of RF (radio frequency bands in the current state of wireless spectrum allocations. Spectrum access scheduling addresses challenges arising from spectrum sharing by interleaving the channel access among multiple wireless systems in a TDMA fashion. Different from cognitive radio approaches which are opportunistic and noncollaborative in general, spectrum access scheduling proactively structures and interleaves the channel access pattern of heterogeneous wireless systems, using collaborative designs by implementing a crucial architectural component—the base stations on software defined radios (SDRs. We discuss our system design choices for spectrum sharing from multiple perspectives and then present the mechanisms for spectrum sharing and coexistence of GPRS+WiMAX and GPRS+WiFi as use cases, respectively. Simulations were carried out to prove that spectrum access scheduling is an alternative, feasible, and promising approach to the spectrum scarcity problem.

  3. Control System Damps Vibrations

    Science.gov (United States)

    Kopf, E. H., Jr.; Brown, T. K.; Marsh, E. L.

    1983-01-01

    New control system damps vibrations in rotating equipment with help of phase-locked-loop techniques. Vibrational modes are controlled by applying suitable currents to drive motor. Control signals are derived from sensors mounted on equipment.

  4. ON UNIFIED FINE GRAINED ACCESS CONTROL IN WEB INFORMATION SYSTEM%Web信息系统中统一细粒度访问控制的研究

    Institute of Scientific and Technical Information of China (English)

    朱佃波; 陆剑江; 杨季文

    2009-01-01

    为了实现Web信息系统的细粒度访问控制,研究了MVC(Model-View-Controller)构建模式,然后分别从视图层和控制层上考虑客体的结构和形式,在NIST RBAC的基础上提出了OHRBAC(Object Hierarchy RBAC)模型,并基于该模型分别利用JSP标签技术和AOP技术实现了视图层和控制层的细粒度访问控制,并抽象出Java Web信息系统中细粒度访问控制的一般解决方案,该方案安全性高、操作方便、可以快速部署、可扩展、可伸缩.

  5. Controllability of Quantum Systems

    CERN Document Server

    Schirmer, S G; Solomon, A I

    2003-01-01

    An overview and synthesis of results and criteria for open-loop controllability of Hamiltonian quantum systems obtained using Lie group and Lie algebra techniques is presented. Negative results for open-loop controllability of dissipative systems are discussed, and the superiority of closed-loop (feedback) control for quantum systems is established.

  6. Determinants of Effective Internal Control System in Nigerian Banks ...

    African Journals Online (AJOL)

    Determinants of Effective Internal Control System in Nigerian Banks. ... Log in or Register to get access to full text downloads. ... management observance of control, good remuneration of internal control staff, cost of instituting internal control ...

  7. Bank Access Control of Electronic Payment Based on SPKI%基于SPKI电子支付中的银行端访问控制

    Institute of Scientific and Technical Information of China (English)

    王茜; 王富强; 傅鹤岗; 朱庆生

    2003-01-01

    In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.

  8. Controls Over the Contractor Common Access Card Life Cycle

    Science.gov (United States)

    2008-10-10

    Identification System SES Senior Executive Service SPOC Service Point of Contact TASM Trusted Agent Security Manager USD (AT&L) Under...the final report by October 31, 2008. 53 Finding D. Oversight of Common Access Card Sponsors DoD CVS Service Points of Contact ( SPOCs ...authorization to approve contractor CACs. Organization of CAC Application Sites Each Service agency has an SPOC who is responsible for coordinating with

  9. 计及接入控制策略的宽带电力线 OFDM系统跨层资源分配%Cross-Layer Resource Allocation Considering Access Control for Broadband Power Line OFDM System

    Institute of Scientific and Technical Information of China (English)

    陆俊; 刘振宇; 徐志强; 朱炎平

    2016-01-01

    针对宽带电力线资源分配中的 QoS 需求保证及用户间公平性问题,提出了一种计及接入控制策略的宽带电力线OFDM 系统跨层资源分配算法。首先建立了多用户跨层资源分配系统模型;其次通过公平因子约束实现整体算法的公平性,并提出一种接入控制策略,在某一个或几个用户信道质量较差而需要消耗大量系统资源的情况下,通过拒绝这些用户的接入来保证系统的整体性能;最后,在典型电力线信道的环境下,对该算法及对比算法进行了仿真,仿真结果证明所提算法相对于对比算法可以更有效地满足 QoS 及公平性需求,提升系统性能。%A cross-layer resource allocation algorithm considering access control mechanism is proposed in this paper for solving problem of QoS guarantee and fairness between users in broadband power line communication (BPLC). Model of multi-user cross-layer resource allocation system is established. Then fair factor constraint is used for realizing overall fairness of the algorithm. Moreover, an access control mechanism improving system performance through rejecting users with worse channel gains and more system resource need is proposed. Finally, this algorithm and other comparative algorithms are simulated under typical power line channel environment. Simulation results show that performance of the algorithm is better than that of other algorithms. It can meet QoS requirement and fairness between users more effectively than the comparative algorithms for BPLC. Meanwhile, the system performance is improved.

  10. A secure network access system for mobile IPv6

    Science.gov (United States)

    Zhang, Hong; Yuan, Man; He, Rui; Jiang, Luliang; Ma, Jian; Qian, Hualin

    2004-03-01

    With the fast development of Internet and wireless and mobile communication technology, the Mobile Internet Age is upcoming. For those providing Mobile Internet services, especially from the view of ISP (Internet Service Provider), current mobile IP protocol is insufficient. Since the Mobile IPv6 protocol will be popular in near future, how to provide a secure mobile IPv6 service is important. A secure mobile IPv6 network access system is highly needed for mobile IPv6 deployment. Current methods and systems are still inadequate, including EAP, PANA, 802.1X, RADIUS, Diameter, etc. In this paper, we describe main security goals for a secure mobile IPv6 access system, and propose a secure network access system to achieve them. This access system consists of access router, attendant and authentication servers. The access procedure is divided into three phases, which are initial phase, authentication and registration phase and termination phase. This system has many advantages, including layer two independent, flexible and extensible, no need to modify current IPv6 address autoconfiguration protocols, binding update optimization, etc. Finally, the security of the protocol in this system is analyzed and proved with Extended BAN logic method, and a brief introduction of system implementation is given.

  11. OJADEAC: An Ontology Based Access Control Model for JADE Platform

    Directory of Open Access Journals (Sweden)

    Ban Sharief Mustafa

    2014-06-01

    Full Text Available Java Agent Development Framework (JADE is a software framework to make easy the development of Multi-Agent applications in compliance with the Foundation for Intelligent Physical Agents (FIPA specifications. JADE propose new infrastructure solutions to support the development of useful and convenient distributed applications. Security is one of the most important issues in implementing and deploying such applications. JADE-S security add-ons are one of the most popular security solutions in JADE platform. It provides several security services including authentication, authorization, signature and encryption services. Authorization service will give authorities to perform an action based on a set of permission objects attached to every authenticated user. This service has several drawbacks when implemented in a scalable distributed context aware applications. In this paper, an ontology-based access control model called (OJADEAC is proposed to be applied in JADE platform by combining Semantic Web technologies with context-aware policy mechanism to overcome the shortcoming of this service. The access control model is represented by a semantic ontology, and a set of two level semantic rules representing platform and application specific policy rules. OJADEAC model is distributed, intelligent, dynamic, context-aware and use reasoning engine to infer access decisions based on ontology knowledge.

  12. Socio-economic status influences blood pressure control despite equal access to care

    DEFF Research Database (Denmark)

    Paulsen, M S; Andersen, M; Munck, A P

    2012-01-01

    OBJECTIVE: Denmark has a health care system with free and equal access to care irrespective of age and socio-economic status (SES). We conducted a cross-sectional study to investigate a possible association between SES and blood pressure (BP) control of hypertensive patients treated in general...

  13. Multihop Medium Access Control for WSNs: An Energy Analysis Model

    Directory of Open Access Journals (Sweden)

    Haapola Jussi

    2005-01-01

    Full Text Available We present an energy analysis technique applicable to medium access control (MAC and multihop communications. Furthermore, the technique's application gives insight on using multihop forwarding instead of single-hop communications. Using the technique, we perform an energy analysis of carrier-sense-multiple-access (CSMA- based MAC protocols with sleeping schemes. Power constraints set by battery operation raise energy efficiency as the prime factor for wireless sensor networks. A detailed energy expenditure analysis of the physical, the link, and the network layers together can provide a basis for developing new energy-efficient wireless sensor networks. The presented technique provides a set of analytical tools for accomplishing this. With those tools, the energy impact of radio, MAC, and topology parameters on the network can be investigated. From the analysis, we extract key parameters of selected MAC protocols and show that some traditional mechanisms, such as binary exponential backoff, have inherent problems.

  14. Consistency maintenance for constraint in role-based access control model

    Institute of Scientific and Technical Information of China (English)

    韩伟力; 陈刚; 尹建伟; 董金祥

    2002-01-01

    Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.

  15. Consistency maintenance for constraint in role-based access control model

    Institute of Scientific and Technical Information of China (English)

    韩伟力; 陈刚; 尹建伟; 董金祥

    2002-01-01

    Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule-based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-oriented product data management (PDM) system.

  16. 基于嵌入式微控制器的一体化指纹模块门禁系统的设计%The Design of the Integrated Fingerprint Module Access Control System Based on Embedded Microcontroller

    Institute of Scientific and Technical Information of China (English)

    刘巍; 汪兆栋

    2015-01-01

    基于嵌入式微控制器的一体化指纹模块门禁系统的设计,首先介绍了系统的工作原理,然后重点叙述了系统的软、硬件实现,最后解决了系统的应用问题。该系统采用日趋成熟的基于生物识别技术的一体指纹模,很好地解决了门禁系统中的身份认证问题和机械门锁带来的不便,具有很强的灵活性,可靠性和安全性,非常适合公共场所及高档小区的门禁管理。%This paper introduces the design of the integrated fingerprint module entrance guard system based on em-bedded microcontroller.We introduce the working principle of the system firstly, and then focus on how to realize the software and hardware, and finally we demonstrate the application of the system.The system uses the increasingly ma-ture integrated fingerprint module based on the biometric technology, and effectively solves the problem of the identity authentication in the access control system and avoids the inconvenience of mechanical locks.Since the system is of good flexibility, reliability and security, it is very suitable for the gateway management of public places and high-grade residential quarters.

  17. Electronic Wallet and Access Control Solution Based on RFID MiFare Cards

    Directory of Open Access Journals (Sweden)

    Stefan Victor Lefter

    2013-03-01

    Full Text Available With the advent of Radio Frequency Identification technologies or RFID for short, different types of products and security-relevant applications have been developed for use in fields and businesses like: inventory management, product tracking, access control, passports or transport fare collection. Even though RFID has been around for quite some time, there are some types of businesses like theme parks, water parks or music festivals that haven’t yet tested the benefits that this technology brings. This paper focuses on presenting advantages and disadvantages of using an unified access control and electronic wallet system based on RFID cards like MiFare tags as an alternative to existing ticket/currency access and payment systems employed by the majority of the businesses mentioned above.

  18. Digital Optical Control System

    Science.gov (United States)

    Jordan, David H.; Tipton, Charles A.; Christmann, Charles E.; Hochhausler, Nils P.

    1988-09-01

    We describe the digital optical control system (DOGS), a state-of-the-art controller for electrical feedback in an optical system. The need for a versatile optical controller arose from a number of unique experiments being performed by the Air Force Weapons Laboratory. These experiments use similar detectors and actuator-controlled mirrors, but the control requirements vary greatly. The experiments have in common a requirement for parallel control systems. The DOGS satisfies these needs by allowing several control systems to occupy a single chassis with one master controller. The architecture was designed to allow upward compatibility with future configurations. Combinations of off-the-shelf and custom boards are configured to meet the requirements of each experiment. The configuration described here was used to control piston error to X/80 at a wavelength of 0.51 Am. A peak sample rate of 8 kHz, yielding a closed loop bandwidth of 800 Hz, was achieved.

  19. Discrete Control Systems

    CERN Document Server

    Lee, Taeyoung; McClamroch, N Harris

    2007-01-01

    Discrete control systems, as considered here, refer to the control theory of discrete-time Lagrangian or Hamiltonian systems. These discrete-time models are based on a discrete variational principle, and are part of the broader field of geometric integration. Geometric integrators are numerical integration methods that preserve geometric properties of continuous systems, such as conservation of the symplectic form, momentum, and energy. They also guarantee that the discrete flow remains on the manifold on which the continuous system evolves, an important property in the case of rigid-body dynamics. In nonlinear control, one typically relies on differential geometric and dynamical systems techniques to prove properties such as stability, controllability, and optimality. More generally, the geometric structure of such systems plays a critical role in the nonlinear analysis of the corresponding control problems. Despite the critical role of geometry and mechanics in the analysis of nonlinear control systems, non...

  20. ALFA Detector Control System

    CERN Document Server

    Oleiro Seabra, Luis Filipe; The ATLAS collaboration

    2015-01-01

    ALFA (Absolute Luminosity For ATLAS) is one of the sub-detectors of ATLAS/LHC. The ALFA system is composed by two stations installed in the LHC tunnel 240 m away from each side of the ATLAS interaction point. Each station has a vacuum and ventilation system, movement control and all the required electronic for signal processing. The Detector Control System (DCS) provides control and monitoring of several components and ensures the safe operation of the detector contributing to good Data Quality. This paper describes the ALFA DCS system including a detector overview, operation aspects and hardware control through a SCADA system, WinCC OA.

  1. ALFA Detector Control System

    CERN Document Server

    Oleiro Seabra, Luis Filipe; The ATLAS collaboration

    2015-01-01

    ALFA (Absolute Luminosity For ATLAS) is one of the sub-detectors of ATLAS (A Toroidal LHC Apparatus). The ALFA system is composed by four stations installed in the LHC tunnel 240 m away from the ATLAS interaction point. Each station has a vacuum and ventilation system, movement control and all the required electronics for signal processing. The Detector Control System (DCS) provides control and monitoring of several components and ensures the safe operation of the detector contributing to good Data Quality. This paper describes the ALFA DCS system including a detector overview, operation aspects and hardware control through a SCADA system, WinCC OA.

  2. An Optimal Medium Access Control with Partial Observations for Sensor Networks

    Directory of Open Access Journals (Sweden)

    Servetto Sergio D

    2005-01-01

    Full Text Available We consider medium access control (MAC in multihop sensor networks, where only partial information about the shared medium is available to the transmitter. We model our setting as a queuing problem in which the service rate of a queue is a function of a partially observed Markov chain representing the available bandwidth, and in which the arrivals are controlled based on the partial observations so as to keep the system in a desirable mildly unstable regime. The optimal controller for this problem satisfies a separation property: we first compute a probability measure on the state space of the chain, namely the information state, then use this measure as the new state on which the control decisions are based. We give a formal description of the system considered and of its dynamics, we formalize and solve an optimal control problem, and we show numerical simulations to illustrate with concrete examples properties of the optimal control law. We show how the ergodic behavior of our queuing model is characterized by an invariant measure over all possible information states, and we construct that measure. Our results can be specifically applied for designing efficient and stable algorithms for medium access control in multiple-accessed systems, in particular for sensor networks.

  3. Admission Control and Interference Management in Dynamic Spectrum Access Networks

    Directory of Open Access Journals (Sweden)

    Jorge Martinez-Bauset

    2010-01-01

    Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.

  4. Controllability in nonlinear systems

    Science.gov (United States)

    Hirschorn, R. M.

    1975-01-01

    An explicit expression for the reachable set is obtained for a class of nonlinear systems. This class is described by a chain condition on the Lie algebra of vector fields associated with each nonlinear system. These ideas are used to obtain a generalization of a controllability result for linear systems in the case where multiplicative controls are present.

  5. 基于社交属性的访问控制系统研究与实现%STUDY AND IMPLEMENTATION OF SNS ATTRIBUTES-BASED ACCESS CONTROL SYSTEM

    Institute of Scientific and Technical Information of China (English)

    时钢

    2015-01-01

    随着社交化的推进,社交网络平台在结构和业务特征上出现了新的特点。通过对社交网络业务环境的访问控制需求进行分析,结合访问控制的最新发展方向研究设计适合社交网络业务环境系统的访问控制方案,从而实现社交网络平台中的权限的灵活管理,为社交网络业务环境中的安全保护提供访问控制解决方案。%With social intercourse advancing,the social network platform shows new characters in its structure and business feature.In this paper,through analysing the requirements of access control in SNS business environments and combining the latest development direction of access control,we design an access control scheme suitable for SNS business environments,so that achieve the flexible management of privileges on SNS platform,this provides the access control solution for security protection in SNS business environment.

  6. An Access Control Model of Virtual Machine Security

    Directory of Open Access Journals (Sweden)

    QIN Zhong-yuan

    2013-07-01

    Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.

  7. Efficient identity management and access control in cloud environment

    Science.gov (United States)

    Gloster, Jonathan

    2013-05-01

    As more enterprises are enticed to move data to a cloud environment to enhance data sharing and reduce operating costs by exploiting shared resources, concerns have risen over the ability to secure information within the cloud. This paper examines how a traditional Identity and Access Control (IDAM) architecture can be adapted to address security concerns of a cloud environment. We propose changing the paradigm of IDAM form a pure trust model to a risk based model will enable information to be protected securely in a cloud environment without impacting efficiencies of cloud environments.

  8. Enhancing Data Security and Access Control in Cloud Environment using Modified Attribute Based Encryption Mechanism

    Directory of Open Access Journals (Sweden)

    Apurva R. Naik

    2016-10-01

    Full Text Available Social networking and growing popularity of cloud services have made everyone to communicate each other in an easiest way. File sharing and distribution are the frequently used services provided by cloud service providers, although these facilities reduce cost of data sharing but at the same time data security and access control is the major problem. Many renowned service providers have faced the challenges to secure data and provide better access control, and we know once the data is leaked we cannot recover the data loss. Thus in order to ensure better security we need for focus on the two major problems, and those are access control and encryption policy. Cipher text policy attribute based encryption is the most effective solution for access control in real time scenarios where owner can actually decide the access rights for the end-user, but it comes with key escrow problem. We are proposing our modified escrow-free key issuing protocol to solve the problem of key escrow and our Modified Attribute Based Encryption scheme to achieve all security requirements to get a robust and secure system. Further we evaluate our model on the basis of results and lastly we conclude the paper.

  9. Motion control systems

    CERN Document Server

    Sabanovic, Asif

    2011-01-01

    "Presents a unified approach to the fundamental issues in motion control, starting from the basics and moving through single degree of freedom and multi-degree of freedom systems In Motion Control Systems, Šabanovic and Ohnishi present a unified approach to very diverse issues covered in motion control systems, offering know-how accumulated through work on very diverse problems into a comprehensive, integrated approach suitable for application in high demanding high-tech products. It covers material from single degree of freedom systems to complex multi-body non-redundant and redundant systems. The discussion of the main subject is based on original research results and will give treatment of the issues in motion control in the framework of the acceleration control method with disturbance rejection technique. This allows consistent unification of different issues in motion control ranging from simple trajectory tracking to topics related to haptics and bilateral control without and with delay in the measure...

  10. Applied Control Systems Design

    CERN Document Server

    Mahmoud, Magdi S

    2012-01-01

    Applied Control System Design examines several methods for building up systems models based on real experimental data from typical industrial processes and incorporating system identification techniques. The text takes a comparative approach to the models derived in this way judging their suitability for use in different systems and under different operational circumstances. A broad spectrum of control methods including various forms of filtering, feedback and feedforward control is applied to the models and the guidelines derived from the closed-loop responses are then composed into a concrete self-tested recipe to serve as a check-list for industrial engineers or control designers. System identification and control design are given equal weight in model derivation and testing to reflect their equality of importance in the proper design and optimization of high-performance control systems. Readers’ assimilation of the material discussed is assisted by the provision of problems and examples. Most of these e...

  11. An enhancement of the role-based access control model to facilitate information access management in context of team collaboration and workflow.

    Science.gov (United States)

    Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen

    2012-12-01

    Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.

  12. Control and optimization system

    Science.gov (United States)

    Xinsheng, Lou

    2013-02-12

    A system for optimizing a power plant includes a chemical loop having an input for receiving an input parameter (270) and an output for outputting an output parameter (280), a control system operably connected to the chemical loop and having a multiple controller part (230) comprising a model-free controller. The control system receives the output parameter (280), optimizes the input parameter (270) based on the received output parameter (280), and outputs an optimized input parameter (270) to the input of the chemical loop to control a process of the chemical loop in an optimized manner.

  13. Key issues of multiple access technique for LEO satellite communication systems

    Institute of Scientific and Technical Information of China (English)

    温萍萍; 顾学迈

    2004-01-01

    The large carrier frequency shift caused by the high-speed movement of satellite (Doppler effects) and the propagation delay on the up-down link are very critical issues in an LEO satellite communication system, which affects both the selection and the implementation of a suitable access method. A Doppler based multiple access technique is used here to control the flow and an MPRMA-HS protocol is proposed for the application in LEO satellite communication systems. The extended simulation trials prove that the proposed scheme seems to be a very promising access method.

  14. Control systems engineering

    CERN Document Server

    Nise, Norman S

    1995-01-01

    This completely updated new edition shows how to use MATLAB to perform control-system calculations. Designed for the professional or engineering student who needs a quick and readable update on designing control systems, the text features a series of tightly focused examples that clearly illustrate each concept of designing control systems. Most chapters conclude with a detailed application from the two case studies that run throughout the book: an antenna asimuth control system and a submarine. The author also refers to many examples of design methods.

  15. Step Motor Control System

    Institute of Scientific and Technical Information of China (English)

    ZhangShuochengt; WangDan; QiaoWeimin; JingLan

    2003-01-01

    All kinds of step motors and servomotors are widely used in CSR control system, such as many vacuum valves control that set on the HIRFL-CSR; all kinds of electric switches and knobs of ECR Ion Source; equipment of CSR Beam Diagnostics and a lot of large equipment like Inside Gun Toroid and Collector Toroid of HIRFL. A typical control system include up to 32 16-I/O Control boards, and each 16-I/O Control board can control 4 motors at the same time (including 8 Limit Switches).

  16. Discrete control systems

    CERN Document Server

    Okuyama, Yoshifumi

    2014-01-01

    Discrete Control Systems establishes a basis for the analysis and design of discretized/quantized control systemsfor continuous physical systems. Beginning with the necessary mathematical foundations and system-model descriptions, the text moves on to derive a robust stability condition. To keep a practical perspective on the uncertain physical systems considered, most of the methods treated are carried out in the frequency domain. As part of the design procedure, modified Nyquist–Hall and Nichols diagrams are presented and discretized proportional–integral–derivative control schemes are reconsidered. Schemes for model-reference feedback and discrete-type observers are proposed. Although single-loop feedback systems form the core of the text, some consideration is given to multiple loops and nonlinearities. The robust control performance and stability of interval systems (with multiple uncertainties) are outlined. Finally, the monograph describes the relationship between feedback-control and discrete ev...

  17. A Multi-Hierarchies Role Based Access Control Model for Management Information System%管理信息系统多级访问控制管理模型

    Institute of Scientific and Technical Information of China (English)

    仲华惟

    2014-01-01

    Role-based access control model for large management information system cannot meet the requirement of multi-hi-erarchies decentralized administration. A role-based hierarchical administrative model named MHARBAC is proposed to support top-down authorization. The role tree and the administrate scope which contains user scope, role scope and permission scope are defined to support the permission decentralized over the role tree. The MHARBAC model based on RBAC has significant ad-vantages on term of supporting decentralized administration.%基于角色的访问控制在信息管理系统应用时缺少对分级授权的支持。多级访问控制模型在基于角色的访问控制模型基础上,使用角色树表现角色的层次关系,将用户域、角色域和许可域组合为管理域来限定分级授权的操作范围,实现了权限在角色树上的逐级分发,支持信息管理系统的分级授权要求。

  18. Control system design guide

    Energy Technology Data Exchange (ETDEWEB)

    Sellers, David; Friedman, Hannah; Haasl, Tudi; Bourassa, Norman; Piette, Mary Ann

    2003-05-01

    The ''Control System Design Guide'' (Design Guide) provides methods and recommendations for the control system design process and control point selection and installation. Control systems are often the most problematic system in a building. A good design process that takes into account maintenance, operation, and commissioning can lead to a smoothly operating and efficient building. To this end, the Design Guide provides a toolbox of templates for improving control system design and specification. HVAC designers are the primary audience for the Design Guide. The control design process it presents will help produce well-designed control systems that achieve efficient and robust operation. The spreadsheet examples for control valve schedules, damper schedules, and points lists can streamline the use of the control system design concepts set forth in the Design Guide by providing convenient starting points from which designers can build. Although each reader brings their own unique questions to the text, the Design Guide contains information that designers, commissioning providers, operators, and owners will find useful.

  19. Controllability of Discontinuous Systems

    OpenAIRE

    Veliov, V. M.; Krastanov, M.

    1988-01-01

    This report presents an approach to the local controllability problem for a discontinuous system. The approach is based on a concept of tangent vector field to a generalized dynamic system, which makes possible the differential geometry tools to be applied in the discontinuous case. Sufficient controllability conditions are derived.

  20. Spacecraft momentum control systems

    CERN Document Server

    Leve, Frederick A; Peck, Mason A

    2015-01-01

    The goal of this book is to serve both as a practical technical reference and a resource for gaining a fuller understanding of the state of the art of spacecraft momentum control systems, specifically looking at control moment gyroscopes (CMGs). As a result, the subject matter includes theory, technology, and systems engineering. The authors combine material on system-level architecture of spacecraft that feature momentum-control systems with material about the momentum-control hardware and software. This also encompasses material on the theoretical and algorithmic approaches to the control of space vehicles with CMGs. In essence, CMGs are the attitude-control actuators that make contemporary highly agile spacecraft possible. The rise of commercial Earth imaging, the advances in privately built spacecraft (including small satellites), and the growing popularity of the subject matter in academic circles over the past decade argues that now is the time for an in-depth treatment of the topic. CMGs are augmented ...

  1. Access Denied

    Science.gov (United States)

    Villano, Matt

    2008-01-01

    Building access control (BAC)--a catchall phrase to describe the systems that control access to facilities across campus--has traditionally been handled with remarkably low-tech solutions: (1) manual locks; (2) electronic locks; and (3) ID cards with magnetic strips. Recent improvements have included smart cards and keyless solutions that make use…

  2. ISAIA: Interoperable Systems for Archival Information Access

    Science.gov (United States)

    Hanisch, Robert J.

    2002-01-01

    The ISAIA project was originally proposed in 1999 as a successor to the informal AstroBrowse project. AstroBrowse, which provided a data location service for astronomical archives and catalogs, was a first step toward data system integration and interoperability. The goals of ISAIA were ambitious: '...To develop an interdisciplinary data location and integration service for space science. Building upon existing data services and communications protocols, this service will allow users to transparently query hundreds or thousands of WWW-based resources (catalogs, data, computational resources, bibliographic references, etc.) from a single interface. The service will collect responses from various resources and integrate them in a seamless fashion for display and manipulation by the user.' Funding was approved only for a one-year pilot study, a decision that in retrospect was wise given the rapid changes in information technology in the past few years and the emergence of the Virtual Observatory initiatives in the US and worldwide. Indeed, the ISAIA pilot study was influential in shaping the science goals, system design, metadata standards, and technology choices for the virtual observatory. The ISAIA pilot project also helped to cement working relationships among the NASA data centers, US ground-based observatories, and international data centers. The ISAIA project was formed as a collaborative effort between thirteen institutions that provided data to astronomers, space physicists, and planetary scientists. Among the fruits we ultimately hoped would come from this project would be a central site on the Web that any space scientist could use to efficiently locate existing data relevant to a particular scientific question. Furthermore, we hoped that the needed technology would be general enough to allow smaller, more-focused community within space science could use the same technologies and standards to provide more specialized services. A major challenge to searching

  3. A survey of medium access control protocols for wireless ad hoc networks

    Directory of Open Access Journals (Sweden)

    Elvio João Leonardo

    2004-01-01

    Full Text Available A number of issues distinguishes Medium Access Control (MAC protocols for wireless networks from those used in wireline systems. In addition, for ad-hoc networks, the characteristics of the radio channel, the diverse physical-layer technologies available and the range of services envisioned make it a difficult task to design an algorithm to discipline the access to the shared medium that results efficient, fair, power consumption sensitive and delay bound. This article presents the current “state-of-art” in this area, including solutions already commercially available as well as those still in study.

  4. Assessment of Deafblind Access to Manual Language Systems (ADAMLS)

    Science.gov (United States)

    Blaha, Robbie; Carlson, Brad

    2007-01-01

    This document presents the Assessment of Deafblind Access to Manual Language Systems (ADAMLS), a resource for educational teams who are responsible for developing appropriate adaptations and strategies for children who are deafblind who are candidates for learning manual language systems. The assessment tool should be used for all children with a…

  5. Drone Control System

    Science.gov (United States)

    1983-01-01

    Drones, subscale vehicles like the Firebees, and full scale retired military aircraft are used to test air defense missile systems. The DFCS (Drone Formation Control System) computer, developed by IBM (International Business Machines) Federal Systems Division, can track ten drones at once. A program called ORACLS is used to generate software to track and control Drones. It was originally developed by Langley and supplied by COSMIC (Computer Software Management and Information Center). The program saved the company both time and money.

  6. HYBRID VEHICLE CONTROL SYSTEM

    Directory of Open Access Journals (Sweden)

    V. Dvadnenko

    2016-06-01

    Full Text Available The hybrid vehicle control system includes a start–stop system for an internal combustion engine. The system works in a hybrid mode and normal vehicle operation. To simplify the start–stop system, there were user new possibilities of a hybrid car, which appeared after the conversion. Results of the circuit design of the proposed system of basic blocks are analyzed.

  7. HIPPO Experiment Data Access and Subseting System

    Science.gov (United States)

    Krassovski, Misha; Hook, Les; Christensen, Sigurd; Boden, Tom

    2014-05-01

    atmospheric species from nearly pole-to-pole over the Pacific Ocean across all seasons. The suite of atmospheric trace gases and aerosols is pertinent to understanding the carbon cycle and challenging global climate models. This dataset will provide opportunities for research across a broad spectrum of Earth sciences, including those analyzing the evolution in time and space of the greenhouse gases that affect global climate. The Carbon Dioxide Information Analysis Center (CDIAC) at Oak Ridge National Laboratory (ORNL) provides data management support for the HIPPO experiment including long-term data storage and dissemination. CDIAC has developed a relational database to house HIPPO merged 10-second meteorology, atmospheric chemistry, and aerosol data. This data set provides measurements from all Missions, 1 through 5, that took place from January of 2009 to September 2011. This presentation introduces newly build database and web interface, reflects the present state and functionality of the HIPPO Database and Exploration System as well as future plans for expansion and inclusion of combined discrete flask and GC sample GHG, Halocarbon, and hydrocarbon data.

  8. Secured Resource Sharing in Cloud Storage using Policy based Access Control

    Directory of Open Access Journals (Sweden)

    S. Imavathy

    2015-11-01

    Full Text Available Cloud computing is a general term anything that involves delivering hosted services, Anything as a Service (AaaS, over the web on demand basis. It uses the web and central remote servers to maintain data and applications. The lack of confidence in trusting information flow(users data are usually processes remotely in unknown machines that do not owned or operated by user in cloud has become common, as users fears of losing control of their own data (like personal, professional, financial, Health. In this approach, a secured cloud storage system that achieves policy-based access control is proposed with an information accountability cloud framework to keep track of the actual usage of the clients data.The access policy generated for the file controls the file accesses and policy revocation makes the file permanently inaccessible. The system is built upon a set of cryptographic key operations that are self- maintained by a set of key managers and adds security features. The access details of the data are logged and auditing also performed.

  9. Digital flight control systems

    Science.gov (United States)

    Caglayan, A. K.; Vanlandingham, H. F.

    1977-01-01

    The design of stable feedback control laws for sampled-data systems with variable rate sampling was investigated. These types of sampled-data systems arise naturally in digital flight control systems which use digital actuators where it is desirable to decrease the number of control computer output commands in order to save wear and tear of the associated equipment. The design of aircraft control systems which are optimally tolerant of sensor and actuator failures was also studied. Detection of the failed sensor or actuator must be resolved and if the estimate of the state is used in the control law, then it is also desirable to have an estimator which will give the optimal state estimate even under the failed conditions.

  10. Control Oriented System Identification

    Science.gov (United States)

    1993-08-01

    The research goals for this grant were to obtain algorithms for control oriented system identification is to construct dynamical models of systems...and measured information. Algorithms for this type of nonlinear system identification have been given that produce models suitable for gain scheduled

  11. IGISOL control system modernization

    Energy Technology Data Exchange (ETDEWEB)

    Koponen, J., E-mail: jukka.ae.koponen@jyu.fi; Hakala, J.

    2016-06-01

    Since 2010, the IGISOL research facility at the Accelerator laboratory of the University of Jyväskylä has gone through major changes. Comparing the new IGISOL4 facility to the former IGISOL3 setup, the size of the facility has more than doubled, the length of the ion transport line has grown to about 50 m with several measurement setups and extension capabilities, and the accelerated ions can be fed to the facility from two different cyclotrons. The facility has evolved to a system comprising hundreds of manual, pneumatic and electronic devices. These changes have prompted the need to modernize also the facility control system taking care of monitoring and transporting the ion beams. In addition, the control system is also used for some scientific data acquisition tasks. Basic guidelines for the IGISOL control system update have been remote control, safety, usability, reliability and maintainability. Legacy components have had a major significance in the control system hardware and for the renewed control system software the Experimental Physics and Industrial Control System (EPICS) has been chosen as the architectural backbone.

  12. Load Control System Reliability

    Energy Technology Data Exchange (ETDEWEB)

    Trudnowski, Daniel [Montana Tech of the Univ. of Montana, Butte, MT (United States)

    2015-04-03

    This report summarizes the results of the Load Control System Reliability project (DOE Award DE-FC26-06NT42750). The original grant was awarded to Montana Tech April 2006. Follow-on DOE awards and expansions to the project scope occurred August 2007, January 2009, April 2011, and April 2013. In addition to the DOE monies, the project also consisted of matching funds from the states of Montana and Wyoming. Project participants included Montana Tech; the University of Wyoming; Montana State University; NorthWestern Energy, Inc., and MSE. Research focused on two areas: real-time power-system load control methodologies; and, power-system measurement-based stability-assessment operation and control tools. The majority of effort was focused on area 2. Results from the research includes: development of fundamental power-system dynamic concepts, control schemes, and signal-processing algorithms; many papers (including two prize papers) in leading journals and conferences and leadership of IEEE activities; one patent; participation in major actual-system testing in the western North American power system; prototype power-system operation and control software installed and tested at three major North American control centers; and, the incubation of a new commercial-grade operation and control software tool. Work under this grant certainly supported the DOE-OE goals in the area of “Real Time Grid Reliability Management.”

  13. Access Control in IoT/M2M - Cloud Platform

    DEFF Research Database (Denmark)

    Anggorojati, Bayu

    and quality of life. This paradigm, which is often called Internet of Things (IoT) or Machine-to-Machine (M2M), will provide an unprecedented opportunity to create applications and services that go far beyond the mere purpose of each participant. Many studies on the both technical and social aspects of IoT...... of a system can be accessed by other parties by means of a set of access policies. For an IoT system such as Radio Frequency Identification (RFID) that collects huge amounts of RFID events data and may store it in the cloud storage for tracking purpose, access control to such data becomes a critical point...... management in RFID system is of paramount importance. A distributed cloud platform approach for the IoT/M2M, which consists of a set of IoT/M2M gateways, is introduced to cope with some inherent issues of IoT network which is highly heterogeneous and distributed in nature. As aresult, access control becomes...

  14. 角色访问控制技术在图书流通系统的应用%The Application of Role-based Access Control Technology in Library Books Circulation System

    Institute of Scientific and Technical Information of China (English)

    张海鸥

    2010-01-01

    角色访问控制(Role-Based Access Control,RBAC)技术是近年来计算机网络访问控制研究的热点技术之一.将角色访问控制技术应用于图书馆的图书流通系统中,能够降低授权管理的复杂度,提高系统的安全性.

  15. Adaptive Media Access Control for Energy Harvesting - Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Fafoutis, Xenofon; Dragoni, Nicola

    2012-01-01

    ODMAC (On-Demand Media Access Control) is a recently proposed MAC protocol designed to support individual duty cycles for Energy Harvesting — Wireless Sensor Networks (EH-WSNs). Individual duty cycles are vital for EH-WSNs, because they allow nodes to adapt their energy consumption to the ever......-changing environmental energy sources. In this paper, we present an improved and extended version of ODMAC and we analyze it by means of an analytical model that can approximate several performance metrics in an arbitrary network topology. The simulations and the analytical experiments show ODMAC's ability to satisfy...... three key properties of EH-WSNs: adaptability of energy consumption, distributed energy-aware load balancing and support for different application-specific requirements....

  16. Applying the Earth System Grid Security System in a Heterogeneous Environment of Data Access Services

    Science.gov (United States)

    Kershaw, Philip; Lawrence, Bryan; Lowe, Dominic; Norton, Peter; Pascoe, Stephen

    2010-05-01

    CEDA (Centre for Environmental Data Archival) based at STFC Rutherford Appleton Laboratory is host to the BADC (British Atmospheric Data Centre) and NEODC (NERC Earth Observation Data Centre) with data holdings of over half a Petabyte. In the coming months this figure is set to increase by over one Petabyte through the BADC's role as one of three data centres to host the CMIP5 (Coupled Model Intercomparison Project Phase 5) core archive of climate model data. Quite apart from the problem of managing the storage of such large volumes there is the challenge of collating the data together from the modelling centres around the world and enabling access to these data for the user community. An infrastructure to support this is being developed under the US Earth System Grid (ESG) and related projects bringing together participating organisations together in a federation. The ESG architecture defines Gateways, the web interfaces that enable users to access data and data serving applications organised into Data Nodes. The BADC has been working in collaboration with US Earth System Grid team and other partners to develop a security system to restrict access to data. This provides single sign-on via both OpenID and PKI based means and uses role based authorisation facilitated by SAML and OpenID based interfaces for attribute retrieval. This presentation will provide an overview of the access control architecture and look at how this has been implemented for CEDA. CEDA has developed an expertise in data access and information services over several years through a number of projects to develop and enhance these capabilities. Participation in CMIP5 comes at a time when a number of other software development activities are coming to fruition. New services are in the process of being deployed alongside services making up the system for ESG. The security system must apply access control across this heterogeneous environment of different data services and technologies. One strand

  17. Secure Access Control and Large Scale Robust Representation for Online Multimedia Event Detection

    Directory of Open Access Journals (Sweden)

    Changyu Liu

    2014-01-01

    Full Text Available We developed an online multimedia event detection (MED system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

  18. Secure access control and large scale robust representation for online multimedia event detection.

    Science.gov (United States)

    Liu, Changyu; Lu, Bin; Li, Huiling

    2014-01-01

    We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

  19. ISTTOK control system upgrade

    Energy Technology Data Exchange (ETDEWEB)

    Carvalho, Ivo S., E-mail: ivoc@ipfn.ist.utl.pt; Duarte, Paulo; Fernandes, Horácio; Valcárcel, Daniel F.; Carvalho, Pedro J.; Silva, Carlos; Duarte, André S.; Neto, André; Sousa, Jorge; Batista, António J.N.; Carvalho, Bernardo B.

    2013-10-15

    Highlights: •ISTTOK fast controller. •All real-time diagnostic and actuators were integrated in the control platform. •100 μs control cycle under the MARTe framework. •The ISTTOK control system upgrade provides reliable operation with an improved operational space. -- Abstract: The ISTTOK tokamak (Ip = 4 kA, BT = 0.5 T, R = 0.46 m, a = 0.085 m) is one of the few tokamaks with regular alternate plasma current (AC) discharges scientific programme. In order to improve the discharge stability and to increase the number of AC discharge cycles a novel control system was developed. The controller acquires data from 50 analog-to-digital converter (ADC) channels of real-time diagnostics and measurements: tomography, Mirnov coils, interferometer, electric probes, sine and cosine probes, bolometer, current delivered by the power supplies, loop voltage and plasma current. The system has a control cycle of 100 μs during which it reads all the diagnostics connected to the advanced telecommunications computing architecture (ATCA) digitizers and sends the control reference to ISTTOK actuators. The controller algorithms are executed on an Intel{sup ®} Q8200 chip with 4 cores running at 2.33 GHz and connected to the I/O interfaces through an ATCA based environment. The real-time control system was programmed in C++ on top of the Multi-threaded Application Real-Time executor (MARTe). To extend the duration of the AC discharges and the plasma stability a new magnetising field power supply was commissioned and the horizontal and vertical field power supplies were also upgraded. The new system also features a user-friendly interface based on HyperText Markup Language (HTML) and Javascript to configure the controller parameters. This paper presents the ISTTOK control system and the consequent update of real-time diagnostics and actuators.

  20. The evolution of the ISOLDE control system

    Energy Technology Data Exchange (ETDEWEB)

    Jonsson, O.C.; Catherall, R.; Deloose, I.; Evensen, A.H.M.; Gase, K.; Focker, G.J.; Fowler, A.; Kugler, E.; Lettry, J.; Olesen, G.; Ravn, H.L. [European Organization for Nuclear Research, Geneva (Switzerland); Drumm, P. [RAL, Chilton Didcot (United Kingdom); ISOLDE Collaboration

    1997-04-01

    The ISOLDE on-line mass separator facility is operating on a personal computer based control system since spring 1992. Front end computers accessing the hardware are controlled from consoles running Microsoft Windows through a novell NetWare4 local area network. The control system is transparently integrated in the CERN wide office network and makes heavy use of the CERN standard office application programs to control and to document the running of the ISOLDE isotope separators. This paper recalls the architecture of the control system, shows its recent developments and gives some examples of its graphical user interface. (orig.). 12 refs.

  1. The evolution of the ISOLDE control system

    CERN Document Server

    Jonsson, O C; Deloose, I; Drumm, P V; Evensen, A H M; Gase, K; Focker, G J; Fowler, A B; Kugler, E; Lettry, Jacques; Olesen, G; Ravn, H L

    1997-01-01

    The ISOLDE on-line mass separator facility is operating on a Personal Computer based control system since spring 1992. Front End Computers accessing the hardware are controlled from consoles running Microsoft WindowsTM through a Novell NetWare4TM local area network. The control system is transparently integrated in the CERN wide office network and makes heavy use of the CERN standard office application programs to control and to document the running of the ISOLDE isotope separators. This paper recalls the architecture of the control system, shows its recent developments and gives some examples of its graphical user interface.

  2. The evolution of the ISOLDE control system

    Science.gov (United States)

    Jonsson, O. C.; Catherall, R.; Deloose, I.; Drumm, P.; Evensen, A. H. M.; Gase, K.; Focker, G. J.; Fowler, A.; Kugler, E.; Lettry, J.; Olesen, G.; Ravn, H. L.; Isolde Collaboration

    The ISOLDE on-line mass separator facility is operating on a Personal Computer based control system since spring 1992. Front End Computers accessing the hardware are controlled from consoles running Microsoft Windows ™ through a Novell NetWare4 ™ local area network. The control system is transparently integrated in the CERN wide office network and makes heavy use of the CERN standard office application programs to control and to document the running of the ISOLDE isotope separators. This paper recalls the architecture of the control system, shows its recent developments and gives some examples of its graphical user interface.

  3. The cryogenic control system of BEPCⅡ

    Institute of Scientific and Technical Information of China (English)

    LI Gang; WANG Ke-Xiang; ZHAO Ji-Jiu; YUE Ke-Juan; DAI Ming-Sui; HUANG Yi-Ling; JIANG Bo

    2008-01-01

    A superconducting cryogenic system has been designed and deployed in the Beijing Electron-Positron Collider Upgrade Project(BEPCⅡ).The system consists of a Siemens PLC(ST-PLC,Programmable Logic Controller)for the compressor control,an Allen Bradley(AB)PLC for the cryogenic equipments,and the Experimental Physics and Industrial Control System(EPICS)that integrates the PLCs.The system fully automates the superconducting cryogenic control with process control,PID(Proportional-Integral-Differential)control loops,real-time data access and data storage,alarm handler and human machine interface.It is capable of automatic recovery as well.This paper describes the BEPCⅡ cryogenic control system,data communication between ST-PLC and EPICS Input/Output Controllers(IOCs),and the integration of the flow control,the low level interlock,the AB-PLC,and EPICS.

  4. The cryogenic control system of BEPCII

    Science.gov (United States)

    Li, Gang; Wang, Ke-Xiang; Zhao, Ji-Jiu; Yue, Ke-Juan; Dai, Ming-Hui; Huang, Yi-Ling; Jiang, Bo

    2008-04-01

    A superconducting cryogenic system has been designed and deployed in the Beijing Electron- Positron Collider Upgrade Project (BEPCII). The system consists of a Siemens PLC (S7-PLC, Programmable Logic Controller) for the compressor control, an Allen Bradley (AB) PLC for the cryogenic equipments, and the Experimental Physics and Industrial Control System (EPICS) that integrates the PLCs. The system fully automates the superconducting cryogenic control with process control, PID (Proportional-Integral-Differential) control loops, real-time data access and data storage, alarm handler and human machine interface. It is capable of automatic recovery as well. This paper describes the BEPCII cryogenic control system, data communication between S7-PLC and EPICS Input/Output Controllers (IOCs), and the integration of the flow control, the low level interlock, the AB-PLC, and EPICS.

  5. Design of Novel Online Access and Control Interface for Remote Experiment on DC Drives

    Directory of Open Access Journals (Sweden)

    Jagadeesh Chandra A.P

    2009-05-01

    Full Text Available Internet has revolutionized the way in which the information is delivered. Laboratory based courses play an important role in technical education. Automation is changing the nature of these laboratories and the system designer’s focus on Internet accessed experiments owing to the availability of several tools to integrate electronic and mechanical hardware with the World Wide Web. Stand-alone approaches in remote learning have grown tremendously in the recent years. One of the important components in remote experimentation is the integration of Virtual Instruments to perform real hardware tasks in near real-time. The paper describes a web interface to the electrical hardware and integration of LabVIEW Virtual Instruments to the remote access and control of DC Drives. Customized electrical hardware serves as the web interface, supporting various features to remotely control and measure the parameters of the electrical machine. Novel techniques have been used to interface a low power data acquisition system with the DC machine driven by the AC power supply. The system uses the client-server architecture to access the web page of the Virtual Instruments through web browser. The developed system imitates the real control of experiment hardware, but being operated remotely through Internet.

  6. Binary digit based design and implementation of multi-hierarchy multiplexing access authorization control system%多层次复用系统访问权限控制方法设计与实现

    Institute of Scientific and Technical Information of China (English)

    江伟欢; 张作萍

    2014-01-01

    To implement the multi-hierarchy multiplexing access authorization control,an approach of binary digit based access authorization control was proposed.Aiming at mutual independence feature at the same level and affiliation character between layers,hierarchy and attribute of the target was defined and the length of binary digit data was used to represent it.An approach of representation of access authorization with binary digit data was designed.This approach had been proved to be able to simplify the design of database,implement access authorization control and make the design of related program get brief and effi-cient.%为了实现多层次复用系统访问权限控制,设计了基于二进制的访问权限控制方法。针对系统同一层次对象的互相独立性及高低层次对象的隶属关系,定义了对象的层次对象属性,使用一段二进制数据进行表示;设计了访问权限的二进制数据表示方法。在某信息系统中的应用结果表明,该方法在实现要求的权限控制同时,有助于简化数据库设计,使相关的程序设计简洁高效。

  7. Control and Information Systems

    Directory of Open Access Journals (Sweden)

    Jiri Zahradnik

    2003-01-01

    Full Text Available The article deals with main tends of scientific research activities of Department of Control and Information Systems at the Faculty of Electrical Engineering of University of Zilina and its perspectives in this area.

  8. On the Need of Novel Medium Access Control Schemes for Network Coding enabled Wireless Mesh Networks

    DEFF Research Database (Denmark)

    Paramanathan, Achuthan; Pahlevani, Peyman; Roetter, Daniel Enrique Lucani;

    2013-01-01

    This paper advocates for a new Medium Access Control (MAC) strategy for wireless meshed networks by identifying overload scenarios in order to provide additional channel access priority to the relay. The key behind our MAC protocol is that the relay will adjust its back off window size according...... to the incoming and outgoing packet ratio. We describe the new protocol as an extension to the CSMA/CA protocol and implement the protocol on our own hardware platform. By means of our own testbed, we investigate two basic network structures, namely, the two-way relay and the cross topology. It is well known...... that network coding will improve the throughput in such systems, but our novel medium access scheme improves the performance in the cross topology by another 66 % for network coding and 150 % for classical forwarding in theory. These gains translate in a theoretical gain of 33 % of network coding over...

  9. Tautological control systems

    CERN Document Server

    Lewis, Andrew D

    2014-01-01

    This brief presents a description of a new modelling framework for nonlinear/geometric control theory. The framework is intended to be—and shown to be—feedback-invariant. As such, Tautological Control Systems provides a platform for understanding fundamental structural problems in geometric control theory. Part of the novelty of the text stems from the variety of regularity classes, e.g., Lipschitz, finitely differentiable, smooth, real analytic, with which it deals in a comprehensive and unified manner. The treatment of the important real analytic class especially reflects recent work on real analytic topologies by the author. Applied mathematicians interested in nonlinear and geometric control theory will find this brief of interest as a starting point for work in which feedback invariance is important. Graduate students working in control theory may also find Tautological Control Systems to be a stimulating starting point for their research.

  10. Reset Control Systems

    CERN Document Server

    Baños, Alfonso

    2012-01-01

    Reset Control Systems addresses the analysis for reset control treating both its basic form which requires only that the state of the controller be reinitialized to zero (the reset action) each time the tracking error crosses zero (the reset condition), and some useful variations of the reset action (partial reset with fixed or variable reset percentage) and of the reset condition (fixed or variable reset band and anticipative reset). The issues regarding reset control – concepts and motivation; analysis tools; and the application of design methodologies to real-world examples – are given comprehensive coverage. The text opens with an historical perspective which moves from the seminal work of the Clegg integrator and Horowitz FORE to more recent approaches based on impulsive/hybrid control systems and explains the motivation for reset compensation. Preliminary material dealing with notation, basic definitions and results, and with the definition of the control problem under study is also included. The fo...

  11. Accessing and Sharing Data Using the CUAHSI Hydrologic Information System

    Science.gov (United States)

    Tarboton, D. G.; Horsburgh, J. S.; Whiteaker, T. L.; Maidment, D. R.; Zaslavsky, I.

    2008-12-01

    The Consortium of Universities for the Advancement of Hydrologic Science, Inc (CUAHSI) has a Hydrologic Information System (HIS) project, which is developing infrastructure to support the sharing of hydrologic data through web services and tools for data discovery, access and publication. Centralized data services support access to National Datasets such as the USGS National Water Information System (NWIS) and SNOTEL, in a standard way. Distributed data services allow users to establish their own server and publish their data through CUAHSI HIS web services. Once such a data service is registered within HIS Central, it becomes searchable and accessible through the centralized discovery and data access tools. The HIS is founded upon an information model for observations at stationary points that supports its data services. This is implemented as both XML and relational database schema for transmission and storage of data respectively. WaterML is the XML based data transmission model that underlies the machine to machine communications, while the Observations Data Model (ODM) is a relational database model for persistent data storage. Web services support access to hydrologic data stored in ODM and transmitted using WaterML directly from applications software such as Excel, MATLAB and ArcGIS that have Simple Object Access Protocol (SOAP) capability. A significant value of web services derives from the capability to use them from within a user's preferred analysis environment, rather than requiring a user to learn new software. This allows a user to work with data from national and academic sources, almost as though it was on their local disk. This poster will be computer-based with internet access for demonstration of HIS tools and functionality.

  12. Internal control system

    OpenAIRE

    Pavésková, Ivana

    2012-01-01

    Dissertation focuse on the internal control system in the enterprises, aims to map the control system by focusing on the purchasing department. I focused on the purchasing process, because with an increasing trends of outsourcing services and the increasing interconnectedness of enterprises increases the risk of fraud currently in the purchasing process. To the research was selected the sample of companies from the banking and non-banking environment, to which were sent a questionnaire focusi...

  13. A novel IPTV program multiplex access system to EPON

    Science.gov (United States)

    Xu, Xian; Liu, Deming; He, Wei; Lu, Xi

    2007-11-01

    With the rapid development of high speed networks, such as Ethernet Passive Optical Network (EPON), traffic patterns in access networks have evolved from traditional text-oriented service to the mixed text-, voice- and video- based services, leading to so called "Triple Play". For supporting IPTV service in EPON access network infrastructure, in this article we propose a novel IPTV program multiplex access system to EPON, which enables multiple IPTV program source servers to seamlessly access to IPTV service access port of optical line terminal (OLT) in EPON. There are two multiplex schemes, namely static multiplex scheme and dynamic multiplex scheme, in implementing the program multiplexing. Static multiplex scheme is to multiplex all the IPTV programs and forward them to the OLT, regardless of the need of end-users. While dynamic multiplex scheme can dynamically multiplex and forward IPTV programs according to what the end-users actually demand and those watched by no end-user would not be multiplexed. By comparing these two schemes, a reduced traffic of EPON can be achieved by using dynamic multiplex scheme, especially when most end-users are watching the same few IPTV programs. Both schemes are implemented in our system, with their hardware and software designs described.

  14. Nonlinear Control Systems

    Science.gov (United States)

    2007-03-01

    IEEE Transactions on Automatic Control , AC- 48, pp. 1712-1723, (2003). [14] C.I. Byrnes, A. Isidori...Nonlinear internal models for output regulation,” IEEE Transactions on Automatic Control , AC-49, pp. 2244-2247, (2004). [15] C.I. Byrnes, F. Celani, A...approach,” IEEE Transactions on Automatic Control , 48 (Dec. 2003), 2172–2190. 2. C. I. Byrnes, “Differential Forms and Dynamical Systems,” to appear

  15. Design of District Vehicle Access Control System Based on UHF RFID Technology%基于 UHF RFID 技术的小区车辆门禁系统设计

    Institute of Scientific and Technical Information of China (English)

    赵彦; 张刚

    2016-01-01

    Vehicle management mode in traditional residential quarters mostly rely on guards ,both time‐consuming and labori‐ous ,reliability and accuracy are also not meeting the requirements ,the district’s security is without strong assurance .To solve this thorny problem ,a district vehicle access control system is designed based on UHF RFID technology ,on the basis of the Internet of Things ,and by setting the electronic tag on vehicles ,then the reader is combined to the computer network to achieve the automatic recognition of vehicle license .The model has a fast and efficient characteristics ,scientific and effective way to manage the vehicle within the cell ,the burden on the management staff is reduced ,the lives of residents are facilitated .%传统的住宅小区对进出车辆的管理模式,大部分都是门卫的人工操作,既费时又费力,可靠性和准确度也达不到要求,小区的安全性得不到有力的保证。针对这一棘手问题,提出了基于 U HF RFID 技术的小区车辆门禁系统,在物联网理论的基础上,通过对进出车辆设定电子标签,把读写器和计算机网络相结合,实现了车辆标签牌照的自动识别。该模式具有快速、高效的特点,科学有效地对小区内的车辆进行管理,减轻了管理人员的负担,方便了居民的日常生活。

  16. Research of Virtual Accelerator Control System

    Institute of Scientific and Technical Information of China (English)

    DongJinmei; YuanYoujin; ZhengJianhua

    2003-01-01

    A Virtual Accelerator is a computer process which simulates behavior of beam in an accelerator and responds to the accelerator control program under development in a same way as an actual accelerator. To realize Virtual Accelerator, control system should provide the same program interface to top layer Application Control Program, it can make 'Real Accelerator' and 'Virtual Accelerator'use the same GUI, so control system should have a layer to hide hardware details, Application Control Program access control devices through logical name but not through coded hardware address. Without this layer, it is difficult to develop application program which can access both 'Virtual' and 'Real' Accelerators using same program interfaces. For this reason, we can create CSR Runtime Database which allows application program to access hardware devices and data on a simulation process in a unified way. A device 'is represented as a collection of records in CSR Runtime Database. A control program on host computer can access devices in the system only through names of record fields, called channel.

  17. Access and Use of Federal Data through NSF's CASPAR System.

    Science.gov (United States)

    Firnberg, James W.

    1991-01-01

    The National Science Foundation's Computer-Aided Science Policy and Research database system provides microcomputer-based access and manipulation of multiple national databases for federal and now institutional use. Applications at West Virginia University, Portland State University, and the State University of New York at Buffalo pilot tested the…

  18. system hardening architecture for safer access to critical business ...

    African Journals Online (AJOL)

    eobe

    a computer system or to inject malicious code into it, aimed at causing harm to ... 34 No. 4, October 2015 789 safer access to stored data, and therefore, decrease in ..... Computer and Communication Engineering, Vol. 3,. Number 1, 2014, pp ...

  19. 45 CFR 95.615 - Access to systems and records.

    Science.gov (United States)

    2010-10-01

    ... 45 Public Welfare 1 2010-10-01 2010-10-01 false Access to systems and records. 95.615 Section 95.615 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION GENERAL ADMINISTRATION-GRANT PROGRAMS (PUBLIC ASSISTANCE, MEDICAL ASSISTANCE AND STATE CHILDREN'S HEALTH INSURANCE...

  20. An Information System to Access Status Information of the LHCb Online

    Science.gov (United States)

    Frank, M.; Gaspar, C.

    2012-12-01

    The LHCb collaboration consists of roughly 700 physicists from 52 institutes and universities. Most of the collaborating physicists - including subdetector experts - are not permanently based at CERN. This paper describes the architecture used to publish data internal to the LHCb experiment control- and data acquisition system to the World Wide Web. Collaborators can access the online (sub-) system status and the system performance directly from the institute abroad, from home or from a smart phone without the need of direct access to the online computing infrastructure.

  1. Suction catheter for enhanced control and accuracy of transseptal access.

    Science.gov (United States)

    Sulkin, Matthew S; Berwick, Zachary C; Hermiller, James B; Navia, Jose A; Kassab, Ghassan S

    2016-12-20

    Percutaneous structural heart therapies, such as mitral value repair, require site-specific transseptal access (TSA). This can be challenging for interventional cardiologists. We describe a TSA catheter (TSAC) that utilises suction for enhanced control and puncture accuracy. Here, we aim to evaluate the safety and efficacy of the device. Ex vivo interatrial septum preparations were dissected from swine (n=8) and diseased human hearts (n=6) to quantify TSAC suction and needle puncture force. TSAC suction was 6.5-fold greater than the opposing needle puncture force, and thus provides sufficient stabilisation for punctures. The safety and efficacy of TSAC was evaluated in a chronic mitral regurgitation swine model (n=10) and compared to a conventional TSA device. MR was induced by disrupting one to three mitral chordae tendineae, and the progression of heart disease was followed for three weeks. During device testing, procedure time and fluoroscopy exposure were not statistically different between devices. TSAC reduced septal displacement from 8.7±0.30 mm to 3.60±0.19 mm (p<0.05) and improved puncture accuracy 1.75-fold. TSAC provides controlled TSA and improves puncture accuracy, while maintaining procedure time and workflow. These findings provide a strong rationale for a first-in-man study to demonstrate the clinical utility of the device.

  2. A method for controlling enterprises access to an eco-industrial park.

    Science.gov (United States)

    Zhu, Li; Zhou, Jianren; Cui, Zhaojie; Liu, Lei

    2010-09-15

    Member enterprises have a vital effect on the stability and system efficiency of an eco-industrial park (EIP), and a selection and control for them is an important part. This paper proposes a new method which is an establishment of both an access indicator system and an extendable optimal degree evaluation model. The indicator system comprises seven primary indicators and twenty-seven secondary indicators. The first three primary indicators, matching the existing industrial chains or not, park capacity and park environmental performance improvement, are proposed from the perspective of an EIP. The others including eco-design, economic benefit, utilization of resources, and pollution control, are suggested from the point of view of enterprises. This new access indicator system provides a basis for evaluating candidate enterprises. The extendable optimal degree evaluation which was proposed by Prof. Caiwen is a method to assess the satisfactoriness of all the indicators and to assign an optimal degree order to each candidate enterprise accordingly. There are four steps to conduct the evaluation after establishing the access indicator system: (1) selecting correlation function; (2) calculating correlations; (3) assigning weights and current values of indicators; and (4) calculating the optimal degree of all the candidate enterprises. The enterprises can be ranked based on optimal degree results. The highest-ranked enterprise should have the highest priority of entering the EIP. This study provides the specifics of applying the method by examining the case of Yantai Economy Technology Development Zone EIP (YTEIP) in Shandong province. The method provides a practical tool for controling enterprise access to an EIP. However, the reasonability and validity of indicators and effectiveness of the established method of extendable optimal degree evaluation merit further studies.

  3. Distributed joint power and access control algorithm for secondary spectrum sharing

    Science.gov (United States)

    Li, Hongyan; Chen, Enqing; Fu, Hongliang

    2010-08-01

    Based on interference temperature model, the problem of efficient secondary spectrum sharing is formulated as a power optimization problem with some constraints at physical layer. These constraints and optimization objective limit a feasible power vector set which leads to the need of access control besides power control. In this paper, we consider the decentralized cognitive radio network scenario where short-term data service is required, and the problem of distributed joint power and access control is studied to maximize the total secondary system throughput, subject to Quality of Service (QoS) constraints from individual secondary users and interference temperature limit (ITL) from primary system. Firstly, a pricing-based game model was used to solve distributed power allocation optimization problem in both high and low signal to interference noise ratio (SINR) scenarios. Secondly, when not all the secondary links can be supported with their QoS requirement and ITL, a distributed joint power and access control algorithm was introduced to find the allowable links which results in maximum network throughput with all the constraints satisfied, and the convergence performance is tested by simulations.

  4. Open access pricing methodology in economically adapted electric transmission systems

    Energy Technology Data Exchange (ETDEWEB)

    Rudnick, Hugh; Cura, Eliana; Palma, Rodrigo [Pontificia Univ. Catolica de Chile, Santiago (Chile). Dept. de Ingenieria Electrica

    1996-07-01

    Open access pricing methodologies are evaluated in a deregulated environment, as applied to an economically adapted electric transmission system over a ten year time horizon. A transmission planning methodology using a genetic algorithm is used to determine the adapted system and the required investment over the horizon. A production cost simulation algorithm is utilized to determine the operation of the hydroelectric system and the resultant short term marginal income. Different pricing methodologies to allocate the required supplement, as applied to the Chilean central interconnected electrical system, are evaluated: use of system, postage stamp and user benefit. The resultant payment allocations are assessed and their economic impact on participants is discussed. (author)

  5. FABRIC QUALITY CONTROL SYSTEMS

    Directory of Open Access Journals (Sweden)

    Özlem KISAOĞLU

    2006-02-01

    Full Text Available Woven fabric quality depends on yarn properties at first, then weaving preparation and weaving processes. Defect control of grey and finished fabric is done manually on the lighted tables or automatically. Fabrics can be controlled by the help of the image analysis method. In image system the image of fabrics can be digitized by video camera and after storing controlled by the various processing. Recently neural networks, fuzzy logic, best wavelet packet model on automatic fabric inspection are developed. In this study the advantages and disadvantages of manual and automatic, on-line fabric inspection systems are given comparatively.

  6. Computer controlled antenna system

    Science.gov (United States)

    Raumann, N. A.

    1972-01-01

    The application of small computers using digital techniques for operating the servo and control system of large antennas is discussed. The advantages of the system are described. The techniques were evaluated with a forty foot antenna and the Sigma V computer. Programs have been completed which drive the antenna directly without the need for a servo amplifier, antenna position programmer or a scan generator.

  7. Fault Tolerant Control Systems

    DEFF Research Database (Denmark)

    Bøgh, S. A.

    was to avoid a total close-down in case of the most likely faults. The second was a fault tolerant attitude control system for a micro satellite where the operation of the system is mission critical. The purpose was to avoid hazardous effects from faults and maintain operation if possible. A method...

  8. CNEOST Control Software System

    Science.gov (United States)

    Wang, X.; Zhao, H. B.; Xia, Y.; Lu, H.; Li, B.

    2015-03-01

    In 2013, CNEOST (China Near Earth Object Survey Telescope) adapted its hardware system for the new CCD camera. Based on the new system architecture, the control software is re-designed and implemented. The software system adopts the message passing mechanism via WebSocket protocol, and improves its flexibility, expansibility, and scalability. The user interface with responsive web design realizes the remote operating under both desktop and mobile devices. The stable operating of software system has greatly enhanced the operation efficiency while reducing the complexity, and has also made a successful attempt for the future system design of telescope and telescope cloud.

  9. Does the public deserve free access to climate system science?

    Science.gov (United States)

    Grigorov, Ivo

    2010-05-01

    Some time ago it was the lack of public access to medical research data that really stirred the issue and gave inertia for legislation and a new publishing model that puts tax payer-funded medical research in the hands of those who fund it. In today's age global climate change has become the biggest socio-economic challenge, and the same argument resonates: climate affects us all and the publicly-funded science quantifying it should be freely accessible to all stakeholders beyond academic research. Over the last few years the ‘Open Access' movement to remove as much as possible subscription, and other on-campus barriers to academic research has rapidly gathered pace, but despite significant progress, the climate system sciences are not among the leaders in providing full access to their publications and data. Beyond the ethical argument, there are proven and tangible benefits for the next generation of climate researchers to adapt the way their output is published. Through the means provided by ‘open access', both data and ideas can gain more visibility, use and citations for the authors, but also result in a more rapid exchange of knowledge and ideas, and ultimately progress towards a sought solution. The presentation will aim to stimulate discussion and seek progress on the following questions: Should free access to climate research (& data) be mandatory? What are the career benefits of using ‘open access' for young scientists? What means and methods should, or could, be incorporated into current European graduate training programmes in climate research, and possible ways forward?

  10. Controllability of delay systems with restrained controls

    Science.gov (United States)

    Chukwu, E. N.

    1979-01-01

    Using a geometric growth condition, both the function space and Euclidean controllability of a nonlinear delay system which has a compact and convex control set are characterized. This extends analogous results for ordinary differential systems, and it yields conditions under which perturbed nonlinear delay controllable systems are controllable.

  11. Intelligent traffic control system using PLC

    Science.gov (United States)

    Barz, C.; Todea, C.; Latinovic, T.; Preradovic, D. M.; Deaconu, S.; Berdie, A.

    2016-08-01

    The paper presents the traffic control system controlled through a PLC which takes the signals from different sensors on roads. The global system developed ensures the coordination of four intersections, setting a path that respects coordination type green light, the integration of additional sensors, the implementation of probes radar to inform traffic participants about recommended speed for accessing the green state located in the intersection that will follow to cross.

  12. Data Access, Ownership, and Control: Toward Empirical Studies of Access Practices.

    Science.gov (United States)

    Hilgartner, Stephen; Brandt-Rauf, Sherry I.

    1994-01-01

    Examines how the new sociology of science can approach data access issues. A perspective is developed based on an analysis of the process of scientific production, data streams, and intellectual policy issues. (Contains 55 references.) (JLB)

  13. NASA access mechanism: Graphical user interface information retrieval system

    Science.gov (United States)

    Hunter, Judy; Generous, Curtis; Duncan, Denise

    1993-01-01

    Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited to factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.

  14. NASA Access Mechanism - Graphical user interface information retrieval system

    Science.gov (United States)

    Hunter, Judy F.; Generous, Curtis; Duncan, Denise

    1993-01-01

    Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited by factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.

  15. A Trusted Host's Authentication Access and Control Model Faced on User Action

    Institute of Scientific and Technical Information of China (English)

    ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian

    2006-01-01

    The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.

  16. Access Control in the ATLAS TDAQ Online Cluster

    CERN Document Server

    Leahu, Marius Constantin; Stoichescu, D A; Lehmann Miotto, G

    ATLAS (A Toroidal LHC Apparatus) is a general-purpose detector for studying high-energy particle interactions: it is the largest particle detector experiment at CERN and it is built around one of the interaction points of the proton beams accelerated by the Large Hadron Collider (LHC). The detector generates an impressive amount of raw data: 64 TB per second as a result of 40 MHz proton-proton collision rate with 1.6 MB data for each such event. The handling of such data rate is managed by a three levels Trigger and Data Acquisition (TDAQ) system, which filters out the events not relevant from physics research point of view and selects in the end in the order of 1000 events per second to be stored for offline analyses. This system comprises a significant number of hardware devices, software applications and human personnel to supervise the experiment operation. Their protection against damages as a result of misuse and their optimized exploitation by avoiding the conflicting accesses to resources are key requ...

  17. Guarantee of property right in opean access systems; Open access ni okeru zaisanken no hosho

    Energy Technology Data Exchange (ETDEWEB)

    Maruyama, M. [Central Research Institute of Electric Power Industry, Tokyo (Japan)

    1996-12-25

    This paper describes discussions in California of the USA and in Germany concerning the separation of transmission department and forced liberation of transmission network in private electric power companies and the guarantee of property right. In California, the state public utility committee does not have an authority to order the separation of transmission department against electric power companies. It is only the legislature that can conduct the separation of transmission department and the third party access of transmission network based on the expropriation provisions of the constitution. In Germany, the order of separation of transmission department by the readjusting authority contradicts the guarantee of property right in the constitution. The order of third party access also exceeds the range of duty accompanied with the property right, and the procedure of expropriation is necessary for its enforcement. Problems are pointed out in the case when these discussions are applied to the separation of transmission department, third party access, and distribution system in Japan. 3 refs.

  18. How Drug Control Policy and Practice Undermine Access to Controlled Medicines

    Science.gov (United States)

    Csete, Joanne; Wilson, Duncan; Fox, Edward; Wolfe, Daniel; Rasanathan, Jennifer J. K.

    2017-01-01

    Abstract Drug conventions serve as the cornerstone for domestic drug laws and impose a dual obligation upon states to prevent the misuse of controlled substances while ensuring their adequate availability for medical and scientific purposes. Despite the mandate that these obligations be enforced equally, the dominant paradigm enshrined in the drug conventions is an enforcement-heavy criminal justice response to controlled substances that prohibits and penalizes their misuse. Prioritizing restrictive control is to the detriment of ensuring adequate availability of and access to controlled medicines, thereby violating the rights of people who need them. This paper argues that the drug conventions’ prioritization of criminal justice measures—including efforts to prevent non-medical use of controlled substances—undermines access to medicines and infringes upon the right to health and the right to enjoy the benefits of scientific progress. While the effects of criminalization under drug policy limit the right to health in multiple ways, we draw on research and documented examples to highlight the impact of drug control and criminalization on access to medicines. The prioritization and protection of human rights—specifically the right to health and the right to enjoy the benefits of scientific progress—are critical to rebalancing drug policy. PMID:28630556

  19. Personal Access Satellite System (PASS) study. Fiscal year 1989 results

    Science.gov (United States)

    Sue, Miles K. (Editor)

    1990-01-01

    The Jet Propulsion Laboratory is exploring the potential and feasibility of a personal access satellite system (PASS) that will offer the user greater freedom and mobility than existing or currently planned communications systems. Studies performed in prior years resulted in a strawman design and the identification of technologies that are critical to the successful implementation of PASS. The study efforts in FY-89 were directed towards alternative design options with the objective of either improving the system performance or alleviating the constraints on the user terminal. The various design options and system issues studied this year and the results of the study are presented.

  20. Embedded controller for GEM detector readout system

    Science.gov (United States)

    Zabołotny, Wojciech M.; Byszuk, Adrian; Chernyshova, Maryna; Cieszewski, Radosław; Czarski, Tomasz; Dominik, Wojciech; Jakubowska, Katarzyna L.; Kasprowicz, Grzegorz; Poźniak, Krzysztof; Rzadkiewicz, Jacek; Scholz, Marek

    2013-10-01

    This paper describes the embedded controller used for the multichannel readout system for the GEM detector. The controller is based on the embedded Mini ITX mainboard, running the GNU/Linux operating system. The controller offers two interfaces to communicate with the FPGA based readout system. FPGA configuration and diagnostics is controlled via low speed USB based interface, while high-speed setup of the readout parameters and reception of the measured data is handled by the PCI Express (PCIe) interface. Hardware access is synchronized by the dedicated server written in C. Multiple clients may connect to this server via TCP/IP network, and different priority is assigned to individual clients. Specialized protocols have been implemented both for low level access on register level and for high level access with transfer of structured data with "msgpack" protocol. High level functionalities have been split between multiple TCP/IP servers for parallel operation. Status of the system may be checked, and basic maintenance may be performed via web interface, while the expert access is possible via SSH server. System was designed with reliability and flexibility in mind.

  1. Use of system approaches for transmission open access pricing

    Energy Technology Data Exchange (ETDEWEB)

    Rudnick, H.; Soto, M.; Palma, R. [Pontificia University Catolica de Chile, Santiago (Chile)

    1999-02-01

    The Latin American deregulated markets have based their open access schemes on a concept that considers a multilateral use of the transmission system, with all agents contributing to the financing of a common network based on physical and economic usage, irrespective of commercial arrangements. The paper describes the concept and the existing schemes and contributes with the formulation of alternative numerical approaches for open access pricing, taking into account energy and capacity use of the system by the participant agents. Distribution factors based on DC power flows are the basic elements of the formulation, which is built based on different physical and economic considerations. The approaches are numerically evaluated in the Chilean main interconnected electrical system, with a comparison of the resultant impacts on generators and consumers. (author)

  2. A TDMA based media access control protocol for wireless ad hoc networks

    Science.gov (United States)

    Yang, Qi; Tang, Biyu

    2013-03-01

    This paper presents a novel Time Division Multiplex Access (TDMA) based Media Access Control (MAC) protocol of wireless Ad Hoc network. To achieve collision free transmission, time slots in a MAC frame are cataloged into three types, that is access slot, control slot and traffic slot. Nodes in the network access to the network in the access slot, and an exclusive control is allocated subsequently. Data packets are transmission by dynamic schedule the traffic slots. Throughput and transmission delay are also analyzed by simulation experiment. The proposed protocol is capable of providing collision free transmission and achieves high throughput.

  3. 远程维修支援系统中角色访问控制策略研究%Research on Role-Based Access Control in Remote Fix and Support System

    Institute of Scientific and Technical Information of China (English)

    杨勇; 汪厚祥; 肖乾

    2008-01-01

    角色访问控制RBAC(Role-Based Access Control)是一种方便、安全、高效的访问控制机制.通过分析RBAC的总体思想和模型,介绍RBAC的特点及应用优势,针对海军驻港部队远程维修支援系统中总体设计框架,着重研究了角色访问控制机制在远程维修支援系统中的设设实现.

  4. Secured Resource Sharing in Cloud Storage using Policy based Access Control

    Directory of Open Access Journals (Sweden)

    S.Imavathy

    2014-06-01

    Full Text Available Cloud computing is a general term anything that involves delivering hosted services, Anything as a Service (AaaS, over the web on demand basis. It uses the web and central remote servers to maintain data and applications. The lack of confidence in trusting information flow(users data are usually processes remotely in unknown machines that do not owned or operated by user in cloud has become common, as users fears of losing control of their own data (like personal, professional, financial, Health. In this approach, a secured cloud storage system that achieves policy -based access control is proposed with an information accountability cloud framework to keep track of the actual usage of the clients data.The ac cess policy generated for the file controls the file accesses and policy revocation makes the file permanently inaccessible. The system is built up on a set of cryptographic key operations that are self- maintained by a set of key managers and adds security features. The access details of the data are logged and auditing also performed.

  5. An Extension for Combination of Duty Constraints in Role-Based Access Control

    CERN Document Server

    Hosseini, Ali

    2010-01-01

    Among access control models, Role Based Access Control (RBAC) is very useful and is used in many computer systems. Static Combination of Duty (SCD) and Dynamic Combination of Duty (DCD) constraints have been introduced recently for this model to handle dependent roles. These roles must be used together and can be considered as a contrary point of conflicting roles. In this paper, we propose several new types of SCD and DCD constraints. Also, we introduce strong dependent roles and define new groups of SCD constraints for these types of roles as SCD with common items and SCD with union items. In addition, we present an extension for SCD constraints in the presence of hierarchy.

  6. Medium Access Control for Wireless Sensor Networks based on Impulse Radio Ultra Wideband

    CERN Document Server

    Berthe, Abdoulaye; Dragomirescu, Daniela; Plana, Robert

    2010-01-01

    This paper describes a detailed performance evaluation of distributed Medium Access Control (MAC) protocols for Wireless Sensor Networks based on Impulse Radio Ultra Wideband (IR-UWB) Physical layer (PHY). Two main classes of Medium Access Control protocol have been considered: Slotted and UnSlotted with reliability. The reliability is based on Automatic Repeat ReQuest (ARQ). The performance evaluation is performed using a complete Wireless Sensor Networks (WSN) simulator built on the Global Mobile Information System Simulator (GloMoSim). The optimal operating parameters are first discussed for IR-UWB in terms of slot size, retransmission delay and the number of retransmission, then a comparison between IR-UWB and other transmission techniques in terms of reliability latency and power efficiency.

  7. A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

    Science.gov (United States)

    Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

    2017-01-01

    With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

  8. A threat intelligence framework for access control security in the oil industry

    Science.gov (United States)

    Alaskandrani, Faisal T.

    The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

  9. A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

    Science.gov (United States)

    Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

    2017-07-24

    With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

  10. A Model-driven Role-based Access Control for SQL Databases

    Directory of Open Access Journals (Sweden)

    Raimundas Matulevičius

    2015-07-01

    Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.

  11. Optical controlled keyboard system

    Science.gov (United States)

    Budzyński, Łukasz; Długosz, Dariusz; Niewiarowski, Bartosz; Zajkowski, Maciej

    2011-06-01

    Control systems of our computers are common devices, based on the manipulation of keys or a moving ball. Completely healthy people have no problems with the operation of such devices. Human disability makes everyday activities become a challenge and create trouble. When a man can not move his hands, the work becomes difficult or often impossible. Controlled optical keyboard is a modern device that allows to bypass the limitations of disability limbs. The use of wireless optical transmission allows to control computer using a laser beam, which cooperates with the photodetectors. The article presents the construction and operation of non-contact optical keyboard for people with disabilities.

  12. Modern tandem control systems

    Science.gov (United States)

    Lutz, J. R.; Marsaudon, J. C.

    1993-04-01

    Nowadays, tandem electrostatic accelerators can benefit greatly from the growing possibilities provided by modern control facilities. Controlling an electrostatic accelerator first requires the solution of technological problems raised by the necessity of fitting inside the tank equipment which is highly stressed by the physical environment. Then, these controls can take advantage of new techniques which appear on the market. Present computer technology provides cheap powerful workstations for efficient operator interfacing, and new modular and distributed control concepts have been developed for general use in experimental physics, in data acquisition and in control systems. The general trend towards standardization is now accepted for both hardware and software and this brings benefits to the designer and the user.

  13. Management Information Control Systems for Educational Facility Construction Programs.

    Science.gov (United States)

    Halverson, Walter S.

    1989-01-01

    Describes a computerized management information control system for an educational facility construction program that allows access to more than 50 major system applications, using over 5,000 programs. (MLF)

  14. In-home Power Line Communication Media Access Control Protocol Based on Collision Resolution

    Institute of Scientific and Technical Information of China (English)

    WANG Bo; HUANG Pei-wei; ZHONG You-ping; QI Ying-hao

    2009-01-01

    Most existing media access control (MAC) protocols in power line communication (PLC) networks just discard the colliding data packets when collision occurs. The collision deteriorates throughput and delay performance of system under high traffic conditions. This article presents a novel media access scheme with fast collision resolution for in-home power line networks. It works by first recognizing the colliding stations through detecting the inserted unique ID sequence ahead of data packets, then the source nodes retransmitting their packets immediately after the collision slot. The proposed protocol maintains the benefits of ALOHA systems. It needs no scheduling overhead and is suitable for bursty sources, such as multimedia data packets. Computer simulations have demonstrated that this approach can achieve high throughput due to its ability of resolving collisions.

  15. Incoherent optical correlators and phase encoding of identification codes for access control or authentication

    Science.gov (United States)

    Brasher, James D.; Johnson, Eric G.

    1997-09-01

    We show how phase-only filters can be used in incoherent optical correlators for security applications such as access control, identification, or authentication. As a specific example, a biometric signature, a fingerprint, is encoded in a phase-only representation. The phase encoding is accomplished with the method of generalized projections onto constraint sets implemented by an iterated Fourier transform algorithm. The operation of an incoherent optical security system using both a phase-only filter generated with the generalized projections algorithm and a phase-only matched filter is simulated. The results demonstrate that the selected access pattern was accepted while a false pattern was rejected by the security system and that better recognition and discrimination performance was attained with the phase-only filter produced by the generalized projections algorithm.

  16. Control of complex systems

    CERN Document Server

    Albertos, Pedro; Blanke, Mogens; Isidori, Alberto; Schaufelberger, Walter; Sanz, Ricardo

    2001-01-01

    The world of artificial systems is reaching complexity levels that es­ cape human understanding. Surface traffic, electricity distribution, air­ planes, mobile communications, etc. , are examples that demonstrate that we are running into problems that are beyond classical scientific or engi­ neering knowledge. There is an ongoing world-wide effort to understand these systems and develop models that can capture its behavior. The reason for this work is clear, if our lack of understanding deepens, we will lose our capability to control these systems and make they behave as we want. Researchers from many different fields are trying to understand and develop theories for complex man-made systems. This book presents re­ search from the perspective of control and systems theory. The book has grown out of activities in the research program Control of Complex Systems (COSY). The program has been sponsored by the Eu­ ropean Science Foundation (ESF) which for 25 years has been one of the leading players in stimula...

  17. Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

    Directory of Open Access Journals (Sweden)

    Hassan Rasheed

    2013-09-01

    Full Text Available Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the impact of using risk data in policy evaluation and enforcement.

  18. Evaluasi Pemanfaatan Wireless Internet Protocol Access System di Kota Malang

    Directory of Open Access Journals (Sweden)

    Ahmad Budi Setiawan

    2012-03-01

    Full Text Available WIPAS (Wireless Internet Protocol Accsess System adalah salah satu teknologi pita lebar (broadband yang terbaru. Teknologi tersebut dikembangkan berdasarkan model point-to-multipoint access system pada jaringan nirkabel tetap atau Fixed Wireless Access (FWA dengan memanfaatkan pita frekuensi 26-GHz. Dengan besarnya pita frekuensi yang digunakan, teknologi WIPAS dapat menampung kapasitas akses untuk lalu lintas jaringan yang sangat besar. Dalam penelitian ini akan dikaji dan dievaluasi efektifitas penggunaan teknologi WIPAS melalui kasus pemanfaatan teknologi WIPAS untuk pemberdayaan komunitas di kota Malang. Dalam penelitian ini juga akan dideskripsikan pemanfaatan teknologi WIPAS untuk melihat manfaat penggunaan teknologi tersebut. Penelitian ini dilakukan dengan metode kualitatif dengan melakukan evaluasi terhadap infrastruktur yang telah dibangun untuk melihat efektifitas pemanfaatan WIPAS. Hasil penelitian ini adalah sebuah kajian evaluatif tentang pemanfaatan WIPAS di kota Malang dan rekomendasi untuk implementasi lebih lanjut.

  19. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    OpenAIRE

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.

  20. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    OpenAIRE

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.

  1. Supervisory Control of Networked Control Systems

    Science.gov (United States)

    2006-01-15

    REPORT: January 15, 2006 Problem Statement: A networked control system is a control system whose feedback path is realized over a computer...theoretical bounds derived in [Ling03a]. 6. The feedback information in a networked control system is quantized due to the digital nature of

  2. 21 CFR 1311.125 - Requirements for establishing logical access control-Individual practitioner.

    Science.gov (United States)

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access... Prescriptions § 1311.125 Requirements for establishing logical access control—Individual practitioner. (a) At... his two-factor authentication credential to satisfy the logical access controls. The second...

  3. 21 CFR 1311.130 - Requirements for establishing logical access control-Institutional practitioner.

    Science.gov (United States)

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access...) Electronic Prescriptions § 1311.130 Requirements for establishing logical access control—Institutional... practitioner that enters permissions for logical access controls into the application. The...

  4. Controllability of Complex Systems

    Science.gov (United States)

    Slotine, Jean-Jacques

    2013-03-01

    We review recent work on controllability of complex systems. We also discuss the interplay of our results with questions of synchronization, and point out key directions of future research. Work done in collaboration with Yang-Yu Liu, Center for Complex Network Research and Departments of Physics, Computer Science and Biology, Northeastern University and Center for Cancer Systems Biology, Dana-Farber Cancer Institute; and Albert-László Barabási, Center for Complex Network Research and Departments of Physics, Computer Science and Biology, Northeastern University; Center for Cancer Systems Biology, Dana-Farber Cancer Institute; and Department of Medicine, Brigham and Women's Hospital, Harvard Medical School.

  5. Internet Congestion Control System

    Directory of Open Access Journals (Sweden)

    Pranoto Rusmin

    2010-10-01

    Full Text Available Internet congestion occurs when resource demands exceeds the network capacity. But, it is not the only reason. Congestion can happen on some users because some others user has higher sending rate. Then some users with lower sending rate will experience congestion. This partial congestion is caused by inexactly feedback. At this moment congestion are solved by the involvement of two controlling mechanisms. These mechanisms are flow/congestion control in the TCP source and Active Queue Management (AQM in the router. AQM will provide feedback to the source a kind of indication for the occurrence of the congestion in the router, whereas the source will adapt the sending rate appropriate with the feedback. These mechanisms are not enough to solve internet congestion problem completely. Therefore, this paper will explain internet congestion causes, weakness, and congestion control technique that researchers have been developed. To describe congestion system mechanisms and responses, the system will be simulated by Matlab.

  6. Electric turbocompound control system

    Energy Technology Data Exchange (ETDEWEB)

    Algrain, Marcelo C. (Dunlap, IL)

    2007-02-13

    Turbocompound systems can be used to affect engine operation using the energy in exhaust gas that is driving the available turbocharger. A first electrical device acts as a generator in response to turbocharger rotation. A second electrical device acts as a motor to put mechanical power into the engine, typically at the crankshaft. Apparatus, systems, steps, and methods are described to control the generator and motor operations to control the amount of power being recovered. This can control engine operation closer to desirable parameters for given engine-related operating conditions compared to actual. The electrical devices can also operate in "reverse," going between motor and generator functions. This permits the electrical device associated with the crankshaft to drive the electrical device associated with the turbocharger as a motor, overcoming deficient engine operating conditions such as associated with turbocharger lag.

  7. Wi-Fi Networks Security and Accessing Control

    Directory of Open Access Journals (Sweden)

    Tarek S. Sobh

    2013-06-01

    Full Text Available As wireless networks access gains popularity in corporate, private and personal networks, the nature of wireless networks opens up new possibilities for network attacks. This paper negotiating Wi-Fi security against scanning of rogue Wi-Fi networks and other related activities and considers the monitoring of Wi-Fi traffic effects. The unauthorized access point (AP problem has raised more attention and resulted in obtaining wireless access without subscriber permission.This work assumes Wi-Fi AP under attack specially rogue AP and/or ad-hoc client. It provides a solution for detecting and preventing this attack. In addition, it provides the required user permissions to allow/block access of the files on the user of ad-hoc client. The experiments include the rogue AP attack are maintained and the effectiveness of the proposed solution are tested.

  8. Optical label-controlled transparent metro-access network interface

    DEFF Research Database (Denmark)

    Osadchiy, Alexey Vladimirovich

    This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges...... are arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...... interfacing and signal routing. Equipment and infrastructure simplification was recognized as the path towards more efficient metropolitan and access networks providing a spectrum of high-bandwidth services to large number of users. Several approaches have been proposed and developed in order to enable...

  9. Cryogenic Control System

    Energy Technology Data Exchange (ETDEWEB)

    Goloborod' ko, S.; /Fermilab

    1989-02-27

    The control system (CS) for the cryogenic arrangement of the DO Liquid Argon Calorimeter consists of a Texas instruments 560/565 Programmable Logical Controller (PLC), two remote bases with Remote Base Controllers and a corresponding set of input/output (I/O) modules, and a PC AST Premium 286 (IBM AT Compatible). The PLC scans a set of inputs and provides a set of outputs based on a ladder logic program and PID control loops. The inputs are logic or analog (current, voltage) signals from equipment status switches or transducers. The outputs are logic or analog (current or voltage) signals for switching solenoids and positioning pneumatic actuators. Programming of the PLC is preformed by using the TISOFT2/560/565 package, which is installed in the PC. The PC communicates to the PLC through a serial RS232 port and provides operator interface to the cryogenic process using Xpresslink software.

  10. Role-based access control through on-demand classification of electronic health record.

    Science.gov (United States)

    Tiwari, Basant; Kumar, Abhay

    2015-01-01

    Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority.

  11. Can “Feature” be used to Model the Changing Access Control Policies?

    Directory of Open Access Journals (Sweden)

    K.Shantha Kumari

    2012-11-01

    Full Text Available Access control policies [ACPs] regulate the access to data and resources in information systems. These ACPs are framed from the functional requirements and the Organizational security & privacy policies. It was found to be beneficial, when the ACPs are included in the early phases of the software development leading to secure development of information systems. Many approaches are available for including the ACPs in requirements and design phase. They relied on UML artifacts, Aspects and also Feature for this purpose. But the earlier modeling approaches are limited in expressing the evolving ACPs due to organizational policy changes and business process modifications. In this paper, we analyze, whether “Feature”- defined as an increment in program functionality can be used as a modeling entity to represent the Evolving Access control requirements. We discuss the two prominent approaches that use Feature in modeling ACPs. Also we have a comparative analysis to find the suitability of Features in the context of changing ACPs. We conclude with our findings and provide directions for further research.

  12. Microprocessor control for standardized power control systems

    Science.gov (United States)

    Green, D. G.; Perry, E.

    1978-01-01

    The use of microcomputers in space-oriented power systems as a replacement for existing inflexible analog type controllers has been proposed. This study examines multiprocessor systems, various modularity concepts and presents a conceptualized power system incorporating a multiprocessor controller as well as preliminary results from a breadboard model of the proposed system.

  13. A 4D-Role Based Access Control Model for Multitenancy Cloud Platform

    Directory of Open Access Journals (Sweden)

    Jiangfeng Li

    2016-01-01

    Full Text Available Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC model. Moreover, management problems may emerge in the multitenancy platform with the increment of the number of tenants. In this paper, a novel concept of 4D-role is presented. With a detailed definition on the concept of 4D-role, a 4D-role based multitenancy model is proposed for running various applications and services in the multitenancy cloud platform. A theoretical analysis indicates that the model has the characters of tenant isolation, role hierarchy, and administration independence. The three characters are also verified by experimental evaluation. Moreover, the evaluation results indicate that the model has a good performance in using cloud resources when large-scale users are operating in the cloud platform simultaneously.

  14. Wireless Remote Control System

    Directory of Open Access Journals (Sweden)

    Adrian Tigauan

    2012-06-01

    Full Text Available This paper presents the design of a wireless remote control system based on the ZigBee communication protocol. Gathering data from sensors or performing control tasks through wireless communication is advantageous in situations in which the use of cables is impractical. An Atmega328 microcontroller (from slave device is used for gathering data from the sensors and transmitting it to a coordinator device with the help of the XBee modules. The ZigBee standard is suitable for low-cost, low-data-rate and low-power wireless networks implementations. The XBee-PRO module, designed to meet ZigBee standards, requires minimal power for reliable data exchange between devices over a distance of up to 1600m outdoors. A key component of the ZigBee protocol is the ability to support networking and this can be used in a wireless remote control system. This system may be employed e.g. to control temperature and humidity (SHT11 sensor and light intensity (TSL230 sensor levels inside a commercial greenhouse.

  15. Dynamitron control systems

    Science.gov (United States)

    Lisanti, Thomas F.

    2005-12-01

    The Dynamitron control system utilizes the latest personal computer technology in control circuitry and components. Both the DPC-2000 and newer Millennium series of control systems make use of their modular architecture in both software and hardware to keep up with customer and engineering demands. This also allows the main structure of the software to remain constant for the user while software drivers are easily changed as hardware demands are modified and improved. The system is presented as four units; the Remote I/O (Input/Output), Local Analog and Digital I/O, Operator Interface and the Main Computer. The operator is provided with a selection of many informative screen displays. The control program handles all graphic screen displays and the updating of these screens directly; it does not communicate to a display terminal. This adds to the quick response and excellent operator feedback received while operating the accelerator. The CPU also has the ability to store and record all process variable setpoints for each product that will be treated. All process parameters are printed to a report at regular intervals during a process run for record keeping.

  16. Management control system description

    Energy Technology Data Exchange (ETDEWEB)

    Bence, P. J.

    1990-10-01

    This Management Control System (MCS) description describes the processes used to manage the cost and schedule of work performed by Westinghouse Hanford Company (Westinghouse Hanford) for the US Department of Energy, Richland Operations Office (DOE-RL), Richland, Washington. Westinghouse Hanford will maintain and use formal cost and schedule management control systems, as presented in this document, in performing work for the DOE-RL. This MCS description is a controlled document and will be modified or updated as required. This document must be approved by the DOE-RL; thereafter, any significant change will require DOE-RL concurrence. Westinghouse Hanford is the DOE-RL operations and engineering contractor at the Hanford Site. Activities associated with this contract (DE-AC06-87RL10930) include operating existing plant facilities, managing defined projects and programs, and planning future enhancements. This document is designed to comply with Section I-13 of the contract by providing a description of Westinghouse Hanford's cost and schedule control systems used in managing the above activities. 5 refs., 22 figs., 1 tab.

  17. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

    Science.gov (United States)

    Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

    2014-02-01

    Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies "bridges" that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources-the ability to read and write contacts list, local files, etc.-to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign-origin Web content

  18. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks

    Science.gov (United States)

    Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

    2014-01-01

    Hybrid mobile applications (apps) combine the features of Web applications and “native” mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies “bridges” that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources—the ability to read and write contacts list, local files, etc.—to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign

  19. A human rights view on access to controlled substances for medical purposes under the international drug control framework.

    Science.gov (United States)

    Gispen, Marie Elske C

    2013-11-05

    The world is confronted with a major public health deficit caused by poor access to controlled essential medicines under the international drug control framework. This is affecting millions of patients on a daily basis and resulting in numerous human rights violations. The present review contextualises this deficit from a human rights perspective. Drug control efforts are informed by a twofold objective stemming from the double nature of scheduled substances: free access for medical purposes should be ensured, though non-medical use of substances such as opium should be restricted. The international drug control framework is, in theory, based on this twofold notion, however at the level of interpretation, monitoring, and implementation, a one-sided emphasis is demonstrated. By tracing a parallel between the obligations of states under the international drug control framework and those that derive from human rights law, the review shows that the two systems seem incoherent and conflicting in nature and flags the importance of cross-disciplinary research into drug control and human rights.

  20. Licensed Shared Access System Possibilities for Public Safety

    Directory of Open Access Journals (Sweden)

    Kalle Lähetkangas

    2016-01-01

    Full Text Available We investigate the licensed shared access (LSA concept based spectrum sharing ideas between public safety (PS and commercial radio systems. While the concept of LSA has been well developed, it has not been thoroughly investigated from the public safety (PS users’ point of view, who have special requirements and also should benefit from the concept. Herein, we discuss the alternatives for spectrum sharing between PS and commercial systems. In particular, we proceed to develop robust solutions for LSA use cases where connections to the LSA system may fail. We simulate the proposed system with different failure models. The results show that the method offers reliable LSA spectrum sharing in various conditions assuming that the system parameters are set properly. The paper gives guidelines to set these parameters.

  1. A Rewritable, Random-Access DNA-Based Storage System

    Science.gov (United States)

    Tabatabaei Yazdi, S. M. Hossein; Yuan, Yongbo; Ma, Jian; Zhao, Huimin; Milenkovic, Olgica

    2015-09-01

    We describe the first DNA-based storage architecture that enables random access to data blocks and rewriting of information stored at arbitrary locations within the blocks. The newly developed architecture overcomes drawbacks of existing read-only methods that require decoding the whole file in order to read one data fragment. Our system is based on new constrained coding techniques and accompanying DNA editing methods that ensure data reliability, specificity and sensitivity of access, and at the same time provide exceptionally high data storage capacity. As a proof of concept, we encoded parts of the Wikipedia pages of six universities in the USA, and selected and edited parts of the text written in DNA corresponding to three of these schools. The results suggest that DNA is a versatile media suitable for both ultrahigh density archival and rewritable storage applications.

  2. A Comprehensive System for Monitoring Urban Accessibility in Smart Cities.

    Science.gov (United States)

    Mora, Higinio; Gilart-Iglesias, Virgilio; Pérez-Del Hoyo, Raquel; Andújar-Montoya, María Dolores

    2017-08-09

    The present work discusses the possibilities offered by the evolution of Information and Communication Technologies with the aim of designing a system to dynamically obtain knowledge of accessibility issues in urban environments. This system is facilitated by technology to analyse the urban user experience and movement accessibility, which enabling accurate identification of urban barriers and monitoring its effectiveness over time. Therefore, the main purpose of the system is to meet the real needs and requirements of people with movement disabilities. The information obtained can be provided as a support service for decision-making to be used by city government, institutions, researchers, professionals and other individuals of society in general to improve the liveability and quality of the lives of citizens. The proposed system is a means of social awareness that makes the most vulnerable groups of citizens visible by involving them as active participants. To perform and implement the system, the latest communication and positioning technologies for smart sensing have been used, as well as the cloud computing paradigm. Finally, to validate the proposal, a case study has been presented using the university environment as a pre-deployment step in urban environments.

  3. An effective access control approach to support mobility in IPv6 networks

    Science.gov (United States)

    Peng, Xue-hai; Lin, Chuang

    2005-11-01

    Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.

  4. Identity driven Capability based Access Control (ICAC) Scheme for the Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

    2012-01-01

    Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...

  5. A New Key-lock Method for User Authentication and Access Control

    Institute of Scientific and Technical Information of China (English)

    JI Dongyao; ZHANG Futai; WANG Yumin

    2001-01-01

    We propose a new key-lock methodfor user authentication and access control based onChinese remainder theorem, the concepts of the ac-cess control matrix, key-lock-pair, time stamp, and the NS public key protocol. Our method is dynamicand needs a minimum amount of computation in thesense that it only updates at most one key/lock foreach access request. We also demonstrate how an au-thentication protocol can be integrated into the ac-cess control method. By applying a time stamp, themethod can not only withstand replay attack, butalso strengthen the authenticating mechanism, whichcould not be achieved simultaneously in previous key-lock methods.

  6. Nuclotron Control System

    Science.gov (United States)

    Volkov, V.; Gorchenko, V.; Kirichenko, A.; Kovalenko, A.; Kulikov, I.; Romanov, S.; Sveshnikov, B.; Vasilishin, B.

    1997-05-01

    The superconducting synchrotron named Nuclotron based on a miniature iron-shaped field SC-magnets was put into operation at the LHE JINR in 1993.The Nuclotron Control System (NCS) project,which is still under development,started in 1992 and has provided efficient support for the machine commissioning through all its phases.This paper presents the current status of the NCS. The control system architecture is hierarc- hical in nature and consists of two physical levels. High performance workstations,together with a general purpose server computers, are used at the top level.Workstations act as an operator consoles,while the servers provide massive disk data storage,printing utilities,a common database, program library and data exchange between Nuclotron and its experiments. The front-end level comprises as industrial com- puters equipped with I/O boards and data acquisition modules, as in- telligent CAMAC crate-controllers with embedded micro-PCs. NCS is distributed system,in which subsytems geographically separated by as much as 500 m.The total number of computers presently installed is 25. An Ethernet Local Area Network,which runs IPX/SPX and TCP/IP communi- cation protocols ,connects the console computers to the front-end le- vel and physicists workstations.

  7. Prevent Misuse of Privileges in Role-based Access Control System%基于角色的访问控制中权限滥用的限制

    Institute of Scientific and Technical Information of China (English)

    王超

    2004-01-01

    在实现基于角色访问控制(Role-Based Access control,RBAc)的系统中,由于判断程序的权限仅仅根据启动该程序的角色,故一旦该程序有安全漏洞并被攻击,入侵者就会攫取该角色的全部权限进行权限滥用.该文提出程序角色(process role)的概念,并构建出动态生成程序角色的DKPRF(Double Knowledge based Process Role Frame)框架,有效地限制了RBAC中权限的滥用.

  8. 基于角色的访问控制技术在大型系统中的应用%Application of role based safe access control in large system

    Institute of Scientific and Technical Information of China (English)

    张世明; 杨寅春

    2006-01-01

    在大型信息管理系统中,后台数据库的安全访问至关重要.通过分析基于角色的访问控制(role-based access control,RBAC)模型结构,提出并设计了大型管理系统中数据库安全访问控制的方法.使用角色定义有效地确定了不同用户在系统中的访同权限,有利于实现系统中各成员的职能分工和系统安全运行.

  9. Closed Catheter Access System Implementation in Reducing Bloodstream Infection Rate in Low Birth Weight Preterm Infants

    Directory of Open Access Journals (Sweden)

    Lily eRundjan

    2015-03-01

    Full Text Available Background Bloodstream infection (BSI is one of the significant causes of morbidity and mortality encountered in a neonatal intensive care unit (NICU, especially in developing countries. Despite the implementation of infection control practices, such as strict hand hygiene, the BSI rate in our hospital is still high. The use of a closed catheter access system to reduce BSI related to intravascular catheter has hitherto never been evaluated in our hospital. Objective To determine the effects of closed catheter access system implementation in reducing the BSI rate in preterm neonates with low birth weight.Methods Randomized clinical trial was conducted on 60 low birth weight preterm infants hospitalized in the neonatal unit at Cipto Mangunkusumo Hospital, Jakarta, Indonesia from June to September, 2013. Randomized subjects either received a closed or non-closed catheter access system. Subjects were monitored for 2 weeks for the development of BSI based on clinical signs, abnormal infection parameters, and blood culture. Results Closed catheter access system implementation gave a protective effect towards the occurrence of culture-proven BSI (relative risk 0.095, 95% CI 0.011 to 0.85, p=0.026. Risk of culture-proven BSI in the control group was 10.545 (95% CI 1.227 to 90.662, p=0.026. BSI occurred in 75% of neonates without risk factors of infection in the control group compared to none in the study group.Conclusions The use of a closed catheter access system reduced the BSI in low birth weight preterm infants. Choosing the right device design, proper disinfection of device and appropriate frequency of connector change should be done simultaneously.

  10. Open access, readership, citations: a randomized controlled trial of scientific journal publishing.

    Science.gov (United States)

    Davis, Philip M

    2011-07-01

    Does free access to journal articles result in greater diffusion of scientific knowledge? Using a randomized controlled trial of open access publishing, involving 36 participating journals in the sciences, social sciences, and humanities, we report on the effects of free access on article downloads and citations. Articles placed in the open access condition (n=712) received significantly more downloads and reached a broader audience within the first year, yet were cited no more frequently, nor earlier, than subscription-access control articles (n=2533) within 3 yr. These results may be explained by social stratification, a process that concentrates scientific authors at a small number of elite research universities with excellent access to the scientific literature. The real beneficiaries of open access publishing may not be the research community but communities of practice that consume, but rarely contribute to, the corpus of literature.

  11. Owner-Based Role-Based Access Control OB-RBAC

    NARCIS (Netherlands)

    Saffarian, Mohsen; Sadighi, Babak

    2010-01-01

    Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based admin

  12. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    NARCIS (Netherlands)

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an a

  13. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    NARCIS (Netherlands)

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an a

  14. A novel decentralized hierarchical access control scheme for the medical scenario

    DEFF Research Database (Denmark)

    Eskeland, Sigurd; Prasad, Neeli R.

    2006-01-01

    to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover...

  15. Enhancing Security and Privacy in Video Surveillance through Role-Oriented Access Control Mechanism

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim

    the explicitly stated ones due to the hierarchical relations between the attributes of different entities. We implement a prototype of the proposed mechanism and demonstrate that the access control policies using our approach may be specified via eXtensible Access Control Markup Language (XACML)....

  16. Modelling and Analysing Access Control Policies in XACML 3.0

    DEFF Research Database (Denmark)

    Ramli, Carroline Dewi Puspa Kencana

    XACML (eXtensible Access Control Markup Language) is a prominent access control language that is widely adopted both in industry and academia. XACML is an international standard in the field of information security. The problem with XACML is that its specification is described in natural language...

  17. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    NARCIS (Netherlands)

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an

  18. Design of IP Camera Access Control Protocol by Utilizing Hierarchical Group Key

    Directory of Open Access Journals (Sweden)

    Jungho Kang

    2015-08-01

    Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.

  19. Towards Voluntary Interoperable Open Access Licenses for the Global Earth Observation System of Systems (GEOSS)

    NARCIS (Netherlands)

    Onsrud, H.; Campbell, J.; Van Loenen, B.

    2010-01-01

    Access to earth observation data has become critically important for the wellbeing of society. A major impediment to achieving widespread sharing of earth observation data is lack of an operational web-wide system that is transparent and consistent in allowing users to legally access and use the ear

  20. Medium Access Control in Energy Harvesting - Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Fafoutis, Xenofon

    Control (MAC) protocols that are following the receiver-initiated paradigm of asynchronous communication. According to the receiver-initiated paradigm the communication is initiated by the receiver that states its availability to receive data through beacons. The sender is passively listening...... to the channel until it receives the beacon of interest. In this context, the dissertation begins with an in-depth survey of all the receiverinitiated MAC protocols and presents their unique optimization features, which deal with several challenges of the link layer such as mitigation of the energy consumption......-efficient features that aim to adapt the consumed energy to match the harvested energy, distribute the load with respect to the harvested energy, decrease the overhead of the communication, address the requirements for collision avoidance, prioritize urgent traffic and secure the system against beacon replay attacks...

  1. MIRADAS control system

    Science.gov (United States)

    Rosich Minguell, Josefina; Garzón Lopez, Francisco

    2012-09-01

    The Mid-resolution InfRAreD Astronomical Spectrograph (MIRADAS, a near-infrared multi-object echelle spectrograph operating at spectral resolution R=20,000 over the 1-2.5μm bandpass) was selected in 2010 by the Gran Telescopio Canarias (GTC) partnership as the next-generation near-infrared spectrograph for the world's largest optical/infrared telescope, and is being developed by an international consortium. The MIRADAS consortium includes the University of Florida, Universidad de Barcelona, Universidad Complutense de Madrid, Instituto de Astrofísica de Canarias, Institut de Física d'Altes Energies, Institut d'Estudis Espacials de Catalunya and Universidad Nacional Autónoma de México. This paper shows an overview of the MIRADAS control software, which follows the standards defined by the telescope to permit the integration of this software on the GTC Control System (GCS). The MIRADAS Control System is based on a distributed architecture according to a component model where every subsystem is selfcontained. The GCS is a distributed environment written in object oriented C++, which runs components in different computers, using CORBA middleware for communications. Each MIRADAS observing mode, including engineering, monitoring and calibration modes, will have its own predefined sequence, which are executed in the GCS Sequencer. These sequences will have the ability of communicating with other telescope subsystems.

  2. A dynamic access control method based on QoS requirement

    Science.gov (United States)

    Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang

    2013-03-01

    A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.

  3. The Study of Access Control for Service-Oriented Computing in Internet of Things

    Directory of Open Access Journals (Sweden)

    Guoping Zhang

    2012-06-01

    Full Text Available In Internet of Things, computing and processing of information is the core supporting. In this paper, we introduce “Service-Oriented Computing” to solve the computing and processing of information in IoT. However, a key challenge in service-oriented environment is the design of effective access control schemas.We put forward a model of Workflow -oriented Attributed Based Access Control (WABAC, and an access control framework based on WABAC model. WABAC model grants and adapts permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.

  4. A Fuzzy Logic Based Power Control for Wideband Code Division Multiple Access Wireless Networks

    Directory of Open Access Journals (Sweden)

    T. Ravichandran

    2012-01-01

    Full Text Available Problem statement: Resource management is one of the most important engineering issues in 3G systems where multiple traffic classes are supported each being characterized by its required Quality of Service (QoS parameters. Call Admission Control (CAC is one of the resource management functions, which regulates network access to ensure QoS provisioning. Efficient CAC is necessary for the QoS provisioning in WCDMA environment. The effective functioning of WCDMA systems is influenced by the power control utility. Approach: In this study, we propose to design a fuzzy logic based power control for Wideband Code Division Multiple Access Wireless Networks. This proposed technique is aimed at multiple services like voice, video and data for multiclass users. The fuzzy logic technique is used to estimate the optimal admissible users group inclusive of optimum transmitting power level. This technique reduces the interference level and call rejection rate. Results: By simulation results, we demonstrate that the proposed technique achieve reduced energy consumption for a cell with increased throughput. Conclusion: The proposed technique minimizes the power consumption and call rejection rate.

  5. A method to implement fine-grained access control for personal health records through standard relational database queries.

    Science.gov (United States)

    Sujansky, Walter V; Faus, Sam A; Stone, Ethan; Brennan, Patricia Flatley

    2010-10-01

    Online personal health records (PHRs) enable patients to access, manage, and share certain of their own health information electronically. This capability creates the need for precise access-controls mechanisms that restrict the sharing of data to that intended by the patient. The authors describe the design and implementation of an access-control mechanism for PHR repositories that is modeled on the eXtensible Access Control Markup Language (XACML) standard, but intended to reduce the cognitive and computational complexity of XACML. The authors implemented the mechanism entirely in a relational database system using ANSI-standard SQL statements. Based on a set of access-control rules encoded as relational table rows, the mechanism determines via a single SQL query whether a user who accesses patient data from a specific application is authorized to perform a requested operation on a specified data object. Testing of this query on a moderately large database has demonstrated execution times consistently below 100ms. The authors include the details of the implementation, including algorithms, examples, and a test database as Supplementary materials.

  6. Robust H∞ control for networked control systems

    Institute of Scientific and Technical Information of China (English)

    Ma Weiguo; Shao Cheng

    2008-01-01

    The robust H∞ control for networked control systems with both stochastic network-induced delay and data packet dropout is studied.When data are transmitted over network,the stochastic data packet dropout process can be described by a two-state Markov chain.The networked control systems with stochastic network-induced delay and data packet dropout are modeled as a discrete time Markov jump linear system with two operation modes.The sufficient condition of robust H∞ control for networked control systems stabilized by state feedback controller is presented in terms of linear matrix inequality.The state feedback controller can be constructed via the solution of a set of linear matrix inequalities.An example is given to verify the effectiveness of the method proposed.

  7. Evolutionary Games for Multiple Access Control: From Egoism to Altruism

    OpenAIRE

    Gaiech, Houssem; El-Azouzi, Rachid; Haddad, Majed; Altman, Eitan; Mabrouki, Issam

    2014-01-01

    International audience; This paper studies multiple access games within a large population of mobiles decomposed into several groups. Mobiles interfere with each other through many local interactions. We assume that each mobile (or player) cooperates with its group by taking into account the performance of its group. We parameterize the degree of cooperation which allows to cover the fully non-cooperative behavior, the fully cooperative behavior, and even more, the fully altruistic behavior, ...

  8. Internal Control, Auditing, and the Automated Acquisitions System.

    Science.gov (United States)

    Hawks, Carol Pitts

    1990-01-01

    Discusses issues and procedures involved in auditing the automated acquisitions system at Ohio State University Libraries. The audit process is explained, internal controls within the system are identified, general control mechanisms such as limited electronic access are discussed, and application control mechanisms that relate to specific…

  9. Internal Control, Auditing, and the Automated Acquisitions System.

    Science.gov (United States)

    Hawks, Carol Pitts

    1990-01-01

    Discusses issues and procedures involved in auditing the automated acquisitions system at Ohio State University Libraries. The audit process is explained, internal controls within the system are identified, general control mechanisms such as limited electronic access are discussed, and application control mechanisms that relate to specific…

  10. Requirements and Challenges of Location-Based Access Control in Healthcare Emergency Response

    DEFF Research Database (Denmark)

    Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel

    2009-01-01

    Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC), are not suf......Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC......), are not sufficient to address the new challenges introduced by these location-based applications. Several recent research efforts have enhanced RBAC with spatio-temporal features. Nevertheless, the state-of-the-art does not deal with mobility of both subjects and objects and does not support the utilization...... of complex access control decisions based on spatio-temporal relationships among subjects and objects. Furthermore, such relationships change frequently in dynamic environments, requiring efficient mechanisms to monitor and re-evaluate access control decisions. In this position paper, we present a healthcare...

  11. An application-layer based centralized information access control for VPN

    Institute of Scientific and Technical Information of China (English)

    OUYANG Kai; ZHOU Jing-li; XIA Tao; YU Sheng-sheng

    2006-01-01

    With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the internal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that ifone vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem.To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC-the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC's constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.

  12. A Flexible Component based Access Control Architecture for OPeNDAP Services

    Science.gov (United States)

    Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank

    2010-05-01

    Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC

  13. A General Attribute and Rule Based Role-Based Access Control Model

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.

  14. Operational experience with the CEBAF control system

    Energy Technology Data Exchange (ETDEWEB)

    Hovater, C.; Chowdhary, M.; Karn, J.; Tiefenback, M.; Zeijts, J. van; Watson, W.

    1996-10-01

    The CEBAF accelerator at Thomas Jefferson National Accelerator Facility (Jefferson Lab) successfully began its experimental nuclear physics program in November of 1995 and has since surpassed predicted machine availability. Part of this success can be attributed to using the EPICS (Experimental Physics and Industrial Control System) control system toolkit. The CEBAF control system is one of the largest accelerator control system now operating. It controls approximately 338 SRF cavities, 2,300 magnets, 500 beam position monitors and other accelerator devices, such as gun hardware and other beam monitoring devices. All told, the system must be able to access over 125,000 database records. The system has been well received by both operators and the hardware designers. The EPICS utilities have made the task of troubleshooting systems easier. The graphical and test-based creation tools have allowed operators to custom build control screens. In addition, the ability to integrate EPICS with other software packages, such as Tcl/Tk, has allowed physicists to quickly prototype high-level application programs, and to provide GUI front ends for command line driven tools. Specific examples of the control system applications are presented in the areas of energy and orbit control, cavity tuning and accelerator tune up diagnostics.

  15. Closed-Loop Tension Control System for Injection Moulding Machine

    African Journals Online (AJOL)

    Closed-Loop Tension Control System for Injection Moulding Machine. ... Open Access DOWNLOAD FULL TEXT ... it demonstrated a new technological advancement and the theory of moulding which prevents possible spillage occurrences.

  16. Accessibility of a Destination-Based Transportation System: A Large Airport Study

    Institute of Scientific and Technical Information of China (English)

    SHI Jing; YING Xiwen

    2008-01-01

    The accessibility of a destination-based transportation system is defined to quantify the perform-ance of transportation systems which access a distinct destination. The access cost is used to reflect the utility of the transportation system including the fatigue and inconvenience in the total cost. The cost is quan-tified by two coefficients which represent the different characteristics of various people. The average cost and the income-relative accessibility are used to describe various aspects of the accessibility and to evaluate the accessibility of a destination-based system. A case study uses data from the Kunming transpor-tation system to evaluate the accessibility of the present city airport. The calibrated coefficients are then used to evaluate the transportation system to the new Kunming international airport. The results show that this transportation accessibility evaluation can be combined with transportation planning to study transporta-tion sub-systems.

  17. Fire Source Accessibility of Water Mist Fire Suppression Improvement through Flow Method Control

    Energy Technology Data Exchange (ETDEWEB)

    Jung, Jun Ho; Kim, Hyeong Taek; Kim, Yun Jung; Park, Mun Hee [KHNP CRI, Daejeon (Korea, Republic of)

    2013-10-15

    Recently, nuclear power plants set CO{sub 2} fire suppression system. However it is hard to establish and to maintain and it also has difficulties performing function test. Therefore, it needs to develop a new fire suppression system to replace the existing CO{sub 2} fire suppression systems in nuclear power plant. In fact, already, there exist alternatives - gas fire suppression system or clean fire extinguishing agent, but it is hard to apply because it requires a highly complicated plan. However, water mist fire suppression system which has both water system and gas system uses small amount of water and droplet, so it is excellent at oxygen displacement and more suitable for nuclear power plant because it can avoid second damage caused by fire fighting water. This paper explains about enclosure effect of water mist fire suppression. And it suggests a study direction about water mist fire source approach improvement and enclosure effect improvement, using flow method control of ventilation system. Water mist fire suppression can be influenced by various variable. And flow and direction of ventilation system are important variable. Expectations of the plan for more fire source ventilation system is as in the following. It enhances enclosure effects of water mists, so it improves extinguish performance. Also the same effect as a inert gas injection causes can be achieved. Lastly, it is considered that combustible accessibility of water mists will increase because of descending air currents.

  18. Bluetooth Navigation System using Wi-Fi Access Points

    CERN Document Server

    Agrawal, Rohit

    2012-01-01

    There have been various navigation and tracking systems being developed with the help of technologies like GPS, GSM, Bluetooth, IR, Wi-Fi and Radar. Outdoor positioning systems have been deployed quite successfully using GPS but positioning systems for indoor environments still do not have widespread deployment due to various reasons. Most of these use only a single technology for positioning but using more than one in cooperation with each other is always advantageous for obtaining greater accuracy. Particularly, the ones which use Bluetooth are better since they would enhance the scalability of such a system because of the fact that this technology is in use by the common people so it would always be easy to track them. Moreover it would also reduce the hardware installation cost to some extent. The system that has been introduced here uses Bluetooth primarily for positioning and tracking in combination with Wi-Fi access points. The reason that makes the commercial application of such a system easier and ch...

  19. Hentschel random access tracking system HSG 84.30

    Science.gov (United States)

    Zamzow, Heinz

    1990-08-01

    The development of the Random Access Tracking System was initiated at the University of Muenster, Department of Orthopaedic Physiology by Dr. Theysohn. This system is a real-time high-speed and high-resolution multi-point tracking system. The moving objects are identified with retro-reflective markers which are illuminated by halogen spotlights placed around the camera lens. The video interface generates deflection signals which are fed to unique Random Access Cameras manufactured by Hamamatsu Corporation. These signals perform high speed window scanning and can sample up to 7,500 markers per second. Under certain circumstances this can be increased to 15,000 markers per second. From 1 to 126 markers can be detected in a line scan search mode. Window size may be varied in steps from 0.5% to 4.0% of the field of view. Using a small window it is possible to obtain 1 part in 32,768 in each direction of the field of view. The raw data are reduced to 2-D centroids of the targets. On-line data storage and display are possible using an industry-standard ATPC with DMA interface. Real-time feed-back is also possible. The video interface provides for off-line 3-D reconstructions using the data from two or more synchronized cameras. The system can be adapted to meet the needs of particular applications by modifying sample-rate, data transfer rate, and the number and the dimensions of the windows.

  20. Design of a Distributed Personal Information Access Control Scheme for Secure Integrated Payment in NFC

    Directory of Open Access Journals (Sweden)

    Jungho Kang

    2015-06-01

    Full Text Available At the center of core technologies for a future cyber world, such as Internet of Things (IoT or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC-based electronic payments. Near-field Communication (NFC integrated payment services collect the payment information of the credit card and the location information to generate patterns in the user’s consumption or movement through big data technology. Based on such pattern information, tailored services, such as advertisement, are offered to users. However, there is difficulty in controlling access to personal information, as there is a collaborative relationship focused on the trusted service manager (TSM that is close knit to shared personal information. Moreover, in the case of Hadoop, among the many big data analytical technologies, it offers access control functions, but not a way to authorize the processing of personal information, making it impossible to grant authority between service providers to process information. As such, this paper proposes a key generation and distribution method, as well as a secure communication protocol. The analysis has shown that the efficiency was greater for security and performance compared to relation works.

  1. FPGA based Smart Wireless MIMO Control System

    Science.gov (United States)

    Usman Ali, Syed M.; Hussain, Sajid; Akber Siddiqui, Ali; Arshad, Jawad Ali; Darakhshan, Anjum

    2013-12-01

    In our present work, we have successfully designed, and developed an FPGA based smart wireless MIMO (Multiple Input & Multiple Output) system capable of controlling multiple industrial process parameters such as temperature, pressure, stress and vibration etc. To achieve this task we have used Xilin x Spartan 3E FPGA (Field Programmable Gate Array) instead of conventional microcontrollers. By employing FPGA kit to PC via RF transceivers which has a working range of about 100 meters. The developed smart system is capable of performing the control task assigned to it successfully. We have also provided a provision to our proposed system that can be accessed for monitoring and control through the web and GSM as well. Our proposed system can be equally applied to all the hazardous and rugged industrial environments where a conventional system cannot work effectively.

  2. Hybrid Solution for Privacy-Preserving Access Control for Healthcare Data

    Directory of Open Access Journals (Sweden)

    SMITHAMOL, M. B.

    2017-05-01

    Full Text Available The booming in cloud and IoT technologies has accelerated the growth of healthcare system. The IoT devices monitor the patient's health, and upload collected data as Electronic Medical Records (EMRs to the cloud for storage and sharing. Outsourcing EMRs to the cloud introduce new security and privacy challenges. In this paper, we proposed a novel architecture ensuring security and privacy for the outsourced health records. The proposed model uses partially ordered set (POSET for constructing the group based access structure and Ciphertext-Policy Attribute-Based Encryption (CP-ABE to provide fine-grained EMR access control. The modified group based CP-ABE (G-CP-ABE minimizes the computational overhead by reducing the number of leaf nodes in the access tree. Also, the proposed G-CP-ABE framework merges symmetric encryption and CP-ABE scheme to minimize the overall encryption time. As a result, G-CP-ABE can be used to monitor health conditions even from a resource constrained IoT device. The performance analysis shows the efficiency of the proposed model, making it suitable for practical use.

  3. Concept and System of Personification Control System

    Institute of Scientific and Technical Information of China (English)

    Bai,Fengshuang; Yin,Yixin; Tu,Xuyan; Zhang,Ying

    2006-01-01

    This paper provides the system and conception of the Personification Control System (PCS) on the basis of Intelligent Control System based on Artificial life (ICS/AL), Artificial Emotion, Humanoid Control, and Intelligent Control System based on Field bus. According to system science and deciding of organize of biology, the Pyramid System of PCS are created. Then Pyramid System of PCS which is made up of PCS1/H, PCS1/S, PCS1/O, PCS1/C and PCS1/G is described.

  4. Guaranteed cost control for networked control systems

    Institute of Scientific and Technical Information of China (English)

    Linbo XIE; Huajing FANG; Ying ZHENG

    2004-01-01

    The guaranteed cost control problem for networked control systems (NCSs) is addressed under communication constraints and varying sampling rate. First of all, a simple information-scheduling scheme is presented to describe the scheduling approach of system signals in NCSs. Then, based on such a scheme and given sampling method, the design procedure in dynamic output feedback manner is also derived which renders the closed loop system to be asymptotically stable and guarantees an upper bound of the LQ performance cost function.

  5. Optically controlled welding system

    Science.gov (United States)

    Gordon, Stephen S. (Inventor)

    1989-01-01

    An optically controlled welding system (10) wherein a welding torch (12) having through-the-torch viewing capabilities is provided with an optical beam splitter (56) to create a transmitted view and a reflective view of a welding operation. These views are converted to digital signals which are then processed and utilized by a computerized robotic welder (15) to make the welding torch responsive thereto. Other features includes an actively cooled electrode holder (26) which minimizes a blocked portion of the view by virtue of being constructed of a single spoke or arm (28) and a weld pool contour detector (14) comprising a laser beam directed onto the weld pool with the position of specular radiation reflected therefrom being characteristic of a penetrated or unpenetrated condition of the weld pool.

  6. Fertility effects of abortion and birth control pill access for minors.

    Science.gov (United States)

    Guldi, Melanie

    2008-11-01

    This article empirically assesses whether age-restricted access to abortion and the birth control pill influence minors' fertility in the United States. There is not a strong consensus in previous literature regarding the relationship between laws restricting minors' access to abortion and minors' birth rates. This is the first study to recognize that state laws in place prior to the 1973 Roe v. Wade decision enabled minors to legally consent to surgical treatment-including abortion-in some states but not in others, and to construct abortion access variables reflecting this. In this article, age-specific policy variables measure either a minor's legal ability to obtain an abortion or to obtain the birth control pill without parental involvement. I find fairly strong evidence that young women's birth rates dropped as a result of abortion access as well as evidence that birth control pill access led to a drop in birth rates among whites.

  7. Multicopter control with Navio using REX control system

    Science.gov (United States)

    Golembiovsky, Matej; Dedek, Jan; Ozana, Stepan

    2017-06-01

    This article deals with study of possible connection of the REXcontrols platform with Raspberry Pi based control system and Navio2 expansion board. This board is designed for development of autonomous robotic platforms type car, plane or multicopter. In this article, control system REXcontrols is introduced and its integration possibilities for control board Navio2 are discussed. The main discussed aspects are communication possibilities of the REXcontrols system with external scripts which further on allow control of this board. The main reasons for this undertaking are vast possibilities of archiving, visualization, signal processing and control which REXcontrols system allows. The control itself of the navio2 board is done through numerous interfaces. Specifically it is a pair of SPI data buses, an I2C data bus, UART and multiple GPIO pins. However, since REXcontrols control system has only limited access to these data buses, it is necessary to establish the communication through external scripts. For this purpose REXcontrols is equipped with mechanisms; SILO, EPC and REXLANG which are described in the article. Due to its simple implementation into REXcontrols and the option to utilize available libraries for communication with Navio2 board in external script, an EPC block was selected for the final implementation.

  8. Framework for monitoring equity in access and health systems ...

    African Journals Online (AJOL)

    paper, proposes a framework for monitoring equity in access and health .... get additional data through in—depth and qualitative studies. Equity and health .... characteristics of HIV infected patients seeking care in relation to access to the Drug ...

  9. A Distributed Architecture for Sharing Ecological Data Sets with Access and Usage Control Guarantees

    DEFF Research Database (Denmark)

    Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres

    2014-01-01

    and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....

  10. Computer Program Development Specification Terminal Access Controller. Appendix B. Access Line Modes.

    Science.gov (United States)

    1979-04-06

    CG-510262 Part 1 of 2 6 April 1979 Page B17 iS U £ 44 0 o a, U, 00 0 ,.- C 2 50 St -: 2-, CG-510262 Part 1 of 2 6 April 1979 Page B18 00 0 0 0 4 4 0...receipt of RM as the response to a block and acknowledged wit , receive control character ACK2. CAN is never transmitted wit’iin t-ne text portion of a

  11. Coordination control of distributed systems

    CERN Document Server

    Villa, Tiziano

    2015-01-01

    This book describes how control of distributed systems can be advanced by an integration of control, communication, and computation. The global control objectives are met by judicious combinations of local and nonlocal observations taking advantage of various forms of communication exchanges between distributed controllers. Control architectures are considered according to  increasing degrees of cooperation of local controllers:  fully distributed or decentralized controlcontrol with communication between controllers,  coordination control, and multilevel control.  The book covers also topics bridging computer science, communication, and control, like communication for control of networks, average consensus for distributed systems, and modeling and verification of discrete and of hybrid systems. Examples and case studies are introduced in the first part of the text and developed throughout the book. They include: control of underwater vehicles, automated-guided vehicles on a container terminal, contro...

  12. Division 1137 property control system

    Energy Technology Data Exchange (ETDEWEB)

    Pastor, D.J.

    1982-01-01

    An automated data processing property control system was developed by Mobile and Remote Range Division 1137. This report describes the operation of the system and examines ways of using it in operational planning and control.

  13. Generic device controller for accelerator control systems

    Energy Technology Data Exchange (ETDEWEB)

    Mariotti, R.; Buxton, W.; Frankel, R.; Hoff, L.

    1987-01-01

    A new distributed intelligence control system has become operational at the AGS for transport, injection, and acceleration of heavy ions. A brief description of the functionality of the physical devices making up the system is given. An attempt has been made to integrate the devices for accelerator specific interfacing into a standard microprocessor system, namely, the Universal Device Controller (UDC). The main goals for such a generic device controller are to provide: local computing power; flexibility to configure; and real time event handling. The UDC assemblies and software are described. (LEW)

  14. Method for Evaluation of Outage Probability on Random Access Channel in Mobile Communication Systems

    Science.gov (United States)

    Kollár, Martin

    2012-05-01

    In order to access the cell in all mobile communication technologies a so called random-access procedure is used. For example in GSM this is represented by sending the CHANNEL REQUEST message from Mobile Station (MS) to Base Transceiver Station (BTS) which is consequently forwarded as an CHANNEL REQUIRED message to the Base Station Controller (BSC). If the BTS decodes some noise on the Random Access Channel (RACH) as random access by mistake (so- called ‘phantom RACH') then it is a question of pure coincidence which èstablishment cause’ the BTS thinks to have recognized. A typical invalid channel access request or phantom RACH is characterized by an IMMEDIATE ASSIGNMENT procedure (assignment of an SDCCH or TCH) which is not followed by sending an ESTABLISH INDICATION from MS to BTS. In this paper a mathematical model for evaluation of the Power RACH Busy Threshold (RACHBT) in order to guaranty in advance determined outage probability on RACH is described and discussed as well. It focuses on Global System for Mobile Communications (GSM) however the obtained results can be generalized on remaining mobile technologies (ie WCDMA and LTE).

  15. Enhancing Subject Access to OPACs: Controlled Vocabulary vs. Natural Language.

    Science.gov (United States)

    Cousins, Shirley Anne

    1992-01-01

    Investigation of retrieval performance of controlled vocabulary derived from natural language terms in tables of contents and book indexes assumed that controlled vocabulary representative of users' queries should adequately represent documents' contents. Queries were indexed using Library of Congress Subject Headings (LSCH), Dewey Decimal…

  16. On Restructurable Control System Theory

    Science.gov (United States)

    Athans, M.

    1983-01-01

    The state of stochastic system and control theory as it impacts restructurable control issues is addressed. The multivariable characteristics of the control problem are addressed. The failure detection/identification problem is discussed as a multi-hypothesis testing problem. Control strategy reconfiguration, static multivariable controls, static failure hypothesis testing, dynamic multivariable controls, fault-tolerant control theory, dynamic hypothesis testing, generalized likelihood ratio (GLR) methods, and adaptive control are discussed.

  17. LINEAR-DISPERSION DIVISION MULTIPLE-ACCESS FOR MIMO SYSTEMS

    Institute of Scientific and Technical Information of China (English)

    Deng Dan; Lv Xingzai; Zhu Jinkang

    2008-01-01

    Comprehensive study on novel Linear-Dispersion Division Multiple-Access (LDDMA) for multi-user uplink Multiple-Input Multiple-Output (MIMO) systems is proposed. In the new multi- plexing scheme, each user's information symbol is dispersed by a User-Specific Matrix (USM) both in space and time domain and linearly combined at base-station side. And a simple random search al- gorithm, based on capacity maximization criteria, is developed to generate a bank of USMs. Simulation results are presented to demonstrate the advantages of LDDMA. When the Bit Error Rate (BER) reaches 10, the performance gains are 3dB and 5dB, compared with Time-Division Linear Dispersion Codes (TD-LDC) and BLAST, respectively.

  18. Enforcing Access Control in Virtual Organizations Using Hierarchical Attribute-Based Encryption

    CERN Document Server

    Asim, Muhammad; Petkovic, Milan; Trivellato, Daniel; Zannone, Nicola

    2012-01-01

    Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hierarchical attribute-based encryption (D-HABE) scheme that allows the institutions in a virtual organization to encrypt information according to an attribute-based policy in such a way that only users with the appropriate attributes can decrypt it. In addition, we introduce a key management scheme that determines which user is entitled to receive which attribute key from which domain authority.

  19. Spectrum sharing in cognitive radio networks medium access control protocol based approach

    CERN Document Server

    Pandit, Shweta

    2017-01-01

    This book discusses the use of the spectrum sharing techniques in cognitive radio technology, in order to address the problem of spectrum scarcity for future wireless communications. The authors describe a cognitive radio medium access control (MAC) protocol, with which throughput maximization has been achieved. The discussion also includes use of this MAC protocol for imperfect sensing scenarios and its effect on the performance of cognitive radio systems. The authors also discuss how energy efficiency has been maximized in this system, by applying a simple algorithm for optimizing the transmit power of the cognitive user. The study about the channel fading in the cognitive user and licensed user and power adaption policy in this scenario under peak transmit power and interference power constraint is also present in this book.

  20. CONTROLLABILITY OF IOTA-2-SYSTEMS

    NARCIS (Netherlands)

    FAGNANI, F; WILLEMS, JC

    1992-01-01

    This paper is devoted to an investigation of controllability and almost controllability of l2-systems. These concepts are defined in terms of the possibility of steering one system trajectory to another. It is proved that a controllable l2-system always has finite memory The main result on almost co

  1. Access to Papanicolaou Test by the Unified Health System users

    Directory of Open Access Journals (Sweden)

    Vanessa Franco de Carvalho

    2016-01-01

    Full Text Available Objective: to understand how is the access to the public health service users in the Papanicolaou Test. Methods: qualitative study, with 52 women who have changes in the Pap smear exam, questioning the exam achievement frequency and the difficulties of its access and the consultations. It was developed a thematic analysis based on the Fekete accessibility reference. Results: three categories emerged: access to information on the frequency of Pap smears, highlighting the completion of the examination linked only to the professional application; access to Pap smears, in which most women do not have difficulty; access to a return visit, showing the difficulty of women getting back into service after the exam. Conclusion: most women have easy access to the Pap smear. However, there are limitations on the return visit, hindering to establish immediate actions to the beginning of treatment.

  2. Access to Papanicolaou Test by the Unified Health System users

    Directory of Open Access Journals (Sweden)

    Vanessa Franco de Carvalho

    2016-05-01

    Full Text Available Objective: to understand how is the access to the public health service users in the Papanicolaou Test. Methods: qualitative study, with 52 women who have changes in the Pap smear exam, questioning the exam achievement frequency and the difficulties of its access and the consultations. It was developed a thematic analysis based on the Fekete accessibility reference. Results: three categories emerged: access to information on the frequency of Pap smears, highlighting the completion of the examination linked only to the professional application; access to Pap smears, in which most women do not have difficulty; access to a return visit, showing the difficulty of women getting back into service after the exam. Conclusion: most women have easy access to the Pap smear. However, there are limitations on the return visit, hindering to establish immediate actions to the beginning of treatment.

  3. Networked control of microgrid system of systems

    Science.gov (United States)

    Mahmoud, Magdi S.; Rahman, Mohamed Saif Ur; AL-Sunni, Fouad M.

    2016-08-01

    The microgrid has made its mark in distributed generation and has attracted widespread research. However, microgrid is a complex system which needs to be viewed from an intelligent system of systems perspective. In this paper, a network control system of systems is designed for the islanded microgrid system consisting of three distributed generation units as three subsystems supplying a load. The controller stabilises the microgrid system in the presence of communication infractions such as packet dropouts and delays. Simulation results are included to elucidate the effectiveness of the proposed control strategy.

  4. LAPAROSCOPIC SALPINGECTOMY IN TWO CAPTIVE LEOPARDS (PANTHERA PARDUS) USING A SINGLE PORTAL ACCESS SYSTEM.

    Science.gov (United States)

    Hartman, Marthinus J; Monnet, Eric; Kirberger, Robert M; Schoeman, Johan P

    2015-12-01

    Laparoscopic salpingectomy was performed in two adult leopards (Panthera pardus) using a single portal access system, with a multicannulated single-incision laparoscopic surgery port, without any complications. The poorly developed ovarian bursa provided easy access to the uterine tube for salpingectomy. Laparoscopic salpingectomy can be safely performed in the leopard using a single portal access system.

  5. 77 FR 26789 - Certain Semiconductor Chips Having Synchronous Dynamic Random Access Memory Controllers and...

    Science.gov (United States)

    2012-05-07

    ... From the Federal Register Online via the Government Publishing Office ] INTERNATIONAL TRADE COMMISSION Certain Semiconductor Chips Having Synchronous Dynamic Random Access Memory Controllers and Products Containing Same; Determination Rescinding the Exclusion Order and Cease and Desist Orders...

  6. The Design of the M-B-Quadro Optical Switch and Its Access Control Strategies

    Institute of Scientific and Technical Information of China (English)

    2003-01-01

    This paper proposes a new simple contention resolution switching architecture, M-B-Quadro, and its underlying access control strategies. By incorporating delay and buffer lines, the switching node can effectively obtain very low packet deflection probability.

  7. Security analysis and improvements of authentication and access control in the Internet of Things.

    Science.gov (United States)

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-08-13

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

  8. Stability of multiple access network control schemes with carrier sensing and exponential backoff

    Science.gov (United States)

    Barany, Ernest; Krupa, Maciej

    2006-05-01

    A new approach to determine the stability of multiple access network control schemes is presented. A “busy” network (the precise meaning of the term “busy” will be presented in the text) is modelled as a switched single-server hybrid dynamical system whose switching laws are stochastic and are based on typical multiple access network control protocols such as ALOHA and ethernet. The techniques are used to compute the critical ratio of traffic production per network node to total available bandwidth that ensures that data packets will not accumulate unboundedly in waiting queues at each node. This is a measure of stability of the network and is an emergent, global, property determined by decentralized, autonomous behavior of each node. The behavior of each individual node is regarded as “microscopic” and the collective behavior of the network as a whole are emergent consequences of such microscopic laws. The results follow from the stationary distribution property of ergodic Markov chains.

  9. Distributed Medium Access Control with SDMA Support for WLANs

    Science.gov (United States)

    Zhou, Sheng; Niu, Zhisheng

    With simultaneous multi-user transmissions, spatial division multiple access (SDMA) provides substantial throughput gain over the single user transmission. However, its implementation in WLANs with contention-based IEEE 802.11 MAC remains challenging. Problems such as coordinating and synchronizing the multiple users need to be solved in a distributed way. In this paper, we propose a distributed MAC protocol for WLANs with SDMA support. A dual-mode CTS responding mechanism is designed to accomplish the channel estimation and user synchronization required for SDMA. We analytically study the throughput performance of the proposed MAC, and dynamic parameter adjustment is designed to enhance the protocol efficiency. In addition, the proposed MAC protocol does not rely on specific physical layer realizations, and can work on legacy IEEE 802.11 equipment with slight software updates. Simulation results show that the proposed MAC outperforms IEEE 802.11 significantly, and that the dynamic parameter adjustment can effectively track the load variation in the network.

  10. Smart packet access and call admission control for efficient resource management in advanced wireless networks

    OpenAIRE

    Phan, V. V. (Vinh V.)

    2005-01-01

    Abstract Efficient management of rather limited resources, including radio spectrum and mobile-terminal battery power, has been the fundamental design challenge of wireless networks and one of the most widespread research problems over the years. MAC (Medium Access Control) for packet access and CAC (Call Admission Control) for connection-oriented service domains are commonly used as effective tools to manage radio resources, capacity and performance of wireless networks while providing ad...

  11. Intelligent Security Auditing Based on Access Control of Devices in Ad Hoc Network

    Institute of Scientific and Technical Information of China (English)

    XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying

    2006-01-01

    Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.

  12. Springfield Processing Plant* (A Hypothetical Facility) SPP, Entry Control Point and Vehicle Gate Access Control Post Order

    Energy Technology Data Exchange (ETDEWEB)

    Baum, Gregory A. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

    2014-06-01

    This hypothetical order provides the requirements and instructions for the Springfield Processing Plant (SPP) Vehicle Gate and Entry Control Point (ECP) in the perimeter access building. The purpose of this post is to prevent the theft, sabotage or diversion of nuclear material (NM), control access and exit at the protected area, and to respond to emergencies according the SPP Guard Force (GF) Contingency Plan and as directed by a Guard Force Supervisor.

  13. System for controlling apnea

    Science.gov (United States)

    Holzrichter, John F

    2015-05-05

    An implanted stimulation device or air control device are activated by an external radar-like sensor for controlling apnea. The radar-like sensor senses the closure of the air flow cavity, and associated control circuitry signals (1) a stimulator to cause muscles to open the air passage way that is closing or closed or (2) an air control device to open the air passage way that is closing or closed.

  14. Unifying the Access Control Mechanism for the Enterprises Using XACML Policy Levels

    Directory of Open Access Journals (Sweden)

    N. Senthil Kumar

    2015-11-01

    Full Text Available —Many enterprises have intended to promote their applications with stern access control mechanism and yield the stringent authorization deployment in their individual proprietary manner. The development of this build up will result in tight coupling of authorization mechanisms within the enterprise applications. In many enterprises setup, the implicit authorization processes are embedded within the application and promote error prone accessing of requested policies. This sort of embedded authorization will let the users to carry out the specific actions without knowing the access control policy as well as its embedded setup with the help of third party involvement. But this approach has some serious effects in controlling the issues such as skipping the trust based applications, violates the policy setups and pave the way to exploit the authorized data to the end users. Many enterprises had faced serious problem in controlling its sensitive data from this implicit authorization decisions and hence decided to develop a security mechanism which can be totally controlled by centralized way of access policy. Therefore, the eXtensible Access Control Markup Language (XACML provides a very simple and powerful remedy for authorization mechanism and for the access policy set ups.

  15. Secure access control to hidden data by biometric features

    Science.gov (United States)

    Cancellaro, M.; Carli, M.; Egiazarian, K.; Neri, A.

    2007-04-01

    In this paper, a novel authentications system combining biometric cryptosystems with digital watermarking is presented. One of the main vulnerabilities of the existing data hiding systems is the public knowledge of the embedding domain. We propose the use of biometric data, minutiae fingerprint set, for generating the encryption key needed to decompose an image in the Tree structured Haar transform. The uniqueness of the biometrics key together with other, embedded, biometric information guarantee the authentication of the user. Experimental tests show the effectiveness of the proposed system.

  16. Compact Wireless Access Nodes for WDM Bidirectional Radio-over-Fiber System Based on RSOA

    DEFF Research Database (Denmark)

    Yu, Xianbin; Gibbon, Timothy Braidwood; Tafur Monroy, Idelfonso

    2009-01-01

    We demonstrate a RSOA based WDM radio-over-fiber, bidirectional system for wireless access networks. The multi-functionalities of a RSOA, such as colorless operation, re-modulation and envelope detection, make wireless access nodes more compact.......We demonstrate a RSOA based WDM radio-over-fiber, bidirectional system for wireless access networks. The multi-functionalities of a RSOA, such as colorless operation, re-modulation and envelope detection, make wireless access nodes more compact....

  17. A Brief Survey of Media Access Control, Data Link Layer, and Protocol Technologies for Lunar Surface Communications

    Science.gov (United States)

    Wallett, Thomas M.

    2009-01-01

    This paper surveys and describes some of the existing media access control and data link layer technologies for possible application in lunar surface communications and the advanced wideband Direct Sequence Code Division Multiple Access (DSCDMA) conceptual systems utilizing phased-array technology that will evolve in the next decade. Time Domain Multiple Access (TDMA) and Code Division Multiple Access (CDMA) are standard Media Access Control (MAC) techniques that can be incorporated into lunar surface communications architectures. Another novel hybrid technique that is recently being developed for use with smart antenna technology combines the advantages of CDMA with those of TDMA. The relatively new and sundry wireless LAN data link layer protocols that are continually under development offer distinct advantages for lunar surface applications over the legacy protocols which are not wireless. Also several communication transport and routing protocols can be chosen with characteristics commensurate with smart antenna systems to provide spacecraft communications for links exhibiting high capacity on the surface of the Moon. The proper choices depend on the specific communication requirements.

  18. Managing the inventory control system.

    Science.gov (United States)

    Daniels, C E

    1985-02-01

    The four functions of management--planning, organizing, directing, and controlling--are described in relation to the hospital pharmacy inventory control system. Planning includes the development of inventory system objectives and identification of the resources needed to complete them. Organizing requires the manager to decide on the best method of grouping system activities and resources to complete the objectives in order of priority. Directing is a continual activity that involves obtaining optimal performance from the inventory system resources available. Controlling consists of regulation and verification of inventory system activities. The effective inventory system manager integrates planning, organizing, directing, and controlling in a continuous cycle.

  19. Hybrid spacecraft attitude control system

    Directory of Open Access Journals (Sweden)

    Renuganth Varatharajoo

    2016-02-01

    Full Text Available The hybrid subsystem design could be an attractive approach for futurespacecraft to cope with their demands. The idea of combining theconventional Attitude Control System and the Electrical Power System ispresented in this article. The Combined Energy and Attitude ControlSystem (CEACS consisting of a double counter rotating flywheel assemblyis investigated for small satellites in this article. Another hybrid systemincorporating the conventional Attitude Control System into the ThermalControl System forming the Combined Attitude and Thermal ControlSystem (CATCS consisting of a "fluid wheel" and permanent magnets isalso investigated for small satellites herein. The governing equationsdescribing both these novel hybrid subsystems are presented and theironboard architectures are numerically tested. Both the investigated novelhybrid spacecraft subsystems comply with the reference missionrequirements.The hybrid subsystem design could be an attractive approach for futurespacecraft to cope with their demands. The idea of combining theconventional Attitude Control System and the Electrical Power System ispresented in this article. The Combined Energy and Attitude ControlSystem (CEACS consisting of a double counter rotating flywheel assemblyis investigated for small satellites in this article. Another hybrid systemincorporating the conventional Attitude Control System into the ThermalControl System forming the Combined Attitude and Thermal ControlSystem (CATCS consisting of a "fluid wheel" and permanent magnets isalso investigated for small satellites herein. The governing equationsdescribing both these novel hybrid subsystems are presented and theironboard architectures are numerically tested. Both the investigated novelhybrid spacecraft subsystems comply with the reference missionrequirements.

  20. A system for success: BMC Systems Biology, a new open access journal

    Directory of Open Access Journals (Sweden)

    Webb Penelope A

    2007-09-01

    Full Text Available Abstract BMC Systems Biology is the first open access journal spanning the growing field of systems biology from molecules up to ecosystems. The journal has launched as more and more institutes are founded that are similarly dedicated to this new approach. BMC Systems Biology builds on the ongoing success of the BMC series, providing a venue for all sound research in the systems-level analysis of biology.