An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release
Bowers, Dan M
Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed
Ferreira, Ana; Chadwick, David W; Antunes, Luis
The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to...
Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan
The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.
Bradley, R. G.
Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems.
Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary,
The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described
ZHENG Xiao-lin; LEI Yu; CHEN De-ren
An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.
Bzorgi, Fariborz M.
An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.
Mr. SANTHOSH S
Full Text Available Radio frequency identification (RFID technology has helped many organizations to reduce cost. Nevertheless, there are challenges and issues associated with RFID adoption. The most common internal challenge for many organizations is justifying the investment and modification of processes. The focus of this project is to show the business value of RFID technology and its applications. The important issue is the security level of the whole campus because it needs to be carefully differentiated. Dormitories and special research laboratories should benefit from higher levels of security than any other campuses. The key to the problem is represented by the new Radio Frequency Identification (RFID which can support contactless cards with memory. The most important feature of the proposed system is the updating of access permission level at any time for the user based on the availability of that user. The data transfer from the reader to the database was done using wireless communication (RF communication. To achieve this here RF transmitter and the RF receiver is used. The data which is read by the reader is sent to the microcontroller. Then from the controller we can transfer the data to the database by using the UART module (serial communication which is inbuilt in the microcontroller through RF transmitter. RF receiver of the same frequency at the receiver end receives and then stores the data in the database. RF transmitter and Receiver – frequency for transmitting and receiving the data depends on the user as per the requirement for the application and it is based on the range of distance. For the data encoding and decoding process HCS-101 protocol is used.
Al-Neyadi, Fahed; Abawajy, Jemal H.
E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.
Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…
Gaaloul, Khaled; Charoy, François
e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.
Microprocessors were installed as auxiliary crate controllers (ACCs) in the CAMAC interface of control systems for various accelerators. The same ACC was also at the hearth of a stand-alone system in the form of a mobile console. This was also used for local access to the control systems for tests and development work (Annual Report 1981, p. 80, Fig. 10).
Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.
The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.
Kawamura, Hiroko; Hirata, Yasuki [Kyushu Univ., Fukuoka (Japan). Radioisotope Center; Kondo, Takahiro; Takatsuki, Katsuhiro
We applied a new fingerprint checker for complete access control to the radiation controlled area and to the radioisotope storage room, and prepared softwares for the best use of this checker. This system consists of a personal computer, access controllers, a fingerprint register, fingerprint checkers, a tenkey and mat sensors, permits ten thousand users to register their fingerprints and its hard disk to keep more than a million records of user`s access. Only 1% of users could not register their fingerprints worn-out, registered four numbers for a fingerprint. The softwares automatically provide varieties of reports, caused a large reduction in manual works. (author)
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.
Full Text Available The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management of internal functions is of the same importance as external service management. It is very troublesome to control authorizations merely with attributes and composition of policies introduced from attribute-based access control (ABAC. So, we introduce a united access control model for systems in collaborative commerce, combining the advantages of conventional role-based access control (RBAC, task-based authentication control (TBAC and that of recent ABAC and automated trust negotiation (ATN. Innovational ideas in the model are analyzed, and the implement architecture is discussed. The paper concludes with a summary of the united model’s benefits and future work.
Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D. [Argonne National Lab., IL (United States). Advanced Photon Source
The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS`s design philosophy, configuration, hardware, functionality, validation requirements, and operational experience.
Wang Peng; Jiang Lingyun
As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for...
Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio
Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
Full Text Available The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises. This is achieved mainly through the use of a Radio Frequency Identification System with operating frequency of 125 KHz, Microcontroller programmed to send control signals, DC motor, relay, buzzer, Liquid Crystal Display (LCD and GSM/GPRS Modem.Once the RFID tag which contains the user’s unique information is scan by the RFID reader and confirmed match with the information stored in the microcontroller, the microcontroller is instructed to turn ON the DC motor through L293D driver, display “USER NUMBER and CARD NUMBER” on the LCD and activates the GSM/GPRS modem to send SMS alert “AUTHORIZED, valid RFID card shown, User is allowed to enter, user number” to security personnel. Else, the DC Motor remained OFF, LCD displays “READ RFID CARD NOT VALID”, buzzer turns ON for about 5seconds and GSM/GPRS modem activated to send “ UNAUTHORIZED, invalid RFID card is used to access the security system” to the security personnel. The electronic circuit was implemented, the codes for microcontroller were written in assembly language, debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Hardware simulation was carried out using the Proteus Virtual System Modelling (VSM version 8.0.An importation implication of this paper is that the system is cheaper to maintain and more efficient in comparison with a manually operated type or key lock
Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented.
Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555
Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian
Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.
Reed, Robert K; Bell, Jayce C
The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061
Ruo-Fei Han; Hou-Xiang Wang; Qian Xiao; Xiao-Pei Jing; Hui Li
The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management...
... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published in... Protection Systems for Access Control Technologies, 65 FR 64556, 64564, published in the Federal...
... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...
...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10 a.m.-4..., Airport Security Access Control Systems. The agenda will include the following: February 9, 2012...
Full Text Available Over the years, e-learning and e-examination has become standard in many institutions of higher learning. It has been observed that examination questions and results can be easily intercepted by invalid users, thus the security of resources shared among valid users is not guaranteed. In order to solve these problems as it relates to access control, a Role based Examination System (RBES was designed, developed and evaluated. RBES attempted to solve the security issue by the combination of two authentication techniques: text-based authentication and graphical password authentication. The Text-based authentication utilizes two text-based parameters namely the username and password. The graphical password authentication makes use of a finite set of controls (RBES chooses radio buttons which are identified by numbers. These numbers constitute the password used for graphical authentication. To improve on resource sharing among users in the examination system, RBES proposes role management (role creation, role update, role removal and user management (user creation, user update and user removal. The developed system made use of asp.net, C#, IIS server, WAMP server, Mysql and other tools for its development. RBES was tested by some legitimate and illegitimate users and the performance of the system was found to be satisfactory, hence RBES shows an efficient and reliable scheme that can be deployed in any examination or e-learning system. Finally the potential threats to the system were modeled and the use of weak passwords was found to be the most likely threat the system could be vulnerable to.
... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...
Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.
Full Text Available As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for the medical health-care environment, task-role-based access control model, which overcomes the disadvantages of traditional access control models. The task-role-based access control (T-RBAC model introduces a task concept, dividing tasks into four categories. It also supports supervision role hierarchy. T-RBAC is a proper access control model for Smart Health-care System, and it improves the management of access rights. This paper also proposes an implementation of T-RBAC, a binary two-key-lock pair access control scheme using prime factorization.
Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim
Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...
HUANG Xiaowen; TAN Jian; HUANG Xiangguo
An effective and reliable access control is crucial to a PDM system. This article has discussed the commonly used access control models, analyzed their advantages and disadvantages, and proposed a new Role and Object based access control model that suits the particular needs of a PDM system. The new model has been implemented in a commercial PDM system, which has demonstrated enhanced flexibility and convenience.
Affine connection control systems are mechanical control systems that model a wide range of real systems such as robotic legs, hovercrafts, planar rigid bodies, rolling pennies, snakeboards and so on. In 1997 the accessibility and a particular notion of controllability was intrinsically described by A. D. Lewis and R. Murray at points of zero velocity. Here, we present a novel generalization of the description of accessibility algebra for those systems at some points with nonzero velocity as long as the affine connection restricts to the distribution given by the symmetric closure. The results are used to describe the accessibility algebra of different mechanical control systems.
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13, 2012... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15, 2012... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from 9... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Second Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21, 2013... Federal Aviation Administration Nineteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28, 2012... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10, 2013... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security...
Full Text Available SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1 role name conflicts (2 cross-level management (3 the isomerism of tenants' access control (4 temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.
This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad
The existence and use of software and networks have generated another possibility for perpetrators to influence systems in nuclear facilities or to prepare malevolent acts. Data security has become an element of physical protection plans, not as an end in itself but as a means to achieve physical protection objectives. Physical protection measures are additional measures, which become necessary when other measures that have to be taken (e.g. in compliance with international standards) are insufficient to prevent a hazard to the protection goals through data manipulation by software and hardware. In planning or assessing data protection measures for the purpose of physical protection, it is necessary to differentiate between applications which can, if manipulated, directly endanger the protection goals. The importance of software protection is growing. In particular, because of ageing of components, the existing instrumentation and control systems with their fixed wiring and discrete elements will have to be updated. Computerized access control systems play an eminent role in the physical protection of a nuclear facility. Therefore, most systems are operated as islands. The paper shows that linking of certain systems with other computer systems is possible without inadmissible drawbacks for the physical protection level. It is shown by means of the example of linking together the computer networks of access control, health physics, the flexitime system, the key administration and the operational management system that such linking of systems in nuclear facilities had hidden advantages for all participants
Wu, Guowei; Xia, Feng; Yao, Lin
Access control is an issue of paramount importance in cyber-physical systems (CPS). In this paper, an access control scheme, namely FEAC, is presented for CPS. FEAC can not only provide the ability to control access to data in normal situations, but also adaptively assign emergency-role and permissions to specific subjects and inform subjects without explicit access requests to handle emergency situations in a proactive manner. In FEAC, emergency-group and emergency-dependency are introduced. Emergencies are processed in sequence within the group and in parallel among groups. A priority and dependency model called PD-AGM is used to select optimal response-action execution path aiming to eliminate all emergencies that occurred within the system. Fault-tolerant access control polices are used to address failure in emergency management. A case study of the hospital medical care application shows the effectiveness of FEAC.
The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.
Bassil, S.; Reichert, M.U.; Bobrik, R.; Bauer, Th.
Integrated process support is highly desirable in environ- ments where data related to a particular (business) process are scattered over distributed and heterogeneous information systems (IS). A process monitoring component is a much-needed module in order to provide an integrated view on all these
Radio Frequency Identification (RFID) makes great flexibility and high efficiency for data acquisition in industry and daily life. At the other side, it brings the privacy risks and multiple tags collision issue. Current research in RFID system focuses on the security and privacy issue which is based on authentication protocols between a tag and a Reader. There is a need to design a reasonable protocol which takes care of both multi-tag anti-collision and security issue. This thesis presen...
Bian, Kaigui; Gao, Bo
This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing. From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources. Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems. • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...
Boniface K. Alese
Full Text Available The evolving realities of Wireless Sensor Network (WSN deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.
Arakaki, L.H.; Monaco, F.M.
This report contains the guidance Functional Requirements for an Integrated Intrusion Detection and Access Control Annunciator System, and survey results of selected commercial systems. The survey questions were based upon the functional requirements; therefore, the results reflect which and sometimes how the guidance recommendations were met.
Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.
The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to b
This paper describes the design, management and development of the new access control system for the Antiproton Deceleration experimental area, called the AD Project. As this project includes all the elements for the industrial evolution of the present access control system it is an ideal test bed for future access systems. The adoption of new technologies and techniques are described, and the benefits and the shortfalls are highlighted. The open redundant architecture solution, based on a PROFIBUS network and standard industrial components (HP-UNIX, Siemens S7 PLC, Siemens Industrial PC, door locks), guarantees reliability, safety and optimal integration. The project team took advantage of the Goal Directed Project Management technique and managed to define a clear and effective strategy.
Ahmadi, Mohammad Reza
Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.
... Copyright Office 37 CFR Part 201 Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies AGENCY: Copyright Office, Library of Congress. ACTION: Final Rule; correction. SUMMARY: The Copyright Office makes a nonsubstantial correction to its regulation announcing...
Full Text Available Aiming at three kinds of Internet-based system quality problems, which is performance, liability and security, the paper proposes a kind of test template during multi-user login and resource access control, which includes test requirement, login script, role-resource correlating and mutation test technique. Some Internet-based systems are tested and diagnosed by automation test technique of test template. At last, system quality can be verified and improved through the realization mechanism of test template.
Nagarajan, Anand; Jensen, Christian D.
The electrical power infrastructure is facing a transition from a largely centralised distribution infrastructure with a few large power plants to an increasingly distributed infrastructure that must incorporate privately owned and operated power generation units based on fuel cells or sustainable...... infrastructure in a software domain in a manufacturer independent manner as well as establishing secure communication and authenticating the other parties in electrical power infrastructures, but they do not address the problem of access control. We therefore propose a generic model for access control in wind...... power systems, which is based on the widely used role-based access control model. The proposed model is tested using a prototype designed in conformance with the standards that are in use in modern wind power infrastructure and the results are presented to determine the overhead in communication caused...
Dekker, Mari Antonius Cornelis
Access control is used in computer systems to control access to confidential data. In this thesis we focus on access control for dynamic collaborative environments where multiple users and systems access and exchange data in an ad hoc manner. In such environments it is difficult to protect confident
GAO Fuxiang; YAO Lan; BAO Shengfei; YU Ge
A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.
Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin
This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...
YU Yi-fan; YIN Chang-chuan; YUE Guang-xin
Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%～80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.
A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority will be awa...... will be awaiting, i.e. no further data items are transmitted with that priority, until all lower, non-awaiting priorities have had one or more data items transmitted to the shared resource. In this manner, guarantees services may be obtained for all priorities.......A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority...
Olusegun Folorunso; Olusegun Afeez Mustapha
Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC) strategy and fuzzy-expert systems was used to enhance the qu...
Full Text Available Secure buildings are currently protected from unauthorized access by a variety of devices. Even though there are many kinds of devices to guarantee the system safety such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures, the people voice can also be used. The ability to verify the identity of a speaker by analyzing speech, or speaker verification, is an attractive and relatively unobtrusive means of providing security for admission into an important or secured place. An individuals voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. Due to these advantages, this paper describes design and prototyping a voice-based door access control system for building security. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the users identity claim or possibly to report insufficient confidence and request additional input before making the decision. Furthermore, intelligent system approach is used to develop authorized person models based on theirs voice. Particularly Adaptive-Network-based Fuzzy Inference Systems is used in the proposed system to identify the authorized and unauthorized people. Experimental result confirms the effectiveness of the proposed intelligent voice-based door access control system based on the false acceptance rate and false rejection rate.
Ookubo, S.; Nakai, Y.; Oohira, N.; Kishishita, S. [Tokyo Electric power Co., Tokyo (Japan); Kobayashi, H.; Sano, F. [Fuji Electric Co., Tokyo (Japan); Masuda, M.; Tajima, T.; Oohira, K. [Toshiba Corporation, Tokyo (Japan)
A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No. 2 Nuclear Power Station of Tokyo Electric Power Co., Inc. since October, 1999. The system is designed to reduce workers burden by simplifying the operation of each equipment that controls access to radiation controlled areas, and to minimize radiation exposure by automatically acquiring dose data during each access and each task. The new system adopted electronic personal dosimeters (gamma radiation EPD) which permit data collection by radio communication, thus improving the conventional alarm-equipped personal dosimeter (EPD) and increasing reliability as primary dosimeters. Furthermore, additional electronic personal dosimeters capable of measuring beta radiation (gamma and beta radiations EPD) were also utilized in specific tasks in October 2001. After a six-month test run of these EPDs, the film badges were discontinued in April 2002 and replaced solely with the EPDs. EPDs are now used as the primary dosimetry for radiation workers.
Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.
With self-shielded irradiators like Gamma chambers, and Blood irradiators are being sold by BRIT to customers both within and outside the country, it has become necessary to improve the quality of service without increasing the overheads. The recent advances in the field of communications and information technology can be exploited for improving the quality of service to the customers. A state of the art control system with remote accessibility has been designed for these irradiators enhancing their performance. This will provide an easy access to these units wherever they might be located, through the Internet. With this technology it will now be possible to attend to the needs of the customers, as regards fault rectification, error debugging, system software update, performance testing, data acquisition etc. This will not only reduce the downtime of these irradiators but also reduce the overheads. (author)
Anass El haddadi
Full Text Available Information fusion is a cornerstone of competitive intelligence activity that aims at supporting decisionmaking by collecting, analyzing and disseminating information. This information comes fromheterogeneous data sources. In this paper we present an approach of access control. This approach isfocused both on the information that must be bring to decision-makers and the privacy of individuals whosedata is used to extract this information. This model is based on the standard “Role Based Access Control”(RBAC and is implemented within the entire life cycle of Xplor Every Where (Web service of Tetralogie,it follows methodologies tailored to design privacy-aware systems to be compliant with data protectionregulations.
Chiang, Ken; Nguyen, Thuy D.; Irvine, Cynthia E.
Control of access to information based upon temporal attributes can add another dimension to access control. To demonstrate the feasibility of operating system level support for temporal access controls, the Time Interval File Protection System (TIFPS), a prototype of the Time Interval Access Control (TIAC) model, has been implemented by modifying Linux extended attributes to include temporal metadata associated both with files and users. The Linux Security Module was used to provide hooks fo...
Miwa, Shotaro; Kage, Hiroshi; Hirai, Takashi; Sumi, Kazuhiko
We propose a probabilistic face recognition algorithm for Access Control System(ACS)s. Comparing with existing ACSs using low cost IC-cards, face recognition has advantages in usability and security that it doesn't require people to hold cards over scanners and doesn't accept imposters with authorized cards. Therefore face recognition attracts more interests in security markets than IC-cards. But in security markets where low cost ACSs exist, price competition is important, and there is a limitation on the quality of available cameras and image control. Therefore ACSs using face recognition are required to handle much lower quality images, such as defocused and poor gain-controlled images than high security systems, such as immigration control. To tackle with such image quality problems we developed a face recognition algorithm based on a probabilistic model which combines a variety of image-difference features trained by Real AdaBoost with their prior probability distributions. It enables to evaluate and utilize only reliable features among trained ones during each authentication, and achieve high recognition performance rates. The field evaluation using a pseudo Access Control System installed in our office shows that the proposed system achieves a constant high recognition performance rate independent on face image qualities, that is about four times lower EER (Equal Error Rate) under a variety of image conditions than one without any prior probability distributions. On the other hand using image difference features without any prior probabilities are sensitive to image qualities. We also evaluated PCA, and it has worse, but constant performance rates because of its general optimization on overall data. Comparing with PCA, Real AdaBoost without any prior distribution performs twice better under good image conditions, but degrades to a performance as good as PCA under poor image conditions.
Office of Personnel Management — Application and Assessment system for Presidential Management Fellows (PMF) and PMF Science, Technology, Engineering, and Math (STEM) programs. This sytem is access...
Probst, Christian W.; Hansen, René Rydhof
When prosecuting crimes, the main question to answer is often who had a motive and the possibility to commit the crime. When investigating cyber crimes, the question of possibility is often hard to answer, as in a networked system almost any location can be accessed from almost anywhere. The most...
Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew
Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).
A method has been proposed for using the tools of kernel of an operating system to control access to the entities of application servers. The possibility of using an information protection system incorporated into the operating system to store and implement security policy has been demonstrated for a database management system
Full Text Available Role Based Access Control is very useful for providing a high level description of access control for organizational applications. This paper proposes a role based framework that deals with security problems in an intranet environment. The proposed framework protects intranet resources from unauthorized users. The salient feature of the framework is that it allows intranet users to access only authorized resources. It consists of two kinds of role hierarchies: global role hierarchy and local role hierarchy, and two levels of permissions: server permission and object permission. They simplify the way of structuring authority and responsibility in the whole intranet and the allocation of privileges for different objects within a particular server. The proposed framework is implemented over Windows platform and tested for the validity. The test results indicated that it can successfully be used to control accessing network objects.
Gang Huang; Lian-Shan Sun
Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.
The use of an electronic olfactory device, termed an electronic 'nose', was investigated for the detection of unique human odour characteristics. The detection of these unique odours was applied to the field of biometrics for access control, where a human's unique characteristics were used to authenticate a user of an access control system. An electronic odour sensing device was designed and constructed using an array of conducting polymer gas sensors in order to facilitate the regular screen...
As per norms of the Atomic energy regulatory board (AERB) to operate a facility in round the clock which has a potential of radiation exposure, radiation safety rules are to be followed. Indus -1 and Indus-2 are synchrotron radiation sources which are open for various users round the clock. To monitor the persons inside the defined zone at any given time, a system is setup consisting of RF ID cards and their readers along with dedicated software. Software is developed in Visual Basic and uses UDP network protocol for receiving data from readers installed at various locations and connected to local area network. The paper describes the access control scheme followed in Indus Accelerator Complex. (author)
National Archives and Records Administration — The OGIS Access System (OAS) provides case management, stakeholder collaboration, and public communications activities including a web presence via a web portal.
Casas, Antonia; Garcia, Maria Jesus; Nikouline, Andrei
Since 1994 the Data Centre of the Spanish Oceanographic Institute develops system for archiving and quality control of oceanographic data. The work started in the frame of the European Marine Science & Technology Programme (MAST) when a consortium of several Mediterranean Data Centres began to work on the MEDATLAS project. Along the years, old software modules for MS DOS were rewritten, improved and migrated to Windows environment. Oceanographic data quality control includes now not only vertical profiles (mainly CTD and bottles observations) but also time series of currents and sea level observations. New powerful routines for analysis and for graphic visualization were added. Data presented originally in ASCII format were organized recently in an open source MySQL database. Nowadays, the IEO, as part of SeaDataNet Infrastructure, has designed and developed a new information system, consistent with the ISO 19115 and SeaDataNet standards, in order to manage the large and diverse marine data and information originated in Spain by different sources, and to interoperate with SeaDataNet. The system works with data stored in ASCII files (MEDATLAS, ODV) as well as data stored within the relational database. The components of the system are: 1.MEDATLAS Format and Quality Control - QCDAMAR: Quality Control of Marine Data. Main set of tools for working with data presented as text files. Includes extended quality control (searching for duplicated cruises and profiles, checking date, position, ship velocity, constant profiles, spikes, density inversion, sounding, acceptable data, impossible regional values,...) and input/output filters. - QCMareas: A set of procedures for the quality control of tide gauge data according to standard international Sea Level Observing System. These procedures include checking for unexpected anomalies in the time series, interpolation, filtering, computation of basic statistics and residuals. 2. DAMAR: A relational data base (MySql) designed to
WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min
Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.
Full Text Available Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.
Desmedt, Yvo; Shaghaghi, Arash
Security researchers have stated that the core concept behind current implementations of access control predates the Internet. These assertions are made to pinpoint that there is a foundational gap in this field, and one should consider revisiting the concepts from the ground up. Moreover, Insider threats, which are an increasing threat vector against organizations are also associated with the failure of access control. Access control models derived from access control matrix encompass three ...
Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...
Madar, Fatima Ali
This thesis discusses two implementations of file access controls: the UNIX Permissions (UP) and the Access Control List (ACL). We will evaluate advantages and weaknesses in these two implementations. The criteria of evaluation are usefulness, security and manageability. The level of usefulness of systems was measured by evaluating user-surveys. The level of security was measured by comparing the implementations against well-established file access control models concerning privacy, inte...
Chen, Lijun; Low, Steven H.; Doyle, John C.
Motivated partially by a control-theoretic viewpoint, we propose a game-theoretic model, called random access game, for contention control. We characterize Nash equilibria of random access games, study their dynamics, and propose distributed algorithms (strategy evolutions) to achieve Nash equilibria. This provides a general analytical framework that is capable of modeling a large class of system-wide quality-of-service (QoS) models via the specification of per-node util...
Deji, Shizuhiko [Graduate School of Environmental Studies, Nagoya University, Furo-cho, Chikusa-ku, Nagoya 464-8602 (Japan); Nishizawa, Kunihide [Radioisotope Research Center, Nagoya University, Furo-cho, Chlkusa-ku, Nagoya 464-8602 (Japan)]. E-mail: firstname.lastname@example.org
High-frequency electromagnetic fields in the 120 kHz band emitted from card readers for access control systems caused abnormally high doses on electronic pocket dosimeters (EPDs). All EPDs recovered their normal performance by resetting after the exposure ceased. The electric and magnetic immunity levels of the EPDs were estimated by using the distances needed to prevent electromagnetic interference.
Full Text Available Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has provided the way for personalization. Personalization is a term which refers to the delivery of information that is relevant to individual or group of individuals in the format, layout specified and in time interval. In this paper we propose an Ontology Based Access Control (OBAC Model that can address the permitted access control among the service providers and users. Personal Health Records sharing is highly expected by the users for the acceptance in mobile commerce applications in health care systems.
Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control syst...
Collins, Earl R., Jr. (Inventor)
A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.
Kelley, Jay; Wessels, Denzil
Network access control (NAC) is how you manage network security when your employees, partners, and guests need to access your network using laptops and mobile devices. Network Access Control For Dummies is where you learn how NAC works, how to implement a program, and how to take real-world challenges in stride. You'll learn how to deploy and maintain NAC in your environment, identify and apply NAC standards, and extend NAC for greater network security. Along the way you'll become familiar with what NAC is (and what it isn't) as well as the key business drivers for deploying NAC.Learn the step
Quan Jing; Kuo Wan; Xiao-jun Wang; Lin Ma
Objective To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. Methods A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth:the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4%articaine and 1∶100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. Results The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively;χ2=34.3, P Conclusion The computer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.
Tokamak diagnostic settings are repeatedly modified to meet the changing needs of each experiment. Enabling the remote diagnostic control has significant challenges due to security and efficiency requirements. The Operation Request Gatekeeper (ORG) is a software system that addresses the challenges of remotely but securely submitting modification requests. The ORG provides a framework for screening all the requests before they enter the secure machine zone and are executed by performing user authentication and authorization, grammar validation, and validity checks. A prototype ORG was developed for the ITER CODAC that satisfies their initial requirements for remote request submission and has been tested with remote control of the KSTAR Plasma Control System. This paper describes the software design principles and implementation of ORG as well as worldwide test results.
Wakayama, Koji; Okuno, Michitaka; Matsuoka, Yasunobu; Hosomi, Kazuhiko; Sagawa, Misuzu; Sugawara, Toshiki
We propose an optical switch control procedure for high-performance and cost-effective 10 Gbps Active Optical Access System (AOAS) in which optical switches are used instead of optical splitters in PON (Passive Optical Network). We demonstrate the implemented optical switch control module on Optical Switching Unit (OSW) with logic circuits works effectively. We also propose a compact optical 3D-CSP (Chip Scale Package) to achieve the high performance of AOAS without losing cost advantage of PON. We demonstrate the implemented 3D-CSP works effectively.
在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理，它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。%got rapid development in the rapid development of digital technology, network technology today access technology. Access control systems have already gone beyond the simple road and key management, it has gradual y developed into a complete access control system. It plays a great role in administrative work environment safety, personnel at endance management etc. In this paper, the museum entrance guard system in the research on the application of.
Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit
Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626
Carreras Coch, Anna; Rodríguez Luna, Eva; Delgado Mercè, Jaime; Maroñas Borras, Xavier
Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability amongst systems using different policy languages and the lack of elements in the existing policy languages when trying to express Social Networks’ access control. In part...
Whether for an entire district, a single campus, or one classroom, allowing authorized access to a computer network can be fraught with challenges. The login process should be fairly seamless to approved users, giving them speedy access to approved Web sites, databases, and other sources of information. It also should be tough on unauthorized…
ALBARELO, P. C.
Full Text Available Professionals are constantly seeking qualification and consequently increasing their knowledge in their area of expertise. Thus, it is interesting to develop a computer system that knows its users and their work history. Using this information, even in the case of professional role change, the system could allow the renewed authorization for activities, based on previously authorized use. This article proposes a model for user access control that is embedded in a context-aware environment. The model applies the concept of trails to manage access control, recording activities usage in contexts and applying this history as a criterion to grant new accesses. Despite the fact that previous related research works consider contexts, none of them uses the concept of trails. Hence, the main contribution of this work is the use of a new access control criterion, namely, the history of previous accesses (trails. A prototype was implemented and applied in an evaluation based on scenarios. The results demonstrate the feasibility of the proposal, allowing for access control systems to use an alternative way to support access rights.
陈卓; 骆婷; 石磊; 洪帆
Access control is an important protection mechanism for information systems. This paper shows how to make access control in workflow system. We give a workflow access control model (WACM) based on several current access control models. The model supports roles assignment and dynamic authorization. The paper defines the workflow using Petri net. It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM). Finally, an example of an e-commerce workflow access control model is discussed in detail.
Snook, Bryan E.
The Automated Computer Access Request (AutoCAR) system is a Web-based account provisioning application that replaces the time-consuming paper-based computer-access request process at Johnson Space Center (JSC). Auto- CAR combines rules-based and role-based functionality in one application to provide a centralized system that is easily and widely accessible. The system features a work-flow engine that facilitates request routing, a user registration directory containing contact information and user metadata, an access request submission and tracking process, and a system administrator account management component. This provides full, end-to-end disposition approval chain accountability from the moment a request is submitted. By blending both rules-based and rolebased functionality, AutoCAR has the flexibility to route requests based on a user s nationality, JSC affiliation status, and other export-control requirements, while ensuring a user s request is addressed by either a primary or backup approver. All user accounts that are tracked in AutoCAR are recorded and mapped to the native operating system schema on the target platform where user accounts reside. This allows for future extensibility for supporting creation, deletion, and account management directly on the target platforms by way of AutoCAR. The system s directory-based lookup and day-today change analysis of directory information determines personnel moves, deletions, and additions, and automatically notifies a user via e-mail to revalidate his/her account access as a result of such changes. AutoCAR is a Microsoft classic active server page (ASP) application hosted on a Microsoft Internet Information Server (IIS).
He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang
We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.
刘琼波; 施军; 尤晋元
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.%为适应分布式环境下的安全需求，提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述，限定权限传播的深度，利用不同的优先次序定义了多种消解冲突的规则，并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理，描述了如何判定访问请求的算法.解决了3个问题：分布式授权、私有权限和冲突消解方法.
The LHC complex is divided into a number of zones with different levels of access controls.Inside the interlocked areas, the personnel protection is ensured by the LHC Access System.The system is made of two parts:the LHC Access Safety System and the LHC Access Control System. During machine operation,the LHC Access Safety System ensures the collective protection of the personnel against the radiation hazards arising from the operation of the accelerator by interlocking the LHC key safety elements. When the beams are off, the LHC Access Control System regulates the access to the accelerator and its many subsystems.It allows a remote, local or automatic operation of the access control equipment which verifies and identifies all users entering the controlled areas.The global architecture of the LHC Access System is now designed and is being validated to ensure that it meets the safety requirements for operation of the LHC.A pilot installation will be tested in the summer 2005 to validate the concept with the us...
GU Xue-lin; YAN Wei; TIAN Hui; ZHANG Ping
This article presents a dynamic random access scheme for orthogonal frequency division multiple access (OFDMA) systems. The key features of the proposed scheme are:it is a combination of both the distributed and the centralized schemes, it can accommodate several delay sensitivity classes,and it can adjust the number of random access channels in a media access control (MAC) frame and the access probability according to the outcome of Mobile Terminals access attempts in previous MAC frames. For floating populated packet-based networks, the proposed scheme possibly leads to high average user satisfaction.
A recent trend is observed in the context of the radio-controlled aircrafts and automobiles within the hobby grade category and Unmanned Aerial Vehicles (UAV) applications moving to the well-known Industrial, Scientific and Medical (ISM) band. Based on this technological fact, the present thesis evaluates an individual user performance by featuring a multiple-user scenario where several point-to-point co-located real-time Remote Control (RC) applications operate using Frequency Hopping Spread Spectrum (FHSS) as a medium access technique in order to handle interference efficiently. Commercial-off-the-shelf wireless transceivers ready to operate in the ISM band are considered as the operational platform supporting the above-mentioned applications. The impact of channel impairments and of different critical system engineering issues, such as working with real clock oscillators and variable packet duty cycle, are considered. Based on the previous, simulation results allowed us to evaluate the range of variation for those parameters for an acceptable system performance under Multiple Access (MA) environments.
Chan Brenda Wing Han
Full Text Available A Security Door Access Control System (SDACS project involves a number of teams from different organizations with diverse project goals. One of the main challenges of such projects is the lack of a standard approach or common understanding to achieve a common goal among project parties. This research examines various management concerns for SDACS projects, highlights the expected common understanding for project participants, develops the project management constructs, and emphasizes on the resulting value of the project to all participants. A two-stage process of scale development and validation was conducted. First, six generic constructs were identified based on the Security Access Control System Framework. Next, a multi-item scale for each construct was developed with reference to the Result-Oriented Management Framework. Expert judges were invited to conduct manual sorting of the items iteratively until reliability and validity was reached. In the next stage, further refinement and validation were carried out with a synthesized survey instrument and a series of statistical testing followed. The finalized SDACS project management constructs and the related findings help reinforce the importance of a standardized management practice for SDACS projects. The value of this research not only benefits SDACS project managers but everyone who works on the project.
Jenkins, Chris; Pierson, Lyndon G.
Techniques and mechanism to selectively provide resource access to a functional domain of a platform. In an embodiment, the platform includes both a report domain to monitor the functional domain and a policy domain to identify, based on such monitoring, a transition of the functional domain from a first integrity level to a second integrity level. In response to a change in integrity level, the policy domain may configure the enforcement domain to enforce against the functional domain one or more resource accessibility rules corresponding to the second integrity level. In another embodiment, the policy domain automatically initiates operations in aid of transitioning the platform from the second integrity level to a higher integrity level.
Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of ...
Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.
As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are
Bente, Ingo; von Helden, Josef
Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.
Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.
Jonathan A. ENOKELA
Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.
Yang, Fan; Hankin, Chris; Nielson, Flemming;
We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future...
Krukow, Karl Kristian; Nielsen, Mogens; Sassone, Vladimiro
-based trust-management systems provide no formal security-guarantees. In this extended abstract, we describe a mathematical framework for a class of simple reputation-based systems. In these systems, decisions about interaction are taken based on policies that are exact requirements on agents' past histories...... to encode other policies known from the literature, e.g., `one-out-of-k'. The problem of checking a history with respect to a policy is efficient for the basic language, and tractable for the quantified language when policies do not have too many variables....
高斌; 翟江涛; 薛朋骏
An access control system based on file layer of VxWorks is designed and implemented to solve the problem of lack of protection in file layer of VxWorks.This system is composed of three parts which are access monitor, access decider and authority library.Firstly, access monitor which is used to intercept the access of tasks to files in the block device and to acquire the access information of tasks is embedded into the dosFs file system layer, and the access information is also made up of three parts which are access subject, access object and access mode.Secondly, a decision scheme is given by access decider when the acquired access information of tasks is compared by the rules in authority library.Finally, the corresponding access control is carried out by access monitor according to the decision above.The performance of VxWorks embedded with the designed access control system is evaluated by experiments, and it turns out that the security of VxWorks is improved by the con-trol method whose effect on the instantaneity of VxWorks is acceptable.%针对VxWorks系统缺少文件层保护的问题,设计并实现了一种基于VxWorks文件层的访问控制系统.该系统包括访问监控器、访问决策器和权限库3部分.首先,在dosFs文件系统层嵌入访问监控器,拦截任务对块设备中文件的访问,同时获取由访问主体、客体以及访问方式所构成的三元组访问任务信息;其次,访问决策器将获取的访问任务信息与权限库的规则作匹配,给出决策方案;最后,访问监控器根据决策方案进行相应的访问控制.文中实验部分对使用文中方法设计的VxWorks系统进行了性能评估,结果表明该控制方法不仅有效提高了VxWorks系统的安全性,而且对VxWorks系统的实时性影响较小.
U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. LegislationâYouth Access. The STATE...
Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres
TOUNSI, Wiem; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Pujolle, Guy
International audience Radio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events ...
Pulsed Tokamak experiments give rise to significant direct radiation even in the pre-tritium phase. A fundamental safety requirement is the provision of high integrity personnel access control systems to protect site, operational staff and the public from the risk of exposure to high radiation. The paper discusses the radiation hazards during the early hydrogen/deuterium operation and the different levels of installed safeguards which included diverse safety systems in the form of conventional hard wired interlocking and programable logic controllers. The form of a detailed reliability analysis assessing the risk of individual exposure to high radiation (for both the public off-site and staff on-site) is discussed together with the lessons learnt and some of the design changes implemented. An interesting feature is the impact of human reliability in the analysis and how a recently developed technique (HEART) provided an estimation of error rates. The confidence gained in addressing the reliability of personnel and public protection against radiation hazards under normal operating conditions provides an important foundation for the safety analysis of fusion plant with significant tritium inventory. (author). 4 refs, 2 figs, 1 tab
Access control is the main strategy of security and protection in Web system, the traditional access control can not meet the needs of the growing security. With using the role based access control (RBAC) model and introducing the concept of the role in the web system, the user is mapped to a role in an organization, access to the corresponding role authorization, access authorization and control according to the user's role in an organization, so as to improve the web system flexibility and security permissions and access control.%访问控制是Web系统中安全防范和保护的主要策略，传统的访问控制已不能满足日益增长的安全性需求。本文在web应用系统中，使用基于角色的访问控制（RBAC）模型，通过引入角色的概念，将用户映射为在一个组织中的某种角色，将访问权限授权给相应的角色，根据用户在组织内所处的角色进行访问授权与控制，从而提高了在web系统中权限分配和访问控制的灵活性与安全性。
Role-based access control(RBAC)is a mainstream technology applied to the system control user access. Accord-ing to the characteristics of the medical system,an access control algorithm is put forward in this paper. On the basis of RBAC model,the access subject and object in the medical system is analyzed,the role is introduced into the system,the permissions is associated with role,and the control for different users’access to records is investigated emphatically. by assigning a role to the appropriate user,then confering an appropriate access privilege on the user,and making the user and access logic separated, the flexibility and security of the permission assignment and access control in the medical system are improved.%基于角色的访问控制是目前应用在系统控制用户访问中比较主流的一门技术。在此针对医疗系统的特点，在基于角色的访问控制模型的基础上，分析医疗系统中的访问主体和客体，引入角色，将权限和角色相关联，重点研究不同用户对记录的访问控制，提出一个访问控制算法，通过分配用户适当的角色，然后授予用户适当的访问权限，使用户和访问权限逻辑分离，从而提高了在医疗系统中权限分配和访问控制的灵活性与安全性。
A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)
XU ZhiWei(徐志伟); BU GuanYing(卜冠英)
The current grid security research is mainly focused on the authentication of grid systems. A problem to be solved by grid systems is to ensure consistent access control. This problem is complicated because the hosts in a grid computing environment usually span multiple autonomous administrative domains. This paper presents a grid access control model, based on asynchronous automata theory and the classic Bell-LaPadula model. This model is useful to formally study the confidentiality and integrity problems in a grid computing environment. A theorem is proved, which gives the necessary and sufficient conditions to a grid to maintain confidentiality.These conditions are the formalized descriptions of local (node) relations or relationship between grid subjects and node subjects.
RFID-based access control system can achieve remote monitoring and intelligent management for computer rooms, laboratories and other specific places. The system chooses Mifare one card, ATmega8, FM1702SL to perform intelligent access control, which adopts the combination of centralized and distributed authorized mechanism to provide users with reliable access control management. The system can provide re- liable historical record for system security by logging the specific behavior of the user. The experiment shows that the system is stable, easy to manage, so it can effectively improve access control system' s securi- ty and monitoring capabilities.%基于RFID的门禁系统可对机房、实验室等特定场所进行远程监控和智能化管理．系统选用Mifare one、ATmega8、FMl702SL实现了智能门禁控制，采用集中授权与分布授权结合的方式，为用户提供可靠的门禁管理．通过对用户的特定行为登记日志，为系统安全提供了可靠的历史记录．实验表明，系统运行稳定、管理方便，可有效提高门禁系统的安全性和监控能力．
Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed
A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.
Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.
ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.
Jonathan A. Enokela; Michael N. TYOWUAH
The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF) transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is ...
杨毯毯; 姜琴; 扈健玮
With the development of science and technology , people have stepped into the era of Internet.Wireless Communication Technology has developed a lot recent years.Wireless Communication Technology has penetrated into all walk of life. Meanwhile,the security of lock has become world topic gradually, This article introduces a set of access controller system based on Bluetooth, It overcomes weakness of traditional clocks’complexity and low-security .It will set foundation for locks’safety and it has broad market prospect.%随着科学技术的迅速发展，人们已经进入了以互联网为核心的信息时代，近几年来无线通信技术也得到了快速的发展，无线通信技术几乎渗透到人们生活的方方面面，智能家居越来越受到青睐，与此同时，门锁的防盗功能和安全性也日益成为全球关注的话题，本论文将介绍一种基于蓝牙的门禁系统，克服了传统门锁开门繁琐，安全性低等缺点；为解决门锁的安全安全隐患奠定基础，具有广阔的市场前景。
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation dir...
Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the
Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…
Different from traditional access control technologies, such as discretionary access control, mandatory access control, role-based access control, trust-based access control can solve the problem of uncertainty, risk and vulnerability coming from authorization. In this paper, strict definition and formal description of trust-based access control is defined.
Oakland Schools, an Intermediate School District for Administration, operates a Remotely Accessible Management System (RAMS). RAMS is composed of over 100 computer programs, each of which performs procedures on the files of the 28 local school districts comprising the constituency of Oakland Schools. This regional service agency covers 900 square…
After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements
Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti
Full Text Available Data outsourcing is a major component for cloud computing that allows data owners to distribute resources to external services for users and organizations who can apply the resources. A crucial problem for owners is how to make sure their sensitive information accessed by legitimate users only using the trusted services but not authorized to read the actual information. With the increased development of cloud computing, it brings challenges for data security and access control when outsourcing users’ data and sharing sensitive data in cloud environment since it is not within the same trusted domain as data owners’. Access control policies have become an important issue in the security filed in cloud computing. Semantic web technologies represent much richer forms of relationships among users, resources and actions among different web applications such as clouding computing. However, Semantic web applications pose new requirements for security mechanisms especially in the access control models. This paper addresses existing access control methods and presents a semantic based access control model which considers semantic relations among different entities in cloud computing environment. We have enriched the research for semantic web technology with role-based access control that is able to be applied in the field of medical information system or e-Healthcare system. This work shows how the semantic web technology provides efficient solutions for the management of complex and distributed data in heterogeneous systems, and it can be used in the medical information systems as well.
段海军; 叶宏; 雷清; 郭勇; 张鹏
In order to solve the problem of access control in network file system for IMA system, we analyse access control and put forward a design scheme of access control. We use the Network File Lock to realize multiple partitions mutually exclusive access to remote files by locking files and unlocking files. We use the module of access control to authenticate the rights of the user. The user can access to files only if through verification. Log files save the whole operation process of accessing remote files. The paper draws principle of network file lock and purview control and modular of log.%为了解决面向IMA的网络文件系统访问控制问题,分析了其中的访问控制,并提出一种访问控制的设计方案.采用网络文件锁,通过对文件的上锁和解锁,实现多个分区互斥访问远程文件；使用权限控制模块验证用户对文件的访问权限,用户通过验证后才能访问文件；日志文件记录整个访问远程文件的过程.给出了网络文件锁、权限控制和日志模块的工作原理.
韩进; 秦宏超; 杨颖超; 刘文武
Smart Home Security System based on security requirements to Samsung S3C6410 embedded core chip as a platform to OpenCV technology as the core, designed and implemented with face recognition features intelligent security access control system. The intelligent access control system will first donor's human face Gray, dimensionality reduction and eigenvalue calculations and other processing, and then prepare training to be authorized in the relevant information. Then the camera to capture the information processing of the human face. The donor's human face to face with the collected information for comparison to determine whether the open access system. After testing, the intelligent access control system completed a face recognition function better, to achieve the access control system design requirements. The design has been successfully applied to smart home security system.%基于智能家居安防系统中安全性的需求，以三星S3C6410嵌入式核心芯片为平台，以OpenCV技术为核心，设计实现了具有人脸识别功能的智能安防门禁系统。本智能门禁系统首先将授权人的人脸信息进行灰度化、降维及计算特征值等处理，再进行准备训练，得到授权人的相关信息。然后对摄像头采集到的人脸信息进行处理。将授权人的人脸信息与采集到的人脸信息进行比对，判定门禁系统是否开放。经过测试，该智能门禁系统较好的完成了人脸识别功能，实现了门禁系统的设计要求。本设计已成功应用于智能家居安防系统中。
MENG Xiao-feng; LUO Dao-feng; OU Jian-bo
As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.
针对航天企业在质量归零管理信息化过程中遇到的对归零信息和归零过程的多级、多任务和多角色访问控制问题展开研究.在构建面向集团-院-厂所的三级归零管理业务模型的基础上,分析质量归零过程中对归零信息和归零流程的访问控制需求,提出基于任务和角色的扩展访问控制( Extended Task&Role Based Access Control,ETRBAC)模型,该模型将型号权限、产品权限、组织权限和任务权限进行综合,实现了对归零信息和归零流程的多维度访问控制.在理论研究的基础上,设计开发了访问控制组件,并通过软件的实施,验证该访问控制策略的有效性.%Multi-level, multi-task and multi-role is the prominent characteristics of the close-loop control of quality problem process in the process of aerospace product development. In the development of software system for quality problem management, the access control function need to cover above three parts. On the basis of setting up a three-layer business model for close-loop control of quality problem process, the requirements of access control on information and workflow of close-loop control of quality problem were analyzed. The model of Extended Task and Role Based Access Control(ETRBAC) is proposed in which the product, organization,task and role are integrated in authority configuration. Based on the ETRBAC model,an access control component was developed, and its validity was verified through the application in enterprise.
Jorgušeski, L.; Litjens, R.; Zhiyi, C.; Nikookar, H.
Future wireless access systems will be characterized by their heterogeneity from technological point of view. It is envisaged that in certain areas end-users will have a choice between various radio accesses (RAs) such as e.g. classical cellular networks (GSM, UMTS, WiMAX, etc), WLAN hot-spots, or o
中大路 道彦; 一宮 正和; 向坊 隆一; 前田 清彦; 永田 敬
PNC made design studies on loop type FBR plants:a 600 MWe class in '91, and a 1300 MWe class in '93 both with the "head access" primary piping system. This paper focuses on the features of the smaller plant at first and afterwards on the extension to the larger one. The contents of the paper consist of R/V wall protection mechanism, primary piping circuit, secondary piping circuit, plant layout and then, discusses the extension of the applicability of the wall protection mechanism, primary pi...
Baggiolini, V; Jensen, S; Kostro, K; Risso, A; Trofimov, N N; SL
This paper presents the Remote Device Access (RDA) package developed at CERN in the framework of the joint PS/SL Controls Middleware project. The package design reflects the Accelerator Device Model in which devices, named entities in the control system, can be controlled via properties. RDA implements this model in a distributed environment with devices residing in servers that can run anywhere in the controls network. It provides a location-independent and reliable access to the devices from control programs. By invoking the device access methods, clients can read, write and subscribe to device property values. We describe the architecture and design of RDA its API, and CORBA-based implementations in Java and C++. First applications of RDA in the CERN accelerator control systems are described as well.
Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud...
For the purpose of secure cloud storage ,a secure cloud storage access control system scheme is proposed in this paper .In the scheme ,Linux and Hadoop are used to build the cloud platform .T he role-based access control method is employed to test identity and to access nonsensitive data . And the attribute encryption algorithm is applyed to encrypt/decrypt data .Experiment show s that this scheme can effectively ensure the integrity and confidentiality of data in the cloud storage .%为了达到安全云存储的目的，提出一种安全云存储的访问控制系统方案，该方案在Linux下使用Hadoop搭建云平台，并利用基于角色的访问控制方法进行用户身份的验证和非敏感数据的访问，采用属性加密算法对数据进行加解密操作。实验证明此方案能够有效保障云存储中数据的完整性和保密性。
In this work we suggest a meta access control model emulating established access control models by configuration and offering enhanced features like the delegation of rights, ego-centered roles, and decentralized administration. The suggested meta access control model is named \\'\\'Access Definition and Query Language\\'\\' (ADQL). ADQL is represented by a formal, context-free grammar allowing to express the targeted access control model, policies, facts, and access queries as a formal language.
学生宿舍门禁系统对于一个学校来说具有非常重要的作用。然而现状是好多学校还停留人工管理的最初阶段，这对于规模较小的学校来说还可以接受，但对于学生数量非常多，信息量也较庞大，并且需要记录存档的数据比较多的学校来说，人工管理是相当麻烦的。学生宿舍门禁系统采用的是计算机化管理，系统做的尽量人性化，使用者会感到操作非常方便。%Student dormitory access control system for a school with a very important role.However,the status quo is a lot of schools still remain the initial stages of the artificial management for smaller schools can also accept,but for the very large number of students,the amount of information than large,and the need to record the archived data more schools to labor management is rather cumbersome.Student dormitory access control system uses a computerized management system as humane,the user will feel very convenient to operate.
Wang, Liyuan; Guo, Ge
This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.
Franqueira, Virginia N.L.; Wieringa, Roel
Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of R
Cai, Weihong; Huang, Richeng; Hou, Xiaoli; Wei, Gang; Xiao, Shui; Chen, Yindong
Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.
许祖英; 赵金燕; 伍大明; 王锐刚
现有的射频卡门禁系统，采用的一般是RS 485等有线数据传输方式，这些传输方式存在布线困难、维护成本高等问题。为了克服上述缺点，基于PTR2000无线传输模块构建的智能小区门禁系统，采用无线传输方式代替有线传输方式，满足无线管制的要求且无需使用许可证，实现主控设备与PC机的信息交互。通过实际测试，采用20 Kb/s数据传输率，在有障碍物的情况下，无线通信模块PTR2000可在10 m范围内准确识别。该系统减少了施工难度，利于日后管理者对门禁系统的改造，实现了计算机对智能小区出入口的管理。%In existing access control system,the general wired data transmission is RS485. However,the transmission way has problems of wiring difficulties,high maintenance cost and so on. To overcome the disadvantages,an intelligent access con-trol system is established based on PTR2000 wireless transmission module,which use wireless transmission to replace wired transmission. The system can meet the requirements of wireless control without using license,and realize the information interac-tion between main control device and the PC machine. Through the actual test for PTR2000 module,when data transmission rate is 20 Kb/s and in the obstacle condition,it can accurately identify in 10 meters scopes. The system reduced the construc-tion difficulty,which is good for renovation of the access system for future managers. It also achieved the computer management of import and export of intelligent community.
邓伟; 刘暾东; 郑中杰
介绍了MFRC522射频模块的开发及在门禁监控系统中的应用。该射频模块提供UART和I^2C两种用户接口，同时模块具有天线识别距离大、操作接口易用等特点，极大地方便了客户在二次开发中的使用。目前，该模块已成功应用于某些高端小区和星级酒店的门禁监控系统中，具有较高的推广价值。%Development of MFRC522 radio frequency module and application of access control system are introduced in the paper. The RF module provides UART and I^2C bus user interfaces, and the module has features of large distance antenna identification , and easy to use operating interface. It is greatly convenient for customers application in secondary development. This module is now applied in access control system of some high-end residential and star hotels, showing high promotion value.
FU Jing-tuan; JI Hong; MAO Xu
Opportunistic spectrum access （OSA） is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access （CHMA） protocol,we introduce a hopping control channel medium access control （MAC） protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users＇ occupancy of the channel,we use a primary user （PU） detection model to calculate the channel availability for unlicensed users＇ access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.
S.M. Roychoudri; Dr. M. Aramudhan
Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has pr...
The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them
YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan
Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.
Full Text Available In this paper, an implementation of IEEE 1149.7 standard is used for designing Test Access Port (TAP Controller and testing of interconnects is done using boundary scan. By c-JTAG the pin count gets reduced which increases the performance and simplifies the connection between devices. TAP Controller is a synchronous Moore type finite state machine that is changed when the TMS and TCK signals of the test access port gets change. This controls the sequence operation of the circuitry conveyed by JTAG and c-JTAG. JTAGmainly used four pins with TAP and fifth pin is for optional use in Boundary scan. But c-JTAG uses only two pins with TAP. In this approach TDI and TDO gets multiplexed by using class T4 and T5 of c-JTAG. Various instructions are used for testing interconnects using IEEE 1149.7 standard (std.
This paper studies two fundamentally distinct approaches to opening a technology platform and their different impacts on innovation. One approach is to grant access to a platform and thereby open up markets for complementary components around the platform. Another approach is to give up control over the platform itself. Using data on 21 handheld computing systems (1990-2004), I find that granting greater levels of access to independent hardware developer firms produces up to a fivefold accele...
The problem of regulating access to XML documents has attracted much attention from both academic and industry communities.In existing approaches, the XML elements specified by access policies are either accessible or inac-cessible according to their sensitivity.However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible.This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them.The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations.CSchema language has a type system to guarantee the type correctness of the embedded calcula-tion expressions and moreover this type system also generates a security view after type checking a CSchema policy.Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies.These released documents are then ready tobe accessed by, for instance, XML query engines.By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.
Kaiser, Mary Elizabeth; Morris, Matthew J.; Aldoroty, Lauren Nicole; Godon, David; Pelton, Russell; McCandliss, Stephan R.; Kurucz, Robert L.; Kruk, Jeffrey W.; Rauscher, Bernard J.; Kimble, Randy A.; Wright, Edward L.; Benford, Dominic J.; Gardner, Jonathan P.; Feldman, Paul D.; Moos, H. Warren; Riess, Adam G.; Bohlin, Ralph; Deustua, Susana E.; Dixon, William Van Dyke; Sahnow, David J.; Lampton, Michael; Perlmutter, Saul
ACCESS: Absolute Color Calibration Experiment for Standard Stars is a series of rocket-borne sub-orbital missions and ground-based experiments designed to leverage significant technological advances in detectors, instruments, and the precision of the fundamental laboratory standards used to calibrate these instruments to enable improvements in the precision of the astrophysical flux scale through the transfer of laboratory absolute detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass.A cross wavelength calibration of the astrophysical flux scale to this level of precision over this broad a bandpass is relevant for the data used to probe fundamental astrophysical problems such as the SNeIa photometry based measurements used to constrain dark energy theories.We will describe the strategy for achieving this level of precision, the payload and calibration configuration, present sub-system test data, and the status and preliminary performance of the integration and test of the spectrograph and telescope. NASA APRA sounding rocket grant NNX14AH48G supports this work.
Mohammed, Alalelddin Fuad Yousif
This thesis project’s goal is to enable undergraduate students to gain insight into media access and control protocols based upon carrying out laboratory experiments. The educational goal is to de-mystifying radio and other link and physical layer communication technologies as the students can follow packets from the higher layers down through the physical layer and back up again. The thesis fills the gap between the existing documentation for the Universal Software Radio Peripheral (USRP) re...
This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi
In today's electronic learning environment, access to appropriate systems and data is of the utmost importance to students, faculty, and staff. Without proper access to the school's internal systems, teachers could be prevented from logging on to an online learning system and students might be unable to submit course work to an online…
姬东耀; 张福泰; 王育民
研究了利用密码技术实现多级安全系统中的访问控制的方法.提出了一个新的基于密钥分配的动态访问控制方案.其中的密钥分配方法是基于Rabin公钥体制和中国剩余定理的.在该方案中，系统中每一用户被赋于一个安全权限，具有较高安全权限的用户可以利用自己私有的秘密信息和公共信息导出具有较低安全权限的用户的密钥，而低权限用户则不能导出高权限用户的密钥，这样高权限用户可以读取和存储属于低权限用户的保密信息，而低权限用户则不能读取和存储属于高权限用户的保密信息.从而实现了利用密钥分配进行授权的访问控制.而且从系统中添加/删除一用户以及改变用户权限和改变用户密钥都无需变更整个系统.%Several multilevel access control schemes have been proposed. However, they all have one or all of the following drawbacks: 1) the users must store large amount of common information when the number of classes of users is large; 2) the system must be rebuilt when there is a need to add/delete a user class or to change the clearance of some user classes; and 3) it is difficult to change keys for the users. With the aim of overcoming these drawbacks, the problem of efficiently implementing authorized access control in multilevel security systems using cryptographic techniques is studied in this paper. A new dynamic access control scheme based on key distribution is proposed. In the scheme, each user is assigned a security clearance. The user in a higher security class can read and store information items that belong to users in a lower security class, but the opposite direction of this operation is infeasible. Hence, authorized access control through the use of this type of key distribution schemes can be implemented. The key distribution scheme is based on Rabin public key system and Chinese remainder theorem. It has the following advantages over the
Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi
A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an im......Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged...
Liu, Yiliang; Deng, Jinxia
In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.
杨亚平; 李伟琴; 刘怀宇
First, a theory of access control—role based access control was analyzed, and the characters and advantages of RBAC were discussed. Then, the infrastructure and implementary techniques of our own access control system based on this theory were given. This system can provide access control service for FTP、WWW、TELNET. Its framework is presented with some core components: access filter server(AFS), access control server (ACS) and role & authorization management server (RAS).These three servers have distinct functions, while communicating and cooperating with each other as an integrated system.Finally, an instance using this system was given.%首先介绍了基于角色的访问控制理论,讨论了其主要特征和优势,然后给出了一个以该理论为基础的访问控制系统的设计框架及实现技术.该系统可以为FTP、WWW 、TELNET提供访问控制服务.系统的总体结构分为：访问控制服务器、访问控制请求过滤器、角色及授权管理服务器，它们各司其职，协同服务，共同构成完整的访问控制系统.
李寒; 郭禾; 王宇新; 陆国际; 杨元生
访问控制是软件系统的重要安全机制,其目的在于确保系统资源的安全访问.针对多数遗产系统的访问控制不是基于角色的且其实现形式多样,提出了一种基于RBAC的访问控制策略集成方法.该方法将遗产系统中的权限映射为集成系统中的任务,能够在任务树和策略转换规则的基础上使用统一的形式重组访问控制策略.此外,该方法给出了一组用于实现后续授权操作的管理规则.案例分析表明,提出的方法是可行的,能够有效地集成遗产系统的访问控制策略,并将RBAC引入遗产系统的访问控制.%Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for software systems. As access control policies in legacy systems seldom based on roles are represented in various forms,an RBAC-based approach was proposed to integrate these access control policies. The approach maps permission of legacy systems to tasks of integrated system. Based on task trees and transformation rules of access control policy, various access control policies were reorganized in a unified form. Moreover, management rules were provided to achieve further authorization. A case study is demonstrated to depict the proposed approach is a feasible solution to integrate legacy access control policies and introduce RBAC into legacy systems.
Javaid, N.; Ahmad, A.; A. Rahim; Z.A. Khan; M. Ishfaq; Qasim, U.
Wireless Body Area Networks (WBANs) are widely used for applications such as modern health-care systems, where wireless sensors (nodes) monitor the parameter(s) of interest. Nodes are provided with limited battery power and battery power is dependent on radio activity. MAC protocols play a key role in controlling the radio activity. Therefore, we present Adaptive Medium Access Control (A-MAC) protocol for WBANs supported by linear programming models for the minimization of energy consumption ...
Çelik, Sönmez; Gürdal, Gültekin; Keten, Burcu; Türkfidanı, Ata; Kutlutürk, Levent
The Open Access movement is a social movement in academia, dedicated to the principle of open access - to information - sharing for the common good and is being supported by many scientists, publishers, and researchers in the world, today. The software that is used to operate the institutional archive systems which are the basis of the Open Access, are divided into two forms of some free open source software and paid package programs which were developed by some corporates. DSpace, whose firs...
Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan
Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.
Novacki, Stanley M., III
In order to accommodate the increasing number of computerized subsystems aboard today's more fuel efficient aircraft, the Boeing Co. has developed the DATAC (Digital Autonomous Terminal Access Control) bus to minimize the need for point-to-point wiring to interconnect these various systems, thereby reducing total aircraft weight and maintaining an economical flight configuration. The DATAC bus is essentially a local area network providing interconnections for any of the flight management and control systems aboard the aircraft. The task of developing a Bus Monitor Unit was broken down into four subtasks: (1) providing a hardware interface between the DATAC bus and the Z8000-based microcomputer system to be used as the bus monitor; (2) establishing a communication link between the Z8000 system and a CP/M-based computer system; (3) generation of data reduction and display software to output data to the console device; and (4) development of a DATAC Terminal Simulator to facilitate testing of the hardware and software which transfer data between the DATAC's bus and the operator's console in a near real time environment. These tasks are briefly discussed.
Mahmood Rajpoot, Qasim
that is suitable for video surveillance systems as well as other domains sharing similar requirements. As the currently dominant access control models – the role-based access control (RBAC) and the attribute-based access control (ABAC) – suffer from limitations while offering features complementary to each other...... while addressing the role- and permission-explosion issues faced in RBAC. Based on our access control model, we then present an access control mechanism for video surveillance systems. Contrary to the existing approaches, the proposed access control mechanism is role-oriented and retains advantages...... associated with role-based access control, yet it allows specification of policies using the metadata associated with the objects as well as the attributes of users and environment. In addition to role hierarchies, the content-based permissions in our model allow derivation of several permissions from...
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area...
Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching
With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access
孙科学; 洪櫆; 章康宁; 王星稚; 刘康
门禁系统作为目前物联网中发展应用较为成熟的产品，与物联网行业的发展密切相关。现在市场上的门禁系统有基于射频识别、指纹识别、密码识别等方式，但单一识别方式较为容易破解。文中设计综合了语音识别、指纹识别、无线数传与 GSM 网络通讯的联合检测门禁系统，系统中由语音识别与指纹识别完成身份认证，无线传输负责系统内通信， GSM 网络通讯作为向外界报警手段。针对系统整体结构，关键技术的开发过程，系统工作流程做了详细介绍，并对系统的双重认证，无线数传分体式设计，加密通信方式等特点进行了总结。提出并设计实现了一种将语音识别、指纹识别相结合的复合认证门禁系统。%Entrance guard system,as a mature product,is closely related to the development of the Internet of Things industry. Now the market includes entrance guard system based on RFID,fingerprint identification,password identification and so on,but the way is relative-ly easy to identify a single crack. The design proposes an integrated access control combined detection entrance guard system of speech recognition,fingerprint recognition,wireless data transmission and GSM network communications. In the system,the identity authentica-tion is done by speech recognition and fingerprint recognition,a wireless transmission system is responsible for communication,GSM net-work alarms to the outside world as a means of communication. In view of the overall system structure and key technology development process,the system working process is introduced in detail,and the system of dual certification,wireless digital separation design,encryp-tion communication characteristics are summarized. Present and design a dual authentication entrance guard system combined speech rec-ognition and fingerprint recognition.
Full Text Available How should an individual contribute to the public good? Conversely, how does the public help the individual? We should analyze and alleviate conflicts in community clouds. Covert channels in the access matrix are caused by conflicts between public values and a private sense of values. We cannot control the information leaks from the covert channels by using only access control. We believe that the community cloud system should emphasize harmony between public values and a private sense of values. We interpret the access matrix as follows: The acts of the individual are generalized and symbolized by an access matrix that describes the access operations of the subject. We propose a multiagent system embodying the concept of swarm intelligence to analyze the covert channels that arise. Each agent has a group target and an individual target. The group target and an individual target include targets for generation of access and restriction of access. The system does not have any principle of universal control. Instead, an agent’s interactions are guided by metaheuristics for achieving targets. The social order of the whole society is made from the agents’ interactions related to the group value target, group game target, an individual value target, and an individual game target. The conceptual framework and multiagent system presented here are intended to support people. If the covert channel problem can be solved, it will become possible for people to use community clouds safely.
Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg
, to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....
Leahu, M C; Avolio, G
The ATLAS experiment operates with a significant number of hardware and software resources. Their protection against misuse is an essential task to ensure a safe and optimal operation. To achieve this goal, the Role Based Access Control (RBAC) model has been chosen for its scalability, flexibility, ease of administration and usability from the lowest operating system level to the highest software application level. This paper presents the overall design of RBAC implementation in the ATLAS experiment and the enforcement solutions in different areas such as the system administration, control room desktops and the data acquisition software. The users and the roles are centrally managed using a directory service based on Lightweight Directory Access Protocol which is kept in synchronization with the human resources and IT datab
The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an
ZHANG Hong; HE YePing; SHI ZhiGuo
There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented,and the role is assigned a logical location domain to specify the spatial boundary.Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints,location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.
针对访问控制策略难以适应办公自动化系统中对访问权限控制的问题，提出了办公自动化系统中基于任务的访问控制模型，对其进行了形式化的描述，就一个典型的办公流程进行了模型化.%A new paradigm for access control and authorization management called task-based access controls(TBAC) is described to aim at the secure demand of documents processing in OA. The formalization expression of the paradigm as well as some samples application is given.
Deloose, I.; Pace, A.
The two CERN isotope separators named ISOLDE have been running on the new Personal Computer (PC) based control system since April 1992. The new architecture that makes heavy use of the commercial software and hardware of the PC market has been implemented on the 1700 geographically distributed control channels of the two separators and their experimental area. Eleven MSDOS Intel-based PCs with approximately 80 acquisition and control boards are used to access the equipment and are controlled from three PCs running Microsoft Windows used as consoles through a Novell Local Area Network. This paper describes the interesting solutions found and discusses the reduced programming workload and costs that have been obtained.
The 'Material Control and Surveillance for High Frequency Access Vaults' project sponsored by United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) focuses on enhancing nuclear materials control and surveillance in vaults that are frequently accessed. The focus of this effort is to improve materials control and accountability (MC and A) while decreasing the operational impact of these activities. Los Alamos and Y-12 have developed a testbed at the Los Alamos National Laboratory for evaluating and demonstrating integrated technologies for use in enhancing materials control and accountability in active nuclear material storage vaults. An update will be provided on the new systems demonstrated in the test-bed including a 'confirmatory cart' for expediting the performance of inventory and radio-frequency actuated video that demonstrates the concept of automated data entry for materials moving between MBA's. The United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) has sponsored a project where nuclear material inventory, control and surveillance systems are evaluated, developed, and demonstrated in an effort to provide technologies that reduce risk, increase material assurance, and provide cost-efficient alternatives to manpower-intensive physical inventory and surveillance approaches for working (high-frequency-access) vaults. This Fiscal Year has been largely focused on evaluating and developing components of two sub-systems that could be used either separately in nuclear material vaults or as part of a larger integrated system for nuclear materials accountability, control and surveillance.
介绍了基于角色的访问控制(Role-Based Access Control,RBAC)模型的理论基础与特点,并根据轻量级应用的需要设计并实现了一个具有一定可重用性的访问控制模型系统,为相关系统的设计提供了应用范例.
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas; Pichardie, David
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operation...
王俊; 贾连兴; 姚海潮; 何建平
访问控制技术能够有效避免对数据的非法访问,增强对用户行为的管理.依托分布式并行文件系统GlusterFS,结合RBAC思想,设计了一个文件级分布式安全访问控制系统—Distributed Secure Access Control System(DSAS).重点研究了存储系统中RBAC机制的实现方法,提出了基于角色证书的用户身份验证及角色授权机制.测试结果表明,DSAS系统在满足数据安全性需求的同时,同样能够较好地满足存储系统性能需求.%Access control technology can effectively avoid the unauthorized access for data and strengthen the management to the customer behavior. Depended on the distributed parallel file system GlusterFS and combined with the principles of RBAC, this paper designed a file level Distributed Secure Access Control System(DSAS), mainly studied the carrying out of RBAC mechanism method in the storage system, put forward customer identity verification and role authorization mechanism based on the role credential. Test results illustrated that DSAS system can be well fulfill the need for data reliability and security and the need for storage system performance.
庞希愚; 王成; 仝春玲
The access control requirements of Web application system and the shortcomings in Web application system with Role-based Access Control(RBAC) model are analyzed, a fundamental idea of access control based on role-function model is proposed and its implementation details are discussed. Based on naturally formed Web page organization structure according to the business function requirements of the system and access control requirements of users, business functions of pages are partitioned in bottom menu in order to form the basic unit of permissions configuration. Through configuring the relation between user, role, page, menu, function to control user access to system resources such as Web page, the html element and operation in the page. Through the practical application of scientific research management system in Shandong Jiaotong University, application shows that implementation of access control in the page and menu to achieve business function, can well meet the enterprise requirements for user access control of Web system. It has the advantages of simple operation, strong versatility, and effectively reduces the workload of Web system development.%分析现有基于角色的访问控制模型在Web应用系统中的不足，提出一种基于角色-功能模型的用户访问控制方法，并对其具体的实现进行讨论。以系统业务功能需求自然形成的Web页面组织结构和用户访问控制需求为基础，划分最底层菜单中页面实现的业务功能，以业务功能作为权限配置的基本单位，通过配置用户、角色、页面、菜单、功能之间的关系，控制用户对页面、页面中所包含的html元素及其操作等Web系统资源的访问。在山东交通学院科研管理系统中的实际应用结果表明，该方法在菜单及页面实现的业务功能上实施访问控制，可使Web系统用户访问控制较好地满足用户要求，有效降低Web系统开发的工作量。
LONG Tao; HONG Fan; WU Chi; SUN Ling-li
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.
The enormous growth of the Internet during the last decade offers new means to share and distribute both information and data. In Industry, this results in a rapprochement of the production facilities, i.e. their Process Control and Automation Systems, and the data warehouses. At CERN, the Internet opens the possibility to monitor and even control (parts of) the LHC and its four experiments remotely from anywhere in the world. However, the adoption of standard IT technologies to Distributed Process Control and Automation Systems exposes inherent vulnerabilities to the world. The Teststand On Control System Security at CERN (TOCSSiC) is dedicated to explore the vulnerabilities of arbitrary Commercial-Of-The-Shelf hardware devices connected to standard Ethernet. As such, TOCSSiC should discover their vulnerabilities, point out areas of lack of security, and address areas of improvement which can then be confidentially communicated to manufacturers. This paper points out risks of accessing the Control and Automa...
Jacobs, Barry E.
The Distributed Access View Integrated Database (DAVID) System, which was adopted by the Astrophysics Division for their Astrophysics Data System, is a solution to the system heterogeneity problem. The heterogeneous components of the Astrophysics problem is outlined. The Library and Library Consortium levels of the DAVID approach are described. The 'books' and 'kits' level is discussed. The Universal Object Typer Management System level is described. The relation of the DAVID project with the Small Business Innovative Research (SBIR) program is explained.
张晶; 杨国林; 萨智海
针对现有访问控制模型在工作流系统安全方面存在的不足,提出一种基于角色和任务的工作流访问控制管理模型(ATRBAC).该模型将ARBAC模型中的管理思想融入TRBAC模型,并引入管理员及管理权限,同时对管理员实行层次管理,解决了系统管理员的权限过大而产生的隐患,加强了系统的安全性.%To overcome the weaknesses of security existing in the old access control models of workflow systems,a new model called Administrative Model for Task-Role Based Access Control (ATRBAC) is presented in this paper.In this model the administrative idea of ARBAC (Administrative Model for Role Based Access Control) is integrated into the TRBAC (Task-Role Based Access Control) through adding administrator and administrative privilege.By applying hierarchical management on administrators, the hidden risk caused by the excessive privileges of system administrator is solved, and the security of workflow system is further strengthened.
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Javaenabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for...
门禁系统是智能建筑区必备设施,可对建筑区提供安全防护、自动调控等多方面功能.指纹识别系统是人工智能改造的新系统,为门禁系统自动识别提供了科技化措施.本文分析了智能建筑发展趋势及指纹识别系统的基本构成,介绍了智能建筑门禁系统自动化识别技术的应用方法.%The access control system of intelligent building is a necessary facility, which provides security protection, automatic control and so on. Fingerprint identification system is a new artificial intelligence system, providing technological measures for the automatic identification of access control system. This paper analyzes the development trend of intelligent building and the basic structure of fingerprint identification system, introduces the application of automatic recognition technology in intelligent building access control system.
Oh Sang-heon; Kim Seung-pum; Hwang Dong-hwan; Park Chan-sik; Lee Sang-jeong
The Automatic Identification System (AIS) is a maritime equipment to allow an efficient exchange of the navigational data between ships and between ships and shore stations. It utilizes a channel access algorithm which can quickly resolve conflicts without any intervention from control stations. In this paper, a design of channel access algorithm for the AIS is presented. The input/output relationship of each access algorithm module is defined by drawing the state transition diagram, dataflow diagram and flowchart based on the technical standard, ITU-R M.1371. In order to verify the designed channel access algorithm, the simulator was developed using the C/C++ programming language. The results show that the proposed channel access algorithm can properly allocate transmission slots and meet the operational performance requirements specified by the technical standard.
Pawelczak, P.; Pollin, S.; So, H.-S.W.; Bahai, A.R.S.; Prasad, R.V.; Hekmat, R.
In this paper, different control channel (CC) implementations for multichannel medium access control (MAC) algorithms are compared and analyzed in the context of opportunistic spectrum access (OSA) as a function of spectrum-sensing performance and licensed user activity. The analysis is based on a d
熊雄; 王福喜; 左海洋
To solve the access control problem about multi-level & multi-domain information system, a method based on security level access control model is proposed after analyzing complex information system. The experimental result has proved that the access control model has achieved the predetermined goal that it can set the security level according to kinds of factors of multi-level & multi-domain information system and then control the access by the comparison of security level. And it is easier to deploy on multi-level & multi-domain information system, reacts more rapidly for change of authority, and limits the flow of unsafe information for access control model based on security level comparing with other ordinary ones.%针对常用的访问控制模型不能很好地解决多级多域信息系统的访问控制问题,分析了多级多域信息系统的结构特征,提出并实现了一种基于安全级别的访问控制模型.实验结果表明,该访问控制模型达到了预定的目标,可以针对多级多域信息系统的各要素分别进行安全级别设定,通过对安全级别的比较进行访问控制.基于安全级别的访问控制模型相对常用的访问控制模型,具有在多级多域信息系统上更容易部署、对权限的变更反应更为迅速,并且能够限制不安全的信息流动等特点.
OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data
Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;
Flexibility is an important property for general access control system and especially in the Internet of Things (IoT), which can be achieved by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has...... no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...
Valentini, F; Ninin, P; Scibile, S
In the domain of Safety Real-Time Systems the problem of testing represents always a big effort in terms of time, costs and efficiency to guarantee an adequate coverage degree. Exhaustive tests may, in fact, not be practicable for large and distributed systems. This paper describes the testing process followed during the validation of the CERN's LHC Access System , responsible for monitoring and preventing physical risks for the personnel accessing the underground areas. In the paper we also present a novel strategy for the testing problem, intended to drastically reduce the time for the test patterns generation and execution. In particular, we propose a methodology for blackbox testing that relies on the application of Model Checking techniques. Model Checking is a formal method from computer science, commonly adopted to prove correctness of systemâs models through an automatic systemâs state space exploration against some property formulas.
Since Role-based access control shows great advantage in meeting the security need in large-scale, enter-prise-wide system, RBAC becomes the hot topic in access control research area. Researchers have proposed severalRBAC models, which include the famous RBAC96 model. However, these frameworks are sometimes hard for sys-tem developers to understand because the models defined are too abstract or focus on application-oriented solutions.In this paper, a new model (OSRBAC)is discussed, which is the improved model to RBAC3 model in RBAC96 modelfamily. Compared with RBAC3 model, OSRBAC model is more concrete and easilier to understand. At the end, thispaper describes the implementation of OSRBAC model in RedFlag Secure Operating System(RFSOS).
Spring Security ACL is an access control security framework, it can control all kinds of resource authority. This article introduces the concept and mechanism of Spring Security ACL, at the same time describes the implementation and process of Spring Security ACL security framework by example.%Spring Security ACL是一个权限访问控制框架,主要用采控制各种资源的访问权限.本文讲述Spring Security ACL的机制原理和理论研究,同时也通过一个简单的权限控制实现的例子演示Spring Security ACL的安全框架的实现方法和过程.
Sedghi, Saeed; Hartel, Pieter; Jonker, Willem; Nikova, Svetla; Bao, Feng; Weng, Jian
Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean som
Saffarian, Mohsen; Tang, Qiang; Jonker, Willem; Hartel, Pieter
The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,
HONG Fan; ZHU Xian; XING Guanglin
Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.
Mo, Zijian; Wang, Zhonghai; Xiang, Xingyu; Wang, Gang; Chen, Genshe; Nguyen, Tien; Pham, Khanh; Blasch, Erik
Satellite Control Networks (SCN) have provided launch control for space lift vehicles; tracking, telemetry and commanding (TTC) for on-orbit satellites; and, test support for space experiments since the 1960s. Currently, SCNs encounter a new challenge: how to maintain the high reliability of services when sharing the spectrum with emerging commercial services. To achieve this goal, the capability of multiple satellites reception is deserved as an update/modernization of SCN in the future. In this paper, we conducts an investigation of multiple access techniques in SCN scenario, e.g., frequency division multiple access (FDMA) and coded division multiple access (CDMA). First, we introduce two upgrade options of SCN based on FDMA and CDMA techniques. Correspondingly, we also provide their performance analysis, especially the system improvement in spectrum efficiency and interference mitigation. Finally, to determine the optimum upgrade option, this work uses CRISP, i.e., Cost, Risk, Installation, Supportability and Performance, as the baseline approach for a comprehensive trade study of these two options. Extensive numerical and simulation results are presented to illustrate the theoretical development.
Kleiner, Eldar; Newcomb, Tom
An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisation of access control presented a model and a safety specification for which satisfaction is undecida...
Full Text Available the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC, and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Baldini, Gianmarco; NAI-FOVINO Igor; Trombetta, Alberto; Braghin, Stefano
Cognitive Radio (CR) is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio (CR) technology can be used in innovative spectrum management approaches like spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various...
Zhou, Liang; Zheng, Baoyu; Geller, Benoit; Wei, Anne; Xu, Shan; Li, Yajun
In this paper, we address the rate control, the Medium Access Control (MAC) and the routing problem for cooperative Vehicular Ad-Hoc Network (VANET) in the framework of cross-layer design. At first, we introduce the cooperative communication conception to VANET, and propose an opportunistic cooperation strategy to improve the system performance. And then, we develop a cross-layer solution which consists of the link capacity detection with adjusting persistence probability at the MAC Layer, th...
胡罗凯; 陈旭; 柴新; 应时
提出一种基于多本体体系的语义Web服务访问控制方法.首先,基于分布式描述逻辑DDL,刻画了一种基于桥接本体的跨域多本体体系,它为语义Web服务的访问控制提供了知识库；其次,在基于语义的访问控制方法基础上,给出了适用于语义Web服务的访问控制模型；最后,设计了基于多本体体系的语义Web服务访问控制方法及其体系结构,并给出了该方法的案例应用.在语义Web服务的访问控制方法中,基于桥接本体的跨域多本体体系既为 各安全域的语义模型提供了语义关联,又保证了各安全域中语义表示的隐私性.%A multi-ontology system based access control approach for semantic Web services was proposed First, a bridge ontology based cross-domain multi-ontology system (CDMOS), which provides a semantic model for access control of Semantic Web Service, was presented based on the distributed description logic (DDL). Secondly,on the basis of semantic access control technology, the access control model for semantic Web service was given. Finally, this paper gave the architecture of multi-ontology system based access control approach for semantic Web service and the case study of this approach. In the access control for semantic Web service,CDMOS not only provides the semantic mapping for the semantic model of security domains, but also ensures the semantic independence among the security domains.
Li, F; Rahulamathavan, Y.; Conti, M.; Rajarajan, M.
Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not su...
Asakura, Yoshiharu; Nakamoto, Yukikazu
Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.
熊海涛; 蒋承睿; 任宇峰; 贾攀
For safety authorization to proper security knowledge in mine security knowledge management system and reliable changing of authorization according to users′ history access,the reputation-based access control (ReBAC) is proposed,which extends role-based access control (RBAC) with reputation.ReBAC builds 6-tuple permissions firstly.Then,the trust network is constructed by the operational relation between users for calculating direct-reputation and indirect-reputation.After that,ReBAC uses reputation to check if the user can access this security knowledge and give permissions to reliable users.The result shows that ReBAC can provide safety and reliable access control in mine security knowledge management system.%为保证矿山安全知识管理系统中安全知识的安全授权,同时保证授权能够根据用户历史行为进行变更,在基于角色的访问控制模型基础上引入了信誉,提出了基于信誉的访问控制模型.该模型构造了权限六元组,通过用户间的操作关系建立信任网络,然后计算直接信誉和间接信誉,从而来判断用户是否可对知识进行操作进行授权.结果表明,基于信誉的访问控制模型能够对矿山安全知识管理系统中的安全知识实现安全和可靠的访问控制.
访问控制是信息安全的一个重要保障。在介绍RBAC模型的基础上，根据考务管理系统中用户职责，规定用户访问权限，定义考务管理系统中的角色及其对应的权限，阐述RBAC在考务管理系统中的应用，为考务管理系统的访问控制安全提供一种思路。%Access control is an important guarantee of information security. Based on the analysis of RBAC model, according to the user's responsi-bility in the examination management system, stipulates the user's access right, defines the role of examination management system, as-signs the role of authority. Illustrates the application of RBAC in the examination management system, for the examination management system of access control security provides a train of thought.
TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming
This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.
Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;
Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... the Capability-based Context Aware Access Control (CCAAC) model including the authority delegation method, along with specification and protocol evaluation intended for federated Machine-to-Machine (M2M)/IoT. By using the identity and capability-based access control approach together with the contextual...
云计算是不同计算实体的结合,电子相连,分布在世界各地.随着云计算的地理位置朝着分散服务器机房联合的方向发展,伴随着大量的安全问题.例如虚拟化安全,应用安全,身份管理,访问控制和虚拟身份认证等.尽管如此,虚拟身份认证是云计算最重要的需求,用来限制非法访问云服务器.本文提出了一种虚拟身份认证的算法,只有用户的合法性经强验证核实才能接入云.该算法提供了身份管理互相认证,用户建立会话密钥等.安全性分析实现了云计算建议算法的可行性和实现效率.%Cloud computing is a combination of different computational entities, connected to the electronic, located around the world.With geographically dispersed server room joint in the direction of cloud development, accompanied by a large number of security issues.Such as virtualization, security, application security, identity management, access control and virtual identity authentication, and so on.Nevertheless, virtual identity is the most important cloud computing needs to limit illegal access to the cloud server.This article presents an algorithm for virtual identity authentication, only users with strong verification of the legality of the cloud.The algorithm provides mutual authentication of identity management, user session keys, and so on.Security analysis of cloud computing recommends that the feasibility and efficiency of the algorithm.
Full Text Available Social networks bring together users in a virtual platform and offer them the ability to share -within the Community- personal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information, privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work.
Large Hadron Collider (LHC) is the largest scientific instrument ever created. It was built with the intention of testing the most extreme conditions of the matter. Taking into account the significant dangers of LHC operations, European Organization for Nuclear Research (CERN) has developed multi-pronged approach for machine safety, including access control system. This system is based on role-based access control (RBAC) concept. It was designed to protect from accidental and unauthorized access to the LHC and injector equipment. This paper introduces the new model of the role-based access control developed at CERN and gives detailed mathematical description of it. We propose a new technique called dynamic authorization that allows deploying RBAC gradually in the large systems. Moreover, we show how the protection for the very large distributed equipment control system may be implemented in efficient way. This paper also describes motivation of the project, requirements and overview of the main components: au...
Tso, Kam S.; Pajevski, Michael J.
Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers
Raimundas Matulevičius; Henri Lakk
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering app...
Full Text Available Biometrics is the science of measuring and analyzing biological data. It is used to uniquely identify individuals by their physical characteristics or personal behavior traits.The results from scrutiny of various themes including unimodal, multimodal, physiological, behavioural bio-metrics. Bio-metrics, Physiological and behavioural are compared in the review. The article addresses a particular aspect of utilizing biometrics for authentication, identification and access control. The use of systems like fingerprint, face recognition, hand geometry, Palm print, DNA analysis, iris recognition, retina and odour/scent will be dealt with herewith. This study deals with various applications of this technology, like surveillance, employee identification, device access etc with mentions respective of hardware used. The influence of such features is yet to be documented properly, but it is safe to say that it has been a huge step towards better information security and identification control.Over the course of this text, we will try to bring to light our analysis of the subject and provide an in-depth examination of contemporary and futuristic technologies pertaining to this field.
Campbell, William J.
The objective of this research is to develop technology for the automated characterization and interactive retrieval and visualization of very large, complex scientific data sets. Technologies will be developed for the following specific areas: (1) rapidly archiving data sets; (2) automatically characterizing and labeling data in near real-time; (3) providing users with the ability to browse contents of databases efficiently and effectively; (4) providing users with the ability to access and retrieve system independent data sets electronically; and (5) automatically alerting scientists to anomalies detected in data.
Alstone, Peter; Gershenson, Dimitry; Kammen, Daniel M.
Innovative approaches are needed to address the needs of the 1.3 billion people lacking electricity, while simultaneously transitioning to a decarbonized energy system. With particular focus on the energy needs of the underserved, we present an analytic and conceptual framework that clarifies the heterogeneous continuum of centralized on-grid electricity, autonomous mini- or community grids, and distributed, individual energy services. A historical analysis shows that the present day is a unique moment in the history of electrification where decentralized energy networks are rapidly spreading, based on super-efficient end-use appliances and low-cost photovoltaics. We document how this evolution is supported by critical and widely available information technologies, particularly mobile phones and virtual financial services. These disruptive technology systems can rapidly increase access to basic electricity services and directly inform the emerging Sustainable Development Goals for quality of life, while simultaneously driving action towards low-carbon, Earth-sustaining, inclusive energy systems.
Mur Escartín, Olga
The thesis consist in the study and evaluation of different methods for face recognition. The final objective is to select the most suitable techniques for face detection and recognition. Some of these techniques will be intergrated in a real time demontrator which will be a preliminary prototype that will have to work in controlled conditions (for ilumination and pose) and with reduced databases. The demonstrator will be done in Matlab and the main image acquisition rotines and face detectio...
P. L. Wessels
Full Text Available One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.
With enlargement of the enterprise's size and improvement of the informatzation level, more and more enterprises adopt information system to enhance their competing ability. To solve the problem of dynamic control on the user's authorization, an access control mechanism based on trust is proposed. Based on the evaluation of the user's trust degree the user in its access to the enterprise information system is dynamically authorized and controlled, thus the security of the enterprise information system improved.%随着企业规模的不断扩大及信息化水平的不断提高，越来越多的企业采用信息系统提升其竞争力。针对企业信息系统不能对访问用户进行动态授权的问题，文中提出了一种基于信任的企业信息系统访问控制机制，根据用户行为对用户信任度进行评估，参照用户信任度对用户进行动态授权，对访问企业信息系统的用户权限进行动态控制，提高了企业信息系统的安全性。
... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... establish, document, and maintain a system of risk management controls and supervisory procedures that... develop, test, and implement the relevant risk management controls and supervisory procedures...
Carmem Lúcia Batista
Recently, in November 2011, it was published the law on access to public information, legal and historic mark in the struggle for human rights in Brazil. This achievement is the result of a process marked by denial of access to public archives, as it was the case of the Araguaia Guerrilla, valuing the culture of secrecy, abuse of power and relations between public and private in Brazil. Thus, the aim of this paper is to present a brief history about the control of access to public information...
Stieghahn, Michael; Engel, Thomas
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for exa...
With the wide use of Windows 7, the UI designing of application software based on the Windows platform is more and more important. Consider the operating experience, knowledge background and sense in use of software by users, the UI design of access control management system that adapted to the users' logic makes it possible using software applications simply and efficiently by users. A kind of human-computer interaction,the operation logic,the integral design of the interface aesthetics of access control management system were discussed in this thesis, including the design principles and programming implementation, Especially focusing on the interface programming of Visual C++and the framework realization of the MFC class library of access control management system.%由于Windows7的广泛使用，基于Windows平台应用软件的UI设计越发显得重要，考虑用户在软件操作过程中的感受、使用背景和经验，符合用户使用逻辑的UI设计使得用户简单高效的使用门禁管理软件成为可能。讨论一种门禁控制管理系统的人机交互、操作逻辑、界面美观相关的整体设计，主要内容包含设计原则和编程实现，重点对门禁系统基于Visual C++编程工具和MFC类库的界面框架的实现进行了详细讨论。
Full Text Available Threshold ramp secret sharing schemes are designed so that (i certain subsets of shares have no information about the secret, (ii some subsets have partial information about the secret and (iii some subsets have complete information to recover the secret. However most of the ramp schemes in present literature do not control the leakage of information in partial access sets, due to which the information acquired by these sets is devoid of structure and not useful for fine-grained access control. Through a non-perfect secret sharing scheme called MIX-SPLIT, an encoding methodology for controlling the leakage in partial access sets is proposed and this is used for fine-grained access to binary strings. The ramp code generated using MIX-SPLIT requires a much smaller share size of O(n, as compared to Shamir's ramp adaptation which incurs a share size of atleast O(n2 for the same multi-access structure. The proposed ramp code is finally applied towards the protection and fine-grained access of industrial design drawings.
刘武; 段海新; 张洪; 任萍; 吴建平
访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.
In this thesis we wanted to present the project that was made for a smaller hotel in Nova Gorica. The goal was to create an application for managing access control according to customer's wishes as well as to introduce the system into the existent infrastructure. The first step was to define what access control actually means. In broad terms it is divided into RFID – radio-frequency identification and biometric identification. Both have their strengths and their weaknesses. Next step was choo...
随着网络技术的进一步发展，Web服务（Web Services）技术逐渐被应用于各类管理系统中，Web服务本身具有组件模型无关性、平台无关性、编程语言无关性的优良特性，使得Web服务可以用于系统的集成。本文着重介绍一种基于Web服务的学生公寓门禁管理系统，从系统结构、系统设计模式、Web服务关键性技术等方面阐释系统的设计，构建于Web服务基础上的学生公寓门禁管理系统的数据能够被其它应用系统直接调用，用于高校信息系统集成化建设。%With the in-depth development of network technology, web services technology is gradually applied to vari-ous types of management systems. Web services can be used for the integration of the system due to the excellent characteristics of its own component model-independent, platform independent, programming language independence. In this paper, a kind of access control management system is designed for student apartments based on web services;the system design is illustrated with system architecture, system design patterns and web services critical technology. The data of building the students the apartment access control management system based on web services can be directly transferred by other applying system and applied for the other applications with the construction of university information systems integration.
According to the present problems in the transportation coach overload, a design of intelligent overload system of no-human consumption is presented. Using differential pressure sensor to distinguish the number of up-and-down is counted. When passengers number have been equal to capacity, there would be a warning signal and voice reminders, and the interior door would unlock immediately. If someone continue to get on, the door should shut down automatically to prevent overload,and realizing intelligent process control. Experiments show that the system is valuable or alleviating the pressure of traffic control and ensuring traffic safety.%针对目前交通运输中客车超载问题,提出一种无人力消耗的智能防超载系统.采用压差式传感嚣实现上下人数的判别和计数.当乘客达到车载客量时,发出报警信号和语音提醒,同时解锁防超载门,如果继续有人上车,防超载门立即关闭,达到阻止超员效果,从而实现智能化的过程控制.实验表明,该系统对减缳交通控制压力、保证交通安全等方面有一定的实用价值.
智能门禁系统基于TCP／IP技术，通过门磁设备反馈门锁的开闭状态，采用控制器实现远程开关门锁。与一卡通系统整合，通过卡片授权刷卡开门实现一体化管理，与教务系统排课模块整合实现门锁按照课表定制自动开启与关闭时间．与短信系统整合实现门锁异常状态短信报警。智能门禁系统的实现，是实现智能校园、智慧校园的重要步骤，通过系统的实施，重构了课室管理的业务流程，使管理工作从更人性化，更能符合高校管理业务的需要。%Intelligent access control system, based on TCP/IP technology, feedbacks the state of classrooms' doors by magnetic equip- ment, uses the controller to lock and unlock the doors remotely. The system can be integrated with the campus card system, curricu- lum scheduling module of educational management system and SMS system, can achieve integrated management by the method of card authorization, can achieve the switching time to lock and unlock the doors in accordance with curriculum, and send alarm mes- sages in the case of abnormal states. The implementation of intelligent access control system is an important step of smart campus and the business of classroom management can be reconstructed, makes the management more humane, can better meet the needs of campus business.
利用红外线传感器、指纹采集系统、摄像装置及LED数码管等器件，设计了红外热感指纹可视化门禁系统。它是利用红外热感装置感受光线及温度的变化，感光元件将实时光线信号值给控制电路，控制电路根据信号值，将会锁定LED人体感应开关，当人体通过该装置时，经过一系列电路处理，输出控制信号，从而自动打开或关闭摄像装置，以达到可视化目的，该系统以其设置和操作简洁、功能卓越等优点具有很大的发展空间和实用价值。%Using infrared sensors, the fingerprint acquisition system, cameras and LED digital tube, such as device design Infrared thermal fingerprint visualization entrance guard system.It uses the infrared thermal device to feel light and temperature ’s change. The sensor send the real-time ray signal to control circuit, which will lock LED human body induction switch according to the signal value.The control signal can be output when the human body go through the device with using a series of circuit processing,which can open or close automatically camera device in order to achieve visual purposes.The system has very big development space and practical value because of its the advantages of settings and simple operation, functional excellence.
Most telecommunication operators are currently deciding on how to respond to customers' needs stimulated by the synergy between compression coding of multimedia and the emergence of broadband digital networks. This paper describes a range of broadband access architectures under consideration in the full services access network initiative. All architectures have a common requirement for a broadband ATM PON. A common broadband PON applicable to many operators increases the world-wide market for the product. With greater production volumes manufacturers' costs reduce because of the experience curve effect making broadband access systems economic.
The Ground Control System contributes to the safe construction and operation of the subsurface facility, including accesses and waste emplacement drifts, by maintaining the configuration and stability of the openings during construction, development, emplacement, and caretaker modes for the duration of preclosure repository life. The Ground Control System consists of ground support structures installed within the subsurface excavated openings, any reinforcement made to the rock surrounding the opening, and inverts if designed as an integral part of the system. The Ground Control System maintains stability for the range of geologic conditions expected at the repository and for all expected loading conditions, including in situ rock, construction, operation, thermal, and seismic loads. The system maintains the size and geometry of operating envelopes for all openings, including alcoves, accesses, and emplacement drifts. The system provides for the installation and operation of sensors and equipment for any required inspection and monitoring. In addition, the Ground Control System provides protection against rockfall for all subsurface personnel, equipment, and the engineered barrier system, including the waste package during the preclosure period. The Ground Control System uses materials that are sufficiently maintainable and that retain the necessary engineering properties for the anticipated conditions of the preclosure service life. These materials are also compatible with postclosure waste isolation performance requirements of the repository. The Ground Control System interfaces with the Subsurface Facility System for operating envelopes, drift orientation, and excavated opening dimensions, Emplacement Drift System for material compatibility, Monitored Geologic Repository Operations Monitoring and Control System for ground control instrument readings, Waste Emplacement/Retrieval System to support waste emplacement operations, and the Subsurface Excavation System
Full Text Available Privacy preservation is a crucial problem in resource sharing and collaborating among multi-domains. Based on this problem, we propose a role-based access control model for privacy preservation. This scheme avoided the privacy leakage of resources while implementing access control, and it has the advantage of lower communication overhead. We demonstrate this scheme meets the IND-CCA2 semantic security by using random oracle. The simulation result shows this scheme has better execution efficiency and application effects.
Zhang, Xuanping; Bullard, Kai McKeever; Gregg, Edward W.; Beckles, Gloria L.; Williams, Desmond E.; Barker, Lawrence E; Albright, Ann L.; Imperatore, Giuseppina
OBJECTIVE To examine the relationship between access to health care and diabetes control. RESEARCH DESIGN AND METHODS Using data from the National Health and Nutrition Examination Survey, 1999–2008, we identified 1,221 U.S. adults (age 18–64 years) with self-reported diabetes. Access was measured by current health insurance coverage, number of times health care was received over the past year, and routine place to go for health care. Diabetes control measures included the proportion of people...
Full Text Available Providing access control for published XML documents on the Web is an important topic. It involves the use of cryptographic techniques, addressing different requirements and, as a result, facing several challenges. Existing solutions still have some weaknesses such as system update cost, number of required secret encryption/decryption keys, size of encrypted document and supporting temporal and delegable access. This study propose a push--based access control policy enforcement mechanism for addressing these issues using a Dynamic Key Management Table (DKMT and based on Identity Based Encryption (IBE. The proposed mechanism addresses the existing challenges and provides a more acceptable solution.
Full Text Available The relationship between users and resources is dyn amic in the cloud, and service providers and users are typically not in the same security do main. Identity-based security (e.g., discretionary or mandatory access control models c annot be used in an open cloud computing environment, where each resource node may not be fa miliar, or even do not know each other. Users are normally identified by their attributes o r characteristics and not by predefined identities. There is often a need for a dynamic acc ess control mechanism to achieve cross- domain authentication. In this paper, we will focus on the following three broad categories of access control models for cloud computing: (1 Role -based models; (2 Attribute-based encryption models and (3 Multi-tenancy models. We will review the existing literature on each of the above access control models and their varian ts (technical approaches, characteristics, applicability, pros and cons, and identify future research directions for developing access control models for cloud computing environments .
-friendly access to large volume of data and means to visualize and extract selected data as per need. The software requires a minimum of computing expertise as it is controlled by a system of `pull down' menus, backed up by a context-sensitive system...
vanDellen, Michelle R.; Hoyle, Rick H.
The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...
陈卓; 骆婷; 石磊; 洪帆
Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.
With the information technology in power system is ceaseless and thorough application, network security has become the important factor in relation to the country people's livelihood, in order to further realize the security requirements the country request of the Power Grid Corp, and to ensure the safe and stable operation of power system information network, deploys the compre- hensive network access control system, and it is contribute to give a comprehensive solution for the information security problem of power grid, such as to illegal terminal random access net-work, legitimate users from unauthorized access service system, illegal connection, ARP attack, as well as safety measures difficult to realize, to ensure safe production.%随着信息化在电网的不断深入应用，电网安全已成为关系国家民生的重要因素，为进一步落实国家对电网公司的安全要求，确保电网信息网络的安全稳定运行，部署全面的网络准入控制系统，有助于全面解决非法终端随意接入网络，合法用户越权访问业务系统，非法外联，ARP攻击，以及安全管理措施难以落实等电网信息安全问题，为电网安全生产提供保障。
ZHANG Shaomin; WANG Baoyi; ZHOU Lihua
PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
Antonopoulos, Nick; Koukoumpetsos, Kyriakos; Shafarenko, Alex
Discusses the mobile software agent paradigm that provides a foundation for the development of high performance distributed applications and presents a simple, distributed access control architecture based on the concept of distributed, active authorization entities (lock cells), any combination of which can be referenced by an agent to provide…
Dekker, M.A.C.; Etalle, S.; Gadducci, F.
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acce
Dekker, M.A.C.; Etalle, S.
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acc
Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.
In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures-having in this case...
刘勇; 陈祈邦; 巫辉东
The radio frequency identification is a kind of new-type automatic identification technology.It has more dependability characteristic such as being strong reliability,convenient and swift privacy.This design is the entrance guard system based on RFUD technology,the advantage of the characteristics of the non-contact wireless identification,To automatically identify radio frequency ID card,and automatically open the door,Theaccesscontrolfrompassive defenseto activesurveillance,greatly improvingthe efficiencyof the traditionallockand security.This paper introduces theprinciple and themain characteristics ofradio frequency identification technology and develops the gate-ban monitoring system integrated with the gate controlling,alarming and monitoring.%射频识别技术是一种新型自动识别技术，具有可靠性高、保密性强、方便快捷等特点。本设计是基于RFID技术的门禁系统，利用其非接触式无线识别的特点，能够对射频ID卡进行自动识别，并通过密码校验实现自动开启门锁，将门禁的控制从被动防守变为主动监控，极大提高了传统开锁的效率和安全性。文中介绍了射频识别原理及其主要特点，并在射频识别系统基础上开发研制了集门禁控制、报警、监控为一体的门禁监控管理系统。
杜炤; 刘婷; 刘奇峰
As the network platform to support the collaboration in teaching,research and management activities of students,teachers and staff members of colleges and universities,campus social network system has gained increasing popularity and is becoming an important part of the digital campus.In order to combine campus social network system more closely with the ERP system of colleges and universities,in this paper,an access control model for business applications in campus social network system was designed and implemented based on role-based access control model,which also supports effective time for authorization,hierarchical authorization and permission delegation.With this model,campus social network system is expected to provide more flexible,convenient and thoughtful information services for students,teachers and staff members.%作为支持高校师生员工进行教学、科研和管理中的协作型活动的网络平台,高校校园社交网络日益受到关注并逐渐成为高校数字校园的重要组成部分.为了使校园社交网络与电子校务系统紧密结合,扩展了基于角色的访问模型,设计并实现了支持授权有效期、分级授权和权限代理的高校校园社交网络业务应用访问控制模型,从而为高校师生员工提供更加灵活、方便和周到的信息化服务.
Angjelichinoski, Marko; Stefanovic, Cedomir; Popovski, Petar
We present a communication solution tailored specifically for DC microgrids (MGs) that exploits: (i) the communication potential residing in power electronic converters interfacing distributed generators to powerlines and (ii) the multiple access nature of the communication channel presented by powerlines. The communication is achieved by modulating the parameters of the primary control loop implemented by the converters, fostering execution of the upper layer control applications. We present...
本文着眼于一个涉密信息系统的建设角度,在应用层访问控制上深化分级保护的思想,并提出了合理的解决方案.系统采用C/S与B/S相结合的结构,引入主客体分级保护和部门属性,来改进基于角色的访问控制以实现用户和权限的分离、并采用管理员角色分权制衡、系统数据库的综合审计和对审计日志的分布式存储等技术手段,实现了应用层上的分级保护访问控制.这些方法充分体现了将系统访问控制环节的对象差异化,对重点对象进行重点防护和特殊对待的分级保护思想.该方法能够使目前涉密信息系统的安全性得到有效提升,充分保护其系统的安全.%Nowadays the access control in a security office automation (OA) system focus on three layers of the International Standards Organization (ISO) seven-layer architecture, namely the physical layer, the network layer and the application layer. Here new methods are adopted in a model where the system architecture is composed of Client/Server (C/S) and Browser/Server (B/S) , such as the improved role-based access control (RBAC) method with a correlation between the subjects and objects of the access course, the subdivision and restriction of administrator users, an integrated audit to database, as well as the distributed storage of the audit logs. Discriminating between the objects in the access control process in this way affords gradational security protection to national standards, and offers operational benefits.
Full Text Available Within the challenging environment of intelligent transportation systems (ITS, networked control systems such as platooning guidance of autonomous vehicles require innovative mechanisms to provide real-time communications. Although several proposals are currently under discussion, the design of a rapid, efficient, flexible, and reliable medium access control mechanism which meets the specific constraints of such real-time communications applications remains unsolved in this highly dynamic environment. However, cognitive radio (CR combines the capacity to sense the radio spectrum with the flexibility to adapt to transmission parameters in order to maximize system performance and has thus become an effective approach for the design of dynamic spectrum access (DSA mechanisms. This paper presents the enhanced noncooperative cognitive division multiple access (ENCCMA proposal combining time division multiple access (TDMA and frequency division multiple access (FDMA schemes with CR techniques to obtain a mechanism fulfilling the requirements of real-time communications. The analysis presented here considers the IEEE WAVE and 802.11p as reference standards; however, the proposed medium access control (MAC mechanism can be adapted to operate on the physical layer of different standards. The mechanism also offers the advantage of avoiding signaling, thus enhancing system autonomy as well as behavior in adverse scenarios.
Full Text Available Personalization and adaptation to the user profile capability are the hottest issues to ensure ambientassisted living and context awareness in nowadays environments. With the growing healthcare andwellbeing context aware applications, modeling security policies becomes an important issue in thedesign of future access control models. This requires rich semantics using ontology modeling for themanagement of services provided to dependant people. However, current access control models remainunsuitable due to lack of personalization, adaptability and smartness to the handicap situation.In this paper, we propose a novel adaptable access control model and its related architecture in whichthe security policy is based on the handicap situation analyzed from the monitoring of user’s behavior inorder to grant a service using any assistive device within intelligent environment. The design of ourmodel is an ontology-learning and evolving security policy for predicting the future actions of dependentpeople. This is reached by reasoning about historical data, contextual data and user behavior accordingto the access rules that are used in the inference engine to provide the right service according to theuser’s needs.
Magableh, Amer M.
Femtocells can be employed in cellular systems to enhance the indoor coverage, especially in the areas with high capacity growing demands and high traffic rates. In this paper, we propose an efficient resource utilization protocol, named as shared access protocol (SAP), to enable the unauthorized macrocell user equipment to communicate with partially closed-access femtocell base station to improve and enhance the system performance. The system model considers a femtocell that is equipped with a total of N separated antennas or channels to multiplex independent traffic. Then, a set of N1 channels is used for closed access only by the authorized users, and the remaining set of channel resources can be used for open access by either authorized or unauthorized users upon their demands and spatial locations. For this system model, we obtain the signal-to-interference ratio characteristics, such as the distribution and the moment generating function, in closed forms for two fading models of indoor and outdoor environments. The signal-tointerference ratio statistics are then used to derive some important performance measures of the proposed SAP in closed form, such as the average bit error rate, outage probability, and average channel capacity for the two fading models under consideration. Numerical results for the obtained expressions are provided and supported by Monte Carlo simulations to validate the analytical development and study the effectiveness of the proposed SAP under different conditions. Copyright © 2012 John Wiley and Sons, Ltd.
Wilson, David G.; Robinett, III, Rush D.
A control system design method and concomitant control system comprising representing a physical apparatus to be controlled as a Hamiltonian system, determining elements of the Hamiltonian system representation which are power generators, power dissipators, and power storage devices, analyzing stability and performance of the Hamiltonian system based on the results of the determining step and determining necessary and sufficient conditions for stability of the Hamiltonian system, creating a stable control system based on the results of the analyzing step, and employing the resulting control system to control the physical apparatus.
Pitts, Lee; McNair, Ann R. (Technical Monitor)
The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.
Liu, Hong; Gliese, Ulrik Bo; Dittmann, Lars
In this paper, we propose a hybrid medium access control protocol for supporting broadband integrated services in the wireless ATM networks. The integrated services include CBR, VBR and ABR traffic varying from low bit-rate to very high bit-rate. The proposed protocol is an excellent compromise...... of contention, reservation and polling access techniques based on the dynamic TDMA system. Extensive simulation results using realistic data traffic sources, show that the proposed medium access scheme may provide QoS guarantees to different ATM traffic including the realistic MPEG video traces with low cell...
Paramanathan, Achuthan; Pahlevani, Peyman; Roetter, Daniel Enrique Lucani;
This paper advocates for a new Medium Access Control (MAC) strategy for wireless meshed networks by identifying overload scenarios in order to provide additional channel access priority to the relay. The key behind our MAC protocol is that the relay will adjust its back off window size according...... that network coding will improve the throughput in such systems, but our novel medium access scheme improves the performance in the cross topology by another 66 % for network coding and 150 % for classical forwarding in theory. These gains translate in a theoretical gain of 33 % of network coding over...
A plant control system is being designed for a gas-cooled fast breeder reactor (GCFR) demonstration plant. Control analysis is being performed as an integral part of the plant design process to ensure that control requirements are satisfied as the plant design evolves. The load control portion of the plant control system provides stable automatic (closed-loop) control of the plant over the 25% to 100% load range. Simulation results are presented to demonstrate load control system performance. The results show that the plant is controllable at full load with the control system structure selected, but gain scheduling is required to achieve desired performance over the load range
Korolev I. D.
Full Text Available The accepted model of the access control is realized with the monitor of safety in the protected automated information system. Models of safety are considered, as a rule, as a system which is a single whole and has the uniform monitor of safety. Nevertheless, the architecture of the real automated information systems and processes of their functioning can be characterized by distribution. The distributed automated information system consists more than of one local segment representing isolated set of subjects and objects of access. In the distributed system local segments can be realized both on the basis of discretionary, and on the basis of mandatory models of safety (i.e. to be diverse. One of directions of a safety in this case is realization of the general monitor of the safety providing the uniform (coordinated policy of access control. For safe interaction of patchwork systems it’s necessary to bring them to a single model. Hence, while the integration of information systems the problem of their interaction becomes persistent. Thus in the systems processing the information of a various level of confidentiality, it is necessary to realize mandatory access control. In given clause the mandatory policy of the safety presented by classical model of Bell-LaPadula, is described by the elements of classical model of Harrison-Russo-William. Using the mechanisms of change of a matrix access the opportunity of assignment and change of confidentiality marks is described and the observance of safe practices within the limits of mandatory access control is analyzed. The safety of application of the given approach has been proved. The perspective direction of research has been defined
Fedorova, Alexandra; Seltzer, Margo I.; Magoutis, Kostas; Addetia, Salimah
The Direct Access File System (DAFS) is a distributed file system built on top of direct-access transports (DAT). Direct-access transports are characterized by using remote direct memory access (RDMA) for data transfer and user-level networking. The motivation behind the DAT-enabled distributed file system architecture is the reduction of the CPU overhead on the I/O data path. In collaboration with Duke University we have created and made available an open-source implementation of DAFS for th...
Ahmed N. U.
Full Text Available We consider optimum feedback control strategy for computer communication network, in particular, the access control mechanism. The dynamic model representing the source and the access control system is described by a system of stochastic differential equations developed in our previous works. Simulated annealing (SA was used to optimize the parameters of the control law based on neural network. This technique was found to be computationally intensive. In this paper, we have proposed to use a more powerful algorithm known as recursive random search (RRS. By using this technique, we have been able to reduce the computation time by a factor of five without compromising the optimality. This is very important for optimization of high-dimensional systems serving a large number of aggregate users. The results show that the proposed control law can improve the network performance by improving throughput, reducing multiplexor and TB losses, and relaxing, not avoiding, congestion.
王新建; 邢建国; 于红艳
In order to realize group control of tyre capsule vulcanizer,a master-slave control system was composed of industry computer and programmable logic controller( PLC). The industry computer was taken as host computer. WebAccess configuration software was applied as development platform. The industry computer can realize dynamic display of data,storage,query,statistics,reports and other functions. PLC was adopted as slave machine to control vulcanizer. The communication of industry computer and PLC was realized through serial port. The temperature of vulcanizer was controlled with fuzzy control strategy. And the fuzzy control strategy was given. The test results indicate that the group control system has friendly interface and operates conveniently. Compared with single control system,the system can improve the capsule quality,production efficiency and level of automation.%为实现轮胎胶囊注射硫化机群控系统,采用工控机和PLC组成了上下位机控制系统.工控机作为上位机,以组态软件WebAccess为开发平台,可实现数据动态显示、存储、查询、统计、报表等功能；PLC作为下位机,对硫化机工作过程进行控制；采用串行通讯方式实现了上、下位机的通讯；基于模糊控制策略实现了硫化机温度的控制,并给出了模糊控制器的设计.研究结果表明,系统界面友好,操作方便,与单机控制相比,群控系统可以提高胶囊质量和生产效率,提高生产管理信息化水平.
Srirama, Satish Narayana
It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.
Yan, Liang; Rong, Chunming
Radio Frequency Identification (RFID) technology that used to identify objects and users has been applied to many applications such retail and supply chain recently. How to prevent tag content from unauthorized readout is a core problem of RFID privacy issues. Hash-lock access control protocol can make tag to release its content only to reader who knows the secret key shared between them. However, in order to get this shared secret key required by this protocol, reader needs to communicate with a back end database. In this paper, we propose to use identity-based secret key exchange approach to generate the secret key required for hash-lock access control protocol. With this approach, not only back end database connection is not needed anymore, but also tag cloning problem can be eliminated at the same time.
Flora, Cornelia B.
Metadata only record Developing sustainability in an agricultural ecosystem requires that attention be given to inequities within communities. The experiences of SANREM CRSP revealed that gender inequality was a significant factor in the access and control of resources that were critical for the projects reaching their goals. Among the resources of financial, manufactured, human, environmental, and social capital, enhancing social capital among women was a crucial component of plans for in...
Zhang, Nien Fan; Yao, L.; Nenadic, A.; Chin, J.; Goble, C.; Rector, A.; Chadwick, David W; Otenko, Sassa; Shi, Q.
In a virtual organization environment, where services and data are provided and shared amongorganizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication strengths derived from the authentication methods and tokens should be incorporated into an access-control decision-making process, so that more sen...
S. R. KODITUWAKKU
The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC). Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.
S. R. KODITUWAKKU
Full Text Available The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC. Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.
朱葛俊; 张硕; 朱文龙
The security of dormitory is related to the teaching and life order of school.According to the characteristics of dormitory,barrier-free access control system was developed based on RFID technology and multimedia video technology.Real-time,safely and effi%学生公寓的安全关系到学校的正常教学和生活秩序。根据学生公寓的特点,开发了基于无线射频识别技术和多媒体视频技术相结合的无障碍门禁系统。该系统在不妨碍学生正常通行的情况下,实现了学生公寓管理的实时、安全和高效,较好地解决了学生公寓管理的一些难题。
Jang, Bokman; Jang, Hyokyung; Choi, Euiin
Applications in context-aware computing environment will be connected wireless network and various devices. According to, recklessness access of information resource can make trouble of system. So, access authority management is very important issue both information resource and adapt to system through founding security policy of needed system. But, existing security model is easy of approach to resource through simply user ID and password. This model has a problem that is not concerned about user's environment information. In this paper, propose model of automated context-aware access control using ontology that can more efficiently control about resource through inference and judgment of context information that collect user's information and user's environment context information in order to ontology modeling.
刘福强; 李威; 李镞
The technology of ethernet-port authentication and access controling based on 802 .1x protocal has many ad-vantages ,such as high efficiency ,is designed and built ,flexible application and easy operation .In this paper ,access-contro-ling system based on 802 .1x protocal is designed and built ,the key technical problems are researched ,such as the security mode of EAP-TLS and the efficiency of USBKEY authentication .%基于802．1x 协议的以太网端口认证与接入控制技术具有简洁高效、容易实现、应用灵活以及易于运营等诸多特点和优点。文章通过对802．1x 等相关协议的研究与分析，设计并实现了基于该协议的安全接入控制系统，并对基于EAP-TLS 的安全认证方式、基于 USBKEY 认证方式效率等关键问题进行了深入分析。
Liao, Yu-Ting; Chen, Tzer-Shyong; Chen, Tzer-Long; Chung, Yu-Fang; Chen, Yu- Xin; Hwang, Jen-Hung; Wang, Huihui; Wei, Wei
This study is showing the advantage of mobile agents to conquer heterogeneous system environments and contribute to a virtual integrated sharing system. Mobile agents will collect medical information from each medical institution as a method to achieve the medical purpose of data sharing. Besides, this research also provides an access control and key management mechanism by adopting Public key cryptography and Lagrange interpolation. The safety analysis of the system is based on a network attacker's perspective. The achievement of this study tries to improve the medical quality, prevent wasting medical resources and make medical resources access to appropriate configuration.
Oliver Zhen Li; Xijia Su; Zhifeng Yang
We study the effect of state control on capital allocation and investment in China, where the government screens prospective stock issuers. We find that state firms are more likely to obtain government approval to conduct seasoned equity offerings than non-state firms. Further, non-state firms exhibit greater sensitivities of subsequent investment and stock performance to regulatory decisions on stock issuances than state firms. Our work suggests that state control of capital access distorts resource allocation and impedes the growth of non-state firms. We also provide robust evidence that financial constraints cause underinvestment.
Full Text Available A current limitation in embedded controller design and programming is the lack of database support in development tools such as Esterel Studio. This article proposes a way of integrating databases and Esterel by providing two application programming interfaces (APIs which enable the use of relational databases inside Esterel programs. As databases and Esterel programs are often executed on different machines, result sets returned as responses to database queries may be processed either locally and according to Esterel’s synchrony hypothesis, or remotely along several of Esterel’s execution cycles. These different scenarios are reflected in the design and usage rules of the two APIs presented in this article, which rely on Esterel’s facilities for extending the language by external data types, external functions, and procedures, as well as tasks. The APIs’ utility is demonstrated by means of a case study modelling an automated warehouse storage system, which is constructed using Lego Mindstorms robotics kits. The robot’s controller is programmed in Esterel in a way that takes dynamic ordering information and the warehouse’s floor layout into account, both of which are stored in a MySQL database.
Full Text Available Abstract A current limitation in embedded controller design and programming is the lack of database support in development tools such as Esterel Studio. This article proposes a way of integrating databases and Esterel by providing two application programming interfaces (APIs which enable the use of relational databases inside Esterel programs. As databases and Esterel programs are often executed on different machines, result sets returned as responses to database queries may be processed either locally and according to Esterel's synchrony hypothesis, or remotely along several of Esterel's execution cycles. These different scenarios are reflected in the design and usage rules of the two APIs presented in this article, which rely on Esterel's facilities for extending the language by external data types, external functions, and procedures, as well as tasks. The APIs' utility is demonstrated by means of a case study modelling an automated warehouse storage system, which is constructed using Lego Mindstorms robotics kits. The robot's controller is programmed in Esterel in a way that takes dynamic ordering information and the warehouse's floor layout into account, both of which are stored in a MySQL database.
王茜; 王富强; 傅鹤岗; 朱庆生
In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.
Ban Sharief Mustafa
Full Text Available Java Agent Development Framework (JADE is a software framework to make easy the development of Multi-Agent applications in compliance with the Foundation for Intelligent Physical Agents (FIPA specifications. JADE propose new infrastructure solutions to support the development of useful and convenient distributed applications. Security is one of the most important issues in implementing and deploying such applications. JADE-S security add-ons are one of the most popular security solutions in JADE platform. It provides several security services including authentication, authorization, signature and encryption services. Authorization service will give authorities to perform an action based on a set of permission objects attached to every authenticated user. This service has several drawbacks when implemented in a scalable distributed context aware applications. In this paper, an ontology-based access control model called (OJADEAC is proposed to be applied in JADE platform by combining Semantic Web technologies with context-aware policy mechanism to overcome the shortcoming of this service. The access control model is represented by a semantic ontology, and a set of two level semantic rules representing platform and application specific policy rules. OJADEAC model is distributed, intelligent, dynamic, context-aware and use reasoning engine to infer access decisions based on ontology knowledge.
Krithivasan, Kamala; Paun, Gheorghe; Ramanujan, Ajeesh; Research Group on Natural Computing (Universidad de Sevilla) (Coordinador)
We introduce and brie y investigate P systems with controlled computations. First, P systems with label restricted transitions are considered (in each step, all rules used have either the same label, or, possibly, the empty label, ), then P systems with the computations controlled by languages (as in context-free controlled grammars). The relationships between the families of sets of numbers computed by the various classes of controlled P systems are investigated, also comp...
Full Text Available We present an energy analysis technique applicable to medium access control (MAC and multihop communications. Furthermore, the technique's application gives insight on using multihop forwarding instead of single-hop communications. Using the technique, we perform an energy analysis of carrier-sense-multiple-access (CSMA- based MAC protocols with sleeping schemes. Power constraints set by battery operation raise energy efficiency as the prime factor for wireless sensor networks. A detailed energy expenditure analysis of the physical, the link, and the network layers together can provide a basis for developing new energy-efficient wireless sensor networks. The presented technique provides a set of analytical tools for accomplishing this. With those tools, the energy impact of radio, MAC, and topology parameters on the network can be investigated. From the analysis, we extract key parameters of selected MAC protocols and show that some traditional mechanisms, such as binary exponential backoff, have inherent problems.
韩伟力; 陈刚; 尹建伟; 董金祥
Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule-based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-oriented product data management (PDM) system.
韩伟力; 陈刚; 尹建伟; 董金祥
Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.
Paulsen, M S; Andersen, M; Munck, A P;
OBJECTIVE: Denmark has a health care system with free and equal access to care irrespective of age and socio-economic status (SES). We conducted a cross-sectional study to investigate a possible association between SES and blood pressure (BP) control of hypertensive patients treated in general pr...
Bolshakov, Kirill; Reshetova, Elena
FreeBSD was one of the first widely deployed free operating systems to provide mandatory access control. It supports a number of classic MAC models. This tutorial paper addresses exploiting this implementation to enforce typical enterprise security policies of varying complexities.
Stefan Victor Lefter
Full Text Available With the advent of Radio Frequency Identification technologies or RFID for short, different types of products and security-relevant applications have been developed for use in fields and businesses like: inventory management, product tracking, access control, passports or transport fare collection. Even though RFID has been around for quite some time, there are some types of businesses like theme parks, water parks or music festivals that haven’t yet tested the benefits that this technology brings. This paper focuses on presenting advantages and disadvantages of using an unified access control and electronic wallet system based on RFID cards like MiFare tags as an alternative to existing ticket/currency access and payment systems employed by the majority of the businesses mentioned above.
陆俊; 刘振宇; 徐志强; 朱炎平
针对宽带电力线资源分配中的 QoS 需求保证及用户间公平性问题，提出了一种计及接入控制策略的宽带电力线OFDM 系统跨层资源分配算法。首先建立了多用户跨层资源分配系统模型；其次通过公平因子约束实现整体算法的公平性，并提出一种接入控制策略，在某一个或几个用户信道质量较差而需要消耗大量系统资源的情况下，通过拒绝这些用户的接入来保证系统的整体性能；最后，在典型电力线信道的环境下，对该算法及对比算法进行了仿真，仿真结果证明所提算法相对于对比算法可以更有效地满足 QoS 及公平性需求，提升系统性能。%A cross-layer resource allocation algorithm considering access control mechanism is proposed in this paper for solving problem of QoS guarantee and fairness between users in broadband power line communication (BPLC). Model of multi-user cross-layer resource allocation system is established. Then fair factor constraint is used for realizing overall fairness of the algorithm. Moreover, an access control mechanism improving system performance through rejecting users with worse channel gains and more system resource need is proposed. Finally, this algorithm and other comparative algorithms are simulated under typical power line channel environment. Simulation results show that performance of the algorithm is better than that of other algorithms. It can meet QoS requirement and fairness between users more effectively than the comparative algorithms for BPLC. Meanwhile, the system performance is improved.
Kaiser, Mary Elizabeth; Morris, Matthew J.; McCandliss, Stephan R.; Rasucher, Bernard J.; Kimble, Randy A.; Kruk, Jeffrey W.; Pelton, Russell; Mott, D. Brent; Wen, Hiting; Foltz, Roger; Quijada, Manuel A.; Gum, Jeffery S.; Gardner, Jonathan P.; Kahle, Duncan M.; Benford, Dominic J.; Woodgate, Bruce E.; Wright, Edward L.; Feldman, Paul D.; Hart, Murdock; Moos, H. Warren; Reiss, Adam G.; Bohlin, Ralph; Deustua, Susana E.; Dixon, W. V.; Sahnow, David J.
Establishing improved spectrophotometric standards is important for a broad range of missions and is relevant to many astrophysical problems. ACCESS, "Absolute Color Calibration Experiment for Standard Stars", is a series of rocket-borne sub-orbital missions and ground-based experiments designed to enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 -1.7 micrometer bandpass.
Full Text Available The spectrum scarcity problem emerged in recent years, due to unbalanced utilization of RF (radio frequency bands in the current state of wireless spectrum allocations. Spectrum access scheduling addresses challenges arising from spectrum sharing by interleaving the channel access among multiple wireless systems in a TDMA fashion. Different from cognitive radio approaches which are opportunistic and noncollaborative in general, spectrum access scheduling proactively structures and interleaves the channel access pattern of heterogeneous wireless systems, using collaborative designs by implementing a crucial architectural component—the base stations on software defined radios (SDRs. We discuss our system design choices for spectrum sharing from multiple perspectives and then present the mechanisms for spectrum sharing and coexistence of GPRS+WiMAX and GPRS+WiFi as use cases, respectively. Simulations were carried out to prove that spectrum access scheduling is an alternative, feasible, and promising approach to the spectrum scarcity problem.
The thesis describes a smart house and the system that empowers it with intelligence. The goal of the thesis is to present the hardware and software involved and debate about the usability, pros and cons of such a system. The work addresses the smart house from several viewpoints: safety, comfort, economy, accessibility for people with special needs and affordability. Using smart house makes every day´s life more secure and comfortable, while it also enables independency to the people with sp...
Moreno, Lourdes; Iglesias, Ana; Calvo, Rocío; Delgado, Sandra; Zaragoza, Luis
Currently, the great majority of institutions of higher education use Learning Content Management Systems (LCMSs) and Learning Management Systems (LMS) as pedagogical tools. In order to make these systems accessible to all students, it is important to take into account not only educational standards, but also standards of accessibility. It is essential to have with procedures and well-established method for evaluating these tools, so in this paper we propose a method for evaluatin...
Servetto Sergio D
Full Text Available We consider medium access control (MAC in multihop sensor networks, where only partial information about the shared medium is available to the transmitter. We model our setting as a queuing problem in which the service rate of a queue is a function of a partially observed Markov chain representing the available bandwidth, and in which the arrivals are controlled based on the partial observations so as to keep the system in a desirable mildly unstable regime. The optimal controller for this problem satisfies a separation property: we first compute a probability measure on the state space of the chain, namely the information state, then use this measure as the new state on which the control decisions are based. We give a formal description of the system considered and of its dynamics, we formalize and solve an optimal control problem, and we show numerical simulations to illustrate with concrete examples properties of the optimal control law. We show how the ergodic behavior of our queuing model is characterized by an invariant measure over all possible information states, and we construct that measure. Our results can be specifically applied for designing efficient and stable algorithms for medium access control in multiple-accessed systems, in particular for sensor networks.
Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.
Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.
Fafoutis, Xenofon; Dragoni, Nicola
ODMAC (On-Demand Media Access Control) is a recently proposed MAC protocol designed to support individual duty cycles for Energy Harvesting — Wireless Sensor Networks (EH-WSNs). Individual duty cycles are vital for EH-WSNs, because they allow nodes to adapt their energy consumption to the ever......-changing environmental energy sources. In this paper, we present an improved and extended version of ODMAC and we analyze it by means of an analytical model that can approximate several performance metrics in an arbitrary network topology. The simulations and the analytical experiments show ODMAC's ability to satisfy...
Shi, Jianyang; Fang, Yuan; Chi, Nan
We propose and experimentally demonstrate time division multiplexed orbital angular momentum (OAM) access system to increase transmission capacity and spectral efficiency. In this system, data carried on different time tributaries share the same OAM mode. Multiple time division multiplexed OAM modes are multiplexed to realize two-dimensional (time dimension and OAM dimension) multiplexing. Therefore, the capacity and spectral efficiency of the access system will increase. The orthogonality between optical time division multiplexing (OTDM) and OAM techniques is also verified in our experiment. In a proof-of-concept experiment, 2×5-Gbps return-to-zero signal over OAM mode +4 is transmitted and investigated. The bit error ratio performance after transmission in this system can be smaller than 1×10-9. Results show that the proposed time division multiplexed OAM access system is suitable for future broadband access network.
Jazdi, N. [Stuttgart Univ. (Germany). Inst. fuer Automatisierungs- und Softwaretechnik
This article describes a flexible and extensible infrastructure for applying Web-Technologies to embedded systems.The presented approach develops a Three-level-Architecture consisting of the embedded system, the universal Remote-Access-Server and the Remote-Access-Client. A system-spanning general interface allows the binding of embedded systems in order to access their process data. Additionally, this procedure facilitates a flexible processing of the device data, so that it is ready to be used by different control devices. To ensure flexibility - connecting different devices on the one side and providing information for different clients like PC, PDA or mobile phone on the other side - a new XML-based description language (Service Description Markup Language - SDML) is introduced. The SDML documents contain information about connected embedded systems, reusable device data and the presentation policies for different clients. These documents are specifically created for each device. Applying the suggested procedure, different embedded systems can be connected to the Internet with minimum hardware and software requirements/costs. Software components of the Remote-Access-Server, once developed, can be used and applied to various devices which lead to a reduction of the development costs. The user can use an ordinary web browser to communicate with the devices and does not need to install any additional software on his local computer. (orig.) (orig.)
Lee, Taeyoung; McClamroch, N Harris
Discrete control systems, as considered here, refer to the control theory of discrete-time Lagrangian or Hamiltonian systems. These discrete-time models are based on a discrete variational principle, and are part of the broader field of geometric integration. Geometric integrators are numerical integration methods that preserve geometric properties of continuous systems, such as conservation of the symplectic form, momentum, and energy. They also guarantee that the discrete flow remains on the manifold on which the continuous system evolves, an important property in the case of rigid-body dynamics. In nonlinear control, one typically relies on differential geometric and dynamical systems techniques to prove properties such as stability, controllability, and optimality. More generally, the geometric structure of such systems plays a critical role in the nonlinear analysis of the corresponding control problems. Despite the critical role of geometry and mechanics in the analysis of nonlinear control systems, non...
Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen
Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.
Oleiro Seabra, Luis Filipe; The ATLAS collaboration
ALFA (Absolute Luminosity For ATLAS) is one of the sub-detectors of ATLAS (A Toroidal LHC Apparatus). The ALFA system is composed by four stations installed in the LHC tunnel 240 m away from the ATLAS interaction point. Each station has a vacuum and ventilation system, movement control and all the required electronics for signal processing. The Detector Control System (DCS) provides control and monitoring of several components and ensures the safe operation of the detector contributing to good Data Quality. This paper describes the ALFA DCS system including a detector overview, operation aspects and hardware control through a SCADA system, WinCC OA.
Oleiro Seabra, Luis Filipe; The ATLAS collaboration
ALFA (Absolute Luminosity For ATLAS) is one of the sub-detectors of ATLAS/LHC. The ALFA system is composed by two stations installed in the LHC tunnel 240 m away from each side of the ATLAS interaction point. Each station has a vacuum and ventilation system, movement control and all the required electronic for signal processing. The Detector Control System (DCS) provides control and monitoring of several components and ensures the safe operation of the detector contributing to good Data Quality. This paper describes the ALFA DCS system including a detector overview, operation aspects and hardware control through a SCADA system, WinCC OA.
Sánchez-Artigas, Marc; García-López, Pedro
In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.
The main objective of the modular control system is to provide the requirements to most of the processes supervision and control applications within the industrial automatization area. The design is based on distribution, modulation and expansion concepts. (Author)
"Presents a unified approach to the fundamental issues in motion control, starting from the basics and moving through single degree of freedom and multi-degree of freedom systems In Motion Control Systems, Šabanovic and Ohnishi present a unified approach to very diverse issues covered in motion control systems, offering know-how accumulated through work on very diverse problems into a comprehensive, integrated approach suitable for application in high demanding high-tech products. It covers material from single degree of freedom systems to complex multi-body non-redundant and redundant systems. The discussion of the main subject is based on original research results and will give treatment of the issues in motion control in the framework of the acceleration control method with disturbance rejection technique. This allows consistent unification of different issues in motion control ranging from simple trajectory tracking to topics related to haptics and bilateral control without and with delay in the measure...
Asim, Muhammad; Ignatenko, Tanya; Petkovic, Milan; Trivellato, Daniel; Zannone, Nicola
Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hierarchical attribute-based encryption (D-HABE) scheme that allows the insti...
Mahmoud, Magdi S
Applied Control System Design examines several methods for building up systems models based on real experimental data from typical industrial processes and incorporating system identification techniques. The text takes a comparative approach to the models derived in this way judging their suitability for use in different systems and under different operational circumstances. A broad spectrum of control methods including various forms of filtering, feedback and feedforward control is applied to the models and the guidelines derived from the closed-loop responses are then composed into a concrete self-tested recipe to serve as a check-list for industrial engineers or control designers. System identification and control design are given equal weight in model derivation and testing to reflect their equality of importance in the proper design and optimization of high-performance control systems. Readers’ assimilation of the material discussed is assisted by the provision of problems and examples. Most of these e...
... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... market access to customers or other persons, to implement risk management controls and supervisory... pre-trade risk management controls (i.e., ``unfiltered'' or ``naked'' access),\\10\\ and thus could...
ZhangShuochengt; WangDan; QiaoWeimin; JingLan
All kinds of step motors and servomotors are widely used in CSR control system, such as many vacuum valves control that set on the HIRFL-CSR; all kinds of electric switches and knobs of ECR Ion Source; equipment of CSR Beam Diagnostics and a lot of large equipment like Inside Gun Toroid and Collector Toroid of HIRFL. A typical control system include up to 32 16-I/O Control boards, and each 16-I/O Control board can control 4 motors at the same time (including 8 Limit Switches).
Chang, Yuguang; Liu, Deming; Wu, Guangsheng
Ethernet Passive Optical Network(EPON) is one of the most promising fibre-based access techniques which has been more and more widely used in today's access networks. In this paper, we proposed to integrate WLAN technology with EPON to provide wireless service in EPON network. First of all, theoretical analysis is given to support the feasibility of integrating WLAN technology into EPON system. Then, the architecture of the integrated system is descried. The key point of the plan is that an integrated ONU and WLAN BS called ONU-WLAN AP is setup in the system instead of a standard ONU. This is also the main difference between proposed system and a normal EPON system. The ONU-WLAN AP can provide both wired access and wireless access to the end users. System design and implementation is discussed in the following paragraph. Transmission experiments and results of the proposed plan are also described in this paper. The experimental results show that the average traffic throughput of the system could reach to approximate 20Mbps. Finally, conclusions are drawn out: The proposed system can work properly. The integrated system could be a costeffective plan for broadband access network.
Discrete Control Systems establishes a basis for the analysis and design of discretized/quantized control systemsfor continuous physical systems. Beginning with the necessary mathematical foundations and system-model descriptions, the text moves on to derive a robust stability condition. To keep a practical perspective on the uncertain physical systems considered, most of the methods treated are carried out in the frequency domain. As part of the design procedure, modified Nyquist–Hall and Nichols diagrams are presented and discretized proportional–integral–derivative control schemes are reconsidered. Schemes for model-reference feedback and discrete-type observers are proposed. Although single-loop feedback systems form the core of the text, some consideration is given to multiple loops and nonlinearities. The robust control performance and stability of interval systems (with multiple uncertainties) are outlined. Finally, the monograph describes the relationship between feedback-control and discrete ev...
The large carrier frequency shift caused by the high-speed movement of satellite (Doppler effects) and the propagation delay on the up-down link are very critical issues in an LEO satellite communication system, which affects both the selection and the implementation of a suitable access method. A Doppler based multiple access technique is used here to control the flow and an MPRMA-HS protocol is proposed for the application in LEO satellite communication systems. The extended simulation trials prove that the proposed scheme seems to be a very promising access method.
Wang, Shujuan; Liu, Qingtang
The virtual learning community is an important application pattern of E-Learning. It emphasizes the cooperation of the members in the community, the members would like to share their learning resources, to exchange their experience and complete the study task together. This instructional mode has already been proved as an effective way to improve the quality and efficiency of instruction. At the present time, the virtual learning communities are mostly designed using static access control policy by which the access permission rights are authorized by the super administrator, the super administrator assigns different rights to different roles, but the virtual and social characteristics of virtual learning community make information sharing and collaboration a complex problem, the community realizes its instructional goal only if the members in it believe that others will offer the knowledge they owned and believe the knowledge others offered is well-meaning and worthy. This paper tries to constitute an effective trust mechanism, which could promise favorable interaction and lasting knowledge sharing.
Role-based access control model for large management information system cannot meet the requirement of multi-hi-erarchies decentralized administration. A role-based hierarchical administrative model named MHARBAC is proposed to support top-down authorization. The role tree and the administrate scope which contains user scope, role scope and permission scope are defined to support the permission decentralized over the role tree. The MHARBAC model based on RBAC has significant ad-vantages on term of supporting decentralized administration.%基于角色的访问控制在信息管理系统应用时缺少对分级授权的支持。多级访问控制模型在基于角色的访问控制模型基础上，使用角色树表现角色的层次关系，将用户域、角色域和许可域组合为管理域来限定分级授权的操作范围，实现了权限在角色树上的逐级分发，支持信息管理系统的分级授权要求。
Building access control (BAC)--a catchall phrase to describe the systems that control access to facilities across campus--has traditionally been handled with remarkably low-tech solutions: (1) manual locks; (2) electronic locks; and (3) ID cards with magnetic strips. Recent improvements have included smart cards and keyless solutions that make use…
Several kinds of computer systems are used to perform large helical device (LHD) experiments, and each produces its own data format. Therefore, it has been difficult to deal with these data simultaneously. In order to solve this problem, the Kaiseki server was developed; it has been facilitating the unified retrieval of LHD data. The data acquired or analyzed by various computer systems are converted into the unified ASCII format, or Kaiseki format, and transferred to the Kaiseki server. With this method, the researchers can visualize and analyze the data produced by various kinds of computers in the same way. Because validations are needed before registering on the Kaiseki server, it takes time to make the validated data available. However, some researchers need data as soon as it is gathered in order to adjust their instruments during the experiments. To satisfy this requirement, a new visualization system has been under development. The new system has two ways to visualize the data as physical values from the raw data. If the conversion task is not complex, the NIFSscope, a visualization tool, converts the raw data into physics data by itself. If the task is too complex to handle, it asks the ANACalc server to make physics data. When the ANACalc server receives a request, it delegates calculation programs to convert the acquired data into physics data. Because the interfaces between the server and the calculation processes are independent of programming languages and operating systems, the calculation processes can be placed on different computers and the server load can be reduced. Therefore, the system can respond to changes in requirements by replacing the calculation programs, and can easily be expanded by increasing the number of calculation servers
Full Text Available Cloud computing is a general term anything that involves delivering hosted services, Anything as a Service (AaaS, over the web on demand basis. It uses the web and central remote servers to maintain data and applications. The lack of confidence in trusting information flow(users data are usually processes remotely in unknown machines that do not owned or operated by user in cloud has become common, as users fears of losing control of their own data (like personal, professional, financial, Health. In this approach, a secured cloud storage system that achieves policy-based access control is proposed with an information accountability cloud framework to keep track of the actual usage of the clients data.The access policy generated for the file controls the file accesses and policy revocation makes the file permanently inaccessible. The system is built upon a set of cryptographic key operations that are self- maintained by a set of key managers and adds security features. The access details of the data are logged and auditing also performed.
Sellers, David; Friedman, Hannah; Haasl, Tudi; Bourassa, Norman; Piette, Mary Ann
The ''Control System Design Guide'' (Design Guide) provides methods and recommendations for the control system design process and control point selection and installation. Control systems are often the most problematic system in a building. A good design process that takes into account maintenance, operation, and commissioning can lead to a smoothly operating and efficient building. To this end, the Design Guide provides a toolbox of templates for improving control system design and specification. HVAC designers are the primary audience for the Design Guide. The control design process it presents will help produce well-designed control systems that achieve efficient and robust operation. The spreadsheet examples for control valve schedules, damper schedules, and points lists can streamline the use of the control system design concepts set forth in the Design Guide by providing convenient starting points from which designers can build. Although each reader brings their own unique questions to the text, the Design Guide contains information that designers, commissioning providers, operators, and owners will find useful.
Multiplexing of bursty sources and refined congestion control strategies are still the subject of numerous research activities. Broadband applications with very high peak-to-mean bitrate ratio and long silence periods like still picture video gave rise to different ideas of rate control at the B-ISDN network access. Contributions on Input Rate Control for source coded traffic as well as on Server Rate Control within a LAN/ATM Interworking Unit have recently been presented. This paper addresses a congestion avoidance strategy at the network access regarding the aggregated traffic of bursty sources. Depending on the number of active sources as well as on certain defined congestion levels the cell rate at the network access is controlled. The proposed analytical approach is based on the model of uniform and continuous arrival and service. The selected underlying Markov chain contains `split' states in order to handle the congestion correlation. The proposed model is extended to an adaptive Non-Markov system where the buffer filling level is evaluated using a switching hysteresis. This type of congestion measurement turns out to be very useful for an adaptive rate control mechanism that guarantees a certain quality of service while still achieving a good statistical gain. The analytical approach is confirmed by results of a computer simulation that is extended to the more complex case of adaptive rate control.
Full Text Available Banks play an important role in the financial sector, in the proper functioning of economic entities and in the economy as a whole, therefore over time the establishment of a functioning banking system capable of delivering a wide range of products and services to meet the requirements of all potential customers has been a permanent concern. Considering the economic and financial reality, both internationally and domestically, each country and therefore, Romania is interested in creating a solid banking system, enabling the appropriate organizational framework in order to ensure a development of the financial mechanisms. The banking system as the basic element of the financial system, allows an efficient allocation of resources in the economy and, in order to function properly, we need to know the risks they face:a slow economic growth may cause losses due to difficulties in repaying bank loans, due to lower sales or lower wages, changes in asset prices may cause financial losses to investors, decreasing a sector of the economy which has monopolized the banks’ and investors’ attention.
Full Text Available At present methods for providing conditional access to restricted resources and applications for permitting personnel, such as military members, government agencies, or first-responders are not available. The conditional access is provided if the user is an authentic user in one of the authorized geographic location and is connected to specific base transceiver stations or base station controllers. In this work we introduce dominions for mobile security, which are designed to provide this conditional access, are adjustable and congenial with mobile cellular systems, and can run even without being connected to a devoted back-end network. The aim of the architecture is to provide users who satisfy specific pre-conditions access to restricted resources and applications to which they otherwise normally would not be granted access. These mobile security dominions not only provide strict security by authenticating the user and the geographic location of the device, but also prevent access to networks or resources outside of authorized areas and restrict unauthorized users.
Leve, Frederick A; Peck, Mason A
The goal of this book is to serve both as a practical technical reference and a resource for gaining a fuller understanding of the state of the art of spacecraft momentum control systems, specifically looking at control moment gyroscopes (CMGs). As a result, the subject matter includes theory, technology, and systems engineering. The authors combine material on system-level architecture of spacecraft that feature momentum-control systems with material about the momentum-control hardware and software. This also encompasses material on the theoretical and algorithmic approaches to the control of space vehicles with CMGs. In essence, CMGs are the attitude-control actuators that make contemporary highly agile spacecraft possible. The rise of commercial Earth imaging, the advances in privately built spacecraft (including small satellites), and the growing popularity of the subject matter in academic circles over the past decade argues that now is the time for an in-depth treatment of the topic. CMGs are augmented ...
Haibo Shen; Yu Cheng
As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC) to be applied in mobile web services environment by combining ...
Liu, Changyu; Lu, Bin; Li, Huiling
We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.
Full Text Available We developed an online multimedia event detection (MED system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.
Muhammad Nabeel Tahir
Full Text Available Hierarchical representation is a natural way of organizing roles in role-based access control systems. Besides its advantages of providing a way of establishing parent-child relationships among different roles, it also provides a facility to design and organize context dependant application roles that users may activate depending on their current context (spatial, temporal conditions. In this paper, we show that if spatial roles are organized in hierarchical relationships, it can cause the problem of disambiguation in making access control decisions especially when the user moves from one location to another location frequently in a single transaction and a single session. We extend our work of Contextual Role-Based Access Control (C-RBAC by introducing hierarchical relationship among subject, location and purpose roles and solve the disambiguation problem in hierarchy by considering user motion direction and his/her context roles (spatial and spatial purpose in order to make more fine grained and better access control decisions.
A system controller has been designed, built, tested, and in operation for one year at MIT/Lincoln Laboratory's 25-kW-peak Solar Photovoltaic Power System located at Mead, Nebraska. The controller allows the site to operate without human intervention, and has brought to light some of the problems of charge-control algorithms in a deep-discharge environment.
Engr. Prof Hyacinth C. Inyiama; Engr. Mrs Lois Nwobodo; Engr. Dr. Mrs. Christiana C. Okezie; Engr. Mrs. Nkolika O. Nwazor
GSM (Global system for mobile communication) based wireless database access for food and drug administration and control is a system that enables one to send a query to the database using the short messaging system (SMS) for information about a particular food or drug. It works in such a way that a user needs only send an SMS in order to obtain information about a particular drug produced by a pharmaceutical industry. The system then receives the SMS, interprets it and uses its contents to qu...
Drones, subscale vehicles like the Firebees, and full scale retired military aircraft are used to test air defense missile systems. The DFCS (Drone Formation Control System) computer, developed by IBM (International Business Machines) Federal Systems Division, can track ten drones at once. A program called ORACLS is used to generate software to track and control Drones. It was originally developed by Langley and supplied by COSMIC (Computer Software Management and Information Center). The program saved the company both time and money.
The design and implementation of a new computerized control system for the several devices of the magnetic spectrometer at TANDAR Laboratory is described. This system, as a main difference from the preexisting one, is compatible with almost any operating systems of wide spread use available in PC. This allows on-line measurement and control of all signals from any terminal of a computer network. (author)
Jagadeesh Chandra A.P
Full Text Available Internet has revolutionized the way in which the information is delivered. Laboratory based courses play an important role in technical education. Automation is changing the nature of these laboratories and the system designer’s focus on Internet accessed experiments owing to the availability of several tools to integrate electronic and mechanical hardware with the World Wide Web. Stand-alone approaches in remote learning have grown tremendously in the recent years. One of the important components in remote experimentation is the integration of Virtual Instruments to perform real hardware tasks in near real-time. The paper describes a web interface to the electrical hardware and integration of LabVIEW Virtual Instruments to the remote access and control of DC Drives. Customized electrical hardware serves as the web interface, supporting various features to remotely control and measure the parameters of the electrical machine. Novel techniques have been used to interface a low power data acquisition system with the DC machine driven by the AC power supply. The system uses the client-server architecture to access the web page of the Virtual Instruments through web browser. The developed system imitates the real control of experiment hardware, but being operated remotely through Internet.
GODFREY A. MILLS; STEPHEN K. ARMOO; AGYEMAN K. ROCKSON; ROBERT A. SOWAH; MOSES A. ACQUAH
Irrigated agriculture is one of the primary water consumers in most parts of the world. With developments in technology, efforts are being channeled into automation of irrigation systems to facilitate remote control of the irrigation system and optimize crop production and cost effectiveness. This paper describes an on-going work on GSM based irrigation monitoring and control systems. The objective of the work is to provide an approach that helps farmers to easily access, manage and regulate ...
角色访问控制(Role-Based Access Control,RBAC)技术是近年来计算机网络访问控制研究的热点技术之一.将角色访问控制技术应用于图书馆的图书流通系统中,能够降低授权管理的复杂度,提高系统的安全性.
王清珍; 董健; 杨宇
为了在无线办公门禁系统中实现通过LCD12864显示屏分屏显示多项内容，采用单片机C语言程序设计了多级菜单，应用结构体数组成员的定义，借助按键来改变菜单项的索引号，进行内容的分屏显示及菜单项之间的切换。在多项显示时，同一屏上显示项处于同一级，涉及的变量少，索引号级数少，系统开支就小。设计简化，按键实时性好，界面简单，操作方便。%In order to realize the split screen display of multiterm contents on LCD12864 display screen in the wireless of⁃fice access control system,the multi⁃level menu was designed by means of a C language program of single chip microcomputer. The definition of the structural body array members is used,and the split screen display of multiterm contents and switching be⁃tween menu items are performed with the help of buttons to change the index number of menu items. Split screen display switching between content and menu items is adopted to simplify the design. The system has the advantages of simple design,good real⁃time performance and simple interface,and is easy to operate.
LI Gang; WANG Ke-Xiang; ZHAO Ji-Jiu; YUE Ke-Juan; DAI Ming-Sui; HUANG Yi-Ling; JIANG Bo
A superconducting cryogenic system has been designed and deployed in the Beijing Electron-Positron Collider Upgrade Project(BEPCⅡ).The system consists of a Siemens PLC(ST-PLC,Programmable Logic Controller)for the compressor control,an Allen Bradley(AB)PLC for the cryogenic equipments,and the Experimental Physics and Industrial Control System(EPICS)that integrates the PLCs.The system fully automates the superconducting cryogenic control with process control,PID(Proportional-Integral-Differential)control loops,real-time data access and data storage,alarm handler and human machine interface.It is capable of automatic recovery as well.This paper describes the BEPCⅡ cryogenic control system,data communication between ST-PLC and EPICS Input/Output Controllers(IOCs),and the integration of the flow control,the low level interlock,the AB-PLC,and EPICS.
Li, Gang; Wang, Ke-Xiang; Zhao, Ji-Jiu; Yue, Ke-Juan; Dai, Ming-Hui; Huang, Yi-Ling; Jiang, Bo
A superconducting cryogenic system has been designed and deployed in the Beijing Electron- Positron Collider Upgrade Project (BEPCII). The system consists of a Siemens PLC (S7-PLC, Programmable Logic Controller) for the compressor control, an Allen Bradley (AB) PLC for the cryogenic equipments, and the Experimental Physics and Industrial Control System (EPICS) that integrates the PLCs. The system fully automates the superconducting cryogenic control with process control, PID (Proportional-Integral-Differential) control loops, real-time data access and data storage, alarm handler and human machine interface. It is capable of automatic recovery as well. This paper describes the BEPCII cryogenic control system, data communication between S7-PLC and EPICS Input/Output Controllers (IOCs), and the integration of the flow control, the low level interlock, the AB-PLC, and EPICS.
Trudnowski, Daniel [Montana Tech of the Univ. of Montana, Butte, MT (United States)
This report summarizes the results of the Load Control System Reliability project (DOE Award DE-FC26-06NT42750). The original grant was awarded to Montana Tech April 2006. Follow-on DOE awards and expansions to the project scope occurred August 2007, January 2009, April 2011, and April 2013. In addition to the DOE monies, the project also consisted of matching funds from the states of Montana and Wyoming. Project participants included Montana Tech; the University of Wyoming; Montana State University; NorthWestern Energy, Inc., and MSE. Research focused on two areas: real-time power-system load control methodologies; and, power-system measurement-based stability-assessment operation and control tools. The majority of effort was focused on area 2. Results from the research includes: development of fundamental power-system dynamic concepts, control schemes, and signal-processing algorithms; many papers (including two prize papers) in leading journals and conferences and leadership of IEEE activities; one patent; participation in major actual-system testing in the western North American power system; prototype power-system operation and control software installed and tested at three major North American control centers; and, the incubation of a new commercial-grade operation and control software tool. Work under this grant certainly supported the DOE-OE goals in the area of “Real Time Grid Reliability Management.”
Carvalho, Ivo S., E-mail: email@example.com; Duarte, Paulo; Fernandes, Horácio; Valcárcel, Daniel F.; Carvalho, Pedro J.; Silva, Carlos; Duarte, André S.; Neto, André; Sousa, Jorge; Batista, António J.N.; Carvalho, Bernardo B.
This thesis is about automatic motion control systems for remotely operated vehicles (ROV). The work has focused on topics within guidance and navigation. In addition, a motion control system has been developed, implemented, tested and used on two ROVs in sea trials.The main motivation for the work has been the need to automate ROV tasks in order to make the ROV a more efficient tool for exploring the ocean space. Many parts of a motion control system for a ROV is similar to that of surface v...
Shea, T J
This lecture begins with a definition of an accelerator control system, and then reviews the control system architectures that have been deployed at the larger accelerator facilities. This discussion naturally leads to identification of the major subsystems and their interfaces. We shall explore general strategies for integrating intelligent devices and signal processing subsystems based on gate arrays and programmable DSPs. The following topics will also be covered: physical packaging; timing and synchronization; local and global communication technologies; interfacing to machine protection systems; remote debugging; configuration management and source code control; and integration of commercial software tools. Several practical realizations will be presented.
Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel;
Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC...... of complex access control decisions based on spatio-temporal relationships among subjects and objects. Furthermore, such relationships change frequently in dynamic environments, requiring efficient mechanisms to monitor and re-evaluate access control decisions. In this position paper, we present a healthcare...... emergency response scenario which highlights the novel challenges that arise when enforcing access control in an environment with moving subjects and objects. To address a realistic application scenario, we consider movement on road networks, and we identify complex access control decisions relevant...
WANG Yi; GU Da-wu; BAI Ying-cai
This paper compares two types of access methods in 3G telecommunication systems, registration based access method and alternative access method. Through analyzing their common ground, we establish a public-key based uniform access framework, which combines different access methods into one unified model and provides more scalability and flexibility. Then an improved wireless authentication protocol is introduced into the framework, which gives an example of how unification is obtained by using public key technology. Since original protocol has flaws, an improved one is proposed based on security investigation. Improved authentication protocol overcomes the weakness of the original one, and maintains all the security features owned by old protocol. Finally, the feasibility of this framework is analyzed with consideration of current development in mobile telecommunication fields and the future trend of 3G systems. The result shows that public key technology has a promising future in 3G and Beyond 3G systems. It points out a new way for key management in future telecommunication systems.
Full Text Available The article deals with main tends of scientific research activities of Department of Control and Information Systems at the Faculty of Electrical Engineering of University of Zilina and its perspectives in this area.
requirements for a dedicated software environment for fault tolerant control systems design. The second detailed study addressed the detection of a fault event and determination of the failed component. A variety of algorithms were compared, based on two fault scenarios in the speed governor actuator setup......This thesis considered the development of fault tolerant control systems. The focus was on the category of automated processes that do not necessarily comprise a high number of identical sensors and actuators to maintain safe operation, but still have a potential for improving immunity to component...... failures. It is often feasible to increase availability for these control loops by designing the control system to perform on-line detection and reconfiguration in case of faults before the safety system makes a close-down of the process. A general development methodology is given in the thesis...
Reset Control Systems addresses the analysis for reset control treating both its basic form which requires only that the state of the controller be reinitialized to zero (the reset action) each time the tracking error crosses zero (the reset condition), and some useful variations of the reset action (partial reset with fixed or variable reset percentage) and of the reset condition (fixed or variable reset band and anticipative reset). The issues regarding reset control – concepts and motivation; analysis tools; and the application of design methodologies to real-world examples – are given comprehensive coverage. The text opens with an historical perspective which moves from the seminal work of the Clegg integrator and Horowitz FORE to more recent approaches based on impulsive/hybrid control systems and explains the motivation for reset compensation. Preliminary material dealing with notation, basic definitions and results, and with the definition of the control problem under study is also included. The fo...
Lewis, Andrew D
This brief presents a description of a new modelling framework for nonlinear/geometric control theory. The framework is intended to be—and shown to be—feedback-invariant. As such, Tautological Control Systems provides a platform for understanding fundamental structural problems in geometric control theory. Part of the novelty of the text stems from the variety of regularity classes, e.g., Lipschitz, finitely differentiable, smooth, real analytic, with which it deals in a comprehensive and unified manner. The treatment of the important real analytic class especially reflects recent work on real analytic topologies by the author. Applied mathematicians interested in nonlinear and geometric control theory will find this brief of interest as a starting point for work in which feedback invariance is important. Graduate students working in control theory may also find Tautological Control Systems to be a stimulating starting point for their research.
ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian
The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.
Kershaw, Philip; Lawrence, Bryan; Lowe, Dominic; Norton, Peter; Pascoe, Stephen
CEDA (Centre for Environmental Data Archival) based at STFC Rutherford Appleton Laboratory is host to the BADC (British Atmospheric Data Centre) and NEODC (NERC Earth Observation Data Centre) with data holdings of over half a Petabyte. In the coming months this figure is set to increase by over one Petabyte through the BADC's role as one of three data centres to host the CMIP5 (Coupled Model Intercomparison Project Phase 5) core archive of climate model data. Quite apart from the problem of managing the storage of such large volumes there is the challenge of collating the data together from the modelling centres around the world and enabling access to these data for the user community. An infrastructure to support this is being developed under the US Earth System Grid (ESG) and related projects bringing together participating organisations together in a federation. The ESG architecture defines Gateways, the web interfaces that enable users to access data and data serving applications organised into Data Nodes. The BADC has been working in collaboration with US Earth System Grid team and other partners to develop a security system to restrict access to data. This provides single sign-on via both OpenID and PKI based means and uses role based authorisation facilitated by SAML and OpenID based interfaces for attribute retrieval. This presentation will provide an overview of the access control architecture and look at how this has been implemented for CEDA. CEDA has developed an expertise in data access and information services over several years through a number of projects to develop and enhance these capabilities. Participation in CMIP5 comes at a time when a number of other software development activities are coming to fruition. New services are in the process of being deployed alongside services making up the system for ESG. The security system must apply access control across this heterogeneous environment of different data services and technologies. One strand
DongJinmei; YuanYoujin; ZhengJianhua
A Virtual Accelerator is a computer process which simulates behavior of beam in an accelerator and responds to the accelerator control program under development in a same way as an actual accelerator. To realize Virtual Accelerator, control system should provide the same program interface to top layer Application Control Program, it can make 'Real Accelerator' and 'Virtual Accelerator'use the same GUI, so control system should have a layer to hide hardware details, Application Control Program access control devices through logical name but not through coded hardware address. Without this layer, it is difficult to develop application program which can access both 'Virtual' and 'Real' Accelerators using same program interfaces. For this reason, we can create CSR Runtime Database which allows application program to access hardware devices and data on a simulation process in a unified way. A device 'is represented as a collection of records in CSR Runtime Database. A control program on host computer can access devices in the system only through names of record fields, called channel.
Vehicle management mode in traditional residential quarters mostly rely on guards ,both time‐consuming and labori‐ous ,reliability and accuracy are also not meeting the requirements ,the district’s security is without strong assurance .To solve this thorny problem ,a district vehicle access control system is designed based on UHF RFID technology ,on the basis of the Internet of Things ,and by setting the electronic tag on vehicles ,then the reader is combined to the computer network to achieve the automatic recognition of vehicle license .The model has a fast and efficient characteristics ,scientific and effective way to manage the vehicle within the cell ,the burden on the management staff is reduced ,the lives of residents are facilitated .%传统的住宅小区对进出车辆的管理模式，大部分都是门卫的人工操作，既费时又费力，可靠性和准确度也达不到要求，小区的安全性得不到有力的保证。针对这一棘手问题，提出了基于 U HF RFID 技术的小区车辆门禁系统，在物联网理论的基础上，通过对进出车辆设定电子标签，把读写器和计算机网络相结合，实现了车辆标签牌照的自动识别。该模式具有快速、高效的特点，科学有效地对小区内的车辆进行管理，减轻了管理人员的负担，方便了居民的日常生活。
Volkov, Vasily Y; Zhuravlev, Oleg N; Nukhaev, Marat T; Shchelushkin, Roman V
This article presents the idea and realization for the unique Adaptive Inflow Control System being a part of well completion, able to adjust to the changing in time production conditions. This system allows to limit the flow rate from each interval at a certain level, which solves the problem of water and gas breakthroughs. We present the results of laboratory tests and numerical calculations obtaining the characteristics of the experimental setup with dual-in-position valves as parts of adaptive inflow control system, depending on the operating conditions. The flow distribution in the system was also studied with the help of three-dimensional computer model. The control ranges dependences are determined, an influence of the individual elements on the entire system is revealed.
Gondara, Mandeep Kaur
Semantic Web is an open, distributed, and dynamic environment where access to resources cannot be controlled in a safe manner unless the access decision takes into account during discovery of web services. Security becomes the crucial factor for the adoption of the semantic based web services. An access control means that the users must fulfill certain conditions in order to gain access over web services. Access control is important in both perspectives i.e. legal and security point of view. This paper discusses important requirements for effective access control in semantic web services which have been extracted from the literature surveyed. I have also discussed open research issues in this context, focusing on access control policies and models in this paper.
Leahu, Marius Constantin; Stoichescu, D A; Lehmann Miotto, G
ATLAS (A Toroidal LHC Apparatus) is a general-purpose detector for studying high-energy particle interactions: it is the largest particle detector experiment at CERN and it is built around one of the interaction points of the proton beams accelerated by the Large Hadron Collider (LHC). The detector generates an impressive amount of raw data: 64 TB per second as a result of 40 MHz proton-proton collision rate with 1.6 MB data for each such event. The handling of such data rate is managed by a three levels Trigger and Data Acquisition (TDAQ) system, which filters out the events not relevant from physics research point of view and selects in the end in the order of 1000 events per second to be stored for offline analyses. This system comprises a significant number of hardware devices, software applications and human personnel to supervise the experiment operation. Their protection against damages as a result of misuse and their optimized exploitation by avoiding the conflicting accesses to resources are key requ...
Travers, D.; Parham, T.
An emergency department (ED) clinical system was developed by in-house personnel, with ED physician, nursing, registration and clerical staff input. The utilization of existing hardware and customization of the hospital's mainframe hospital information system (HIS) facilitated the implementation of a cost-effective system that meets the information access needs of a busy, state-of-the-art academic ED. The transition to automation of the ED was facilitated through the use of a comprehensive tr...
An important consideration in the design of power reactors is providing access to the reactor cooling system for the purposes of maintenance, repair and refuelling. The major sources of radiation which tend to prohibit such access are: induced activity of the reactor coolant, activated impurities in the reactor coolant and radiation originating in the reactor core both during reactor operation and after shut down. Impurities in the reactor coolant may be present in high enough concentrations so that their activation restricts accessibility for maintenance after shutdown. When water being used as a coolant, the activity of the water itself is very short- lived but their corrosive nature, resultant high impurity and induced activity of structural material are the major source of activity in the system after reactor shutdown. In this case, it may be necessary to chemically remove some of the impurity by a purification process to prevent a build up of long-lived induced activity in the system from restricting access to the plant, and to keep the radiation dose at the working places within the permissible limits. A mathematical modelling is developed. A system of coupled first-order linear differential equations describing adequately the activity behaviour has to be derived and solved. It treats the determination of equilibrium concentrations of impurities on system surface , and the effect of release of fission products from the reactor core
The control system for the Fusion Materials Irradiation Test (FMIT) Facility, under construction at Richland, Washington, uses current techniques in distributed processing to achieve responsiveness, maintainability and reliability. Developmental experience with the system on the FMIT Prototype Accelerator (FPA) being designed at the Los Alamos National Laboratory is described as a function of the system's design goals and details. The functional requirements of the FMIT control system dictated the use of a highly operator-responsive, display-oriented structure, using state-of-the-art console devices for man-machine communications. Further, current technology has allowed the movement of device-dependent tasks into the area traditionally occupied by remote input-output equipment; the system's dual central process computers communicate with remote communications nodes containing microcomputers that are architecturally similar to the top-level machines. The system has been designed to take advantage of commercially available hardware and software
Barz, C.; Todea, C.; Latinovic, T.; Preradovic, D. M.; Deaconu, S.; Berdie, A.
The paper presents the traffic control system controlled through a PLC which takes the signals from different sensors on roads. The global system developed ensures the coordination of four intersections, setting a path that respects coordination type green light, the integration of additional sensors, the implementation of probes radar to inform traffic participants about recommended speed for accessing the green state located in the intersection that will follow to cross.
Full Text Available Nowadays, the concept of big data grows incessantly; recent researches proved that 90% of the whole data existed on the web had been created in last two years. However, this growing bumped by many critical challenges resides generally in security level; the users care about how could providers protect their privacy on their data. Access control, cryptography, and deidentification are the main search areas grouped under a specific domain known as Privacy Preserving Data Publishing. In this paper, we bring in suggestion a new model for access control over big data using digital signature and confidence interval; we first introduce our work by presenting some general concepts used to build our approach then presenting the idea of this report and finally we evaluate our system by conducting several experiments and showing and discussing the results that we got.
Wang, Xin; Zhao, Hai-bin; Xia, Yan; Lu, Hao; Li, Bin
In 2013, CNEOST (China Near Earth Object Survey Telescope) adapted its hardware system for the new CCD camera. Based on the new system architecture, the control software is re-designed and implemented. The software system adopts the messaging mechanism based on the WebSocket protocol, and possesses good flexibility and expansibility. The user interface based on the responsive web design has realized the remote observations under both desktop and mobile devices. The stable operation of the software system has greatly enhanced the operation efficiency while reducing the complexity, and has also made a successful attempt for the future system design of telescope and telescope cloud.
The LHCb collaboration consists of roughly 700 physicists from 52 institutes and universities. Most of the collaborating physicists - including subdetector experts - are not permanently based at CERN. This paper describes the architecture used to publish data internal to the LHCb experiment control- and data acquisition system to the World Wide Web. Collaborators can access the online (sub-) system status and the system performance directly from the institute abroad, from home or from a smart phone without the need of direct access to the online computing infrastructure.
Ahmed N. U.
Full Text Available We present a dynamic modelfor access control mechanism used in computer communication network applied to MPEG video transmission over Internet. This modelis different fromthosedeveloped inthe previous works related to this topic. In our model, token buckets supported by data buffersare used to shape incoming traffic and one multiplexor, serving all the token pools, multiplexes all theconforming traffic. The model is governed by a system of discrete nonlinear difference equations. Weuse neural network as the feedback controller which receives at its input (measurable available information and provides at its output the optimal control. The simulated annealing algorithm isusedto optimize the system performance by adjusting the weights. For illustration, we presentnumerical results which show that the system performance of MPEG video server can be improved by using neural network and simulated annealing approach.
Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen
Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care. PMID:22732236
Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.
杨勇; 汪厚祥; 肖乾
角色访问控制RBAC(Role-Based Access Control)是一种方便、安全、高效的访问控制机制.通过分析RBAC的总体思想和模型,介绍RBAC的特点及应用优势,针对海军驻港部队远程维修支援系统中总体设计框架,着重研究了角色访问控制机制在远程维修支援系统中的设设实现.
The Neural Flight Control System (NFCS) was developed to address the need for control systems that can be produced and tested at lower cost, easily adapted to prototype vehicles and for flight systems that can accommodate damaged control surfaces or changes to aircraft stability and control characteristics resulting from failures or accidents. NFCS utilizes on a neural network-based flight control algorithm which automatically compensates for a broad spectrum of unanticipated damage or failures of an aircraft in flight. Pilot stick and rudder pedal inputs are fed into a reference model which produces pitch, roll and yaw rate commands. The reference model frequencies and gains can be set to provide handling quality characteristics suitable for the aircraft of interest. The rate commands are used in conjunction with estimates of the aircraft s stability and control (S&C) derivatives by a simplified Dynamic Inverse controller to produce virtual elevator, aileron and rudder commands. These virtual surface deflection commands are optimally distributed across the aircraft s available control surfaces using linear programming theory. Sensor data is compared with the reference model rate commands to produce an error signal. A Proportional/Integral (PI) error controller "winds up" on the error signal and adds an augmented command to the reference model output with the effect of zeroing the error signal. In order to provide more consistent handling qualities for the pilot, neural networks learn the behavior of the error controller and add in the augmented command before the integrator winds up. In the case of damage sufficient to affect the handling qualities of the aircraft, an Adaptive Critic is utilized to reduce the reference model frequencies and gains to stay within a flyable envelope of the aircraft.
WANG Bo; HUANG Pei-wei; ZHONG You-ping; QI Ying-hao
Most existing media access control (MAC) protocols in power line communication (PLC) networks just discard the colliding data packets when collision occurs. The collision deteriorates throughput and delay performance of system under high traffic conditions. This article presents a novel media access scheme with fast collision resolution for in-home power line networks. It works by first recognizing the colliding stations through detecting the inserted unique ID sequence ahead of data packets, then the source nodes retransmitting their packets immediately after the collision slot. The proposed protocol maintains the benefits of ALOHA systems. It needs no scheduling overhead and is suitable for bursty sources, such as multimedia data packets. Computer simulations have demonstrated that this approach can achieve high throughput due to its ability of resolving collisions.
Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew
This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.
The ARAC Client System allows users (such as emergency managers and first responders) with commonly available desktop and laptop computers to utilize the central ARAC system over the Internet or any other communications link using Internet protocols. Providing cost-effective fast access to the central ARAC system greatly expands the availability of the ARAC capability. The ARAC Client system consists of (1) local client applications running on the remote user's computer, and (2) ''site servers'' that provide secure access to selected central ARAC system capabilities and run on a scalable number of dedicated workstations residing at the central facility. The remote client applications allow users to describe a real or potential them-bio event, electronically sends this information to the central ARAC system which performs model calculations, and quickly receive and visualize the resulting graphical products. The site servers will support simultaneous access to ARAC capabilities by multiple users. The ARAC Client system is based on object-oriented client/server and distributed computing technologies using CORBA and Java, and consists of a large number of interacting components
周任军; 尹权; 康信文; 李绍金; 陈瑞先; 王蛟
冷、热能只需满足阶段性平衡，而电能则需满足实时平衡。为了提升风电的利用水平和降低风电随机性对电网的影响，提出风电以制热方式和供电方式参与冷热电联供系统(CCHP)供能的供热模式及供电模式。构建并分析风电供能模式控制方法，并对2种供能模式分别建立以包含燃料成本和购电成本的系统运行成本为目标函数的优化模型。考虑风电出力预测偏差，采用α-超分位数方法刻画各随机目标函数，进而建立相应的随机优化模型。通过算例分析风电不同供能模式下的经济效益；研究不同置信水平对系统运行成本的影响。仿真结果为风电供能模式的选择提供了依据；该研究可为智能电网背景下可再生能源的高效合理利用提供新思路。%Cold,heat j ust need to meet periodically balance and power need to meet real-time bal-ance.In order to enhance the utilization of wind energy and reduce the impact of wind random-ness,wind power access to combined cooling heating and power (CCHP)system was proposed in this paper.The wind power was introduced into CCHP system in two ways,that is,heating and power supply,which respectively related to the heating mode and the power mode of CCHP sys-tem.The wind supply mode control system were constructed and analyzed.In order to obtain the decision information for the two kinds of energy supply patterns,the optimization models were established,which utilized system operation costs including fuel costs and purchasing cost as the obj ective functions.Considering prediction bias of wind power output,the random target func-tions were characterized usingα-super quantile method,and the corresponding stochastic optimi-zation models were thus established.By simulation,the economic benefits of the system was ana-lyzed in different energy supply modes,and the influence of system operation cost in different confidence levels was researched
... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access... Prescriptions § 1311.125 Requirements for establishing logical access control—Individual practitioner. (a) At... his two-factor authentication credential to satisfy the logical access controls. The second...
... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access...) Electronic Prescriptions § 1311.130 Requirements for establishing logical access control—Institutional... practitioner that enters permissions for logical access controls into the application. The...
Friction-related problems are frequently encountered in control systems. This thesis treats three aspects of such problems: modeling, analysis, and friction compensation. A new dynamic friction model is presented and investigated. The model is described by a first order nonlinear differential equation with a reasonable number of parameters, yet it captures most of the experimentally observed friction phenomena. The model is suitable both for simulation purposes and control design. Analysis of...
Full Text Available Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the impact of using risk data in policy evaluation and enforcement.
Hunter, Judy; Generous, Curtis; Duncan, Denise
Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited to factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.
Hunter, Judy F.; Generous, Curtis; Duncan, Denise
Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited by factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.
Automatic power stabilization control is the desired objective for any reactor operation , especially, nuclear power plants. A major problem in this area is inevitable gap between a real plant ant the theory of conventional analysis and the synthesis of linear time invariant systems. in particular, the trajectory tracking control of a nonlinear plant is a class of problems in which the classical linear transfer function methods break down because no transfer function can represent the system over the entire operating region . there is a considerable amount of research on the model-inverse approach using feedback linearization technique. however, this method requires a prices plant model to implement the exact linearizing feedback, for nuclear reactor systems, this approach is not an easy task because of the uncertainty in the plant parameters and un-measurable state variables . therefore, artificial neural network (ANN) is used either in self-tuning control or in improving the conventional rule-based exper system.the main objective of this thesis is to suggest an ANN, based self-learning controller structure . this method is capable of on-line reinforcement learning and control for a nuclear reactor with a totally unknown dynamics model. previously, researches are based on back- propagation algorithm . back -propagation (BP), fast back -propagation (FBP), and levenberg-marquardt (LM), algorithms are discussed and compared for reinforcement learning. it is found that, LM algorithm is quite superior
Tarek S. Sobh
Full Text Available As wireless networks access gains popularity in corporate, private and personal networks, the nature of wireless networks opens up new possibilities for network attacks. This paper negotiating Wi-Fi security against scanning of rogue Wi-Fi networks and other related activities and considers the monitoring of Wi-Fi traffic effects. The unauthorized access point (AP problem has raised more attention and resulted in obtaining wireless access without subscriber permission.This work assumes Wi-Fi AP under attack specially rogue AP and/or ad-hoc client. It provides a solution for detecting and preventing this attack. In addition, it provides the required user permissions to allow/block access of the files on the user of ad-hoc client. The experiments include the rogue AP attack are maintained and the effectiveness of the proposed solution are tested.
Osadchiy, Alexey Vladimirovich
This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges...... are arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...... interfacing and signal routing. Equipment and infrastructure simplification was recognized as the path towards more efficient metropolitan and access networks providing a spectrum of high-bandwidth services to large number of users. Several approaches have been proposed and developed in order to enable...
Tiwari, Basant; Kumar, Abhay
Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority.
Tiwari, Basant; Kumar, Abhay
Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority. PMID:26559071
Norjihan Abdul Ghani; Harihodin Selamat; Zailani Mohamed Sidek
The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only tho...
Gispen, Marie Elske C
The world is confronted with a major public health deficit caused by poor access to controlled essential medicines under the international drug control framework. This is affecting millions of patients on a daily basis and resulting in numerous human rights violations. The present review contextualises this deficit from a human rights perspective. Drug control efforts are informed by a twofold objective stemming from the double nature of scheduled substances: free access for medical purposes should be ensured, though non-medical use of substances such as opium should be restricted. The international drug control framework is, in theory, based on this twofold notion, however at the level of interpretation, monitoring, and implementation, a one-sided emphasis is demonstrated. By tracing a parallel between the obligations of states under the international drug control framework and those that derive from human rights law, the review shows that the two systems seem incoherent and conflicting in nature and flags the importance of cross-disciplinary research into drug control and human rights.
Full Text Available Access control policies [ACPs] regulate the access to data and resources in information systems. These ACPs are framed from the functional requirements and the Organizational security & privacy policies. It was found to be beneficial, when the ACPs are included in the early phases of the software development leading to secure development of information systems. Many approaches are available for including the ACPs in requirements and design phase. They relied on UML artifacts, Aspects and also Feature for this purpose. But the earlier modeling approaches are limited in expressing the evolving ACPs due to organizational policy changes and business process modifications. In this paper, we analyze, whether “Feature”- defined as an increment in program functionality can be used as a modeling entity to represent the Evolving Access control requirements. We discuss the two prominent approaches that use Feature in modeling ACPs. Also we have a comparative analysis to find the suitability of Features in the context of changing ACPs. We conclude with our findings and provide directions for further research.
Albertos, Pedro; Blanke, Mogens; Isidori, Alberto; Schaufelberger, Walter; Sanz, Ricardo
The world of artificial systems is reaching complexity levels that es cape human understanding. Surface traffic, electricity distribution, air planes, mobile communications, etc. , are examples that demonstrate that we are running into problems that are beyond classical scientific or engi neering knowledge. There is an ongoing world-wide effort to understand these systems and develop models that can capture its behavior. The reason for this work is clear, if our lack of understanding deepens, we will lose our capability to control these systems and make they behave as we want. Researchers from many different fields are trying to understand and develop theories for complex man-made systems. This book presents re search from the perspective of control and systems theory. The book has grown out of activities in the research program Control of Complex Systems (COSY). The program has been sponsored by the Eu ropean Science Foundation (ESF) which for 25 years has been one of the leading players in stimula...
Proton Engineering Frontier Project (PEFP) has developed a 20MeV proton accelerator, and established a distributed control system based on EPICS for sub-system components such as vacuum unit, beam diagnostics, and power supply system. The control system includes a real-time monitoring and alarm functions. From the aspect of a efficient maintenance of a control system and a additional extension of subsystems, EPICS software framework was adopted. In addition, a control system should be capable of providing an easy access for users and a real-time monitoring on a user screen. Therefore, we have implemented a new web-based monitoring server with several libraries. By adding DB module, the new IOC web monitoring system makes it possible to monitor the system through the web. By integrating EPICS Channel Access (CA) and Database libraries into a Database module, the web-based monitoring system makes it possible to monitor the sub-system status through user's internet browser. In this study, we developed a web based monitoring system by using EPICS IOC (Input Output Controller) with IBM server
This paper describes a human engineering design and analysis effort for a major security system upgrade at a DOE facility. This upgrade was accomplished by replacing an obsolete and poorly human engineered security screening both the with a new, user oriented, semiautomated, computer-based access control system. Human factors engineers assisted the designer staff in specifying a security access interface to physically and cognitively accommodate all employees which included handicapped individuals in wheel chairs, and several employees who were severely disabled, both visually and aurally. The new access system was intended to control entry into sensitive exclusion areas by requiring personnel to enter a security screening booth and interact with card reader devices and a-simple-to-operate access control panel system. Extensive man-machine testing with prototype mock-ups was conducted to assess human engineered design features and to illuminate potentially confusing or difficult-to-operated hardware placement, layout, and operation sequencing. These evaluations, along with the prototype mock-ups, provided input which resulted in a prototype which was easy to enter, operate, and understand by end users. This prototype later served as the design basis for the final systems design
Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly
Algrain, Marcelo C. (Dunlap, IL)
Turbocompound systems can be used to affect engine operation using the energy in exhaust gas that is driving the available turbocharger. A first electrical device acts as a generator in response to turbocharger rotation. A second electrical device acts as a motor to put mechanical power into the engine, typically at the crankshaft. Apparatus, systems, steps, and methods are described to control the generator and motor operations to control the amount of power being recovered. This can control engine operation closer to desirable parameters for given engine-related operating conditions compared to actual. The electrical devices can also operate in "reverse," going between motor and generator functions. This permits the electrical device associated with the crankshaft to drive the electrical device associated with the turbocharger as a motor, overcoming deficient engine operating conditions such as associated with turbocharger lag.
Peng, Xue-hai; Lin, Chuang
Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.
Since 1982 the GANIL heavy ion accelerator has been under the control of 16-bit minicomputers MITRA, programmable logic controllers and microprocessorized Camac controllers, structured into a partially centralized system. This control system has to be renewed to meet the increasing demands of the accelerator operation which aims to provide higher quality ion beams under more reliable conditions. This paper gives a brief description of the existing control system and then discusses the main issues of the design and the implementation of the future control system: distributed powerful processors federated through Ethernet and flexible network-wide database access, VME standard and front-end microprocessors, enhanced color graphic tools and workstation based operator interface
Kiilerich Pratas, Nuno; Thomsen, Henning; Popovski, Petar
In this chapter, we describe and discuss the current LTE random access procedure and the Radio Access Network Load Control solution within LTE/LTE-A. We provide an overview of the several considered load control solutions and give a detailed description of the standardized Extended Access Class...... Barring solution. We then provide a brief overview of the Load Control solutions provided by the Enhanced Packet Core (EPC) Network and how they intertwine with the Extended Access Barring at the Enhanced Universal Terrestrial Radio Access Network (E-UTRAN). We also provide an outlook on the current 3GPP...... efforts in regards to MTC related load control issues....
Ahmad Budi Setiawan
Full Text Available WIPAS (Wireless Internet Protocol Accsess System adalah salah satu teknologi pita lebar (broadband yang terbaru. Teknologi tersebut dikembangkan berdasarkan model point-to-multipoint access system pada jaringan nirkabel tetap atau Fixed Wireless Access (FWA dengan memanfaatkan pita frekuensi 26-GHz. Dengan besarnya pita frekuensi yang digunakan, teknologi WIPAS dapat menampung kapasitas akses untuk lalu lintas jaringan yang sangat besar. Dalam penelitian ini akan dikaji dan dievaluasi efektifitas penggunaan teknologi WIPAS melalui kasus pemanfaatan teknologi WIPAS untuk pemberdayaan komunitas di kota Malang. Dalam penelitian ini juga akan dideskripsikan pemanfaatan teknologi WIPAS untuk melihat manfaat penggunaan teknologi tersebut. Penelitian ini dilakukan dengan metode kualitatif dengan melakukan evaluasi terhadap infrastruktur yang telah dibangun untuk melihat efektifitas pemanfaatan WIPAS. Hasil penelitian ini adalah sebuah kajian evaluatif tentang pemanfaatan WIPAS di kota Malang dan rekomendasi untuk implementasi lebih lanjut.
Saffarian, Mohsen; Sadighi, Babak
Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based admin
Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew
This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an a
Kunte, P.D.; Narvekar, P.
information ? Reasonable execution speed for mana g ing/accessing high volume of data ? A flexible and multi - track querying system ? Facilities to save, open, e dit and resubmit the query ? Plotting the queried data on the map with zoom, pan.... Following are four major software modules: ? Data import module ? Query builder or search module ? Data visualization and download module ? Data management (administrative) module. On execution of the GPDAMS program, the main t i tle screen...
Large scale production of accessible media above and beyond DAISY Talking Books requires management of the workflow from the initial scan to the output of the media production. DAISY Producer was created to help manage this process. It tracks the transformation of hard copy or electronic content to DTBook XML at any stage of the workflow and interfaces to existing order processing systems. Making use of DAISY Pipeline and Liblouis, DAISY Producer fully automates the generation of on-demand, u...
Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.
Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang
A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.
Full Text Available In Internet of Things, computing and processing of information is the core supporting. In this paper, we introduce “Service-Oriented Computing” to solve the computing and processing of information in IoT. However, a key challenge in service-oriented environment is the design of effective access control schemas.We put forward a model of Workflow -oriented Attributed Based Access Control (WABAC, and an access control framework based on WABAC model. WABAC model grants and adapts permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Control (MAC) protocols that are following the receiver-initiated paradigm of asynchronous communication. According to the receiver-initiated paradigm the communication is initiated by the receiver that states its availability to receive data through beacons. The sender is passively listening...... to the channel until it receives the beacon of interest. In this context, the dissertation begins with an in-depth survey of all the receiverinitiated MAC protocols and presents their unique optimization features, which deal with several challenges of the link layer such as mitigation of the energy consumption......-efficient features that aim to adapt the consumed energy to match the harvested energy, distribute the load with respect to the harvested energy, decrease the overhead of the communication, address the requirements for collision avoidance, prioritize urgent traffic and secure the system against beacon replay attacks...
在实现基于角色访问控制(Role-Based Access control,RBAc)的系统中,由于判断程序的权限仅仅根据启动该程序的角色,故一旦该程序有安全漏洞并被攻击,入侵者就会攫取该角色的全部权限进行权限滥用.该文提出程序角色(process role)的概念,并构建出动态生成程序角色的DKPRF(Double Knowledge based Process Role Frame)框架,有效地限制了RBAC中权限的滥用.
在大型信息管理系统中,后台数据库的安全访问至关重要.通过分析基于角色的访问控制(role-based access control,RBAC)模型结构,提出并设计了大型管理系统中数据库安全访问控制的方法.使用角色定义有效地确定了不同用户在系统中的访同权限,有利于实现系统中各成员的职能分工和系统安全运行.
Locke, S. M.; Cohen, L.; Lightbody, N.
ACCESS Earth is an intensive summer institute for high school students with disabilities and their teachers that is designed to encourage students with disabilities to consider careers in earth system science. Participants study earth system science concepts at a Maine coastal estuary, using Geographic Information Systems, remote sensing, and field observations to evaluate the impacts of climate change, sea level rise, and development on coastal systems. Teachers, students, and scientists work together to adapt field and laboratory activities for persons with disabilities, including those with mobility and visual impairments. Other sessions include demonstrations of assistive technology, career discussions, and opportunities for students to meet with successful scientists with disabilities from throughout the U.S. The summer institute is one of several programs in development at the University of Southern Maine to address the problem of underrepresentation of people with disabilities in the earth sciences. Other projects include a mentoring program for high school students, a web-based clearinghouse of resources for teaching earth sciences to students with disabilities, and guidebooks for adaptation of popular published earth system science curricula for disabled learners.
Full Text Available Problem statement: Resource management is one of the most important engineering issues in 3G systems where multiple traffic classes are supported each being characterized by its required Quality of Service (QoS parameters. Call Admission Control (CAC is one of the resource management functions, which regulates network access to ensure QoS provisioning. Efficient CAC is necessary for the QoS provisioning in WCDMA environment. The effective functioning of WCDMA systems is influenced by the power control utility. Approach: In this study, we propose to design a fuzzy logic based power control for Wideband Code Division Multiple Access Wireless Networks. This proposed technique is aimed at multiple services like voice, video and data for multiclass users. The fuzzy logic technique is used to estimate the optimal admissible users group inclusive of optimum transmitting power level. This technique reduces the interference level and call rejection rate. Results: By simulation results, we demonstrate that the proposed technique achieve reduced energy consumption for a cell with increased throughput. Conclusion: The proposed technique minimizes the power consumption and call rejection rate.
An incoherent control scheme for state control of locally controllable quantum systems is proposed. This scheme includes three steps: (1) amplitude amplification of the initial state by a suitable unitary transformation, (2) projective measurement of the amplified state, and (3) final optimization by a unitary controlled transformation. The first step increases the amplitudes of some desired eigenstates and the corresponding probability of observing these eigenstates, the second step projects, with high probability, the amplified state into a desired eigenstate, and the last step steers this eigenstate into the target state. Within this scheme, two control algorithms are presented for two classes of quantum systems. As an example, the incoherent control scheme is applied to the control of a hydrogen atom by an external field. The results support the suggestion that projective measurements can serve as an effective control and local controllability information can be used to design control laws for quantum systems. Thus, this scheme establishes a subtle connection between control design and controllability analysis of quantum systems and provides an effective engineering approach in controlling quantum systems with partial controllability information.
Clark, K.; Larsen, E.V.; Wegner, C.A.; Piwko, R.J.
A modular thyristor controlled series capacitor (TCSC) system, including a method and apparatus, uses phase controlled firing based on monitored capacitor voltage and line current. For vernier operation, the TCSC system predicts an upcoming firing angle for switching a thyristor controlled commutating circuit to bypass line current around a series capacitor. Each bypass current pulse changes the capacitor voltage proportionally to the integrated value of the current pulse. The TCSC system promptly responds to an offset command from a higher-level controller to control bypass thyristor duty to minimize thyristor damage, and to prevent capacitor voltage drift during line current disturbances. In a multi-module TCSC system, the higher level controller accommodates competing objectives of various system demands, including minimizing losses in scheduling control, stabilizing transients, damping subsynchronous resonance (SSR) oscillations, damping direct current (DC) offset, and damping power-swings. 67 figs.
Zhai, Shumin; Milgram, Paul
A project to develop a telerobotic `virtual control' capability, currently underway at the University of Toronto, is described. The project centers on a new mode of interactive telerobotic control based on the technology of combining computer generated stereographic images with remotely transmitted stereoscopic video images. A virtual measurement technique, in conjunction with a basic level of digital image processing, comprising zooming, parallax adjustment, edge enhancement, and edge detection has been developed to assist the human operator in visualization of the remote environment and in spatial reasoning. The aim is to maintain target recognition, tactical planning, and high-level control functions in the hands of the human operator with the computer performing low-level computation and control. Control commands initiated by the operator are implemented through manipulation of a virtual image of the robot system, merged with a live video image of the remote scene. This paper discusses the philosophy and objectives of the project, with emphasis on the underlying human factor considerations in the design, and reports the progress made to date in this effort.
The present invention concerns an electromotive driving-type control rod driving system of a BWR type reactor, for which sliding resistance (friction) test can be performed of a movable portion of the control rod driving mechanisms. Namely, a hydraulic pressure control unit has following constitutions in addition to a conventional constitution as a sliding resistance test performing function. (1) A restricting valve is disposed downstream of the scram valve of scram pipelines to control flow rate and pressure of pressurized water flown in the pipelines. (2) A pressure gauge detects a pressure between the scram valve and the restricting valve. (3) A flow meter detects the flow rate of pipelines controlled by the restricting valve. (4) A recording pressure detector detects the pressure at the downstream of the restricting valve. (5) The recording device is attached when the sliding resistant test is performed for tracing the pressure measured by the pressure detection device. Further, the scram valve sends electric signals to a central operation chamber when it is fully closed. The central operation chamber has a function of fully opening the restricting valve by way of the electric signals. (I.S.)
The theory of controlled quantum open systems describes quantum systems interacting with quantum environments and influenced by external forces varying according to given algorithms. It is aimed, for instance, to model quantum devices which can find applications in the future technology based on quantum information processing. One of the main problems making difficult the practical implementations of quantum information theory is the fragility of quantum states under external perturbations. The aim of this note is to present the relevant results concerning ergodic properties of open quantum systems which are useful for the optimization of quantum devices and noise (errors) reduction. In particular we present mathematical characterization of the so-called "decoherence-free subspaces" for discrete and continuous-time quantum dynamical semigroups in terms of $C^*$-algebras and group representations. We analyze the non-Markovian models also, presenting the formulas for errors in the Born approximation. The obtain...
Full Text Available We investigate the licensed shared access (LSA concept based spectrum sharing ideas between public safety (PS and commercial radio systems. While the concept of LSA has been well developed, it has not been thoroughly investigated from the public safety (PS users’ point of view, who have special requirements and also should benefit from the concept. Herein, we discuss the alternatives for spectrum sharing between PS and commercial systems. In particular, we proceed to develop robust solutions for LSA use cases where connections to the LSA system may fail. We simulate the proposed system with different failure models. The results show that the method offers reliable LSA spectrum sharing in various conditions assuming that the system parameters are set properly. The paper gives guidelines to set these parameters.
Tabatabaei Yazdi, S. M. Hossein; Yuan, Yongbo; Ma, Jian; Zhao, Huimin; Milenkovic, Olgica
We describe the first DNA-based storage architecture that enables random access to data blocks and rewriting of information stored at arbitrary locations within the blocks. The newly developed architecture overcomes drawbacks of existing read-only methods that require decoding the whole file in order to read one data fragment. Our system is based on new constrained coding techniques and accompanying DNA editing methods that ensure data reliability, specificity and sensitivity of access, and at the same time provide exceptionally high data storage capacity. As a proof of concept, we encoded parts of the Wikipedia pages of six universities in the USA, and selected and edited parts of the text written in DNA corresponding to three of these schools. The results suggest that DNA is a versatile media suitable for both ultrahigh density archival and rewritable storage applications.
OUYANG Kai; ZHOU Jing-li; XIA Tao; YU Sheng-sheng
With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the internal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that ifone vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem.To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC-the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC's constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.
Full Text Available There have been various navigation and tracking systems being developed with the help of technologies like GPS, GSM, Bluetooth, IR, Wi-Fi and Radar. Outdoor positioning systems have been deployed quite successfully using GPS but positioning systems for indoor environments still do not have widespread deployment due to various reasons. Most of these use only a single technology for positioning but using more than one in cooperation with each other is always advantageous for obtaining greater accuracy. Particularly, the ones which use Bluetooth are better since they would enhance the scalability of such a system because of the fact that this technology is in use by the common people so it would always be easy to track them. Moreover it would also reduce the hardware installation cost to some extent. The systemthat has been introduced here uses bluetooth primarily for positioning and tracking in combination with Wi-Fi access points. The reason that makes the commercial application of such a system easier and cheaper is that most of the localized areas today like college campus, offices are being provided withinternet connectivity using these access points.
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...... to complexity and dynamics of device identities. ICAC is implemented for 802.11 and results shows that ICAC has less scalability issues and better performance analysis compared with other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against...
Information about accelerator operations and the control system resides in various formats in a variety of places on the lab network. There are operating procedures, technical notes, engineering drawings, and other formal controlled documents. There are programmer references and API documentation generated by tools such as doxygen and javadoc. There are the thousands of electronic records generated by and stored in databases and applications such as electronic logbooks, training materials, wikis, and bulletin boards and the contents of text-based configuration files and log files that can also be valuable sources of information. The obvious way to aggregate all these sources is to index them with a search engine that users can then query from a web browser. Toward this end, the Google "mini" search appliance was selected and implemented because of its low cost and its simple web-based configuration and management. In addition to crawling and indexing electronic documents, the appliance provides an API that has been used to supplement search results with live control system data such as current values of EPICS process variables and graphs of recent data from the archiver.
Rosich Minguell, Josefina; Garzón Lopez, Francisco
The Mid-resolution InfRAreD Astronomical Spectrograph (MIRADAS, a near-infrared multi-object echelle spectrograph operating at spectral resolution R=20,000 over the 1-2.5μm bandpass) was selected in 2010 by the Gran Telescopio Canarias (GTC) partnership as the next-generation near-infrared spectrograph for the world's largest optical/infrared telescope, and is being developed by an international consortium. The MIRADAS consortium includes the University of Florida, Universidad de Barcelona, Universidad Complutense de Madrid, Instituto de Astrofísica de Canarias, Institut de Física d'Altes Energies, Institut d'Estudis Espacials de Catalunya and Universidad Nacional Autónoma de México. This paper shows an overview of the MIRADAS control software, which follows the standards defined by the telescope to permit the integration of this software on the GTC Control System (GCS). The MIRADAS Control System is based on a distributed architecture according to a component model where every subsystem is selfcontained. The GCS is a distributed environment written in object oriented C++, which runs components in different computers, using CORBA middleware for communications. Each MIRADAS observing mode, including engineering, monitoring and calibration modes, will have its own predefined sequence, which are executed in the GCS Sequencer. These sequences will have the ability of communicating with other telescope subsystems.
Ma Weiguo; Shao Cheng
The robust H∞ control for networked control systems with both stochastic network-induced delay and data packet dropout is studied.When data are transmitted over network,the stochastic data packet dropout process can be described by a two-state Markov chain.The networked control systems with stochastic network-induced delay and data packet dropout are modeled as a discrete time Markov jump linear system with two operation modes.The sufficient condition of robust H∞ control for networked control systems stabilized by state feedback controller is presented in terms of linear matrix inequality.The state feedback controller can be constructed via the solution of a set of linear matrix inequalities.An example is given to verify the effectiveness of the method proposed.
Berriman, G. B.; Kong, M.; Good, J. C.
The On-Line Archive Science Information Services (OASIS) is accessible as a java applet through the NASA/IPAC Infrared Science Archive home page. It uses Geographical Information System (GIS) technology to provide data fusion and interaction services for astronomers. These services include the ability to process and display arbitrarily large image files, and user-controlled contouring, overlay regeneration and multi-table/image interactions. OASIS has been optimized for access to distributed archives and data sets. Its second release (June 2002) provides a mechanism that enables access to OASIS from "third-party" services and data providers. That is, any data provider who creates a query form to an archive containing a collection of data (images, catalogs, spectra) can direct the result files from the query into OASIS. Similarly, data providers who serve links to datasets or remote services on a web page can access all of these data with one instance of OASIS. In this was any data or service provider is given access to the full suite of capabilites of OASIS. We illustrate the "third-party" access feature with two examples: queries to the high-energy image datasets accessible from GSFC SkyView, and links to data that are returned from a target-based query to the NASA Extragalactic Database (NED). The second release of OASIS also includes a file-transfer manager that reports the status of multiple data downloads from remote sources to the client machine. It is a prototype for a request management system that will ultimately control and manage compute-intensive jobs submitted through OASIS to computing grids, such as request for large scale image mosaics and bulk statistical analysis.
Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank
Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC
Hawks, Carol Pitts
Discusses issues and procedures involved in auditing the automated acquisitions system at Ohio State University Libraries. The audit process is explained, internal controls within the system are identified, general control mechanisms such as limited electronic access are discussed, and application control mechanisms that relate to specific…
Logan, J.B., Fluor Daniel Hanford
This is a direct revision to Rev. 0 of the BLTC Control System Software. The entire document is being revised and released as HNF-SD-FF-CSWD-025, Rev 1. The changes incorporated by this revision include addition of a feature to automate the sodium drain when removing assemblies from sodium wetted facilities. Other changes eliminate locked in alarms during cold operation and improve the function of the Oxygen Analyzer. See FCN-620498 for further details regarding these changes. Note the change in the document number prefix, in accordance with HNF-MD-003.
MATLAB is a high-level language and environment for numerical computation, visualization, and programming. Using MATLAB, you can analyze data, develop algorithms, and create models and applications. The language, tools, and built-in math functions enable you to explore multiple approaches and reach a solution faster than with spreadsheets or traditional programming languages, such as C/C++ or Java. MATLAB Control Systems Engineering introduces you to the MATLAB language with practical hands-on instructions and results, allowing you to quickly achieve your goals. In addition to giving an in
Full Text Available At the center of core technologies for a future cyber world, such as Internet of Things (IoT or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC-based electronic payments. Near-field Communication (NFC integrated payment services collect the payment information of the credit card and the location information to generate patterns in the user’s consumption or movement through big data technology. Based on such pattern information, tailored services, such as advertisement, are offered to users. However, there is difficulty in controlling access to personal information, as there is a collaborative relationship focused on the trusted service manager (TSM that is close knit to shared personal information. Moreover, in the case of Hadoop, among the many big data analytical technologies, it offers access control functions, but not a way to authorize the processing of personal information, making it impossible to grant authority between service providers to process information. As such, this paper proposes a key generation and distribution method, as well as a secure communication protocol. The analysis has shown that the efficiency was greater for security and performance compared to relation works.
Onsrud, H.; Campbell, J.; Van Loenen, B.
Access to earth observation data has become critically important for the wellbeing of society. A major impediment to achieving widespread sharing of earth observation data is lack of an operational web-wide system that is transparent and consistent in allowing users to legally access and use the ear
Hovater, C.; Chowdhary, M.; Karn, J.; Tiefenback, M.; Zeijts, J. van; Watson, W.
The CEBAF accelerator at Thomas Jefferson National Accelerator Facility (Jefferson Lab) successfully began its experimental nuclear physics program in November of 1995 and has since surpassed predicted machine availability. Part of this success can be attributed to using the EPICS (Experimental Physics and Industrial Control System) control system toolkit. The CEBAF control system is one of the largest accelerator control system now operating. It controls approximately 338 SRF cavities, 2,300 magnets, 500 beam position monitors and other accelerator devices, such as gun hardware and other beam monitoring devices. All told, the system must be able to access over 125,000 database records. The system has been well received by both operators and the hardware designers. The EPICS utilities have made the task of troubleshooting systems easier. The graphical and test-based creation tools have allowed operators to custom build control screens. In addition, the ability to integrate EPICS with other software packages, such as Tcl/Tk, has allowed physicists to quickly prototype high-level application programs, and to provide GUI front ends for command line driven tools. Specific examples of the control system applications are presented in the areas of energy and orbit control, cavity tuning and accelerator tune up diagnostics.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...
Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres
new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....
Ismael Gomes Cardoso
Full Text Available Even though the use of recommender systems is already widely spread in several application areas, there is still a lack of studies for accessibility research field. One of these attempts to use recommender system benefits for accessibility needs is Vulcanus. The Vulcanus recommender system uses similarity analysis to compare user's trails. In this way, it is possible to take advantage of the user's past behavior and distribute personalized content and services. The Vulcanus combined concepts from ubiquitous computing, such as user profiles, context awareness, trails management, and similarity analysis. It uses two different approaches for trails similarity analysis: resources patterns and categories patterns. In this work we performed an asymptotic analysis, identifying Vulcanus' algorithm complexity. Furthermore we also propose improvements achieved by dynamic programming technique, so the ordinary case is improved by using a bottom-up approach. With that approach, many unnecessary comparisons can be skipped and now Vulcanus 2.0 is presented with improvements in its average case scenario.
Full Text Available As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. The proposed model is a context-centric access control solutions, context is the first-class principle that explicitly guides both policy specification and enforcement process. In order to handle context information in the model, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. As well as, this paper specifies access control policies as rules over ontologies representing the concepts introduced in the SCBAC model, and uses semantic web rule language (SWRL to form policy rule and infer those rules by JESS inference engine. The proposed model can also be applied to context-aware applications.
Discusses the problems of access to information in a machine-sensible environment, and the potential of modern library techniques to help in solving them. Explains how authors and publishers can make information more accessible by providing indexing information that uses controlled vocabulary, terms from a thesaurus, or other linguistic assistance…
Linbo XIE; Huajing FANG; Ying ZHENG
The guaranteed cost control problem for networked control systems (NCSs) is addressed under communication constraints and varying sampling rate. First of all, a simple information-scheduling scheme is presented to describe the scheduling approach of system signals in NCSs. Then, based on such a scheme and given sampling method, the design procedure in dynamic output feedback manner is also derived which renders the closed loop system to be asymptotically stable and guarantees an upper bound of the LQ performance cost function.
U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. E-Cigarette LegislationâYouth...
Gordon, Stephen S. (Inventor)
An optically controlled welding system (10) wherein a welding torch (12) having through-the-torch viewing capabilities is provided with an optical beam splitter (56) to create a transmitted view and a reflective view of a welding operation. These views are converted to digital signals which are then processed and utilized by a computerized robotic welder (15) to make the welding torch responsive thereto. Other features includes an actively cooled electrode holder (26) which minimizes a blocked portion of the view by virtue of being constructed of a single spoke or arm (28) and a weld pool contour detector (14) comprising a laser beam directed onto the weld pool with the position of specular radiation reflected therefrom being characteristic of a penetrated or unpenetrated condition of the weld pool.
SHI Jing; YING Xiwen
The accessibility of a destination-based transportation system is defined to quantify the perform-ance of transportation systems which access a distinct destination. The access cost is used to reflect the utility of the transportation system including the fatigue and inconvenience in the total cost. The cost is quan-tified by two coefficients which represent the different characteristics of various people. The average cost and the income-relative accessibility are used to describe various aspects of the accessibility and to evaluate the accessibility of a destination-based system. A case study uses data from the Kunming transpor-tation system to evaluate the accessibility of the present city airport. The calibrated coefficients are then used to evaluate the transportation system to the new Kunming international airport. The results show that this transportation accessibility evaluation can be combined with transportation planning to study transporta-tion sub-systems.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...
Ramli, Carroline Dewi Puspa Kencana
XACML (eXtensible Access Control Markup Language) is a prominent access control language that is widely adopted both in industry and academia. XACML is an international standard in the field of information security. The problem with XACML is that its specification is described in natural language...... (c.f. GM03,Mos05,Ris13) and manual analysis of the overall effect and consequences of a large XACML policy set is a very daunting and time-consuming task. In this thesis we address the problem of understanding the semantics of access control policy language XACML, in particular XACML version 3.0. The...... main focus of this thesis is modelling and analysing access control policies in XACML 3.0. There are two main contributions in this thesis. First, we study and formalise XACML 3.0, in particular the Policy Decision Point (PDP). The concrete syntax of XACML is based on the XML format, while its standard...
This book describes how control of distributed systems can be advanced by an integration of control, communication, and computation. The global control objectives are met by judicious combinations of local and nonlocal observations taking advantage of various forms of communication exchanges between distributed controllers. Control architectures are considered according to increasing degrees of cooperation of local controllers: fully distributed or decentralized control, control with communication between controllers, coordination control, and multilevel control. The book covers also topics bridging computer science, communication, and control, like communication for control of networks, average consensus for distributed systems, and modeling and verification of discrete and of hybrid systems. Examples and case studies are introduced in the first part of the text and developed throughout the book. They include: control of underwater vehicles, automated-guided vehicles on a container terminal, contro...
Bai,Fengshuang; Yin,Yixin; Tu,Xuyan; Zhang,Ying
This paper provides the system and conception of the Personification Control System (PCS) on the basis of Intelligent Control System based on Artificial life (ICS/AL), Artificial Emotion, Humanoid Control, and Intelligent Control System based on Field bus. According to system science and deciding of organize of biology, the Pyramid System of PCS are created. Then Pyramid System of PCS which is made up of PCS1/H, PCS1/S, PCS1/O, PCS1/C and PCS1/G is described.
XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying
Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.
Pang, Jun; Zhang, Yang
The popularity of online social networks (OSNs) makes the protection of users' private information an important but scientifically challenging problem. In the literature, relationship-based access control schemes have been proposed to address this problem. However, with the dynamic developments of OSNs, we identify new access control requirements which cannot be fully captured by the current schemes. In this paper, we focus on public information in OSNs and treat it as a new dimension which u...
Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon
Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.
There have been various navigation and tracking systems being developed with the help of technologies like GPS, GSM, Bluetooth, IR, Wi-Fi and Radar. Outdoor positioning systems have been deployed quite successfully using GPS but positioning systems for indoor environments still do not have widespread deployment due to various reasons. Most of these use only a single technology for positioning but using more than one in cooperation with each other is always advantageous for obtaining greater accuracy. Particularly, the ones which use Bluetooth are better since they would enhance the scalability of such a system because of the fact that this technology is in use by the common people so it would always be easy to track them. Moreover it would also reduce the hardware installation cost to some extent. The system that has been introduced here uses Bluetooth primarily for positioning and tracking in combination with Wi-Fi access points. The reason that makes the commercial application of such a system easier and ch...
Ellis, Wilbert E.
Viewgraphs on thermal control systems technology discipline for Space Station Freedom are presented. Topics covered include: heat rejection; heat acquisition and transport; monitoring and control; passive thermal control; and analysis and test verification.
Enegren, T.; Burge, R.; Dohan, D.A.
New rf systems planned for installation at TRIUMF in the near future include a third harmonic flat-topping system, a fourth harmonic booster cavity and an rf extraction deflector operating at the 11.5 MHz subharmonic of the main frequency. A new modular rf control concept is being adopted to develop the basic building blocks for each of the required rf control systems. One of the main design considerations is that all parameters are to be accessible and controllable by an external central computer. This will permit the computer to utilize expert systems and adaptive control techniques for remote debugging and loop parameter optimization. In order to carry out diagnostics on individual rf systems it is necessary that the control system be totally operational in a local manual mode, independent of the central computer with smooth transitions between computer and local control. This paper discusses the design of the new control system and its application to a full power flat-topping rf model cavity.
Teune, Ronald; Roy, Rajeev; Etten, van Wim
An implementation of control and management for a reconfigurable photonic access network is presented. An out of band control channel is used on which an IP communication is established to communicate with remote elements. A Headend based master controller communicates with a far end embedded proces
... Exchange Commission 17 CFR Part 240 Risk Management Controls for Brokers or Dealers With Market Access... Regulations#0;#0; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls.... The required financial risk management controls and supervisory procedures must be reasonably...
A control system for HIMAC injector has been designed. The system consists of three mini-computers and many intelligent device controllers. The device controller is a single-board computer with a real time monitor and is installed in each device. Almost man-machine interactions for an operation of the injector system are performed by touch panels and rotary encoders. (author)
Wallett, Thomas M.
This paper surveys and describes some of the existing media access control and data link layer technologies for possible application in lunar surface communications and the advanced wideband Direct Sequence Code Division Multiple Access (DSCDMA) conceptual systems utilizing phased-array technology that will evolve in the next decade. Time Domain Multiple Access (TDMA) and Code Division Multiple Access (CDMA) are standard Media Access Control (MAC) techniques that can be incorporated into lunar surface communications architectures. Another novel hybrid technique that is recently being developed for use with smart antenna technology combines the advantages of CDMA with those of TDMA. The relatively new and sundry wireless LAN data link layer protocols that are continually under development offer distinct advantages for lunar surface applications over the legacy protocols which are not wireless. Also several communication transport and routing protocols can be chosen with characteristics commensurate with smart antenna systems to provide spacecraft communications for links exhibiting high capacity on the surface of the Moon. The proper choices depend on the specific communication requirements.
Ruj, Sushmita; Stojmenovic, Ivan
We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The ac...
Bekara, Kheira; Laurent, Maryline; Nguyen, Than Ha
Until today, the protection of personal data is mainly left to the legislation by means of guidelines. This paper aims to increase the perceived control by users over their data by helping the user's agent to check the service requests conformity to the legislation. To do so, it discusses the main concepts involved in the legislative privacy principles, and deduces a privacy semantic information model. The proposed model focuses on the main concepts involved in legislative privacy principles....
CERN Neyrac Films
English version. Part of the series of films produced by CERN about the SPS. "More than 10.000 things to control, 7,00 things to measure and 30,000 ? to survey, distributed over more than 10 square km. That was the problem which faced the controls group." Comments: images of control room, computer screens, and computer centre rather dark
Mahmoud, Magdi S.; Rahman, Mohamed Saif Ur; AL-Sunni, Fouad M.
The microgrid has made its mark in distributed generation and has attracted widespread research. However, microgrid is a complex system which needs to be viewed from an intelligent system of systems perspective. In this paper, a network control system of systems is designed for the islanded microgrid system consisting of three distributed generation units as three subsystems supplying a load. The controller stabilises the microgrid system in the presence of communication infractions such as packet dropouts and delays. Simulation results are included to elucidate the effectiveness of the proposed control strategy.
Deng Dan; Lv Xingzai; Zhu Jinkang
Comprehensive study on novel Linear-Dispersion Division Multiple-Access (LDDMA) for multi-user uplink Multiple-Input Multiple-Output (MIMO) systems is proposed. In the new multi- plexing scheme, each user's information symbol is dispersed by a User-Specific Matrix (USM) both in space and time domain and linearly combined at base-station side. And a simple random search al- gorithm, based on capacity maximization criteria, is developed to generate a bank of USMs. Simulation results are presented to demonstrate the advantages of LDDMA. When the Bit Error Rate (BER) reaches 10, the performance gains are 3dB and 5dB, compared with Time-Division Linear Dispersion Codes (TD-LDC) and BLAST, respectively.
Full Text Available This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical.
Furukawa, Kazuro; Kadokura, Eiichi; Kurashina, Miho; Mikawa, Katsuhiko; Nakamura, Tatsuro; Odagiri, Jun-ichi; Satoh, Masanori; Suwada, Tsuyoshi
KEKB completed all of the technical milestones, and had offered important insights into the flavor structure of elementary particles, especially the CP violation. The accelerator control system at KEKB and injector linac was initiated by a combination of scripting languages at the operation layer and EPICS at the equipment layer. During the project many features were implemented to achieve extreme performance out of the machine. Especially the online linkage to the accelerator simulation played an essential role. In order to further improve the reliability and flexibility two major concepts were additionally introduced later in the project, namely the channel access everywhere and the dual-tier controls. Based on the improved control system a concept of virtual accelerators were realized that enables the single injector linac serve as three separate injectors to KEKB HER, LER and Photon Factory, respectively. Those control technologies are indispensable for the future particle accelerators.
Bui, Thanh; Aura, Tuomas
There has recently been a flood of interest in potential new applications of blockchains, as well as proposals for more generic designs called public ledgers. Most of the novel proposals have been in the financial sector. However, the public ledger is an abstraction that solves several of the fundamental problems in the design of secure distributed systems: global time in the form of a strict linear order of past events, globally consistent and immutable view of the history, and enforcement o...
Horváth, A; Schulz, M; Horvath, Andras; Leonardi, Emanuele; Schulz, Markus
During the last years large farms have been built using commodity hardware. This hardware lacks components for remote and automated administration. Products that can be retrofitted to these systems are either costly or inherently insecure. We present a system based on serial ports and simple machine controlled relays. We report on experience gained by setting up a 50-machine test environment as well as current work in progress in the area.
LIANGBin; SHIWenchang; SUNYufang; SUNBo
Using one security model to enforce another is a prospective solution to multi-policy support. In this paper, an approach to the enforcing Clark-Wilson data integrity model in the Role-based access control (RBAC) model is proposed. An enforcement construction with great feasibility is presented. In this construction, a direct way to enforce the Clark-Wilson model is provided, the corresponding relations among users, transformation procedures, and constrained data items are strengthened; the concepts of task and subtask are introduced to enhance the support to least-privilege. The proposed approach widens the applicability of RBAC. The theoretical foundation for adopting Clark-Wilson model in a RBAC system with small cost is offered to meet the requirements of multi-policy support and policy flexibility.
Phan, Khoa Tran; van der Schaar, Mihaela
Distributed medium access control (MAC) protocols are essential for the proliferation of low cost, decentralized wireless local area networks (WLANs). Most MAC protocols are designed with the presumption that nodes comply with prescribed rules. However, selfish nodes have natural motives to manipulate protocols in order to improve their own performance. This often degrades the performance of other nodes as well as that of the overall system. In this work, we propose a class of protocols that limit the performance gain which nodes can obtain through selfish manipulation while incurring only a small efficiency loss. The proposed protocols are based on the idea of a review strategy, with which nodes collect signals about the actions of other nodes over a period of time, use a statistical test to infer whether or not other nodes are following the prescribed protocol, and trigger a punishment if a departure from the protocol is perceived. We consider the cases of private and public signals and provide analytical a...
Moreno Sanchez, Pedro; Marin Lopez, Rafa; Gomez Skarmeta, Antonio F
Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices. PMID:24189332
Moreno Sanchez, Pedro; Marin Lopez, Rafa; Gomez Skarmeta, Antonio F
Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices.
The PS complex consists of 10 different interconnected accelerators or storage rings, mainly controlled by the same distributed system of NORD-10 and ND-100 minicomputers. After a brief outline of the hardware, this report gives a detailed description of the system software, which is based on the SINTRAN III operating system. It describes the general layout of the software, the network, CAMAC access, programming languages, program development, and microprocessor support. It concludes with reviews of performance, documentation, organization and methods, and future prospects. (orig.)
Wang Xiaoming; Cheng Fan
A group-oriented access control scheme is proposed for P2P (peer to peer) networks. In the proposed scheme, authentication control, admission control and revocation control are used in order to provide security services for P2P networks. Moreover, the proposed scheme can simply and efficient establish share key between two members without interactions, therefore it can perform secure communications with them. The analysis of security and performance shows that the proposed scheme not only can...
Yu, Xianbin; Gibbon, Timothy Braidwood; Tafur Monroy, Idelfonso
We demonstrate a RSOA based WDM radio-over-fiber, bidirectional system for wireless access networks. The multi-functionalities of a RSOA, such as colorless operation, re-modulation and envelope detection, make wireless access nodes more compact.......We demonstrate a RSOA based WDM radio-over-fiber, bidirectional system for wireless access networks. The multi-functionalities of a RSOA, such as colorless operation, re-modulation and envelope detection, make wireless access nodes more compact....
Trusted IP equipment proposed access control technology is proposed in this paper. The adoption of this technology can achieve a medium-sized enterprise information network for all IP devices in the management and control of access behavior. The system based on Linux system Python language to develop and management of end users in the Web interface through the IP visual resource planning, allocation, and can be used to develop a variety of IP strategy.The system realizes the information network for all IP devices on the access behavior of the control, in control, thus enhancing the security of information networks.%提出了IP设备可信接入控制技术.通过该技术的应用,实现了大中型企业信息网络中所有IP设备的接入行为的管理与控制,系统采用基于Linux系统的Python语言进行开发,用户在Web管理端通过可视化的界面进行IP资源的规划、分配,同时可以制定各种IP使用策略.系统实现了对信息网所有IP设备接入行为的可控、在控,从而提高了信息网络的安全性.
Eskeland, Sigurd; Prasad, Neeli R.
Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered...... to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover......, the hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....
Eskeland, Sigurd; Prasad, Neeli R.
property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover, the......Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered to be the...... hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....
The paper explores the effect of unrestricted access to the birth control pill on young people’s career plans, using annual surveys of college freshmen from 1968 to 1980. In particular it addresses the question of who was affected by the introduction of the birth control pill by looking at career...... access to the pill is found to be on non-white students, both among men and women. The paper uses Census Data to compare the changes in career plans to actual changes in labor market outcomes. When looking at the actual career outcomes, early access to the pill affects both men and women - shifting...... plans of both men and women, and by separating the effect by level of academic ability, race and family income. The results show that unrestricted access to the pill caused high ability women to move towards occupations with higher wages, higher occupational prestige scores and higher male ratios...
Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman
Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data.
Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman
Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data. PMID:24109934
Ray, R. B.
OPMILL program is operating system for Kearney and Trecker milling machine providing fast easy way to program manufacture of machine parts with IBM-compatible personal computer. Gives machinist "equation plotter" feature, which plots equations that define movements and converts equations to milling-machine-controlling program moving cutter along defined path. System includes tool-manager software handling up to 25 tools and automatically adjusts to account for each tool. Developed on IBM PS/2 computer running DOS 3.3 with 1 MB of random-access memory.
Rahmouni, Hanene Boussi; Odeh, Mohammed; McClatchey, Richard
There is widespread agreement that cloud computing have proven cost cutting and agility benefits. However, security and regulatory compliance issues are continuing to challenge the wide acceptance of such technology both from social and commercial stakeholders. An important facture behind this is the fact that clouds and in particular public clouds are usually deployed and used within broad geographical or even international domains. This implies that the exchange of private and other protected data within the cloud environment would be governed by multiple jurisdictions. These jurisdictions have a great degree of harmonisation; however, they present possible conflicts that are hard to negotiate at run time. So far, important efforts were played in order to deal with regulatory compliance management for large distributed systems. However, measurable solutions are required for the context of cloud. In this position paper, we are suggesting an approach that starts with a conceptual model of explicit regulatory ...
Foerster, Carl A.
The application of access controls on internal information necessarily impacts the availability of that information for sharing inside the enterprise. The decisions establishing the degree of control are a crucial first step to balance the requirements to protect and share. This research develops a set of basic decision factors and examines other…
Preuveneers, Davy; Joosen, Wouter
The exponential data growth in intelligent environments fueled by the Internet of Things is not only a major push behind distributed programming frameworks for big data, it also magnifies security and privacy concerns about unauthorized access to data. The huge diversity and the streaming nature of data raises the demand for new enabling technologies for scalable access control that can deal with the growing velocity, volume and variety of volatile data. This paper presents SparkXS, ...
Introduction: The provision of specially formatted materials is a complex and increasingly difficult task, given the extensive and burgeoning range of texts and resources available for classroom use. The need to extend the provision of accessible formats to include digital resources (in addition to braille, audio, and large print) led to a study…
Burgos, Estrella [Instituto de Investigaciones Electricas, Cuernavaca (Mexico)
Almost two third of the electric power generation in Mexico are obtained from hydrocarbons, for that reasons Comision Federal de Electricidad (CFE) dedicated special commitment in modernizing the operation of fossil fuel central stations. In attaining this objective the control systems play a fundamental roll, from them depend a good share of the reliability and the efficiency of the electric power generation process, as well as the extension of the equipment useful life. Since 1984 the Instituto de Investigaciones Electricas (IIE) has been working, upon the request of CFE, on the development of digital control systems. To date it has designed and implemented a logic control system for gas burners, which controls 32 burners of the Unit 4 boiler of the Generation Central of Valle de Mexico and two systems for distributed control for two combined cycle central stations, which are: Dos Bocas, Veracruz Combined cycle central, and Gomez Palacio, Durango combined cycle central. With these two developments the IIE enters the World tendency of implementing distributed control systems for the fossil fuel power central update [Espanol] Casi las dos terceras partes de la generacion electrica en Mexico se obtienen a partir de hidrocarburos, es por eso que la Comision Federal de Electricidad (CFE) puso especial empeno en modernizar la operacion de las centrales termoelectricas de combustibles fosiles. En el logro de este objetivo los sistemas de control desempenan un papel fundamental, de ellos depende una buena parte la confiabilidad y la eficiencia en el proceso de generacion de energia electrica, asi como la prolongacion de la vida util de los equipos. Desde 1984 el Instituto de Investigaciones Electricas (IIE) ha trabajado, a solicitud de la CFE, en el desarrollo de sistemas digitales de control. A la fecha se han disenado e implantado un sistema de control logico de quemadores de gas, el cual controla 32 quemadores de la caldera de la unidad 4 de la central de generacion
Madsen, Jacob Theilgaard; Barradas Berglind, Jose de Jesus; Madsen, Tatiana Kozlova;
is connected via a communication network to the sensors and actuators on the asset. Such a distributed control scheme may be implemented over a communication network that introduces delay and possibly also message loss. In this paper, we look at the impact of such an imperfect communication network on a wind...... farm controller. The controller attempts to reduce fatigue on the wind turbine, which is used as a measure of the controller performance. Via simulation analysis, we show the degradation of the controller performance when subject to network delays. We analyse different access strategies useable...... by the controller to gather sensor information and and quantitatively characterize the impact of these access strategies on the controller performance...
Control systems being developed for the present generation of accelerators will need to adapt to changing machine and operating state conditions. Such systems must also be capable of evolving over the life of the accelerator operation. In this paper we present a framework for the development of adaptive control systems
Richardson, Joshua E; Richardson, Joshua Edwin; Ash, Joan S; Ash, Joan
Hands Free Communication Device (HFCD) systems are a relatively new information and communication technology. HFCD systems enable clinicians to directly contact and communicate with one another using wearable, voice-controlled badges that are VoIP-based (voice-over IP) and are linked to one another over a wireless local area network (WLAN). This qualitative study utilized a grounded theory, multiple perspectives approach to understand how the use of HFCDs affected communication in the hospitals that implemented them. The study generated five themes revolving around HFCDs impact on communication. This paper specifically focuses on two of those themes: Communication Access and Control. PMID:18999046
Barinova, Vera; Kalegaev, Vladimir; Parunakian, David
In this paper we present the system for automated data retrieval and processing developed in the the Skobeltsyn Institute of Nuclear Physics. Telemetry data files containing scientific information (e.g. charged particle fluxes) are auto-matically parsed and stored in our Oracle database immediately upon arrival. Parsed telemetry files, metadata, instrument technical information and orbital parameters are also stored. Most of the data can be accessed via our public FTP server. Users can preview the data available for time intervals and channels of interest using the web interface provided. The preview plot building software has also been developed in-house. This system has been successfully used in 2009 with the following spacecraft and instru-ments: Electron-M-Pesca at Coronas-Photon (Electrons 200KeV -4 MeV+; Protons : 4 MeV -80MeV+ ;α : 5 -24 MeV/nucleon; CNO : 6 -15MeV/nucleon), DUFIK at Tatiana-2 (electrons, infrared 600nm ¡ ¡ 700nm and ultraviolet 300nm ¡ ¡ 400nm), MSGI and SKL at Meteor-M (10 spectral channels: 0,5-12,5 µm ). The data collections are available at http://smdc.sinp.msu.ru for visual preview and download.
Webb Penelope A; Hodgkinson Matt J
Abstract BMC Systems Biology is the first open access journal spanning the growing field of systems biology from molecules up to ecosystems. The journal has launched as more and more institutes are founded that are similarly dedicated to this new approach. BMC Systems Biology builds on the ongoing success of the BMC series, providing a venue for all sound research in the systems-level analysis of biology.
Webb Penelope A
Full Text Available Abstract BMC Systems Biology is the first open access journal spanning the growing field of systems biology from molecules up to ecosystems. The journal has launched as more and more institutes are founded that are similarly dedicated to this new approach. BMC Systems Biology builds on the ongoing success of the BMC series, providing a venue for all sound research in the systems-level analysis of biology.
This brief considers recent results on optimal control and stabilization of systems governed by hyperbolic partial differential equations, specifically those in which the control action takes place at the boundary. The wave equation is used as a typical example of a linear system, through which the author explores initial boundary value problems, concepts of exact controllability, optimal exact control, and boundary stabilization. Nonlinear systems are also covered, with the Korteweg-de Vries and Burgers Equations serving as standard examples. To keep the presentation as accessible as possible, the author uses the case of a system with a state that is defined on a finite space interval, so that there are only two boundary points where the system can be controlled. Graduate and post-graduate students as well as researchers in the field will find this to be an accessible introduction to problems of optimal control and stabilization.
Motta, Gustavo H.; Furuie, Sergio S.
Designing proper models for authorization and access control for the electronic patient record (EPR) is essential to wide scale use of the EPR in large health organizations. This work presents MAAC (Middleware for Authentication and Access Control), a tool that implements a contextual role-based access control (RBAC) authorization model. RBAC regulates user"s access to computers resources based on their organizational roles. A contextual authorization uses environmental information available at access-request time, like user/patient relationship, in order to decide whether a user has the right to access an EPR resource. The software architecture where MAAC is implemented uses Lightweight Directory Access Protocol, Java programming language and the CORBA/OMG standards CORBA Security Service and Resource Access Decision Facility. With those open and distributed standards, heterogeneous EPR components can request user authentication and access authorization services in a unified and consistent fashion across multiple platforms.
Hetel, Laurentiu; Daafouz, Jamal; Johansson, Karl
This edited monograph includes state-of-the-art contributions on continuous time dynamical networks with delays. The book is divided into four parts. The first part presents tools and methods for the analysis of time-delay systems with a particular attention on control problems of large scale or infinite-dimensional systems with delays. The second part of the book is dedicated to the use of time-delay models for the analysis and design of Networked Control Systems. The third part of the book focuses on the analysis and design of systems with asynchronous sampling intervals which occur in Networked Control Systems. The last part of the book exposes several contributions dealing with the design of cooperative control and observation laws for networked control systems. The target audience primarily comprises researchers and experts in the field of control theory, but the book may also be beneficial for graduate students. .