A prototype voice verification system has been installed which provides the required positive identification at the main site access control point. This system compares an individual's file voice print with a sample voice print obtained from the individual when an attempt is made to enter the site. The voice system transmits the individual's identify to a central processor. The system installed at the Barnwell Nuclear Fuel Plant is described
A prototype voice verification system has been installed which provides the required positive identification at the main site access control point. This system compares an individual's file voice print with a sample voice print obtained from the individual when an attempt is made to enter the site. The voice system transmits the individual's identity to a central processor. The central processor associates that individual's authorization file with a card-key obtained at the access point. The system generates a record of personnel movement, provides a personnel inventory on a real-time basis, and it can retrieve a record of all prior events. The system installed at the Barnwell Nuclear Fuel Plant is described
An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release
Bowers, Dan M
Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed
Ferreira, Ana; Chadwick, David W; Antunes, Luis
The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to...
Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan
The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.
Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems
Bradley, R. G.
Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems.
Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary,
The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described
Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This . paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functionality goals are examined. Next, critical features of the system architecture and its handling of the authorization process are then examined. Then the S A M L and XACML standards, as incorporated into the system, are analyzed. Finally, the future directions of this project are outlined and connection points with general components of an authorization system are highlighted.
ZHENG Xiao-lin; LEI Yu; CHEN De-ren
An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.
Bzorgi, Fariborz M.
An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.
Mr. SANTHOSH S
Full Text Available Radio frequency identification (RFID technology has helped many organizations to reduce cost. Nevertheless, there are challenges and issues associated with RFID adoption. The most common internal challenge for many organizations is justifying the investment and modification of processes. The focus of this project is to show the business value of RFID technology and its applications. The important issue is the security level of the whole campus because it needs to be carefully differentiated. Dormitories and special research laboratories should benefit from higher levels of security than any other campuses. The key to the problem is represented by the new Radio Frequency Identification (RFID which can support contactless cards with memory. The most important feature of the proposed system is the updating of access permission level at any time for the user based on the availability of that user. The data transfer from the reader to the database was done using wireless communication (RF communication. To achieve this here RF transmitter and the RF receiver is used. The data which is read by the reader is sent to the microcontroller. Then from the controller we can transfer the data to the database by using the UART module (serial communication which is inbuilt in the microcontroller through RF transmitter. RF receiver of the same frequency at the receiver end receives and then stores the data in the database. RF transmitter and Receiver – frequency for transmitting and receiving the data depends on the user as per the requirement for the application and it is based on the range of distance. For the data encoding and decoding process HCS-101 protocol is used.
Al-Neyadi, Fahed; Abawajy, Jemal H.
E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.
Prasanna H Bammigatti
Full Text Available Role -based access control (RBAC has been introduced in the last few years, and offers a powerful means of specifying access control decisions. The model of RBAC usually assumes that, if there is a role hierarchy then access rights are inherited upwards through the hierarchy. In organization workflow the main threat is of access control. The Role based access control is one of the best suitable access control model one can think of. It is not only the role hierarchies but also other control factors that affect the access control in the workflow. The paper discusses the control factors and role hierarchies in workflow and brings a new model of RBAC. This paper also over comes the conflicts and proves that the system is safe by applying the new model to the workflow
Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (∼3000), roles (∼320), groups (∼80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.
Valsan, M. L.; Dobson, M.; Lehmann Miotto, G.; Scannicchio, D. A.; Schlenker, S.; Filimonov, V.; Khomoutnikov, V.; Dumitru, I.; Zaytsev, A. S.; Korol, A. A.; Bogdantchikov, A.; Avolio, G.; Caramarcu, C.; Ballestrero, S.; Darlea, G. L.; Twomey, M.; Bujor, F.
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.
Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.
The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.
Kawamura, Hiroko; Hirata, Yasuki [Kyushu Univ., Fukuoka (Japan). Radioisotope Center; Kondo, Takahiro; Takatsuki, Katsuhiro
We applied a new fingerprint checker for complete access control to the radiation controlled area and to the radioisotope storage room, and prepared softwares for the best use of this checker. This system consists of a personal computer, access controllers, a fingerprint register, fingerprint checkers, a tenkey and mat sensors, permits ten thousand users to register their fingerprints and its hard disk to keep more than a million records of user`s access. Only 1% of users could not register their fingerprints worn-out, registered four numbers for a fingerprint. The softwares automatically provide varieties of reports, caused a large reduction in manual works. (author)
This document describes the project to implement at CERN new trends in industrial control systems and integrate new requirements and functions requested by users. This project will be the testing ground for the specification of procedures in the Access Control and Machine Interlock of LHC. The last modification in the Access Control System to the primary beam areas was made in 1995, and this new project is to improve the fields of personal security, access security and the introduction of modern communication networks used in the industrial control systems. Inside the cycle model of project life, it is at the present time in the test phase in terms of security and exploitation inside the Accelerator Decelerator (AD) project. The presence of Authorization Management System (AMS) to guarantee the automatic information distribution of authorizations to controlled areas is in line with this project.
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.
Full Text Available The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management of internal functions is of the same importance as external service management. It is very troublesome to control authorizations merely with attributes and composition of policies introduced from attribute-based access control (ABAC. So, we introduce a united access control model for systems in collaborative commerce, combining the advantages of conventional role-based access control (RBAC, task-based authentication control (TBAC and that of recent ABAC and automated trust negotiation (ATN. Innovational ideas in the model are analyzed, and the implement architecture is discussed. The paper concludes with a summary of the united model’s benefits and future work.
Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D. [Argonne National Lab., IL (United States). Advanced Photon Source
The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS`s design philosophy, configuration, hardware, functionality, validation requirements, and operational experience.
Wang Peng; Jiang Lingyun
As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for...
Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio
Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555
Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian
Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.
Lauri I.W. Pesonen
Full Text Available Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. Large scale publish/subscribe systems are likely to employ components of the event transport network owned by cooperating, but independent organisations. As the number of participants in the network increases, security becomes an increasing concern. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. This paper extends our previous work to present and evaluate a secure multi-domain publish/subscribe infrastructure that supports and enforces fine-grained access control over the individual attributes of event types.
Reed, Robert K; Bell, Jayce C
The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061
Ruo-Fei Han; Hou-Xiang Wang; Qian Xiao; Xiao-Pei Jing; Hui Li
The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management...
... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...
...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10 a.m.-4..., Airport Security Access Control Systems. The agenda will include the following: February 9, 2012...
Full Text Available Over the years, e-learning and e-examination has become standard in many institutions of higher learning. It has been observed that examination questions and results can be easily intercepted by invalid users, thus the security of resources shared among valid users is not guaranteed. In order to solve these problems as it relates to access control, a Role based Examination System (RBES was designed, developed and evaluated. RBES attempted to solve the security issue by the combination of two authentication techniques: text-based authentication and graphical password authentication. The Text-based authentication utilizes two text-based parameters namely the username and password. The graphical password authentication makes use of a finite set of controls (RBES chooses radio buttons which are identified by numbers. These numbers constitute the password used for graphical authentication. To improve on resource sharing among users in the examination system, RBES proposes role management (role creation, role update, role removal and user management (user creation, user update and user removal. The developed system made use of asp.net, C#, IIS server, WAMP server, Mysql and other tools for its development. RBES was tested by some legitimate and illegitimate users and the performance of the system was found to be satisfactory, hence RBES shows an efficient and reliable scheme that can be deployed in any examination or e-learning system. Finally the potential threats to the system were modeled and the use of weak passwords was found to be the most likely threat the system could be vulnerable to.
... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...
Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.
Korolev I. D.
Full Text Available In this article we consider the usage of HRU access matrix changing system allowing for information security system which makes mandatory access control in case of information security analysis by using an automatic classification of formalized documents in the system of electronic document management
Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh
There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.
Nuclear facilities such as nuclear power plants or fuel processing facilities are required to maintain accurate records of personnel access, exposure and work performed. Most facilities today have some sort of computerized data collection system for radiation dose and access control. The great majority rely on handwritten records, i.e., dose card or sign-in sheet which in turn are transferred to a computerized records management system manually. The ARCPAS terminal provides a method for automating personnel exposure data collection and processing. The terminal is a user interactive device which contains a unit for automatically reading and zeroing pocket dosemeters, a security badge reader for personnel identification, a 16 digit key pad for RWP information entry, a high resolution color CRT for interactive communication and a high speed tape printer providing an entry chit. The chit provides the individual worker with a record of the transaction including an individual identifying number, remaining dose for the quarter or period and RWP under which the worker entered the controlled area. The purpose of automating the access control is to provide fast, accurate, realtime data to the records management system. A secondary purpose is to relieve trained health physics technicians of control point duties so that their training and skills can be utilized more effectively in a facility's health physics program
This paper gives an overview of workflow management systems (WfMSs) and their security requirements with focus on access mechanisms. It is a descriptive paper in which we examine the state of the art of workflow systems, describe what security risks affect WfMSs in particular, and how these can be diminiuished. WfMSs manage, illustrate and support business processes. They contribute to the performance, automation and optimization of processes, which is important in the global economy today. ...
Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim
Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...
Anton Baláž; Branislav Madoš; Michal Ambróz
The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by pr...
The control system of Shanghai Synchrotron Radiation Facility (SSRF) is a large-scale distributed real-time control system, It involves many types and large amounts of real-time data access during the operating. Database system has wide application prospects in the large-scale accelerator control system. It is the future development direction of the accelerator control system, to replace the differently dedicated data structures with the mature standardized database system. This article discusses the application feasibility of database system in accelerators based on the database interface technology, real-time data access testing, and system optimization research and to establish the foundation of the wide scale application of database system in the SSRF accelerator control system. Based on the database interface technology, real-time data access testing and system optimization research, this article will introduce the application feasibility of database system in accelerators, and lay the foundation of database system application in the SSRF accelerator control system. (authors)
Affine connection control systems are mechanical control systems that model a wide range of real systems such as robotic legs, hovercrafts, planar rigid bodies, rolling pennies, snakeboards and so on. In 1997 the accessibility and a particular notion of controllability was intrinsically described by A. D. Lewis and R. Murray at points of zero velocity. Here, we present a novel generalization of the description of accessibility algebra for those systems at some points with nonzero velocity as long as the affine connection restricts to the distribution given by the symmetric closure. The results are used to describe the accessibility algebra of different mechanical control systems.
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13, 2012... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15, 2012... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from 9... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Second Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21, 2013... Federal Aviation Administration Nineteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28, 2012... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10, 2013... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security...
... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published in... Rulemaking Proceeding The Digital Millennium Copyright Act, Public Law 105-304 (1998), amended title 17...
Full Text Available SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1 role name conflicts (2 cross-level management (3 the isomerism of tenants' access control (4 temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.
This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad
Nagarajan, Anand; Jensen, Christian D.
infrastructure in a software domain in a manufacturer independent manner as well as establishing secure communication and authenticating the other parties in electrical power infrastructures, but they do not address the problem of access control. We therefore propose a generic model for access control in wind...... power systems, which is based on the widely used role-based access control model. The proposed model is tested using a prototype designed in conformance with the standards that are in use in modern wind power infrastructure and the results are presented to determine the overhead in communication caused...... while adhering to the proposed access model....
Wu, Guowei; Xia, Feng; Yao, Lin
Access control is an issue of paramount importance in cyber-physical systems (CPS). In this paper, an access control scheme, namely FEAC, is presented for CPS. FEAC can not only provide the ability to control access to data in normal situations, but also adaptively assign emergency-role and permissions to specific subjects and inform subjects without explicit access requests to handle emergency situations in a proactive manner. In FEAC, emergency-group and emergency-dependency are introduced. Emergencies are processed in sequence within the group and in parallel among groups. A priority and dependency model called PD-AGM is used to select optimal response-action execution path aiming to eliminate all emergencies that occurred within the system. Fault-tolerant access control polices are used to address failure in emergency management. A case study of the hospital medical care application shows the effectiveness of FEAC.
The existence and use of software and networks have generated another possibility for perpetrators to influence systems in nuclear facilities or to prepare malevolent acts. Data security has become an element of physical protection plans, not as an end in itself but as a means to achieve physical protection objectives. Physical protection measures are additional measures, which become necessary when other measures that have to be taken (e.g. in compliance with international standards) are insufficient to prevent a hazard to the protection goals through data manipulation by software and hardware. In planning or assessing data protection measures for the purpose of physical protection, it is necessary to differentiate between applications which can, if manipulated, directly endanger the protection goals. The importance of software protection is growing. In particular, because of ageing of components, the existing instrumentation and control systems with their fixed wiring and discrete elements will have to be updated. Computerized access control systems play an eminent role in the physical protection of a nuclear facility. Therefore, most systems are operated as islands. The paper shows that linking of certain systems with other computer systems is possible without inadmissible drawbacks for the physical protection level. It is shown by means of the example of linking together the computer networks of access control, health physics, the flexitime system, the key administration and the operational management system that such linking of systems in nuclear facilities had hidden advantages for all participants
A Positron Emission Tomography Centre is being established at the Austin Hospital, Melbourne. The cyclotron vault and hotcell laboratories have been categorized according to the National Council on Radiation Protection and Measurements guidelines for access control to radiation areas. An access control system incorporating visual alarm systems, signs, barriers and interlocks has been designed for the safe operation of the Centre. These features are briefly described. 6 refs., 1 fig
The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.
Bassil, S.; Reichert, M.U.; Bobrik, R.; Bauer, Th.
Integrated process support is highly desirable in environ- ments where data related to a particular (business) process are scattered over distributed and heterogeneous information systems (IS). A process monitoring component is a much-needed module in order to provide an integrated view on all these
Radio Frequency Identification (RFID) makes great flexibility and high efficiency for data acquisition in industry and daily life. At the other side, it brings the privacy risks and multiple tags collision issue. Current research in RFID system focuses on the security and privacy issue which is based on authentication protocols between a tag and a Reader. There is a need to design a reasonable protocol which takes care of both multi-tag anti-collision and security issue. This thesis presen...
Bian, Kaigui; Gao, Bo
This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing. From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources. Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems. • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...
This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule
A database is used to implement the interface between the control system and the accelerator and to provide flexibility in configuring the I/O. This flexibility is necessary to allow the control system to keep pace with the changing requirements that are inherent in an experimental environmental environment. This is not achieved without cost. Problems often associated with using databases are painful data entry, poor performance, and embedded knowledge of the database structure in code throughout the control system. This report describes how the database configuration, access, conversion, and execution in the Ground Test Accelerator (GTA) Control System overcome these problems. 2 figs
Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.
The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to b
Indira Gandhi Centre for Atomic Research houses many laboratories which handle radioactive materials and classified materials. Protection and accounting of men and material and critical facilities are important aspect of nuclear security. Access Control System (ACS) is used to enhance the protective measures against elevated threat environment. Access control system hardware consists of hand geometry readers, RFID readers, Controllers, Electromagnetic door locks, Turnstiles, fiber cable laying and termination etc. Access Control System controls and monitors the people accessing the secured facilities. Access Control System generates events on: 1. Showing of RFID card, 2. Rotation of turnstile, 3. Download of valid card numbers, 4. Generation of alarms etc. Access control system turnstiles are located in main entrance of a facility, entrance of inside laboratory and door locks are fixed on secured facilities. Events are stored in SQL server database. From the events stored in database a novel technique is developed to extract events and list the persons in a particular facility, list all entry/exit events on one day, list the first in and last out entries. This paper discusses the complex multi level group by queries and software developed to extract events from database, locate persons and generate reports. Software is developed as a web application in ASP.Net and query is written in SQL. User can select the doors, type of events and generate reports. Reports are generated using the master data stored about employees RFID cards and events data stored in tables. Four types of reports are generated 1. Plant Emergency Report, 2. Locate User Report, 3. Entry - Exit Report, 4. First in Last out Report. To generate plant emergency report for whole plant only events generated in outer gates have to be considered. To generate plant emergency report for inside laboratory, events generated in entrance gates have to be ignored. (author)
Probst, Christian W.; Hansen, René Rydhof
common tool to answer this question, analysis of log files, faces the problem that the amount of logged data may be overwhelming. This problems gets even worse in the case of insider attacks, where the attacker’s actions usually will be logged as permissible, standard actions—if they are logged at all....... Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set...
Full Text Available Access control systems using the latest biometric technologies can offer a higher level of security than conventional password-based systems. Their widespread deployments, however, can severely undermine individuals' rights of privacy. Biometric signals are immutable and can be exploited to associate individuals' identities to sensitive personal records across disparate databases. In this paper, we propose the Anonymous Biometric Access Control (ABAC system to protect user anonymity. The ABAC system uses novel Homomorphic Encryption (HE based protocols to verify membership of a user without knowing his/her true identity. To make HE-based protocols scalable to large biometric databases, we propose the k-Anonymous Quantization (kAQ framework that provides an effective and secure tradeoff of privacy and complexity. kAQ limits server's knowledge of the user to k maximally dissimilar candidates in the database, where k controls the amount of complexity-privacy tradeoff. kAQ is realized by a constant-time table lookup to identity the k candidates followed by a HE-based matching protocol applied only on these candidates. The maximal dissimilarity protects privacy by destroying any similarity patterns among the returned candidates. Experimental results on iris biometrics demonstrate the validity of our framework and illustrate a practical implementation of an anonymous biometric system.
Ahmadi, Mohammad Reza
Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.
The U.S. Department of Energy's (DOE's) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by many different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location's level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals
A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority will be...
Full Text Available Aiming at three kinds of Internet-based system quality problems, which is performance, liability and security, the paper proposes a kind of test template during multi-user login and resource access control, which includes test requirement, login script, role-resource correlating and mutation test technique. Some Internet-based systems are tested and diagnosed by automation test technique of test template. At last, system quality can be verified and improved through the realization mechanism of test template.
C Narendra, Nanjangud
With increasing numbers of organizations automating their business processes by using workflow systems, security aspects of workflow systems has become a heavily researched area. Also, most workflow processes nowadays need to be adaptive, i.e., constantly changing, to meet changing business conditions. However, little attention has been paid to integrating Security and Adaptive Workflow. In this paper, we investigate this important research topic, with emphasis on Role Based Access Control (R...
Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin
This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...
As long as nuclear fission has been used for energy production, substantial efforts have been made to protect the critical process and nuclear materials from unauthorized access. Electronic systems have been designed to assist security staff in access control and have become increasingly sophisticated as technology has advanced. With the latest access control systems being fully computerized, new questions of computer security have arisen. The paper outlines the latest trends in computer based access control systems, demonstrates where these systems are vulnerable to hacking attacks, and provides guidance on what can be done to avoid the introduction of new computer technologies creating back doors to bypass physical plant and material protection. (author)
YU Yi-fan; YIN Chang-chuan; YUE Guang-xin
Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%～80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.
Olusegun Folorunso; Olusegun Afeez Mustapha
Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC) strategy and fuzzy-expert systems was used to enhance the qu...
Full Text Available Secure buildings are currently protected from unauthorized access by a variety of devices. Even though there are many kinds of devices to guarantee the system safety such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures, the people voice can also be used. The ability to verify the identity of a speaker by analyzing speech, or speaker verification, is an attractive and relatively unobtrusive means of providing security for admission into an important or secured place. An individuals voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. Due to these advantages, this paper describes design and prototyping a voice-based door access control system for building security. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the users identity claim or possibly to report insufficient confidence and request additional input before making the decision. Furthermore, intelligent system approach is used to develop authorized person models based on theirs voice. Particularly Adaptive-Network-based Fuzzy Inference Systems is used in the proposed system to identify the authorized and unauthorized people. Experimental result confirms the effectiveness of the proposed intelligent voice-based door access control system based on the false acceptance rate and false rejection rate.
KEKB (KEK B-factory) accelerators are under construction and the control computer system for them is also in the last phase of installation. KEKB accelerators are composed of two storage rings, namely, HER (High Energy Ring for electrons of 8 GeV) and LER (Low Energy Ring for positrons of 3.5 GeV). These rings are placed in the underground tunnel in which former TRISTAN electron-positron colliding accelerator was. We have been constructing control system for KEKB from the scratch based on EPICS (Experimental Physics and Industrial Control Systems). But, for the injector linac, its control computer system was rejuvenated just a few years ago and it is not an EPICS based system but an original one. To operate KEKB accelerators, tuning of the linac as the injector for the KEKB rings is thought to be very essential. Ideally, KEKB control system can control both KEKB rings and linac. And both operators at linac control room and at KEKB control room should be able to monitor and adjust equipment of the other accelerators. For that purpose, we have to develop suitable method in between two systems to communicate with each other. In the EPICS collaborations, there is a Portable CA (Channel Access) Server for EPICS developed at Los Alamos National Laboratory for SUN workstations. We decided to modify it for our purposes and have been implementing it to KEKB control system step by step. And now, we can monitor and set magnetic field of Q-magnets in the linac, control beam transport magnets in the linac beam line, control klystrons, and measure beam positions by strip-line monitors through EPICS. In the near future, other equipment of the linac will be added to the CA server before the commissioning of the KEKB rings. (author)
Ookubo, S.; Nakai, Y.; Oohira, N.; Kishishita, S. [Tokyo Electric power Co., Tokyo (Japan); Kobayashi, H.; Sano, F. [Fuji Electric Co., Tokyo (Japan); Masuda, M.; Tajima, T.; Oohira, K. [Toshiba Corporation, Tokyo (Japan)
A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No. 2 Nuclear Power Station of Tokyo Electric Power Co., Inc. since October, 1999. The system is designed to reduce workers burden by simplifying the operation of each equipment that controls access to radiation controlled areas, and to minimize radiation exposure by automatically acquiring dose data during each access and each task. The new system adopted electronic personal dosimeters (gamma radiation EPD) which permit data collection by radio communication, thus improving the conventional alarm-equipped personal dosimeter (EPD) and increasing reliability as primary dosimeters. Furthermore, additional electronic personal dosimeters capable of measuring beta radiation (gamma and beta radiations EPD) were also utilized in specific tasks in October 2001. After a six-month test run of these EPDs, the film badges were discontinued in April 2002 and replaced solely with the EPDs. EPDs are now used as the primary dosimetry for radiation workers.
Chang, Si Young; Lee, B. J.; Kim, B. H.; Kim, J. S.; Lee, K. C.; Kang, B. H.; Kim, C. K.; Ham, C. S.; Kwon, K. C.; Park, W. M.; Kim, C. H.; Kim, J. T.; Koo, C. H.; Park, S. J.; Kim, T. W
In this paper an electronic personal dosimeter(EPD) adopt in a PIN type silicon semiconductor as a radiation detector has been developed, designed and a prototype dosimeter has been manufactured. A series of performance test of this EPD on reference radiation field has been carried out. A dosimeter reader which reads the radiation dose from EPD and make a real time access control in connection with the entrance door to radiation controlled area has been developed, designed and manufactured. S/W program supporting hangul (Korean language) has been developed to operate the EPD and reader system with a personal computer. (author)
In this paper an electronic personal dosimeter(EPD) adopt in a PIN type silicon semiconductor as a radiation detector has been developed, designed and a prototype dosimeter has been manufactured. A series of performance test of this EPD on reference radiation field has been carried out. A dosimeter reader which reads the radiation dose from EPD and make a real time access control in connection with the entrance door to radiation controlled area has been developed, designed and manufactured. S/W program supporting hangul (Korean language) has been developed to operate the EPD and reader system with a personal computer. (author)
With self-shielded irradiators like Gamma chambers, and Blood irradiators are being sold by BRIT to customers both within and outside the country, it has become necessary to improve the quality of service without increasing the overheads. The recent advances in the field of communications and information technology can be exploited for improving the quality of service to the customers. A state of the art control system with remote accessibility has been designed for these irradiators enhancing their performance. This will provide an easy access to these units wherever they might be located, through the Internet. With this technology it will now be possible to attend to the needs of the customers, as regards fault rectification, error debugging, system software update, performance testing, data acquisition etc. This will not only reduce the downtime of these irradiators but also reduce the overheads. (author)
Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.
This paper presents a generic equipment access software package for a distributed control system using computers with UNIX or UNIX-like operating systems. The package consists of three main components, an application Equipment Access Library, Message Handler and Equipment Data Base. An application task, which may run in any computer in the network, sends requests to access equipment through Equipment Library calls. The basic request is in the form Equipment-Action-Data and is routed via a remote procedure call to the computer to which the given equipment is connected. In this computer the request is received by the Message Handler. According to the type of the equipment connection, the Message Handler either passes the request to the specific process software in the same computer or forwards it to a lower level network of equipment controllers using MIL1553B, GPIB, RS232 or BITBUS communication. The answer is then returned to the calling application. Descriptive information required for request routing and processing is stored in the real-time Equipment Data Base. The package has been written to be portable and is currently available on DEC Ultrix, LynxOS, HPUX, XENIX, OS-9 and Apollo domain. ((orig.))
Anass El haddadi
Full Text Available Information fusion is a cornerstone of competitive intelligence activity that aims at supporting decisionmaking by collecting, analyzing and disseminating information. This information comes fromheterogeneous data sources. In this paper we present an approach of access control. This approach isfocused both on the information that must be bring to decision-makers and the privacy of individuals whosedata is used to extract this information. This model is based on the standard “Role Based Access Control”(RBAC and is implemented within the entire life cycle of Xplor Every Where (Web service of Tetralogie,it follows methodologies tailored to design privacy-aware systems to be compliant with data protectionregulations.
Chiang, Ken; Nguyen, Thuy D.; Irvine, Cynthia E.
Control of access to information based upon temporal attributes can add another dimension to access control. To demonstrate the feasibility of operating system level support for temporal access controls, the Time Interval File Protection System (TIFPS), a prototype of the Time Interval Access Control (TIAC) model, has been implemented by modifying Linux extended attributes to include temporal metadata associated both with files and users. The Linux Security Module was used to provide hooks fo...
Office of Personnel Management — Application and Assessment system for Presidential Management Fellows (PMF) and PMF Science, Technology, Engineering, and Math (STEM) programs. This sytem is access...
Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew
Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).
A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No.2 Nuclear Power Station of Tokyo Electric Power Co. Inc., since October, 1999. The newly developed system uses an access control device (ACD) for automatically lending an alarm-equipped personal dosimeter (APD) to each worker, and also radio communication for gathering dose data while contamination is measured by a body surface monitor upon exit, to reduce the workload for workers. The APD accurately measures both x-rays and γ-rays and sounds an alarm if the set dose level is reached. The ACD incorporates a charging function for 150 dosimeters in addition to the identification (ID) card reading and entrance/exit qualification judgment functions that are available with conventional entrance/exit control devices. Also, at the time of entrance, the ID number and alarm setpoint are written into an APD, which is then lent automatically, thereby making entry quicker and easier for workers. After returning the APD, it can be recharged rapidly and trend data during work can be automatically collected. The body surface monitor system is designed as follows. While contamination of the body surface is being measured at the time of exit, the data of the APD and ID card is read to perform an exit check. After completion of contamination measurement, the results of the exit check and dose data are printed out and collected by the tested person. Radio communication is used to transmit and receive the APD data, and to ensure precise radio communication during body surface monitoring two antennas are used, one for transmission and one for reception, so data can be read during contamination measurement. The developed system reduces workers' burden and improves functionality and reliability. (Suetake, M.)
A method has been proposed for using the tools of kernel of an operating system to control access to the entities of application servers. The possibility of using an information protection system incorporated into the operating system to store and implement security policy has been demonstrated for a database management system
Gang Huang; Lian-Shan Sun
Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.
The use of an electronic olfactory device, termed an electronic 'nose', was investigated for the detection of unique human odour characteristics. The detection of these unique odours was applied to the field of biometrics for access control, where a human's unique characteristics were used to authenticate a user of an access control system. An electronic odour sensing device was designed and constructed using an array of conducting polymer gas sensors in order to facilitate the regular screen...
Anderson, Molly; Westheimer, David
All space vehicles or habitats require thermal management to maintain a safe and operational environment for both crew and hardware. Active Thermal Control Systems (ATCS) perform the functions of acquiring heat from both crew and hardware within a vehicle, transporting that heat throughout the vehicle, and finally rejecting that energy into space. Almost all of the energy used in a space vehicle eventually turns into heat, which must be rejected in order to maintain an energy balance and temperature control of the vehicle. For crewed vehicles, Active Thermal Control Systems are pumped fluid loops that are made up of components designed to perform these functions. NASA has recently evaluated all of the agency s technology development work and identified key areas that must be addressed to aid in the successful development of a Crew Exploration Vehicle (CEV) and a Lunar Surface Access Module (LSAM). The technologies that have been selected and are currently under development include: fluids that enable single loop ATCS architectures, a gravity insensitive vapor compression cycle heat pump, a sublimator with reduced sensitivity to feedwater contamination, an evaporative heat sink that can operate in multiple ambient pressure environments, a compact spray evaporator, and lightweight radiators that take advantage of carbon composites and advanced optical coatings.
As per norms of the Atomic energy regulatory board (AERB) to operate a facility in round the clock which has a potential of radiation exposure, radiation safety rules are to be followed. Indus -1 and Indus-2 are synchrotron radiation sources which are open for various users round the clock. To monitor the persons inside the defined zone at any given time, a system is setup consisting of RF ID cards and their readers along with dedicated software. Software is developed in Visual Basic and uses UDP network protocol for receiving data from readers installed at various locations and connected to local area network. The paper describes the access control scheme followed in Indus Accelerator Complex. (author)
WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min
Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.
National Archives and Records Administration — The OGIS Access System (OAS) provides case management, stakeholder collaboration, and public communications activities including a web presence via a web portal.
Casas, Antonia; Garcia, Maria Jesus; Nikouline, Andrei
Since 1994 the Data Centre of the Spanish Oceanographic Institute develops system for archiving and quality control of oceanographic data. The work started in the frame of the European Marine Science & Technology Programme (MAST) when a consortium of several Mediterranean Data Centres began to work on the MEDATLAS project. Along the years, old software modules for MS DOS were rewritten, improved and migrated to Windows environment. Oceanographic data quality control includes now not only vertical profiles (mainly CTD and bottles observations) but also time series of currents and sea level observations. New powerful routines for analysis and for graphic visualization were added. Data presented originally in ASCII format were organized recently in an open source MySQL database. Nowadays, the IEO, as part of SeaDataNet Infrastructure, has designed and developed a new information system, consistent with the ISO 19115 and SeaDataNet standards, in order to manage the large and diverse marine data and information originated in Spain by different sources, and to interoperate with SeaDataNet. The system works with data stored in ASCII files (MEDATLAS, ODV) as well as data stored within the relational database. The components of the system are: 1.MEDATLAS Format and Quality Control - QCDAMAR: Quality Control of Marine Data. Main set of tools for working with data presented as text files. Includes extended quality control (searching for duplicated cruises and profiles, checking date, position, ship velocity, constant profiles, spikes, density inversion, sounding, acceptable data, impossible regional values,...) and input/output filters. - QCMareas: A set of procedures for the quality control of tide gauge data according to standard international Sea Level Observing System. These procedures include checking for unexpected anomalies in the time series, interpolation, filtering, computation of basic statistics and residuals. 2. DAMAR: A relational data base (MySql) designed to
Full Text Available Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.
Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...
J.Nafeesa Begum, K.Kumar, Dr.V.Sumathy
Full Text Available The trend of the Civilian society has moved from the industrial age focus onautomation and scale towards information based on computing andcommunication. Today’s Warfare is also moving towards an information ageparadigm based on information sharing, situational awareness, and distributedpoints of intelligence, command and control. A widely-networked fighting force isbetter able to share information about tactical situations that may begeographically widespread, asymmetric, and rapidly changing. Commandersmust be able to better assess situations across broad theaters, with extensivedata, voice, and especially video feeds as strategic inputs. Thus, network-centricwarfare improves effectiveness at both the tactical "point of the spear" and in theachievement of broader strategic goals. Broadly disseminated knowledge assetsenable fighting forces that must self-synchronize, even as they physicallydisperse to address dynamic battlefield conditions. The speed of decision hasincreased and command decisions must be rapidly relayed and implemented, toimprove battlefield outcomes. Multilevel access control in a MANET for aDefense messaging system is used to have the command decisions relayed toall people who are active in the group and also to all people who have beenidentified as higher in the hierarchy instead of sending one to one messages toeach individual.. The system developed is secure, multi site and allows for globalcommunication using the inherent properties of Elliptic Curve cryptography .Elliptic Curve cryptography provides a greater security with less bit size and it isfast when compared to other schemes. The implementation suggests that it is asecure system which occupies fewer bits and can be used for low power devices.
Full Text Available This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equipment from a remote location. Mechatronics control and long‐distance monitoring were realized by establishing communication between the PLC and WebAccess. Analytical results indicate that the proposed system is feasible. The suitability of this system is demonstrated in the department of industrial education and technology at National Changhua University of Education, Taiwan. Preliminary evaluation of the system was encouraging and has shown that it has achieved success in helping students understand concepts and master remote monitoring and control techniques.
Madar, Fatima Ali
This thesis discusses two implementations of file access controls: the UNIX Permissions (UP) and the Access Control List (ACL). We will evaluate advantages and weaknesses in these two implementations. The criteria of evaluation are usefulness, security and manageability. The level of usefulness of systems was measured by evaluating user-surveys. The level of security was measured by comparing the implementations against well-established file access control models concerning privacy, inte...
Chen, Lijun; Low, Steven H.; Doyle, John C.
Motivated partially by a control-theoretic viewpoint, we propose a game-theoretic model, called random access game, for contention control. We characterize Nash equilibria of random access games, study their dynamics, and propose distributed algorithms (strategy evolutions) to achieve Nash equilibria. This provides a general analytical framework that is capable of modeling a large class of system-wide quality-of-service (QoS) models via the specification of per-node util...
Deji, Shizuhiko [Graduate School of Environmental Studies, Nagoya University, Furo-cho, Chikusa-ku, Nagoya 464-8602 (Japan); Nishizawa, Kunihide [Radioisotope Research Center, Nagoya University, Furo-cho, Chlkusa-ku, Nagoya 464-8602 (Japan)]. E-mail: firstname.lastname@example.org
High-frequency electromagnetic fields in the 120 kHz band emitted from card readers for access control systems caused abnormally high doses on electronic pocket dosimeters (EPDs). All EPDs recovered their normal performance by resetting after the exposure ceased. The electric and magnetic immunity levels of the EPDs were estimated by using the distances needed to prevent electromagnetic interference.
The goal of the thesis was to learn about the procedure of developing applications based on microcontrollers using the Arduino development platform and the IDE environment. Through practical development in the Arduino environment we realized a logic which is capable to authorize access to specific locations and areas based on 125 kHz RFID tags. Although many solutions exist, most of them require a lot of hardware and software because of their modular design and communication types, the so...
Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control syst...
Collins, Earl R., Jr. (Inventor)
A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.
Ferguson, M. J.
This paper explores some of the boundaries in performance of slotted ALOHA systems by analyzing a simple and almost optimal centrally supervised control. The control results in a very simple Markov chain model and allows an examination of stability, conditional waiting time distribution of transmitting terminals, and many other system measures. The key to the simplicity is to have a probability of successful packet transmission that is independent of the number of transmitting terminals. In considering waiting time, we calculate the mean and other moments of the waiting time of a terminal when it enters the system to find (n - 1) other terminals already there competing for the channel. Under this control, the average time is proportional to n. The control requires exact knowledge of the number of terminals contending for the channel, and hence is not implementable, except as an approximation.
The energy supply in the countries, which have abundant energy resources, may not be affected by accepting the assertion of anti-nuclear and environment groups. Anti-nuclear movements in the countries which have little energy resources may cause serious problem in securing energy supply. Especially, it is distinct in Korea because she heavily depends on nuclear energy in electricity supply(nuclear share in total electricity supply is about 40%).The cause of social trouble surrounding nuclear energy is being involved with various circumstances. However, it is very important that we are not aware of the importance of information access and prepared for such a situation from the early stage of nuclear energy's development. In those matter, this paper analyzes the contents of nuclear information access system in France and Japan which have dynamic nuclear development program and presents the direction of the nuclear access regime through comparing Korean status and referring to progresses of the regime
Quan Jing; Kuo Wan; Xiao-jun Wang; Lin Ma
Objective To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. Methods A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth:the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4%articaine and 1∶100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. Results The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively;χ2=34.3, P Conclusion The computer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.
Wakayama, Koji; Okuno, Michitaka; Matsuoka, Yasunobu; Hosomi, Kazuhiko; Sagawa, Misuzu; Sugawara, Toshiki
We propose an optical switch control procedure for high-performance and cost-effective 10 Gbps Active Optical Access System (AOAS) in which optical switches are used instead of optical splitters in PON (Passive Optical Network). We demonstrate the implemented optical switch control module on Optical Switching Unit (OSW) with logic circuits works effectively. We also propose a compact optical 3D-CSP (Chip Scale Package) to achieve the high performance of AOAS without losing cost advantage of PON. We demonstrate the implemented 3D-CSP works effectively.
Tokamak diagnostic settings are repeatedly modified to meet the changing needs of each experiment. Enabling the remote diagnostic control has significant challenges due to security and efficiency requirements. The Operation Request Gatekeeper (ORG) is a software system that addresses the challenges of remotely but securely submitting modification requests. The ORG provides a framework for screening all the requests before they enter the secure machine zone and are executed by performing user authentication and authorization, grammar validation, and validity checks. A prototype ORG was developed for the ITER CODAC that satisfies their initial requirements for remote request submission and has been tested with remote control of the KSTAR Plasma Control System. This paper describes the software design principles and implementation of ORG as well as worldwide test results.
Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit
Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626
在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理，它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。%got rapid development in the rapid development of digital technology, network technology today access technology. Access control systems have already gone beyond the simple road and key management, it has gradual y developed into a complete access control system. It plays a great role in administrative work environment safety, personnel at endance management etc. In this paper, the museum entrance guard system in the research on the application of.
Carreras Coch, Anna; Rodríguez Luna, Eva; Delgado Mercè, Jaime; Maroñas Borras, Xavier
Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability amongst systems using different policy languages and the lack of elements in the existing policy languages when trying to express Social Networks’ access control. In part...
Whether for an entire district, a single campus, or one classroom, allowing authorized access to a computer network can be fraught with challenges. The login process should be fairly seamless to approved users, giving them speedy access to approved Web sites, databases, and other sources of information. It also should be tough on unauthorized…
Snook, Bryan E.
The Automated Computer Access Request (AutoCAR) system is a Web-based account provisioning application that replaces the time-consuming paper-based computer-access request process at Johnson Space Center (JSC). Auto- CAR combines rules-based and role-based functionality in one application to provide a centralized system that is easily and widely accessible. The system features a work-flow engine that facilitates request routing, a user registration directory containing contact information and user metadata, an access request submission and tracking process, and a system administrator account management component. This provides full, end-to-end disposition approval chain accountability from the moment a request is submitted. By blending both rules-based and rolebased functionality, AutoCAR has the flexibility to route requests based on a user s nationality, JSC affiliation status, and other export-control requirements, while ensuring a user s request is addressed by either a primary or backup approver. All user accounts that are tracked in AutoCAR are recorded and mapped to the native operating system schema on the target platform where user accounts reside. This allows for future extensibility for supporting creation, deletion, and account management directly on the target platforms by way of AutoCAR. The system s directory-based lookup and day-today change analysis of directory information determines personnel moves, deletions, and additions, and automatically notifies a user via e-mail to revalidate his/her account access as a result of such changes. AutoCAR is a Microsoft classic active server page (ASP) application hosted on a Microsoft Internet Information Server (IIS).
He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang
We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.
刘琼波; 施军; 尤晋元
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.%为适应分布式环境下的安全需求，提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述，限定权限传播的深度，利用不同的优先次序定义了多种消解冲突的规则，并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理，描述了如何判定访问请求的算法.解决了3个问题：分布式授权、私有权限和冲突消解方法.
... disability would thus be required to have an iPhone, iPad, or other Apple device in order to access the book... sale through its ``App Store,'' the only authorized source of iPhone and iPad applications. EFF further...--i.e., used (or perhaps unused) phones previously purchased or otherwise acquired by a...
GU Xue-lin; YAN Wei; TIAN Hui; ZHANG Ping
This article presents a dynamic random access scheme for orthogonal frequency division multiple access (OFDMA) systems. The key features of the proposed scheme are:it is a combination of both the distributed and the centralized schemes, it can accommodate several delay sensitivity classes,and it can adjust the number of random access channels in a media access control (MAC) frame and the access probability according to the outcome of Mobile Terminals access attempts in previous MAC frames. For floating populated packet-based networks, the proposed scheme possibly leads to high average user satisfaction.
A recent trend is observed in the context of the radio-controlled aircrafts and automobiles within the hobby grade category and Unmanned Aerial Vehicles (UAV) applications moving to the well-known Industrial, Scientific and Medical (ISM) band. Based on this technological fact, the present thesis evaluates an individual user performance by featuring a multiple-user scenario where several point-to-point co-located real-time Remote Control (RC) applications operate using Frequency Hopping Spread Spectrum (FHSS) as a medium access technique in order to handle interference efficiently. Commercial-off-the-shelf wireless transceivers ready to operate in the ISM band are considered as the operational platform supporting the above-mentioned applications. The impact of channel impairments and of different critical system engineering issues, such as working with real clock oscillators and variable packet duty cycle, are considered. Based on the previous, simulation results allowed us to evaluate the range of variation for those parameters for an acceptable system performance under Multiple Access (MA) environments.
Mustapha Ben Saidi.
Full Text Available Security of information systems is a problem chronic, the arrival of cloud computing as a new computing model, feeds the difficulty of implementing effective solutions. Thus more research is currently focused on data security in the cloud, and especially the issue of confidentiality. In this paper we propose a new protocol access control for complex, heterogeneous, interoperable, and distributed systems in the context of Cloud Computing : « Multi-TrustOrBAC » (Multi-Organization - Trust Based Access Control. This protocol allows a TTP «Trust Tierd Party  » to force users belonging to several organizations to cooperate to meet the security policies defined independently by them. The aim is to offer to organizations working together and having decided to migrate to the cloud, a means of real-time monitoring of their safety. Our solution is based on both the concept of trust assigned to users and to the definition of an order on the set of security policies. The logical formalism is used to specify and describe the rules of the security policies of different organizations.
Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of ...
Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.
As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are
Bente, Ingo; von Helden, Josef
Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.
Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.
Jonathan A. ENOKELA
Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.
高斌; 翟江涛; 薛朋骏
An access control system based on file layer of VxWorks is designed and implemented to solve the problem of lack of protection in file layer of VxWorks.This system is composed of three parts which are access monitor, access decider and authority library.Firstly, access monitor which is used to intercept the access of tasks to files in the block device and to acquire the access information of tasks is embedded into the dosFs file system layer, and the access information is also made up of three parts which are access subject, access object and access mode.Secondly, a decision scheme is given by access decider when the acquired access information of tasks is compared by the rules in authority library.Finally, the corresponding access control is carried out by access monitor according to the decision above.The performance of VxWorks embedded with the designed access control system is evaluated by experiments, and it turns out that the security of VxWorks is improved by the con-trol method whose effect on the instantaneity of VxWorks is acceptable.%针对VxWorks系统缺少文件层保护的问题,设计并实现了一种基于VxWorks文件层的访问控制系统.该系统包括访问监控器、访问决策器和权限库3部分.首先,在dosFs文件系统层嵌入访问监控器,拦截任务对块设备中文件的访问,同时获取由访问主体、客体以及访问方式所构成的三元组访问任务信息;其次,访问决策器将获取的访问任务信息与权限库的规则作匹配,给出决策方案;最后,访问监控器根据决策方案进行相应的访问控制.文中实验部分对使用文中方法设计的VxWorks系统进行了性能评估,结果表明该控制方法不仅有效提高了VxWorks系统的安全性,而且对VxWorks系统的实时性影响较小.
U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. LegislationâYouth Access. The STATE...
Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres
Krukow, Karl Kristian; Nielsen, Mogens; Sassone, Vladimiro
In a reputation-based trust-management system, agents maintain information about the past behaviour of other agents. This information is used to guide future trust-based decisions about interaction. However, while trust management is a component in security decision-making, many existing reputati...
Access control is the main strategy of security and protection in Web system, the traditional access control can not meet the needs of the growing security. With using the role based access control (RBAC) model and introducing the concept of the role in the web system, the user is mapped to a role in an organization, access to the corresponding role authorization, access authorization and control according to the user's role in an organization, so as to improve the web system flexibility and security permissions and access control.%访问控制是Web系统中安全防范和保护的主要策略，传统的访问控制已不能满足日益增长的安全性需求。本文在web应用系统中，使用基于角色的访问控制（RBAC）模型，通过引入角色的概念，将用户映射为在一个组织中的某种角色，将访问权限授权给相应的角色，根据用户在组织内所处的角色进行访问授权与控制，从而提高了在web系统中权限分配和访问控制的灵活性与安全性。
Pulsed Tokamak experiments give rise to significant direct radiation even in the pre-tritium phase. A fundamental safety requirement is the provision of high integrity personnel access control systems to protect site, operational staff and the public from the risk of exposure to high radiation. The paper discusses the radiation hazards during the early hydrogen/deuterium operation and the different levels of installed safeguards which included diverse safety systems in the form of conventional hard wired interlocking and programable logic controllers. The form of a detailed reliability analysis assessing the risk of individual exposure to high radiation (for both the public off-site and staff on-site) is discussed together with the lessons learnt and some of the design changes implemented. An interesting feature is the impact of human reliability in the analysis and how a recently developed technique (HEART) provided an estimation of error rates. The confidence gained in addressing the reliability of personnel and public protection against radiation hazards under normal operating conditions provides an important foundation for the safety analysis of fusion plant with significant tritium inventory. (author). 4 refs, 2 figs, 1 tab
TOUNSI, Wiem; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Pujolle, Guy
International audience Radio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events ...
Common characteristic of all mobile operating systems for smart devices is an extensive middleware that provides a feature-rich API for the onboard sensors and user’s data (e.g., contacts). To effectively protect the device’s integrity, the user’s privacy, and to ensure non-interference between mutually distrusting apps, it is imperative that the middleware enforces rigid security and privacy policies. This thesis presents a line of work that integrates mandatory access control (MAC) mecha...
Yang, Fan; Hankin, Chris; Nielson, Flemming;
We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future...... behavior of a program. A novel feature of our approach is that we can define policies concerning secondary use of data....
RFID-based access control system can achieve remote monitoring and intelligent management for computer rooms, laboratories and other specific places. The system chooses Mifare one card, ATmega8, FM1702SL to perform intelligent access control, which adopts the combination of centralized and distributed authorized mechanism to provide users with reliable access control management. The system can provide re- liable historical record for system security by logging the specific behavior of the user. The experiment shows that the system is stable, easy to manage, so it can effectively improve access control system' s securi- ty and monitoring capabilities.%基于RFID的门禁系统可对机房、实验室等特定场所进行远程监控和智能化管理．系统选用Mifare one、ATmega8、FMl702SL实现了智能门禁控制，采用集中授权与分布授权结合的方式，为用户提供可靠的门禁管理．通过对用户的特定行为登记日志，为系统安全提供了可靠的历史记录．实验表明，系统运行稳定、管理方便，可有效提高门禁系统的安全性和监控能力．
Jonathan A. Enokela; Michael N. TYOWUAH
The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF) transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is ...
Sorniotti, Alessandro; Molva, Refik; GOMEZ, Laurent; Trefois, Christophe; Laube, Annett; Scaglioso, Piervito
Abstract Although very developed in many sectors (databases, filesystems), access control schemes are still somewhat elusive when it comes to wireless sensor net- works. However, it is clear that many WSN systems—such as healthcare and automotive ones—need a controlled access to data that sensor nodes produce, given its high sensitivity. Enforcing access control in wireless sensor networks is a particularly difficult task due to the limited computational capacity of wireless sensor nodes. In ...
ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead – users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data – an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.
Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.
ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.
杨毯毯; 姜琴; 扈健玮
With the development of science and technology , people have stepped into the era of Internet.Wireless Communication Technology has developed a lot recent years.Wireless Communication Technology has penetrated into all walk of life. Meanwhile,the security of lock has become world topic gradually, This article introduces a set of access controller system based on Bluetooth, It overcomes weakness of traditional clocks’complexity and low-security .It will set foundation for locks’safety and it has broad market prospect.%随着科学技术的迅速发展，人们已经进入了以互联网为核心的信息时代，近几年来无线通信技术也得到了快速的发展，无线通信技术几乎渗透到人们生活的方方面面，智能家居越来越受到青睐，与此同时，门锁的防盗功能和安全性也日益成为全球关注的话题，本论文将介绍一种基于蓝牙的门禁系统，克服了传统门锁开门繁琐，安全性低等缺点；为解决门锁的安全安全隐患奠定基础，具有广阔的市场前景。
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation dir...
Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the
... 47 Telecommunication 5 2010-10-01 2010-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...
Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…
Veljanovska, Kostandina; M. Bombol, Kristi; Maher, Tomaž
An appropriately designed motorway access control can decrease the total travel time spent in the system up to 30% and consequently increase the merging operations safety. To date, implemented traffic responsive motorway access control systems have been of local or regulatory type and not truly adaptive in the real sense of the meaning. Hence, traffic flow can be influenced positively by numerous intelligent transportation system (ITS) techniques. In this paper a contemporary approach is pres...
After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements
Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti
韩进; 秦宏超; 杨颖超; 刘文武
Smart Home Security System based on security requirements to Samsung S3C6410 embedded core chip as a platform to OpenCV technology as the core, designed and implemented with face recognition features intelligent security access control system. The intelligent access control system will first donor's human face Gray, dimensionality reduction and eigenvalue calculations and other processing, and then prepare training to be authorized in the relevant information. Then the camera to capture the information processing of the human face. The donor's human face to face with the collected information for comparison to determine whether the open access system. After testing, the intelligent access control system completed a face recognition function better, to achieve the access control system design requirements. The design has been successfully applied to smart home security system.%基于智能家居安防系统中安全性的需求，以三星S3C6410嵌入式核心芯片为平台，以OpenCV技术为核心，设计实现了具有人脸识别功能的智能安防门禁系统。本智能门禁系统首先将授权人的人脸信息进行灰度化、降维及计算特征值等处理，再进行准备训练，得到授权人的相关信息。然后对摄像头采集到的人脸信息进行处理。将授权人的人脸信息与采集到的人脸信息进行比对，判定门禁系统是否开放。经过测试，该智能门禁系统较好的完成了人脸识别功能，实现了门禁系统的设计要求。本设计已成功应用于智能家居安防系统中。
Dr. Vladimir Katsman
Our goal in this program is to develop Fast Access Data Acquisition System (FADAS) by combining the flexibility of Multilink's GaAs and InP electronics and electro-optics with an extremely high data rate for the efficient handling and transfer of collider experimental data. This novel solution is based on Multilink's and Los Alamos National Laboratory's (LANL) unique components and technologies for extremely fast data transfer, storage, and processing.
MENG Xiao-feng; LUO Dao-feng; OU Jian-bo
As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.
Jorgušeski, L.; Litjens, R.; Zhiyi, C.; Nikookar, H.
Future wireless access systems will be characterized by their heterogeneity from technological point of view. It is envisaged that in certain areas end-users will have a choice between various radio accesses (RAs) such as e.g. classical cellular networks (GSM, UMTS, WiMAX, etc), WLAN hot-spots, or o
中大路 道彦; 一宮 正和; 向坊 隆一; 前田 清彦; 永田 敬
PNC made design studies on loop type FBR plants:a 600 MWe class in '91, and a 1300 MWe class in '93 both with the "head access" primary piping system. This paper focuses on the features of the smaller plant at first and afterwards on the extension to the larger one. The contents of the paper consist of R/V wall protection mechanism, primary piping circuit, secondary piping circuit, plant layout and then, discusses the extension of the applicability of the wall protection mechanism, primary pi...
Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud...
In this work we suggest a meta access control model emulating established access control models by configuration and offering enhanced features like the delegation of rights, ego-centered roles, and decentralized administration. The suggested meta access control model is named \\'\\'Access Definition and Query Language\\'\\' (ADQL). ADQL is represented by a formal, context-free grammar allowing to express the targeted access control model, policies, facts, and access queries as a formal language.
Wang, Liyuan; Guo, Ge
This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.
学生宿舍门禁系统对于一个学校来说具有非常重要的作用。然而现状是好多学校还停留人工管理的最初阶段，这对于规模较小的学校来说还可以接受，但对于学生数量非常多，信息量也较庞大，并且需要记录存档的数据比较多的学校来说，人工管理是相当麻烦的。学生宿舍门禁系统采用的是计算机化管理，系统做的尽量人性化，使用者会感到操作非常方便。%Student dormitory access control system for a school with a very important role.However,the status quo is a lot of schools still remain the initial stages of the artificial management for smaller schools can also accept,but for the very large number of students,the amount of information than large,and the need to record the archived data more schools to labor management is rather cumbersome.Student dormitory access control system uses a computerized management system as humane,the user will feel very convenient to operate.
Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…
FU Jing-tuan; JI Hong; MAO Xu
Opportunistic spectrum access （OSA） is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access （CHMA） protocol,we introduce a hopping control channel medium access control （MAC） protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users＇ occupancy of the channel,we use a primary user （PU） detection model to calculate the channel availability for unlicensed users＇ access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.
YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan
Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.
The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them
This paper studies two fundamentally distinct approaches to opening a technology platform and their different impacts on innovation. One approach is to grant access to a platform and thereby open up markets for complementary components around the platform. Another approach is to give up control over the platform itself. Using data on 21 handheld computing systems (1990-2004), I find that granting greater levels of access to independent hardware developer firms produces up to a fivefold accele...
Full Text Available In this paper, an implementation of IEEE 1149.7 standard is used for designing Test Access Port (TAP Controller and testing of interconnects is done using boundary scan. By c-JTAG the pin count gets reduced which increases the performance and simplifies the connection between devices. TAP Controller is a synchronous Moore type finite state machine that is changed when the TMS and TCK signals of the test access port gets change. This controls the sequence operation of the circuitry conveyed by JTAG and c-JTAG. JTAGmainly used four pins with TAP and fifth pin is for optional use in Boundary scan. But c-JTAG uses only two pins with TAP. In this approach TDI and TDO gets multiplexed by using class T4 and T5 of c-JTAG. Various instructions are used for testing interconnects using IEEE 1149.7 standard (std.
Mohammed, Alalelddin Fuad Yousif
This thesis project’s goal is to enable undergraduate students to gain insight into media access and control protocols based upon carrying out laboratory experiments. The educational goal is to de-mystifying radio and other link and physical layer communication technologies as the students can follow packets from the higher layers down through the physical layer and back up again. The thesis fills the gap between the existing documentation for the Universal Software Radio Peripheral (USRP) re...
Kaiser, Mary Elizabeth; Morris, Matthew J.; Aldoroty, Lauren Nicole; Godon, David; Pelton, Russell; McCandliss, Stephan R.; Kurucz, Robert L.; Kruk, Jeffrey W.; Rauscher, Bernard J.; Kimble, Randy A.; Wright, Edward L.; Benford, Dominic J.; Gardner, Jonathan P.; Feldman, Paul D.; Moos, H. Warren; Riess, Adam G.; Bohlin, Ralph; Deustua, Susana E.; Dixon, William Van Dyke; Sahnow, David J.; Lampton, Michael; Perlmutter, Saul
ACCESS: Absolute Color Calibration Experiment for Standard Stars is a series of rocket-borne sub-orbital missions and ground-based experiments designed to leverage significant technological advances in detectors, instruments, and the precision of the fundamental laboratory standards used to calibrate these instruments to enable improvements in the precision of the astrophysical flux scale through the transfer of laboratory absolute detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass.A cross wavelength calibration of the astrophysical flux scale to this level of precision over this broad a bandpass is relevant for the data used to probe fundamental astrophysical problems such as the SNeIa photometry based measurements used to constrain dark energy theories.We will describe the strategy for achieving this level of precision, the payload and calibration configuration, present sub-system test data, and the status and preliminary performance of the integration and test of the spectrograph and telescope. NASA APRA sounding rocket grant NNX14AH48G supports this work.
Mohammad S. Ab-Rahman
Full Text Available Problem statement: Cables that are installed outdoors are subjected to harsh environmental conditions which make break down inevitable. When this happen it will disrupt the services and cause trouble to the users. To overcome this is to provide a means of restoring the network in case of failure. We introduced the Access Control System (ACS and Customer Access Protection Unit (CAPU to provide FTTH-PON monitoring, fault detection and protection. Approach: To design the C programs for ACS and CAPU, we will come up with the algorithms which describe the switching configuration in general. The switching configurations are tabulated in truth tables and flow charts are constructed. Based on the flow charts, the respective C programs for ACS and CAPU will be written. The C programs will then be tested through simulation. After successful simulations, the programs will be downloaded into the respective PIC microcontrollers in the ACS and CAPU for lab testing. Results: When several faults occur at various lines, each Multi Access Detection System (MADS informs ACS and all CAPUs of the current line conditions. As programmed, ACS and CAPU will configure their switches to restore the network. When one of the working lines fail, the optical signal will be routed to its dedicated protection line. But when both its working and protection line fail, the optical signal will be routed to its neighboring protection line. Conclusion: We have successfully simulated the restoration of the optical signal when fault occur at its working line by restoring it to its dedicated protection line
This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi
In today's electronic learning environment, access to appropriate systems and data is of the utmost importance to students, faculty, and staff. Without proper access to the school's internal systems, teachers could be prevented from logging on to an online learning system and students might be unable to submit course work to an online…
Martínez, Salvador; Garcia-Alfaro, Joaquin; Cuppens, Frédéric; Cuppens-Boulahia, Nora; Cabot, Jordi
Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the who...
姬东耀; 张福泰; 王育民
研究了利用密码技术实现多级安全系统中的访问控制的方法.提出了一个新的基于密钥分配的动态访问控制方案.其中的密钥分配方法是基于Rabin公钥体制和中国剩余定理的.在该方案中，系统中每一用户被赋于一个安全权限，具有较高安全权限的用户可以利用自己私有的秘密信息和公共信息导出具有较低安全权限的用户的密钥，而低权限用户则不能导出高权限用户的密钥，这样高权限用户可以读取和存储属于低权限用户的保密信息，而低权限用户则不能读取和存储属于高权限用户的保密信息.从而实现了利用密钥分配进行授权的访问控制.而且从系统中添加/删除一用户以及改变用户权限和改变用户密钥都无需变更整个系统.%Several multilevel access control schemes have been proposed. However, they all have one or all of the following drawbacks: 1) the users must store large amount of common information when the number of classes of users is large; 2) the system must be rebuilt when there is a need to add/delete a user class or to change the clearance of some user classes; and 3) it is difficult to change keys for the users. With the aim of overcoming these drawbacks, the problem of efficiently implementing authorized access control in multilevel security systems using cryptographic techniques is studied in this paper. A new dynamic access control scheme based on key distribution is proposed. In the scheme, each user is assigned a security clearance. The user in a higher security class can read and store information items that belong to users in a lower security class, but the opposite direction of this operation is infeasible. Hence, authorized access control through the use of this type of key distribution schemes can be implemented. The key distribution scheme is based on Rabin public key system and Chinese remainder theorem. It has the following advantages over the
Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi
A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area of...... research recently. We propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that takes into account the current contextual information while making the access control decisions....
Liu, Yiliang; Deng, Jinxia
In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.
Peters, Carol; Sheridan, Paraic
With the rapid growth of the global information society, the concept of library has evolved to embrace all kinds of information collections, on all kinds of storage media, and using many different access methods. The users of today's information networks and digital libraries, no longer restricted by geographic or spatial boundaries, want to be…
Javaid, N.; Ahmad, A.; A. Rahim; Z.A. Khan; M. Ishfaq; Qasim, U.
Wireless Body Area Networks (WBANs) are widely used for applications such as modern health-care systems, where wireless sensors (nodes) monitor the parameter(s) of interest. Nodes are provided with limited battery power and battery power is dependent on radio activity. MAC protocols play a key role in controlling the radio activity. Therefore, we present Adaptive Medium Access Control (A-MAC) protocol for WBANs supported by linear programming models for the minimization of energy consumption ...
李寒; 郭禾; 王宇新; 陆国际; 杨元生
访问控制是软件系统的重要安全机制,其目的在于确保系统资源的安全访问.针对多数遗产系统的访问控制不是基于角色的且其实现形式多样,提出了一种基于RBAC的访问控制策略集成方法.该方法将遗产系统中的权限映射为集成系统中的任务,能够在任务树和策略转换规则的基础上使用统一的形式重组访问控制策略.此外,该方法给出了一组用于实现后续授权操作的管理规则.案例分析表明,提出的方法是可行的,能够有效地集成遗产系统的访问控制策略,并将RBAC引入遗产系统的访问控制.%Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for software systems. As access control policies in legacy systems seldom based on roles are represented in various forms,an RBAC-based approach was proposed to integrate these access control policies. The approach maps permission of legacy systems to tasks of integrated system. Based on task trees and transformation rules of access control policy, various access control policies were reorganized in a unified form. Moreover, management rules were provided to achieve further authorization. A case study is demonstrated to depict the proposed approach is a feasible solution to integrate legacy access control policies and introduce RBAC into legacy systems.
Muhammad Aqib; Riaz Ahmed Shaikh
Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature....
Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan
Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.
Çelik, Sönmez; Gürdal, Gültekin; Keten, Burcu; Türkfidanı, Ata; Kutlutürk, Levent
The Open Access movement is a social movement in academia, dedicated to the principle of open access - to information - sharing for the common good and is being supported by many scientists, publishers, and researchers in the world, today. The software that is used to operate the institutional archive systems which are the basis of the Open Access, are divided into two forms of some free open source software and paid package programs which were developed by some corporates. DSpace, whose firs...
In this paper a model, called the device server model, has been presented for solving the problem of device access and control faced by all control systems. Object Oriented Programming techniques were used to achieve a powerful yet flexible solution. The model provides a solution to the problem which hides device dependancies. It defines a software framework which has to be respected by implementors of device classes - this is very useful for developing groupware. The decision to implement remote access in the root class means that device servers can be easily integrated in a distributed control system. A lot of the advantages and features of the device server model are due to the adoption of OOP techniques. The main conclusion that can be drawn from this paper is that 1. the device access and control problem is adapted to being solved with OOP techniques, 2. OOP techniques offer a distinct advantage over traditional programming techniques for solving the device access problem. (J.P.N.)
Novacki, Stanley M., III
In order to accommodate the increasing number of computerized subsystems aboard today's more fuel efficient aircraft, the Boeing Co. has developed the DATAC (Digital Autonomous Terminal Access Control) bus to minimize the need for point-to-point wiring to interconnect these various systems, thereby reducing total aircraft weight and maintaining an economical flight configuration. The DATAC bus is essentially a local area network providing interconnections for any of the flight management and control systems aboard the aircraft. The task of developing a Bus Monitor Unit was broken down into four subtasks: (1) providing a hardware interface between the DATAC bus and the Z8000-based microcomputer system to be used as the bus monitor; (2) establishing a communication link between the Z8000 system and a CP/M-based computer system; (3) generation of data reduction and display software to output data to the console device; and (4) development of a DATAC Terminal Simulator to facilitate testing of the hardware and software which transfer data between the DATAC's bus and the operator's console in a near real time environment. These tasks are briefly discussed.
The populations of the developed countries have easy access to contraception, but adequate family planning services are lacking in 80 of 93 recently studied Third World countries. 58% of the population of the developing world lives in these 80 countries. 43% or 372 million of the world's reproductive aged couples use modern and safe contraception. Of these, 102 million live in industrialized countries, about 146 million in the People's Republic of China, and 124 million in other developing countries. Only 27% of couples in developing countries apart from China use modern contraception. Abortion continues to be the most used method of fertility control. About 33 million legal abortions and 27 million illegal abortions are performed annually. Some 250 million women in developing countries who do not desire pregnancy are without family planning information or services. 1 year of protection costs about US $20 per couple in a developing country. Governments of developed countries spend about US $1.5 billion on family planning programs, of which about $500 million is slated for external aid to population programs. An additional investment of $5 billion is needed to provide family planning services to the 250 million women needing them. The 15 most populated industrialized countries which account for 91% of the population of the developed world mostly have good or excellent access to family planning services and information, although some comparatively minor problems may persist. Access to contraception in the countries of Eastern Europe is considered only good because of governmental restrictions on sterilization. Access is hampered in Japan by unavailability of some types of IUDs and pills and severe restrictions on sterilization. Family planning services are only average in the USSR because of poor quality and irregular supplies of modern contraceptives, especially in rural areas. Abortion, although not always easy to arrange because of bureaucratic delays, remains the
Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching
With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access
CEBAF has recently upgraded its accelerator control system to use EPICS, a control system toolkit being developed by a collaboration among laboratories in the US and Europe. The migration to EPICS has taken place during a year of intense commissioning activity, with new and old control systems operating concurrently. Existing CAMAC hardware was preserved by adding a CAMAC serial highway link to VME; newer hardware developments are now primarily in VME. Software is distributed among three tiers of computers: first, workstations and X terminals for operator interfaces and high level applications; second, VME single board computers for distributed access to hardware and for local control processing; third, embedded processors where needed for faster closed loop operation. This system has demonstrated the ability to scale EPICS to controlling thousands of devices, including hundreds of embedded processors, with control distributed among dozens of VME processors executing more than 125,000 EPICS database records. To deal with the large size of the control system, CEBAF has integrated an object oriented database, providing data management capabilities for both low level I/O and high level machine modeling. A new callable interface which is control system independent permits access to live EPICS data, data in other Unix processes, and data contained in the object oriented database
Full Text Available How should an individual contribute to the public good? Conversely, how does the public help the individual? We should analyze and alleviate conflicts in community clouds. Covert channels in the access matrix are caused by conflicts between public values and a private sense of values. We cannot control the information leaks from the covert channels by using only access control. We believe that the community cloud system should emphasize harmony between public values and a private sense of values. We interpret the access matrix as follows: The acts of the individual are generalized and symbolized by an access matrix that describes the access operations of the subject. We propose a multiagent system embodying the concept of swarm intelligence to analyze the covert channels that arise. Each agent has a group target and an individual target. The group target and an individual target include targets for generation of access and restriction of access. The system does not have any principle of universal control. Instead, an agent’s interactions are guided by metaheuristics for achieving targets. The social order of the whole society is made from the agents’ interactions related to the group value target, group game target, an individual value target, and an individual game target. The conceptual framework and multiagent system presented here are intended to support people. If the covert channel problem can be solved, it will become possible for people to use community clouds safely.
A computer control system of Accelerator Test Facility(ATF) is described in detail. The ATF presently consists of 60MeV electron injector linac and two klystron Lest stands, and is controlled by a workstation computer with CAMAC interfaces. For its nature of R and D accelerator aimed to realize TeV region linear collider, the control system also should have a flexibility in both hardware and software. Programmable sequence controllers are introduced in the electron gun system and klystron modulator systems and their performances are tested. The control software which is coded using FORTRAN consists in many independent programs. Each program can access to full functions of a specified device or can control the function which is common to many devices
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an...... important area of research. In this paper, we propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control...... decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy....
Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg
, to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....
The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an
ZHANG Hong; HE YePing; SHI ZhiGuo
There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented,and the role is assigned a logical location domain to specify the spatial boundary.Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints,location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.
Deloose, I.; Pace, A.
The two CERN isotope separators named ISOLDE have been running on the new Personal Computer (PC) based control system since April 1992. The new architecture that makes heavy use of the commercial software and hardware of the PC market has been implemented on the 1700 geographically distributed control channels of the two separators and their experimental area. Eleven MSDOS Intel-based PCs with approximately 80 acquisition and control boards are used to access the equipment and are controlled from three PCs running Microsoft Windows used as consoles through a Novell Local Area Network. This paper describes the interesting solutions found and discusses the reduced programming workload and costs that have been obtained.
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas; Pichardie, David
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operation...
针对访问控制策略难以适应办公自动化系统中对访问权限控制的问题，提出了办公自动化系统中基于任务的访问控制模型，对其进行了形式化的描述，就一个典型的办公流程进行了模型化.%A new paradigm for access control and authorization management called task-based access controls(TBAC) is described to aim at the secure demand of documents processing in OA. The formalization expression of the paradigm as well as some samples application is given.
The 'Material Control and Surveillance for High Frequency Access Vaults' project sponsored by United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) focuses on enhancing nuclear materials control and surveillance in vaults that are frequently accessed. The focus of this effort is to improve materials control and accountability (MC and A) while decreasing the operational impact of these activities. Los Alamos and Y-12 have developed a testbed at the Los Alamos National Laboratory for evaluating and demonstrating integrated technologies for use in enhancing materials control and accountability in active nuclear material storage vaults. An update will be provided on the new systems demonstrated in the test-bed including a 'confirmatory cart' for expediting the performance of inventory and radio-frequency actuated video that demonstrates the concept of automated data entry for materials moving between MBA's. The United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) has sponsored a project where nuclear material inventory, control and surveillance systems are evaluated, developed, and demonstrated in an effort to provide technologies that reduce risk, increase material assurance, and provide cost-efficient alternatives to manpower-intensive physical inventory and surveillance approaches for working (high-frequency-access) vaults. This Fiscal Year has been largely focused on evaluating and developing components of two sub-systems that could be used either separately in nuclear material vaults or as part of a larger integrated system for nuclear materials accountability, control and surveillance.
王俊; 贾连兴; 姚海潮; 何建平
访问控制技术能够有效避免对数据的非法访问,增强对用户行为的管理.依托分布式并行文件系统GlusterFS,结合RBAC思想,设计了一个文件级分布式安全访问控制系统—Distributed Secure Access Control System(DSAS).重点研究了存储系统中RBAC机制的实现方法,提出了基于角色证书的用户身份验证及角色授权机制.测试结果表明,DSAS系统在满足数据安全性需求的同时,同样能够较好地满足存储系统性能需求.%Access control technology can effectively avoid the unauthorized access for data and strengthen the management to the customer behavior. Depended on the distributed parallel file system GlusterFS and combined with the principles of RBAC, this paper designed a file level Distributed Secure Access Control System(DSAS), mainly studied the carrying out of RBAC mechanism method in the storage system, put forward customer identity verification and role authorization mechanism based on the role credential. Test results illustrated that DSAS system can be well fulfill the need for data reliability and security and the need for storage system performance.
Efficient and friendly access to the large amount of data distributed over the wide area network is a challenge for the near future LCG experiments. The problem can be solved using current standard open technologies and tools. A JDBC standard soution has been chosen as a base for a comprehensive system for the relational data access and management. Widely available open tools have been reused and extended to satisfy HEP needs.
LONG Tao; HONG Fan; WU Chi; SUN Ling-li
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.
Ladzinski, T; di Luca, S; Hakulinen, T; Hammouti, L; Riesco, T; Nunes, R; Ninin, P; Juget, J-F; Havart, F; Valentini, F; Sanchez-Corral Mena, E
The LHC Access Safety System has introduced a number of new concepts into the domain of personnel protection at CERN. These can be grouped into several categories: organisational, architectural and concerning the end-user experience. By anchoring the project on the solid foundations of the IEC 61508/61511 methodology, the CERN team and its contractors managed to design, develop, test and commission on time a SIL3 safety system. The system uses a successful combination of the latest Siemens redundant safety programmable logic controllers with a traditional relay logic hardwired loop. The external envelope barriers used in the LHC include personnel and material access devices, which are interlocked door-booths introducing increased automation of individual access control, thus removing the strain from the operators. These devices ensure the inviolability of the controlled zones by users not holding the required credentials. To this end they are equipped with personnel presence detectors and th...
The enormous growth of the Internet during the last decade offers new means to share and distribute both information and data. In Industry, this results in a rapprochement of the production facilities, i.e. their Process Control and Automation Systems, and the data warehouses. At CERN, the Internet opens the possibility to monitor and even control (parts of) the LHC and its four experiments remotely from anywhere in the world. However, the adoption of standard IT technologies to Distributed Process Control and Automation Systems exposes inherent vulnerabilities to the world. The Teststand On Control System Security at CERN (TOCSSiC) is dedicated to explore the vulnerabilities of arbitrary Commercial-Of-The-Shelf hardware devices connected to standard Ethernet. As such, TOCSSiC should discover their vulnerabilities, point out areas of lack of security, and address areas of improvement which can then be confidentially communicated to manufacturers. This paper points out risks of accessing the Control and Automa...
Jiangfeng Li; Zhenyu Liao; Chenxi Zhang; Yang Shi
Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC) model. Moreover, mana...
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Javaenabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for...
Pereira, Óscar Narciso Mortágua; Rui L. Aguiar; Santos, Maribel Yasmina
Programmers of relational database applications use software solutions (Hibernate, JDBC, LINQ, ADO.NET) to ease the development process of business tiers. These software solutions were not devised to address access control policies, much less for evolving access control policies, in spite of their unavoidable relevance. Currently, access control policies, whenever implemented, are enforced by independent components leading to a separation between policies and their enf...
Jacobs, Barry E.
The Distributed Access View Integrated Database (DAVID) System, which was adopted by the Astrophysics Division for their Astrophysics Data System, is a solution to the system heterogeneity problem. The heterogeneous components of the Astrophysics problem is outlined. The Library and Library Consortium levels of the DAVID approach are described. The 'books' and 'kits' level is discussed. The Universal Object Typer Management System level is described. The relation of the DAVID project with the Small Business Innovative Research (SBIR) program is explained.
Full Text Available Cloud Computing is a new technology which is directly connected with the internet which provide on demand self service internet infrastructure where a customer can pay and use only what is needed. Cloud Computing all services are managed by third party cloud service provider. Nowadays majority using static password to login into the system or access the online accounts in cloud but never change the password which is not secure . Since Cloud computing is a quite new subject, most of the cloud providers have not yet tighten up their security and still use insecure or complicated login method. Static password thoroughly investigated and found out that it is not completing the cloud computing security requirement. Proposed solution is One Time Password and One Day Password, OTP will get expire after two minutes, if user again login will request and receive new password via email and ODP will get expire after 24 hours and on request receive new password via email for new login session. OTP/ODP used with AES encryption. This paper focuses the authentication and transmission encryption in cloud computing services.
Pawelczak, P.; Pollin, S.; So, H.-S.W.; Bahai, A.R.S.; Prasad, R.V.; Hekmat, R.
In this paper, different control channel (CC) implementations for multichannel medium access control (MAC) algorithms are compared and analyzed in the context of opportunistic spectrum access (OSA) as a function of spectrum-sensing performance and licensed user activity. The analysis is based on a d
Full Text Available -In Pervasive Computing, access control is a critical issue which gives many opportunities for users to access and share the resources anytime and anywhere in a more easiest way. Pervasive Computing Environments are heterogeneous and dynamic sensor-rich environments characterized by frequent and unpredictable changes on users, resources, and environment situations. These environments call the access control solutions that allow dynamic adjustments of access permissions based on information describing the conditions of these entities (context, such as location and time. Some existing models attempt to identify context information which is used as an optional attribute for limiting the scope of access control permissions. However, these approaches normally exploit identities and roles dynamically assigned to the users in order to grant access permissions, which is an inappropriate solution for open and dynamic environments. Those environments cannot assume the existence of predefined roles and user-role associations. Hence the access permissions are claimed and assigned to the users only based on context information, which characterizing the three most important entities of any access control framework: owners, requestors, and resources. Thus, this paper proposes a generalized context-based access control model for making access control decisions completely based on context information, offering seven types of context-based access control policies. The proposed model also takes into account the privacy requirements when enforcing access control policies, such as the support to purposes and obligations. In addition this paper proposes the integration of mechanism to detect / resolve dynamic and static conflict on context-based access control policies.
熊雄; 王福喜; 左海洋
To solve the access control problem about multi-level & multi-domain information system, a method based on security level access control model is proposed after analyzing complex information system. The experimental result has proved that the access control model has achieved the predetermined goal that it can set the security level according to kinds of factors of multi-level & multi-domain information system and then control the access by the comparison of security level. And it is easier to deploy on multi-level & multi-domain information system, reacts more rapidly for change of authority, and limits the flow of unsafe information for access control model based on security level comparing with other ordinary ones.%针对常用的访问控制模型不能很好地解决多级多域信息系统的访问控制问题,分析了多级多域信息系统的结构特征,提出并实现了一种基于安全级别的访问控制模型.实验结果表明,该访问控制模型达到了预定的目标,可以针对多级多域信息系统的各要素分别进行安全级别设定,通过对安全级别的比较进行访问控制.基于安全级别的访问控制模型相对常用的访问控制模型,具有在多级多域信息系统上更容易部署、对权限的变更反应更为迅速,并且能够限制不安全的信息流动等特点.
OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data
A computerized supervisory control system is being developed for the Mirror Fusion Test Facility. The system includes nine Perkin-Elmer 7/32 and 8/32 computers connected by a block of common core memory (128 kilobytes). The network is a disk designed for reliability and redundancy. If one computer goes down, the local-control micro-processors that it controls are switched to another computer in a matter of seconds. The control consoles permit operators to open and close valves, start or stop pumps, and adjust operating levels. The experiment is controlled by two superconsoles and five satellite consoles. The software, written in PASCAL, contains such subsystems as organizing the computers into a network, operating the consoles and accessing the data base
Valentini, F; Ninin, P; Scibile, S
In the domain of Safety Real-Time Systems the problem of testing represents always a big effort in terms of time, costs and efficiency to guarantee an adequate coverage degree. Exhaustive tests may, in fact, not be practicable for large and distributed systems. This paper describes the testing process followed during the validation of the CERN's LHC Access System , responsible for monitoring and preventing physical risks for the personnel accessing the underground areas. In the paper we also present a novel strategy for the testing problem, intended to drastically reduce the time for the test patterns generation and execution. In particular, we propose a methodology for blackbox testing that relies on the application of Model Checking techniques. Model Checking is a formal method from computer science, commonly adopted to prove correctness of systemâs models through an automatic systemâs state space exploration against some property formulas.
HONG Fan; ZHU Xian; XING Guanglin
Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.
Saffarian, Mohsen; Tang, Qiang; Jonker, Willem; Hartel, Pieter
The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,
Spring Security ACL is an access control security framework, it can control all kinds of resource authority. This article introduces the concept and mechanism of Spring Security ACL, at the same time describes the implementation and process of Spring Security ACL security framework by example.%Spring Security ACL是一个权限访问控制框架,主要用采控制各种资源的访问权限.本文讲述Spring Security ACL的机制原理和理论研究,同时也通过一个简单的权限控制实现的例子演示Spring Security ACL的安全框架的实现方法和过程.
Kleiner, Eldar; Newcomb, Tom
An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisation of access control presented a model and a safety specification for which satisfaction is undecida...
Full Text Available Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature. In this paper, we have provided a first detailed survey of this domain and presented the taxonomy of the access control policy validation mechanisms. Furthermore, we have provided a qualitative comparison and trend analysis of the existing schemes. From this survey, we found that only few validation mechanisms exist that can handle both inconsistency and incompleteness problem. Also, most of the policy validation techniques are inefficient in handling continuous values and Boolean expressions.
Full Text Available the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC, and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Nabi, Muaz Un
In a wireless network, the medium is a shared resource. The nodes in the network negotiate access of the shared resource using the Medium Access Control (MAC) protocol. The design of a MAC protocol for a sensor node is not the same as that for a wireless transceiver. Due to the transceiver characteristics, the MAC protocol design is limited in terms of medium access methods. However, in most cases, the protocols rely on simple access methods i.e. Time Division Multiple Access (TDMA) or Carrie...
Baldini, Gianmarco; NAI-FOVINO Igor; Trombetta, Alberto; Braghin, Stefano
Cognitive Radio (CR) is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio (CR) technology can be used in innovative spectrum management approaches like spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various...
Zhou, Liang; Zheng, Baoyu; Geller, Benoit; Wei, Anne; Xu, Shan; Li, Yajun
In this paper, we address the rate control, the Medium Access Control (MAC) and the routing problem for cooperative Vehicular Ad-Hoc Network (VANET) in the framework of cross-layer design. At first, we introduce the cooperative communication conception to VANET, and propose an opportunistic cooperation strategy to improve the system performance. And then, we develop a cross-layer solution which consists of the link capacity detection with adjusting persistence probability at the MAC Layer, th...
Gentle, P. H.; Herlihy, P. J.; Roxburgh, I. O.
A randomized controlled trial of outpatient open-access physiotherapy was carried out at West Cornwall Hospital during 1979/80. The referral rate to consultant outpatient clinics for those patients offered open-access physiotherapy was considerably lower than for the control group (17 per cent and 56 per cent respectively). Patients using the service received physiotherapy promptly although this did not result in shorter treatments. Those of the control group who eventually received physiothe...
Li, F; Rahulamathavan, Y.; Conti, M.; Rajarajan, M.
Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not su...
Qin, H.; Aburizaiza, A. O.; Rice, R. M.; Paez, F.; Rice, M. T.
Transitory obstacles - random, short-lived and unpredictable objects - are difficult to capture in any traditional mapping system, yet they have significant negative impacts on the accessibility of mobility- and visually-impaired individuals. These transitory obstacles include sidewalk obstructions, construction detours, and poor surface conditions. To identify these obstacles and assist the navigation of mobility- and visually- impaired individuals, crowdsourced mapping applications have been developed to harvest and analyze the volunteered obstacles reports from local students, faculty, staff, and residents. In this paper, we introduce a training program designed and implemented for recruiting and motivating contributors to participate in our geocrowdsourced accessibility system, and explore the quality of geocrowdsourced data with a comparative analysis methodology.
Our goal in this program is to develop Fast Access Data Acquisition System (FADAS) by combining the flexibility of Multilink's GaAs and InP electronics and electro-optics with an extremely high data rate for the efficient handling and transfer of collider experimental data. This novel solution is based on Multilink's and Los Alamos National Laboratory's (LANL) unique components and technologies for extremely fast data transfer, storage, and processing
熊海涛; 蒋承睿; 任宇峰; 贾攀
For safety authorization to proper security knowledge in mine security knowledge management system and reliable changing of authorization according to users′ history access,the reputation-based access control (ReBAC) is proposed,which extends role-based access control (RBAC) with reputation.ReBAC builds 6-tuple permissions firstly.Then,the trust network is constructed by the operational relation between users for calculating direct-reputation and indirect-reputation.After that,ReBAC uses reputation to check if the user can access this security knowledge and give permissions to reliable users.The result shows that ReBAC can provide safety and reliable access control in mine security knowledge management system.%为保证矿山安全知识管理系统中安全知识的安全授权,同时保证授权能够根据用户历史行为进行变更,在基于角色的访问控制模型基础上引入了信誉,提出了基于信誉的访问控制模型.该模型构造了权限六元组,通过用户间的操作关系建立信任网络,然后计算直接信誉和间接信誉,从而来判断用户是否可对知识进行操作进行授权.结果表明,基于信誉的访问控制模型能够对矿山安全知识管理系统中的安全知识实现安全和可靠的访问控制.
Mahmood Rajpoot, Qasim
Use of video surveillance has significantly increased in the last few decades. Modern video surveillance systems are equipped with techniques that automatically extract information about the objects and events from the video streams and allow traversal of data in an effective and efficient manner...... that is suitable for video surveillance systems as well as other domains sharing similar requirements. As the currently dominant access control models – the role-based access control (RBAC) and the attribute-based access control (ABAC) – suffer from limitations while offering features complementary to each other......, their integration has become an important area of research. Our access control model combines the two models in a novel way in order to unify their benefits while avoiding their limitations. Our approach provides a mechanism that not only takes information about the current circumstances into account during access...
访问控制是信息安全的一个重要保障。在介绍RBAC模型的基础上，根据考务管理系统中用户职责，规定用户访问权限，定义考务管理系统中的角色及其对应的权限，阐述RBAC在考务管理系统中的应用，为考务管理系统的访问控制安全提供一种思路。%Access control is an important guarantee of information security. Based on the analysis of RBAC model, according to the user's responsi-bility in the examination management system, stipulates the user's access right, defines the role of examination management system, as-signs the role of authority. Illustrates the application of RBAC in the examination management system, for the examination management system of access control security provides a train of thought.
TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming
This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.
Full Text Available Social networks bring together users in a virtual platform and offer them the ability to share -within the Community- personal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information, privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work.
Tso, Kam S.; Pajevski, Michael J.
Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers
Raimundas Matulevičius; Henri Lakk
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering app...
Xu, Zhongyuan; Stoller, Scott,
Attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for mining ABAC policies from operation logs and attribute data. To the best of our knowledge, it is the ...
Full Text Available Biometrics is the science of measuring and analyzing biological data. It is used to uniquely identify individuals by their physical characteristics or personal behavior traits.The results from scrutiny of various themes including unimodal, multimodal, physiological, behavioural bio-metrics. Bio-metrics, Physiological and behavioural are compared in the review. The article addresses a particular aspect of utilizing biometrics for authentication, identification and access control. The use of systems like fingerprint, face recognition, hand geometry, Palm print, DNA analysis, iris recognition, retina and odour/scent will be dealt with herewith. This study deals with various applications of this technology, like surveillance, employee identification, device access etc with mentions respective of hardware used. The influence of such features is yet to be documented properly, but it is safe to say that it has been a huge step towards better information security and identification control.Over the course of this text, we will try to bring to light our analysis of the subject and provide an in-depth examination of contemporary and futuristic technologies pertaining to this field.
Campbell, William J.
The objective of this research is to develop technology for the automated characterization and interactive retrieval and visualization of very large, complex scientific data sets. Technologies will be developed for the following specific areas: (1) rapidly archiving data sets; (2) automatically characterizing and labeling data in near real-time; (3) providing users with the ability to browse contents of databases efficiently and effectively; (4) providing users with the ability to access and retrieve system independent data sets electronically; and (5) automatically alerting scientists to anomalies detected in data.
Alstone, Peter; Gershenson, Dimitry; Kammen, Daniel M.
Innovative approaches are needed to address the needs of the 1.3 billion people lacking electricity, while simultaneously transitioning to a decarbonized energy system. With particular focus on the energy needs of the underserved, we present an analytic and conceptual framework that clarifies the heterogeneous continuum of centralized on-grid electricity, autonomous mini- or community grids, and distributed, individual energy services. A historical analysis shows that the present day is a unique moment in the history of electrification where decentralized energy networks are rapidly spreading, based on super-efficient end-use appliances and low-cost photovoltaics. We document how this evolution is supported by critical and widely available information technologies, particularly mobile phones and virtual financial services. These disruptive technology systems can rapidly increase access to basic electricity services and directly inform the emerging Sustainable Development Goals for quality of life, while simultaneously driving action towards low-carbon, Earth-sustaining, inclusive energy systems.
Mur Escartín, Olga
The thesis consist in the study and evaluation of different methods for face recognition. The final objective is to select the most suitable techniques for face detection and recognition. Some of these techniques will be intergrated in a real time demontrator which will be a preliminary prototype that will have to work in controlled conditions (for ilumination and pose) and with reduced databases. The demonstrator will be done in Matlab and the main image acquisition rotines and face detectio...
P. L. Wessels
Full Text Available One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.
Eles, Petru; Doboli, Alex; Pop, Paul;
of control. Our goal is to derive a worst case delay by which the system completes execution, such that this delay is as small as possible; to generate a logically and temporally deterministic schedule; and to optimize parameters of the communication protocol such that this delay is guaranteed. We......, generates an efficient bus access scheme as well as the schedule tables for activation of processes and communications....
Htoo Aung Maw
Full Text Available Wireless sensor networks (WSNs have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.
With enlargement of the enterprise's size and improvement of the informatzation level, more and more enterprises adopt information system to enhance their competing ability. To solve the problem of dynamic control on the user's authorization, an access control mechanism based on trust is proposed. Based on the evaluation of the user's trust degree the user in its access to the enterprise information system is dynamically authorized and controlled, thus the security of the enterprise information system improved.%随着企业规模的不断扩大及信息化水平的不断提高，越来越多的企业采用信息系统提升其竞争力。针对企业信息系统不能对访问用户进行动态授权的问题，文中提出了一种基于信任的企业信息系统访问控制机制，根据用户行为对用户信任度进行评估，参照用户信任度对用户进行动态授权，对访问企业信息系统的用户权限进行动态控制，提高了企业信息系统的安全性。
Carmem Lúcia Batista
Recently, in November 2011, it was published the law on access to public information, legal and historic mark in the struggle for human rights in Brazil. This achievement is the result of a process marked by denial of access to public archives, as it was the case of the Araguaia Guerrilla, valuing the culture of secrecy, abuse of power and relations between public and private in Brazil. Thus, the aim of this paper is to present a brief history about the control of access to public information...
刘武; 段海新; 张洪; 任萍; 吴建平
访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.
As the number of power exchanges among utilities grows and transmission lines are loaded more heavily, it becomes increasingly difficult to manage power-system access. A study sponsored by the Electric Power Research Institute (EPRI) identifies two analysis techniques that can provide more detailed line-use information to help utilities ensure continued reliability. After meeting internal needs, a utility agrees on usage price and terms with other power suppliers and users that want to transfer power across its lines. This is known as wheeling. However, such transactions affect the loading of lines belonging to other utilities. As a result, no utility can actually control who uses its transmission system. Many utilities would like a way to monitor power flows on their systems to improve the economy and reliability of operation. The EPRI-sponsored study, conducted by Casazza, Schultz, Associates (CSA), Arlington, VA, identifies ways that computer methods can help utilities cope with increased line access.
Stieghahn, Michael; Engel, Thomas
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for exa...
In this thesis we wanted to present the project that was made for a smaller hotel in Nova Gorica. The goal was to create an application for managing access control according to customer's wishes as well as to introduce the system into the existent infrastructure. The first step was to define what access control actually means. In broad terms it is divided into RFID – radio-frequency identification and biometric identification. Both have their strengths and their weaknesses. Next step was choo...
Miettinen, Markus; Heuser, Stephan; Kronz, Wiebke; Sadeghi, Ahmad-Reza; Asokan, N.
We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context se...
The EU DataGrid has deployed a grid testbed at approximately 20 sites across Europe, with several hundred registered users. This paper describes authorisation systems produced by GridPP and currently used on the EU DataGrid Testbed, including local Unix pool accounts and fine-grained access control with Access Control Lists and Grid-aware filesystems, fileservers and web developement environments.
With the wide use of Windows 7, the UI designing of application software based on the Windows platform is more and more important. Consider the operating experience, knowledge background and sense in use of software by users, the UI design of access control management system that adapted to the users' logic makes it possible using software applications simply and efficiently by users. A kind of human-computer interaction,the operation logic,the integral design of the interface aesthetics of access control management system were discussed in this thesis, including the design principles and programming implementation, Especially focusing on the interface programming of Visual C++and the framework realization of the MFC class library of access control management system.%由于Windows7的广泛使用，基于Windows平台应用软件的UI设计越发显得重要，考虑用户在软件操作过程中的感受、使用背景和经验，符合用户使用逻辑的UI设计使得用户简单高效的使用门禁管理软件成为可能。讨论一种门禁控制管理系统的人机交互、操作逻辑、界面美观相关的整体设计，主要内容包含设计原则和编程实现，重点对门禁系统基于Visual C++编程工具和MFC类库的界面框架的实现进行了详细讨论。
Urbin, J.; /Fermilab
The DO cryogenic system is controlled by a TI565-PLC based control system. This allows the system to be unmanned when in steady state operation. System experts will need to be contacted when system parameters exceed normal operating points and reach alarm setpoints. The labwide FIRUS system provides one alarm monitor and communication link. An autodialer provides a second and more flexible alarm monitor and communication link. The autodialer monitors contact points in the control system and after receiving indication of an alarm accesses a list of experts which it calls until it receives an acknowledgement. There are several manufacturers and distributors of autodialer systems. This EN explains the search process the DO cryo group used to fmd an autodialer system that fit the cryo system's needs and includes information and specs for the unit we chose.
随着网络技术的进一步发展，Web服务（Web Services）技术逐渐被应用于各类管理系统中，Web服务本身具有组件模型无关性、平台无关性、编程语言无关性的优良特性，使得Web服务可以用于系统的集成。本文着重介绍一种基于Web服务的学生公寓门禁管理系统，从系统结构、系统设计模式、Web服务关键性技术等方面阐释系统的设计，构建于Web服务基础上的学生公寓门禁管理系统的数据能够被其它应用系统直接调用，用于高校信息系统集成化建设。%With the in-depth development of network technology, web services technology is gradually applied to vari-ous types of management systems. Web services can be used for the integration of the system due to the excellent characteristics of its own component model-independent, platform independent, programming language independence. In this paper, a kind of access control management system is designed for student apartments based on web services;the system design is illustrated with system architecture, system design patterns and web services critical technology. The data of building the students the apartment access control management system based on web services can be directly transferred by other applying system and applied for the other applications with the construction of university information systems integration.
According to the present problems in the transportation coach overload, a design of intelligent overload system of no-human consumption is presented. Using differential pressure sensor to distinguish the number of up-and-down is counted. When passengers number have been equal to capacity, there would be a warning signal and voice reminders, and the interior door would unlock immediately. If someone continue to get on, the door should shut down automatically to prevent overload,and realizing intelligent process control. Experiments show that the system is valuable or alleviating the pressure of traffic control and ensuring traffic safety.%针对目前交通运输中客车超载问题,提出一种无人力消耗的智能防超载系统.采用压差式传感嚣实现上下人数的判别和计数.当乘客达到车载客量时,发出报警信号和语音提醒,同时解锁防超载门,如果继续有人上车,防超载门立即关闭,达到阻止超员效果,从而实现智能化的过程控制.实验表明,该系统对减缳交通控制压力、保证交通安全等方面有一定的实用价值.
Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;
Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... information and secure federated IoT, this proposed model provides scalability, flexibility, and secure authority delegation for highly distributed system. The protocol evaluation results show that the capability creation and access mechanism of CCAAC is secure against a rigorous man-in-the-middle attack, e...
智能门禁系统基于TCP／IP技术，通过门磁设备反馈门锁的开闭状态，采用控制器实现远程开关门锁。与一卡通系统整合，通过卡片授权刷卡开门实现一体化管理，与教务系统排课模块整合实现门锁按照课表定制自动开启与关闭时间．与短信系统整合实现门锁异常状态短信报警。智能门禁系统的实现，是实现智能校园、智慧校园的重要步骤，通过系统的实施，重构了课室管理的业务流程，使管理工作从更人性化，更能符合高校管理业务的需要。%Intelligent access control system, based on TCP/IP technology, feedbacks the state of classrooms' doors by magnetic equip- ment, uses the controller to lock and unlock the doors remotely. The system can be integrated with the campus card system, curricu- lum scheduling module of educational management system and SMS system, can achieve integrated management by the method of card authorization, can achieve the switching time to lock and unlock the doors in accordance with curriculum, and send alarm mes- sages in the case of abnormal states. The implementation of intelligent access control system is an important step of smart campus and the business of classroom management can be reconstructed, makes the management more humane, can better meet the needs of campus business.
利用红外线传感器、指纹采集系统、摄像装置及LED数码管等器件，设计了红外热感指纹可视化门禁系统。它是利用红外热感装置感受光线及温度的变化，感光元件将实时光线信号值给控制电路，控制电路根据信号值，将会锁定LED人体感应开关，当人体通过该装置时，经过一系列电路处理，输出控制信号，从而自动打开或关闭摄像装置，以达到可视化目的，该系统以其设置和操作简洁、功能卓越等优点具有很大的发展空间和实用价值。%Using infrared sensors, the fingerprint acquisition system, cameras and LED digital tube, such as device design Infrared thermal fingerprint visualization entrance guard system.It uses the infrared thermal device to feel light and temperature ’s change. The sensor send the real-time ray signal to control circuit, which will lock LED human body induction switch according to the signal value.The control signal can be output when the human body go through the device with using a series of circuit processing,which can open or close automatically camera device in order to achieve visual purposes.The system has very big development space and practical value because of its the advantages of settings and simple operation, functional excellence.
Most telecommunication operators are currently deciding on how to respond to customers' needs stimulated by the synergy between compression coding of multimedia and the emergence of broadband digital networks. This paper describes a range of broadband access architectures under consideration in the full services access network initiative. All architectures have a common requirement for a broadband ATM PON. A common broadband PON applicable to many operators increases the world-wide market for the product. With greater production volumes manufacturers' costs reduce because of the experience curve effect making broadband access systems economic.
Zhang, Xuanping; Bullard, Kai McKeever; Gregg, Edward W.; Beckles, Gloria L.; Williams, Desmond E.; Barker, Lawrence E; Albright, Ann L.; Imperatore, Giuseppina
OBJECTIVE To examine the relationship between access to health care and diabetes control. RESEARCH DESIGN AND METHODS Using data from the National Health and Nutrition Examination Survey, 1999–2008, we identified 1,221 U.S. adults (age 18–64 years) with self-reported diabetes. Access was measured by current health insurance coverage, number of times health care was received over the past year, and routine place to go for health care. Diabetes control measures included the proportion of people...
Full Text Available Privacy preservation is a crucial problem in resource sharing and collaborating among multi-domains. Based on this problem, we propose a role-based access control model for privacy preservation. This scheme avoided the privacy leakage of resources while implementing access control, and it has the advantage of lower communication overhead. We demonstrate this scheme meets the IND-CCA2 semantic security by using random oracle. The simulation result shows this scheme has better execution efficiency and application effects.
Osadchiy, Alexey Vladimirovich
control. Highlights of my research include my proposal and experimental proof of principle of an optical coherent detection based optical access network architecture providing support for a large number of users over a single distribution fiber; a spectral amplitude encoded label detection technique for......This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges are...... arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...
Smith, Fred Hewitt
Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.
Muhammad Nabeel Tahir
Full Text Available Distributed and ubiquitous computing environments have brought enormous efficiency to the collection, manipulation and distribution of information and services. Although this efficiency has revolutionized countless organizations but it has also increased the threats to individual’s privacy because the information stored within the collection of heterogeneous distributed components is sensitive and requires some form of access control. The way to protect privacy in this age of information technology requires such access control system that can accommodate organization requirements to protect privacy of individuals with ease in management and administration of resources. Among those requirements, purpose inference is one of the major problems as the total access control decision mainly relies on the user intentions/purposed. This work in this paper is an attempt to provide purpose engineering semantics that we use for the proposed contextual role-based access control model (C-RBAC in order to comply with HIPAA.
Ramasastry, Jay; Wiedeman, Bob
Use of Code Division Multiple Access (CDMA) technology in terrestrial wireless systems is fairly well understood. Similarly, design and operation of Power Control in a CDMA-based system in a terrestrial environment is also well established. Terrestrial multipath characteristics, and optimum design of the CDMA receiver to deal with multipath and fading conditions are reliably established. But the satellite environment is different. When the CDMA technology is adopted to the satellite environment, other design features need to be incorporated (for example; interleaving, open-loop and closed-loop power control design, diversity characteristics) to achieve comparable level of system performance. In fact, the GLOBALSTAR LEO/MSS system has incorporated all these features. Contrary to some published reports, CDMA retains the advantages in the satellite environment that are similar to those achieved in the terrestrial environment. This document gives a description of the CDMA waveform and other design features adopted for mobile satellite applications.
vanDellen, Michelle R.; Hoyle, Rick H.
The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...
Full Text Available The relationship between users and resources is dyn amic in the cloud, and service providers and users are typically not in the same security do main. Identity-based security (e.g., discretionary or mandatory access control models c annot be used in an open cloud computing environment, where each resource node may not be fa miliar, or even do not know each other. Users are normally identified by their attributes o r characteristics and not by predefined identities. There is often a need for a dynamic acc ess control mechanism to achieve cross- domain authentication. In this paper, we will focus on the following three broad categories of access control models for cloud computing: (1 Role -based models; (2 Attribute-based encryption models and (3 Multi-tenancy models. We will review the existing literature on each of the above access control models and their varian ts (technical approaches, characteristics, applicability, pros and cons, and identify future research directions for developing access control models for cloud computing environments .
Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;
no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...... the identity-based capability-based access control approach as well as contextual information and secure federated IoT, this proposed model provides scalability and flexibility as well as secure authority delegation for highly distributed system....
陈卓; 骆婷; 石磊; 洪帆
Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.
ZHANG Shaomin; WANG Baoyi; ZHOU Lihua
PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
This book explains instrumentation control system, which mentions summary, basic theory, kinds, control device, and design of each instrumentation system. The contents of this book are introduction of instrumentation system, temperature detector, pressure sensor, flow detector, level detector, ingredient detector, signal convert and transmission, instructions, record and control of instrumentation system, PID controller control valve of instrumentation system, instrumentation equipment of water system, instrumentation facility of thermal power plant, examples of advance instrumentation facility and install and design of instrumentation system.
Dekker, M.A.C.; Etalle, S.; Gadducci, F.
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acce
Dekker, M.A.C.; Etalle, S.
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acc
Paulsen, M S; Andersen, M; Munck, A P;
OBJECTIVE: Denmark has a health care system with free and equal access to care irrespective of age and socio-economic status (SES). We conducted a cross-sectional study to investigate a possible association between SES and blood pressure (BP) control of hypertensive patients treated in general...... Statistics Denmark. The outcome measure was BP control defined as BP...
... Exchange Commission 17 CFR Part 240 Risk Management Controls for Brokers or Dealers With Market Access... Regulations#0;#0; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls... person other than a broker or dealer, to establish, document, and maintain a system of risk...
Meadow, Charles T.; And Others
Reports on design and rationale of Online Access to Knowledge, a computer intermediary developed by Online Access to Knowledge Project to enable users with little or no training or experience in bibliographic searching to conduct their own searches. Topics covered include software design, tutorials and assistance programs, and conclusions based on…
杜炤; 刘婷; 刘奇峰
As the network platform to support the collaboration in teaching,research and management activities of students,teachers and staff members of colleges and universities,campus social network system has gained increasing popularity and is becoming an important part of the digital campus.In order to combine campus social network system more closely with the ERP system of colleges and universities,in this paper,an access control model for business applications in campus social network system was designed and implemented based on role-based access control model,which also supports effective time for authorization,hierarchical authorization and permission delegation.With this model,campus social network system is expected to provide more flexible,convenient and thoughtful information services for students,teachers and staff members.%作为支持高校师生员工进行教学、科研和管理中的协作型活动的网络平台,高校校园社交网络日益受到关注并逐渐成为高校数字校园的重要组成部分.为了使校园社交网络与电子校务系统紧密结合,扩展了基于角色的访问模型,设计并实现了支持授权有效期、分级授权和权限代理的高校校园社交网络业务应用访问控制模型,从而为高校师生员工提供更加灵活、方便和周到的信息化服务.
Murine models are used extensively in biological and translational research. For many of these studies it is necessary to access the vasculature for the injection of biologically active agents. Among the possible methods for accessing the mouse vasculature, tail vein injections are a routine but critical step for many experimental protocols. To perform successful tail vein injections, a high skill set and experience is required, leaving most scientists ill-suited to perform this task. This can lead to a high variability between injections, which can impact experimental results. To allow more scientists to perform tail vein injections and to decrease the variability between injections, a vascular access system (VAS) that semi-automatically inserts a needle into the tail vein of a mouse was developed. The VAS uses near infrared light, image processing techniques, computer controlled motors, and a pressure feedback system to insert the needle and to validate its proper placement within the vein. The VAS was tested by injecting a commonly used radiolabeled probe (FDG) into the tail veins of five mice. These mice were then imaged using micro-positron emission tomography to measure the percentage of the injected probe remaining in the tail. These studies showed that, on average, the VAS leaves 3.4% of the injected probe in the tail. With these preliminary results, the VAS system demonstrates the potential for improving the accuracy of tail vein injections in mice. (paper)
The ever increasing number of vehicles in most metropolitan cities around the world and the limitation in altering the transportation infrastructure, led to serious traffic congestion and an increase in the travelling time. In this work we exploit the emergence of novel technologies such as the internet, to design an intelligent Traffic Management System (TMS) that can remotely monitor and control a network of traffic light controllers located at different sites. The system is based on utilizing Embedded Web Servers (EWS) technology to design a web-based TMS. The EWS located at each intersection uses IP technology for communicating remotely with a Central Traffic Management Unit (CTMU) located at the traffic department authority. Friendly GUI software installed at the CTMU will be able to monitor the sequence of operation of the traffic lights and the presence of traffic at each intersection as well as remotely controlling the operation of the signals. The system has been validated by constructing a prototype that resembles the real application.
Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.
In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures-having in this case...... distributed master devices acting as access points- and also pure peer-to-peer interactions inside the PN. Taking benefit from the modularity and scalability of the design, this solution can be extended into supporting coalitions of different security domains, deriving from the creation of PNs federations....
This paper reports that the computer system for NPP personnel training was developed for training centers in the Soviet Union. The system should be considered as the first step in training, taking into account that further steps are to be devoted to part-task and full scope simulator training. The training room consists of 8-12 IBM PC/AT personal computers combined into a network. A trainee accesses the system in a dialor manner. Software enables the instructor to determine the trainee's progress in different subjects of the program. The quality of any trainee preparedness may be evaluated by Knowledge Control operation. Simplified dynamic models are adopted for separate areas of the program. For example, the system of neutron flux monitoring has a dedicated model. Currently, training, requalification and support of professional qualifications of nuclear power plant operators is being emphasized. A significant number of emergency situations during work are occurring due to operator errors. Based on data from September-October 1989, more than half of all unplanned drops in power and stoppages of power plants were due to operator error. As a comparison, problems due to equipment malfunction accounted for no more than a third of the total. The role of personnel, especially of the operators, is significant during normal operations, since energy production costs as well as losses are influenced by the capability of the staff. These facts all point to the importance of quality training of personnel
Full Text Available Personalization and adaptation to the user profile capability are the hottest issues to ensure ambientassisted living and context awareness in nowadays environments. With the growing healthcare andwellbeing context aware applications, modeling security policies becomes an important issue in thedesign of future access control models. This requires rich semantics using ontology modeling for themanagement of services provided to dependant people. However, current access control models remainunsuitable due to lack of personalization, adaptability and smartness to the handicap situation.In this paper, we propose a novel adaptable access control model and its related architecture in whichthe security policy is based on the handicap situation analyzed from the monitoring of user’s behavior inorder to grant a service using any assistive device within intelligent environment. The design of ourmodel is an ontology-learning and evolving security policy for predicting the future actions of dependentpeople. This is reached by reasoning about historical data, contextual data and user behavior accordingto the access rules that are used in the inference engine to provide the right service according to theuser’s needs.
Vyskub, V. G.; Rozov, B. S.; Savelev, V. I.
This book is concerned with the characteristics of digital control systems of great accuracy. A classification of such systems is considered along with aspects of stabilization, programmable control applications, digital tracking systems and servomechanisms, and precision systems for the control of a scanning laser beam. Other topics explored are related to systems of proportional control, linear devices and methods for increasing precision, approaches for further decreasing the response time in the case of high-speed operation, possibilities for the implementation of a logical control law, and methods for the study of precision digital control systems. A description is presented of precision automatic control systems which make use of electronic computers, taking into account the existing possibilities for an employment of computers in automatic control systems, approaches and studies required for including a computer in such control systems, and an analysis of the structure of automatic control systems with computers. Attention is also given to functional blocks in the considered systems.
Elvio João Leonardo; Ailton Akira Shinoda
A number of issues distinguishes Medium Access Control (MAC) protocols for wireless networks from those used in wireline systems. In addition, for ad-hoc networks, the characteristics of the radio channel, the diverse physical-layer technologies available and the range of services envisioned make it a difficult task to design an algorithm to discipline the access to the shared medium that results efficient, fair, power consumption sensitive and delay bound. This article presents the current “...
Wilson, David G.; Robinett, III, Rush D.
A control system design method and concomitant control system comprising representing a physical apparatus to be controlled as a Hamiltonian system, determining elements of the Hamiltonian system representation which are power generators, power dissipators, and power storage devices, analyzing stability and performance of the Hamiltonian system based on the results of the determining step and determining necessary and sufficient conditions for stability of the Hamiltonian system, creating a stable control system based on the results of the analyzing step, and employing the resulting control system to control the physical apparatus.
Potnis, Rohit R.; Sathaye, Archana S.
In this paper we provide a concurrency control and recovery (CCR) mechanism over cached LDAP objects. An LDAP server can be directly queried using system calls to retrieve data. Existing LDAP implementations do not provide CCR mechanisms. In such cases, it is up to the application to verify that accesses remain serialized. Our mechanism provides an independent layer over an existing LDAP server (Sun One Directory Server), which handles all user requests, serializes them based on 2 Phase Locking and Timestamp Ordering mechanisms and provides XML-based logging for recovery management. Furthermore, while current LDAP servers only provide object-level locking, our scheme serializes transactions on individual attributes of LDAP objects (attribute-level locking). We have developed a Directory Enabled Network (DEN) Simulator that operates on a subset of directory objects on an existing LDAP server to test the proposed mechanism. We perform experiments to show that our mechanism can gracefully address concurrency and recovery related issues over and LDAP server.
Magableh, Amer M.
Femtocells can be employed in cellular systems to enhance the indoor coverage, especially in the areas with high capacity growing demands and high traffic rates. In this paper, we propose an efficient resource utilization protocol, named as shared access protocol (SAP), to enable the unauthorized macrocell user equipment to communicate with partially closed-access femtocell base station to improve and enhance the system performance. The system model considers a femtocell that is equipped with a total of N separated antennas or channels to multiplex independent traffic. Then, a set of N1 channels is used for closed access only by the authorized users, and the remaining set of channel resources can be used for open access by either authorized or unauthorized users upon their demands and spatial locations. For this system model, we obtain the signal-to-interference ratio characteristics, such as the distribution and the moment generating function, in closed forms for two fading models of indoor and outdoor environments. The signal-tointerference ratio statistics are then used to derive some important performance measures of the proposed SAP in closed form, such as the average bit error rate, outage probability, and average channel capacity for the two fading models under consideration. Numerical results for the obtained expressions are provided and supported by Monte Carlo simulations to validate the analytical development and study the effectiveness of the proposed SAP under different conditions. Copyright © 2012 John Wiley and Sons, Ltd.
Liu, Hong; Gliese, Ulrik Bo; Dittmann, Lars
In this paper, we propose a hybrid medium access control protocol for supporting broadband integrated services in the wireless ATM networks. The integrated services include CBR, VBR and ABR traffic varying from low bit-rate to very high bit-rate. The proposed protocol is an excellent compromise of...... contention, reservation and polling access techniques based on the dynamic TDMA system. Extensive simulation results using realistic data traffic sources, show that the proposed medium access scheme may provide QoS guarantees to different ATM traffic including the realistic MPEG video traces with low cell...
A plant control system is being designed for a gas-cooled fast breeder reactor (GCFR) demonstration plant. Control analysis is being performed as an integral part of the plant design process to ensure that control requirements are satisfied as the plant design evolves. The load control portion of the plant control system provides stable automatic (closed-loop) control of the plant over the 25% to 100% load range. Simulation results are presented to demonstrate load control system performance. The results show that the plant is controllable at full load with the control system structure selected, but gain scheduling is required to achieve desired performance over the load range
Pitts, Lee; McNair, Ann R. (Technical Monitor)
The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.
Fedorova, Alexandra; Seltzer, Margo I.; Magoutis, Kostas; Addetia, Salimah
The Direct Access File System (DAFS) is a distributed file system built on top of direct-access transports (DAT). Direct-access transports are characterized by using remote direct memory access (RDMA) for data transfer and user-level networking. The motivation behind the DAT-enabled distributed file system architecture is the reduction of the CPU overhead on the I/O data path. In collaboration with Duke University we have created and made available an open-source implementation of DAFS for th...
This thesis is focused on internal control system. The aim of this thesis is to analyse the development and elements of internal control system, and then demonstrate the possible form of the internal control system in practice. The thesis is divided into two parts -- theoretical and practical. The beginning of the theoretical part is devoted to characteristics of internal controls and their relation to internal control, attention is also paid to economic crimes which the internal control syst...
QIN Zhong-yuan; Chen, Qi; Lv, You; Qiang, Yong; GUO Ai-wen; SHEN Ri-sheng; Zhang Qunfang
Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improve...
Jones, PL; Hoymr, N; CERN. Geneva. IT Department
Wikis allow for easy collaborative editing of documents on the web for users located in different buildings, cities or even countries. TWiki culture lends to open free form editing and most pages are world readable and editable by CERN authenticated users, however access control is possible and is used to protect sensitive documents. This note discusses the integration of E-groups for authorisation purposes at CERN.
Fafoutis, Xenofon; Dragoni, Nicola
ODMAC (On-Demand Media Access Control) is a recently proposed MAC protocol designed to support individual duty cycles for Energy Harvesting — Wireless Sensor Networks (EH-WSNs). Individual duty cycles are vital for EH-WSNs, because they allow nodes to adapt their energy consumption to the ever...... three key properties of EH-WSNs: adaptability of energy consumption, distributed energy-aware load balancing and support for different application-specific requirements....
Zhang, Nien Fan; Yao, L.; Nenadic, A.; Chin, J.; Goble, C.; Rector, A.; Chadwick, David W; Otenko, Sassa; Shi, Q.
In a virtual organization environment, where services and data are provided and shared amongorganizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication strengths derived from the authentication methods and tokens should be incorporated into an access-control decision-making process, so that more sen...
Flora, Cornelia B.
Metadata only record Developing sustainability in an agricultural ecosystem requires that attention be given to inequities within communities. The experiences of SANREM CRSP revealed that gender inequality was a significant factor in the access and control of resources that were critical for the projects reaching their goals. Among the resources of financial, manufactured, human, environmental, and social capital, enhancing social capital among women was a crucial component of plans for in...
S. R. KODITUWAKKU
The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC). Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.
S. R. KODITUWAKKU
Full Text Available The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC. Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.
Guoping Zhang; Jing Liu
the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue ...
朱葛俊; 张硕; 朱文龙
The security of dormitory is related to the teaching and life order of school.According to the characteristics of dormitory,barrier-free access control system was developed based on RFID technology and multimedia video technology.Real-time,safely and effi%学生公寓的安全关系到学校的正常教学和生活秩序。根据学生公寓的特点,开发了基于无线射频识别技术和多媒体视频技术相结合的无障碍门禁系统。该系统在不妨碍学生正常通行的情况下,实现了学生公寓管理的实时、安全和高效,较好地解决了学生公寓管理的一些难题。
Jang, Bokman; Jang, Hyokyung; Choi, Euiin
Applications in context-aware computing environment will be connected wireless network and various devices. According to, recklessness access of information resource can make trouble of system. So, access authority management is very important issue both information resource and adapt to system through founding security policy of needed system. But, existing security model is easy of approach to resource through simply user ID and password. This model has a problem that is not concerned about user's environment information. In this paper, propose model of automated context-aware access control using ontology that can more efficiently control about resource through inference and judgment of context information that collect user's information and user's environment context information in order to ontology modeling.
王茜; 王富强; 傅鹤岗; 朱庆生
In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.
刘福强; 李威; 李镞
The technology of ethernet-port authentication and access controling based on 802 .1x protocal has many ad-vantages ,such as high efficiency ,is designed and built ,flexible application and easy operation .In this paper ,access-contro-ling system based on 802 .1x protocal is designed and built ,the key technical problems are researched ,such as the security mode of EAP-TLS and the efficiency of USBKEY authentication .%基于802．1x 协议的以太网端口认证与接入控制技术具有简洁高效、容易实现、应用灵活以及易于运营等诸多特点和优点。文章通过对802．1x 等相关协议的研究与分析，设计并实现了基于该协议的安全接入控制系统，并对基于EAP-TLS 的安全认证方式、基于 USBKEY 认证方式效率等关键问题进行了深入分析。
Liao, Yu-Ting; Chen, Tzer-Shyong; Chen, Tzer-Long; Chung, Yu-Fang; Chen, Yu- Xin; Hwang, Jen-Hung; Wang, Huihui; Wei, Wei
This study is showing the advantage of mobile agents to conquer heterogeneous system environments and contribute to a virtual integrated sharing system. Mobile agents will collect medical information from each medical institution as a method to achieve the medical purpose of data sharing. Besides, this research also provides an access control and key management mechanism by adopting Public key cryptography and Lagrange interpolation. The safety analysis of the system is based on a network attacker's perspective. The achievement of this study tries to improve the medical quality, prevent wasting medical resources and make medical resources access to appropriate configuration. PMID:27010391
Oliver Zhen Li; Xijia Su; Zhifeng Yang
We study the effect of state control on capital allocation and investment in China, where the government screens prospective stock issuers. We find that state firms are more likely to obtain government approval to conduct seasoned equity offerings than non-state firms. Further, non-state firms exhibit greater sensitivities of subsequent investment and stock performance to regulatory decisions on stock issuances than state firms. Our work suggests that state control of capital access distorts resource allocation and impedes the growth of non-state firms. We also provide robust evidence that financial constraints cause underinvestment.
A control system to aid mobility is presented that is intended to assist living independently and that provides physical guidance. The system has two levels: a human machine interface and an adaptive shared controller.
Ban Sharief Mustafa
Full Text Available Java Agent Development Framework (JADE is a software framework to make easy the development of Multi-Agent applications in compliance with the Foundation for Intelligent Physical Agents (FIPA specifications. JADE propose new infrastructure solutions to support the development of useful and convenient distributed applications. Security is one of the most important issues in implementing and deploying such applications. JADE-S security add-ons are one of the most popular security solutions in JADE platform. It provides several security services including authentication, authorization, signature and encryption services. Authorization service will give authorities to perform an action based on a set of permission objects attached to every authenticated user. This service has several drawbacks when implemented in a scalable distributed context aware applications. In this paper, an ontology-based access control model called (OJADEAC is proposed to be applied in JADE platform by combining Semantic Web technologies with context-aware policy mechanism to overcome the shortcoming of this service. The access control model is represented by a semantic ontology, and a set of two level semantic rules representing platform and application specific policy rules. OJADEAC model is distributed, intelligent, dynamic, context-aware and use reasoning engine to infer access decisions based on ontology knowledge.
Krithivasan, Kamala; Paun, Gheorghe; Ramanujan, Ajeesh; Research Group on Natural Computing (Universidad de Sevilla) (Coordinador)
We introduce and brie y investigate P systems with controlled computations. First, P systems with label restricted transitions are considered (in each step, all rules used have either the same label, or, possibly, the empty label, ), then P systems with the computations controlled by languages (as in context-free controlled grammars). The relationships between the families of sets of numbers computed by the various classes of controlled P systems are investigated, also comp...
韩伟力; 陈刚; 尹建伟; 董金祥
Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.
Full Text Available We present an energy analysis technique applicable to medium access control (MAC and multihop communications. Furthermore, the technique's application gives insight on using multihop forwarding instead of single-hop communications. Using the technique, we perform an energy analysis of carrier-sense-multiple-access (CSMA- based MAC protocols with sleeping schemes. Power constraints set by battery operation raise energy efficiency as the prime factor for wireless sensor networks. A detailed energy expenditure analysis of the physical, the link, and the network layers together can provide a basis for developing new energy-efficient wireless sensor networks. The presented technique provides a set of analytical tools for accomplishing this. With those tools, the energy impact of radio, MAC, and topology parameters on the network can be investigated. From the analysis, we extract key parameters of selected MAC protocols and show that some traditional mechanisms, such as binary exponential backoff, have inherent problems.
Bolshakov, Kirill; Reshetova, Elena
FreeBSD was one of the first widely deployed free operating systems to provide mandatory access control. It supports a number of classic MAC models. This tutorial paper addresses exploiting this implementation to enforce typical enterprise security policies of varying complexities.
Today, technology has progressed to allow us to capture our lives digitally such as taking pictures, recording videos and gaining access to WiFi to share experiences using smartphones. People’s lifestyles are changing. One example is from the traditional memo writing to the digital lifelog. Lifelogging is the process of using digital tools to collect personal data in order to illustrate the user’s daily life (Smith et al., 2011). The availability of smartphones embedded with different sensors...
The European Union (EU) looks for external experts'opinion on public and political issues when its staff lacks sufficient standard of efficiency on particular topics. It was the case when the EU had to deal with the upgrading of safety in the nuclear power plants of eastern countries that wanted to join the union. The expert work has been provided by French and German nuclear industries. The author points out the danger of expert work: only one side of the issue may be taken into account and the chosen experts may be not independent enough from nuclear or anti-nuclear lobbyists. The author shows that expert work is necessary, has to be controlled, and has more and more often a political side: it can be challenged by counter-valuations demanded by other European administrations. The author asks for more transparency and for a fair line of conduct to follow. (A.C.)
Bertrand, Yoann; Blay-Fornarino, Mireille; Boudaoud, Karima; Riveill, Michel
In order to protect resources from unauthorized access and data leakage in companies, security experts and administrators can use mechanisms such as Access Control (AC) and Transmission Control (TC). Both AC and TC are based on policies that are defined, modified and revoked by these experts. However, policy management can be a time-consuming and tiresome task, especially when both mechanisms are used on large sets of users and resources. Moreover, contradictions between AC and TC policies ca...
Stefan Victor Lefter
Full Text Available With the advent of Radio Frequency Identification technologies or RFID for short, different types of products and security-relevant applications have been developed for use in fields and businesses like: inventory management, product tracking, access control, passports or transport fare collection. Even though RFID has been around for quite some time, there are some types of businesses like theme parks, water parks or music festivals that haven’t yet tested the benefits that this technology brings. This paper focuses on presenting advantages and disadvantages of using an unified access control and electronic wallet system based on RFID cards like MiFare tags as an alternative to existing ticket/currency access and payment systems employed by the majority of the businesses mentioned above.
Full Text Available The spectrum scarcity problem emerged in recent years, due to unbalanced utilization of RF (radio frequency bands in the current state of wireless spectrum allocations. Spectrum access scheduling addresses challenges arising from spectrum sharing by interleaving the channel access among multiple wireless systems in a TDMA fashion. Different from cognitive radio approaches which are opportunistic and noncollaborative in general, spectrum access scheduling proactively structures and interleaves the channel access pattern of heterogeneous wireless systems, using collaborative designs by implementing a crucial architectural component—the base stations on software defined radios (SDRs. We discuss our system design choices for spectrum sharing from multiple perspectives and then present the mechanisms for spectrum sharing and coexistence of GPRS+WiMAX and GPRS+WiFi as use cases, respectively. Simulations were carried out to prove that spectrum access scheduling is an alternative, feasible, and promising approach to the spectrum scarcity problem.
Kaiser, Mary Elizabeth; Morris, Matthew J.; McCandliss, Stephan R.; Rasucher, Bernard J.; Kimble, Randy A.; Kruk, Jeffrey W.; Pelton, Russell; Mott, D. Brent; Wen, Hiting; Foltz, Roger; Quijada, Manuel A.; Gum, Jeffery S.; Gardner, Jonathan P.; Kahle, Duncan M.; Benford, Dominic J.; Woodgate, Bruce E.; Wright, Edward L.; Feldman, Paul D.; Hart, Murdock; Moos, H. Warren; Reiss, Adam G.; Bohlin, Ralph; Deustua, Susana E.; Dixon, W. V.; Sahnow, David J.
Establishing improved spectrophotometric standards is important for a broad range of missions and is relevant to many astrophysical problems. ACCESS, "Absolute Color Calibration Experiment for Standard Stars", is a series of rocket-borne sub-orbital missions and ground-based experiments designed to enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 -1.7 micrometer bandpass.
The thesis describes a smart house and the system that empowers it with intelligence. The goal of the thesis is to present the hardware and software involved and debate about the usability, pros and cons of such a system. The work addresses the smart house from several viewpoints: safety, comfort, economy, accessibility for people with special needs and affordability. Using smart house makes every day´s life more secure and comfortable, while it also enables independency to the people with sp...
Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.
Moreno, Lourdes; Iglesias, Ana; Calvo, Rocío; Delgado, Sandra; Zaragoza, Luis
Currently, the great majority of institutions of higher education use Learning Content Management Systems (LCMSs) and Learning Management Systems (LMS) as pedagogical tools. In order to make these systems accessible to all students, it is important to take into account not only educational standards, but also standards of accessibility. It is essential to have with procedures and well-established method for evaluating these tools, so in this paper we propose a method for evaluatin...
Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.
Jazdi, N. [Stuttgart Univ. (Germany). Inst. fuer Automatisierungs- und Softwaretechnik
This article describes a flexible and extensible infrastructure for applying Web-Technologies to embedded systems.The presented approach develops a Three-level-Architecture consisting of the embedded system, the universal Remote-Access-Server and the Remote-Access-Client. A system-spanning general interface allows the binding of embedded systems in order to access their process data. Additionally, this procedure facilitates a flexible processing of the device data, so that it is ready to be used by different control devices. To ensure flexibility - connecting different devices on the one side and providing information for different clients like PC, PDA or mobile phone on the other side - a new XML-based description language (Service Description Markup Language - SDML) is introduced. The SDML documents contain information about connected embedded systems, reusable device data and the presentation policies for different clients. These documents are specifically created for each device. Applying the suggested procedure, different embedded systems can be connected to the Internet with minimum hardware and software requirements/costs. Software components of the Remote-Access-Server, once developed, can be used and applied to various devices which lead to a reduction of the development costs. The user can use an ordinary web browser to communicate with the devices and does not need to install any additional software on his local computer. (orig.) (orig.)
The SSRF power supply control system is a fully distributed control system based on the EPICS system. About 65K runtime database records run in the 27 VME/IOC controllers to make physics access more than 600 sets of power' supplies distributed in the SSRF facility. In this paper, the layered system architecture and its working principles are introduced. The EPICS-based control solutions for the PSI-designed and SINAP-designed digital controllers are described. The hardware and software, together with the communication technology applied in the system, are presented. (authors)
Shi, Jianyang; Fang, Yuan; Chi, Nan
We propose and experimentally demonstrate time division multiplexed orbital angular momentum (OAM) access system to increase transmission capacity and spectral efficiency. In this system, data carried on different time tributaries share the same OAM mode. Multiple time division multiplexed OAM modes are multiplexed to realize two-dimensional (time dimension and OAM dimension) multiplexing. Therefore, the capacity and spectral efficiency of the access system will increase. The orthogonality between optical time division multiplexing (OTDM) and OAM techniques is also verified in our experiment. In a proof-of-concept experiment, 2×5-Gbps return-to-zero signal over OAM mode +4 is transmitted and investigated. The bit error ratio performance after transmission in this system can be smaller than 1×10-9. Results show that the proposed time division multiplexed OAM access system is suitable for future broadband access network.
Oleiro Seabra, Luis Filipe; The ATLAS collaboration
ALFA (Absolute Luminosity For ATLAS) is one of the sub-detectors of ATLAS (A Toroidal LHC Apparatus). The ALFA system is composed by four stations installed in the LHC tunnel 240 m away from the ATLAS interaction point. Each station has a vacuum and ventilation system, movement control and all the required electronics for signal processing. The Detector Control System (DCS) provides control and monitoring of several components and ensures the safe operation of the detector contributing to good Data Quality. This paper describes the ALFA DCS system including a detector overview, operation aspects and hardware control through a SCADA system, WinCC OA.
Oleiro Seabra, Luis Filipe; The ATLAS collaboration
ALFA (Absolute Luminosity For ATLAS) is one of the sub-detectors of ATLAS/LHC. The ALFA system is composed by two stations installed in the LHC tunnel 240 m away from each side of the ATLAS interaction point. Each station has a vacuum and ventilation system, movement control and all the required electronic for signal processing. The Detector Control System (DCS) provides control and monitoring of several components and ensures the safe operation of the detector contributing to good Data Quality. This paper describes the ALFA DCS system including a detector overview, operation aspects and hardware control through a SCADA system, WinCC OA.
Sánchez-Artigas, Marc; García-López, Pedro
In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.
The main objective of the modular control system is to provide the requirements to most of the processes supervision and control applications within the industrial automatization area. The design is based on distribution, modulation and expansion concepts. (Author)
"Presents a unified approach to the fundamental issues in motion control, starting from the basics and moving through single degree of freedom and multi-degree of freedom systems In Motion Control Systems, Šabanovic and Ohnishi present a unified approach to very diverse issues covered in motion control systems, offering know-how accumulated through work on very diverse problems into a comprehensive, integrated approach suitable for application in high demanding high-tech products. It covers material from single degree of freedom systems to complex multi-body non-redundant and redundant systems. The discussion of the main subject is based on original research results and will give treatment of the issues in motion control in the framework of the acceleration control method with disturbance rejection technique. This allows consistent unification of different issues in motion control ranging from simple trajectory tracking to topics related to haptics and bilateral control without and with delay in the measure...
It introduces a nuclear radiation monitoring simulation system of health access. The main parameters of the software and hardware design and the system structure are described, the development of similar simulation system to provide some help an d guidance, the system design is based on radiation monitor of NPQJVC. (authors)
Asim, Muhammad; Ignatenko, Tanya; Petkovic, Milan; Trivellato, Daniel; Zannone, Nicola
Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hierarchical attribute-based encryption (D-HABE) scheme that allows the insti...
Lin, S.; Costello, D. J., Jr.
In this report some shortened BCH codes for possible applications to large IC random-access memory systems are presented. These codes are given by their parity-check matrices. Encoding and decoding of these codes are discussed.
Mahmoud, Magdi S
Applied Control System Design examines several methods for building up systems models based on real experimental data from typical industrial processes and incorporating system identification techniques. The text takes a comparative approach to the models derived in this way judging their suitability for use in different systems and under different operational circumstances. A broad spectrum of control methods including various forms of filtering, feedback and feedforward control is applied to the models and the guidelines derived from the closed-loop responses are then composed into a concrete self-tested recipe to serve as a check-list for industrial engineers or control designers. System identification and control design are given equal weight in model derivation and testing to reflect their equality of importance in the proper design and optimization of high-performance control systems. Readers’ assimilation of the material discussed is assisted by the provision of problems and examples. Most of these e...
A system for optimizing a power plant includes a chemical loop having an input for receiving an input parameter (270) and an output for outputting an output parameter (280), a control system operably connected to the chemical loop and having a multiple controller part (230) comprising a model-free controller. The control system receives the output parameter (280), optimizes the input parameter (270) based on the received output parameter (280), and outputs an optimized input parameter (270) to the input of the chemical loop to control a process of the chemical loop in an optimized manner.
Since the last ICALEPCS, a small multi-region team has developed a reference design model for a control system for the International Linear Collider as part of the ILC Global Design Effort. The scale and performance parameters of the ILC accelerator require new thinking in regards to control system design. Technical challenges include the large number of accelerator systems to be controlled, the large scale of the accelerator facility, the high degree of automation needed during accelerator operations, and control system equipment requiring 'Five Nines' availability. The R and D path for high availability touches the control system hardware, software, and overall architecture, and extends beyond traditional interfaces into the technical systems. Software considerations for HA include fault detection through exhaustive out-of-band monitoring and automatic state migration to redundant systems, while the telecom industry's emerging ATCA standard - conceived, specified, and designed for High Availability - is being evaluated for suitability for ILC front-end electronics.
ZhangShuochengt; WangDan; QiaoWeimin; JingLan
All kinds of step motors and servomotors are widely used in CSR control system, such as many vacuum valves control that set on the HIRFL-CSR; all kinds of electric switches and knobs of ECR Ion Source; equipment of CSR Beam Diagnostics and a lot of large equipment like Inside Gun Toroid and Collector Toroid of HIRFL. A typical control system include up to 32 16-I/O Control boards, and each 16-I/O Control board can control 4 motors at the same time (including 8 Limit Switches).
Elvio João Leonardo
Full Text Available A number of issues distinguishes Medium Access Control (MAC protocols for wireless networks from those used in wireline systems. In addition, for ad-hoc networks, the characteristics of the radio channel, the diverse physical-layer technologies available and the range of services envisioned make it a difficult task to design an algorithm to discipline the access to the shared medium that results efficient, fair, power consumption sensitive and delay bound. This article presents the current “state-of-art” in this area, including solutions already commercially available as well as those still in study.
Studenick, D. K.; Tyler, A. L.; Squillari, W.
System stabilizes aximuth of gondolas which are carried by high-altitude balloons as platforms for tracking telescopes. When telescopes must be constantly aimed at specific targets, control system stabilizes gondola to within 5 arc-seconds.
The large carrier frequency shift caused by the high-speed movement of satellite (Doppler effects) and the propagation delay on the up-down link are very critical issues in an LEO satellite communication system, which affects both the selection and the implementation of a suitable access method. A Doppler based multiple access technique is used here to control the flow and an MPRMA-HS protocol is proposed for the application in LEO satellite communication systems. The extended simulation trials prove that the proposed scheme seems to be a very promising access method.
Discrete Control Systems establishes a basis for the analysis and design of discretized/quantized control systemsfor continuous physical systems. Beginning with the necessary mathematical foundations and system-model descriptions, the text moves on to derive a robust stability condition. To keep a practical perspective on the uncertain physical systems considered, most of the methods treated are carried out in the frequency domain. As part of the design procedure, modified Nyquist–Hall and Nichols diagrams are presented and discretized proportional–integral–derivative control schemes are reconsidered. Schemes for model-reference feedback and discrete-type observers are proposed. Although single-loop feedback systems form the core of the text, some consideration is given to multiple loops and nonlinearities. The robust control performance and stability of interval systems (with multiple uncertainties) are outlined. Finally, the monograph describes the relationship between feedback-control and discrete ev...
Wang, Shujuan; Liu, Qingtang
The virtual learning community is an important application pattern of E-Learning. It emphasizes the cooperation of the members in the community, the members would like to share their learning resources, to exchange their experience and complete the study task together. This instructional mode has already been proved as an effective way to improve the quality and efficiency of instruction. At the present time, the virtual learning communities are mostly designed using static access control policy by which the access permission rights are authorized by the super administrator, the super administrator assigns different rights to different roles, but the virtual and social characteristics of virtual learning community make information sharing and collaboration a complex problem, the community realizes its instructional goal only if the members in it believe that others will offer the knowledge they owned and believe the knowledge others offered is well-meaning and worthy. This paper tries to constitute an effective trust mechanism, which could promise favorable interaction and lasting knowledge sharing.
Sellers, David; Friedman, Hannah; Haasl, Tudi; Bourassa, Norman; Piette, Mary Ann
The ''Control System Design Guide'' (Design Guide) provides methods and recommendations for the control system design process and control point selection and installation. Control systems are often the most problematic system in a building. A good design process that takes into account maintenance, operation, and commissioning can lead to a smoothly operating and efficient building. To this end, the Design Guide provides a toolbox of templates for improving control system design and specification. HVAC designers are the primary audience for the Design Guide. The control design process it presents will help produce well-designed control systems that achieve efficient and robust operation. The spreadsheet examples for control valve schedules, damper schedules, and points lists can streamline the use of the control system design concepts set forth in the Design Guide by providing convenient starting points from which designers can build. Although each reader brings their own unique questions to the text, the Design Guide contains information that designers, commissioning providers, operators, and owners will find useful.
Haibo Shen; Yu Cheng
As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC) to be applied in mobile web services environment by combining ...
Muhammad Nabeel Tahir
Full Text Available Hierarchical representation is a natural way of organizing roles in role-based access control systems. Besides its advantages of providing a way of establishing parent-child relationships among different roles, it also provides a facility to design and organize context dependant application roles that users may activate depending on their current context (spatial, temporal conditions. In this paper, we show that if spatial roles are organized in hierarchical relationships, it can cause the problem of disambiguation in making access control decisions especially when the user moves from one location to another location frequently in a single transaction and a single session. We extend our work of Contextual Role-Based Access Control (C-RBAC by introducing hierarchical relationship among subject, location and purpose roles and solve the disambiguation problem in hierarchy by considering user motion direction and his/her context roles (spatial and spatial purpose in order to make more fine grained and better access control decisions.
Full Text Available At present methods for providing conditional access to restricted resources and applications for permitting personnel, such as military members, government agencies, or first-responders are not available. The conditional access is provided if the user is an authentic user in one of the authorized geographic location and is connected to specific base transceiver stations or base station controllers. In this work we introduce dominions for mobile security, which are designed to provide this conditional access, are adjustable and congenial with mobile cellular systems, and can run even without being connected to a devoted back-end network. The aim of the architecture is to provide users who satisfy specific pre-conditions access to restricted resources and applications to which they otherwise normally would not be granted access. These mobile security dominions not only provide strict security by authenticating the user and the geographic location of the device, but also prevent access to networks or resources outside of authorized areas and restrict unauthorized users.
Leve, Frederick A; Peck, Mason A
The goal of this book is to serve both as a practical technical reference and a resource for gaining a fuller understanding of the state of the art of spacecraft momentum control systems, specifically looking at control moment gyroscopes (CMGs). As a result, the subject matter includes theory, technology, and systems engineering. The authors combine material on system-level architecture of spacecraft that feature momentum-control systems with material about the momentum-control hardware and software. This also encompasses material on the theoretical and algorithmic approaches to the control of space vehicles with CMGs. In essence, CMGs are the attitude-control actuators that make contemporary highly agile spacecraft possible. The rise of commercial Earth imaging, the advances in privately built spacecraft (including small satellites), and the growing popularity of the subject matter in academic circles over the past decade argues that now is the time for an in-depth treatment of the topic. CMGs are augmented ...
Several kinds of computer systems are used to perform large helical device (LHD) experiments, and each produces its own data format. Therefore, it has been difficult to deal with these data simultaneously. In order to solve this problem, the Kaiseki server was developed; it has been facilitating the unified retrieval of LHD data. The data acquired or analyzed by various computer systems are converted into the unified ASCII format, or Kaiseki format, and transferred to the Kaiseki server. With this method, the researchers can visualize and analyze the data produced by various kinds of computers in the same way. Because validations are needed before registering on the Kaiseki server, it takes time to make the validated data available. However, some researchers need data as soon as it is gathered in order to adjust their instruments during the experiments. To satisfy this requirement, a new visualization system has been under development. The new system has two ways to visualize the data as physical values from the raw data. If the conversion task is not complex, the NIFSscope, a visualization tool, converts the raw data into physics data by itself. If the task is too complex to handle, it asks the ANACalc server to make physics data. When the ANACalc server receives a request, it delegates calculation programs to convert the acquired data into physics data. Because the interfaces between the server and the calculation processes are independent of programming languages and operating systems, the calculation processes can be placed on different computers and the server load can be reduced. Therefore, the system can respond to changes in requirements by replacing the calculation programs, and can easily be expanded by increasing the number of calculation servers
A system controller has been designed, built, tested, and in operation for one year at MIT/Lincoln Laboratory's 25-kW-peak Solar Photovoltaic Power System located at Mead, Nebraska. The controller allows the site to operate without human intervention, and has brought to light some of the problems of charge-control algorithms in a deep-discharge environment.
Full Text Available DCSK modulation in chaos communication is a robust non-coherent modulation scheme. In this paper, the multiple-access DCSK scheme based on the OVSF code is proposed. Using the multiple-access DCSK scheme in RFID system, a DCSK-RFID system is presented. In the presented DCSK-RFID system, we use the DCSK for tag modulation for its low complexity and the simple receiver of the DCSK scheme is applied in reader part. The tag’s BER performance of the proposed DCSK-RFID system is carefully generalized both in theoretic analysis and in simulations. From the simulation results, the theoretical and simulation values match closely with each other. Then, we design an anti-collision MAC protocol based on multi-access DCSK-RFID scheme. We theoretically analyze the throughout in given number of tags. The simulation shows that the proposed algorithm has better throughout than S-Aloha system
Full Text Available Banks play an important role in the financial sector, in the proper functioning of economic entities and in the economy as a whole, therefore over time the establishment of a functioning banking system capable of delivering a wide range of products and services to meet the requirements of all potential customers has been a permanent concern. Considering the economic and financial reality, both internationally and domestically, each country and therefore, Romania is interested in creating a solid banking system, enabling the appropriate organizational framework in order to ensure a development of the financial mechanisms. The banking system as the basic element of the financial system, allows an efficient allocation of resources in the economy and, in order to function properly, we need to know the risks they face:a slow economic growth may cause losses due to difficulties in repaying bank loans, due to lower sales or lower wages, changes in asset prices may cause financial losses to investors, decreasing a sector of the economy which has monopolized the banks’ and investors’ attention.
Over the past seven years, the Jefferson Lab's control system has grown to include more than two hundred distributed computers running over a complex segmented network, controlling a number of semi-independent operational plants. Several of the plants, including that used for running beam for physics users, operate around the clock with only brief, scheduled interruptions for machine repairs. Because of this, high control system availability is critical. Dividing computing resources into distinct sections, called fiefdoms, improves availability of the control system for each plant while facilitating periodic maintenance. In order to maximize uptime, each fiefdom operates as a completely independent control system consisting of a file server machine with a complete set of control system software and files, a local network, operator consoles and computers to execute high and low level control programs. The fiefdoms are isolated using network hardware, while still allowing limited communication between them. By segmenting the control system in this manner, the effect of a computer failure is minimized and machines can be taken down for periodic maintenance and upgrades without disabling other controls capabilities for the site
Jagadeesh Chandra A.P
Full Text Available Internet has revolutionized the way in which the information is delivered. Laboratory based courses play an important role in technical education. Automation is changing the nature of these laboratories and the system designer’s focus on Internet accessed experiments owing to the availability of several tools to integrate electronic and mechanical hardware with the World Wide Web. Stand-alone approaches in remote learning have grown tremendously in the recent years. One of the important components in remote experimentation is the integration of Virtual Instruments to perform real hardware tasks in near real-time. The paper describes a web interface to the electrical hardware and integration of LabVIEW Virtual Instruments to the remote access and control of DC Drives. Customized electrical hardware serves as the web interface, supporting various features to remotely control and measure the parameters of the electrical machine. Novel techniques have been used to interface a low power data acquisition system with the DC machine driven by the AC power supply. The system uses the client-server architecture to access the web page of the Virtual Instruments through web browser. The developed system imitates the real control of experiment hardware, but being operated remotely through Internet.
Engr. Prof Hyacinth C. Inyiama; Engr. Mrs Lois Nwobodo; Engr. Dr. Mrs. Christiana C. Okezie; Engr. Mrs. Nkolika O. Nwazor
GSM (Global system for mobile communication) based wireless database access for food and drug administration and control is a system that enables one to send a query to the database using the short messaging system (SMS) for information about a particular food or drug. It works in such a way that a user needs only send an SMS in order to obtain information about a particular drug produced by a pharmaceutical industry. The system then receives the SMS, interprets it and uses its contents to qu...
GODFREY A. MILLS; STEPHEN K. ARMOO; AGYEMAN K. ROCKSON; ROBERT A. SOWAH; MOSES A. ACQUAH
Irrigated agriculture is one of the primary water consumers in most parts of the world. With developments in technology, efforts are being channeled into automation of irrigation systems to facilitate remote control of the irrigation system and optimize crop production and cost effectiveness. This paper describes an on-going work on GSM based irrigation monitoring and control systems. The objective of the work is to provide an approach that helps farmers to easily access, manage and regulate ...
Drones, subscale vehicles like the Firebees, and full scale retired military aircraft are used to test air defense missile systems. The DFCS (Drone Formation Control System) computer, developed by IBM (International Business Machines) Federal Systems Division, can track ten drones at once. A program called ORACLS is used to generate software to track and control Drones. It was originally developed by Langley and supplied by COSMIC (Computer Software Management and Information Center). The program saved the company both time and money.
The design and implementation of a new computerized control system for the several devices of the magnetic spectrometer at TANDAR Laboratory is described. This system, as a main difference from the preexisting one, is compatible with almost any operating systems of wide spread use available in PC. This allows on-line measurement and control of all signals from any terminal of a computer network. (author)
LI Gang; WANG Ke-Xiang; ZHAO Ji-Jiu; YUE Ke-Juan; DAI Ming-Sui; HUANG Yi-Ling; JIANG Bo
A superconducting cryogenic system has been designed and deployed in the Beijing Electron-Positron Collider Upgrade Project(BEPCⅡ).The system consists of a Siemens PLC(ST-PLC,Programmable Logic Controller)for the compressor control,an Allen Bradley(AB)PLC for the cryogenic equipments,and the Experimental Physics and Industrial Control System(EPICS)that integrates the PLCs.The system fully automates the superconducting cryogenic control with process control,PID(Proportional-Integral-Differential)control loops,real-time data access and data storage,alarm handler and human machine interface.It is capable of automatic recovery as well.This paper describes the BEPCⅡ cryogenic control system,data communication between ST-PLC and EPICS Input/Output Controllers(IOCs),and the integration of the flow control,the low level interlock,the AB-PLC,and EPICS.
In this study, OPC and PLC based remote-access laboratory has been developed for synchronous motor control experiment. The monitoring and control of the parameters of synchronous motor has been realized using GPRS and Profi-Lab OPC Server through the visual programming language. In addition, S7-1200 CPU 1214 DC/DC/DC series PLC was used for control of the system. The motor parameters monitored in real-time by the user to visually is shown the effect of any change in the parameters of the moto...
Rapid and ongoing development in the energy sector has consequences for system control at all levels. In relation to system control and communication the control system is challenged in five important ways: 1) Expectations for security of supply, robustness and vulnerability are becoming more stringent, and the control system plays a big part in meeting these expectations. 2) Services are becoming increasingly based on markets that involve the transmission system operators (TSOs), generators and distribution companies. Timely, accurate and secure communication is essential to the smooth running of the markets. 3) Adding large amounts of renewable energy (RE) to the mix is a challenge for control systems because of the intermittent availability of many RE sources. 4) Increasing the number of active components in the system, such as small CHP plants, micro-CHP and intelligent loads, means that the system control will be much more complex. 5) In the future it is likely that power, heat, gas, transport and communication systems will be tighter coupled and interact much more. (au)
The present control system has matured both in terms of age and capacity. Thus a new system based on a local area network (LAN) is being developed. A pilot project has been started but, owing to difficulties encountered with the present operating system used with the microprocessors, it has become necessary to reconsider the choice of operating system. A recently-released multi-tasking operating system that runs on the existing hardware has been chosen. 1 fig
Carvalho, Ivo S., E-mail: email@example.com; Duarte, Paulo; Fernandes, Horácio; Valcárcel, Daniel F.; Carvalho, Pedro J.; Silva, Carlos; Duarte, André S.; Neto, André; Sousa, Jorge; Batista, António J.N.; Carvalho, Bernardo B.
Koponen, J.; Hakala, J.
Since 2010, the IGISOL research facility at the Accelerator laboratory of the University of Jyväskylä has gone through major changes. Comparing the new IGISOL4 facility to the former IGISOL3 setup, the size of the facility has more than doubled, the length of the ion transport line has grown to about 50 m with several measurement setups and extension capabilities, and the accelerated ions can be fed to the facility from two different cyclotrons. The facility has evolved to a system comprising hundreds of manual, pneumatic and electronic devices. These changes have prompted the need to modernize also the facility control system taking care of monitoring and transporting the ion beams. In addition, the control system is also used for some scientific data acquisition tasks. Basic guidelines for the IGISOL control system update have been remote control, safety, usability, reliability and maintainability. Legacy components have had a major significance in the control system hardware and for the renewed control system software the Experimental Physics and Industrial Control System (EPICS) has been chosen as the architectural backbone.
Trudnowski, Daniel [Montana Tech of the Univ. of Montana, Butte, MT (United States)
This report summarizes the results of the Load Control System Reliability project (DOE Award DE-FC26-06NT42750). The original grant was awarded to Montana Tech April 2006. Follow-on DOE awards and expansions to the project scope occurred August 2007, January 2009, April 2011, and April 2013. In addition to the DOE monies, the project also consisted of matching funds from the states of Montana and Wyoming. Project participants included Montana Tech; the University of Wyoming; Montana State University; NorthWestern Energy, Inc., and MSE. Research focused on two areas: real-time power-system load control methodologies; and, power-system measurement-based stability-assessment operation and control tools. The majority of effort was focused on area 2. Results from the research includes: development of fundamental power-system dynamic concepts, control schemes, and signal-processing algorithms; many papers (including two prize papers) in leading journals and conferences and leadership of IEEE activities; one patent; participation in major actual-system testing in the western North American power system; prototype power-system operation and control software installed and tested at three major North American control centers; and, the incubation of a new commercial-grade operation and control software tool. Work under this grant certainly supported the DOE-OE goals in the area of “Real Time Grid Reliability Management.”
Building a custom accelerator control system requires effort in the range of 30-100 person-years. This represents a significant investment of time, effort, and risk, as well as challenges for management. Even when the system is successful, the software has not yet been applied to the particular project; no custom control algorithms, either engineering or physics-based, have been implemented; and the system has not been documented for long-term maintenance and use. This paper reviews the requirements for sharing software between accelerator control system projects. It also reviews the three mechanisms by which control system software has been shared in the past and is being shared now, as well as some of the experiences. After reviewing the mechanisms and experiences, one can conclude there is no one best solution. The right software sharing mechanism depends upon the needs of the client site, the client resources available, and the services the provider can give
Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel;
Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC), are not...... complex access control decisions based on spatio-temporal relationships among subjects and objects. Furthermore, such relationships change frequently in dynamic environments, requiring efficient mechanisms to monitor and re-evaluate access control decisions. In this position paper, we present a healthcare...... emergency response scenario which highlights the novel challenges that arise when enforcing access control in an environment with moving subjects and objects. To address a realistic application scenario, we consider movement on road networks, and we identify complex access control decisions relevant to such...
... documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for... retention period. (d) Limiting system access to authorized individuals. (e) Use of secure, computer... 21 Food and Drugs 1 2010-04-01 2010-04-01 false Controls for closed systems. 11.10 Section...
This thesis is about automatic motion control systems for remotely operated vehicles (ROV). The work has focused on topics within guidance and navigation. In addition, a motion control system has been developed, implemented, tested and used on two ROVs in sea trials.The main motivation for the work has been the need to automate ROV tasks in order to make the ROV a more efficient tool for exploring the ocean space. Many parts of a motion control system for a ROV is similar to that of surface v...
Shea, T J
This lecture begins with a definition of an accelerator control system, and then reviews the control system architectures that have been deployed at the larger accelerator facilities. This discussion naturally leads to identification of the major subsystems and their interfaces. We shall explore general strategies for integrating intelligent devices and signal processing subsystems based on gate arrays and programmable DSPs. The following topics will also be covered: physical packaging; timing and synchronization; local and global communication technologies; interfacing to machine protection systems; remote debugging; configuration management and source code control; and integration of commercial software tools. Several practical realizations will be presented.
ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian
The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.
DongJinmei; YuanYoujin; ZhengJianhua
A Virtual Accelerator is a computer process which simulates behavior of beam in an accelerator and responds to the accelerator control program under development in a same way as an actual accelerator. To realize Virtual Accelerator, control system should provide the same program interface to top layer Application Control Program, it can make 'Real Accelerator' and 'Virtual Accelerator'use the same GUI, so control system should have a layer to hide hardware details, Application Control Program access control devices through logical name but not through coded hardware address. Without this layer, it is difficult to develop application program which can access both 'Virtual' and 'Real' Accelerators using same program interfaces. For this reason, we can create CSR Runtime Database which allows application program to access hardware devices and data on a simulation process in a unified way. A device 'is represented as a collection of records in CSR Runtime Database. A control program on host computer can access devices in the system only through names of record fields, called channel.
Reset Control Systems addresses the analysis for reset control treating both its basic form which requires only that the state of the controller be reinitialized to zero (the reset action) each time the tracking error crosses zero (the reset condition), and some useful variations of the reset action (partial reset with fixed or variable reset percentage) and of the reset condition (fixed or variable reset band and anticipative reset). The issues regarding reset control – concepts and motivation; analysis tools; and the application of design methodologies to real-world examples – are given comprehensive coverage. The text opens with an historical perspective which moves from the seminal work of the Clegg integrator and Horowitz FORE to more recent approaches based on impulsive/hybrid control systems and explains the motivation for reset compensation. Preliminary material dealing with notation, basic definitions and results, and with the definition of the control problem under study is also included. The fo...
Full Text Available The article deals with main tends of scientific research activities of Department of Control and Information Systems at the Faculty of Electrical Engineering of University of Zilina and its perspectives in this area.
The Epicure Control System supports the Fermilab fixed target physics program. The system is distributed across a network of many different types of components. The use of multiple layers on interfaces for communication between logical tasks fits the client-server model. Physical devices are read and controlled using symbolic references entered into a database with an editor utility. The database system consists of a central portion containing all device information and optimized portions distributed among many nodes. Updates to the database are available throughout the system within minutes after being requested
The purpose of this paper is to investigate algebraic conditions which give information about the controllability of invariant control systems on nilpotent Lie groups. With the same purpose, the authors use the co-adjoint representation and define the concept of symplectic vectors. We study the existence of these objects to analyze the controllability. In particular, we obtain a characterization when G is simply connected. (author). 9 refs
Kershaw, Philip; Lawrence, Bryan; Lowe, Dominic; Norton, Peter; Pascoe, Stephen
CEDA (Centre for Environmental Data Archival) based at STFC Rutherford Appleton Laboratory is host to the BADC (British Atmospheric Data Centre) and NEODC (NERC Earth Observation Data Centre) with data holdings of over half a Petabyte. In the coming months this figure is set to increase by over one Petabyte through the BADC's role as one of three data centres to host the CMIP5 (Coupled Model Intercomparison Project Phase 5) core archive of climate model data. Quite apart from the problem of managing the storage of such large volumes there is the challenge of collating the data together from the modelling centres around the world and enabling access to these data for the user community. An infrastructure to support this is being developed under the US Earth System Grid (ESG) and related projects bringing together participating organisations together in a federation. The ESG architecture defines Gateways, the web interfaces that enable users to access data and data serving applications organised into Data Nodes. The BADC has been working in collaboration with US Earth System Grid team and other partners to develop a security system to restrict access to data. This provides single sign-on via both OpenID and PKI based means and uses role based authorisation facilitated by SAML and OpenID based interfaces for attribute retrieval. This presentation will provide an overview of the access control architecture and look at how this has been implemented for CEDA. CEDA has developed an expertise in data access and information services over several years through a number of projects to develop and enhance these capabilities. Participation in CMIP5 comes at a time when a number of other software development activities are coming to fruition. New services are in the process of being deployed alongside services making up the system for ESG. The security system must apply access control across this heterogeneous environment of different data services and technologies. One strand
The very extensive use of limitations in the operational field between protection system and closed-loop controls is an important feature of German understanding of operational safety. The design of limitations is based on very large activities in the computational field but mostly on the high level of the plant-wide own commissioning experience of a turnkey contractor. Limitations combine intelligence features of closed-loop controls with the high availability of protection systems. (orig.)
Gondara, Mandeep Kaur
Semantic Web is an open, distributed, and dynamic environment where access to resources cannot be controlled in a safe manner unless the access decision takes into account during discovery of web services. Security becomes the crucial factor for the adoption of the semantic based web services. An access control means that the users must fulfill certain conditions in order to gain access over web services. Access control is important in both perspectives i.e. legal and security point of view. This paper discusses important requirements for effective access control in semantic web services which have been extracted from the literature surveyed. I have also discussed open research issues in this context, focusing on access control policies and models in this paper.
Volkov, Vasily Y; Zhuravlev, Oleg N; Nukhaev, Marat T; Shchelushkin, Roman V
This article presents the idea and realization for the unique Adaptive Inflow Control System being a part of well completion, able to adjust to the changing in time production conditions. This system allows to limit the flow rate from each interval at a certain level, which solves the problem of water and gas breakthroughs. We present the results of laboratory tests and numerical calculations obtaining the characteristics of the experimental setup with dual-in-position valves as parts of adaptive inflow control system, depending on the operating conditions. The flow distribution in the system was also studied with the help of three-dimensional computer model. The control ranges dependences are determined, an influence of the individual elements on the entire system is revealed.
Leahu, Marius Constantin; Stoichescu, D A; Lehmann Miotto, G
ATLAS (A Toroidal LHC Apparatus) is a general-purpose detector for studying high-energy particle interactions: it is the largest particle detector experiment at CERN and it is built around one of the interaction points of the proton beams accelerated by the Large Hadron Collider (LHC). The detector generates an impressive amount of raw data: 64 TB per second as a result of 40 MHz proton-proton collision rate with 1.6 MB data for each such event. The handling of such data rate is managed by a three levels Trigger and Data Acquisition (TDAQ) system, which filters out the events not relevant from physics research point of view and selects in the end in the order of 1000 events per second to be stored for offline analyses. This system comprises a significant number of hardware devices, software applications and human personnel to supervise the experiment operation. Their protection against damages as a result of misuse and their optimized exploitation by avoiding the conflicting accesses to resources are key requ...
Barz, C.; Todea, C.; Latinovic, T.; Preradovic, D. M.; Deaconu, S.; Berdie, A.
The paper presents the traffic control system controlled through a PLC which takes the signals from different sensors on roads. The global system developed ensures the coordination of four intersections, setting a path that respects coordination type green light, the integration of additional sensors, the implementation of probes radar to inform traffic participants about recommended speed for accessing the green state located in the intersection that will follow to cross.
Travers, D.; Parham, T.
An emergency department (ED) clinical system was developed by in-house personnel, with ED physician, nursing, registration and clerical staff input. The utilization of existing hardware and customization of the hospital's mainframe hospital information system (HIS) facilitated the implementation of a cost-effective system that meets the information access needs of a busy, state-of-the-art academic ED. The transition to automation of the ED was facilitated through the use of a comprehensive tr...
Full Text Available Service-oriented computing promotes collaboration by defining the standards layer that allows compatibility between disparate domains. Workflows, by taking advantage of the service oriented framework, provide the necessary tools to harness services in order to tackle complicated problems. As a result, a service is no longer exposed to a small pre-determined homogeneous pool of users; instead it has a large, undefined, and heterogeneous pool of users. This paradigm shift in computing results in increased service exposure. The interactions among the services of a workflow must be carefully evaluated against the security risks associated with them. Classical security problems, such as delegation of rights, conflict of interest, and access control in general, become more complicated due to multiple autonomous security domains and the absence of pre- established trust relationships among the domains. Our work tackles these problems in two aspects: it provides a service owner with the necessary means to express and evaluate its trust requirements from a workflow (collaboration policies, and it incorporates these trust requirements into the workflow-planning framework (workflow authorization framework. Our policy-based framework allows bilateral peer-level trust evaluations that are based on each peer’s collaboration policies, and incorporates the outcome of these evaluations into the workflow planning logic. As a result, our work provides the necessary tools for promoting multi-party ad-hoc collaborations, and aims to reduce the reluctance and hesitation towards these collaborations by attacking the security risks associated with them.
Full Text Available Nowadays, the concept of big data grows incessantly; recent researches proved that 90% of the whole data existed on the web had been created in last two years. However, this growing bumped by many critical challenges resides generally in security level; the users care about how could providers protect their privacy on their data. Access control, cryptography, and deidentification are the main search areas grouped under a specific domain known as Privacy Preserving Data Publishing. In this paper, we bring in suggestion a new model for access control over big data using digital signature and confidence interval; we first introduce our work by presenting some general concepts used to build our approach then presenting the idea of this report and finally we evaluate our system by conducting several experiments and showing and discussing the results that we got.
Pardo, Mauricio Esteban; Strack, Guillermo; Martínez, Diego C.
Domotics systems are intelligent systems for houses and apartments to control several issues as security and light or climate devices. In this work we present the development of an economic domotic system to control different electrical devices in a private house. This is achieved either from inside the building or by remote control using a regular Internet connection. In order to provide this functionality, the system includes a server that provides web services to the controlling applicatio...
An important consideration in the design of power reactors is providing access to the reactor cooling system for the purposes of maintenance, repair and refuelling. The major sources of radiation which tend to prohibit such access are: induced activity of the reactor coolant, activated impurities in the reactor coolant and radiation originating in the reactor core both during reactor operation and after shut down. Impurities in the reactor coolant may be present in high enough concentrations so that their activation restricts accessibility for maintenance after shutdown. When water being used as a coolant, the activity of the water itself is very short- lived but their corrosive nature, resultant high impurity and induced activity of structural material are the major source of activity in the system after reactor shutdown. In this case, it may be necessary to chemically remove some of the impurity by a purification process to prevent a build up of long-lived induced activity in the system from restricting access to the plant, and to keep the radiation dose at the working places within the permissible limits. A mathematical modelling is developed. A system of coupled first-order linear differential equations describing adequately the activity behaviour has to be derived and solved. It treats the determination of equilibrium concentrations of impurities on system surface , and the effect of release of fission products from the reactor core
The control system for the Fusion Materials Irradiation Test (FMIT) Facility, under construction at Richland, Washington, uses current techniques in distributed processing to achieve responsiveness, maintainability and reliability. Developmental experience with the system on the FMIT Prototype Accelerator (FPA) being designed at the Los Alamos National Laboratory is described as a function of the system's design goals and details. The functional requirements of the FMIT control system dictated the use of a highly operator-responsive, display-oriented structure, using state-of-the-art console devices for man-machine communications. Further, current technology has allowed the movement of device-dependent tasks into the area traditionally occupied by remote input-output equipment; the system's dual central process computers communicate with remote communications nodes containing microcomputers that are architecturally similar to the top-level machines. The system has been designed to take advantage of commercially available hardware and software
Control protocol provides a normalized access procedure for equipment of the same kind from a control system. Modelisation and the subsequent identification of functionalities with their parameters, variables and attributes have now been carried out at CERN for representative families of devices. ISO specifications, such as the ASN.1 metalanguage for data structure representation and MMS definitions and services have, to some extent, been introduced in the design for generality and compatibility with external world. The final product of this design is totally independent of the control systems and permits object oriented implementations in any controls frame. The present paper describes the different phases of the project with a short overview of the various implementations under development at CERN. (author)
The LHCb collaboration consists of roughly 700 physicists from 52 institutes and universities. Most of the collaborating physicists - including subdetector experts - are not permanently based at CERN. This paper describes the architecture used to publish data internal to the LHCb experiment control- and data acquisition system to the World Wide Web. Collaborators can access the online (sub-) system status and the system performance directly from the institute abroad, from home or from a smart phone without the need of direct access to the online computing infrastructure.
Wang, Xin; Zhao, Hai-bin; Xia, Yan; Lu, Hao; Li, Bin
In 2013, CNEOST (China Near Earth Object Survey Telescope) adapted its hardware system for the new CCD camera. Based on the new system architecture, the control software is re-designed and implemented. The software system adopts the messaging mechanism based on the WebSocket protocol, and possesses good flexibility and expansibility. The user interface based on the responsive web design has realized the remote observations under both desktop and mobile devices. The stable operation of the software system has greatly enhanced the operation efficiency while reducing the complexity, and has also made a successful attempt for the future system design of telescope and telescope cloud.
Xu, Xian; Liu, Deming; He, Wei; Lu, Xi
With the rapid development of high speed networks, such as Ethernet Passive Optical Network (EPON), traffic patterns in access networks have evolved from traditional text-oriented service to the mixed text-, voice- and video- based services, leading to so called "Triple Play". For supporting IPTV service in EPON access network infrastructure, in this article we propose a novel IPTV program multiplex access system to EPON, which enables multiple IPTV program source servers to seamlessly access to IPTV service access port of optical line terminal (OLT) in EPON. There are two multiplex schemes, namely static multiplex scheme and dynamic multiplex scheme, in implementing the program multiplexing. Static multiplex scheme is to multiplex all the IPTV programs and forward them to the OLT, regardless of the need of end-users. While dynamic multiplex scheme can dynamically multiplex and forward IPTV programs according to what the end-users actually demand and those watched by no end-user would not be multiplexed. By comparing these two schemes, a reduced traffic of EPON can be achieved by using dynamic multiplex scheme, especially when most end-users are watching the same few IPTV programs. Both schemes are implemented in our system, with their hardware and software designs described.
Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen
Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care. PMID:22732236
A control system utilizing a microcomputer has been developed that controls the power supplies driving the Tandem Mirror Experiment (TMX) magnet set and monitors magnet coil operation. The magnet set consists of 18 magnet coils that are driven by 26 dc power supplies. There are two possible modes of operation with this system: a pulse mode where the coils are pulsed on for several seconds with a dc power consumption of 16 MW; and a continuous mode where the coils can run steady state at 10 percent of maximum current ratings. The processor has been given an active control role and serves as an interface between the operator and electronic circuitry that controls the magnet power supplies. This microcomputer also collects and processes data from many analog singal monitors in the coil circuits and numerous status signals from the supplies. Placing the microcomputer in an active control role has yielded a compact, cost effective system that simplifies the magnet system operation and has proven to be very reliable. This paper will describe the TMX magnet control sytem and discuss its development
Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.
Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew
This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.
Vuskovic, M. I.; Heer, E.
A class of interactive control systems is derived by generalizing interactive manipulator control systems. The general structural properties of such systems are discussed and an appropriate general software implementation is proposed. This is based on the fact that tasks of interactive control systems can be represented as a network of a finite set of actions which have specific operational characteristics and specific resource requirements, and which are of limited duration. This has enabled the decomposition of the overall control algorithm into a set of subalgorithms, called subcontrollers, which can operate simultaneously and asynchronously. Coordinate transformations of sensor feedback data and actuator set-points have enabled the further simplification of the subcontrollers and have reduced their conflicting resource requirements. The modules of the decomposed control system are implemented as parallel processes with disjoint memory space communicating only by I/O. The synchronization mechanisms for dynamic resource allocation among subcontrollers and other synchronization mechanisms are also discussed in this paper. Such a software organization is suitable for the general form of multiprocessing using computer networks with distributed storage.
WANG Bo; HUANG Pei-wei; ZHONG You-ping; QI Ying-hao
Most existing media access control (MAC) protocols in power line communication (PLC) networks just discard the colliding data packets when collision occurs. The collision deteriorates throughput and delay performance of system under high traffic conditions. This article presents a novel media access scheme with fast collision resolution for in-home power line networks. It works by first recognizing the colliding stations through detecting the inserted unique ID sequence ahead of data packets, then the source nodes retransmitting their packets immediately after the collision slot. The proposed protocol maintains the benefits of ALOHA systems. It needs no scheduling overhead and is suitable for bursty sources, such as multimedia data packets. Computer simulations have demonstrated that this approach can achieve high throughput due to its ability of resolving collisions.
This paper describes the requirements of the unified management of access authorization for different information systems, from the point of view of the unified management to all applications of the enterprise. This paper also gives the design of software based on the requirements. (authors)
周任军; 尹权; 康信文; 李绍金; 陈瑞先; 王蛟
冷、热能只需满足阶段性平衡，而电能则需满足实时平衡。为了提升风电的利用水平和降低风电随机性对电网的影响，提出风电以制热方式和供电方式参与冷热电联供系统(CCHP)供能的供热模式及供电模式。构建并分析风电供能模式控制方法，并对2种供能模式分别建立以包含燃料成本和购电成本的系统运行成本为目标函数的优化模型。考虑风电出力预测偏差，采用α-超分位数方法刻画各随机目标函数，进而建立相应的随机优化模型。通过算例分析风电不同供能模式下的经济效益；研究不同置信水平对系统运行成本的影响。仿真结果为风电供能模式的选择提供了依据；该研究可为智能电网背景下可再生能源的高效合理利用提供新思路。%Cold,heat j ust need to meet periodically balance and power need to meet real-time bal-ance.In order to enhance the utilization of wind energy and reduce the impact of wind random-ness,wind power access to combined cooling heating and power (CCHP)system was proposed in this paper.The wind power was introduced into CCHP system in two ways,that is,heating and power supply,which respectively related to the heating mode and the power mode of CCHP sys-tem.The wind supply mode control system were constructed and analyzed.In order to obtain the decision information for the two kinds of energy supply patterns,the optimization models were established,which utilized system operation costs including fuel costs and purchasing cost as the obj ective functions.Considering prediction bias of wind power output,the random target func-tions were characterized usingα-super quantile method,and the corresponding stochastic optimi-zation models were thus established.By simulation,the economic benefits of the system was ana-lyzed in different energy supply modes,and the influence of system operation cost in different confidence levels was researched
Friction-related problems are frequently encountered in control systems. This thesis treats three aspects of such problems: modeling, analysis, and friction compensation. A new dynamic friction model is presented and investigated. The model is described by a first order nonlinear differential equation with a reasonable number of parameters, yet it captures most of the experimentally observed friction phenomena. The model is suitable both for simulation purposes and control design. Analysis of...
Full Text Available Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the impact of using risk data in policy evaluation and enforcement.
The ARAC Client System allows users (such as emergency managers and first responders) with commonly available desktop and laptop computers to utilize the central ARAC system over the Internet or any other communications link using Internet protocols. Providing cost-effective fast access to the central ARAC system greatly expands the availability of the ARAC capability. The ARAC Client system consists of (1) local client applications running on the remote user's computer, and (2) ''site servers'' that provide secure access to selected central ARAC system capabilities and run on a scalable number of dedicated workstations residing at the central facility. The remote client applications allow users to describe a real or potential them-bio event, electronically sends this information to the central ARAC system which performs model calculations, and quickly receive and visualize the resulting graphical products. The site servers will support simultaneous access to ARAC capabilities by multiple users. The ARAC Client system is based on object-oriented client/server and distributed computing technologies using CORBA and Java, and consists of a large number of interacting components
Tiwari, Basant; Kumar, Abhay
Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority. PMID:26559071
Some time ago it was the lack of public access to medical research data that really stirred the issue and gave inertia for legislation and a new publishing model that puts tax payer-funded medical research in the hands of those who fund it. In today's age global climate change has become the biggest socio-economic challenge, and the same argument resonates: climate affects us all and the publicly-funded science quantifying it should be freely accessible to all stakeholders beyond academic research. Over the last few years the ‘Open Access' movement to remove as much as possible subscription, and other on-campus barriers to academic research has rapidly gathered pace, but despite significant progress, the climate system sciences are not among the leaders in providing full access to their publications and data. Beyond the ethical argument, there are proven and tangible benefits for the next generation of climate researchers to adapt the way their output is published. Through the means provided by ‘open access', both data and ideas can gain more visibility, use and citations for the authors, but also result in a more rapid exchange of knowledge and ideas, and ultimately progress towards a sought solution. The presentation will aim to stimulate discussion and seek progress on the following questions: Should free access to climate research (& data) be mandatory? What are the career benefits of using ‘open access' for young scientists? What means and methods should, or could, be incorporated into current European graduate training programmes in climate research, and possible ways forward?
Kawano, Yu; Ohtsuka, Toshiyuki
In this paper, we consider controllability of discrete-time polynomial systems. First, we present a forward accessibility (local reachability) condition that can be verified in finite time, in contrast to conventional conditions. Second, we give a backward accessibility (local controllability) condition for an invertible system and a condition to verify invertibility. Finally, we derive sufficient conditions to test whether the forward accessible system is reachable and to test the backward accessible system is controllable.
Automatic power stabilization control is the desired objective for any reactor operation , especially, nuclear power plants. A major problem in this area is inevitable gap between a real plant ant the theory of conventional analysis and the synthesis of linear time invariant systems. in particular, the trajectory tracking control of a nonlinear plant is a class of problems in which the classical linear transfer function methods break down because no transfer function can represent the system over the entire operating region . there is a considerable amount of research on the model-inverse approach using feedback linearization technique. however, this method requires a prices plant model to implement the exact linearizing feedback, for nuclear reactor systems, this approach is not an easy task because of the uncertainty in the plant parameters and un-measurable state variables . therefore, artificial neural network (ANN) is used either in self-tuning control or in improving the conventional rule-based exper system.the main objective of this thesis is to suggest an ANN, based self-learning controller structure . this method is capable of on-line reinforcement learning and control for a nuclear reactor with a totally unknown dynamics model. previously, researches are based on back- propagation algorithm . back -propagation (BP), fast back -propagation (FBP), and levenberg-marquardt (LM), algorithms are discussed and compared for reinforcement learning. it is found that, LM algorithm is quite superior
Hunter, Judy F.; Generous, Curtis; Duncan, Denise
Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited by factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.
Hunter, Judy; Generous, Curtis; Duncan, Denise
Access to online information sources of aerospace, scientific, and engineering data, a mission focus for NASA's Scientific and Technical Information Program, has always been limited to factors such as telecommunications, query language syntax, lack of standardization in the information, and the lack of adequate tools to assist in searching. Today, the NASA STI Program's NASA Access Mechanism (NAM) prototype offers a solution to these problems by providing the user with a set of tools that provide a graphical interface to remote, heterogeneous, and distributed information in a manner adaptable to both casual and expert users. Additionally, the NAM provides access to many Internet-based services such as Electronic Mail, the Wide Area Information Servers system, Peer Locating tools, and electronic bulletin boards.
Peters, Carol; Deselaers, Thomas; Ferro, Nicola; Gonzalo, Julio; Jones, Gareth J.F.; Kurimo, Mikko; Mandl, Thomas; Penas, Anselmo; Petras, Vivien
This book constitutes the thoroughly refereed proceedings of the 9th Workshop of the Cross-Language Evaluation Forum, CLEF 2008, held in Aarhus, Denmark, in September 2008. The 130 revised and extended papers presented were carefully reviewed and selected for inclusion in the book. They are completed by an introduction on CLEF 2008. As usual, the seven main evaluation tracks in CLEF 2008 aimed to test the performance of a wide range of multilingual information access systems or system compone...
Norjihan Abdul Ghani; Harihodin Selamat; Zailani Mohamed Sidek
The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only tho...
Chang Won Jeong
Full Text Available Recently, the hospital information system environment using IT communication technology and utilization of medical information has been increasing. In the medical field, the medical information system only supports the transfer of patient information to medical staff through an electronic health record, without information about patient status. Hence, it needs a method of real-time monitoring for the patient. Also, in this environment, a secure method in approaching healthcare through various smart devices is required. Therefore, in this paper, in order to classify the status of the patients, we propose a dynamic approach of the medical information system in a hospital information environment using the dynamic access control method. Also, we applied the symmetric method of AES (Advanced Encryption Standard. This was the best encryption algorithm for sending and receiving biological information. We can define usefulness as the dynamic access application service based on the final result of the proposed system. The proposed system is expected to provide a new solution for a convenient medical information system.
Tarek S. Sobh
Full Text Available As wireless networks access gains popularity in corporate, private and personal networks, the nature of wireless networks opens up new possibilities for network attacks. This paper negotiating Wi-Fi security against scanning of rogue Wi-Fi networks and other related activities and considers the monitoring of Wi-Fi traffic effects. The unauthorized access point (AP problem has raised more attention and resulted in obtaining wireless access without subscriber permission.This work assumes Wi-Fi AP under attack specially rogue AP and/or ad-hoc client. It provides a solution for detecting and preventing this attack. In addition, it provides the required user permissions to allow/block access of the files on the user of ad-hoc client. The experiments include the rogue AP attack are maintained and the effectiveness of the proposed solution are tested.
Full Text Available Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC model. Moreover, management problems may emerge in the multitenancy platform with the increment of the number of tenants. In this paper, a novel concept of 4D-role is presented. With a detailed definition on the concept of 4D-role, a 4D-role based multitenancy model is proposed for running various applications and services in the multitenancy cloud platform. A theoretical analysis indicates that the model has the characters of tenant isolation, role hierarchy, and administration independence. The three characters are also verified by experimental evaluation. Moreover, the evaluation results indicate that the model has a good performance in using cloud resources when large-scale users are operating in the cloud platform simultaneously.
Friday, Adrian; Wu, Maomao; Schmid, Stefan; Finney, Joseph; Cheverst, Keith; Davies, Nigel
This paper presents a novel wireless access point architecture designed to support the development of next generation mobile context-aware applications over metropolitan scale areas. In addition, once deployed, this network will allow ordinary citizens secure, accountable and convenient access to the Internet from their local city and campus environments. The proposed architecture is based on an approach utilising a modified Mobile IPv6 protocol stack that uses packet marking and network leve...
Full Text Available Access control policies [ACPs] regulate the access to data and resources in information systems. These ACPs are framed from the functional requirements and the Organizational security & privacy policies. It was found to be beneficial, when the ACPs are included in the early phases of the software development leading to secure development of information systems. Many approaches are available for including the ACPs in requirements and design phase. They relied on UML artifacts, Aspects and also Feature for this purpose. But the earlier modeling approaches are limited in expressing the evolving ACPs due to organizational policy changes and business process modifications. In this paper, we analyze, whether “Feature”- defined as an increment in program functionality can be used as a modeling entity to represent the Evolving Access control requirements. We discuss the two prominent approaches that use Feature in modeling ACPs. Also we have a comparative analysis to find the suitability of Features in the context of changing ACPs. We conclude with our findings and provide directions for further research.
A practical example facilitates access to the changes and consequences of the conversion of conventional electromechanically controlled refrigerating systems into electronic ones (measured-value sensors, time programs, CMOS functions, cooling circuits). Details are given on cold storage control systems. A summary informs about the considerable advantages of electronic control systems, i.e. their improved reliability and operational safety (absence of mechanical components), very accurate timing functions, self-diagnoses, easy-to-maintain/easy-to-service characteristics, and high retrofitting flexibility. (HWJ).
Proton Engineering Frontier Project (PEFP) has developed a 20MeV proton accelerator, and established a distributed control system based on EPICS for sub-system components such as vacuum unit, beam diagnostics, and power supply system. The control system includes a real-time monitoring and alarm functions. From the aspect of a efficient maintenance of a control system and a additional extension of subsystems, EPICS software framework was adopted. In addition, a control system should be capable of providing an easy access for users and a real-time monitoring on a user screen. Therefore, we have implemented a new web-based monitoring server with several libraries. By adding DB module, the new IOC web monitoring system makes it possible to monitor the system through the web. By integrating EPICS Channel Access (CA) and Database libraries into a Database module, the web-based monitoring system makes it possible to monitor the sub-system status through user's internet browser. In this study, we developed a web based monitoring system by using EPICS IOC (Input Output Controller) with IBM server
This paper describes a human engineering design and analysis effort for a major security system upgrade at a DOE facility. This upgrade was accomplished by replacing an obsolete and poorly human engineered security screening both the with a new, user oriented, semiautomated, computer-based access control system. Human factors engineers assisted the designer staff in specifying a security access interface to physically and cognitively accommodate all employees which included handicapped individuals in wheel chairs, and several employees who were severely disabled, both visually and aurally. The new access system was intended to control entry into sensitive exclusion areas by requiring personnel to enter a security screening booth and interact with card reader devices and a-simple-to-operate access control panel system. Extensive man-machine testing with prototype mock-ups was conducted to assess human engineered design features and to illuminate potentially confusing or difficult-to-operated hardware placement, layout, and operation sequencing. These evaluations, along with the prototype mock-ups, provided input which resulted in a prototype which was easy to enter, operate, and understand by end users. This prototype later served as the design basis for the final systems design
Albertos, Pedro; Blanke, Mogens; Isidori, Alberto; Schaufelberger, Walter; Sanz, Ricardo
The world of artificial systems is reaching complexity levels that es cape human understanding. Surface traffic, electricity distribution, air planes, mobile communications, etc. , are examples that demonstrate that we are running into problems that are beyond classical scientific or engi neering knowledge. There is an ongoing world-wide effort to understand these systems and develop models that can capture its behavior. The reason for this work is clear, if our lack of understanding deepens, we will lose our capability to control these systems and make they behave as we want. Researchers from many different fields are trying to understand and develop theories for complex man-made systems. This book presents re search from the perspective of control and systems theory. The book has grown out of activities in the research program Control of Complex Systems (COSY). The program has been sponsored by the Eu ropean Science Foundation (ESF) which for 25 years has been one of the leading players in stimula...
Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly
Algrain, Marcelo C.
Turbocompound systems can be used to affect engine operation using the energy in exhaust gas that is driving the available turbocharger. A first electrical device acts as a generator in response to turbocharger rotation. A second electrical device acts as a motor to put mechanical power into the engine, typically at the crankshaft. Apparatus, systems, steps, and methods are described to control the generator and motor operations to control the amount of power being recovered. This can control engine operation closer to desirable parameters for given engine-related operating conditions compared to actual. The electrical devices can also operate in "reverse," going between motor and generator functions. This permits the electrical device associated with the crankshaft to drive the electrical device associated with the turbocharger as a motor, overcoming deficient engine operating conditions such as associated with turbocharger lag.
Backes, Paul G.; Tso, Kam S.
This invention relates to an operator interface for controlling a telerobot to perform tasks in a poorly modeled environment and/or within unplanned scenarios. The telerobot control system includes a remote robot manipulator linked to an operator interface. The operator interface includes a setup terminal, simulation terminal, and execution terminal for the control of the graphics simulator and local robot actuator as well as the remote robot actuator. These terminals may be combined in a single terminal. Complex tasks are developed from sequential combinations of parameterized task primitives and recorded teleoperations, and are tested by execution on a graphics simulator and/or local robot actuator, together with adjustable time delays. The novel features of this invention include the shared and supervisory control of the remote robot manipulator via operator interface by pretested complex tasks sequences based on sequences of parameterized task primitives combined with further teleoperation and run-time binding of parameters based on task context.
Peng, Xue-hai; Lin, Chuang
Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.
Since 1982 the GANIL heavy ion accelerator has been under the control of 16-bit minicomputers MITRA, programmable logic controllers and microprocessorized Camac controllers, structured into a partially centralized system. This control system has to be renewed to meet the increasing demands of the accelerator operation which aims to provide higher quality ion beams under more reliable conditions. This paper gives a brief description of the existing control system and then discusses the main issues of the design and the implementation of the future control system: distributed powerful processors federated through Ethernet and flexible network-wide database access, VME standard and front-end microprocessors, enhanced color graphic tools and workstation based operator interface
Kiilerich Pratas, Nuno; Thomsen, Henning; Popovski, Petar
In this chapter, we describe and discuss the current LTE random access procedure and the Radio Access Network Load Control solution within LTE/LTE-A. We provide an overview of the several considered load control solutions and give a detailed description of the standardized Extended Access Class...... Barring solution. We then provide a brief overview of the Load Control solutions provided by the Enhanced Packet Core (EPC) Network and how they intertwine with the Extended Access Barring at the Enhanced Universal Terrestrial Radio Access Network (E-UTRAN). We also provide an outlook on the current 3GPP...... efforts in regards to MTC related load control issues....
Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew
This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an a
... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... market access to customers or other persons, to implement risk management controls and supervisory.... 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66). Certain market participants...
Ahmad Budi Setiawan
Full Text Available WIPAS (Wireless Internet Protocol Accsess System adalah salah satu teknologi pita lebar (broadband yang terbaru. Teknologi tersebut dikembangkan berdasarkan model point-to-multipoint access system pada jaringan nirkabel tetap atau Fixed Wireless Access (FWA dengan memanfaatkan pita frekuensi 26-GHz. Dengan besarnya pita frekuensi yang digunakan, teknologi WIPAS dapat menampung kapasitas akses untuk lalu lintas jaringan yang sangat besar. Dalam penelitian ini akan dikaji dan dievaluasi efektifitas penggunaan teknologi WIPAS melalui kasus pemanfaatan teknologi WIPAS untuk pemberdayaan komunitas di kota Malang. Dalam penelitian ini juga akan dideskripsikan pemanfaatan teknologi WIPAS untuk melihat manfaat penggunaan teknologi tersebut. Penelitian ini dilakukan dengan metode kualitatif dengan melakukan evaluasi terhadap infrastruktur yang telah dibangun untuk melihat efektifitas pemanfaatan WIPAS. Hasil penelitian ini adalah sebuah kajian evaluatif tentang pemanfaatan WIPAS di kota Malang dan rekomendasi untuk implementasi lebih lanjut.
Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.
Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang
A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.
Full Text Available In Internet of Things, computing and processing of information is the core supporting. In this paper, we introduce “Service-Oriented Computing” to solve the computing and processing of information in IoT. However, a key challenge in service-oriented environment is the design of effective access control schemas.We put forward a model of Workflow -oriented Attributed Based Access Control (WABAC, and an access control framework based on WABAC model. WABAC model grants and adapts permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Large scale production of accessible media above and beyond DAISY Talking Books requires management of the workflow from the initial scan to the output of the media production. DAISY Producer was created to help manage this process. It tracks the transformation of hard copy or electronic content to DTBook XML at any stage of the workflow and interfaces to existing order processing systems. Making use of DAISY Pipeline and Liblouis, DAISY Producer fully automates the generation of on-demand, u...
Kunte, P.D.; Narvekar, P.
COMMUNICATIONS CURRENT SCIENCE, VOL. 90, NO. 12, 25 JUNE 2006 *For correspondence. (e - mail: firstname.lastname@example.org ) A portable marine geophysical data access and ma n agement system Pravin D. Kunte 1, * and Prabhakar Narvekar 2 1 National... tio - na l data. The program calc u lates/generates the accurate position data for each fix a f ter considering the turning RESEARCH COMMUNICATIONS CURRENT SCIENCE, VOL. 90, NO. 12, 25 JUNE 2006 1659 Table 1. Database structure with field...
from this study highlights requirements for a dedicated software environment for fault tolerant control systems design. The second detailed study addressed the detection of a fault event and determination of the failed component. A variety of algorithms were compared, based on two fault scenarios in...... faults, but also that the research field still misses a systematic approach to handle realistic problems such as low sampling rate and nonlinear characteristics of the system. The thesis contributed with methods to detect both faults and specifically with a novel algorithm for the actuator fault...... detection that is superior in terms of performance and complexity to the other algorithms in the comparative study....
Vithanage, Madava D.; Fafoutis, Xenofon; Andersen, Claus Bo;
the potential energy that can be harvested from Low Surface Temperature (LST) radiators. The experiments are based on a developed Energy-Harvesting Heat Cost Allocator (EH-HCA) prototype. On the basis of this measured power budget, we model and analytically compare the currently used Medium Access...... Control (MAC) scheme of an industrial case study (IMR+) to a MAC scheme specifically designed for energy harvesting systems (ODMAC). Our analytical comparison shows the efficiency of the latter, as well as its ability to adapt to harvested ambient energy....
Control (MAC) protocols that are following the receiver-initiated paradigm of asynchronous communication. According to the receiver-initiated paradigm the communication is initiated by the receiver that states its availability to receive data through beacons. The sender is passively listening...... to the channel until it receives the beacon of interest. In this context, the dissertation begins with an in-depth survey of all the receiverinitiated MAC protocols and presents their unique optimization features, which deal with several challenges of the link layer such as mitigation of the energy consumption......-efficient features that aim to adapt the consumed energy to match the harvested energy, distribute the load with respect to the harvested energy, decrease the overhead of the communication, address the requirements for collision avoidance, prioritize urgent traffic and secure the system against beacon replay attacks...
An incoherent control scheme for state control of locally controllable quantum systems is proposed. This scheme includes three steps: (1) amplitude amplification of the initial state by a suitable unitary transformation, (2) projective measurement of the amplified state, and (3) final optimization by a unitary controlled transformation. The first step increases the amplitudes of some desired eigenstates and the corresponding probability of observing these eigenstates, the second step projects, with high probability, the amplified state into a desired eigenstate, and the last step steers this eigenstate into the target state. Within this scheme, two control algorithms are presented for two classes of quantum systems. As an example, the incoherent control scheme is applied to the control of a hydrogen atom by an external field. The results support the suggestion that projective measurements can serve as an effective control and local controllability information can be used to design control laws for quantum systems. Thus, this scheme establishes a subtle connection between control design and controllability analysis of quantum systems and provides an effective engineering approach in controlling quantum systems with partial controllability information.
Clark, K.; Larsen, E.V.; Wegner, C.A.; Piwko, R.J.
A modular thyristor controlled series capacitor (TCSC) system, including a method and apparatus, uses phase controlled firing based on monitored capacitor voltage and line current. For vernier operation, the TCSC system predicts an upcoming firing angle for switching a thyristor controlled commutating circuit to bypass line current around a series capacitor. Each bypass current pulse changes the capacitor voltage proportionally to the integrated value of the current pulse. The TCSC system promptly responds to an offset command from a higher-level controller to control bypass thyristor duty to minimize thyristor damage, and to prevent capacitor voltage drift during line current disturbances. In a multi-module TCSC system, the higher level controller accommodates competing objectives of various system demands, including minimizing losses in scheduling control, stabilizing transients, damping subsynchronous resonance (SSR) oscillations, damping direct current (DC) offset, and damping power-swings. 67 figs.
Huang, Min Li; Lee, Jin; Setiawan, Hendra; Ochi, Hiroshi; Park, Sin-Chong
With the growing demand for high-performance multimedia applications over wireless channels, we need to develop a Medium Access Control (MAC) system that supports high throughput and quality of service enhancements. This paper presents the standard analysis, design architecture and design issues leading to the implementation of an IEEE 802.11e based MAC system that supports MAC throughput of over 100Mbps. In order to meet the MAC layer timing constraints, a hardware/software co-design approach is adopted. The proposed MAC architecture is implemented on the Xilinx Virtex-II Pro Field-Programmable Gate Array (FPGA) (XC2VP70-5FF1704C) prototype, and connected to a host computer through an external Universal Serial Bus (USB) interface. The total FPGA resource utilization is 11, 508 out of 33, 088 (34%) available slices. The measured MAC throughput is 100.7Mbps and 109.2Mbps for voice and video access categories, transmitted at a data rate of 260Mbps based on IEEE 802.11n Physical Layer (PHY), using the contention-based hybrid coordination function channel access mechanism.
Zhai, Shumin; Milgram, Paul
A project to develop a telerobotic `virtual control' capability, currently underway at the University of Toronto, is described. The project centers on a new mode of interactive telerobotic control based on the technology of combining computer generated stereographic images with remotely transmitted stereoscopic video images. A virtual measurement technique, in conjunction with a basic level of digital image processing, comprising zooming, parallax adjustment, edge enhancement, and edge detection has been developed to assist the human operator in visualization of the remote environment and in spatial reasoning. The aim is to maintain target recognition, tactical planning, and high-level control functions in the hands of the human operator with the computer performing low-level computation and control. Control commands initiated by the operator are implemented through manipulation of a virtual image of the robot system, merged with a live video image of the remote scene. This paper discusses the philosophy and objectives of the project, with emphasis on the underlying human factor considerations in the design, and reports the progress made to date in this effort.
The present invention concerns an electromotive driving-type control rod driving system of a BWR type reactor, for which sliding resistance (friction) test can be performed of a movable portion of the control rod driving mechanisms. Namely, a hydraulic pressure control unit has following constitutions in addition to a conventional constitution as a sliding resistance test performing function. (1) A restricting valve is disposed downstream of the scram valve of scram pipelines to control flow rate and pressure of pressurized water flown in the pipelines. (2) A pressure gauge detects a pressure between the scram valve and the restricting valve. (3) A flow meter detects the flow rate of pipelines controlled by the restricting valve. (4) A recording pressure detector detects the pressure at the downstream of the restricting valve. (5) The recording device is attached when the sliding resistant test is performed for tracing the pressure measured by the pressure detection device. Further, the scram valve sends electric signals to a central operation chamber when it is fully closed. The central operation chamber has a function of fully opening the restricting valve by way of the electric signals. (I.S.)
Locke, S. M.; Cohen, L.; Lightbody, N.
ACCESS Earth is an intensive summer institute for high school students with disabilities and their teachers that is designed to encourage students with disabilities to consider careers in earth system science. Participants study earth system science concepts at a Maine coastal estuary, using Geographic Information Systems, remote sensing, and field observations to evaluate the impacts of climate change, sea level rise, and development on coastal systems. Teachers, students, and scientists work together to adapt field and laboratory activities for persons with disabilities, including those with mobility and visual impairments. Other sessions include demonstrations of assistive technology, career discussions, and opportunities for students to meet with successful scientists with disabilities from throughout the U.S. The summer institute is one of several programs in development at the University of Southern Maine to address the problem of underrepresentation of people with disabilities in the earth sciences. Other projects include a mentoring program for high school students, a web-based clearinghouse of resources for teaching earth sciences to students with disabilities, and guidebooks for adaptation of popular published earth system science curricula for disabled learners.
Colantonio, Alessandro; Ocello, Alberto
With continuous growth in the number of information objects and the users that can access these objects, ensuring that access is compliant with company policies has become a big challenge. Role-based Access Control (RBAC) - a policy-neutral access control model that serves as a bridge between academia and industry - is probably the most suitable security model for commercial applications. Interestingly, role design determines RBAC's cost. When there are hundreds or thousands of users within an organization, with individual functions and responsibilities to be accurately reflected in terms of a
The NSLS consists of two storage rings, a booster and a linac. A major upgrade of the control system (installed in 1978) was undertaken and has been completed. The computer architecture is being changed from a three level star-network to a two level distributed system. The microprocessor subsystem, host computer and workstations, communication link and the main software components are being upgraded or replaced. Since the NSLS rings operate twenty four hours a day a year with minimum maintenance time, the key requirement during the upgrade phase is a non-disruptive transition with minimum downtime. Concurrent with the upgrade, some immediate improvements were required. This paper describes the various components of the upgraded system and outlines the future plans
The theory of controlled quantum open systems describes quantum systems interacting with quantum environments and influenced by external forces varying according to given algorithms. It is aimed, for instance, to model quantum devices which can find applications in the future technology based on quantum information processing. One of the main problems making difficult the practical implementations of quantum information theory is the fragility of quantum states under external perturbations. The aim of this note is to present the relevant results concerning ergodic properties of open quantum systems which are useful for the optimization of quantum devices and noise (errors) reduction. In particular we present mathematical characterization of the so-called "decoherence-free subspaces" for discrete and continuous-time quantum dynamical semigroups in terms of $C^*$-algebras and group representations. We analyze the non-Markovian models also, presenting the formulas for errors in the Born approximation. The obtain...
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...... to complexity and dynamics of device identities. ICAC is implemented for 802.11 and results shows that ICAC has less scalability issues and better performance analysis compared with other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against...
The Network Services Management Framework tries to overcome the most important limitations of present network management frameworks, namely the most widely supported framework – the Internet Network Management Framework – by defining a management framework using a network services management distributed architecture that provides services management functions with any desired level of functionality. This document introduces one of the most important parts of this framework, the Entity Access ...
Gabillon, Alban; Letouzey, Léo
Existing security models for RDF use RDF patterns for defining the security policy. This approach leads to a number of security rules which rapidly tends to be unmanageable. In this paper we define a new security model which follows the traditional approach of creating security views, which has long been used by SQL database administrators. Our model first logically distributes RDF data into SPARQL views and then it defines security rules regulating SPARQL access to views. Moreover our model ...
Full Text Available We investigate the licensed shared access (LSA concept based spectrum sharing ideas between public safety (PS and commercial radio systems. While the concept of LSA has been well developed, it has not been thoroughly investigated from the public safety (PS users’ point of view, who have special requirements and also should benefit from the concept. Herein, we discuss the alternatives for spectrum sharing between PS and commercial systems. In particular, we proceed to develop robust solutions for LSA use cases where connections to the LSA system may fail. We simulate the proposed system with different failure models. The results show that the method offers reliable LSA spectrum sharing in various conditions assuming that the system parameters are set properly. The paper gives guidelines to set these parameters.
Tabatabaei Yazdi, S. M. Hossein; Yuan, Yongbo; Ma, Jian; Zhao, Huimin; Milenkovic, Olgica
We describe the first DNA-based storage architecture that enables random access to data blocks and rewriting of information stored at arbitrary locations within the blocks. The newly developed architecture overcomes drawbacks of existing read-only methods that require decoding the whole file in order to read one data fragment. Our system is based on new constrained coding techniques and accompanying DNA editing methods that ensure data reliability, specificity and sensitivity of access, and at the same time provide exceptionally high data storage capacity. As a proof of concept, we encoded parts of the Wikipedia pages of six universities in the USA, and selected and edited parts of the text written in DNA corresponding to three of these schools. The results suggest that DNA is a versatile media suitable for both ultrahigh density archival and rewritable storage applications.
Information about accelerator operations and the control system resides in various formats in a variety of places on the lab network. There are operating procedures, technical notes, engineering drawings, and other formal controlled documents. There are programmer references and API documentation generated by tools such as doxygen and javadoc. There are the thousands of electronic records generated by and stored in databases and applications such as electronic logbooks, training materials, wikis, and bulletin boards and the contents of text-based configuration files and log files that can also be valuable sources of information. The obvious way to aggregate all these sources is to index them with a search engine that users can then query from a web browser. Toward this end, the Google "mini" search appliance was selected and implemented because of its low cost and its simple web-based configuration and management. In addition to crawling and indexing electronic documents, the appliance provides an API that has been used to supplement search results with live control system data such as current values of EPICS process variables and graphs of recent data from the archiver.
Information about accelerator operations and the control system resides in various formats in a variety of places on the lab network. There are operating procedures, technical notes, engineering drawings, and other formal controlled documents. There are programmer references and API documentation generated by tools such as doxygen and javadoc. There are the thousands of electronic records generated by and stored in databases and applications such as electronic logbooks, training materials, wikis, and bulletin boards and the contents of text-based configuration files and log files that can also be valuable sources of information. The obvious way to aggregate all these sources is to index them with a search engine that users can then query from a web browser. Toward this end, the Google 'mini' search appliance was selected and implemented because of its low cost and its simple web-based configuration and management. In addition to crawling and indexing electronic documents, the appliance provides an API that has been used to supplement search results with live control system data such as current values of EPICS process variables and graphs of recent data from the archiver.
Berriman, G. B.; Kong, M.; Good, J. C.
The On-Line Archive Science Information Services (OASIS) is accessible as a java applet through the NASA/IPAC Infrared Science Archive home page. It uses Geographical Information System (GIS) technology to provide data fusion and interaction services for astronomers. These services include the ability to process and display arbitrarily large image files, and user-controlled contouring, overlay regeneration and multi-table/image interactions. OASIS has been optimized for access to distributed archives and data sets. Its second release (June 2002) provides a mechanism that enables access to OASIS from "third-party" services and data providers. That is, any data provider who creates a query form to an archive containing a collection of data (images, catalogs, spectra) can direct the result files from the query into OASIS. Similarly, data providers who serve links to datasets or remote services on a web page can access all of these data with one instance of OASIS. In this was any data or service provider is given access to the full suite of capabilites of OASIS. We illustrate the "third-party" access feature with two examples: queries to the high-energy image datasets accessible from GSFC SkyView, and links to data that are returned from a target-based query to the NASA Extragalactic Database (NED). The second release of OASIS also includes a file-transfer manager that reports the status of multiple data downloads from remote sources to the client machine. It is a prototype for a request management system that will ultimately control and manage compute-intensive jobs submitted through OASIS to computing grids, such as request for large scale image mosaics and bulk statistical analysis.
Full Text Available There have been various navigation and tracking systems being developed with the help of technologies like GPS, GSM, Bluetooth, IR, Wi-Fi and Radar. Outdoor positioning systems have been deployed quite successfully using GPS but positioning systems for indoor environments still do not have widespread deployment due to various reasons. Most of these use only a single technology for positioning but using more than one in cooperation with each other is always advantageous for obtaining greater accuracy. Particularly, the ones which use Bluetooth are better since they would enhance the scalability of such a system because of the fact that this technology is in use by the common people so it would always be easy to track them. Moreover it would also reduce the hardware installation cost to some extent. The systemthat has been introduced here uses bluetooth primarily for positioning and tracking in combination with Wi-Fi access points. The reason that makes the commercial application of such a system easier and cheaper is that most of the localized areas today like college campus, offices are being provided withinternet connectivity using these access points.
Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank
Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC
This paper describes the operating characteristics of the primary components that form the PEP Instrumentation and Control System. Descriptions are provided for the computer control system, beam monitors, and other support systems
MATLAB is a high-level language and environment for numerical computation, visualization, and programming. Using MATLAB, you can analyze data, develop algorithms, and create models and applications. The language, tools, and built-in math functions enable you to explore multiple approaches and reach a solution faster than with spreadsheets or traditional programming languages, such as C/C++ or Java. MATLAB Control Systems Engineering introduces you to the MATLAB language with practical hands-on instructions and results, allowing you to quickly achieve your goals. In addition to giving an in
Logan, J.B., Fluor Daniel Hanford
This is a direct revision to Rev. 0 of the BLTC Control System Software. The entire document is being revised and released as HNF-SD-FF-CSWD-025, Rev 1. The changes incorporated by this revision include addition of a feature to automate the sodium drain when removing assemblies from sodium wetted facilities. Other changes eliminate locked in alarms during cold operation and improve the function of the Oxygen Analyzer. See FCN-620498 for further details regarding these changes. Note the change in the document number prefix, in accordance with HNF-MD-003.
Full Text Available At the center of core technologies for a future cyber world, such as Internet of Things (IoT or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC-based electronic payments. Near-field Communication (NFC integrated payment services collect the payment information of the credit card and the location information to generate patterns in the user’s consumption or movement through big data technology. Based on such pattern information, tailored services, such as advertisement, are offered to users. However, there is difficulty in controlling access to personal information, as there is a collaborative relationship focused on the trusted service manager (TSM that is close knit to shared personal information. Moreover, in the case of Hadoop, among the many big data analytical technologies, it offers access control functions, but not a way to authorize the processing of personal information, making it impossible to grant authority between service providers to process information. As such, this paper proposes a key generation and distribution method, as well as a secure communication protocol. The analysis has shown that the efficiency was greater for security and performance compared to relation works.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...
Niewoehner, Kevin R.; Carter, John (Technical Monitor)
The research accomplishments for the cooperative agreement 'Online Learning Flight Control for Intelligent Flight Control Systems (IFCS)' include the following: (1) previous IFC program data collection and analysis; (2) IFC program support site (configured IFC systems support network, configured Tornado/VxWorks OS development system, made Configuration and Documentation Management Systems Internet accessible); (3) Airborne Research Test Systems (ARTS) II Hardware (developed hardware requirements specification, developing environmental testing requirements, hardware design, and hardware design development); (4) ARTS II software development laboratory unit (procurement of lab style hardware, configured lab style hardware, and designed interface module equivalent to ARTS II faceplate); (5) program support documentation (developed software development plan, configuration management plan, and software verification and validation plan); (6) LWR algorithm analysis (performed timing and profiling on algorithm); (7) pre-trained neural network analysis; (8) Dynamic Cell Structures (DCS) Neural Network Analysis (performing timing and profiling on algorithm); and (9) conducted technical interchange and quarterly meetings to define IFC research goals.
Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres
new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....
Full Text Available As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. The proposed model is a context-centric access control solutions, context is the first-class principle that explicitly guides both policy specification and enforcement process. In order to handle context information in the model, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. As well as, this paper specifies access control policies as rules over ontologies representing the concepts introduced in the SCBAC model, and uses semantic web rule language (SWRL to form policy rule and infer those rules by JESS inference engine. The proposed model can also be applied to context-aware applications.
A 7 MeV Electron Beam Linear Accelerator (LINAC) being used for pulse radiolysis experiments at RC and CDD, B.A.R.C. has been automated with a PLC based control panel designed and developed by Computer Division, B.A.R.C.. The control panel after power on switches ON various units in a pre-defined sequence and intervals on a single turn of START key from OFF to ON position. The control panel also generates various ramp signals in a pre-defined sequence and rate and steady values and feeds to the LINAC bringing it to the ready for experiment condition. Similarly on a single turn of STOP key from OFF to ON position, the panel ramps down the various signals in pre-defined manners and makes OFF the various units in predefined sequence and timing providing safety to the machine. The steady values for various signals are on line settable as and when required so. This automation system relieves the operator from fatigue of time consuming manual ramping up or down of various signals and running around in four rooms for switching ON or OFF the various units enhancing efficiency and safety. This also facilitates the user scientist to do start up and shutdown operation in the absence of skilled operators and thus adds flexibility for working up to extended timing. This unit has been working satisfactorily since August 2002. For extraordinary condition automation to manual or vice versa change over has been provided. (author)
Discusses the problems of access to information in a machine-sensible environment, and the potential of modern library techniques to help in solving them. Explains how authors and publishers can make information more accessible by providing indexing information that uses controlled vocabulary, terms from a thesaurus, or other linguistic assistance…
Nomadic computing is about communication on an anytime anywhere basis. Security in this area is today not high enough and at the same time nomadic computing is increasing. In this thesis, security in the area of nomadic computing and remote access to company systems is assessed. The purpose is to investigate the security in this area today but also in the future in order to answer the main question of how and when secure nomadic computing can be offered. For this purpose a futuristic scenario...
Full Text Available This paper presents a system capable of monitoring and control remotely the temperature of a physical space. This work was part of a final year graduation of the Industrial Informatics Course at the Polytechnic Institute of Cávado and Ave. It was developed by an undergraduate student using a LabVIEW custom application with a methodology of on-off control. The local user can use a touch screen display to configure the system setpoint temperature and for overall monitoring. For remote access it can be used any device supporting LabVIEW environment.
In this paper, we described lighting control system for effective management of lighting system according to the size and use of each building of the Proton Accelerator Research Center of PEFP. By introducing lighting control system, it helps work environment enhancement, work efficiency increases and electric power consumption reduction. We also described the organization and function of the lighting control system of PEFP
Jung, Hoi Won; Mun, Kyeong Jun; Han, Yung Gu; Park, Sung Sik; Song, In Teak; Kim, Jun Yeon [KAERI, Daejeon (Korea, Republic of)
In this paper, we described lighting control system for effective management of lighting system according to the size and use of each building of the Proton Accelerator Research Center of PEFP. By introducing lighting control system, it helps work environment enhancement, work efficiency increases and electric power consumption reduction. We also described the organization and function of the lighting control system of PEFP.
In our present work, we have successfully designed, and developed an FPGA based smart wireless MIMO (Multiple Input and Multiple Output) system capable of controlling multiple industrial process parameters such as temperature, pressure, stress and vibration etc. To achieve this task we have used Xilin x Spartan 3E FPGA (Field Programmable Gate Array) instead of conventional microcontrollers. By employing FPGA kit to PC via RF transceivers which has a working range of about 100 meters. The developed smart system is capable of performing the control task assigned to it successfully. We have also provided a provision to our proposed system that can be accessed for monitoring and control through the web and GSM as well. Our proposed system can be equally applied to all the hazardous and rugged industrial environments where a conventional system cannot work effectively
Usman Ali, Syed M.; Hussain, Sajid; Akber Siddiqui, Ali; Arshad, Jawad Ali; Darakhshan, Anjum
In our present work, we have successfully designed, and developed an FPGA based smart wireless MIMO (Multiple Input & Multiple Output) system capable of controlling multiple industrial process parameters such as temperature, pressure, stress and vibration etc. To achieve this task we have used Xilin x Spartan 3E FPGA (Field Programmable Gate Array) instead of conventional microcontrollers. By employing FPGA kit to PC via RF transceivers which has a working range of about 100 meters. The developed smart system is capable of performing the control task assigned to it successfully. We have also provided a provision to our proposed system that can be accessed for monitoring and control through the web and GSM as well. Our proposed system can be equally applied to all the hazardous and rugged industrial environments where a conventional system cannot work effectively.
Coffman, Ed; Simatos, Florian; Tarumi, Shuzo; Zussman, Gil
Dynamic Spectrum Access systems exploit temporarily available spectrum (`holes' or `white spaces') and can spread transmissions over a number of non-contiguous sub-channels. Such methods can have significant benefits in terms of spectrum utilization. However, excessive fragmentation degrades performance and hence off-sets the benefits. Thus, there is a critical need for an in-depth understanding of these processes so as to determine how best to ensure acceptable levels of fragmentation. We address this need by presenting experimental and analytical results derived from a mathematical model. In particular, we model a system operating at capacity serving requests for bandwidth by assigning as needed a collection of gaps (sub-channels) with no limitations on fragment size. Our main theoretical result shows that even if fragments can be arbitrarily small, the system does not degrade with time; i.e., the average total number of fragments remains bounded. Within the very difficult class of dynamic fragmentation mod...
U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. E-Cigarette LegislationâYouth...
Passwords tend to be handled carelessly, and so are easily lost or stolen. Because they are intangible, their loss or theft generally goes unnoticed. Because they are constant, they may be used by anyone for as long as they remain in active use by a legitimate user. A step up in password security is offered by a new range of products which generate a new code each time the device is used. Devices are being produced in packages as small as a standard plastic credit card, including internal battery power, integral keyboard and LCD display. Security features of the Smart Card are reviewed, and several random access code generators currently available in the commercial marketplace are described
Ramli, Carroline Dewi Puspa Kencana
XACML (eXtensible Access Control Markup Language) is a prominent access control language that is widely adopted both in industry and academia. XACML is an international standard in the field of information security. The problem with XACML is that its specification is described in natural language...... (c.f. GM03,Mos05,Ris13) and manual analysis of the overall effect and consequences of a large XACML policy set is a very daunting and time-consuming task. In this thesis we address the problem of understanding the semantics of access control policy language XACML, in particular XACML version 3.0. The...... main focus of this thesis is modelling and analysing access control policies in XACML 3.0. There are two main contributions in this thesis. First, we study and formalise XACML 3.0, in particular the Policy Decision Point (PDP). The concrete syntax of XACML is based on the XML format, while its standard...
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...
This book describes how control of distributed systems can be advanced by an integration of control, communication, and computation. The global control objectives are met by judicious combinations of local and nonlocal observations taking advantage of various forms of communication exchanges between distributed controllers. Control architectures are considered according to increasing degrees of cooperation of local controllers: fully distributed or decentralized control, control with communication between controllers, coordination control, and multilevel control. The book covers also topics bridging computer science, communication, and control, like communication for control of networks, average consensus for distributed systems, and modeling and verification of discrete and of hybrid systems. Examples and case studies are introduced in the first part of the text and developed throughout the book. They include: control of underwater vehicles, automated-guided vehicles on a container terminal, contro...
The state of stochastic system and control theory as it impacts restructurable control issues is addressed. The multivariable characteristics of the control problem are addressed. The failure detection/identification problem is discussed as a multi-hypothesis testing problem. Control strategy reconfiguration, static multivariable controls, static failure hypothesis testing, dynamic multivariable controls, fault-tolerant control theory, dynamic hypothesis testing, generalized likelihood ratio (GLR) methods, and adaptive control are discussed.
Bai,Fengshuang; Yin,Yixin; Tu,Xuyan; Zhang,Ying
This paper provides the system and conception of the Personification Control System (PCS) on the basis of Intelligent Control System based on Artificial life (ICS/AL), Artificial Emotion, Humanoid Control, and Intelligent Control System based on Field bus. According to system science and deciding of organize of biology, the Pyramid System of PCS are created. Then Pyramid System of PCS which is made up of PCS1/H, PCS1/S, PCS1/O, PCS1/C and PCS1/G is described.
SHI Jing; YING Xiwen
The accessibility of a destination-based transportation system is defined to quantify the perform-ance of transportation systems which access a distinct destination. The access cost is used to reflect the utility of the transportation system including the fatigue and inconvenience in the total cost. The cost is quan-tified by two coefficients which represent the different characteristics of various people. The average cost and the income-relative accessibility are used to describe various aspects of the accessibility and to evaluate the accessibility of a destination-based system. A case study uses data from the Kunming transpor-tation system to evaluate the accessibility of the present city airport. The calibrated coefficients are then used to evaluate the transportation system to the new Kunming international airport. The results show that this transportation accessibility evaluation can be combined with transportation planning to study transporta-tion sub-systems.
Near, Joseph Paul; Jackson, Daniel
We propose a specification-free technique for finding missing security checks in web applications using a catalog of access control patterns in which each pattern models a common access control use case. Our implementation, Space, checks that every data exposure allowed by an application's code matches an allowed exposure from a security pattern in our catalog. The only user-provided input is a mapping from application types to the types of the catalog; the rest of the process is entirely au...
Pang, Jun; Zhang, Yang
The popularity of online social networks (OSNs) makes the protection of users' private information an important but scientifically challenging problem. In the literature, relationship-based access control schemes have been proposed to address this problem. However, with the dynamic developments of OSNs, we identify new access control requirements which cannot be fully captured by the current schemes. In this paper, we focus on public information in OSNs and treat it as a new dimension which u...
XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying
Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.
Xuan Hung Le; Murad Khalid; Ravi Sankar; Sungyoung Lee
Wireless sensor networks (WSNs) will play an active role in the 21th Century Healthcare IT to reduce the healthcare cost and improve the quality of care. The protection of data confidentiality and patient privacy are the most critical requirements for the ubiquitous use of WSNs in healthcare environments. This requires a secure and lightweight user authentication and access control. Symmetric key - based access control is not suitable for WSNs in healthcare due to dynamic network topology, mo...
Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon
Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464
Ellis, Wilbert E.
Viewgraphs on thermal control systems technology discipline for Space Station Freedom are presented. Topics covered include: heat rejection; heat acquisition and transport; monitoring and control; passive thermal control; and analysis and test verification.
Madsen, Jacob Theilgaard; Barradas Berglind, Jose de Jesus; Madsen, Tatiana Kozlova;
on a wind farm controller. The controller attempts to reduce fatigue on the wind turbine, which is used as a measure of the controller performance. Via simulation analysis, we show the degradation of the controller performance when subject to network delays. We analyse different access strategies...... useable by the controller to gather sensor information and and quantitatively characterize the impact of these access strategies on the controller performance......It is important to reduce the impact of renewable production in the power grid by means of control, due to increased frequency deviations and imbalances caused by these assets. Cost efficient deployment of asset control frequently results in a distributed control architecture where the controller...
There have been various navigation and tracking systems being developed with the help of technologies like GPS, GSM, Bluetooth, IR, Wi-Fi and Radar. Outdoor positioning systems have been deployed quite successfully using GPS but positioning systems for indoor environments still do not have widespread deployment due to various reasons. Most of these use only a single technology for positioning but using more than one in cooperation with each other is always advantageous for obtaining greater accuracy. Particularly, the ones which use Bluetooth are better since they would enhance the scalability of such a system because of the fact that this technology is in use by the common people so it would always be easy to track them. Moreover it would also reduce the hardware installation cost to some extent. The system that has been introduced here uses Bluetooth primarily for positioning and tracking in combination with Wi-Fi access points. The reason that makes the commercial application of such a system easier and ch...
Zhou, Sheng; Niu, Zhisheng
With simultaneous multi-user transmissions, spatial division multiple access (SDMA) provides substantial throughput gain over the single user transmission. However, its implementation in WLANs with contention-based IEEE 802.11 MAC remains challenging. Problems such as coordinating and synchronizing the multiple users need to be solved in a distributed way. In this paper, we propose a distributed MAC protocol for WLANs with SDMA support. A dual-mode CTS responding mechanism is designed to accomplish the channel estimation and user synchronization required for SDMA. We analytically study the throughput performance of the proposed MAC, and dynamic parameter adjustment is designed to enhance the protocol efficiency. In addition, the proposed MAC protocol does not rely on specific physical layer realizations, and can work on legacy IEEE 802.11 equipment with slight software updates. Simulation results show that the proposed MAC outperforms IEEE 802.11 significantly, and that the dynamic parameter adjustment can effectively track the load variation in the network.
A control system for HIMAC injector has been designed. The system consists of three mini-computers and many intelligent device controllers. The device controller is a single-board computer with a real time monitor and is installed in each device. Almost man-machine interactions for an operation of the injector system are performed by touch panels and rotary encoders. (author)
Wallett, Thomas M.
This paper surveys and describes some of the existing media access control and data link layer technologies for possible application in lunar surface communications and the advanced wideband Direct Sequence Code Division Multiple Access (DSCDMA) conceptual systems utilizing phased-array technology that will evolve in the next decade. Time Domain Multiple Access (TDMA) and Code Division Multiple Access (CDMA) are standard Media Access Control (MAC) techniques that can be incorporated into lunar surface communications architectures. Another novel hybrid technique that is recently being developed for use with smart antenna technology combines the advantages of CDMA with those of TDMA. The relatively new and sundry wireless LAN data link layer protocols that are continually under development offer distinct advantages for lunar surface applications over the legacy protocols which are not wireless. Also several communication transport and routing protocols can be chosen with characteristics commensurate with smart antenna systems to provide spacecraft communications for links exhibiting high capacity on the surface of the Moon. The proper choices depend on the specific communication requirements.
Ruj, Sushmita; Stojmenovic, Ivan
We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The ac...
Cancellaro, M.; Carli, M.; Egiazarian, K.; Neri, A.
In this paper, a novel authentications system combining biometric cryptosystems with digital watermarking is presented. One of the main vulnerabilities of the existing data hiding systems is the public knowledge of the embedding domain. We propose the use of biometric data, minutiae fingerprint set, for generating the encryption key needed to decompose an image in the Tree structured Haar transform. The uniqueness of the biometrics key together with other, embedded, biometric information guarantee the authentication of the user. Experimental tests show the effectiveness of the proposed system.
Vanessa Franco de Carvalho; Nalú Pereira da Costa Kerber; Vanessa Andréia Wachholz; Flávia Conceição Pohlmann; Letícia Amico Marques; Fabiane Ferreira Francioni
Objective: to understand how is the access to the public health service users in the Papanicolaou Test. Methods: qualitative study, with 52 women who have changes in the Pap smear exam, questioning the exam achievement frequency and the difficulties of its access and the consultations. It was developed a thematic analysis based on the Fekete accessibility reference. Results: three categories emerged: access to information on the frequency of Pap smears, highlighting the completion of the exam...
Simeone, Osvaldo; Maeder, Andreas; Peng, Mugen; Sahin, Onur; Yu, Wei
Cloud Radio Access Network (C-RAN) refers to the virtualization of base station functionalities by means of cloud computing. This results in a novel cellular architecture in which low-cost wireless access points, known as radio units (RUs) or remote radio heads (RRHs), are centrally managed by a reconfigurable centralized "cloud", or central, unit (CU). C-RAN allows operators to reduce the capital and operating expenses needed to deploy and maintain dense heterogeneous networks. This critical...