Probst, Christian W.; Hansen, René Rydhof
When prosecuting crimes, the main question to answer is often who had a motive and the possibility to commit the crime. When investigating cyber crimes, the question of possibility is often hard to answer, as in a networked system almost any location can be accessed from almost anywhere. The most...
Ramli, Carroline Dewi Puspa Kencana
XACML (eXtensible Access Control Markup Language) is a prominent access control language that is widely adopted both in industry and academia. XACML is an international standard in the field of information security. The problem with XACML is that its specification is described in natural language...... (c.f. GM03,Mos05,Ris13) and manual analysis of the overall effect and consequences of a large XACML policy set is a very daunting and time-consuming task. In this thesis we address the problem of understanding the semantics of access control policy language XACML, in particular XACML version 3.0. The...... main focus of this thesis is modelling and analysing access control policies in XACML 3.0. There are two main contributions in this thesis. First, we study and formalise XACML 3.0, in particular the Policy Decision Point (PDP). The concrete syntax of XACML is based on the XML format, while its standard...
Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.
Desmedt, Yvo; Shaghaghi, Arash
Security researchers have stated that the core concept behind current implementations of access control predates the Internet. These assertions are made to pinpoint that there is a foundational gap in this field, and one should consider revisiting the concepts from the ground up. Moreover, Insider threats, which are an increasing threat vector against organizations are also associated with the failure of access control. Access control models derived from access control matrix encompass three ...
Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...
Carreras Coch, Anna; Rodríguez Luna, Eva; Delgado Mercè, Jaime; Maroñas Borras, Xavier
Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability amongst systems using different policy languages and the lack of elements in the existing policy languages when trying to express Social Networks’ access control. In part...
Kelley, Jay; Wessels, Denzil
Network access control (NAC) is how you manage network security when your employees, partners, and guests need to access your network using laptops and mobile devices. Network Access Control For Dummies is where you learn how NAC works, how to implement a program, and how to take real-world challenges in stride. You'll learn how to deploy and maintain NAC in your environment, identify and apply NAC standards, and extend NAC for greater network security. Along the way you'll become familiar with what NAC is (and what it isn't) as well as the key business drivers for deploying NAC.Learn the step
Dekker, Mari Antonius Cornelis
Access control is used in computer systems to control access to confidential data. In this thesis we focus on access control for dynamic collaborative environments where multiple users and systems access and exchange data in an ad hoc manner. In such environments it is difficult to protect confident
Bente, Ingo; von Helden, Josef
Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.
Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.
WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min
Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.
Chiang, Ken; Nguyen, Thuy D.; Irvine, Cynthia E.
Control of access to information based upon temporal attributes can add another dimension to access control. To demonstrate the feasibility of operating system level support for temporal access controls, the Time Interval File Protection System (TIFPS), a prototype of the Time Interval Access Control (TIAC) model, has been implemented by modifying Linux extended attributes to include temporal metadata associated both with files and users. The Linux Security Module was used to provide hooks fo...
Gang Huang; Lian-Shan Sun
Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.
Chen, Lijun; Low, Steven H.; Doyle, John C.
Motivated partially by a control-theoretic viewpoint, we propose a game-theoretic model, called random access game, for contention control. We characterize Nash equilibria of random access games, study their dynamics, and propose distributed algorithms (strategy evolutions) to achieve Nash equilibria. This provides a general analytical framework that is capable of modeling a large class of system-wide quality-of-service (QoS) models via the specification of per-node util...
Gaaloul, Khaled; Charoy, François
e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.
Jonathan A. Enokela; Michael N. TYOWUAH
The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF) transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is ...
Madar, Fatima Ali
This thesis discusses two implementations of file access controls: the UNIX Permissions (UP) and the Access Control List (ACL). We will evaluate advantages and weaknesses in these two implementations. The criteria of evaluation are usefulness, security and manageability. The level of usefulness of systems was measured by evaluating user-surveys. The level of security was measured by comparing the implementations against well-established file access control models concerning privacy, inte...
An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release
Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the
Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…
Different from traditional access control technologies, such as discretionary access control, mandatory access control, role-based access control, trust-based access control can solve the problem of uncertainty, risk and vulnerability coming from authorization. In this paper, strict definition and formal description of trust-based access control is defined.
After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements
Ferreira, Ana; Chadwick, David W; Antunes, Luis
The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to...
Bowers, Dan M
Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed
Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti
ALBARELO, P. C.
Full Text Available Professionals are constantly seeking qualification and consequently increasing their knowledge in their area of expertise. Thus, it is interesting to develop a computer system that knows its users and their work history. Using this information, even in the case of professional role change, the system could allow the renewed authorization for activities, based on previously authorized use. This article proposes a model for user access control that is embedded in a context-aware environment. The model applies the concept of trails to manage access control, recording activities usage in contexts and applying this history as a criterion to grant new accesses. Despite the fact that previous related research works consider contexts, none of them uses the concept of trails. Hence, the main contribution of this work is the use of a new access control criterion, namely, the history of previous accesses (trails. A prototype was implemented and applied in an evaluation based on scenarios. The results demonstrate the feasibility of the proposal, allowing for access control systems to use an alternative way to support access rights.
Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan
The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.
Bradley, R. G.
Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems.
Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary,
In this work we suggest a meta access control model emulating established access control models by configuration and offering enhanced features like the delegation of rights, ego-centered roles, and decentralized administration. The suggested meta access control model is named \\'\\'Access Definition and Query Language\\'\\' (ADQL). ADQL is represented by a formal, context-free grammar allowing to express the targeted access control model, policies, facts, and access queries as a formal language.
Gassiot, Ariadna; Prats, Lluís; Coromina, Lluís
Accessible tourism and religious tourism are normally treated separately. Even so, curative shrines can be defined as places where these two types of tourism are especially co-habitual. Behaviour of both religious tourists (Battour, Battor, & Bhatti, 2013; Nolan & Nolan, 1992; Rinschede, 1992) and of people with special access needs (Burnett & Baker, 2001; Figueiredo, Eusébio, & Kastenholz, 2012) has been analysed before. However, the behaviour of visitors with special access needs in religio...
Franqueira, Virginia N.L.; Wieringa, Roel
Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of R
Jonathan A. ENOKELA
Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.
Cai, Weihong; Huang, Richeng; Hou, Xiaoli; Wei, Gang; Xiao, Shui; Chen, Yindong
Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.
Yang, Fan; Hankin, Chris; Nielson, Flemming;
We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future...
The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described
Full Text Available In this paper, an implementation of IEEE 1149.7 standard is used for designing Test Access Port (TAP Controller and testing of interconnects is done using boundary scan. By c-JTAG the pin count gets reduced which increases the performance and simplifies the connection between devices. TAP Controller is a synchronous Moore type finite state machine that is changed when the TMS and TCK signals of the test access port gets change. This controls the sequence operation of the circuitry conveyed by JTAG and c-JTAG. JTAGmainly used four pins with TAP and fifth pin is for optional use in Boundary scan. But c-JTAG uses only two pins with TAP. In this approach TDI and TDO gets multiplexed by using class T4 and T5 of c-JTAG. Various instructions are used for testing interconnects using IEEE 1149.7 standard (std.
Bzorgi, Fariborz M.
An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.
XU ZhiWei(徐志伟); BU GuanYing(卜冠英)
The current grid security research is mainly focused on the authentication of grid systems. A problem to be solved by grid systems is to ensure consistent access control. This problem is complicated because the hosts in a grid computing environment usually span multiple autonomous administrative domains. This paper presents a grid access control model, based on asynchronous automata theory and the classic Bell-LaPadula model. This model is useful to formally study the confidentiality and integrity problems in a grid computing environment. A theorem is proved, which gives the necessary and sufficient conditions to a grid to maintain confidentiality.These conditions are the formalized descriptions of local (node) relations or relationship between grid subjects and node subjects.
Mohammed, Alalelddin Fuad Yousif
This thesis project’s goal is to enable undergraduate students to gain insight into media access and control protocols based upon carrying out laboratory experiments. The educational goal is to de-mystifying radio and other link and physical layer communication technologies as the students can follow packets from the higher layers down through the physical layer and back up again. The thesis fills the gap between the existing documentation for the Universal Software Radio Peripheral (USRP) re...
Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.
ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.
This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi
Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed
A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.
陈卓; 骆婷; 石磊; 洪帆
Access control is an important protection mechanism for information systems. This paper shows how to make access control in workflow system. We give a workflow access control model (WACM) based on several current access control models. The model supports roles assignment and dynamic authorization. The paper defines the workflow using Petri net. It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM). Finally, an example of an e-commerce workflow access control model is discussed in detail.
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an im......Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged...
Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching
With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access
ZHENG Xiao-lin; LEI Yu; CHEN De-ren
An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area...
Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres
Al-Neyadi, Fahed; Abawajy, Jemal H.
E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas; Pichardie, David
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operation...
Afgan, Enis; Baker, Dannon; van den Beek, Marius; Blankenberg, Daniel; Bouvier, Dave; Čech, Martin; Chilton, John; Clements, Dave; Coraor, Nate; Eberhard, Carl; Grüning, Björn; Guerler, Aysam; Hillman-Jackson, Jennifer; Von Kuster, Greg; Rasche, Eric; Soranzo, Nicola; Turaga, Nitesh; Taylor, James; Nekrutenko, Anton; Goecks, Jeremy
High-throughput data production technologies, particularly 'next-generation' DNA sequencing, have ushered in widespread and disruptive changes to biomedical research. Making sense of the large datasets produced by these technologies requires sophisticated statistical and computational methods, as well as substantial computational power. This has led to an acute crisis in life sciences, as researchers without informatics training attempt to perform computation-dependent analyses. Since 2005, the Galaxy project has worked to address this problem by providing a framework that makes advanced computational tools usable by non experts. Galaxy seeks to make data-intensive research more accessible, transparent and reproducible by providing a Web-based environment in which users can perform computational analyses and have all of the details automatically tracked for later inspection, publication, or reuse. In this report we highlight recently added features enabling biomedical analyses on a large scale. PMID:27137889
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Javaenabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for...
Pawelczak, P.; Pollin, S.; So, H.-S.W.; Bahai, A.R.S.; Prasad, R.V.; Hekmat, R.
In this paper, different control channel (CC) implementations for multichannel medium access control (MAC) algorithms are compared and analyzed in the context of opportunistic spectrum access (OSA) as a function of spectrum-sensing performance and licensed user activity. The analysis is based on a d
Mr. SANTHOSH S
Full Text Available Radio frequency identification (RFID technology has helped many organizations to reduce cost. Nevertheless, there are challenges and issues associated with RFID adoption. The most common internal challenge for many organizations is justifying the investment and modification of processes. The focus of this project is to show the business value of RFID technology and its applications. The important issue is the security level of the whole campus because it needs to be carefully differentiated. Dormitories and special research laboratories should benefit from higher levels of security than any other campuses. The key to the problem is represented by the new Radio Frequency Identification (RFID which can support contactless cards with memory. The most important feature of the proposed system is the updating of access permission level at any time for the user based on the availability of that user. The data transfer from the reader to the database was done using wireless communication (RF communication. To achieve this here RF transmitter and the RF receiver is used. The data which is read by the reader is sent to the microcontroller. Then from the controller we can transfer the data to the database by using the UART module (serial communication which is inbuilt in the microcontroller through RF transmitter. RF receiver of the same frequency at the receiver end receives and then stores the data in the database. RF transmitter and Receiver – frequency for transmitting and receiving the data depends on the user as per the requirement for the application and it is based on the range of distance. For the data encoding and decoding process HCS-101 protocol is used.
OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation dir...
Sedghi, Saeed; Hartel, Pieter; Jonker, Willem; Nikova, Svetla; Bao, Feng; Weng, Jian
Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean som
Saffarian, Mohsen; Tang, Qiang; Jonker, Willem; Hartel, Pieter
The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,
Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…
HONG Fan; ZHU Xian; XING Guanglin
Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.
Zinzi, A.; Capria, M. T.; Palomba, E.; Giommi, P.; Antonelli, L. A.
The increasing number and complexity of planetary exploration space missions require new tools to access, visualize and analyse data to improve their scientific return. ASI Science Data Center (ASDC) addresses this request with the web-tool MATISSE (Multi-purpose Advanced Tool for the Instruments of the Solar System Exploration), allowing the visualization of single observation or real-time computed high-order products, directly projected on the three-dimensional model of the selected target body. Using MATISSE it will be no longer needed to download huge quantity of data or to write down a specific code for every instrument analysed, greatly encouraging studies based on joint analysis of different datasets. In addition the extremely high-resolution output, to be used offline with a Python-based free software, together with the files to be read with specific GIS software, makes it a valuable tool to further process the data at the best spatial accuracy available. MATISSE modular structure permits addition of new missions or tasks and, thanks to dedicated future developments, it would be possible to make it compliant to the Planetary Virtual Observatory standards currently under definition. In this context the recent development of an interface to the NASA ODE REST API by which it is possible to access to public repositories is set.
Full Text Available the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC, and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Baldini, Gianmarco; NAI-FOVINO Igor; Trombetta, Alberto; Braghin, Stefano
Cognitive Radio (CR) is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio (CR) technology can be used in innovative spectrum management approaches like spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various...
Li, F; Rahulamathavan, Y.; Conti, M.; Rajarajan, M.
Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not su...
MENG Xiao-feng; LUO Dao-feng; OU Jian-bo
As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.
Kawamura, Hiroko; Hirata, Yasuki [Kyushu Univ., Fukuoka (Japan). Radioisotope Center; Kondo, Takahiro; Takatsuki, Katsuhiro
We applied a new fingerprint checker for complete access control to the radiation controlled area and to the radioisotope storage room, and prepared softwares for the best use of this checker. This system consists of a personal computer, access controllers, a fingerprint register, fingerprint checkers, a tenkey and mat sensors, permits ten thousand users to register their fingerprints and its hard disk to keep more than a million records of user`s access. Only 1% of users could not register their fingerprints worn-out, registered four numbers for a fingerprint. The softwares automatically provide varieties of reports, caused a large reduction in manual works. (author)
Full Text Available Data outsourcing is a major component for cloud computing that allows data owners to distribute resources to external services for users and organizations who can apply the resources. A crucial problem for owners is how to make sure their sensitive information accessed by legitimate users only using the trusted services but not authorized to read the actual information. With the increased development of cloud computing, it brings challenges for data security and access control when outsourcing users’ data and sharing sensitive data in cloud environment since it is not within the same trusted domain as data owners’. Access control policies have become an important issue in the security filed in cloud computing. Semantic web technologies represent much richer forms of relationships among users, resources and actions among different web applications such as clouding computing. However, Semantic web applications pose new requirements for security mechanisms especially in the access control models. This paper addresses existing access control methods and presents a semantic based access control model which considers semantic relations among different entities in cloud computing environment. We have enriched the research for semantic web technology with role-based access control that is able to be applied in the field of medical information system or e-Healthcare system. This work shows how the semantic web technology provides efficient solutions for the management of complex and distributed data in heterogeneous systems, and it can be used in the medical information systems as well.
TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming
This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.
Zinzi, Angelo; Palomba, Ernesto; Giommi, Paolo; Antonelli, Lucio Angelo
The increasing number and complexity of planetary exploration space missions require new tools to access, visualize and analyse data to improve their scientific return. ASI Science Data Center (ASDC) addresses this request with the web-tool MATISSE (Multi-purpose Advanced Tool for the Instruments of the Solar System Exploration), allowing the visualization of single observation or real-time computed high-order products, directly projected on the three-dimensional model of the selected target body. Using MATISSE it will be no longer needed to download huge quantity of data or to write down a specific code for every instrument analysed, greatly encouraging studies based on joint analysis of different datasets. In addition the extremely high-resolution output, to be used offline with a Python-based free software, together with the files to be read with specific GIS software, makes it a valuable tool to further process the data at the best spatial accuracy available. MATISSE modular structure permits addition of ...
Full Text Available Social networks bring together users in a virtual platform and offer them the ability to share -within the Community- personal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information, privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work.
Tso, Kam S.; Pajevski, Michael J.
Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers
Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.
The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.
Ruo-Fei Han; Hou-Xiang Wang; Qian Xiao; Xiao-Pei Jing; Hui Li
The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management...
The objective of this thesis project was to find out feasibility of using a handheld XRF-analyser in solid biofuel quality control, particularly for recovered wood. Global biomass supply is estimated to grow rapidly, creating demand for automatic quality control systems. X-ray fluorescent technology brings about quick, accurate and non-destructive elemental analysis. Recovered wood fuel is challenging for combustion due to high levels of contaminants. During this work a list of challenging ch...
Gasser, K.L.S.; Nielson, Flemming; Nielson, Hanne Riis
We present a methodology for the systematic realisation of control flow analyses and illustrate it for Concurrent ML. We start with an abstract specification of the analysis that is next proved semantically sound with respect to a traditional small-step operational semantics; this result holds...
YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan
Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.
Microprocessors were installed as auxiliary crate controllers (ACCs) in the CAMAC interface of control systems for various accelerators. The same ACC was also at the hearth of a stand-alone system in the form of a mobile console. This was also used for local access to the control systems for tests and development work (Annual Report 1981, p. 80, Fig. 10).
Baggiolini, V; Jensen, S; Kostro, K; Risso, A; Trofimov, N N; SL
This paper presents the Remote Device Access (RDA) package developed at CERN in the framework of the joint PS/SL Controls Middleware project. The package design reflects the Accelerator Device Model in which devices, named entities in the control system, can be controlled via properties. RDA implements this model in a distributed environment with devices residing in servers that can run anywhere in the controls network. It provides a location-independent and reliable access to the devices from control programs. By invoking the device access methods, clients can read, write and subscribe to device property values. We describe the architecture and design of RDA its API, and CORBA-based implementations in Java and C++. First applications of RDA in the CERN accelerator control systems are described as well.
FU Jing-tuan; JI Hong; MAO Xu
Opportunistic spectrum access （OSA） is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access （CHMA） protocol,we introduce a hopping control channel medium access control （MAC） protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users＇ occupancy of the channel,we use a primary user （PU） detection model to calculate the channel availability for unlicensed users＇ access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.
Mur Escartín, Olga
The thesis consist in the study and evaluation of different methods for face recognition. The final objective is to select the most suitable techniques for face detection and recognition. Some of these techniques will be intergrated in a real time demontrator which will be a preliminary prototype that will have to work in controlled conditions (for ilumination and pose) and with reduced databases. The demonstrator will be done in Matlab and the main image acquisition rotines and face detectio...
Full Text Available The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management of internal functions is of the same importance as external service management. It is very troublesome to control authorizations merely with attributes and composition of policies introduced from attribute-based access control (ABAC. So, we introduce a united access control model for systems in collaborative commerce, combining the advantages of conventional role-based access control (RBAC, task-based authentication control (TBAC and that of recent ABAC and automated trust negotiation (ATN. Innovational ideas in the model are analyzed, and the implement architecture is discussed. The paper concludes with a summary of the united model’s benefits and future work.
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
The problem of regulating access to XML documents has attracted much attention from both academic and industry communities.In existing approaches, the XML elements specified by access policies are either accessible or inac-cessible according to their sensitivity.However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible.This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them.The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations.CSchema language has a type system to guarantee the type correctness of the embedded calcula-tion expressions and moreover this type system also generates a security view after type checking a CSchema policy.Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies.These released documents are then ready tobe accessed by, for instance, XML query engines.By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.
Wang, Liyuan; Guo, Ge
This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.
This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.
Carmem Lúcia Batista
Recently, in November 2011, it was published the law on access to public information, legal and historic mark in the struggle for human rights in Brazil. This achievement is the result of a process marked by denial of access to public archives, as it was the case of the Araguaia Guerrilla, valuing the culture of secrecy, abuse of power and relations between public and private in Brazil. Thus, the aim of this paper is to present a brief history about the control of access to public information...
Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud...
This paper studies two fundamentally distinct approaches to opening a technology platform and their different impacts on innovation. One approach is to grant access to a platform and thereby open up markets for complementary components around the platform. Another approach is to give up control over the platform itself. Using data on 21 handheld computing systems (1990-2004), I find that granting greater levels of access to independent hardware developer firms produces up to a fivefold accele...
Stieghahn, Michael; Engel, Thomas
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for exa...
Full Text Available Threshold ramp secret sharing schemes are designed so that (i certain subsets of shares have no information about the secret, (ii some subsets have partial information about the secret and (iii some subsets have complete information to recover the secret. However most of the ramp schemes in present literature do not control the leakage of information in partial access sets, due to which the information acquired by these sets is devoid of structure and not useful for fine-grained access control. Through a non-perfect secret sharing scheme called MIX-SPLIT, an encoding methodology for controlling the leakage in partial access sets is proposed and this is used for fine-grained access to binary strings. The ramp code generated using MIX-SPLIT requires a much smaller share size of O(n, as compared to Shamir's ramp adaptation which incurs a share size of atleast O(n2 for the same multi-access structure. The proposed ramp code is finally applied towards the protection and fine-grained access of industrial design drawings.
Madsen, Jacob Theilgaard; Barradas Berglind, Jose de Jesus; Madsen, Tatiana Kozlova;
is connected via a communication network to the sensors and actuators on the asset. Such a distributed control scheme may be implemented over a communication network that introduces delay and possibly also message loss. In this paper, we look at the impact of such an imperfect communication network on a wind...... farm controller. The controller attempts to reduce fatigue on the wind turbine, which is used as a measure of the controller performance. Via simulation analysis, we show the degradation of the controller performance when subject to network delays. We analyse different access strategies useable...... by the controller to gather sensor information and and quantitatively characterize the impact of these access strategies on the controller performance...
Wang Peng; Jiang Lingyun
As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for...
Mustafa Hafiz Saad Bin
Full Text Available In the current set of an experiment, forty maize genotypes were assessed for drought associated traits. For evaluation of these traits, PC and correlation analyses were employed to obtain suitable parents that can be further exploited in future breeding programmes. Correlation analysis revealed some important associations among the traits studied. Fresh root length had positive and significant associations, but leaf temperature had a significant negative correlation with root density at both 40% and 100% moisture levels while root density had negative association at 100% and positive correlation at 40% moisture level with chlorophyll content. The positive correlation among these yield contributing traits suggested that these characters are important for direct selection of drought tolerant high yielding genotypes. Principal component (PC analysis showed first 4 PCs having Eigen value >1 explaining 86.7% and 88.4% of the total variation at 40% and 100% moisture levels respectively with different drought related traits. Cluster analysis classified 40 accessions into four divergent groups. The members of clusters 1 and 2 may be combined in future breeding programmes to obtain genotypes/hybrids that can perform well under drought stress conditions. Members of cluster 3 may be selected on the basis of root density, leaf temperature, dry root weight and root shoot ratio by weight and can be combined with members of cluster 4 due to higher leaf temperature and root shoot ratio by length. The results showed that the germplasm having a wide genetic diversity can be thus utilized for future breeding programme to obtain drought tolerant maize genotypes/ hybrids for adaptation to water scarce areas.
Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi
A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.
Full Text Available Privacy preservation is a crucial problem in resource sharing and collaborating among multi-domains. Based on this problem, we propose a role-based access control model for privacy preservation. This scheme avoided the privacy leakage of resources while implementing access control, and it has the advantage of lower communication overhead. We demonstrate this scheme meets the IND-CCA2 semantic security by using random oracle. The simulation result shows this scheme has better execution efficiency and application effects.
Zhang, Xuanping; Bullard, Kai McKeever; Gregg, Edward W.; Beckles, Gloria L.; Williams, Desmond E.; Barker, Lawrence E; Albright, Ann L.; Imperatore, Giuseppina
OBJECTIVE To examine the relationship between access to health care and diabetes control. RESEARCH DESIGN AND METHODS Using data from the National Health and Nutrition Examination Survey, 1999–2008, we identified 1,221 U.S. adults (age 18–64 years) with self-reported diabetes. Access was measured by current health insurance coverage, number of times health care was received over the past year, and routine place to go for health care. Diabetes control measures included the proportion of people...
This report analyses the potential impact of the EU CAP reforms that follow the Mid Term Review and the Harbinson Proposal for negotiation modalities in the WTO Doha Round on the Netherlands, EU14 and the accession countries. In welfare terms, the MTR has a rela-tively small impact on the Netherland
Full Text Available The relationship between users and resources is dyn amic in the cloud, and service providers and users are typically not in the same security do main. Identity-based security (e.g., discretionary or mandatory access control models c annot be used in an open cloud computing environment, where each resource node may not be fa miliar, or even do not know each other. Users are normally identified by their attributes o r characteristics and not by predefined identities. There is often a need for a dynamic acc ess control mechanism to achieve cross- domain authentication. In this paper, we will focus on the following three broad categories of access control models for cloud computing: (1 Role -based models; (2 Attribute-based encryption models and (3 Multi-tenancy models. We will review the existing literature on each of the above access control models and their varian ts (technical approaches, characteristics, applicability, pros and cons, and identify future research directions for developing access control models for cloud computing environments .
vanDellen, Michelle R.; Hoyle, Rick H.
The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...
Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan
Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.
Antonopoulos, Nick; Koukoumpetsos, Kyriakos; Shafarenko, Alex
Discusses the mobile software agent paradigm that provides a foundation for the development of high performance distributed applications and presents a simple, distributed access control architecture based on the concept of distributed, active authorization entities (lock cells), any combination of which can be referenced by an agent to provide…
Dekker, M.A.C.; Etalle, S.; Gadducci, F.
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acce
Dekker, M.A.C.; Etalle, S.
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acc
Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.
In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures-having in this case...
Liu, Yiliang; Deng, Jinxia
In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.
The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them
Javaid, N.; Ahmad, A.; A. Rahim; Z.A. Khan; M. Ishfaq; Qasim, U.
Wireless Body Area Networks (WBANs) are widely used for applications such as modern health-care systems, where wireless sensors (nodes) monitor the parameter(s) of interest. Nodes are provided with limited battery power and battery power is dependent on radio activity. MAC protocols play a key role in controlling the radio activity. Therefore, we present Adaptive Medium Access Control (A-MAC) protocol for WBANs supported by linear programming models for the minimization of energy consumption ...
Angjelichinoski, Marko; Stefanovic, Cedomir; Popovski, Petar
We present a communication solution tailored specifically for DC microgrids (MGs) that exploits: (i) the communication potential residing in power electronic converters interfacing distributed generators to powerlines and (ii) the multiple access nature of the communication channel presented by powerlines. The communication is achieved by modulating the parameters of the primary control loop implemented by the converters, fostering execution of the upper layer control applications. We present...
Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D. [Argonne National Lab., IL (United States). Advanced Photon Source
The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS`s design philosophy, configuration, hardware, functionality, validation requirements, and operational experience.
The existence of unfair differences or disparities in access to and quality of health care is well known. However, the nature of disparities at different stages of the health seeking pathway and interventions to reduce them are less clear. Applying the tools of statistics and quasi experimental design-- interrupted time series, propensity score matching, hierarchical models---we can analyze how care is accessed in low, middle and high income countries and assess for disparities. The results a...
Full Text Available Personalization and adaptation to the user profile capability are the hottest issues to ensure ambientassisted living and context awareness in nowadays environments. With the growing healthcare andwellbeing context aware applications, modeling security policies becomes an important issue in thedesign of future access control models. This requires rich semantics using ontology modeling for themanagement of services provided to dependant people. However, current access control models remainunsuitable due to lack of personalization, adaptability and smartness to the handicap situation.In this paper, we propose a novel adaptable access control model and its related architecture in whichthe security policy is based on the handicap situation analyzed from the monitoring of user’s behavior inorder to grant a service using any assistive device within intelligent environment. The design of ourmodel is an ontology-learning and evolving security policy for predicting the future actions of dependentpeople. This is reached by reasoning about historical data, contextual data and user behavior accordingto the access rules that are used in the inference engine to provide the right service according to theuser’s needs.
Pons Rotger, Gabriel Angel; Nielsen, Thomas Alexander Sick
. Comparing income groups a considerably stronger response to the increased accessibility is seen in the highest earning and presumably most skilled group. Comparing commuting responses to metro access grouped by the past commuting behavior of the responspondents indicate a positive effect of proximity...... to the metro on the probability of commuting a long distance irrespective of past behavior. Thus, the choice to commute longer than in the past - and the choice not to shorten commuting distance is more often made by those with proximity to a metro station....
ZHANG Hong; HE YePing; SHI ZhiGuo
There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented,and the role is assigned a logical location domain to specify the spatial boundary.Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints,location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.
Wolf, F. M.; Miller, J. G.; Gruppen, L D; Ensminger, W. D.
Skills and practice related to accessing and interpreting clinical information from systematic reviews/meta-analyses, practice guidelines, and the Internet have been integrated into a new senior year elective designed to teach medical students how to critically appraise information from a variety of sources and evaluate it's applicability to patient care. Small groups of senior medical students under the direction of a multidisciplinary team (behavioral scientist, information specialist, phys...
Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg
, to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....
Leahu, M C; Avolio, G
The ATLAS experiment operates with a significant number of hardware and software resources. Their protection against misuse is an essential task to ensure a safe and optimal operation. To achieve this goal, the Role Based Access Control (RBAC) model has been chosen for its scalability, flexibility, ease of administration and usability from the lowest operating system level to the highest software application level. This paper presents the overall design of RBAC implementation in the ATLAS experiment and the enforcement solutions in different areas such as the system administration, control room desktops and the data acquisition software. The users and the roles are centrally managed using a directory service based on Lightweight Directory Access Protocol which is kept in synchronization with the human resources and IT datab
Srirama, Satish Narayana
It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.
Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio
Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
Yan, Liang; Rong, Chunming
Radio Frequency Identification (RFID) technology that used to identify objects and users has been applied to many applications such retail and supply chain recently. How to prevent tag content from unauthorized readout is a core problem of RFID privacy issues. Hash-lock access control protocol can make tag to release its content only to reader who knows the secret key shared between them. However, in order to get this shared secret key required by this protocol, reader needs to communicate with a back end database. In this paper, we propose to use identity-based secret key exchange approach to generate the secret key required for hash-lock access control protocol. With this approach, not only back end database connection is not needed anymore, but also tag cloning problem can be eliminated at the same time.
Flora, Cornelia B.
Metadata only record Developing sustainability in an agricultural ecosystem requires that attention be given to inequities within communities. The experiences of SANREM CRSP revealed that gender inequality was a significant factor in the access and control of resources that were critical for the projects reaching their goals. Among the resources of financial, manufactured, human, environmental, and social capital, enhancing social capital among women was a crucial component of plans for in...
Zhang, Nien Fan; Yao, L.; Nenadic, A.; Chin, J.; Goble, C.; Rector, A.; Chadwick, David W; Otenko, Sassa; Shi, Q.
In a virtual organization environment, where services and data are provided and shared amongorganizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication strengths derived from the authentication methods and tokens should be incorporated into an access-control decision-making process, so that more sen...
S. R. KODITUWAKKU
The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC). Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.
S. R. KODITUWAKKU
Full Text Available The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC. Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.
Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented.
Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555
The 'Material Control and Surveillance for High Frequency Access Vaults' project sponsored by United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) focuses on enhancing nuclear materials control and surveillance in vaults that are frequently accessed. The focus of this effort is to improve materials control and accountability (MC and A) while decreasing the operational impact of these activities. Los Alamos and Y-12 have developed a testbed at the Los Alamos National Laboratory for evaluating and demonstrating integrated technologies for use in enhancing materials control and accountability in active nuclear material storage vaults. An update will be provided on the new systems demonstrated in the test-bed including a 'confirmatory cart' for expediting the performance of inventory and radio-frequency actuated video that demonstrates the concept of automated data entry for materials moving between MBA's. The United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) has sponsored a project where nuclear material inventory, control and surveillance systems are evaluated, developed, and demonstrated in an effort to provide technologies that reduce risk, increase material assurance, and provide cost-efficient alternatives to manpower-intensive physical inventory and surveillance approaches for working (high-frequency-access) vaults. This Fiscal Year has been largely focused on evaluating and developing components of two sub-systems that could be used either separately in nuclear material vaults or as part of a larger integrated system for nuclear materials accountability, control and surveillance.
Oliver Zhen Li; Xijia Su; Zhifeng Yang
We study the effect of state control on capital allocation and investment in China, where the government screens prospective stock issuers. We find that state firms are more likely to obtain government approval to conduct seasoned equity offerings than non-state firms. Further, non-state firms exhibit greater sensitivities of subsequent investment and stock performance to regulatory decisions on stock issuances than state firms. Our work suggests that state control of capital access distorts resource allocation and impedes the growth of non-state firms. We also provide robust evidence that financial constraints cause underinvestment.
Full Text Available The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises. This is achieved mainly through the use of a Radio Frequency Identification System with operating frequency of 125 KHz, Microcontroller programmed to send control signals, DC motor, relay, buzzer, Liquid Crystal Display (LCD and GSM/GPRS Modem.Once the RFID tag which contains the user’s unique information is scan by the RFID reader and confirmed match with the information stored in the microcontroller, the microcontroller is instructed to turn ON the DC motor through L293D driver, display “USER NUMBER and CARD NUMBER” on the LCD and activates the GSM/GPRS modem to send SMS alert “AUTHORIZED, valid RFID card shown, User is allowed to enter, user number” to security personnel. Else, the DC Motor remained OFF, LCD displays “READ RFID CARD NOT VALID”, buzzer turns ON for about 5seconds and GSM/GPRS modem activated to send “ UNAUTHORIZED, invalid RFID card is used to access the security system” to the security personnel. The electronic circuit was implemented, the codes for microcontroller were written in assembly language, debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Hardware simulation was carried out using the Proteus Virtual System Modelling (VSM version 8.0.An importation implication of this paper is that the system is cheaper to maintain and more efficient in comparison with a manually operated type or key lock
Ban Sharief Mustafa
Full Text Available Java Agent Development Framework (JADE is a software framework to make easy the development of Multi-Agent applications in compliance with the Foundation for Intelligent Physical Agents (FIPA specifications. JADE propose new infrastructure solutions to support the development of useful and convenient distributed applications. Security is one of the most important issues in implementing and deploying such applications. JADE-S security add-ons are one of the most popular security solutions in JADE platform. It provides several security services including authentication, authorization, signature and encryption services. Authorization service will give authorities to perform an action based on a set of permission objects attached to every authenticated user. This service has several drawbacks when implemented in a scalable distributed context aware applications. In this paper, an ontology-based access control model called (OJADEAC is proposed to be applied in JADE platform by combining Semantic Web technologies with context-aware policy mechanism to overcome the shortcoming of this service. The access control model is represented by a semantic ontology, and a set of two level semantic rules representing platform and application specific policy rules. OJADEAC model is distributed, intelligent, dynamic, context-aware and use reasoning engine to infer access decisions based on ontology knowledge.
Mo, Zijian; Wang, Zhonghai; Xiang, Xingyu; Wang, Gang; Chen, Genshe; Nguyen, Tien; Pham, Khanh; Blasch, Erik
Satellite Control Networks (SCN) have provided launch control for space lift vehicles; tracking, telemetry and commanding (TTC) for on-orbit satellites; and, test support for space experiments since the 1960s. Currently, SCNs encounter a new challenge: how to maintain the high reliability of services when sharing the spectrum with emerging commercial services. To achieve this goal, the capability of multiple satellites reception is deserved as an update/modernization of SCN in the future. In this paper, we conducts an investigation of multiple access techniques in SCN scenario, e.g., frequency division multiple access (FDMA) and coded division multiple access (CDMA). First, we introduce two upgrade options of SCN based on FDMA and CDMA techniques. Correspondingly, we also provide their performance analysis, especially the system improvement in spectrum efficiency and interference mitigation. Finally, to determine the optimum upgrade option, this work uses CRISP, i.e., Cost, Risk, Installation, Supportability and Performance, as the baseline approach for a comprehensive trade study of these two options. Extensive numerical and simulation results are presented to illustrate the theoretical development.
Full Text Available We present an energy analysis technique applicable to medium access control (MAC and multihop communications. Furthermore, the technique's application gives insight on using multihop forwarding instead of single-hop communications. Using the technique, we perform an energy analysis of carrier-sense-multiple-access (CSMA- based MAC protocols with sleeping schemes. Power constraints set by battery operation raise energy efficiency as the prime factor for wireless sensor networks. A detailed energy expenditure analysis of the physical, the link, and the network layers together can provide a basis for developing new energy-efficient wireless sensor networks. The presented technique provides a set of analytical tools for accomplishing this. With those tools, the energy impact of radio, MAC, and topology parameters on the network can be investigated. From the analysis, we extract key parameters of selected MAC protocols and show that some traditional mechanisms, such as binary exponential backoff, have inherent problems.
Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.
Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.
Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian
Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.
Fafoutis, Xenofon; Dragoni, Nicola
ODMAC (On-Demand Media Access Control) is a recently proposed MAC protocol designed to support individual duty cycles for Energy Harvesting — Wireless Sensor Networks (EH-WSNs). Individual duty cycles are vital for EH-WSNs, because they allow nodes to adapt their energy consumption to the ever......-changing environmental energy sources. In this paper, we present an improved and extended version of ODMAC and we analyze it by means of an analytical model that can approximate several performance metrics in an arbitrary network topology. The simulations and the analytical experiments show ODMAC's ability to satisfy...
Full Text Available Biometrics is the science of measuring and analyzing biological data. It is used to uniquely identify individuals by their physical characteristics or personal behavior traits.The results from scrutiny of various themes including unimodal, multimodal, physiological, behavioural bio-metrics. Bio-metrics, Physiological and behavioural are compared in the review. The article addresses a particular aspect of utilizing biometrics for authentication, identification and access control. The use of systems like fingerprint, face recognition, hand geometry, Palm print, DNA analysis, iris recognition, retina and odour/scent will be dealt with herewith. This study deals with various applications of this technology, like surveillance, employee identification, device access etc with mentions respective of hardware used. The influence of such features is yet to be documented properly, but it is safe to say that it has been a huge step towards better information security and identification control.Over the course of this text, we will try to bring to light our analysis of the subject and provide an in-depth examination of contemporary and futuristic technologies pertaining to this field.
Asakura, Yoshiharu; Nakamoto, Yukikazu
Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.
Simone, Angela; Rode, Carsten; Olesen, Bjarne W.
under different control strategies of the heating system (Pseudo Random Binary Sequence signal controlling all the heaters (PRBS) or thermostatic control of the heaters (THERM)). A comparison of the measured temperatures within the room, for the five series of experiments, shows a better correlation...... when temperature control strategy THERM was used. Notable vertical temperature gradients were monitored in the occupied zone (especially for the PRBS control strategy) when there were high solar gains....
... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published in... Protection Systems for Access Control Technologies, 65 FR 64556, 64564, published in the Federal...
... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... market access to customers or other persons, to implement risk management controls and supervisory... pre-trade risk management controls (i.e., ``unfiltered'' or ``naked'' access),\\10\\ and thus could...
... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...
... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...
...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10 a.m.-4..., Airport Security Access Control Systems. The agenda will include the following: February 9, 2012...
Full Text Available As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for the medical health-care environment, task-role-based access control model, which overcomes the disadvantages of traditional access control models. The task-role-based access control (T-RBAC model introduces a task concept, dividing tasks into four categories. It also supports supervision role hierarchy. T-RBAC is a proper access control model for Smart Health-care System, and it improves the management of access rights. This paper also proposes an implementation of T-RBAC, a binary two-key-lock pair access control scheme using prime factorization.
Wang, Shujuan; Liu, Qingtang
The virtual learning community is an important application pattern of E-Learning. It emphasizes the cooperation of the members in the community, the members would like to share their learning resources, to exchange their experience and complete the study task together. This instructional mode has already been proved as an effective way to improve the quality and efficiency of instruction. At the present time, the virtual learning communities are mostly designed using static access control policy by which the access permission rights are authorized by the super administrator, the super administrator assigns different rights to different roles, but the virtual and social characteristics of virtual learning community make information sharing and collaboration a complex problem, the community realizes its instructional goal only if the members in it believe that others will offer the knowledge they owned and believe the knowledge others offered is well-meaning and worthy. This paper tries to constitute an effective trust mechanism, which could promise favorable interaction and lasting knowledge sharing.
Gravel, Simon-Pierre; Avizonis, Daina; St-Pierre, Julie
The tumor microenvironment is a complex and heterogeneous milieu in which cancer cells undergo metabolic reprogramming to fuel their growth. Cancer cell lines grown in vitro using traditional culture methods represent key experimental models to gain a mechanistic understanding of tumor biology. This protocol describes the use of gas chromatography-mass spectrometry (GC-MS) to assess metabolic changes in cancer cells grown under varied levels of oxygen and nutrients that may better mimic the tumor microenvironment. Intracellular metabolite changes, metabolite uptake and release, as well as stable isotope ((13)C) tracer analyses are done in a single experimental setup to provide an integrated understanding of metabolic adaptation. Overall, this chapter describes some essential tools and methods to perform comprehensive metabolomics analyses. PMID:27581029
Haibo Shen; Yu Cheng
As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC) to be applied in mobile web services environment by combining ...
Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim
Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...
Full Text Available This paper explores a parallel control structure for improving the behaviour of a chemical plant having recycling and multi- ple feed streams; a ternary system is taken as an example,having an A + B → C second-order irreversible reaction. Material recycling dynamics can induce the so-called snowball effect in the presence of disturbance in the feed stream. The snowball effect can be prevented by distributing load through the parallel control scheme. A control structure was thus pro- posed where product composition was regulated by means of simultaneous feedback manipulation of final column vapour boilup rate and reactor temperature. An extension was made for one reactor, one distillation column and recycle stream configuration. Nonlinear simulations showed that effective composition control could be obtained with moderate vapour boilup control efforts.
Reed, Robert K; Bell, Jayce C
The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061
Leahu, Marius Constantin; Stoichescu, D A; Lehmann Miotto, G
ATLAS (A Toroidal LHC Apparatus) is a general-purpose detector for studying high-energy particle interactions: it is the largest particle detector experiment at CERN and it is built around one of the interaction points of the proton beams accelerated by the Large Hadron Collider (LHC). The detector generates an impressive amount of raw data: 64 TB per second as a result of 40 MHz proton-proton collision rate with 1.6 MB data for each such event. The handling of such data rate is managed by a three levels Trigger and Data Acquisition (TDAQ) system, which filters out the events not relevant from physics research point of view and selects in the end in the order of 1000 events per second to be stored for offline analyses. This system comprises a significant number of hardware devices, software applications and human personnel to supervise the experiment operation. Their protection against damages as a result of misuse and their optimized exploitation by avoiding the conflicting accesses to resources are key requ...
Mahmood Rajpoot, Qasim
that is suitable for video surveillance systems as well as other domains sharing similar requirements. As the currently dominant access control models – the role-based access control (RBAC) and the attribute-based access control (ABAC) – suffer from limitations while offering features complementary to each other...... while addressing the role- and permission-explosion issues faced in RBAC. Based on our access control model, we then present an access control mechanism for video surveillance systems. Contrary to the existing approaches, the proposed access control mechanism is role-oriented and retains advantages...... associated with role-based access control, yet it allows specification of policies using the metadata associated with the objects as well as the attributes of users and environment. In addition to role hierarchies, the content-based permissions in our model allow derivation of several permissions from...
Guan-Shyong Hwang; Der-Min Tsay; Wei-Hsiang Liao; Jao-Hwa Kuang; Tzuen-Lih Chern
This study proposes a novel design of a parallel-type Independently Controllable Transmission (ICT). The parallel-type ICT can produce a continuously variable transmission ratio and a required angular output velocity that can be independently manipulated by a controller yet not affected by the angular velocity of the input shaft. The proposed parallel-type ICT is composed of two planetary gear trains and two transmission-connecting members. A prototype was built to investigate its kinematic c...
Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel;
Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC...... of complex access control decisions based on spatio-temporal relationships among subjects and objects. Furthermore, such relationships change frequently in dynamic environments, requiring efficient mechanisms to monitor and re-evaluate access control decisions. In this position paper, we present a healthcare...... emergency response scenario which highlights the novel challenges that arise when enforcing access control in an environment with moving subjects and objects. To address a realistic application scenario, we consider movement on road networks, and we identify complex access control decisions relevant...
Zhou, Liang; Zheng, Baoyu; Geller, Benoit; Wei, Anne; Xu, Shan; Li, Yajun
In this paper, we address the rate control, the Medium Access Control (MAC) and the routing problem for cooperative Vehicular Ad-Hoc Network (VANET) in the framework of cross-layer design. At first, we introduce the cooperative communication conception to VANET, and propose an opportunistic cooperation strategy to improve the system performance. And then, we develop a cross-layer solution which consists of the link capacity detection with adjusting persistence probability at the MAC Layer, th...
ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian
The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.
Full Text Available BACKGROUND: After many years of general neglect, interest has grown and efforts came under way for the mapping, control, surveillance, and eventual elimination of neglected tropical diseases (NTDs. Disease risk estimates are a key feature to target control interventions, and serve as a benchmark for monitoring and evaluation. What is currently missing is a georeferenced global database for NTDs providing open-access to the available survey data that is constantly updated and can be utilized by researchers and disease control managers to support other relevant stakeholders. We describe the steps taken toward the development of such a database that can be employed for spatial disease risk modeling and control of NTDs. METHODOLOGY: With an emphasis on schistosomiasis in Africa, we systematically searched the literature (peer-reviewed journals and 'grey literature', contacted Ministries of Health and research institutions in schistosomiasis-endemic countries for location-specific prevalence data and survey details (e.g., study population, year of survey and diagnostic techniques. The data were extracted, georeferenced, and stored in a MySQL database with a web interface allowing free database access and data management. PRINCIPAL FINDINGS: At the beginning of 2011, our database contained more than 12,000 georeferenced schistosomiasis survey locations from 35 African countries available under http://www.gntd.org. Currently, the database is expanded to a global repository, including a host of other NTDs, e.g. soil-transmitted helminthiasis and leishmaniasis. CONCLUSIONS: An open-access, spatially explicit NTD database offers unique opportunities for disease risk modeling, targeting control interventions, disease monitoring, and surveillance. Moreover, it allows for detailed geostatistical analyses of disease distribution in space and time. With an initial focus on schistosomiasis in Africa, we demonstrate the proof-of-concept that the establishment
Quality controlled water, sediment, tissue, and tar/oil chemistry analyses from the Deepwater Horizon (DWH) oil spill event in the Gulf of Mexico from 2010-04 to 2011-06, sourced from NOAA's Query Manager data management system (NODC Accession 0108924)
National Oceanic and Atmospheric Administration, Department of Commerce — This collection includes 4 data files (one each for water, sediment, tissue, and tar/oil analyses) containing data from the Deepwater Horizon (DWH) Oil Spill Event...
The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.
Gondara, Mandeep Kaur
Semantic Web is an open, distributed, and dynamic environment where access to resources cannot be controlled in a safe manner unless the access decision takes into account during discovery of web services. Security becomes the crucial factor for the adoption of the semantic based web services. An access control means that the users must fulfill certain conditions in order to gain access over web services. Access control is important in both perspectives i.e. legal and security point of view. This paper discusses important requirements for effective access control in semantic web services which have been extracted from the literature surveyed. I have also discussed open research issues in this context, focusing on access control policies and models in this paper.
A quality control programme for mercury determinations in hair was developed within a study of 'Mental effects of prenatal methylmercury exposure in New Zealand children'. Hair was obtained from seven females with a mercury concentration of about 0.5-4 μg Hg/g. The hair was cut into 1-5 cm pieces and pulverized by liquid nitrogen grinding using a ring mill. In order to obtain a series of QC samples with varying Hg concentrations, different amounts of powder from all the samples and a reference sample of pulverized hair (11.2 μg Hg/g) were mixed. The mercury concentrations in the original samples and the mixtures were determined by radiochemical neutron activation analysis (RNAA). In total four laboratories participated in the interlaboratory comparison. All laboratories used the cold vapor AAS technique and Hg monitor model 1235, LDC for determinations after wet digestion of the samples. (orig./RB)
Full Text Available Over the years, e-learning and e-examination has become standard in many institutions of higher learning. It has been observed that examination questions and results can be easily intercepted by invalid users, thus the security of resources shared among valid users is not guaranteed. In order to solve these problems as it relates to access control, a Role based Examination System (RBES was designed, developed and evaluated. RBES attempted to solve the security issue by the combination of two authentication techniques: text-based authentication and graphical password authentication. The Text-based authentication utilizes two text-based parameters namely the username and password. The graphical password authentication makes use of a finite set of controls (RBES chooses radio buttons which are identified by numbers. These numbers constitute the password used for graphical authentication. To improve on resource sharing among users in the examination system, RBES proposes role management (role creation, role update, role removal and user management (user creation, user update and user removal. The developed system made use of asp.net, C#, IIS server, WAMP server, Mysql and other tools for its development. RBES was tested by some legitimate and illegitimate users and the performance of the system was found to be satisfactory, hence RBES shows an efficient and reliable scheme that can be deployed in any examination or e-learning system. Finally the potential threats to the system were modeled and the use of weak passwords was found to be the most likely threat the system could be vulnerable to.
HUANG Xiaowen; TAN Jian; HUANG Xiangguo
An effective and reliable access control is crucial to a PDM system. This article has discussed the commonly used access control models, analyzed their advantages and disadvantages, and proposed a new Role and Object based access control model that suits the particular needs of a PDM system. The new model has been implemented in a commercial PDM system, which has demonstrated enhanced flexibility and convenience.
Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew
This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.
... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access... Prescriptions § 1311.125 Requirements for establishing logical access control—Individual practitioner. (a) At... his two-factor authentication credential to satisfy the logical access controls. The second...
... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access...) Electronic Prescriptions § 1311.130 Requirements for establishing logical access control—Institutional... practitioner that enters permissions for logical access controls into the application. The...
Most telecommunication operators are currently deciding on how to respond to customers' needs stimulated by the synergy between compression coding of multimedia and the emergence of broadband digital networks. This paper describes a range of broadband access architectures under consideration in the full services access network initiative. All architectures have a common requirement for a broadband ATM PON. A common broadband PON applicable to many operators increases the world-wide market for the product. With greater production volumes manufacturers' costs reduce because of the experience curve effect making broadband access systems economic.
Tarek S. Sobh
Full Text Available As wireless networks access gains popularity in corporate, private and personal networks, the nature of wireless networks opens up new possibilities for network attacks. This paper negotiating Wi-Fi security against scanning of rogue Wi-Fi networks and other related activities and considers the monitoring of Wi-Fi traffic effects. The unauthorized access point (AP problem has raised more attention and resulted in obtaining wireless access without subscriber permission.This work assumes Wi-Fi AP under attack specially rogue AP and/or ad-hoc client. It provides a solution for detecting and preventing this attack. In addition, it provides the required user permissions to allow/block access of the files on the user of ad-hoc client. The experiments include the rogue AP attack are maintained and the effectiveness of the proposed solution are tested.
Osadchiy, Alexey Vladimirovich
This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges...... are arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...... interfacing and signal routing. Equipment and infrastructure simplification was recognized as the path towards more efficient metropolitan and access networks providing a spectrum of high-bandwidth services to large number of users. Several approaches have been proposed and developed in order to enable...
Tiwari, Basant; Kumar, Abhay
Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority.
Tiwari, Basant; Kumar, Abhay
Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority. PMID:26559071
Wolf, F M; Miller, J G; Gruppen, L D; Ensminger, W D
Skills and practice related to accessing and interpreting clinical information from systematic reviews/meta-analyses, practice guidelines, and the Internet have been integrated into a new senior year elective designed to teach medical students how to critically appraise information from a variety of sources and evaluate it's applicability to patient care. Small groups of senior medical students under the direction of a multidisciplinary team (behavioral scientist, information specialist, physician) facilitate discussions of clinical articles using checklists designed to evaluate their quality. The central feature of the course is a demonstration of the Cochrane Database of Systematic Reviews (CDSR), an electronic journal distributed by BMJ Publishing, and the requirement that students conduct a literature review on a topic of their choice and present an oral and written summary in the form of a "draft" meta-analysis. Students are provided with strategies to "surf" the Internet/WWW for information, e.g., practice guidelines/treatment protocols, descriptions of on-going clinical trials. A total of 52 students have participated to date. Students have selected project topics across a wide range of medical disciplines, including internal medicine, family practice, OB/GYN, pediatrics, surgery, neurology, emergency medicine, and psychiatry. The course is one of the most favorably evaluated of all senior electives and rated more favorably than the overall mean ratings for all electives combined on 8 of 9 scales, including "Quality of course overall" (4.39 vs. 3.92 on 5-point scale). PMID:9357708
Norjihan Abdul Ghani; Harihodin Selamat; Zailani Mohamed Sidek
The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only tho...
LONG Tao; HONG Fan; WU Chi; SUN Ling-li
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.
Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon
Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.
Peng, Xue-hai; Lin, Chuang
Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.
Kleiner, Eldar; Newcomb, Tom
An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisation of access control presented a model and a safety specification for which satisfaction is undecida...
Kiilerich Pratas, Nuno; Thomsen, Henning; Popovski, Petar
In this chapter, we describe and discuss the current LTE random access procedure and the Radio Access Network Load Control solution within LTE/LTE-A. We provide an overview of the several considered load control solutions and give a detailed description of the standardized Extended Access Class...... Barring solution. We then provide a brief overview of the Load Control solutions provided by the Enhanced Packet Core (EPC) Network and how they intertwine with the Extended Access Barring at the Enhanced Universal Terrestrial Radio Access Network (E-UTRAN). We also provide an outlook on the current 3GPP...... efforts in regards to MTC related load control issues....
Full Text Available SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1 role name conflicts (2 cross-level management (3 the isomerism of tenants' access control (4 temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.
Saffarian, Mohsen; Sadighi, Babak
Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based admin
Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew
This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an a
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13, 2012... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15, 2012... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from 9... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Second Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21, 2013... Federal Aviation Administration Nineteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28, 2012... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10, 2013... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security...
Magableh, Amer M.
Femtocells can be employed in cellular systems to enhance the indoor coverage, especially in the areas with high capacity growing demands and high traffic rates. In this paper, we propose an efficient resource utilization protocol, named as shared access protocol (SAP), to enable the unauthorized macrocell user equipment to communicate with partially closed-access femtocell base station to improve and enhance the system performance. The system model considers a femtocell that is equipped with a total of N separated antennas or channels to multiplex independent traffic. Then, a set of N1 channels is used for closed access only by the authorized users, and the remaining set of channel resources can be used for open access by either authorized or unauthorized users upon their demands and spatial locations. For this system model, we obtain the signal-to-interference ratio characteristics, such as the distribution and the moment generating function, in closed forms for two fading models of indoor and outdoor environments. The signal-tointerference ratio statistics are then used to derive some important performance measures of the proposed SAP in closed form, such as the average bit error rate, outage probability, and average channel capacity for the two fading models under consideration. Numerical results for the obtained expressions are provided and supported by Monte Carlo simulations to validate the analytical development and study the effectiveness of the proposed SAP under different conditions. Copyright © 2012 John Wiley and Sons, Ltd.
Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang
A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.
Full Text Available In Internet of Things, computing and processing of information is the core supporting. In this paper, we introduce “Service-Oriented Computing” to solve the computing and processing of information in IoT. However, a key challenge in service-oriented environment is the design of effective access control schemas.We put forward a model of Workflow -oriented Attributed Based Access Control (WABAC, and an access control framework based on WABAC model. WABAC model grants and adapts permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;
Flexibility is an important property for general access control system and especially in the Internet of Things (IoT), which can be achieved by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has...... no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...
Pitts, Lee; McNair, Ann R. (Technical Monitor)
The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.
Affine connection control systems are mechanical control systems that model a wide range of real systems such as robotic legs, hovercrafts, planar rigid bodies, rolling pennies, snakeboards and so on. In 1997 the accessibility and a particular notion of controllability was intrinsically described by A. D. Lewis and R. Murray at points of zero velocity. Here, we present a novel generalization of the description of accessibility algebra for those systems at some points with nonzero velocity as long as the affine connection restricts to the distribution given by the symmetric closure. The results are used to describe the accessibility algebra of different mechanical control systems.
OUYANG Kai; ZHOU Jing-li; XIA Tao; YU Sheng-sheng
With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the internal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that ifone vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem.To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC-the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC's constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...... to complexity and dynamics of device identities. ICAC is implemented for 802.11 and results shows that ICAC has less scalability issues and better performance analysis compared with other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against...
Wu, Guowei; Xia, Feng; Yao, Lin
Access control is an issue of paramount importance in cyber-physical systems (CPS). In this paper, an access control scheme, namely FEAC, is presented for CPS. FEAC can not only provide the ability to control access to data in normal situations, but also adaptively assign emergency-role and permissions to specific subjects and inform subjects without explicit access requests to handle emergency situations in a proactive manner. In FEAC, emergency-group and emergency-dependency are introduced. Emergencies are processed in sequence within the group and in parallel among groups. A priority and dependency model called PD-AGM is used to select optimal response-action execution path aiming to eliminate all emergencies that occurred within the system. Fault-tolerant access control polices are used to address failure in emergency management. A case study of the hospital medical care application shows the effectiveness of FEAC.
Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew
Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...
P. L. Wessels
Full Text Available One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.
Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres
new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....
Full Text Available As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. The proposed model is a context-centric access control solutions, context is the first-class principle that explicitly guides both policy specification and enforcement process. In order to handle context information in the model, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. As well as, this paper specifies access control policies as rules over ontologies representing the concepts introduced in the SCBAC model, and uses semantic web rule language (SWRL to form policy rule and infer those rules by JESS inference engine. The proposed model can also be applied to context-aware applications.
Discusses the problems of access to information in a machine-sensible environment, and the potential of modern library techniques to help in solving them. Explains how authors and publishers can make information more accessible by providing indexing information that uses controlled vocabulary, terms from a thesaurus, or other linguistic assistance…
This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad
Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;
In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...
Large Hadron Collider (LHC) is the largest scientific instrument ever created. It was built with the intention of testing the most extreme conditions of the matter. Taking into account the significant dangers of LHC operations, European Organization for Nuclear Research (CERN) has developed multi-pronged approach for machine safety, including access control system. This system is based on role-based access control (RBAC) concept. It was designed to protect from accidental and unauthorized access to the LHC and injector equipment. This paper introduces the new model of the role-based access control developed at CERN and gives detailed mathematical description of it. We propose a new technique called dynamic authorization that allows deploying RBAC gradually in the large systems. Moreover, we show how the protection for the very large distributed equipment control system may be implemented in efficient way. This paper also describes motivation of the project, requirements and overview of the main components: au...
In this thesis we wanted to present the project that was made for a smaller hotel in Nova Gorica. The goal was to create an application for managing access control according to customer's wishes as well as to introduce the system into the existent infrastructure. The first step was to define what access control actually means. In broad terms it is divided into RFID – radio-frequency identification and biometric identification. Both have their strengths and their weaknesses. Next step was choo...
XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying
Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.
Pang, Jun; Zhang, Yang
The popularity of online social networks (OSNs) makes the protection of users' private information an important but scientifically challenging problem. In the literature, relationship-based access control schemes have been proposed to address this problem. However, with the dynamic developments of OSNs, we identify new access control requirements which cannot be fully captured by the current schemes. In this paper, we focus on public information in OSNs and treat it as a new dimension which u...
Full Text Available Providing access control for published XML documents on the Web is an important topic. It involves the use of cryptographic techniques, addressing different requirements and, as a result, facing several challenges. Existing solutions still have some weaknesses such as system update cost, number of required secret encryption/decryption keys, size of encrypted document and supporting temporal and delegable access. This study propose a push--based access control policy enforcement mechanism for addressing these issues using a Dynamic Key Management Table (DKMT and based on Identity Based Encryption (IBE. The proposed mechanism addresses the existing challenges and provides a more acceptable solution.
Teune, Ronald; Roy, Rajeev; Etten, van Wim
An implementation of control and management for a reconfigurable photonic access network is presented. An out of band control channel is used on which an IP communication is established to communicate with remote elements. A Headend based master controller communicates with a far end embedded proces
... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... establish, document, and maintain a system of risk management controls and supervisory procedures that... develop, test, and implement the relevant risk management controls and supervisory procedures...
... Exchange Commission 17 CFR Part 240 Risk Management Controls for Brokers or Dealers With Market Access... Regulations#0;#0; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls.... The required financial risk management controls and supervisory procedures must be reasonably...
Ruj, Sushmita; Stojmenovic, Ivan
We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The ac...
Full Text Available Role Based Access Control is very useful for providing a high level description of access control for organizational applications. This paper proposes a role based framework that deals with security problems in an intranet environment. The proposed framework protects intranet resources from unauthorized users. The salient feature of the framework is that it allows intranet users to access only authorized resources. It consists of two kinds of role hierarchies: global role hierarchy and local role hierarchy, and two levels of permissions: server permission and object permission. They simplify the way of structuring authority and responsibility in the whole intranet and the allocation of privileges for different objects within a particular server. The proposed framework is implemented over Windows platform and tested for the validity. The test results indicated that it can successfully be used to control accessing network objects.
Bekara, Kheira; Laurent, Maryline; Nguyen, Than Ha
Until today, the protection of personal data is mainly left to the legislation by means of guidelines. This paper aims to increase the perceived control by users over their data by helping the user's agent to check the service requests conformity to the legislation. To do so, it discusses the main concepts involved in the legislative privacy principles, and deduces a privacy semantic information model. The proposed model focuses on the main concepts involved in legislative privacy principles....
Full Text Available This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical.
夏春涛; 杨艳丽; 曹利峰
为解决Web Services访问控制问题,分析了传统访问控制模型在Web Services应用中的不足,给出了面向Web Services 的基于属性的访问控制模型ABAC(Attribute Based Access Control)的定义,设计了ABAC访问控制架构,并利用可扩展的访问控制标记语言XACML( eXtensible Access Control Markup Language)实现了细粒度的Web Services访问控制系统.系统的应用有效保护了Web Services资源.%To deal with access control for web services, the problem of application of traditional access control model in web services is analysed, then the definition of web services-oriented attribute-based access control ( ABAC) model is presented, and the architecture of ABAC is designed. Furthermore, the fine-grained access control system for web services is implemented with XACML, the application of the system has effectively protected the resources of web services.
刘武; 段海新; 张洪; 任萍; 吴建平
访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.
Christensen, Rene Hardam; Santos, Ilmar
Many bladed rotating machines such as helicopters, turbines and compressors are susceptible to blade faults due to vibration problems. Typically, blade vibrations in this kind of machines are suppressed by using passive mechanical components. However, when passive control techniques are not...... a time-variant mathematical model, which presents parametric vibration modes and centrifugal stiffening effects resulting in increasing blade natural frequencies. In this framework the objective and contribution of this paper is to present a methodology for analysing the modal controllability and...
Control (MAC) protocols that are following the receiver-initiated paradigm of asynchronous communication. According to the receiver-initiated paradigm the communication is initiated by the receiver that states its availability to receive data through beacons. The sender is passively listening...... to the channel until it receives the beacon of interest. In this context, the dissertation begins with an in-depth survey of all the receiverinitiated MAC protocols and presents their unique optimization features, which deal with several challenges of the link layer such as mitigation of the energy consumption......-efficient features that aim to adapt the consumed energy to match the harvested energy, distribute the load with respect to the harvested energy, decrease the overhead of the communication, address the requirements for collision avoidance, prioritize urgent traffic and secure the system against beacon replay attacks...
Winkler, Thomas W; Day, Felix R; Croteau-Chonka, Damien C; Wood, Andrew R; Locke, Adam E; Mägi, Reedik; Ferreira, Teresa; Fall, Tove; Graff, Mariaelisa; Justice, Anne E; Luan, Jian'an; Gustafsson, Stefan; Randall, Joshua C; Vedantam, Sailaja; Workalemahu, Tsegaselassie; Kilpeläinen, Tuomas O; Scherag, André; Esko, Tonu; Kutalik, Zoltán; Heid, Iris M; Loos, Ruth J F; Wolffenbuttel, Bruce
Rigorous organization and quality control (QC) are necessary to facilitate successful genome-wide association meta-analyses (GWAMAs) of statistics aggregated across multiple genome-wide association studies. This protocol provides guidelines for (i) organizational aspects of GWAMAs, and for (ii) QC a
Winkler, Thomas W; Day, Felix R; Croteau-Chonka, Damien C;
Rigorous organization and quality control (QC) are necessary to facilitate successful genome-wide association meta-analyses (GWAMAs) of statistics aggregated across multiple genome-wide association studies. This protocol provides guidelines for (i) organizational aspects of GWAMAs, and for (ii) Q...
Wang Xiaoming; Cheng Fan
A group-oriented access control scheme is proposed for P2P (peer to peer) networks. In the proposed scheme, authentication control, admission control and revocation control are used in order to provide security services for P2P networks. Moreover, the proposed scheme can simply and efficient establish share key between two members without interactions, therefore it can perform secure communications with them. The analysis of security and performance shows that the proposed scheme not only can...
Full Text Available Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. According to our analysis, Jing et al.’s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.
Eskeland, Sigurd; Prasad, Neeli R.
Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered...... to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover......, the hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....
Eskeland, Sigurd; Prasad, Neeli R.
property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover, the......Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered to be the...... hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....
The paper explores the effect of unrestricted access to the birth control pill on young people’s career plans, using annual surveys of college freshmen from 1968 to 1980. In particular it addresses the question of who was affected by the introduction of the birth control pill by looking at career...... access to the pill is found to be on non-white students, both among men and women. The paper uses Census Data to compare the changes in career plans to actual changes in labor market outcomes. When looking at the actual career outcomes, early access to the pill affects both men and women - shifting...... plans of both men and women, and by separating the effect by level of academic ability, race and family income. The results show that unrestricted access to the pill caused high ability women to move towards occupations with higher wages, higher occupational prestige scores and higher male ratios...
Boniface K. Alese
Full Text Available The evolving realities of Wireless Sensor Network (WSN deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.
Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman
Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data.
Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman
Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data. PMID:24109934
Liu, Hong; Gliese, Ulrik Bo; Dittmann, Lars
In this paper, we propose a hybrid medium access control protocol for supporting broadband integrated services in the wireless ATM networks. The integrated services include CBR, VBR and ABR traffic varying from low bit-rate to very high bit-rate. The proposed protocol is an excellent compromise...... of contention, reservation and polling access techniques based on the dynamic TDMA system. Extensive simulation results using realistic data traffic sources, show that the proposed medium access scheme may provide QoS guarantees to different ATM traffic including the realistic MPEG video traces with low cell...
Paramanathan, Achuthan; Pahlevani, Peyman; Roetter, Daniel Enrique Lucani;
This paper advocates for a new Medium Access Control (MAC) strategy for wireless meshed networks by identifying overload scenarios in order to provide additional channel access priority to the relay. The key behind our MAC protocol is that the relay will adjust its back off window size according...... that network coding will improve the throughput in such systems, but our novel medium access scheme improves the performance in the cross topology by another 66 % for network coding and 150 % for classical forwarding in theory. These gains translate in a theoretical gain of 33 % of network coding over...
Foerster, Carl A.
The application of access controls on internal information necessarily impacts the availability of that information for sharing inside the enterprise. The decisions establishing the degree of control are a crucial first step to balance the requirements to protect and share. This research develops a set of basic decision factors and examines other…
Preuveneers, Davy; Joosen, Wouter
The exponential data growth in intelligent environments fueled by the Internet of Things is not only a major push behind distributed programming frameworks for big data, it also magnifies security and privacy concerns about unauthorized access to data. The huge diversity and the streaming nature of data raises the demand for new enabling technologies for scalable access control that can deal with the growing velocity, volume and variety of volatile data. This paper presents SparkXS, ...
Raimundas Matulevičius; Henri Lakk
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering app...
Full Text Available Within the challenging environment of intelligent transportation systems (ITS, networked control systems such as platooning guidance of autonomous vehicles require innovative mechanisms to provide real-time communications. Although several proposals are currently under discussion, the design of a rapid, efficient, flexible, and reliable medium access control mechanism which meets the specific constraints of such real-time communications applications remains unsolved in this highly dynamic environment. However, cognitive radio (CR combines the capacity to sense the radio spectrum with the flexibility to adapt to transmission parameters in order to maximize system performance and has thus become an effective approach for the design of dynamic spectrum access (DSA mechanisms. This paper presents the enhanced noncooperative cognitive division multiple access (ENCCMA proposal combining time division multiple access (TDMA and frequency division multiple access (FDMA schemes with CR techniques to obtain a mechanism fulfilling the requirements of real-time communications. The analysis presented here considers the IEEE WAVE and 802.11p as reference standards; however, the proposed medium access control (MAC mechanism can be adapted to operate on the physical layer of different standards. The mechanism also offers the advantage of avoiding signaling, thus enhancing system autonomy as well as behavior in adverse scenarios.
Motta, Gustavo H.; Furuie, Sergio S.
Designing proper models for authorization and access control for the electronic patient record (EPR) is essential to wide scale use of the EPR in large health organizations. This work presents MAAC (Middleware for Authentication and Access Control), a tool that implements a contextual role-based access control (RBAC) authorization model. RBAC regulates user"s access to computers resources based on their organizational roles. A contextual authorization uses environmental information available at access-request time, like user/patient relationship, in order to decide whether a user has the right to access an EPR resource. The software architecture where MAAC is implemented uses Lightweight Directory Access Protocol, Java programming language and the CORBA/OMG standards CORBA Security Service and Resource Access Decision Facility. With those open and distributed standards, heterogeneous EPR components can request user authentication and access authorization services in a unified and consistent fashion across multiple platforms.
Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;
Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... the Capability-based Context Aware Access Control (CCAAC) model including the authority delegation method, along with specification and protocol evaluation intended for federated Machine-to-Machine (M2M)/IoT. By using the identity and capability-based access control approach together with the contextual...
ZHANG Shaomin; WANG Baoyi; ZHOU Lihua
PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
Nagarajan, Anand; Jensen, Christian D.
The electrical power infrastructure is facing a transition from a largely centralised distribution infrastructure with a few large power plants to an increasingly distributed infrastructure that must incorporate privately owned and operated power generation units based on fuel cells or sustainable...... infrastructure in a software domain in a manufacturer independent manner as well as establishing secure communication and authenticating the other parties in electrical power infrastructures, but they do not address the problem of access control. We therefore propose a generic model for access control in wind...... power systems, which is based on the widely used role-based access control model. The proposed model is tested using a prototype designed in conformance with the standards that are in use in modern wind power infrastructure and the results are presented to determine the overhead in communication caused...
Full Text Available A digital certificate based remote data access control scheme is proposed for safe authentication of accessor in wireless sensor network (WSN. The scheme is founded on the access control scheme on the basis of characteristic expression (named CEB scheme. Data is divided by characteristics and the key for encryption is related to characteristic expression. Only the key matching with characteristic expression can decrypt the data. Meanwhile, three distributed certificate detection methods are designed to prevent the certificate from being misappropriated by hostile anonymous users. When a user starts query, the key access control method can judge whether the query is valid. In this case, the scheme can achieve public certificate of users and effectively protect query privacy as well. The security analysis and experiments show that the proposed scheme is superior in communication overhead, storage overhead, and detection probability.
Full Text Available The most important standard in wireless local area networks is IEEE 802.11. This is why much of the research work for the enhancement of wireless network is usually based on the behavior of IEEE 802.11 protocol. However, some of the ways in which IEEE 802.11 medium access control layer behaves is still unreliable to guarantee quality of service. For instance , medium access control layer packet delay, jitter and packet loss rate still remain a challenge. The main objective of this research is to propose an accurate estimation of the medium access control layer packet delay distribution for IEEE 802.11. This estimation considers the differences between busy probability and collision probability. These differences are employed to achieve a mo re accurate estimation. Finally, the proposed model and simulation are implemented and validated - using MATLAB program for the purpose of simulation, and Maple program to undertake the calculation of the equations.
Bian, Kaigui; Gao, Bo
This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing. From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources. Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems. • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...
韩伟力; 陈刚; 尹建伟; 董金祥
Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule-based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-oriented product data management (PDM) system.
韩伟力; 陈刚; 尹建伟; 董金祥
Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.
In this paper, an extended version of standard susceptible-infected (SI) model is proposed to consider the influence of a medium access control mechanism on virus spreading in wireless sensor networks. Theoretical analysis shows that the medium access control mechanism obviously reduces the density of infected nodes in the networks, which has been ignored in previous studies. It is also found that by increasing the network node density or node communication radius greatly increases the number of infected nodes. The theoretical results are confirmed by numerical simulations. (general)
A new medium access control method is proposed over the predominant Ethernet broadcast channel. Taking advantages of intrinsic variable length characteristic of standard Ethernet frame, message-oriented dynamic priority mechanism is established. Prioritized medium access control operates under a so-called block mode in event of collisions.High priority messages have a chance to preempt block status incurred by low priority ones. By this means, the new MAC provides a conditional deterministic real time performance beyond a statistical one. Experiments demonstrate effectiveness and attractiveness of the proposed scheme. Moreover, this new MAC is completely compatible with IEEE802.3.
Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin
This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...
Ahmed N. U.
Full Text Available We consider optimum feedback control strategy for computer communication network, in particular, the access control mechanism. The dynamic model representing the source and the access control system is described by a system of stochastic differential equations developed in our previous works. Simulated annealing (SA was used to optimize the parameters of the control law based on neural network. This technique was found to be computationally intensive. In this paper, we have proposed to use a more powerful algorithm known as recursive random search (RRS. By using this technique, we have been able to reduce the computation time by a factor of five without compromising the optimality. This is very important for optimization of high-dimensional systems serving a large number of aggregate users. The results show that the proposed control law can improve the network performance by improving throughput, reducing multiplexor and TB losses, and relaxing, not avoiding, congestion.
Ahmadi, Mohammad Reza
Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.
Mesay Hailu Dangisso
Full Text Available Background: Despite the expansion of health services and community-based interventions in Ethiopia, limited evidence exists about the distribution of and access to health facilities and their relationship with the performance of tuberculosis (TB control programmes. We aim to assess the geographical distribution of and physical accessibility to TB control services and their relationship with TB case notification rates (CNRs and treatment outcome in the Sidama Zone, southern Ethiopia. Design: We carried out an ecological study to assess physical accessibility to TB control facilities and the association of physical accessibility with TB CNRs and treatment outcome. We collected smear-positive pulmonary TB (PTB cases treated during 2003–2012 from unit TB registers and TB service data such as availability of basic supplies for TB control and geographic locations of health services. We used ArcGIS 10.2 to measure the distance from each enumeration location to the nearest TB control facilities. A linear regression analysis was employed to assess factors associated with TB CNRs and treatment outcome. Results: Over a decade the health service coverage (the health facility–to-population ratio increased by 36% and the accessibility to TB control facilities also improved. Thus, the mean distance from TB control services was 7.6 km in 2003 (ranging from 1.8 to 25.5 km between kebeles (the smallest administrative units and had decreased to 3.2 km in 2012 (ranging from 1.5 to 12.4 km. In multivariate linear regression, as distance from TB diagnostic facilities (b-estimate=−0.25, p<0.001 and altitude (b-estimate=−0.31, p<0.001 increased, the CNRs of TB decreased, whereas a higher population density was associated with increased TB CNRs. Similarly, distance to TB control facilities (b-estimate=−0.27, p<0.001 and altitude (b-estimate=−0.30, p<0.001 were inversely associated with treatment success (proportion of treatment completed or cured cases
Stefan Victor Lefter
Full Text Available With the advent of Radio Frequency Identification technologies or RFID for short, different types of products and security-relevant applications have been developed for use in fields and businesses like: inventory management, product tracking, access control, passports or transport fare collection. Even though RFID has been around for quite some time, there are some types of businesses like theme parks, water parks or music festivals that haven’t yet tested the benefits that this technology brings. This paper focuses on presenting advantages and disadvantages of using an unified access control and electronic wallet system based on RFID cards like MiFare tags as an alternative to existing ticket/currency access and payment systems employed by the majority of the businesses mentioned above.
This paper describes the design, management and development of the new access control system for the Antiproton Deceleration experimental area, called the AD Project. As this project includes all the elements for the industrial evolution of the present access control system it is an ideal test bed for future access systems. The adoption of new technologies and techniques are described, and the benefits and the shortfalls are highlighted. The open redundant architecture solution, based on a PROFIBUS network and standard industrial components (HP-UNIX, Siemens S7 PLC, Siemens Industrial PC, door locks), guarantees reliability, safety and optimal integration. The project team took advantage of the Goal Directed Project Management technique and managed to define a clear and effective strategy.
Jang, Bokman; Jang, Hyokyung; Choi, Euiin
Applications in context-aware computing environment will be connected wireless network and various devices. According to, recklessness access of information resource can make trouble of system. So, access authority management is very important issue both information resource and adapt to system through founding security policy of needed system. But, existing security model is easy of approach to resource through simply user ID and password. This model has a problem that is not concerned about user's environment information. In this paper, propose model of automated context-aware access control using ontology that can more efficiently control about resource through inference and judgment of context information that collect user's information and user's environment context information in order to ontology modeling.
Sánchez-Artigas, Marc; García-López, Pedro
In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.
Korolev I. D.
Full Text Available The accepted model of the access control is realized with the monitor of safety in the protected automated information system. Models of safety are considered, as a rule, as a system which is a single whole and has the uniform monitor of safety. Nevertheless, the architecture of the real automated information systems and processes of their functioning can be characterized by distribution. The distributed automated information system consists more than of one local segment representing isolated set of subjects and objects of access. In the distributed system local segments can be realized both on the basis of discretionary, and on the basis of mandatory models of safety (i.e. to be diverse. One of directions of a safety in this case is realization of the general monitor of the safety providing the uniform (coordinated policy of access control. For safe interaction of patchwork systems it’s necessary to bring them to a single model. Hence, while the integration of information systems the problem of their interaction becomes persistent. Thus in the systems processing the information of a various level of confidentiality, it is necessary to realize mandatory access control. In given clause the mandatory policy of the safety presented by classical model of Bell-LaPadula, is described by the elements of classical model of Harrison-Russo-William. Using the mechanisms of change of a matrix access the opportunity of assignment and change of confidentiality marks is described and the observance of safe practices within the limits of mandatory access control is analyzed. The safety of application of the given approach has been proved. The perspective direction of research has been defined
Multiplexing of bursty sources and refined congestion control strategies are still the subject of numerous research activities. Broadband applications with very high peak-to-mean bitrate ratio and long silence periods like still picture video gave rise to different ideas of rate control at the B-ISDN network access. Contributions on Input Rate Control for source coded traffic as well as on Server Rate Control within a LAN/ATM Interworking Unit have recently been presented. This paper addresses a congestion avoidance strategy at the network access regarding the aggregated traffic of bursty sources. Depending on the number of active sources as well as on certain defined congestion levels the cell rate at the network access is controlled. The proposed analytical approach is based on the model of uniform and continuous arrival and service. The selected underlying Markov chain contains `split' states in order to handle the congestion correlation. The proposed model is extended to an adaptive Non-Markov system where the buffer filling level is evaluated using a switching hysteresis. This type of congestion measurement turns out to be very useful for an adaptive rate control mechanism that guarantees a certain quality of service while still achieving a good statistical gain. The analytical approach is confirmed by results of a computer simulation that is extended to the more complex case of adaptive rate control.
Servetto Sergio D
Full Text Available We consider medium access control (MAC in multihop sensor networks, where only partial information about the shared medium is available to the transmitter. We model our setting as a queuing problem in which the service rate of a queue is a function of a partially observed Markov chain representing the available bandwidth, and in which the arrivals are controlled based on the partial observations so as to keep the system in a desirable mildly unstable regime. The optimal controller for this problem satisfies a separation property: we first compute a probability measure on the state space of the chain, namely the information state, then use this measure as the new state on which the control decisions are based. We give a formal description of the system considered and of its dynamics, we formalize and solve an optimal control problem, and we show numerical simulations to illustrate with concrete examples properties of the optimal control law. We show how the ergodic behavior of our queuing model is characterized by an invariant measure over all possible information states, and we construct that measure. Our results can be specifically applied for designing efficient and stable algorithms for medium access control in multiple-accessed systems, in particular for sensor networks.
Full Text Available At present methods for providing conditional access to restricted resources and applications for permitting personnel, such as military members, government agencies, or first-responders are not available. The conditional access is provided if the user is an authentic user in one of the authorized geographic location and is connected to specific base transceiver stations or base station controllers. In this work we introduce dominions for mobile security, which are designed to provide this conditional access, are adjustable and congenial with mobile cellular systems, and can run even without being connected to a devoted back-end network. The aim of the architecture is to provide users who satisfy specific pre-conditions access to restricted resources and applications to which they otherwise normally would not be granted access. These mobile security dominions not only provide strict security by authenticating the user and the geographic location of the device, but also prevent access to networks or resources outside of authorized areas and restrict unauthorized users.
Pieters, Wolter; Tang, Qiang
According to the Jericho forum, the trend in information security is moving the security perimeter as close to the data as possible. In this context, we suggest the idea of data-based access control, where decryption of data is made possible by knowing enough of the data. Trust is thus based on what
Liu, Changyu; Lu, Bin; Li, Huiling
We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.
Full Text Available We developed an online multimedia event detection (MED system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.
Y. Demchenko; L. Gommans; A. Tokmakoff; R. van Buuren
This paper describes the design and development of a flexible, customer-driven, security infrastructure for Gridbased Collaborative Environments. The paper proposes further development of the access control model built around a service or resource provisioning agreement (e.g., an experiment or proje
Ho, Peter; Zhao, Jennifer H.; Xue, Dayuan
This article argues that if the introduction of genetically modified crops (GM crops) in developing countries is to be successful, we can and should not evade questions of access and control of technology. It implies probing into the experiences, perceptions and understanding of GM crops by the prim
Muhammad Nabeel Tahir
Full Text Available Hierarchical representation is a natural way of organizing roles in role-based access control systems. Besides its advantages of providing a way of establishing parent-child relationships among different roles, it also provides a facility to design and organize context dependant application roles that users may activate depending on their current context (spatial, temporal conditions. In this paper, we show that if spatial roles are organized in hierarchical relationships, it can cause the problem of disambiguation in making access control decisions especially when the user moves from one location to another location frequently in a single transaction and a single session. We extend our work of Contextual Role-Based Access Control (C-RBAC by introducing hierarchical relationship among subject, location and purpose roles and solve the disambiguation problem in hierarchy by considering user motion direction and his/her context roles (spatial and spatial purpose in order to make more fine grained and better access control decisions.
Arakaki, L.H.; Monaco, F.M.
This report contains the guidance Functional Requirements for an Integrated Intrusion Detection and Access Control Annunciator System, and survey results of selected commercial systems. The survey questions were based upon the functional requirements; therefore, the results reflect which and sometimes how the guidance recommendations were met.
Loft, Shayne; Humphreys, Michael S.; Whitney, Susannah J.
Directed forgetting and prospective memory methods were combined to examine differences in the control of memory access. Between studying two lists of target words, participants were either instructed to forget the first list, or to continue remembering the first list. After study participants performed a lexical decision task with an additional…
Hürlimann, Eveline; Schur, Nadine; Boutsika, Konstantina;
for monitoring and evaluation. What is currently missing is a georeferenced global database for NTDs providing open-access to the available survey data that is constantly updated and can be utilized by researchers and disease control managers to support other relevant stakeholders. We describe the steps taken...
Paulsen, M S; Andersen, M; Munck, A P;
OBJECTIVE: Denmark has a health care system with free and equal access to care irrespective of age and socio-economic status (SES). We conducted a cross-sectional study to investigate a possible association between SES and blood pressure (BP) control of hypertensive patients treated in general pr...
... Copyright Office 37 CFR Part 201 Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies AGENCY: Copyright Office, Library of Congress. ACTION: Final Rule; correction. SUMMARY: The Copyright Office makes a nonsubstantial correction to its regulation announcing...
Full Text Available Online social networks are popularized with people to connect friends, share resources etc. Meanwhile, the online social networks always suffer the problem of privacy exposure. The existing methods to prevent exposure are to enforce access control provided by the social network providers or social network users. However, those enforcements are impractical since one of essential goal of social network application is to share updates freely and instantly. To better the security and availability in social network applications, a novel random walking based access control of social network is proposed in this paper. Unlike using explicit attribute based match in the existing schemes, the results from random walking are employed to securely compute L1 distance between two social network users in the presented scheme, which not only avoids the leakage of private attributes, but also enables each social network user to define access control policy independently. The experimental results show that the proposed scheme can facilitate the access control for online social network.
Bolshakov, Kirill; Reshetova, Elena
FreeBSD was one of the first widely deployed free operating systems to provide mandatory access control. It supports a number of classic MAC models. This tutorial paper addresses exploiting this implementation to enforce typical enterprise security policies of varying complexities.
Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and…
Access control mechanisms protect sensitive information from unauthorized users. However, when sensitive information is shared and a Privacy Protection Mechanism (PPM) is not in place, an authorized insider can still compromise the privacy of a person leading to identity disclosure. A PPM can use suppression and generalization to anonymize and…
Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.
The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to b
... violation of section 337 in the infringement of certain patents. 73 FR 75131. The principal respondent was... order. 75 FR 44989-90 (July 30, 2010). The Commission also issued cease and desist orders against those... COMMISSION Certain Semiconductor Chips Having Synchronous Dynamic Random Access Memory Controllers...
... 30 Mineral Resources 3 2010-07-01 2010-07-01 false Use of explosives: Blasting signs, warnings... STANDARDS-SURFACE MINING ACTIVITIES § 816.66 Use of explosives: Blasting signs, warnings, and access control. (a) Blasting signs. Blasting signs shall meet the specifications of § 816.11. The operator shall—...
... 30 Mineral Resources 3 2010-07-01 2010-07-01 false Use of explosives: Blasting signs, warnings... STANDARDS-UNDERGROUND MINING ACTIVITIES § 817.66 Use of explosives: Blasting signs, warnings, and access control. (a) Blasting signs. Blasting signs shall meet the specifications of § 817.11. The operator...
Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen
Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.
This book focuses on various Passive optical networks (PONs) types, including currently deployed Ethernet PON (EPON) and Gigabit PON (GPON) as well as next generation WDM PON and OFDM PON. Also this book examines the integrated optical and wireless access networks. Concentrating on two issues in these networks: media access control (MAC) and resource allocation. These two problems can greatly affect performances of PONs such as network resource utilization and QoS of end users. Finally this book will discuss various solutions to address the MAC and resource allocation issues in various PON networks.
Chen, Zheng; Kountouris, Marios
In this paper, we propose a distributed interference and channel-aware opportunistic access control technique for D2D underlaid cellular networks, in which each potential D2D link is active whenever its estimated signal-to-interference ratio (SIR) is above a predetermined threshold so as to maximize the D2D area spectral efficiency. The objective of our SIR-aware opportunistic access scheme is to provide sufficient coverage probability and to increase the aggregate rate of D2D links by harnes...
Liao, Yu-Ting; Chen, Tzer-Shyong; Chen, Tzer-Long; Chung, Yu-Fang; Chen, Yu- Xin; Hwang, Jen-Hung; Wang, Huihui; Wei, Wei
This study is showing the advantage of mobile agents to conquer heterogeneous system environments and contribute to a virtual integrated sharing system. Mobile agents will collect medical information from each medical institution as a method to achieve the medical purpose of data sharing. Besides, this research also provides an access control and key management mechanism by adopting Public key cryptography and Lagrange interpolation. The safety analysis of the system is based on a network attacker's perspective. The achievement of this study tries to improve the medical quality, prevent wasting medical resources and make medical resources access to appropriate configuration.
J. Matias; E. Jacob; Y. Demchenko; C. de Laat; L. Gommans
Neutral Access Networks (NAN) have appeared as a new model to overcome some restrictions and lack of flexibility that are present currently in broadband access networks. NAN brings new business opportunities by opening this market to new stakeholders. Although the NAN model is accepted, there are so
Full Text Available Cloud computing is a general term anything that involves delivering hosted services, Anything as a Service (AaaS, over the web on demand basis. It uses the web and central remote servers to maintain data and applications. The lack of confidence in trusting information flow(users data are usually processes remotely in unknown machines that do not owned or operated by user in cloud has become common, as users fears of losing control of their own data (like personal, professional, financial, Health. In this approach, a secured cloud storage system that achieves policy-based access control is proposed with an information accountability cloud framework to keep track of the actual usage of the clients data.The access policy generated for the file controls the file accesses and policy revocation makes the file permanently inaccessible. The system is built upon a set of cryptographic key operations that are self- maintained by a set of key managers and adds security features. The access details of the data are logged and auditing also performed.
YU Yi-fan; YIN Chang-chuan; YUE Guang-xin
Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%～80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.
Zhao Guoqing; Zhao Qijun
Numerical simulations are performed to investigate the effects of synthetic jet control on separation and stall over rotor airfoils. The preconditioned and unsteady Reynolds-averaged Navier-Stokes equations coupled with akxshear stream transport turbulence model are employed to accomplish the flowfield simulation of rotor airfoils under jet control. Additionally, a velocity boundary condition modeled by a sinusoidal function is developed to fulfill the perturba-tion effect of periodic jets. The validity of the present CFD procedure is evaluated by the simulated results of an isolated synthetic jet and the jet control case for airfoil NACA0015. Then, parametric analyses are conducted specifically for an OA213 rotor airfoil to investigate the effects of jet param-eters (forcing frequency, jet location and momentum coefficient, jet direction, and distribution of jet arrays) on the control effect of the aerodynamic characteristics of a rotor airfoil. Preliminary results indicate that the efficiency of jet control can be improved with specific frequencies (the best lift-drag ratio at F+=2.0) and jet angles (40? or 75?) when the jets are located near the separation point of the rotor airfoil. Furthermore, as a result of a suitable combination of jet arrays, the lift coefficient of the airfoil can be improved by nearly 100%, and the corresponding drag coefficient decreased by 26.5%in comparison with the single point control case.
Full Text Available Numerical simulations are performed to investigate the effects of synthetic jet control on separation and stall over rotor airfoils. The preconditioned and unsteady Reynolds-averaged Navier–Stokes equations coupled with a k − ω shear stream transport turbulence model are employed to accomplish the flowfield simulation of rotor airfoils under jet control. Additionally, a velocity boundary condition modeled by a sinusoidal function is developed to fulfill the perturbation effect of periodic jets. The validity of the present CFD procedure is evaluated by the simulated results of an isolated synthetic jet and the jet control case for airfoil NACA0015. Then, parametric analyses are conducted specifically for an OA213 rotor airfoil to investigate the effects of jet parameters (forcing frequency, jet location and momentum coefficient, jet direction, and distribution of jet arrays on the control effect of the aerodynamic characteristics of a rotor airfoil. Preliminary results indicate that the efficiency of jet control can be improved with specific frequencies (the best lift-drag ratio at F+ = 2.0 and jet angles (40° or 75° when the jets are located near the separation point of the rotor airfoil. Furthermore, as a result of a suitable combination of jet arrays, the lift coefficient of the airfoil can be improved by nearly 100%, and the corresponding drag coefficient decreased by 26.5% in comparison with the single point control case.
Lai, Lifeng; Jiang, Hai; Poor, H Vincent
The design of medium access control protocols for a cognitive user wishing to opportunistically exploit frequency bands within parts of the radio spectrum having multiple bands is considered. In the scenario under consideration, the availability probability of each channel is unknown a priori to the cognitive user. Hence efficient medium access strategies must strike a balance between exploring the availability of channels and exploiting the opportunities identified thus far. Using a sequential design approach, an optimal medium access strategy is derived. To avoid the prohibitive computational complexity of this optimal strategy, a low complexity asymptotically optimal strategy is also developed. The proposed strategy does not require any prior statistical knowledge about the traffic pattern on the different channels.
... HUMAN SERVICES Food and Drug Administration Meta-Analyses of Randomized Controlled Clinical Trials (RCTs... scientific approaches for the conduct and assessment of meta-analyses of randomized controlled clinical trials (RCTs) to evaluate safety risks associated with the use of human drugs or biological...
Meng, Qingliang; Yang, Tao; Li, Chunlin
As one of the key units of space CCD camera, the temperature range and stability of CCD components affect the image's indexes. Reasonable thermal design and robust thermal control devices are needed. One kind of temperature control loop heat pipe (TCLHP) is designed, which highly meets the thermal control requirements of CCD components. In order to study the dynamic behaviors of heat and mass transfer of TCLHP, particularly in the orbital flight case, a transient numerical model is developed by using the well-established empirical correlations for flow models within three dimensional thermal modeling. The temperature control principle and details of mathematical model are presented. The model is used to study operating state, flow and heat characteristics based upon the analyses of variations of temperature, pressure and quality under different operating modes and external heat flux variations. The results indicate that TCLHP can satisfy the thermal control requirements of CCD components well, and always ensure good temperature stability and uniformity. By comparison between flight data and simulated results, it is found that the model is to be accurate to within 1°C. The model can be better used for predicting and understanding the transient performance of TCLHP.
Full Text Available The smart grid (SG is a promising platform for providing more reliable, efficient, and cost effective electricity to the consumers in a secure manner. Numerous initiatives across the globe are taken by both industry and academia in order to compile various security issues in the smart grid network. Unfortunately, there is no impactful survey paper available in the literature on authentications in the smart grid network. Therefore, this paper addresses the required objectives of an authentication protocol in the smart grid network along with the focus on mutual authentication, access control, and secure integration among different SG components. We review the existing authentication protocols, and analyze mutual authentication, privacy, trust, integrity, and confidentiality of communicating information in the smart grid network. We review authentications between the communicated entities in the smart grid, such as smart appliance, smart meter, energy provider, control center (CC, and home/building/neighborhood area network gateways (GW. We also review the existing authentication schemes for the vehicle-to-grid (V2G communication network along with various available secure integration and access control schemes. We also discuss the importance of the mutual authentication among SG entities while providing confidentiality and privacy preservation, seamless integration, and required access control with lower overhead, cost, and delay. This paper will help to provide a better understanding of current authentication, authorization, and secure integration issues in the smart grid network and directions to create interest among researchers to further explore these promising areas.
葛维进; 胡晓惠; 邓勇
The access control model presented with eXtensible Access Control Markup Language (XACML) is the latest and most advanced access control model in service-oriented architecture. However, it does not address how to preserve the privacy of sensitive attributes and policies, which limits the promotion value of this standard. In light of this issue, in this paper we propose that to extend XACML access control model with hidden credential technology, which preserves the privacy of sensitive attributes and policies on both interactive sides, so that the automated trust negotiation based on XACML access control model is achieved. Meanwhile, the organisation method and approach for confidential policy in XACML standard is also depicted in this paper. At the end of the paper the safety of the extended access control model is analysed, and it is proven that the model can run well against various types of general distributed attacks.%XACML访问控制模型在SOA体系中,属于最新最先进的访问控制模型,但它却没有涉及对敏感属性及敏感策略的保护,这限制了该标准的推广价值.针对这一问题,提出了利用隐藏证书技术来扩展XACML访问控制模型,以提供对交互双方敏感属性及策略的保护,从而实现了基于XACML访问控制模型的自动信任协商.描述了如何使用XACML标准进行敏感策略的组织方式及方法,分析了扩展模型的安全性,证明了扩展模型可以抵御各类常规的分布式攻击.
Wilke, Marko; Rose, Douglas F; Holland, Scott K; Leach, James L
Automated morphometric approaches are used to detect epileptogenic structural abnormalities in 3D MR images in adults, using the variance of a control population to obtain z-score maps in an individual patient. Due to the substantial changes the developing human brain undergoes, performing such analyses in children is challenging. This study investigated six features derived from high-resolution T1 datasets in four groups: normal children (1.5T or 3T data), normal clinical scans (3T data), and patients with structural brain lesions (3T data), with each n = 10. Normative control data were obtained from the NIH study on normal brain development (n = 401). We show that control group size substantially influences the captured variance, directly impacting the patient's z-scores. Interestingly, matching on gender does not seem to be beneficial, which was unexpected. Using data obtained at higher field scanners produces slightly different base rates of suprathreshold voxels, as does using clinically derived normal studies, suggesting a subtle but systematic effect of both factors. Two approaches for controlling suprathreshold voxels in a multidimensional approach (combining features and requiring a minimum cluster size) were shown to be substantial and effective in reducing this number. Finally, specific strengths and limitations of such an approach could be demonstrated in individual cases. PMID:25050423
Palma, Daniel; Agudo, Juan Enrique; Sánchez, Héctor; Macías, Miguel Macías
The Internet of Things is one of the ideas that has become increasingly relevant in recent years. It involves connecting things to the Internet in order to retrieve information from them at any time and from anywhere. In the Internet of Things, sensor networks that exchange information wirelessly via Wi-Fi, Bluetooth, Zigbee or RF are common. In this sense, our paper presents a way in which each classroom control is accessed through Near Field Communication (NFC) and the information is shared via radio frequency. These data are published on the Web and could easily be used for building applications from the data collected. As a result, our application collects information from the classroom to create a control classroom tool that displays access to and the status of all the classrooms graphically and also connects this data with social networks.
A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority will be awa...... will be awaiting, i.e. no further data items are transmitted with that priority, until all lower, non-awaiting priorities have had one or more data items transmitted to the shared resource. In this manner, guarantees services may be obtained for all priorities.......A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority...
ZHANG Yanling; SUN Xianpu; LI Jiandong
This study proposes a new multiple access control protocol named distributed synchronous reservation multiple access control protocol.in which the hidden and exposed terminal problems are solved,and the quality of service(QoS)requirements for real-time traffic are guaranteed.The protocol is founded on time division multiplex address and a different type of traffic is assigned to difierent priority,according to which a node should compete for and reserve the free slots in a different method.Moreover,there is a reservation acknowledgement process before data transmit in each reserved slot,so that the intruded terminal problem is solved.The throughput and average packets drop probability of this protocol are analyzed and simulated in a fully connected network.the results of which indicate that this protocol is efficient enough to support the real-time traffic.and it is more suitable to MANETs.
Full Text Available Nowadays, the concept of big data grows incessantly; recent researches proved that 90% of the whole data existed on the web had been created in last two years. However, this growing bumped by many critical challenges resides generally in security level; the users care about how could providers protect their privacy on their data. Access control, cryptography, and deidentification are the main search areas grouped under a specific domain known as Privacy Preserving Data Publishing. In this paper, we bring in suggestion a new model for access control over big data using digital signature and confidence interval; we first introduce our work by presenting some general concepts used to build our approach then presenting the idea of this report and finally we evaluate our system by conducting several experiments and showing and discussing the results that we got.
Full Text Available Aiming at three kinds of Internet-based system quality problems, which is performance, liability and security, the paper proposes a kind of test template during multi-user login and resource access control, which includes test requirement, login script, role-resource correlating and mutation test technique. Some Internet-based systems are tested and diagnosed by automation test technique of test template. At last, system quality can be verified and improved through the realization mechanism of test template.
Amine RAHMANI; Amine, Abdelmalek; Mohamed Reda HAMOU
Nowadays, the concept of big data grows incessantly; recent researches proved that 90% of the whole data existed on the web had been created in last two years. However, this growing bumped by many critical challenges resides generally in security level; the users care about how could providers protect their privacy on their data. Access control, cryptography, and deidentification are the main search areas grouped under a specific domain known as Privacy Preserving Data Publishi...
Asim, Muhammad; Ignatenko, Tanya; Petkovic, Milan; Trivellato, Daniel; Zannone, Nicola
Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hierarchical attribute-based encryption (D-HABE) scheme that allows the insti...
Olusegun Folorunso; Olusegun Afeez Mustapha
Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC) strategy and fuzzy-expert systems was used to enhance the qu...
Abdul Razaque; Elleithy, Khaled M.
This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC) for wireless sensor networks (WSNs), which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols,...
R. Murugan; Shanmugam, A.
Problem statement: In Mobile Ad hoc Network (MANET), both the routing layer and the Medium Access Control (MAC) layer are vulnerable to several attacks. There are very few techniques to detect and isolate the attacks of both these layers simultaneously. In this study, we developed a combined solution for routing and MAC layer attacks. Approach: Our approach, makes use of three techniques simultaneously which consists of a cumulative frequency based detection technique for&...
Reinhold, Lilli; Reinhardt, Katja
In this presentation, the mycotoxin levels-as analysed by the analytical centre for mycotoxin surveillance of the state food laboratory (LAVES Braunschweig)-for approximately 500 food samples are reported. The samples were collected in the year 2009 at retail in the German federal state of Lower Saxony. Aflatoxin and ochratoxin A were analysed in dried fruits, spices, cereals and tree nuts. Ochratoxin A was detected in all samples of dried vine fruits, at levels up to 8.1 μg/kg. Aflatoxins and ochratoxin A were also found in nutmeg and curry powder: the maximum regulatory levels for aflatoxins were exceeded in 25% of the nutmeg samples. Nearly all samples of basmati rice contained aflatoxins, although at levels below the maximum regulatory level in all but one sample. Aflatoxins were also detected in about 50% of hazelnut samples, in 20% of the samples the maximum levels was exceeded (maximum 23.2 μg/kg). In contrast, aflatoxin contents in pistachios were surprisingly low. Fusarium toxins were analysed in cereals and cereal products such as flour, bread, and pasta. Deoxynivalenol (DON) was the predominant toxin found in these samples: DON was found in about 40% of the samples, although the maximum levels were not exceeded (max. 418 μg/kg). Fumonisins (FBs) and zearalenone (ZEA) were specifically analysed in maize products (snacks, flour and oil). Most of these samples (80%) were positive, but at levels not exceeding the maximum levels. Maximum levels were 98 μg/kg (ZEA) and 577 μg/kg (sum of FB1 and FB2). Ergot alkaloids (six major alkaloids) were analysed in rye flour, and approximately 50% were positive. The highest concentration of ergot alkaloids was 1,063 μg/kg; the predominant alkaloids were ergotamine and ergocristine. In conclusion, the results indicate that continuous and efficient control measures for mycotoxins in a wide range of critical foods are necessary to ensure compliance with maximum levels. Although the mycotoxin levels in the vast
Gispen, Marie Elske C
The world is confronted with a major public health deficit caused by poor access to controlled essential medicines under the international drug control framework. This is affecting millions of patients on a daily basis and resulting in numerous human rights violations. The present review contextualises this deficit from a human rights perspective. Drug control efforts are informed by a twofold objective stemming from the double nature of scheduled substances: free access for medical purposes should be ensured, though non-medical use of substances such as opium should be restricted. The international drug control framework is, in theory, based on this twofold notion, however at the level of interpretation, monitoring, and implementation, a one-sided emphasis is demonstrated. By tracing a parallel between the obligations of states under the international drug control framework and those that derive from human rights law, the review shows that the two systems seem incoherent and conflicting in nature and flags the importance of cross-disciplinary research into drug control and human rights.
Jagadeesh Chandra A.P
Full Text Available Internet has revolutionized the way in which the information is delivered. Laboratory based courses play an important role in technical education. Automation is changing the nature of these laboratories and the system designer’s focus on Internet accessed experiments owing to the availability of several tools to integrate electronic and mechanical hardware with the World Wide Web. Stand-alone approaches in remote learning have grown tremendously in the recent years. One of the important components in remote experimentation is the integration of Virtual Instruments to perform real hardware tasks in near real-time. The paper describes a web interface to the electrical hardware and integration of LabVIEW Virtual Instruments to the remote access and control of DC Drives. Customized electrical hardware serves as the web interface, supporting various features to remotely control and measure the parameters of the electrical machine. Novel techniques have been used to interface a low power data acquisition system with the DC machine driven by the AC power supply. The system uses the client-server architecture to access the web page of the Virtual Instruments through web browser. The developed system imitates the real control of experiment hardware, but being operated remotely through Internet.
Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly
Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen
Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care. PMID:22732236
This report documents the accident analyses and nuclear safety control options for use in Revision 7 of HNF-SD-WM-SAR-062, ''K Basins Safety Analysis Report'' and Revision 4 of HNF-SD-SNF-TSR-001, ''Technical Safety Requirements - 100 KE and 100 KW Fuel Storage Basins''. These documents will define the authorization basis for Sludge Water System (SWS) operations. This report follows the guidance of DOE-STD-3009-94, ''Preparation Guide for US. Department of Energy Nonreactor Nuclear Facility Safety Analysis Reports'', for calculating onsite and offsite consequences. The accident analysis summary is shown in Table ES-1 below. While this document describes and discusses potential control options to either mitigate or prevent the accidents discussed herein, it should be made clear that the final control selection for any accident is determined and presented in HNF-SD-WM-SAR-062.
Winkler, Thomas W; Day, Felix R; Croteau-Chonka, Damien C; Wood, Andrew R; Locke, Adam E; Mägi, Reedik; Ferreira, Teresa; Fall, Tove; Graff, Mariaelisa; Justice, Anne E; Luan, Jian'an; Gustafsson, Stefan; Randall, Joshua C; Vedantam, Sailaja; Workalemahu, Tsegaselassie; Kilpeläinen, Tuomas O; Scherag, André; Esko, Tonu; Kutalik, Zoltán; Heid, Iris M; Loos, Ruth J F
Rigorous organization and quality control (QC) are necessary to facilitate successful genome-wide association meta-analyses (GWAMAs) of statistics aggregated across multiple genome-wide association studies. This protocol provides guidelines for (i) organizational aspects of GWAMAs, and for (ii) QC at the study file level, the meta-level across studies and the meta-analysis output level. Real-world examples highlight issues experienced and solutions developed by the GIANT Consortium that has conducted meta-analyses including data from 125 studies comprising more than 330,000 individuals. We provide a general protocol for conducting GWAMAs and carrying out QC to minimize errors and to guarantee maximum use of the data. We also include details for the use of a powerful and flexible software package called EasyQC. Precise timings will be greatly influenced by consortium size. For consortia of comparable size to the GIANT Consortium, this protocol takes a minimum of about 10 months to complete. PMID:24762786
Lima, F. W. S.
Within the context of agent-based Monte-Carlo simulations, we study the well-known majority-vote model (MVM) with noise applied to tax evasion on simple square lattices, Voronoi-Delaunay random lattices, Barabasi-Albert networks, and Erdös-Rényi random graphs. In the order to analyse and to control the fluctuations for tax evasion in the economics model proposed by Zaklan, MVM is applied in the neighborhod of the noise critical qc to evolve the Zaklan model. The Zaklan model had been studied recently using the equilibrium Ising model. Here we show that the Zaklan model is robust because this can be studied using equilibrium dynamics of Ising model also through the nonequilibrium MVM and on various topologies cited above giving the same behavior regardless of dynamic or topology used here.
Ookubo, S.; Nakai, Y.; Oohira, N.; Kishishita, S. [Tokyo Electric power Co., Tokyo (Japan); Kobayashi, H.; Sano, F. [Fuji Electric Co., Tokyo (Japan); Masuda, M.; Tajima, T.; Oohira, K. [Toshiba Corporation, Tokyo (Japan)
A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No. 2 Nuclear Power Station of Tokyo Electric Power Co., Inc. since October, 1999. The system is designed to reduce workers burden by simplifying the operation of each equipment that controls access to radiation controlled areas, and to minimize radiation exposure by automatically acquiring dose data during each access and each task. The new system adopted electronic personal dosimeters (gamma radiation EPD) which permit data collection by radio communication, thus improving the conventional alarm-equipped personal dosimeter (EPD) and increasing reliability as primary dosimeters. Furthermore, additional electronic personal dosimeters capable of measuring beta radiation (gamma and beta radiations EPD) were also utilized in specific tasks in October 2001. After a six-month test run of these EPDs, the film badges were discontinued in April 2002 and replaced solely with the EPDs. EPDs are now used as the primary dosimetry for radiation workers.
Mark J Bolland
Full Text Available Observational studies (OS and randomized controlled trials (RCTs often report discordant results. In the Women's Health Initiative Calcium and Vitamin D (WHI CaD RCT, women were randomly assigned to CaD or placebo, but were permitted to use personal calcium and vitamin D supplements, creating a unique opportunity to compare results from randomized and observational analyses within the same study.WHI CaD was a 7-year RCT of 1g calcium/400IU vitamin D daily in 36,282 post-menopausal women. We assessed the effects of CaD on cardiovascular events, death, cancer and fracture in a randomized design- comparing CaD with placebo in 43% of women not using personal calcium or vitamin D supplements- and in a observational design- comparing women in the placebo group (44% using personal calcium and vitamin D supplements with non-users. Incidence was assessed using Cox proportional hazards models, and results from the two study designs deemed concordant if the absolute difference in hazard ratios was ≤0.15. We also compared results from WHI CaD to those from the WHI Observational Study(WHI OS, which used similar methodology for analyses and recruited from the same population.In WHI CaD, for myocardial infarction and stroke, results of unadjusted and 6/8 covariate-controlled observational analyses (age-adjusted, multivariate-adjusted, propensity-adjusted, propensity-matched were not concordant with the randomized design results. For death, hip and total fracture, colorectal and total cancer, unadjusted and covariate-controlled observational results were concordant with randomized results. For breast cancer, unadjusted and age-adjusted observational results were concordant with randomized results, but only 1/3 other covariate-controlled observational results were concordant with randomized results. Multivariate-adjusted results from WHI OS were concordant with randomized WHI CaD results for only 4/8 endpoints.Results of randomized analyses in WHI CaD were
Bolland, Mark J.; Grey, Andrew; Gamble, Greg D.; Reid, Ian R.
Background Observational studies (OS) and randomized controlled trials (RCTs) often report discordant results. In the Women’s Health Initiative Calcium and Vitamin D (WHI CaD) RCT, women were randomly assigned to CaD or placebo, but were permitted to use personal calcium and vitamin D supplements, creating a unique opportunity to compare results from randomized and observational analyses within the same study. Methods WHI CaD was a 7-year RCT of 1g calcium/400IU vitamin D daily in 36,282 post-menopausal women. We assessed the effects of CaD on cardiovascular events, death, cancer and fracture in a randomized design- comparing CaD with placebo in 43% of women not using personal calcium or vitamin D supplements- and in a observational design- comparing women in the placebo group (44%) using personal calcium and vitamin D supplements with non-users. Incidence was assessed using Cox proportional hazards models, and results from the two study designs deemed concordant if the absolute difference in hazard ratios was ≤0.15. We also compared results from WHI CaD to those from the WHI Observational Study(WHI OS), which used similar methodology for analyses and recruited from the same population. Results In WHI CaD, for myocardial infarction and stroke, results of unadjusted and 6/8 covariate-controlled observational analyses (age-adjusted, multivariate-adjusted, propensity-adjusted, propensity-matched) were not concordant with the randomized design results. For death, hip and total fracture, colorectal and total cancer, unadjusted and covariate-controlled observational results were concordant with randomized results. For breast cancer, unadjusted and age-adjusted observational results were concordant with randomized results, but only 1/3 other covariate-controlled observational results were concordant with randomized results. Multivariate-adjusted results from WHI OS were concordant with randomized WHI CaD results for only 4/8 endpoints. Conclusions Results of
Amaro F. de Sousa
Full Text Available Low power over wireless personal area networks (LoWPAN, in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes.
Altunay, Mine; /Fermilab; Byrd, Gregory T.; Brown, Doug E.; Dean, Ralph A.; /North Carolina State U.
A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated.
Full Text Available Access control policies [ACPs] regulate the access to data and resources in information systems. These ACPs are framed from the functional requirements and the Organizational security & privacy policies. It was found to be beneficial, when the ACPs are included in the early phases of the software development leading to secure development of information systems. Many approaches are available for including the ACPs in requirements and design phase. They relied on UML artifacts, Aspects and also Feature for this purpose. But the earlier modeling approaches are limited in expressing the evolving ACPs due to organizational policy changes and business process modifications. In this paper, we analyze, whether “Feature”- defined as an increment in program functionality can be used as a modeling entity to represent the Evolving Access control requirements. We discuss the two prominent approaches that use Feature in modeling ACPs. Also we have a comparative analysis to find the suitability of Features in the context of changing ACPs. We conclude with our findings and provide directions for further research.
Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.
Full Text Available A group-oriented access control scheme is proposed for P2P (peer to peer networks. In the proposed scheme, authentication control, admission control and revocation control are used in order to provide security services for P2P networks. Moreover, the proposed scheme can simply and efficient establish share key between two members without interactions, therefore it can perform secure communications with them. The analysis of security and performance shows that the proposed scheme not only can realize authentication and secure communication, but also can easily and efficiently add new group members and revoke malicious group members. Therefore, it is more efficient, and more practical protocol for P2P networks.
Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.
Full Text Available The Service Oriented Architecture (SOA is swiftly enabling inter-organizational processes. Web services are the key elements of modern SOA and are composed of self-describing components that can be used by service requestors across the web in a platform independent manner. Dynamic web services environment includes operations between entities from different domains which typically require uthentication and authorization of service requests. However the assumption that all domains may share a global services registry introduces a variety of challenges like how to establish trust relations among unknown service types, controlling and securing access to resources etc. In this paper, authors have proposed an identity preservation scheme (IDPS which will eliminate the need of validating the identity certificates of a service requestor after a level of trust has been established and verified. The proposed scheme will greatly reduce the amount of authorization work required for accessing a across varied domains.
Anass El haddadi
Full Text Available Information fusion is a cornerstone of competitive intelligence activity that aims at supporting decisionmaking by collecting, analyzing and disseminating information. This information comes fromheterogeneous data sources. In this paper we present an approach of access control. This approach isfocused both on the information that must be bring to decision-makers and the privacy of individuals whosedata is used to extract this information. This model is based on the standard “Role Based Access Control”(RBAC and is implemented within the entire life cycle of Xplor Every Where (Web service of Tetralogie,it follows methodologies tailored to design privacy-aware systems to be compliant with data protectionregulations.
Shukla, Piyush Kumar; Bhadoria, Dr Sarita Singh
The challenge of designing an efficient Medium Access Control (MAC) protocol and analyzing it has been an important research topic for over 30 years. This paper focuses on the performance analysis (through simulation) and modification of a well known MAC protocol CSMA/CD. The existing protocol does not consider the wastage of bandwidth due to unutilized periods of the channel. By considering this fact, performance of MAC protocol can be enhanced. The purpose of this work is to modify the existing protocol by enabling it to adapt according to state of the network. The modified protocol takes appropriate action whenever unutilized periods detected. In this way, to increase the effective bandwidth utilization and determine how it behaves under increasing load, and varying packet sizes. It will also include effects of attacks i.e. Denial of service attacks, Replay Attack, Continuous Channel Access or Exhaustion attack, Flooding attack, Jamming (Radio interference) attack, Selective forwarding attack which degrade...
YU Guangcan; LU Zhengding; LI Ruixuan; MUDAR Sarem
The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.
WANG Bo; HUANG Pei-wei; ZHONG You-ping; QI Ying-hao
Most existing media access control (MAC) protocols in power line communication (PLC) networks just discard the colliding data packets when collision occurs. The collision deteriorates throughput and delay performance of system under high traffic conditions. This article presents a novel media access scheme with fast collision resolution for in-home power line networks. It works by first recognizing the colliding stations through detecting the inserted unique ID sequence ahead of data packets, then the source nodes retransmitting their packets immediately after the collision slot. The proposed protocol maintains the benefits of ALOHA systems. It needs no scheduling overhead and is suitable for bursty sources, such as multimedia data packets. Computer simulations have demonstrated that this approach can achieve high throughput due to its ability of resolving collisions.
With self-shielded irradiators like Gamma chambers, and Blood irradiators are being sold by BRIT to customers both within and outside the country, it has become necessary to improve the quality of service without increasing the overheads. The recent advances in the field of communications and information technology can be exploited for improving the quality of service to the customers. A state of the art control system with remote accessibility has been designed for these irradiators enhancing their performance. This will provide an easy access to these units wherever they might be located, through the Internet. With this technology it will now be possible to attend to the needs of the customers, as regards fault rectification, error debugging, system software update, performance testing, data acquisition etc. This will not only reduce the downtime of these irradiators but also reduce the overheads. (author)
陈卓; 骆婷; 石磊; 洪帆
Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.
Tego, Edion; Matera, Francesco; del Buono, Donato
This article describes an experimental investigation on the behavior of transmission control protocol in throughput measurements to be used in the verification of the service-level agreement between the Internet service provider and user in terms of line capacity for ultra-broadband access networks typical of fiber-to-the-x architectures. It is experimentally shown different conditions in high bandwidth-delay product links where the estimation of the line capacity based on a single transmission control protocol session results are unreliable. Simple equations reported in this work, and experimentally verified, point out the conditions in terms of packet loss, time delay, and line capacity, that allow consideration of the reliability of the measurement carried out with a single transmission control protocol session test by adopting a suitable measurement time duration.
Ahmed N. U.
Full Text Available We present a dynamic modelfor access control mechanism used in computer communication network applied to MPEG video transmission over Internet. This modelis different fromthosedeveloped inthe previous works related to this topic. In our model, token buckets supported by data buffersare used to shape incoming traffic and one multiplexor, serving all the token pools, multiplexes all theconforming traffic. The model is governed by a system of discrete nonlinear difference equations. Weuse neural network as the feedback controller which receives at its input (measurable available information and provides at its output the optimal control. The simulated annealing algorithm isusedto optimize the system performance by adjusting the weights. For illustration, we presentnumerical results which show that the system performance of MPEG video server can be improved by using neural network and simulated annealing approach.
David Tung Chong Wong
Full Text Available This survey paper presents the state-of-the-art directional medium access control (MAC protocols in wireless ad hoc and sensor networks (WAHSNs. The key benefits of directional antennas over omni-directional antennas are longer communication range, less multipath interference, more spatial reuse, more secure communications, higher throughput and reduced latency. However, directional antennas lead to single-/multi-channel directional hidden/exposed terminals, deafness and neighborhood, head-of-line blocking, and MAC-layer capture which need to be overcome. Addressing these problems and benefits for directional antennas to MAC protocols leads to many classes of directional MAC protocols in WAHSNs. These classes of directional MAC protocols presented in this survey paper include single-channel, multi-channel, cooperative and cognitive directional MACs. Single-channel directional MAC protocols can be classified as contention-based or non-contention-based or hybrid-based, while multi-channel directional MAC protocols commonly use a common control channel for control packets/tones and one or more data channels for directional data transmissions. Cooperative directional MAC protocols improve throughput in WAHSNs via directional multi-rate/single-relay/multiple-relay/two frequency channels/polarization, while cognitive directional MAC protocols leverage on conventional directional MAC protocols with new twists to address dynamic spectrum access. All of these directional MAC protocols are the pillars for the design of future directional MAC protocols in WAHSNs.
Full Text Available Problem statement: Resource management is one of the most important engineering issues in 3G systems where multiple traffic classes are supported each being characterized by its required Quality of Service (QoS parameters. Call Admission Control (CAC is one of the resource management functions, which regulates network access to ensure QoS provisioning. Efficient CAC is necessary for the QoS provisioning in WCDMA environment. The effective functioning of WCDMA systems is influenced by the power control utility. Approach: In this study, we propose to design a fuzzy logic based power control for Wideband Code Division Multiple Access Wireless Networks. This proposed technique is aimed at multiple services like voice, video and data for multiclass users. The fuzzy logic technique is used to estimate the optimal admissible users group inclusive of optimum transmitting power level. This technique reduces the interference level and call rejection rate. Results: By simulation results, we demonstrate that the proposed technique achieve reduced energy consumption for a cell with increased throughput. Conclusion: The proposed technique minimizes the power consumption and call rejection rate.
The existence and use of software and networks have generated another possibility for perpetrators to influence systems in nuclear facilities or to prepare malevolent acts. Data security has become an element of physical protection plans, not as an end in itself but as a means to achieve physical protection objectives. Physical protection measures are additional measures, which become necessary when other measures that have to be taken (e.g. in compliance with international standards) are insufficient to prevent a hazard to the protection goals through data manipulation by software and hardware. In planning or assessing data protection measures for the purpose of physical protection, it is necessary to differentiate between applications which can, if manipulated, directly endanger the protection goals. The importance of software protection is growing. In particular, because of ageing of components, the existing instrumentation and control systems with their fixed wiring and discrete elements will have to be updated. Computerized access control systems play an eminent role in the physical protection of a nuclear facility. Therefore, most systems are operated as islands. The paper shows that linking of certain systems with other computer systems is possible without inadmissible drawbacks for the physical protection level. It is shown by means of the example of linking together the computer networks of access control, health physics, the flexitime system, the key administration and the operational management system that such linking of systems in nuclear facilities had hidden advantages for all participants
Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.
Over the past decade, there has been a drastic development of the single-board computer market. These computers are now in a position where they can compete with classic embedded hardware. Such fast improvement has led ASSA ABLOY, a well-known lock and security company, to see value in replacing some of their existing access control hardware with an off-the-shelf single-board computer. Therefore, a comparative study of single-board computers was performed for this company. Some of the compare...
Role based access control (RBAC)was proposed in 70's, and prevailed in 90's, and then Sandhu etc pro-posed formal RBAC model. Now RBAC is attracting increasing attention, and many governmental and commercial or-ganizations have adopted it, its importance is more and more apparent. In this paper we illuminates the distinctionsand similarities of role and user groups, and based the model that was proposed by Sandhu, we examine the relation-ship of role hierarchies and role constraints and formally describes that, and explain the most important part of roleconstraints ,which is separation of duties.
Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control syst...
GAO Fuxiang; YAO Lan; BAO Shengfei; YU Ge
A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.
Engr. Prof Hyacinth C. Inyiama; Engr. Mrs Lois Nwobodo; Engr. Dr. Mrs. Christiana C. Okezie; Engr. Mrs. Nkolika O. Nwazor
GSM (Global system for mobile communication) based wireless database access for food and drug administration and control is a system that enables one to send a query to the database using the short messaging system (SMS) for information about a particular food or drug. It works in such a way that a user needs only send an SMS in order to obtain information about a particular drug produced by a pharmaceutical industry. The system then receives the SMS, interprets it and uses its contents to qu...
Full Text Available Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the impact of using risk data in policy evaluation and enforcement.
Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank
Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC
The Interim Staff Guidance on burnup credit (ISG-8) for pressurized water reactor (PWR) spent nuclear fuel (SNF), issued by the Nuclear Regulatory Commission's (NRC) Spent Fuel Project Office, recommends the use of analyses that provide an ''adequate representation of the physics'' and notes particular concern with the ''need to consider the more reactive actinide compositions of fuels burned with fixed absorbers or with control rods fully or partly inserted.'' In the absence of readily available information on the extent of control rod (CR) usage in U.S. PWRs and the subsequent reactivity effect of CR exposure on discharged SNF, NRC staff have indicated a need for greater understanding in these areas. In response, this paper presents results of a parametric study of the effect of CR exposure on the reactivity of discharged SNF for various CR designs (including Axial Power Shaping Rods), fuel enrichments, and exposure conditions (i.e., burnup and axial insertion). The study is performed in two parts. In the first part, two-dimensional calculations are performed, effectively assuming full axial CR insertion. These calculations are intended to bound the effect of CR exposure and facilitate comparisons of the various CR designs. In the second part, three-dimensional calculations are performed to determine the effect of various axial insertion conditions and gain a better understanding of reality. The results from the study demonstrate that the reactivity effect increases with increasing CR exposure (e.g., burnup) and decreasing initial fuel enrichment (for a fixed burnup). Additionally, the results show that even for significant burnup exposures, minor axial CR insertions (e.g., eff of a spent fuel cask
Full Text Available Current file storage service models for cloud servers assume that users either belong to single layer with different privileges or cannot authorize privileges iteratively. Thus, the access control is not fine-grained and flexible. Besides, most access control methods at cloud servers mainly rely on computationally intensive cryptographic algorithms and, especially, may not be able to support highly dynamic ad hoc groups with addition and removal of group members. In this paper, we propose a scheme called F2AC, which is a lightweight, fine-grained, and flexible access control scheme for file storage in mobile cloud computing. F2AC can not only achieve iterative authorization, authentication with tailored policies, and access control for dynamically changing accessing groups, but also provide access privilege transition and revocation. A new access control model called directed tree with linked leaf model is proposed for further implementations in data structures and algorithms. The extensive analysis is given for justifying the soundness and completeness of F2AC.
Miwa, Shotaro; Kage, Hiroshi; Hirai, Takashi; Sumi, Kazuhiko
We propose a probabilistic face recognition algorithm for Access Control System(ACS)s. Comparing with existing ACSs using low cost IC-cards, face recognition has advantages in usability and security that it doesn't require people to hold cards over scanners and doesn't accept imposters with authorized cards. Therefore face recognition attracts more interests in security markets than IC-cards. But in security markets where low cost ACSs exist, price competition is important, and there is a limitation on the quality of available cameras and image control. Therefore ACSs using face recognition are required to handle much lower quality images, such as defocused and poor gain-controlled images than high security systems, such as immigration control. To tackle with such image quality problems we developed a face recognition algorithm based on a probabilistic model which combines a variety of image-difference features trained by Real AdaBoost with their prior probability distributions. It enables to evaluate and utilize only reliable features among trained ones during each authentication, and achieve high recognition performance rates. The field evaluation using a pseudo Access Control System installed in our office shows that the proposed system achieves a constant high recognition performance rate independent on face image qualities, that is about four times lower EER (Equal Error Rate) under a variety of image conditions than one without any prior probability distributions. On the other hand using image difference features without any prior probabilities are sensitive to image qualities. We also evaluated PCA, and it has worse, but constant performance rates because of its general optimization on overall data. Comparing with PCA, Real AdaBoost without any prior distribution performs twice better under good image conditions, but degrades to a performance as good as PCA under poor image conditions.
Full Text Available This paper considers the distributed access and control problem of massive wireless sensor networks’ data access center for the Internet of Things, which is an extension of wireless sensor networks and an element of its topology structure. In the context of the arrival of massive service access requests at a virtual data center, this paper designs a massive sensing data access and control mechanism to improve the access efficiency of service requests and makes full use of the available resources at the data access center for the Internet of things. Firstly, this paper proposes a synergistically distributed buffer access model, which separates the information of resource and location. Secondly, the paper divides the service access requests into multiple virtual groups based on their characteristics and locations using an optimized self-organizing feature map neural network. Furthermore, this paper designs an optimal scheduling algorithm of group migration based on the combination scheme between the artificial bee colony algorithm and chaos searching theory. Finally, the experimental results demonstrate that this mechanism outperforms the existing schemes in terms of enhancing the accessibility of service requests effectively, reducing network delay, and has higher load balancing capacity and higher resource utility rate.
The use of an electronic olfactory device, termed an electronic 'nose', was investigated for the detection of unique human odour characteristics. The detection of these unique odours was applied to the field of biometrics for access control, where a human's unique characteristics were used to authenticate a user of an access control system. An electronic odour sensing device was designed and constructed using an array of conducting polymer gas sensors in order to facilitate the regular screen...
The second generation portal explosives detector has been designed with increased detection capability and convenience in service. The method of detection and performance relative to the first generation is described. A novel method of auto-calibration and self diagnosis is described and results are discussed. Improvements in convenience of operation have been achieved and operating space and costs reduced by combining metal detection capability, together with explosives detection. This allows both alarm signal and diagnostic outputs to be combined on a single remote panel in the guard room, and reduces the number of guards needed to man the access control. This type of access control is entirely a defensive measure against attack but a further additional feature is proposed which will also check the state of mind of all personnel passing through the check point. Any person suffering from the effect of narcotic or alcohol will be detected by their inability to reproduce their normal signature. A new method of signature analysis in five dimensions is described together with proposals for integrating the check without increasing the time in the test area. Some recent results on the effects of alcohol on signature reproduction is given
Xu Lingling; Zhang Fangguo; Wen Yamin
In ACM'CCS 2009,Camenisch,et al.proposed the Obhvious Transfer with Access Control (AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the simplified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption (IBE) with Anonymous Key Issuing (AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.
Full Text Available At the center of core technologies for a future cyber world, such as Internet of Things (IoT or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC-based electronic payments. Near-field Communication (NFC integrated payment services collect the payment information of the credit card and the location information to generate patterns in the user’s consumption or movement through big data technology. Based on such pattern information, tailored services, such as advertisement, are offered to users. However, there is difficulty in controlling access to personal information, as there is a collaborative relationship focused on the trusted service manager (TSM that is close knit to shared personal information. Moreover, in the case of Hadoop, among the many big data analytical technologies, it offers access control functions, but not a way to authorize the processing of personal information, making it impossible to grant authority between service providers to process information. As such, this paper proposes a key generation and distribution method, as well as a secure communication protocol. The analysis has shown that the efficiency was greater for security and performance compared to relation works.
Full Text Available Android applications in smart phones are generally towards provide greater flexibility and convince for users. Considering the fact that the Android applications are having privilege to access data and resources in mobile after it gets installed (one time permission provided by end user on the time installation, these application may also lead to issues in security for the user data as well as issues relate smart phone with peripheral environment. A practical example for an issue which relates smart phone with peripheral environment can be even an Android smart phone application of a college student use camera resource to capture photos of R&D cell and transfer without user or organization permission. The security of the organization and user should be prevented by providing an adoptable solution. The proposed concept of CBAA-AAC (Context Based Android Application Administrative Access Control is used to control the privileges of any Android application over a corresponding longitude and latitude by the organization administrator. In this way, administrator is able to block malicious application of every individual smart phone which can have activity towards utilizing services and resources that may affect the security of the organization, such an move is must for assuring security of any organization and educational institutions while they allow users to “bring their own smart phones/mobile devices” into the campus.
Glycine max is a photoperiodic short-day plant and the practical consequence of the response is latitude and sowing period limitations to commercial crops.Genetic and physiological studies using the model plants Arabidopsis thaliana and rice (Oryza sativa)have uncovered several genes and genetic pathways controlling the process,however information about the corresponding pathways in legumes is scarce.Data mining prediction methodologies,Including multiple sequence alignment,phylogenetic analysis,bioinformatics expression and sequence motif pattern identification were used to identify soybean genes involved In day length perception and photoperiodic flowering induction.We have investigated approximately 330 000 sequences from open-access databases and have identified all bona fide central oscillator genes and circadian photoreceptors from A.thaliana in soybean sequence databases.We propose e working model for the photoperiodic control of flowering time in G.max,based on the identified key components.These results demonstrate the power of comparative genomics between model systems and crop species to elucidate the several aspects of plant physiology and metabolism.
段海军; 叶宏; 雷清; 郭勇; 张鹏
In order to solve the problem of access control in network file system for IMA system, we analyse access control and put forward a design scheme of access control. We use the Network File Lock to realize multiple partitions mutually exclusive access to remote files by locking files and unlocking files. We use the module of access control to authenticate the rights of the user. The user can access to files only if through verification. Log files save the whole operation process of accessing remote files. The paper draws principle of network file lock and purview control and modular of log.%为了解决面向IMA的网络文件系统访问控制问题,分析了其中的访问控制,并提出一种访问控制的设计方案.采用网络文件锁,通过对文件的上锁和解锁,实现多个分区互斥访问远程文件；使用权限控制模块验证用户对文件的访问权限,用户通过验证后才能访问文件；日志文件记录整个访问远程文件的过程.给出了网络文件锁、权限控制和日志模块的工作原理.
Wang, Jiayuan; Yan, Ying; Dittmann, Lars
This paper presents a Software Defined Networking (SDN) control plane based on an overlay GMPLS control model. The SDN control platform manages optical core networks (WDM/DWDM networks) and the associated access networks (GPON networks), which makes it possible to gather global information...
Sankhwar, Monica; Sankhwar, Satya Narayan; Bansal, Sandeep Kumar; Gupta, Gopal; Rajender, Singh
Compromised activity of the DNA repair enzymes may raise the risk of a number of cancers. We analyzed polymorphisms in the Xeroderma Pigmentosum, Complementation Group C (XPC) gene for their correlation with urinary bladder cancer. Ala499Val and Lys939Gln polymorphisms were genotyped in 234 urinary bladder cancer cases and 258 control samples. A significant association between Ala499Val polymorphism and bladder cancer was observed (OR = 1.78, CI = 1.19-2.66, p = 0.005); however, Lys939Gln was unrelated (OR = 0.97, CI = 0.65-1.45, P = 0.89). Further analysis revealed that Ala499Val was a significant risk factor only in the presence of smoking (OR = 2.23, CI = 1.28-3.87, p < 0.004) or tobacco chewing (OR = 2.40, CI = 1.43-4.04, p = 0.0008). To further appraise the association, we undertook meta-analyses on seven studies (2893 cases and 3056 controls) on Ala499Val polymorphism and eleven studies (5064 cases and 5208 controls) on Lys939Gln polymorphism. Meta-analyses corroborated the above results, showing strong association of Ala499Val (OR = 1.54, CI = 1.21-1.97, p = 0.001) but not that of Lys939Gln (OR = 1.13, CI = 0.95-1.34, p = 0.171) with urinary bladder cancer risk. In conclusion, XPC Ala499Val substitution increases urinary bladder cancer risk, but Lys939Gln appears to be neutral. PMID:27246180
Full Text Available Infection is the most common cause of hospitalization and the second most common cause of mortality among hemodialysis (HD patients, after cardiovascular disease. HD patients as well as the dialysis staff are vulnerable to contracting health-care-associated infections (HAIs due to frequent and prolonged exposure to many possible contaminants in the dialysis environment. The extracorporeal nature of the therapy, the associated common environmental conditions and the immune compromised status of HD patients are major predisposing factors. The evident increased potential for transmission of infections in the HD settings led to the creation and implementation of specific and stricter infection prevention and control measures in addition to the usual standard precautions. Different international organizations have generated guidelines and recommendations on infection prevention and control for implementation in the HD settings. These include the Centers for Disease Control and Prevention (CDC, the Association of Professionals in Infection Control (APIC, the Kidney Disease Outcomes Quality Initiative (K/DOQI, the European Best Practice Guidelines/European Renal Best Practice (EBPG/ERBP and the Kidney Disease: Improving Global Outcomes (KDIGO. However, these guidelines are extensive and sometimes vary among different guideline-producing bodies. Our aim in this review is to facilitate the access, increase the awareness and encourage implementation among dialysis providers by reviewing, extracting and comparing the essential elements of guidelines and recommendations on infection prevention and control in HD units.
王茜; 王富强; 傅鹤岗; 朱庆生
In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.
Moreno Sanchez, Pedro; Marin Lopez, Rafa; Gomez Skarmeta, Antonio F
Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices. PMID:24189332
Moreno Sanchez, Pedro; Marin Lopez, Rafa; Gomez Skarmeta, Antonio F
Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices.
Full Text Available This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC for wireless sensor networks (WSNs, which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols, BN-MAC reduces idle listening time, emissions, and collision handling at low cost at one-hop neighbor nodes and achieves high channel utilization under heavy network loads. BN-MAC is particularly designed for region-wise WSNs. Each region is controlled by a boarder node (BN, which is of paramount importance. The BN coordinates with the remaining nodes within and beyond the region. Unlike other hybrid MAC protocols, BN-MAC incorporates three promising models that further reduce the energy consumption, idle listening time, overhearing, and congestion to improve the throughput and reduce the latency. One of the models used with BN-MAC is automatic active and sleep (AAS, which reduces the ideal listening time. When nodes finish their monitoring process, AAS lets them automatically go into the sleep state to avoid the idle listening state. Another model used in BN-MAC is the intelligent decision-making (IDM model, which helps the nodes sense the nature of the environment. Based on the nature of the environment, the nodes decide whether to use the active or passive mode. This decision power of the nodes further reduces energy consumption because the nodes turn off the radio of the transceiver in the passive mode. The third model is the least-distance smart neighboring search (LDSNS, which determines the shortest efficient path to the one-hop neighbor and also provides cross-layering support to handle the mobility of the nodes. The BN-MAC also incorporates a semi
Building access control (BAC)--a catchall phrase to describe the systems that control access to facilities across campus--has traditionally been handled with remarkably low-tech solutions: (1) manual locks; (2) electronic locks; and (3) ID cards with magnetic strips. Recent improvements have included smart cards and keyless solutions that make use…
Billions of devices are connected to the Internet nowadays, and the number will continue to grow in the future thanks to the advances in the electronics and telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity...... and quality of life. This paradigm, which is often called Internet of Things (IoT) or Machine-to-Machine (M2M), will provide an unprecedented opportunity to create applications and services that go far beyond the mere purpose of each participant. Many studies on the both technical and social aspects of Io......T have shown that the concern about the security and privacy play a huge role for the mass adoption of the IoT/M2M as cloud services. Among the important topics within the security and privacy, the access control is an important mechanism, which essentially manages how the important assets or resource...
As per norms of the Atomic energy regulatory board (AERB) to operate a facility in round the clock which has a potential of radiation exposure, radiation safety rules are to be followed. Indus -1 and Indus-2 are synchrotron radiation sources which are open for various users round the clock. To monitor the persons inside the defined zone at any given time, a system is setup consisting of RF ID cards and their readers along with dedicated software. Software is developed in Visual Basic and uses UDP network protocol for receiving data from readers installed at various locations and connected to local area network. The paper describes the access control scheme followed in Indus Accelerator Complex. (author)
Martinotti, I; Cirla, A M; Cottica, D; Cirla, P E
The purpose of this study was an integrated assessment of exposure to benzene and Polycyclic Aromatic Hydrocarbons (PAH) in 29 workers employed to manage a controlled-access highways. A campaign was performed in summertime by environmental monitoring (active and passive airborne personal sampler), as well as by biological monitoring (urine samples of the beginning and of the end of daily shift, baseline after two days of vacation). The measured environmental levels did not differ from background environmental concentrations found in a metropolitan area (i.e. benzo[a]pyrene < 1 ng/m3; benzene < 5 mcg/m3), and the results of biological monitoring were in agreement and were compatible with extra-professional habits of the investigated subjects (1-hydroxipyrene 50-990 ng/g creatinine; unmetabolized benzene 15-2010 ng/I; t-t muconic acid < 4-222 mcg/g creatinine).
ZHENG Qing; YANG Zhen
Based on the Multi-Packet Reception(MPR)capability at the physical layer and the Distributed Coordination Function(DCF)of the IEEE 802.11 MAC protocol,we propose a modified new solution about WAITING mechanism to make full use of the MPR capability in this paper,which is named as modified distributed medium access control algorithm.We describe the details of each step of the algorithm after introducing the WAITING mechanism.Then,we also analyze how the waiting-time affects the throughput performance of the network.The network simulator NS-2 is used to evaluate the throughput performance of the new WAITING algorithm and we compare it with IEEE 802.11 MAC protocol and the old WAITING algorithm.The experimental results show that our new algorithm has the best performance.
LIANGBin; SHIWenchang; SUNYufang; SUNBo
Using one security model to enforce another is a prospective solution to multi-policy support. In this paper, an approach to the enforcing Clark-Wilson data integrity model in the Role-based access control (RBAC) model is proposed. An enforcement construction with great feasibility is presented. In this construction, a direct way to enforce the Clark-Wilson model is provided, the corresponding relations among users, transformation procedures, and constrained data items are strengthened; the concepts of task and subtask are introduced to enhance the support to least-privilege. The proposed approach widens the applicability of RBAC. The theoretical foundation for adopting Clark-Wilson model in a RBAC system with small cost is offered to meet the requirements of multi-policy support and policy flexibility.
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).
Phan, Khoa Tran; van der Schaar, Mihaela
Distributed medium access control (MAC) protocols are essential for the proliferation of low cost, decentralized wireless local area networks (WLANs). Most MAC protocols are designed with the presumption that nodes comply with prescribed rules. However, selfish nodes have natural motives to manipulate protocols in order to improve their own performance. This often degrades the performance of other nodes as well as that of the overall system. In this work, we propose a class of protocols that limit the performance gain which nodes can obtain through selfish manipulation while incurring only a small efficiency loss. The proposed protocols are based on the idea of a review strategy, with which nodes collect signals about the actions of other nodes over a period of time, use a statistical test to infer whether or not other nodes are following the prescribed protocol, and trigger a punishment if a departure from the protocol is perceived. We consider the cases of private and public signals and provide analytical a...
TIAN Ye; SHENG Min; LI Jiandong
This Paper presents a novel distributed media access control(MAC)address assignment algorithm,namely virtual grid spatial reusing(VGSR),for wireless sensor networks,which reduces the size of the MAC address efficiently on the basis of both the spatial reuse of MAC address and the mapping of geographical position.By adjusting the communication range of sensor nodes,VGSR algorithm can minimize the size of MAC address and meanwhile guarantee the connectivity of the sensor network.Theoretical analysis and experimental results show that VGSR algorithm is not only of low energy cost,but also scales well with the network ize,with its performance superior to that of other existing algorithms.
Full Text Available This paper presents a medium access control and scheduling scheme for wireless sensor networks. It uses time trees for sending data from the sensor node to the base station. For an energy efficient operation of the sensor networks in a distributed manner, time trees are built in order to reduce the collision probability and to minimize the total energy required to send data to the base station. A time tree is a data gathering tree where the base station is the root and each sensor node is either a relaying or a leaf node of the tree. Each tree operates in a different time schedule with possibly different activation rates. Through the simulation, the proposed scheme that uses time trees shows better characteristics toward burst traffic than the previous energy and data arrival rate scheme.
根据供应链系统对EPC信息服务(EPCIS)提出的访问控制需求,设计一种基于可扩展访问控制标记语言(XACML)的EPCIS访问控制模型.模型中的访问控制执行接口利用方法拦截技术实现对访问请求的拦截,并生成决策上下文对象.访问控制服务组件基于决策上下文对象中包含的用户、资源、环境和动作属性实现对访问请求的动态评估.安全通信组件利用安全性断言标记语言,结合缓存机制实现XACML授权请求/响应的实时传输.访问控制流程表明,该模型能够实现灵活的访问控制策略部署和管理,具有供应链产品信息访问控制的动态性、异构性等特点.%The special access control requirements of EPC Information Service(EPCIS) in the supply chains are analyzed,and an EPCIS access control model based on Extensible Access Control Markup Language(XACML) is presented.The access control execution interface in the model can intercept the access requests by using the method intercepting technology,and produce the corresponding judgment context.Based on the user property,resource property,environment property and action property,which are included into the judgment context,the access control service component can dynamically assess the access requests.The secure communication component can effectively provide the real-time transmission for XACML authorization request/response messages,by combining the Security Assertion Markup Language(SAML) and the caching mechanism.The access control workflow indicates that the model can implement the flexible and variable deployment and management of the access control strategies,which is well fit for implement highly dynamic and heterogeneous access control function for the product information in the supply chains.
Wang, Wen Qiang; Lim, Hock Beng; Datta, Anwitaman
The proliferation of sensing devices create plethora of data-streams, which in turn can be harnessed to carry out sophisticated analytics to support various real-time applications and services as well as long-term planning, e.g., in the context of intelligent cities or smart homes to name a few prominent ones. A mature cloud infrastructure brings such a vision closer to reality than ever before. However, we believe that the ability for data-owners to flexibly and easily to control the granularity at which they share their data with other entities is very important - in making data owners feel comfortable to share to start with, and also to leverage on such fine-grained control to realize different business models or logics. In this paper, we explore some basic operations to flexibly control the access on a data stream and propose a framework eXACML+ that extends OASIS's XACML model to achieve the same. We develop a prototype using the commercial StreamBase engine to demonstrate a seamless combination of strea...
This paper addresses the joint coordinated scheduling and power control problem in cloud-enabled networks. Consider the downlink of a cloud-radio access network (CRAN), where the cloud is only responsible for the scheduling policy, power control, and synchronization of the transmit frames across the single-antenna base-stations (BS). The transmit frame consists of several time/frequency blocks, called power-zones (PZ). The paper considers the problem of scheduling users to PZs and determining their power levels (PL), by maximizing the weighted sum-rate under the practical constraints that each user cannot be served by more than one base-station, but can be served by one or more power-zones within each base-station frame. The paper solves the problem using a graph theoretical approach by introducing the joint scheduling and power control graph formed by several clusters, where each is formed by a set of vertices, representing the possible association of users, BSs, and PLs for one specific PZ. The problem is, then, formulated as a maximumweight clique problem, in which the weight of each vertex is the sum of the benefits of the individual associations belonging to that vertex. Simulation results suggest that the proposed crosslayer scheme provides appreciable performance improvement as compared to schemes from recent literature.
上超望; 赵呈领; 刘清堂; 王艳凤
Access control is one of the key technologies in secure and reliable Web services composition value-added application. This paper briefly reviewed the state of the research for access control in Web services composition environment We firstly discussed the challenges to Web services secure compositioa Subsequently we analysed the security problems concerning Web services composition from a hierarchical perspective. Then, we discussed the research progress on the key access control technology from three respects of Web services composition access control architecture, atomic security policy consistent coordination and business process authorization. Finally, the conclusion was given and the problems were pointed out,which should be resolved in future research.%访问控制技术是保证Web服务组合增值应用安全性和可靠性的关键技术.主要论述了组合Web服务访问控制技术的研究现状及其问题.首先论述了组合Web服务安全面临的挑战；接着基于层的视角对组合Web服务安全问题进行了分析；然后从组合Web服务访问控制体系构架、原子安全策略的一致性协同和业务流程访问控制3个方面分析了组合Web服务访问控制核心技术研究的进展；最后,结合已有的研究成果,指出了目前研究的不足以及未来的发展趋势.
上超望; 赵呈领; 刘清堂; 王艳凤
访问控制技术是保证Web服务组合增值应用安全性和可靠性的关键技术.主要论述了组合Web服务访问控制技术的研究现状及其问题.首先论述了组合Web服务安全面临的挑战；接着基于层的视角对组合Web服务安全问题进行了分析；然后从组合Web服务访问控制体系构架、原子安全策略的一致性协同和业务流程访问控制3个方面分析了组合Web服务访问控制核心技术研究的进展；最后,结合已有的研究成果,指出了目前研究的不足以及未来的发展趋势.%Access control is one of the key technologies in secure and reliable Web services composition value-added application. This paper briefly reviewed the state of the research for access control in Web services composition environment. We firstly discussed the challenges to Web services secure composition. Subsequently we analysed the security problems concerning Web services composition from a hierarchical perspective. Then, we discussed the research progress on the key access control technology from three respects of Web services composition access control architecture, atomic security policy consistent coordination and business process authorization. Finally, the conclusion was given and the problems were pointed out,which should be resolved in future research.
Barletta, Michele; Ranise, Silvio; Viganò, Luca
The advance of web services technologies promises to have far-reaching effects on the Internet and enterprise networks allowing for greater accessibility of data. The security challenges presented by the web services approach are formidable. In particular, access control solutions should be revised to address new challenges, such as the need of using certificates for the identification of users and their attributes, human intervention in the creation or selection of the certificates, and (cha...
Perry, B., III; Goetz, R. C.; Kroll, R. I.; Miller, R. D.
This paper describes and illustrates the capabilities of the DYLOFLEX Computer Program System. DYLOFLEX is an integrated system of computer programs for calculating dynamic loads of flexible airplanes with active control systems. A brief discussion of the engineering formulation for each of the nine DYLOFLEX programs is described. The capabilities of the system are illustrated by the analyses of two example configurations.
Barrett, C. L. (Christopher L.); Drozda, M. (Martin); Marathe, A. (Achla); Marathe, M. V. (Madhav V.)
We study the effect of routing protocols on the performance of media access control (MAC) protocols in wireless radio networks. Three well known MAC protocols: 802.11, CSMA, and MACA are considered. Similarly three recently proposed routing protocols: AODV, DSR and LAR scheme 1 are considered. The experimental analysis was carried out using GloMoSim: a tool for simulating wireless networks. The main focus of our experiments was to study how the routing protocols affect the performance of the MAC protocols when the underlying network and traffic parameters are varied. The performance of the protocols was measured w.r.t. five important parameters: (i) number of received packets, (ii) average latency of each packet, (iii) throughput (iv) long term fairness and (v) number of control packets at the MAC layer level. Our results show that combinations of routing and MAC protocols yield varying performance under varying network topology and traffic situations. The result has an important implication; no combination of routing protocol and MAC protocol is the best over all situations. Also, the performance analysis of protocols at a given level in the protocol stack needs to be studied not locally in isolation but as a part of the complete protocol stack. A novel aspect of our work is the use of statistical technique, ANOVA (Analysis of Variance) to characterize the effect of routing protocols on MAC protocols. This technique is of independent interest and can be utilized in several other simulation and empirical studies.
Ben Ayed, Souheil; Teraoka, Fumio
The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.
Time-series models (Dynamic factorial analyses and; Min/max autocorrelation factor analysis) were used to explore the relative influences of environmental variables and fishing pressure of trawl, seine and artisanal fleets on catch rates on Trachurus trachurus in ICES IXa sub-divisions (IXaCN-North coast; IXa- CS-South coast; IXaS-Algarve, South coast, Algarve). Fishing effort influenced catch rates in all areas with a 2 year lag and fishing pressure for each area was related to specific fleet sectors effort. In IXaCN, winter upwelling (spawning peak) and both summer northerly wind and wind magnitude (outside of the spawning peak) were strongly correlated with catch rates. In IXaCS summer/autumn westerly winds were related with catch rates. Northerly winds in spring, upwelling and SST (winter and autumn) were related with catch rates in IXaS-Algarve. For species with a long spawning season such as horse mackerel, seasonal analyses at broad regional scales can detract from a better understanding of variability in short term sub-stock catch rates. Favorable environmental conditions, even during seasons with low spawning activity can positively affect catch rates. Ignoring the role of regional oceanographic features on the spatial distribution of the sub-stocks when analysing variability in catch rates can lead to poor inferences about the productivity of the populations.
访问控制是通过某种途径来准许或是限制主体对客体访问能力及范围的一种方法。本文结合Apama应用的特点，选择了基于角色的访问控制模型（Role-Based Access Control，RBAC）。根据此模型，把Apama平台下的访问控制实现分成了两个阶段：在用户身份认证阶段，结合JAAS（Java Authentication and Authorization Service）技术，采用了合适的认证机制和配置，并对此进行了设计和实现；在授权控制阶段，根据Apama平台下受保护资源的特点，合理设计访问策略，利用此策略实现授权控制。%Abstract：Access control is used to permit or limit user＇s access to objects by some means.It＇s better to use role-based access control according to the characteristic of Apama application. With RBAC, this paper divides the implementation of access control into two phases： in the part of user authentication, combined with JAAS, this paper designs and implements user authentication by means of proper authentication mechanism and configuration; in the part of user authorization, it also designs access policy according to the characteristic of protected data and implements the access control with it.
Casas, Antonia; Garcia, Maria Jesus; Nikouline, Andrei
Since 1994 the Data Centre of the Spanish Oceanographic Institute develops system for archiving and quality control of oceanographic data. The work started in the frame of the European Marine Science & Technology Programme (MAST) when a consortium of several Mediterranean Data Centres began to work on the MEDATLAS project. Along the years, old software modules for MS DOS were rewritten, improved and migrated to Windows environment. Oceanographic data quality control includes now not only vertical profiles (mainly CTD and bottles observations) but also time series of currents and sea level observations. New powerful routines for analysis and for graphic visualization were added. Data presented originally in ASCII format were organized recently in an open source MySQL database. Nowadays, the IEO, as part of SeaDataNet Infrastructure, has designed and developed a new information system, consistent with the ISO 19115 and SeaDataNet standards, in order to manage the large and diverse marine data and information originated in Spain by different sources, and to interoperate with SeaDataNet. The system works with data stored in ASCII files (MEDATLAS, ODV) as well as data stored within the relational database. The components of the system are: 1.MEDATLAS Format and Quality Control - QCDAMAR: Quality Control of Marine Data. Main set of tools for working with data presented as text files. Includes extended quality control (searching for duplicated cruises and profiles, checking date, position, ship velocity, constant profiles, spikes, density inversion, sounding, acceptable data, impossible regional values,...) and input/output filters. - QCMareas: A set of procedures for the quality control of tide gauge data according to standard international Sea Level Observing System. These procedures include checking for unexpected anomalies in the time series, interpolation, filtering, computation of basic statistics and residuals. 2. DAMAR: A relational data base (MySql) designed to
杨梅; 杨平利; 宫殿庆
Access control list (ACL) refers to the dictation list of router joint, which forms an orderly condition collection by a group of permit an deny sentences to control the data package of controlling the port turnover. ACL is a technology, which uses data stream classification and filtration to improve network's security. ACL is also a service level agreement ( SLA), which is used to enhance the quality of service in network. Introduce in detail about ACL's conception, classification, principle and function. The typical applications are discussed in some cases, which display the method of how to use ACL. It also presents the matching principle and some advice to reduce making mistakes when use the ACL.%访问控制列表是路由交换设备的一组条件控制指令列表,是实现包过滤技术的核心内容,它是一种数据流分类和过滤技术,在网络安全中发挥着重要的作用;访问控制列表也是一种服务级别协定,用于支持和提高网络的服务质量.首先介绍了访问控制列表的定义、分类、工作原理和功能,其次以实例的方式给出了访问控制列表的几种典型应用,通过应用实例说明了访问控制列表在网络安全中具体使用方法和特点,最后给配置使用时的要点、规则和使用时的建议.
YU Yang; WEI Xue-xia; ZHANG Yong-fa
The vibration caused by terrible road excitation affects the ride quality and safety of track vehicles. The vibration control of suspension systems is a very important factor for modern track vehicles. A fuzzy logic control for suspension system of a track vehicle is presented. A mechanical model and a system of differential equations of motion taking account of the mass of loading wheel are established. Then the fuzzy logic control is applied to control the vibration of suspension system of track vehicles for sine signal and random road surfaces. Numerical simulation shows that the maximum acceleration of suspension system can be reduced to 44% of the original value for sine signal road surface, and the mean square root of acceleration of suspension system can be reduced to 21% for random road surface. Therefore, the proposed fuzzy logic control is an efficient method for the suspension systems of track vehicles.
Luo, Haiyun; Kong, Jiejun; Zerfos, Petros; Lu, Songwu; Zhang, Lixia
Restricting network access of routing and packet forwarding to well-behaving nodes and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastructure, the dynamics of the network topology and node membership, and the potential attacks from inside the network by malicious and/or noncooperative selfish nodes make the conventional network access...
Office of Personnel Management — Application and Assessment system for Presidential Management Fellows (PMF) and PMF Science, Technology, Engineering, and Math (STEM) programs. This sytem is access...
Ostroff, Aaron J.; Hoffler, Keith D.; Proffitt, Melissa S.; Brown, Philip W.; Phillips, Michael R.; Rivers, Robert A.; Messina, Michael D.; Carzoo, Susan W.; Bacon, Barton J.; Foster, John F.
This paper describes the design, analysis, and nonlinear simulation results (batch and piloted) for a longitudinal controller which is scheduled to be flight-tested on the High-Alpha Research Vehicle (HARV). The HARV is an F-18 airplane modified for and equipped with multi-axis thrust vectoring. The paper includes a description of the facilities, a detailed review of the feedback controller design, linear analysis results of the feedback controller, a description of the feed-forward controller design, nonlinear batch simulation results, and piloted simulation results. Batch simulation results include maximum pitch stick agility responses, angle of attack alpha captures, and alpha regulation for full lateral stick rolls at several alpha's. Piloted simulation results include task descriptions for several types of maneuvers, task guidelines, the corresponding Cooper-Harper ratings from three test pilots, and some pilot comments. The ratings show that desirable criteria are achieved for almost all of the piloted simulation tasks.
Recently there have been growing interests in monitoring aquatic environments for scientific exploration, commercial exploitation and coastline protection. The ideal vehicle for this type of extensive monitoring is a mobile underwater sensor network (M-UWSN), consisting of a large number of low cost underwater sensors that can move with water currents and dispersion. M-UWSNs are significantly different from terrestrial sensor networks: (1) Radio channels do not work well under water. They must be replaced by acoustic channels, which feature long propagation delays, low communication bandwidth and high channel error rates; (2) While most ground sensors are static, underwater sensor nodes may move with water currents (and other underwater activities), as introduces passive sensor mobility. Due to the very different environment properties and the unique characteristics of acoustic channels, the protocols developed for terrestrial sensor networks are not applicable to M-UWSNs, and new research at every level of the protocol suite is demanded. In this dissertation work, we investigate three fundamental networking problems in M-UWSN design: medium access control, multi-hop routing and reliable data transfer. (1) Medium access control (MAC): the long propagation delays and narrow communication bandwidth of acoustic channels pose the major challenges to the energy-efficient MAC design in M-UWSNs. For the first time, we formally investigate the random access and RTS/CTS techniques in networks with long propagation delays and low communication bandwidth (as in M-UWSNs). Based on this study, we propose a novel reservation-based MAC approach, called R-MAC, for dense underwater sensor networks with unevenly distributed (spatially and temporally) traffic. Simulation results show that R-MAC is not only energy efficient but also supports fairness. (2) Multi-hop routing: In M-UWSNs, energy efficiency and mobility handling are the two major concerns for multi-hop routing, which have
Sets of biological and fallout samples analyzed at Environmental Measurements Laboratory (EML) and by contractor laboratories include quality control samples which are usually submitted as blinds. These checks consist of blanks, reference samples analyzed repeatedly over a period of years, replicates or splits of unknowns, spikes, and duplicate samplings. Quality control data are summarized for ashed bone, ashed foods, tap water, deposition, and resin samples analyzed for Sr-90, Cs-137 and Ca during 1981
Sets of biological and fallout samples analyzed at EML and by contractor laboratories include quality control samples which are submitted as blinds. These checks consist of blanks, reference samples analyzed repeatedly over a period of years, replicates or splits of unknowns, spikes, and duplicate samplings. This report summarizes quality control data for ashed bone, various ashed foods, tap water, and fallout samples analyzed for Sr-90, Cs-137, Pu-239,240, Am-241, and Ca during 1978
Franeková, Mária; Fedor KÁLLAY; Kurytnik, Igor Piotr
In the paper the possibilities of solution safety communication within area of safety-related control industry system are summarised with using cryptography techniques. Requirements to safety are based on generic standard for functional safety of Electrical/Electronic/Programmable Electronic (E/E/PE) systems IEC 61508 and standards, which define safety and security profiles in industrial network used in measurement and control systems. In mainly part of paper the model of safe...
Zhao Guoqing; Zhao Qijun
Numerical simulations are performed to investigate the effects of synthetic jet control on separation and stall over rotor airfoils. The preconditioned and unsteady Reynolds-averaged Navier–Stokes equations coupled with a k − ω shear stream transport turbulence model are employed to accomplish the flowfield simulation of rotor airfoils under jet control. Additionally, a velocity boundary condition modeled by a sinusoidal function is developed to fulfill the perturbation effect of periodic jet...
The Cholesterol Treatment Trialists' (CTT) Collaboration was originally established to conduct individual participant data meta-analyses of major vascular events, cause-specific mortality, and site-specific cancers in large, long-term, randomized trials of statin therapy (and other cholesterol-modifying treatments). The results of the trials of statin therapy and their associated meta-analyses have shown that statins significantly reduce the risk of major vascular events without any increase in the risk of nonvascular causes of death or of site-specific cancer, but do produce small increases in the incidence of myopathy, diabetes, and, probably, hemorrhagic stroke. The CTT Collaboration has not previously sought data on other outcomes, and so a comprehensive meta-analysis of all adverse events recorded in each of the eligible trials has not been conducted. This protocol prospectively describes plans to extend the CTT meta-analysis data set so as to provide a more complete understanding of the nature and magnitude of any other effects of statin therapy. PMID:27264221
Full Text Available In todays wireless networks, stations using the IEEE 802.11 standard contend for the channel using the Distributed Coordination Function (DCF. Research has shown that DCF€™s performance degrades especially with the large number of stations. This becomes more concerning due to the increasing proliferation of wireless devices. In this paper, we present a Medium Access Control (MAC scheme for wireless LANs and compare its performance to DCF . Our scheme, which attempts to resolve the contention in a constant number of slots (or constant time, is called CONSTI. The contention resolution happens over a predefined number of slots. In a slot, the stations probabilistically send a jam signal on the channel. The stations listening retire if they hear a jam signal. The others continue to the next slot. Over several slots, we aim to have one station remaining in the contention, which will then transmit its data. We find the optimal parameters of CONSTI and present an analysis on its performance.
Mudgal, Samriddh; Keresztes, Ivan; Feigenson, Gerald W; Rizvi, S S H
We illustrate a method that uses bovine serum albumin (BSA) to control the receptor-accessible part of rebaudioside A (Reb A). The critical micelle concentration (CMC) of Reb A was found to be 4.5 mM and 5 mM at pH 3 and 6.7 respectively. NMR studies show that below its CMC, Reb A binds weakly to BSA to generate a Reb A-protein complex ("RPC"), which is only modestly stable under varying conditions of pH (3.0-6.7) and temperature (4-40°C) with its binding affinities determined to be in the range of 5-280 mM. Furthermore, saturation transfer difference (STD) NMR experiments confirm that the RPC has fast exchange of the bitterness-instigating diterpene of Reb A into the binding sites of BSA. Our method can be used to alter the strength of Reb A-receptor interaction, as a result of binding of Reb A to BSA, which may ultimately lead to moderation of its taste.
Full Text Available Problem statement: In Mobile Ad hoc Network (MANET, both the routing layer and the Medium Access Control (MAC layer are vulnerable to several attacks. There are very few techniques to detect and isolate the attacks of both these layers simultaneously. In this study, we developed a combined solution for routing and MAC layer attacks. Approach: Our approach, makes use of three techniques simultaneously which consists of a cumulative frequency based detection technique for detecting MAC layers attacks, data forwarding behavior based detection technique for detecting packet drops and message authentication code based technique for packet modification. Results: Our combined solution presents a reputation value for detecting the malicious nodes and isolates them from further network participation till its revocation. Our approach periodically checks all nodes, including the isolated nodes, at regular time period λ. A node which recovers from its misbehaving condition is revoked to its normal condition after the time period λ. Conclusion/Recommendations: By simulation results, we show that our combined solution provides more security by increased packet delivery ratio and reduced packet drops. We also shown that our approach has less overhead compared to the existing technique.
Full Text Available Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.
Full Text Available Even in the absence of sensory inputs, cortical and thalamic neurons can show structured patterns of ongoing spontaneous activity, whose origins and functional significance are not well understood. We use computer simulations to explore the conditions under which spontaneous activity emerges from a simplified model of multiple interconnected thalamocortical columns linked by long-range, top-down excitatory axons, and to examine its interactions with stimulus-induced activation. Simulations help characterize two main states of activity. First, spontaneous gamma-band oscillations emerge at a precise threshold controlled by ascending neuromodulator systems. Second, within a spontaneously active network, we observe the sudden "ignition" of one out of many possible coherent states of high-level activity amidst cortical neurons with long-distance projections. During such an ignited state, spontaneous activity can block external sensory processing. We relate those properties to experimental observations on the neural bases of endogenous states of consciousness, and particularly the blocking of access to consciousness that occurs in the psychophysical phenomenon of "inattentional blindness," in which normal subjects intensely engaged in mental activity fail to notice salient but irrelevant sensory stimuli. Although highly simplified, the generic properties of a minimal network may help clarify some of the basic cerebral phenomena underlying the autonomy of consciousness.
Wang, Yu; Chen, Chang Wen
We present in this paper an energy efficient media access control (MAC) protocol for chain-type wireless sensor networks. The chain-type sensor networks are fundamentally different from traditional sensor networks in that the sensor nodes in this class of networks are deployed along narrow and elongated geographical areas and form a chain-type topology. Recently, we have successfully developed hierarchical network architecture, sensor deployment strategy, and corresponding network initialization and operation protocols for this class of sensor networks. In this paper, we present a novel TDMA scheduling protocol that takes full advantages of the available channel reuse inherent in the chain-type sensor networks to develop energy efficient and high data throughput MAC protocols for sensor data transmission. The synchronized TDMA scheduling allows the nodes to power on only when it is scheduled to send and receive and therefore results in additional energy saving. Within a cluster, parallel transmission is made possible because of the linear distribution of nodes within the chain-type topology and this yields the desired high throughput. Preliminary simulations have been carried out to show that the proposed TDMA scheduling outperforms the well-know SMAC scheme in terms of energy efficiency and data throughput under various duty cycles.
Full Text Available Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has provided the way for personalization. Personalization is a term which refers to the delivery of information that is relevant to individual or group of individuals in the format, layout specified and in time interval. In this paper we propose an Ontology Based Access Control (OBAC Model that can address the permitted access control among the service providers and users. Personal Health Records sharing is highly expected by the users for the acceptance in mobile commerce applications in health care systems.
R. Yu. Lagerev
Full Text Available Мerging traffic junctions on high-class roads are considered as bottlenecks in the network and quality of their operation determines a probability for formation of traffic congestions. Investigations on congestion situations in the merging zones of ramp and freeway traffic flows have demonstrated that queuing ramp traffic flow leads to formation of so called “turbulence” effect due to re-arrangement of transport facilities and reduction in their speed on main road direction. Having high queuing traffic flow on main road the “turbulence” component can result in formation of an impact blow in the main traffic flow. It has been proved that an impact of the ramp traffic flow on congestion probability is higher in comparison with main road traffic flow. The paper makes it possible to establish that some transport facilities moving along a high-way simul taneously occupy two lanes in the merging traffic zones and they reduce capacity of the used road section. It is necessary to take into account this specific feature and it is necessary to pay attention to it in the zones of “turbulence” effect formation. The paper presents main approaches, methodology, principles and stages required for access control of high-class roads which are directed on higher quality of their operation including improvement of road traffic safety. The paper proposes a methodоlogy that allows to evaluate and optimize ramp control in the context of a transport queue length minimization at adjoining ramps for the purposes of probability reduction in transport congestion.
Full Text Available The Internet architecture is a packet switching technology that allows dynamic sharing of bandwidth among different flows with in an IP network. Packets are stored and forwarded from one node to the next until reaching their destination. Major issues in this integration are congestion control and how to meet different quality of service requirements associated with various services. In other words streaming media quality degrades with increased packet delay and jitter caused by network congestion. To mitigate the impact of network congestion, various techniques have been used to improve multimedia quality and one of those techniques is Active Queue Management (AQM. Access routers require a buffer to hold packets during times of congestion. A large buffer can absorb the bursty arrivals, and this tends to increase the link utilizations but results in higher queuing delays. Traffic burstiness has a considerable negative impact on network performance. AQM is now considered an effective congestion control mechanism for enhancing transport protocol performance over wireless links. In order to have good link utilization, it is necessary for queues to adapt to varying traffic loads. This paper considers a particular scheme which is called Adaptive AQM (AAQM and studies its performance in the presence of feedback delays and its ability to maintain a small queue length as well as its robustness in the presence of traffic burstiness. The paper also presents a method based on the well-known Markov Modulated Poisson Process (MPP to capture traffic burstiness and buffer occupancy. To demonstrate the generality of the presented method, an analytic model is described and verified by extensive simulations of different adaptive AQM algorithms. The analysis and simulations show that AAQM outperforms the other AQMs with respect to responsiveness and robustness.
Whether for an entire district, a single campus, or one classroom, allowing authorized access to a computer network can be fraught with challenges. The login process should be fairly seamless to approved users, giving them speedy access to approved Web sites, databases, and other sources of information. It also should be tough on unauthorized…
Zelle, S.G.; Baltussen, R.M.P.M.
BACKGROUND: To support the development of global strategies against breast cancer, this study reviews available economic evidence on breast cancer control in low- and middle-income countries (LMICs). METHODS: A systematic article search was conducted through electronic scientific databases, and stud
Y.H.A. Teo; V. Viswanathan; M. Lees; W. Cai
The Love Parade disaster in Duisberg, Germany lead to several deaths and injuries. Disasters like this occur due to the existence of high densities in a limited area. We propose a wearable electronic device that helps reduce such disasters by directing people and thus controlling the density of the
Pacilly, Francine C.A.; Groot, Jeroen C.J.; Hofstede, Gert Jan; Schaap, Ben F.; Lammerts van Bueren, Edith
Potato late blight, caused by Phytophthora infestans, is one of the main diseases in potato production, causing major losses in yield. Applying environmentally harmful fungicides is the prevailing and classical method for controlling late blight, thus contaminating food and water. There is theref
Heidlmayr, Karin; Hemforth, Barbara; Moutier, Sylvain; Isel, Frédéric
The present study was designed to examine the impact of bilingualism on the neuronal activity in different executive control processes namely conflict monitoring, control implementation (i.e., interference suppression and conflict resolution) and overcoming of inhibition. Twenty-two highly proficient but non-balanced successive French-German bilingual adults and 22 monolingual adults performed a combined Stroop/Negative priming task while event-related potential (ERP) were recorded online. The data revealed that the ERP effects were reduced in bilinguals in comparison to monolinguals but only in the Stroop task and limited to the N400 and the sustained fronto-central negative-going potential time windows. This result suggests that bilingualism may impact the process of control implementation rather than the process of conflict monitoring (N200). Critically, our study revealed a differential time course of the involvement of the anterior cingulate cortex (ACC) and the prefrontal cortex (PFC) in conflict processing. While the ACC showed major activation in the early time windows (N200 and N400) but not in the latest time window (late sustained negative-going potential), the PFC became unilaterally active in the left hemisphere in the N400 and the late sustained negative-going potential time windows. Taken together, the present electroencephalography data lend support to a cascading neurophysiological model of executive control processes, in which ACC and PFC may play a determining role. PMID:26124740
Deji, Shizuhiko [Graduate School of Environmental Studies, Nagoya University, Furo-cho, Chikusa-ku, Nagoya 464-8602 (Japan); Nishizawa, Kunihide [Radioisotope Research Center, Nagoya University, Furo-cho, Chlkusa-ku, Nagoya 464-8602 (Japan)]. E-mail: email@example.com
High-frequency electromagnetic fields in the 120 kHz band emitted from card readers for access control systems caused abnormally high doses on electronic pocket dosimeters (EPDs). All EPDs recovered their normal performance by resetting after the exposure ceased. The electric and magnetic immunity levels of the EPDs were estimated by using the distances needed to prevent electromagnetic interference.
A method has been proposed for using the tools of kernel of an operating system to control access to the entities of application servers. The possibility of using an information protection system incorporated into the operating system to store and implement security policy has been demonstrated for a database management system
Wallett, Thomas M.
This paper surveys and describes some of the existing media access control and data link layer technologies for possible application in lunar surface communications and the advanced wideband Direct Sequence Code Division Multiple Access (DSCDMA) conceptual systems utilizing phased-array technology that will evolve in the next decade. Time Domain Multiple Access (TDMA) and Code Division Multiple Access (CDMA) are standard Media Access Control (MAC) techniques that can be incorporated into lunar surface communications architectures. Another novel hybrid technique that is recently being developed for use with smart antenna technology combines the advantages of CDMA with those of TDMA. The relatively new and sundry wireless LAN data link layer protocols that are continually under development offer distinct advantages for lunar surface applications over the legacy protocols which are not wireless. Also several communication transport and routing protocols can be chosen with characteristics commensurate with smart antenna systems to provide spacecraft communications for links exhibiting high capacity on the surface of the Moon. The proper choices depend on the specific communication requirements.
Sun, Xiaoqing; Yang, Bintang; Zhao, Long; Sun, Xiaofen
This paper presents a new payload-platform, for precision devices, which possesses the capability of isolating the complex space micro-vibration in low frequency range below 5 Hz. The novel payload-platform equipped with smart material actuators is investigated and designed through optimization strategy based on the minimum energy loss rate, for the aim of achieving high drive efficiency and reducing the effect of the magnetic circuit nonlinearity. Then, the dynamic model of the driving element is established by using the Lagrange method and the performance of the designed payload-platform is further discussed through the combination of the controlled auto regressive moving average (CARMA) model with modified generalized prediction control (MGPC) algorithm. Finally, an experimental prototype is developed and tested. The experimental results demonstrate that the payload-platform has an impressive potential of micro-vibration isolation.
Hwong, Yi-Ling; Willemse, Tim A C
The control software of the CERN Compact Muon Solenoid experiment contains over 30,000 finite state machines. These state machines are organised hierarchically: commands are sent down the hierarchy and state changes are sent upwards. The sheer size of the system makes it virtually impossible to fully understand the details of its behaviour at the macro level. This is fuelled by unclarities that already exist at the micro level. We have solved the latter problem by formally describing the finite state machines in the mCRL2 process algebra. The translation has been implemented using the ASF+SDF meta-environment, and its correctness was assessed by means of simulations and visualisations of individual finite state machines and through formal verification of subsystems of the control software. Based on the formalised semantics of the finite state machines, we have developed dedicated tooling for checking properties that can be verified on finite state machines in isolation.
分析基于角色访问控制的模型,在此基础上提出了一种在面向对象的编程模式中基于细粒度权限控制的管理方法.利用对象的继承特性引入细粒度权限管理的概念,把资源的控制从菜单粒度分解到原子操作粒度.分解后的权限和角色建立关系,通过给用户分配角色建立权限和用户的关系,从而简化了权限的管理.最后给出了具体的实现过程,在实际中得到了应用,验证了此方法的正确性和可行性.%Based on the theory of role-based access control, a method of finely granular access control in object orient programming is proposed in this paper. Introducing the idea about finely granular access control through Inherit attributes of object, decomposes the access privilege from menu to atom control. The privilege is assigned to role, then access control can be manage easily by defining the user of the role to simplify management of permissions. Finally, the specific implementation process has been applied in practice to verify the correctness and feasibility of this method.
Ricardo José Peña Lindarte
Full Text Available This article was focused on analyzing the lane use adjustment factor (fLU forming one of the eleven adjustment factors proposed in the current calculation methodology contained in the 2000 version of the Transportation Research Board’s (TRB Highway Capacity Manual (HCM for analyzing traffic-light-controlled intersection capacity in terms of saturation intensity. A methodology was established when analyzing the fLU factor that considered operational conditions regarding traffic-light-controlled intersections in Bogota. Road traffic flows were analyzed, including characterizing road traffic based on statistical sampling, field data collection and analysis. The project proposed equations allowing reference values to be gathered for determining adjustment factors regarding lane use on roads in Bogota in relation to existing access typologies and road traffic volume for analyzing traffic-light- controlled intersections. For example, in the specific case of roads having direct double-lane access (2CCD, the basic equation was determined to be y=-3,03E-08X2+3,44E-05X+0,888988, having a 1.0 coefficient of correlation. The dependent variable y referred to the fLU factor and the independent variable X was the volume of road traffic in mixed vehicles/hour. This equation was considered to be statistically relevant. A comparative analysis of the lane use adjustment factors estimated in the project is also presented and compared to the values recommended by the US Highway Capacity Manual. The project’s conclusions and re- commendations were thus sustained, validating the recommended factors summarized by the HCM and recommending that the results obtained from the project should be used in traffic-light-controlled design and planning projects.
A Wireless Sensor Network (WSN) is an emerging technology consisting of small, cheap, and ultra-low energy sensor nodes, which cooperatively monitor physical quantities, actuate, and perform data processing tasks. A deployment may comprise thousands of randomly distributed autonomous nodes, which must self-configure and create a multi-hop network topology.This thesis focuses on low-energy WSNs targeting to long network lifetime. The main research problem is the combination of adaptive and scalable multi-hop networking with constrained energy budget, processing power, and communication bandwidth. The research problem is approached by energy-efficient protocols and low-power sensor node platforms. The main contribution of this thesis is an energy-efficient Medium Access Control (MAC) design for TUTWSN (Tampere University of Technology Wireless Sensor Network). The design comprises channel access and networking mechanisms, which specify data exchange, link synchronization, network self-configuration, and neighbor discovery operations. The second outcome are several low-power sensor node platforms, which have been designed and implemented to evaluate the performance of the MAC design and hardware components in real deployments. The third outcome are the performance models and analysis of several MAC designs including TUTWSN, IEEE 802.15.4, and the most essential research proposals.The results and conclusion of this Thesis indicate that it is possible to implement multi-hop WSNs in harsh and dynamic operation conditions with years of lifetime using current low-cost components and batteries. Energy analysis results indicate that the lowest energy consumption is achieved by using simple and high data-rate transceivers. It is also critical to minimize sleep mode power consumption of all components and to use accurate wake-up timers. However, the selection of components constitutes only a minor part of the solution, and an energy-efficient MAC layer design being able to
Wie wird GMS Medizin – Bibliothek – Information genutzt? Analyse der Zugriffszahlen einer Open Access-Zeitschrift / Usage of "GMS Medizin – Bibliothek – Information": analysis of usage data from an Open Access journal
Full Text Available In 2006 the journal "MEDIZIN – BIBLIOTHEK – INFORMATION" changed from the internet platform of the "Arbeitsgemeinschaft für Medizinisches Bibliothekswesen" (AGMB to the Open Access platform German Medical Science (GMS. The printed journal version ceased. Thitherto it was sent to all members of the AGMB. The editorial staff made a few arrangements in order to support acceptance and perceptibility of this journal, now issued electronic only. The published papers were included in the database of the Deutsches Bibliothekswesen (DABI and in the Directory of Open Access Journals (DOAJ Content. Furthermore current articles were introduced in MEDINFO, a weblog for medical librarians. The paper compares usage data trends from September 2005 to May 2008 for selected articles.
Caroline Werner Pereira da Silva Grandizoli
Full Text Available This work shows the application of ¹H NMR spectroscopy and chemometrics for quality control of grape juice. A wide range of quality assurance parameters were assessed by single ¹H NMR experiments acquired directly from juice. The investigation revealed that conditions and time of storage should be revised and indicated on all labels. The sterilization process of homemade grape juices was efficient, making it possible to store them for long periods without additives. Furthermore, chemometric analysis classified the best commercial grape juices to be similar to homemade grape juices, indicating that this approach can be used to determine the authenticity after adulteration.
Full Text Available Secure buildings are currently protected from unauthorized access by a variety of devices. Even though there are many kinds of devices to guarantee the system safety such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures, the people voice can also be used. The ability to verify the identity of a speaker by analyzing speech, or speaker verification, is an attractive and relatively unobtrusive means of providing security for admission into an important or secured place. An individuals voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. Due to these advantages, this paper describes design and prototyping a voice-based door access control system for building security. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the users identity claim or possibly to report insufficient confidence and request additional input before making the decision. Furthermore, intelligent system approach is used to develop authorized person models based on theirs voice. Particularly Adaptive-Network-based Fuzzy Inference Systems is used in the proposed system to identify the authorized and unauthorized people. Experimental result confirms the effectiveness of the proposed intelligent voice-based door access control system based on the false acceptance rate and false rejection rate.
Qiao, Zhenzhen; Pingault, Lise; Nourbakhsh-Rey, Mehrnoush; Libault, Marc
Nitrogen is one of the most essential plant nutrients and one of the major factors limiting crop productivity. Having the goal to perform a more sustainable agriculture, there is a need to maximize biological nitrogen fixation, a feature of legumes. To enhance our understanding of the molecular mechanisms controlling the interaction between legumes and rhizobia, the symbiotic partner fixing and assimilating the atmospheric nitrogen for the plant, researchers took advantage of genetic and genomic resources developed across different legume models (e.g., Medicago truncatula, Lotus japonicus, Glycine max, and Phaseolus vulgaris) to identify key regulatory protein coding genes of the nodulation process. In this study, we are presenting the results of a comprehensive comparative genomic analysis to highlight orthologous and paralogous relationships between the legume genes controlling nodulation. Mining large transcriptomic datasets, we also identified several orthologous and paralogous genes characterized by the induction of their expression during nodulation across legume plant species. This comprehensive study prompts new insights into the evolution of the nodulation process in legume plant and will benefit the scientific community interested in the transfer of functional genomic information between species.
介绍了如何将Role-based Access Control(RBAC)模型应用于校园网的访问控制系统中.其特点是通过分配和取消角色来完成用户权限的授予和取消,并且提供了角色分配规则和操作检查规则.安全管理人员根据需要定义各种角色,并设置合适的访问权限,而用户根据其责任和资历被指派为不同的角色.根据系统的实际需求,创建了一个带有简单层次的RBAC模型.
Cicero, Arrigo F G; Colletti, Alessandro
Beyond the well-known effects on blood pressure (BP) of the dietary approaches to stop hypertension (DASH) and the Mediterranean diets, a large number of studies has investigated the possible BP lowering effect of different dietary supplements and nutraceuticals, the most part of them being antioxidant agents with a high tolerability and safety profile. In particular relatively large body of evidence support the use of potassium, L-arginine, vitamin C, cocoa flavonoids, beetroot juice, coenzyme Q10, controlled-release melatonin, and aged garlic extract. However there is a need for data about the long-term safety of a large part of the above discussed products. Moreover further clinical research is advisable to identify between the available active nutraceuticals those with the best cost-effectiveness and risk-benefit ratio for a large use in general population with low-added cardiovascular risk related to uncomplicated hypertension. PMID:25788027
Romano M Carmen
Full Text Available Abstract Background The yeast Saccharomyces cerevisiae responds to amino acid starvation by inducing the transcription factor Gcn4. This is mainly mediated via a translational control mechanism dependent upon the translation initiation eIF2·GTP·Met-tRNAiMet ternary complex, and the four short upstream open reading frames (uORFs in its 5' mRNA leader. These uORFs act to attenuate GCN4 mRNA translation under normal conditions. During amino acid starvation, levels of ternary complex are reduced. This overcomes the GCN4 translation attenuation effect via a scanning/reinitiation control mechanism dependent upon uORF spacing. Results Using published experimental data, we have developed and validated a probabilistic formulation of GCN4 translation using the Chemical Master Equation (Model 1. Model 1 explains GCN4 translation's nonlinear dependency upon uORF placements, and predicts that an as yet unidentified factor, which was proposed to regulate GCN4 translation under some conditions, only has pronounced effects upon GCN4 translation when intercistronic distances are unnaturally short. A simpler Model 2 that does not include this unidentified factor could well represent the regulation of a natural GCN4 mRNA. Using parameter values optimised for this algebraic Model 2, we performed stochastic simulations by Gillespie algorithm to investigate the distribution of ribosomes in different sections of GCN4 mRNA under distinct conditions. Our simulations demonstrated that ribosomal loading in the 5'-untranslated region is mainly determined by the ratio between the rates of 5'-initiation and ribosome scanning, but was not significantly affected by rate of ternary complex binding. Importantly, the translation rate for codons starved of cognate tRNAs is predicted to be the most significant contributor to the changes in ribosomal loading in the coding region under repressing and derepressing conditions. Conclusions Our integrated probabilistic Models 1 and 2
Full Text Available Abstract Background Qualitative research is increasingly used alongside randomised controlled trials (RCTs to study a range of factors including participants' experiences of a trial. The need for a sound evidence base within public health will increase the need for RCTs of non-clinical interventions. Welfare rights advice has been proposed as an intervention with potential to reduce health inequalities. This qualitative study, nested within an RCT of the impact of welfare rights advice, examined the acceptability of the intervention, the acceptability of the research process and the perceived impact of the intervention. Methods 25 men and women aged 60 years or over were recruited from four general practices in Newcastle upon Tyne (UK, a sub-sample of those who consented to be contacted (n = 96 during the RCT baseline interview. Semi-structured interviews were undertaken and analysed using the Framework Method. Results Participants viewed the trial positively although, despite agreeing that the information leaflet was clear, some had agreed to participate without being fully aware of what was involved. Some participants were unaware of the implications of randomisation. Most thought it fair, but a few concerns were raised about the control condition. The intervention was acceptable and made participants feel confident about applying for benefit entitlements. 14 out of 25 participants received some financial award; median weekly income gain was £57 (€84, $101. The perceived impact of additional finances was considerable and included: increased affordability of necessities and occasional expenses; increased capacity to deal with emergencies; and a reduction in stress related to financial worries. Overall, perceived independence and ability to participate in society increased. Most participants perceived benefits to their mental well-being, but no-one reported an improvement in physical health. The RCT showed little or no effect on a wide range
Batson, Sarah; Greenall, Gemma; Hudson, Pollyanna
Background Meta-analysis is a growing approach to evidence synthesis and network meta-analysis in particular represents an important and developing method within Health Technology Assessment (HTA). Meta-analysis of survival data is usually performed using the individual summary statistic—the hazard ratio (HR) from each randomised controlled trial (RCT). Objectives The objectives of this study are to: (i) review the methods and reporting of survival analyses in oncology RCTs; and (ii) assess the suitability and relevance of survival data reported in RCTs for inclusion into meta-analysis. Methods Five oncology journals were searched to identify Phase III RCTs published between April and July 2015. Eligible studies included those that analysed a survival outcome. Results Thirty-two RCTs reporting survival outcomes in cancer populations were identified. None of the publications reported details relating to a strategy for statistical model building, the goodness of fit of the final model, or final model validation for the analysis of survival outcomes. The majority of studies (88%) reported the use of Cox proportional hazards (PH) regression to analyse survival endpoints. However, most publications failed to report the validation of the statistical models in terms of the PH assumption. Conclusions This review highlights deficiencies in terms of reporting the methods and validity of survival analyses within oncology RCTs. We support previous recommendations to encourage authors to improve the reporting of survival analyses in journal publications. We also recommend that the final choice of a statistical model for survival should be informed by goodness of model fit to a given dataset, and that model assumptions are validated. The failure of trial investigators and statisticians to investigate the PH for RCT survival data is likely to result in clinical decisions based on inappropriate methods. The development of alternative approaches for the meta-analysis of survival
李甲帅; 彭长根; 朱义杰; 马海峰
Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.%传统的访问控制机制难以约束授权用户的恶意行为，使得采用这种访问控制机制的Hadoop平台面临着大数据隐私泄露的风险。提出了一种基于风险的访问控制模型，该模型通过对主体和客体标签的设定，根据用户的历史行为记录构造信息熵风险值计算函数，并进一步建立风险值波动的追踪链，通过风险值及其波动幅度动态调整用户的访问权限。将该模型应用于Hadoop的Kerberos认证协议的改进，结合访问令牌及风险监测实现大数据隐私保护风险访问控制机制。最后，针对医疗大数据进行应用仿真，实验表明该模型可以有效约束大数据应用平台中授权用户的访问行为。
Nafeesa Begum Jeddy
Full Text Available Hierarchical Access Control in group communication is an active area of research which is difficult to achieve it. Its primary objective is to allow users of a higher authority group to access information or resource held by lower group users and preventing the lower group users to access information held by higher class users. Large collection of collaborative applications in organizations inherently has hierarchical structures for functioning, where providing security by efficient group key management is a big challenging issue. While preserving centralized methods for hierarchical access control, it is difficult to achieve efficiency as a single membership change will result in lot of changes which are difficult to maintain. So, using distributed key agreement techniques is more appropriate for this scenario. This study explore on novel group key agreement approach, which combines both the symmetric polynomial scheme and Tree Based Group elliptic Curve key exchange. Also, it yields a secure protocol suite that is good in fault-tolerant and simple. The efficiency of SP-TGECDH is better than many other schemes. Using TGECDH makes the scheme suitable small Low powered devices.
Preemptive state tobacco control legislation prohibits localities from enacting tobacco control laws that are more stringent than state law. State preemption provisions can preclude any type of local tobacco control policy. The three broad types of state preemption tracked by CDC include preemption of local policies that restrict 1) smoking in workplaces and public places, 2) tobacco advertising, and 3) youth access to tobacco products. A Healthy People 2020 objective (TU-16) calls for eliminating state laws that preempt any type of local tobacco control law. A previous study reported that the number of states that preempt local smoking restrictions in one or more of three settings (government worksites, private-sector worksites, and restaurants) has decreased substantially in recent years. To measure progress toward achieving Healthy People 2020 objectives, this study expands on the previous analysis to track changes in state laws that preempt local advertising and youth access restrictions and to examine policy changes from December 31, 2000, to December 31, 2010. This new analysis found that, in contrast with the substantial progress achieved during the past decade in reducing the number of states that preempt local smoking restrictions, no progress has been made in reducing the number of states that preempt local advertising restrictions and youth access restrictions. Increased progress in removing state preemption provisions will be needed to achieve the relevant Healthy People 2020 objective.
Trusted IP equipment proposed access control technology is proposed in this paper. The adoption of this technology can achieve a medium-sized enterprise information network for all IP devices in the management and control of access behavior. The system based on Linux system Python language to develop and management of end users in the Web interface through the IP visual resource planning, allocation, and can be used to develop a variety of IP strategy.The system realizes the information network for all IP devices on the access behavior of the control, in control, thus enhancing the security of information networks.%提出了IP设备可信接入控制技术.通过该技术的应用,实现了大中型企业信息网络中所有IP设备的接入行为的管理与控制,系统采用基于Linux系统的Python语言进行开发,用户在Web管理端通过可视化的界面进行IP资源的规划、分配,同时可以制定各种IP使用策略.系统实现了对信息网所有IP设备接入行为的可控、在控,从而提高了信息网络的安全性.
洪帆; 朱贤; 邢光林
Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain,the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.
目前XML技术的应用范围越来越广泛,XML文档中可能包含不同程度的敏感信息,需要受到访问控制策略的保护.基于角色访问控制(role-based access control,RBAC)是一种灵活、高效的访问控制方法.在RBAC96模型的基础上,提出一种扩展权限的角色访问控制模型(extended permission role-based access control,EPRBAC),并讨论了XML授权机制.XML的授权可以定义在模式、实例甚至元素和属性级别上,从而实现了对XML文档灵活、细粒度的访问控制.
Currently, the XML document is being widely used in the exchange and storage of information. But it is needed to formulate specific access control method because of the particular grammar of XML document. In this paper a RBAC model for XML documents is put forwards .The architecture of access control and authorization mechanism are introduced in detail.% 目前应用XML文档进行信息的交换与存储已经越来越广泛，由于XML文档的特殊性，需要制定特定的访问控制方法。在传统RBAC模型的基础上，提出了一种面向XML文档的RBAC模型，并详细介绍了相应访问控制体系及授权机制。
<正>On January 28, the Ministry of Industry and Information Technology promulgated "Alumi-num Industry Access Condition (2012) (Draft to solicit opinions)", according to www.smm.cn (SMM), the state government has loosened restriction on launching new alu-
Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit
Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626
Kangolle Alfred CT; Hanna Timothy P
Abstract Background Cancer is a rapidly increasing problem in developing countries. Access, quality and efficiency of cancer services in developing countries must be understood to advance effective cancer control programs. Health services research can provide insights into these areas. Discussion This article provides an overview of oncology health services in developing countries. We use selected examples from peer-reviewed literature in health services research and relevant publicly availab...
Quan Jing; Kuo Wan; Xiao-jun Wang; Lin Ma
Objective To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. Methods A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth:the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4%articaine and 1∶100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. Results The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively;χ2=34.3, P Conclusion The computer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.
Du, Qinghe; Zhao, Weidong; Li, Weimin; Zhang, Xuelin; Sun, Bo; Song, Houbing; Ren, Pinyi; Sun, Li; Wang, Yichen
The prosperity of e-health is boosted by fast development of medical devices with wireless communications capability such as wearable devices, tiny sensors, monitoring equipments, etc., which are randomly distributed in clinic environments. The drastically-increasing population of such devices imposes new challenges on the limited wireless resources. To relieve this problem, key knowledge needs to be extracted from massive connection attempts dispersed in the air towards efficient access control. In this paper, a hybrid periodic-random massive access (HPRMA) scheme for wireless clinical networks employing ultra-narrow band (UNB) techniques is proposed. In particular, the proposed scheme towards accommodating a large population of devices include the following new features. On one hand, it can dynamically adjust the resource allocated for coexisting periodic and random services based on the traffic load learned from signal collision status. On the other hand, the resource allocation within periodic services is thoroughly designed to simultaneously align with the timing requests of differentiated services. Abundant simulation results are also presented to demonstrate the superiority of the proposed HPRMA scheme over baseline schemes including time-division multiple access (TDMA) and random access approach, in terms of channel utilization efficiency, packet drop ratio, etc., for the support of massive devices' services. PMID:27240842
Wakayama, Koji; Okuno, Michitaka; Matsuoka, Yasunobu; Hosomi, Kazuhiko; Sagawa, Misuzu; Sugawara, Toshiki
We propose an optical switch control procedure for high-performance and cost-effective 10 Gbps Active Optical Access System (AOAS) in which optical switches are used instead of optical splitters in PON (Passive Optical Network). We demonstrate the implemented optical switch control module on Optical Switching Unit (OSW) with logic circuits works effectively. We also propose a compact optical 3D-CSP (Chip Scale Package) to achieve the high performance of AOAS without losing cost advantage of PON. We demonstrate the implemented 3D-CSP works effectively.
Richardson, Joshua E; Richardson, Joshua Edwin; Ash, Joan S; Ash, Joan
Hands Free Communication Device (HFCD) systems are a relatively new information and communication technology. HFCD systems enable clinicians to directly contact and communicate with one another using wearable, voice-controlled badges that are VoIP-based (voice-over IP) and are linked to one another over a wireless local area network (WLAN). This qualitative study utilized a grounded theory, multiple perspectives approach to understand how the use of HFCDs affected communication in the hospitals that implemented them. The study generated five themes revolving around HFCDs impact on communication. This paper specifically focuses on two of those themes: Communication Access and Control. PMID:18999046
Jenkins, Chris; Pierson, Lyndon G.
Techniques and mechanism to selectively provide resource access to a functional domain of a platform. In an embodiment, the platform includes both a report domain to monitor the functional domain and a policy domain to identify, based on such monitoring, a transition of the functional domain from a first integrity level to a second integrity level. In response to a change in integrity level, the policy domain may configure the enforcement domain to enforce against the functional domain one or more resource accessibility rules corresponding to the second integrity level. In another embodiment, the policy domain automatically initiates operations in aid of transitioning the platform from the second integrity level to a higher integrity level.
This master thesis investigates optimizations on recently proposed fully unsynchronized power saving sensor MAC protocols. In contrast to many other sensor MAC protocols, unsynchronized sensor MAC protocols renounce on any kind of network- or cluster-wide synchronization for channel access coordination and maintenance of a common wake-sleep pattern, because in wireless sensor networks with low traffic requirements, the overhead for maintaining synchronization is likely to exceed the energy spent for the actual data traffic.
Dinh, Tien Tuan Anh; Datta, Anwitaman
As tremendous amount of data being generated everyday from human activity and from devices equipped with sensing capabilities, cloud computing emerges as a scalable and cost-effective platform to store and manage the data. While benefits of cloud computing are numerous, security concerns arising when data and computation are outsourced to a third party still hinder the complete movement to the cloud. In this paper, we focus on the problem of data privacy on the cloud, particularly on access c...
Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of ...
在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理，它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。%got rapid development in the rapid development of digital technology, network technology today access technology. Access control systems have already gone beyond the simple road and key management, it has gradual y developed into a complete access control system. It plays a great role in administrative work environment safety, personnel at endance management etc. In this paper, the museum entrance guard system in the research on the application of.
YU Yi-fan; YIN Chang-chuan; YUE Guang-xin
Ample medium access control (MAC) protocols for Ad hoc networks have been proposed. However, most of them do not take into account the interactions between the physical (PHY) layer and the MAC layers. Therefore, their efficiency and feasibility are greatly limited. In this article, we present a novel MAC protocol for Ad hoc networks according to the idea of cross-layer design. The proposed protocol combines an MAC protocol termed dual busy tone multiple access (DBTMA) with Orthogonal frequency division multiplexing (OFDM) system in IEEE 802.11a standard. The analysis showed that the proposed protocol provides higher throughput and is more flexible than previous MAC protocols. In addition, it can provide Quality of Service(QoS) guarantee to the packets with different delay requirements in the presence of hidden terminals.
This Manual represents Revision 5 of the user documentation for the modular code system referred to as SCALE. The history of the SCALE code system dates back to 1969 when the current Computational Physics and Engineering Division at Oak Ridge National Laboratory (ORNL) began providing the transportation package certification staff at the U. S. Atomic Energy Commission with computational support in the use of the new KENO code for performing criticality safety assessments with the statistical Monte Carlo method. From 1969 to 1976 the certification staff relied on the ORNL staff to assist them in the correct use of codes and data for criticality, shielding, and heat transfer analyses of transportation packages. However, the certification staff learned that, with only occasional use of the codes, it was difficult to become proficient in performing the calculations often needed for an independent safety review. Thus, shortly after the move of the certification staff to the U.S. Nuclear Regulatory Commission (NRC), the NRC staff proposed the development of an easy-to-use analysis system that provided the technical capabilities of the individual modules with which they were familiar. With this proposal, the concept of the Standardized Computer Analyses for Licensing Evaluation (SCALE) code system was born. This volume is part of the manual related to the control modules for the newest updated version of this computational package.
This Manual represents Revision 5 of the user documentation for the modular code system referred to as SCALE. The history of the SCALE code system dates back to 1969 when the current Computational Physics and Engineering Division at Oak Ridge National Laboratory (ORNL) began providing the transportation package certification staff at the U. S. Atomic Energy Commission with computational support in the use of the new KENO code for performing criticality safety assessments with the statistical Monte Carlo method. From 1969 to 1976 the certification staff relied on the ORNL staff to assist them in the correct use of codes and data for criticality, shielding, and heat transfer analyses of transportation packages. However, the certification staff learned that, with only occasional use of the codes, it was difficult to become proficient in performing the calculations often needed for an independent safety review. Thus, shortly after the move of the certification staff to the U.S. Nuclear Regulatory Commission (NRC), the NRC staff proposed the development of an easy-to-use analysis system that provided the technical capabilities of the individual modules with which they were familiar. With this proposal, the concept of the Standardized Computer Analyses for Licensing Evaluation (SCALE) code system was born. This volume is part of the manual related to the control modules for the newest updated version of this computational package
He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang
We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.
刘琼波; 施军; 尤晋元
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.%为适应分布式环境下的安全需求，提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述，限定权限传播的深度，利用不同的优先次序定义了多种消解冲突的规则，并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理，描述了如何判定访问请求的算法.解决了3个问题：分布式授权、私有权限和冲突消解方法.
Fragoulopoulos, Stratos K.; Mavrommatis, K. I.; Venieris, Iakovos S.
In the multi-vendor systems, a customer connected to an Access network (AN) must be capable of selecting a specific Service Node (SN) according to the services the SN provides. The multiplicity of technologically varying AN calls for the definition of a standard reference point between the AN and the SN widely known as the VB interface. Two versions are currently offered. The VB5.1 is simpler to implement but is not as flexible as the VB5.2, which supports switched connections. The VB5.2 functionality is closely coupled to the Broadband Bearer Channel Connection Protocol (B-BCCP). The B-BCCP is used for conveying the necessary information for dynamic resource allocation, traffic policing and routing in the AN as well as for information exchange concerning the status of the AN before a new call is established by the SN. By relying on such a protocol for the exchange of information instead of intercepting and interpreting signalling messages in the AN, the architecture of the AN is simplified because the functionality related to processing is not duplicated. In this paper a prominent B- BCCP candidate is defined, called the Service node Access network Interaction Protocol.
Kannan, Jayanthkumar; Chun, Byung-Gon
This paper introduces the notion of a secure data capsule, which refers to an encapsulation of sensitive user information (such as a credit card number) along with code that implements an interface suitable for the use of such information (such as charging for purchases) by a service (such as an online merchant). In our capsule framework, users provide their data in the form of such capsules to web services rather than raw data. Capsules can be deployed in a variety of ways, either on a trusted third party or the user's own computer or at the service itself, through the use of a variety of hardware or software modules, such as a virtual machine monitor or trusted platform module: the only requirement is that the deployment mechanism must ensure that the user's data is only accessed via the interface sanctioned by the user. The framework further allows an user to specify policies regarding which services or machines may host her capsule, what parties are allowed to access the interface, and with what parameter...
马晓; 王凤英; 常玲霞
T his paper proposes a novel role-based provenance access control model (PRBAC )to better utilize provenance data to control access to the other data .The model is built on prove‐nance-based access control (PBAC) and role-based access control (RBAC) .And this scheme di‐vided the dependency list as a foundation of access control ,introduced the notion of role in role-based access control and gave out the access control algorithm .The analysis results indicate the proposed model can solve the issues that the authorization management is not flexible ,the system has low access efficiency and access control policy is not secure enough ,and other problems .%为了更好地利用数据起源对其它数据进行访问控制，建立了一种基于角色的起源访问控制模型（PRBAC ）。该模型以基于起源的访问控制模型（PBAC ）和基于角色的访问控制模型（RBAC）为基础，划分了作为访问控制基础的依赖关系列表，并引入RBAC中角色集的概念，给出了具体的访问控制算法。分析结果表明PRBAC能解决基于起源的访问控制模型中授权管理不灵活、系统运行效率低和访问控制策略不够安全等问题。
Brandenburg, Sara A., Ed.; Vanderheiden, Gregg C., Ed.
One of a series of three resource guides concerned with communication, control, and computer access for the disabled or the elderly, the book focuses on hardware and software. The guide's 13 chapters each cover products with the same primary function. Cross reference indexes allow access to listings of products by function, input/output…
Kangolle Alfred CT
Full Text Available Abstract Background Cancer is a rapidly increasing problem in developing countries. Access, quality and efficiency of cancer services in developing countries must be understood to advance effective cancer control programs. Health services research can provide insights into these areas. Discussion This article provides an overview of oncology health services in developing countries. We use selected examples from peer-reviewed literature in health services research and relevant publicly available documents. In spite of significant limitations in the available data, it is clear there are substantial barriers to access to cancer control in developing countries. This includes prevention, early detection, diagnosis/treatment and palliation. There are also substantial limitations in the quality of cancer control and a great need to improve economic efficiency. We describe how the application of health data may assist in optimizing (1 Structure: strengthening planning, collaboration, transparency, research development, education and capacity building. (2 Process: enabling follow-up, knowledge translation, patient safety and quality assurance. (3 Outcome: facilitating evaluation, monitoring and improvement of national cancer control efforts. There is currently limited data and capacity to use this data in developing countries for these purposes. Summary There is an urgent need to improve health services for cancer control in developing countries. Current resources and much-needed investments must be optimally managed. To achieve this, we would recommend investment in four key priorities: (1 Capacity building in oncology health services research, policy and planning relevant to developing countries. (2 Development of high-quality health data sources. (3 More oncology-related economic evaluations in developing countries. (4 Exploration of high-quality models of cancer control in developing countries. Meeting these needs will require national, regional and
Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.
As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are
Full Text Available In this paper we will creating architecture which will helps user to control LAN using the android mobile. As the most of the all application are now creating the cross platform version for the android, we will also make the control using the android platform. This is purely network administrative application which useful for the controlling network. The architecture will consist the nodes in the LAN and one server as well as one android phone which use to control the nodes. We use connectivity options as Wi-Fi or Internet; if connectivity internet is taken in grant then we will provide the static IP address to the server. For all this kind of application we should use JAVA technology and the android SDK in programming point of view. After testing application on LAN it works very well while file browsing and controlling the process.
Dr. Khanna SamratVivekanand Omprakash
Full Text Available This paper represents how the co-ordinates from the Google map stored into database . It stored into the central web server . This co-ordinates then transfer to client program for searching the locations of particular location for electronic device . Client can access the data from internet and use into program by using API . Development of software for a particular device for putting into the vehicle has been develop. In the inbuilt circuit assigning sim card and transferring the signal to the network. Supplying a single text of co-ordinates of locations using google map in terms of latitudes and longitudes. The information in terms of string separated by comma can be extracted and stored into the database of web server . Different mobile number with locations can be stored into the database simultaneously into the server of different clients . The concept of 3 Tier Client /Server architecture is used. The sim card can access information of GPRS system with the network provider of card . Setting of electronic device signal for receiving and sending message done. Different operations can be performed on the device as it can be attached with other electronic circuit of vehicle. Windows Mobile application developed for client slide. User can take different decision of vehicle from mobile by sending sms to the device . Device receives the operation and send to the electronic circuit of vehicle for certain operations. From remote place using mobile you can get the information of your vehicle and also you can control vehicle it by providing password to the electronic circuit for authorization and authentication. The concept of vehicle security and location of vehicle can be identified. The functions of vehicle can be accessed and control like speed , brakes and lights etc as per the software application interface with electronic circuit of vehicle.
高斌; 翟江涛; 薛朋骏
An access control system based on file layer of VxWorks is designed and implemented to solve the problem of lack of protection in file layer of VxWorks.This system is composed of three parts which are access monitor, access decider and authority library.Firstly, access monitor which is used to intercept the access of tasks to files in the block device and to acquire the access information of tasks is embedded into the dosFs file system layer, and the access information is also made up of three parts which are access subject, access object and access mode.Secondly, a decision scheme is given by access decider when the acquired access information of tasks is compared by the rules in authority library.Finally, the corresponding access control is carried out by access monitor according to the decision above.The performance of VxWorks embedded with the designed access control system is evaluated by experiments, and it turns out that the security of VxWorks is improved by the con-trol method whose effect on the instantaneity of VxWorks is acceptable.%针对VxWorks系统缺少文件层保护的问题,设计并实现了一种基于VxWorks文件层的访问控制系统.该系统包括访问监控器、访问决策器和权限库3部分.首先,在dosFs文件系统层嵌入访问监控器,拦截任务对块设备中文件的访问,同时获取由访问主体、客体以及访问方式所构成的三元组访问任务信息;其次,访问决策器将获取的访问任务信息与权限库的规则作匹配,给出决策方案;最后,访问监控器根据决策方案进行相应的访问控制.文中实验部分对使用文中方法设计的VxWorks系统进行了性能评估,结果表明该控制方法不仅有效提高了VxWorks系统的安全性,而且对VxWorks系统的实时性影响较小.
A recent trend is observed in the context of the radio-controlled aircrafts and automobiles within the hobby grade category and Unmanned Aerial Vehicles (UAV) applications moving to the well-known Industrial, Scientific and Medical (ISM) band. Based on this technological fact, the present thesis evaluates an individual user performance by featuring a multiple-user scenario where several point-to-point co-located real-time Remote Control (RC) applications operate using Frequency Hopping Spread Spectrum (FHSS) as a medium access technique in order to handle interference efficiently. Commercial-off-the-shelf wireless transceivers ready to operate in the ISM band are considered as the operational platform supporting the above-mentioned applications. The impact of channel impairments and of different critical system engineering issues, such as working with real clock oscillators and variable packet duty cycle, are considered. Based on the previous, simulation results allowed us to evaluate the range of variation for those parameters for an acceptable system performance under Multiple Access (MA) environments.
Chan Brenda Wing Han
Full Text Available A Security Door Access Control System (SDACS project involves a number of teams from different organizations with diverse project goals. One of the main challenges of such projects is the lack of a standard approach or common understanding to achieve a common goal among project parties. This research examines various management concerns for SDACS projects, highlights the expected common understanding for project participants, develops the project management constructs, and emphasizes on the resulting value of the project to all participants. A two-stage process of scale development and validation was conducted. First, six generic constructs were identified based on the Security Access Control System Framework. Next, a multi-item scale for each construct was developed with reference to the Result-Oriented Management Framework. Expert judges were invited to conduct manual sorting of the items iteratively until reliability and validity was reached. In the next stage, further refinement and validation were carried out with a synthesized survey instrument and a series of statistical testing followed. The finalized SDACS project management constructs and the related findings help reinforce the importance of a standardized management practice for SDACS projects. The value of this research not only benefits SDACS project managers but everyone who works on the project.
McCleskey, R. Blaine; Nordstrom, D. Kirk; Naus, Cheryl A.
The Questa baseline and pre-mining ground-water quality investigation has the main objective of inferring the ground-water chemistry at an active mine site. Hence, existing ground-water chemistry and its quality assurance and quality control is of crucial importance to this study and a substantial effort was spent on this activity. Analyses of seventy-two blanks demonstrated that contamination from processing, handling, and analyses were minimal. Blanks collected using water deionized with anion and cation exchange resins contained elevated concentrations of boron (0.17 milligrams per liter (mg/L)) and silica (3.90 mg/L), whereas double-distilled water did not. Boron and silica were not completely retained by the resins because they can exist as uncharged species in water. Chloride was detected in ten blanks, the highest being 3.9 mg/L, probably as the result of washing bottles, filter apparatuses, and tubing with hydrochloric acid. Sulfate was detected in seven blanks; the highest value was 3.0 mg/L, most likely because of carryover from the high sulfate waters sampled. With only a few exceptions, the remaining blank analyses were near or below method detection limits. Analyses of standard reference water samples by cold-vapor atomic fluorescence spectrometry, ion chromatography, inductively coupled plasma-optical emission spectrometry, inductively coupled plasma-mass spectrometry, FerroZine, graphite furnace atomic absorption spectrometry, hydride generation atomic spectrometry, and titration provided an accuracy check. For constituents greater than 10 times the detection limit, 95 percent of the samples had a percent error of less than 8.5. For constituents within 10 percent of the detection limit, the percent error often increased as a result of measurement imprecision. Charge imbalance was calculated using WATEQ4F and 251 out of 257 samples had a charge imbalance less than 11.8 percent. The charge imbalance for all samples ranged from -16 to 16 percent. Spike
随着网络技术在银行业务的深入应用,网络的访问控制安全策略对银行数据安全的影响越来越重要,传统访问控制无法有效解决银行网络体系对访问控制的安全性和灵活性需求,对此文中提出了一个种基于UCON(Usage Control Model)使用控制的访问控制模型,该模型提出了比传统访问控制策略更加严格和灵活的访问策略,增强了访问控制环节的安全.%With the usage of network technology in-depth applications in the bank business, the access control polices become more and more important to the security of bank data, the traditional access control models couldn' t meet the needs of security and flexibility for access authorization in bank, in order to solve the problem, the paper proposes a kind of UCON-based access control model and proposes access control policy which is more flexible and more secure than that of the traditional ones, and enhances the security of access control.
SCALE--a modular code system for Standardized Computer Analyses Licensing Evaluation--has been developed by Oak Ridge National Laboratory at the request of the US Nuclear Regulatory Commission. The SCALE system utilizes well-established computer codes and methods within standard analysis sequences that (1) allow an input format designed for the occasional user and/or novice, (2) automate the data processing and coupling between modules, and (3) provide accurate and reliable results. System development has been directed at problem-dependent cross-section processing and analysis of criticality safety, shielding, heat transfer, and depletion/decay problems. Since the initial release of SCALE in 1980, the code system has been heavily used for evaluation of nuclear fuel facility and package designs. This revision documents Version 4.2 of the system. This manual is divided into three volumes: Volume 1--for the control module documentation, Volume 2--for the functional module documentation, and Volume 3 for the documentation of the data libraries and subroutine libraries
Landers, N.F.; Petrie, L.M.; Knight, J.R. [Oak Ridge National Lab., TN (United States)] [and others
SCALE--a modular code system for Standardized Computer Analyses Licensing Evaluation--has been developed by Oak Ridge National Laboratory at the request of the US Nuclear Regulatory Commission. The SCALE system utilizes well-established computer codes and methods within standard analysis sequences that (1) allow an input format designed for the occasional user and/or novice, (2) automate the data processing and coupling between modules, and (3) provide accurate and reliable results. System development has been directed at problem-dependent cross-section processing and analysis of criticality safety, shielding, heat transfer, and depletion/decay problems. Since the initial release of SCALE in 1980, the code system has been heavily used for evaluation of nuclear fuel facility and package designs. This revision documents Version 4.2 of the system. This manual is divided into three volumes: Volume 1--for the control module documentation, Volume 2--for the functional module documentation, and Volume 3 for the documentation of the data libraries and subroutine libraries.
Tokamak diagnostic settings are repeatedly modified to meet the changing needs of each experiment. Enabling the remote diagnostic control has significant challenges due to security and efficiency requirements. The Operation Request Gatekeeper (ORG) is a software system that addresses the challenges of remotely but securely submitting modification requests. The ORG provides a framework for screening all the requests before they enter the secure machine zone and are executed by performing user authentication and authorization, grammar validation, and validity checks. A prototype ORG was developed for the ITER CODAC that satisfies their initial requirements for remote request submission and has been tested with remote control of the KSTAR Plasma Control System. This paper describes the software design principles and implementation of ORG as well as worldwide test results.
T. R. Rangaswamy
Full Text Available Wireless sensor networks play a vital role in remote area applications, where human intervention is not possible. In a Wireless Sensor Network (WSN each and every node is strictly an energy as well as bandwidth constrained one. Problem statement: In a standard WSN, most of the routing techniques, move data from multiple sources to a single fixed base station. Because of the greater number of computational tasks, the existing routing protocol did not address the energy efficient problem properly. In order to overcome the problem of energy consumption due to more number of computational tasks, a new method is developed. Approach: The proposed algorithm divides the sensing field into three active clusters and one sleeping cluster. The cluster head selection is based on the distance between the base station and the normal nodes. The Time Division Multiple Access (TDMA mechanism is used to make the cluster remain in the active state as well as the sleeping state. In an active cluster 50% of nodes will be made active and the remaining 50% be in sleep state. A sleeping cluster will be made active after a period of time and periodically changes its functionality. Results: Due to this periodic change of state, energy consumption is minimized. The performance of the Low Energy Adaptive and Clustering Hierarchy (LEACH algorithm is also analyzed, using a network simulator NS2 based on the number of Cluster Heads (CH, Energy consumption, Lifetime and the number of nodes alive. Conclusion: The simulation studies were carried out using a network simulation tool NS2, for the proposed method and this is compared with the performance of the existing protocol. The superiority of the proposed method is highlighted.
Patel, Nirav; Hashim, Taimoor; Godara, Hemant; Ather, Sameer; Arora, Garima; Pasala, Tilak; Whitfield, Thomas T.; McGiffin, David C.; Ahmed, Mustafa I.; Lloyd, Steven G.; Limdi, Nita A.
Background Multiple novel oral anticoagulants and left atrial appendage closure devices (WATCHMAN) have been tested against dose-adjusted vitamin K antagonists in randomized controlled trials for stroke prophylaxis in non-valvular atrial fibrillation. No direct comparisons of these strategies are available from randomized controlled trials. We conducted the current analyses by combining efficacy and safety characteristics of all FDA approved stroke prophylaxis treatment strategies for patients with non-valvular atrial fibrillation. Materials and Methods We searched SCOPUS from 1945 till October 2015 for randomized controlled trials comparing these strategies and reporting efficacy and safety outcomes. Six randomized controlled trials were identified and included in the final analyses and review. We followed PRISMA guidelines for network meta-analyses while reporting the current analyses. We collected data on ischemic stroke, major bleeding, and the composite primary safety endpoint as defined by various randomized controlled trials. Network meta-analyses were conducted using consistency and inconsistency models for efficacy and safety outcomes. Surface under the cumulative ranking curve were then utilized to cluster rank these treatments for safety and efficacy. Results Six randomized controlled trials with 59,627 patients comparing six treatment strategies were eligible for the analyses. All prophylaxis strategies had comparable rates of ischemic stroke. Apixaban was associated with the least number of primary safety endpoint events as compared with all other treatments. In the cluster analyses assessing safety and efficacy, apixaban, edoxaban and dabigatran ranked best followed by vitamin K antagonists and rivaroxaban, whereas the WATCHMAN left atrial appendage closure device ranked last. Conclusions Dose-adjusted vitamin K antagonists, novel oral anticoagulants, and the WATCHMAN left atrial appendage closure devices are equally efficacious for ischemic stroke
Access control is the main strategy of security and protection in Web system, the traditional access control can not meet the needs of the growing security. With using the role based access control (RBAC) model and introducing the concept of the role in the web system, the user is mapped to a role in an organization, access to the corresponding role authorization, access authorization and control according to the user's role in an organization, so as to improve the web system flexibility and security permissions and access control.%访问控制是Web系统中安全防范和保护的主要策略，传统的访问控制已不能满足日益增长的安全性需求。本文在web应用系统中，使用基于角色的访问控制（RBAC）模型，通过引入角色的概念，将用户映射为在一个组织中的某种角色，将访问权限授权给相应的角色，根据用户在组织内所处的角色进行访问授权与控制，从而提高了在web系统中权限分配和访问控制的灵活性与安全性。
Marioara Avram; Serju Dumitrescu; Alexandru Avram
In the present paper we have tried to reveal the way in which we can obtain fiscal and accountant information on a juridical person, information about the persons who have special relations with the entity: associates,administrators and shareholders. For a complete fiscal control, we need other types of information regarding the address of the social residence and the declared working branches/sub offices , the financial position and the performance or nonperformance of the entity: total asse...
Gibbon, Timothy Braidwood; Osadchiy, Alexey Vladimirovich; Kjær, Rasmus;
measurements how a near-saturated semiconductor optical amplifier (SOA) can be used to control these gain transients. An SOA is shown to reduce the penalty of transients originating in an EDFA from 2.3 dB to 0.2 dB for 10 Gb/s transmission over standard single mode fiber using a 231-1 PRBS pattern. The results...
The concepts of permission value and quantified-role are introduced to build a fine-grained Web services access control model. By defining the resources of Web services, service attributes and access modes set, the definitions of permissions set is expanded. The definition and distribution of permission values are studied, and the validation and representation of quantified-role are analysed. The concept of ' behaviour value' of Web services user is proposed, and the correlation between the behaviour values with the role quantity of a user is established. The dynamic calculation of behaviour value and the adjustment of users permissions are achieved based on users behaviours and the context.%引入权限量值和量化角色的概念,建立一个细粒度的Web服务访问控制模型.通过定义Web服务和服务属性资源以及访问模式集,扩展权限集的定义;研究Web服务权限量值的定义和分配,以及量化角色的验证和表示形式;提出Web服务主体的行为量值的概念,建立与主体的角色量值的关联,实现根据Web服务主体的行为和上下文环境动态计算行为量值并调整主体权限的方法.
贺正求; 张叶琳; 张雷刚; 石川
提出了一种基于角色映射的服务组合访问控制体系架构，用来解决服务组合过程中的访问控制问题。架构主要由服务组合访问控制中心和若干服务组合访问控制节点组成，服务组合访问控制中心的核心功能是建立和维护各服务所在安全域之间的角色映射信息，并从全局角度协调服务组合中的访问控制，服务组合访问控制节点是对各安全域访问控制系统的抽象，是访问控制的实施点，具有独立性。在此基础上，架构采用广泛应用于分布式环境的“推模式”授权机制，在实现服务组合中各服务之间的安全调用与协同的同时，又能在很大程度上保持各服务所在安全域的相对独立性和安全性，因而提出的架构具有较好的适应能力和可扩展性。%An access control architecture based on role mapping for service composition is proposed to solve the access control problem in service composition process. The architecture is composed of an access control center and some access control nodes. The core functions of the access control center are to set up and maintain the role mapping information among the security domains,and harmonize the access control for the service composition from the global perspective. The access control node is an abstraction for the access control system of each security domain,and it is the execution point for access control with independence. Furthermore,the architecture adopts an authoriza-tion mechanism called“push mode” that is widely applied in distributed environment. Consequently,not only the access control of service composition can be well implemented in the architecture,but also the independence and security of the participant domains can be pre-served. Thus the applicability and extensibility of the proposed architecture is finer relatively.
Son, Sunghwa; Park, Kyung-Joon; Park, Eun-Chan
In this paper, we deal with the problem of assuring medical-grade quality of service (QoS) for real-time medical applications in wireless healthcare systems based on IEEE 802.11e. Firstly, we show that the differentiated channel access of IEEE 802.11e cannot effectively assure medical-grade QoS because of priority inversion. To resolve this problem, we propose an efficient channel access algorithm. The proposed algorithm adjusts arbitrary inter-frame space (AIFS) in the IEEE 802.11e protocol depending on the QoS measurement of medical traffic, to provide differentiated near-absolute priority for medical traffic. In addition, based on rigorous capacity analysis, we propose an admission control scheme that can avoid performance degradation due to network overload. Via extensive simulations, we show that the proposed mechanism strictly assures the medical-grade QoS and improves the throughput of low-priority traffic by more than several times compared to the conventional IEEE 802.11e. PMID:27490666
Full Text Available Temporary streams are those water courses that undergo the recurrent cessation of flow or the complete drying of their channel. The biological communities in temporary stream reaches are strongly dependent on the temporal changes of the aquatic habitats determined by the hydrological conditions. The use of the aquatic fauna structural and functional characteristics to assess the ecological quality of a temporary stream reach can not therefore be made without taking into account the controls imposed by the hydrological regime. This paper develops some methods for analysing temporary streams' aquatic regimes, based on the definition of six aquatic states that summarize the sets of mesohabitats occurring on a given reach at a particular moment, depending on the hydrological conditions: flood, riffles, connected, pools, dry and arid. We used the water discharge records from gauging stations or simulations using rainfall-runoff models to infer the temporal patterns of occurrence of these states using the developed aquatic states frequency graph. The visual analysis of this graph is complemented by the development of two metrics based on the permanence of flow and the seasonal predictability of zero flow periods. Finally, a classification of the aquatic regimes of temporary streams in terms of their influence over the development of aquatic life is put forward, defining Permanent, Temporary-pools, Temporary-dry and Episodic regime types. All these methods were tested with data from eight temporary streams around the Mediterranean from MIRAGE project and its application was a precondition to assess the ecological quality of these streams using the current methods prescribed in the European Water Framework Directive for macroinvertebrate communities.
Zhu, Yi-Fan; Fan, Xu-Dong; Liang, Bin; Zou, Xin-Ye; Yang, Jing; Cheng, Jian-Chun
Non-Hermitian systems always play a negative role in wave manipulations due to inherent non-conservation of energy as well as loss of information. Recently, however, there has been a paradigm shift on utilizing non-Hermitian systems to implement varied miraculous wave controlling. For example, parity-time symmetric media with well-designed loss and gain are presented to create a nontrivial effect of unidirectional diffraction, which is observed near the exceptional points (EPs) in the non-Hermitian systems. Here, we report the design and realization of non-Hermitian acoustic metamaterial (NHAM) and show that by judiciously tailoring the inherent loss, the phase and amplitude of reflection can possibly be tuned in a decoupled manner. Such decoupled tuning of phase and amplitude is closely related to the EPs. As a demonstration of functionality, we experimentally generate a high-quality acoustic hologram via NHAM. Our work may open a new degree of freedom for realizing the complete control of sound.
Role-based access control(RBAC)is a mainstream technology applied to the system control user access. Accord-ing to the characteristics of the medical system,an access control algorithm is put forward in this paper. On the basis of RBAC model,the access subject and object in the medical system is analyzed,the role is introduced into the system,the permissions is associated with role,and the control for different users’access to records is investigated emphatically. by assigning a role to the appropriate user,then confering an appropriate access privilege on the user,and making the user and access logic separated, the flexibility and security of the permission assignment and access control in the medical system are improved.%基于角色的访问控制是目前应用在系统控制用户访问中比较主流的一门技术。在此针对医疗系统的特点，在基于角色的访问控制模型的基础上，分析医疗系统中的访问主体和客体，引入角色，将权限和角色相关联，重点研究不同用户对记录的访问控制，提出一个访问控制算法，通过分配用户适当的角色，然后授予用户适当的访问权限，使用户和访问权限逻辑分离，从而提高了在医疗系统中权限分配和访问控制的灵活性与安全性。
Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F
As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.
José L. Hernández-Ramos
Full Text Available As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.
Liu, Xuemei; Ge, Baofeng
This paper proposes a media access control (MAC) layer design for wireless body area network (WBAN) systems. WBAN is a technology that targets for wireless networking of wearable and implantable body sensors which monitor vital body signs, such as heart-rate, body temperature, blood pressure, etc. It has been receiving attentions from international organizations, e. g. the Institute of Electrical and Electronics Engineers (IEEE), due to its capability of providing efficient healthcare services and clinical management. This paper reviews the standardization procedure of WBAN and summarizes the challenge of the MAC layer design. It also discusses the methods of improving power consumption performance, which is one of the major issues of WBAN systems. PMID:22616194
Kleinman, Daniel; Gollan, Tamar H
How do bilinguals switch easily between languages in everyday conversation, even though studies have consistently found that switching slows responses? In previous work, researchers have not considered that although switches may happen for different reasons, only some switches-including those typically studied in laboratory experiments-might be costly. Using a repeated picture-naming task, we found that bilinguals can maintain and use two languages as efficiently as a single language, switching between them frequently without any cost, if they switch only when a word is more accessible in the other language. These results suggest that language switch costs arise during lexical selection, that top-down language control mechanisms can be suspended, and that language-mixing efficiency can be strategically increased with instruction. Thus, bilinguals might switch languages spontaneously because doing so is not always costly, and there appears to be greater flexibility and efficiency in the cognitive mechanisms that enable switching than previously assumed. PMID:27016240
Full Text Available IPTV services are typically featured with a longer channel changing delay compared to the conventional TV systems. The major contributor to this lies in the time spent on intraframe (I-frame acquisition during channel changing. Currently, most widely adopted fast channel changing (FCC methods rely on promptly transmitting to the client (conducting the channel changing a retained I-frame of the targeted channel as a separate unicasting stream. However, this I-frame acceleration mechanism has an inherent scalability problem due to the explosions of channel changing requests during commercial breaks. In this paper, we propose a fairness-based admission control (FAC scheme for the original I-frame acceleration mechanism to enhance its scalability by decreasing the bandwidth demands. Based on the channel changing history of every client, the FAC scheme can intelligently decide whether or not to conduct the I-frame acceleration for each channel change request. Comprehensive simulation experiments demonstrate the potential of our proposed FAC scheme to effectively optimize the scalability of the I-frame acceleration mechanism, particularly in commercial breaks. Meanwhile, the FAC scheme only slightly increases the average channel changing delay by temporarily disabling FCC (i.e., I-frame acceleration for the clients who are addicted to frequent channel zapping.
Shao-Hua Li; Hong-Bo Tian; Hong-Jin Zhao; Liang-Hua Chen; Lian-Qun Cui
BACKGROUND: The acute effects of grape polyphenols on endothelial function in adults are inconsistent. Here, we performed meta-analyses to determine these acute effects as measured by flow-mediated dilation (FMD). METHODS: Trials were searched in PubMed, Embase and the Cochrane Library database. Summary estimates of weighted mean differences (WMDs) and 95% CIs were obtained by using random-effects models. Meta-regression and subgroup analyses were performed to identify the source of heterogen...
熊金波; 姚志强; 马建峰; 李凤华; 李琦
针对当前云计算环境中因缺乏多级安全机制而使结构化文档容易产生信息泄露和非授权访问等问题,提出基于行为的多级访问控制(action-based multilevel access control model,AMAC)模型并给出策略的形式化描述.利用信息流中的不干扰理论建立AMAC不干扰模型,并证明AMAC模型中多级访问控制策略的安全性.与已有访问控制模型的比较与分析表明,AMAC模型既可以利用角色、上下文和用户访问行为以提高访问控制策略的灵活性,还可以依据用户,用户访问行为和结构化文档的安全等级实现多级安全机制.%Cloud computing is a promising computing paradigm which has recently drawn extensive attention from both academia and industry.Meanwhile,structured document plays a vital role as information carrier in cloud computing.Therefore apparently,secure access to structured document is a key technology for the quality control of cloud services.In order to prevent information leakage and unauthorized access to the structured document,which is a common problem caused by lack of the multilevel security mechanism in current cloud computing environment,we propose an action-based multilevel access control model (referred to as the AMAC) and provide a formal description of access control policies.In our AMAC model,we employ noninterference theory in the information flow to establish AMAC noninterference model,and prove the security of multilevel access control policies in our AMAC model.Comparison and analysis with the existing access control models demonstrate that the AMAC model not only improves the flexibility of access control policies on the basis of roles,contexts and access actions,but also realizes multilevel security mechanism in terms of the security levels of the user,the access actions and the structured document.
Jessica L Fitterer; Nelson, Trisalyn A.; Stockwell, Timothy
Alcohol consumption often leads to elevated rates of violence yet alcohol access policies continue to relax across the globe. Our review establishes the extent alcohol policy can moderate violent crime through alcohol availability restrictions. Results were informed from comprehensive selection of peer-reviewed journals from 1950 to October 2015. Our search identified 87 relevant studies on alcohol access and violence conducted across 12 countries. Seventeen studies included quasi-control des...
Jessica Laura Fitterer; Nelson, Trisalyn A.; Timothy eStockwell
Alcohol consumption often leads to elevated rates of violence yet alcohol access policies continue to relax across the globe. Our review establishes the extent alcohol policy can moderate violent crime through alcohol availability restrictions. Results were informed from comprehensive selection of peer-reviewed journals from 1950 to October 2015. Our search identified 88 relevant studies on alcohol access and violence conducted across 12 countries. Seventeen studies included quasi-control des...
Julie Balen; Zhao-Chun Liu; McManus, Donald P.; Giovanna Raso; Jürg Utzinger; Shui-Yuan Xiao; Dong-Bao Yu; Zheng-Yuan Zhao; Yue-Sheng Li
BACKGROUND: Access to health care is a major requirement in improving health and fostering socioeconomic development. In the People's Republic of China (P.R. China), considerable changes have occurred in the social, economic, and health systems with a shift from a centrally planned to a socialist market economy. This brought about great benefits and new challenges, particularly for vertical disease control programs, including schistosomiasis. We explored systemic barriers in access to equitab...
From the 01/05/2003, all problems relating to access cards and refusal of access to any zone, building or experiment within CERN must be addressed to the Centrale de Surveillance des Accès (CSA building 120) on 78877 or send an e-mail to Access.Surveillance@cern.ch. The responsibles for CERN access control have put into place a procedure with the CSA, Service Enregistrement and the Technical Control Room, to make sure that all problems get resolved in a proper and timely manner.
This paper proposes an access control model for Web services. The integration of the security model into Web services can realize dynamic right changes of security access control on Web services for improving static access control at present. The new model provides view policy language to describe access control policy of Web services. At the end of the paper we describe an infrastructure of integration of the security model into Web services to enforce access control polices of Web services.%提出了一种用于Web服务的访问控制模型，这种模型和Web服务相结合，能够实现Web服务下安全访问控制权限的动态改变，改善目前静态访问控制问题。新的模型提供的视图策略语言VPL用于描述Web服务的访问控制策略。给出了新的安全模型和Web服务集成的结构，用于执行Web服务访问控制策略。
Full Text Available Abstract Background Viral respiratory infections are common worldwide and range from completely benign disease to life-threatening illness. Symptoms can be unspecific, and an etiologic diagnosis is rarely established because of a lack of suitable diagnostic tools. Improper use of antibiotics is common in this setting, which is detrimental in light of the development of bacterial resistance. It has been suggested that the use of diagnostic tests could reduce antibiotic prescription rates. The objective of this study was to evaluate whether access to a multiplex polymerase chain reaction (PCR assay panel for etiologic diagnosis of acute respiratory tract infections (ARTIs would have an impact on antibiotic prescription rate in primary care clinical settings. Methods Adult patients with symptoms of ARTI were prospectively included. Nasopharyngeal and throat swabs were analysed by using a multiplex real-time PCR method targeting thirteen viruses and two bacteria. Patients were recruited at 12 outpatient units from October 2006 through April 2009, and samples were collected on the day of inclusion (initial visit and after 10 days (follow-up visit. Patients were randomised in an open-label treatment protocol to receive a rapid or delayed result (on the following day or after eight to twelve days. The primary outcome measure was the antibiotic prescription rate at the initial visit, and the secondary outcome was the total antibiotic prescription rate during the study period. Results A total sample of 447 patients was randomised. Forty-one were excluded, leaving 406 patients for analysis. In the group of patients randomised for a rapid result, 4.5% (9 of 202 of patients received antibiotics at the initial visit, compared to 12.3% (25 of 204 (P = 0.005 of patients in the delayed result group. At follow-up, there was no significant difference between the groups: 13.9% (28 of 202 in the rapid result group and 17.2% (35 of 204 in the delayed result group (P
Pulsed Tokamak experiments give rise to significant direct radiation even in the pre-tritium phase. A fundamental safety requirement is the provision of high integrity personnel access control systems to protect site, operational staff and the public from the risk of exposure to high radiation. The paper discusses the radiation hazards during the early hydrogen/deuterium operation and the different levels of installed safeguards which included diverse safety systems in the form of conventional hard wired interlocking and programable logic controllers. The form of a detailed reliability analysis assessing the risk of individual exposure to high radiation (for both the public off-site and staff on-site) is discussed together with the lessons learnt and some of the design changes implemented. An interesting feature is the impact of human reliability in the analysis and how a recently developed technique (HEART) provided an estimation of error rates. The confidence gained in addressing the reliability of personnel and public protection against radiation hazards under normal operating conditions provides an important foundation for the safety analysis of fusion plant with significant tritium inventory. (author). 4 refs, 2 figs, 1 tab
冯朝胜; 秦志光; 袁丁; 卿昱
可控信任域的消失和多租户环境的出现，导致云计算环境下访问控制在诸多关键技术上都面临新的严峻挑战。该文从身份供应、身份认证、访问控制、身份联合和单点登录几个方面介绍了产业界在云访问控制上面临的问题和主要解决方法。从访问控制模型、基于属性的密文访问控制和外包数据的访问控制三个方面评述了学术界在云访问控制上的最新研究成果。基于对已有技术和研究成果的分析，预测了云访问控制研究的未来走向。%The loss of on-board domain and appearance of multi-tenant context bring some new problems and challenges to access control .In this paper ,these problems are listed and the reasons are analyzed first .And then ,aiming at these problems ,the corresponding solutions and techniques are introduced in terms of identity provision ,authentication ,authorization ,identity federation and single sign-on .Next ,latest works about access control of cloud computing are reviewed in terms of access control models ,at-tribute based access control of cipher text ,and access control of outsourcing data .At last ,the trend of study on access control of cloud computing is analyzed and predicted .
Lu, Christine Y.; Ritchie, Jan; Williams, Ken; Day, Ric
Background In Australia, government-subsidised access to high-cost medicines is "targeted" to particular sub-sets of patients under the Pharmaceutical Benefits Scheme to achieve cost-effective use. In order to determine how this access system could be improved, the opinions of key stakeholders on access to biological agents for rheumatoid arthritis were explored. Methods Thirty-six semi-structured interviews were conducted with persons from relevant stakeholder groups. These were transcribed ...
Liu, Jia; Wang, Jun; Wang, Hui; Wang, Wenxiang; Zhou, Rijin; Mei, Desheng; Cheng, Hongtao; Yang, Juan; Raman, Harsh; Hu, Qiong
The majority of rapeseed cultivars shatter seeds upon maturity especially under hot-dry and windy conditions, reducing yield and gross margin return to growers. Here, we identified quantitative trait loci (QTL) for resistance to pod shatter in an unstructured diverse panel of 143 rapeseed accessions, and two structured populations derived from bi-parental doubled haploid (DH) and inter-mated (IF2) crosses derived from R1 (resistant to pod shattering) and R2 (prone to pod shattering) accessions. Genome-wide association analysis identified six significant QTL for resistance to pod shatter located on chromosomes A01, A06, A07, A09, C02, and C05. Two of the QTL, qSRI.A09 delimited with the SNP marker Bn-A09-p30171993 (A09) and qSRI.A06 delimited with the SNP marker Bn-A06-p115948 (A06) could be repeatedly detected across environments in a diversity panel, DH and IF2 populations, suggesting that at least two loci on chromosomes A06 and A09 were the main contributors to pod shatter resistance in Chinese germplasm. Significant SNP markers identified in this study especially those that appeared repeatedly across environments provide a cost-effective and an efficient method for introgression and pyramiding of favorable alleles for pod shatter resistance via marker-assisted selection in rapeseed improvement programs. PMID:27493651
范艳芳; 蔡英; 耿秀华
传统的访问控制通过逻辑的方法来防止未授权的信息访问,忽略了物理位置的作用,从而容易遭受地址欺骗类攻击.将位置信息引入访问控制可以提供更好的安全性.在强制访问控制中客体的安全属性与时间密切相关,访问控制模型中应反映客体的安全属性随时间的变化.以经典的Bell-Lapadula模型为基础,提出一个具有时空约束的强制访问控制模型,综合考虑时间和空间约束,在增加访问控制模型灵活性的基础上提高访问控制模型的安全性.%Traditional access control restrains unauthorized access only by logical method, which is vulnerable to suffer from address spoofing because of ignoring physical location. It can provide better security through introducing spatial information into access control. Security properties of objects are closely related to time in mandatory access control model. Therefore, the change of object's security property over time should be reflected in access control model. Based on classic Bell-Lapadula model (BLP) , a mandatory access control model with temporal and spatial constraints is proposed, in which both time constraints and space constraints are considered. Compared to BLP model, the new model can provide better flexibility and security.
针对RFID中间件访问控制在数据传输、消息传递等方面存在的管理规模小及控制粒度粗的问题,提出了一种结合XACML的基于属性的RFlD中间件访问控制模型(ABAC),该模型能够进行细粒度的访问控制,扩大RFlD中间件访问控制的管理规模并提高其灵活性.%According to the small management scale and rough control size problem when RFID middleware based on role based access control faces data transmission,message delivery and other security challenges, an attribute based access control model combined XACML for RFID middleware is proposed. The model allows a fine-grained access control and enhances the management scale and flexibility for RFID middleware access control.
Full Text Available Analyses of gene expression in single mouse embryonic stem cells (mESCs cultured in serum and LIF revealed the presence of two distinct cell subpopulations with individual gene expression signatures. Comparisons with published data revealed that cells in the first subpopulation are phenotypically similar to cells isolated from the inner cell mass (ICM. In contrast, cells in the second subpopulation appear to be more mature. Pluripotency Gene Regulatory Network (PGRN reconstruction based on single-cell data and published data suggested antagonistic roles for Oct4 and Nanog in the maintenance of pluripotency states. Integrated analyses of published genomic binding (ChIP data strongly supported this observation. Certain target genes alternatively regulated by OCT4 and NANOG, such as Sall4 and Zscan10, feed back into the top hierarchical regulator Oct4. Analyses of such incoherent feedforward loops with feedback (iFFL-FB suggest a dynamic model for the maintenance of mESC pluripotency and self-renewal.
Kohrs, Russell; Langston, G.; Heatherly, S.
Have you ever wondered what it might be like to place control of a six-story building in the hands of eager high school students? This past summer, the USNO 20m telescope at the National Radio Astronomy Observatory, Green Bank, WV was brought back online for just such a purpose. This telescope is equipped with an X-band receiver, capable of observing center frequencies from 8-10 GHz and is the first radio telescope accessible by students and observers through the SKYNET telescope network. Operated remotely with a queue-based system, students can now collect real radio data for any range of projects. This past summer, five lessons were written that were tailor-made for student exploration of radio astronomy. Each lesson explores various radio objects in the context of an action-packed sci-fi adventure. Some of the work required to bring the 20m online for student use will be discussed here, but the main focus of this presentation will be how this work has been received by the author’s own students in its first classroom application. Topics that are normally difficult to discuss with students in an inquiry-based classroom setting, such as HII regions, synchrotron radiation, lunar temperature profiles, and galactic supermassive black holes were addressed in the classroom using the lessons developed by the author for the 20m as well as data collected by students using the telescope via SKYNET.
Whalen, Edward A.
This document serves as the final report for the Flight Services and Aircraft Access task order NNL14AA57T as part of NASA Environmentally Responsible Aviation (ERA) Project ITD12A+. It includes descriptions of flight test preparations and execution for the Active Flow Control (AFC) Vertical Tail and Insect Accretion and Mitigation (IAM) experiments conducted on the 757 ecoDemonstrator. For the AFC Vertical Tail, this is the culmination of efforts under two task orders. The task order was managed by Boeing Research & Technology and executed by an enterprise-wide Boeing team that included Boeing Research & Technology, Boeing Commercial Airplanes, Boeing Defense and Space and Boeing Test and Evaluation. Boeing BR&T in St. Louis was responsible for overall Boeing project management and coordination with NASA. The 757 flight test asset was provided and managed by the BCA ecoDemonstrator Program, in partnership with Stifel Aircraft Leasing and the TUI Group. With this report, all of the required deliverables related to management of this task order have been met and delivered to NASA as summarized in Table 1. In addition, this task order is part of a broader collaboration between NASA and Boeing.