WorldWideScience

Sample records for analysing access control

  1. Analysing Access Control Specifications

    DEFF Research Database (Denmark)

    Probst, Christian W.; Hansen, René Rydhof

    2009-01-01

    common tool to answer this question, analysis of log files, faces the problem that the amount of logged data may be overwhelming. This problems gets even worse in the case of insider attacks, where the attacker’s actions usually will be logged as permissible, standard actions—if they are logged at all....... Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set...

  2. Modelling and Analysing Access Control Policies in XACML 3.0

    DEFF Research Database (Denmark)

    Ramli, Carroline Dewi Puspa Kencana

    XACML (eXtensible Access Control Markup Language) is a prominent access control language that is widely adopted both in industry and academia. XACML is an international standard in the field of information security. The problem with XACML is that its specification is described in natural language...... (c.f. GM03,Mos05,Ris13) and manual analysis of the overall effect and consequences of a large XACML policy set is a very daunting and time-consuming task. In this thesis we address the problem of understanding the semantics of access control policy language XACML, in particular XACML version 3.0. The...... main focus of this thesis is modelling and analysing access control policies in XACML 3.0. There are two main contributions in this thesis. First, we study and formalise XACML 3.0, in particular the Policy Decision Point (PDP). The concrete syntax of XACML is based on the XML format, while its standard...

  3. Android Access Control Extension

    Directory of Open Access Journals (Sweden)

    Anton Baláž

    2015-12-01

    Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.

  4. Android Access Control Extension

    OpenAIRE

    Anton Baláž; Branislav Madoš; Michal Ambróz

    2015-01-01

    The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by pr...

  5. Advanced access control system

    International Nuclear Information System (INIS)

    A prototype voice verification system has been installed which provides the required positive identification at the main site access control point. This system compares an individual's file voice print with a sample voice print obtained from the individual when an attempt is made to enter the site. The voice system transmits the individual's identify to a central processor. The system installed at the Barnwell Nuclear Fuel Plant is described

  6. Advanced access control system

    International Nuclear Information System (INIS)

    A prototype voice verification system has been installed which provides the required positive identification at the main site access control point. This system compares an individual's file voice print with a sample voice print obtained from the individual when an attempt is made to enter the site. The voice system transmits the individual's identity to a central processor. The central processor associates that individual's authorization file with a card-key obtained at the access point. The system generates a record of personnel movement, provides a personnel inventory on a real-time basis, and it can retrieve a record of all prior events. The system installed at the Barnwell Nuclear Fuel Plant is described

  7. Anonymous Biometric Access Control

    Directory of Open Access Journals (Sweden)

    Shuiming Ye

    2009-01-01

    Full Text Available Access control systems using the latest biometric technologies can offer a higher level of security than conventional password-based systems. Their widespread deployments, however, can severely undermine individuals' rights of privacy. Biometric signals are immutable and can be exploited to associate individuals' identities to sensitive personal records across disparate databases. In this paper, we propose the Anonymous Biometric Access Control (ABAC system to protect user anonymity. The ABAC system uses novel Homomorphic Encryption (HE based protocols to verify membership of a user without knowing his/her true identity. To make HE-based protocols scalable to large biometric databases, we propose the k-Anonymous Quantization (kAQ framework that provides an effective and secure tradeoff of privacy and complexity. kAQ limits server's knowledge of the user to k maximally dissimilar candidates in the database, where k controls the amount of complexity-privacy tradeoff. kAQ is realized by a constant-time table lookup to identity the k candidates followed by a HE-based matching protocol applied only on these candidates. The maximal dissimilarity protects privacy by destroying any similarity patterns among the returned candidates. Experimental results on iris biometrics demonstrate the validity of our framework and illustrate a practical implementation of an anonymous biometric system.

  8. Physical Access Control Database

    Data.gov (United States)

    Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...

  9. Access control issues in social networks

    OpenAIRE

    Carreras Coch, Anna; Rodríguez Luna, Eva; Delgado Mercè, Jaime; Maroñas Borras, Xavier

    2010-01-01

    Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability amongst systems using different policy languages and the lack of elements in the existing policy languages when trying to express Social Networks’ access control. In part...

  10. RFID access control

    OpenAIRE

    Luzar, Boštjan

    2012-01-01

    The goal of the thesis was to learn about the procedure of developing applications based on microcontrollers using the Arduino development platform and the IDE environment. Through practical development in the Arduino environment we realized a logic which is capable to authorize access to specific locations and areas based on 125 kHz RFID tags. Although many solutions exist, most of them require a lot of hardware and software because of their modular design and communication types, the so...

  11. Network Access Control List Situation Awareness

    Science.gov (United States)

    Reifers, Andrew

    2010-01-01

    Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

  12. Towards Trusted Network Access Control

    Science.gov (United States)

    Bente, Ingo; von Helden, Josef

    Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.

  13. Controlling Access to Suicide Means

    Directory of Open Access Journals (Sweden)

    Miriam Iosue

    2011-12-01

    Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.

  14. Access Request Trustworthiness in Weighted Access Control Framework

    Institute of Scientific and Technical Information of China (English)

    WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min

    2005-01-01

    Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.

  15. A Linux Implementation of Temporal Access Controls

    OpenAIRE

    Chiang, Ken; Nguyen, Thuy D.; Irvine, Cynthia E.

    2007-01-01

    Control of access to information based upon temporal attributes can add another dimension to access control. To demonstrate the feasibility of operating system level support for temporal access controls, the Time Interval File Protection System (TIFPS), a prototype of the Time Interval Access Control (TIAC) model, has been implemented by modifying Linux extended attributes to include temporal metadata associated both with files and users. The Linux Security Module was used to provide hooks fo...

  16. An Access Control Framework for Reflective Middleware

    Institute of Scientific and Technical Information of China (English)

    Gang Huang; Lian-Shan Sun

    2008-01-01

    Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

  17. Random Access Game and Medium Access Control Design

    OpenAIRE

    Chen, Lijun; Low, Steven H.; Doyle, John C.

    2010-01-01

    Motivated partially by a control-theoretic viewpoint, we propose a game-theoretic model, called random access game, for contention control. We characterize Nash equilibria of random access games, study their dynamics, and propose distributed algorithms (strategy evolutions) to achieve Nash equilibria. This provides a general analytical framework that is capable of modeling a large class of system-wide quality-of-service (QoS) models via the specification of per-node util...

  18. An electronically controlled automatic security access gate

    OpenAIRE

    Jonathan A. Enokela; Michael N. TYOWUAH

    2014-01-01

    The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF) transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is ...

  19. Efficient Access Control for Wireless Sensor Data

    OpenAIRE

    Sorniotti, Alessandro; Molva, Refik; GOMEZ, Laurent; Trefois, Christophe; Laube, Annett; Scaglioso, Piervito

    2009-01-01

    Abstract Although very developed in many sectors (databases, filesystems), access control schemes are still somewhat elusive when it comes to wireless sensor net- works. However, it is clear that many WSN systems—such as healthcare and automotive ones—need a controlled access to data that sensor nodes produce, given its high sensitivity. Enforcing access control in wireless sensor networks is a particularly difficult task due to the limited computational capacity of wireless sensor nodes. In ...

  20. Evaluation of file access control implementations

    OpenAIRE

    Madar, Fatima Ali

    2005-01-01

    This thesis discusses two implementations of file access controls: the UNIX Permissions (UP) and the Access Control List (ACL). We will evaluate advantages and weaknesses in these two implementations. The criteria of evaluation are usefulness, security and manageability. The level of usefulness of systems was measured by evaluating user-surveys. The level of security was measured by comparing the implementations against well-established file access control models concerning privacy, inte...

  1. Access control system for ISABELLE

    International Nuclear Information System (INIS)

    An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release

  2. Access control and service-oriented architectures

    NARCIS (Netherlands)

    Leune, C.J.

    2007-01-01

    Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the

  3. 47 CFR 95.645 - Control accessibility.

    Science.gov (United States)

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  4. Proximity Displays for Access Control

    Science.gov (United States)

    Vaniea, Kami

    2012-01-01

    Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…

  5. Disk access controller for Multi 8 computer

    International Nuclear Information System (INIS)

    After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements

  6. Modelling Access Control For Healthcare Information Systems

    OpenAIRE

    Ferreira, Ana; Chadwick, David W; Antunes, Luis

    2007-01-01

    The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to...

  7. Access control and personal identification systems

    CERN Document Server

    Bowers, Dan M

    1988-01-01

    Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

  8. Access control, security, and trust a logical approach

    CERN Document Server

    Chin, Shiu-Kai

    2010-01-01

    Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti

  9. Access Control Management for SCADA Systems

    Science.gov (United States)

    Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

    The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

  10. An Access Definition and Query Language : Towards a Unified Access Control Model

    OpenAIRE

    Sonnenbichler, Andreas

    2013-01-01

    In this work we suggest a meta access control model emulating established access control models by configuration and offering enhanced features like the delegation of rights, ego-centered roles, and decentralized administration. The suggested meta access control model is named \\'\\'Access Definition and Query Language\\'\\' (ADQL). ADQL is represented by a formal, context-free grammar allowing to express the targeted access control model, policies, facts, and access queries as a formal language.

  11. Performance estimates for personnel access control systems

    International Nuclear Information System (INIS)

    Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems

  12. Performance estimates for personnel access control systems

    Energy Technology Data Exchange (ETDEWEB)

    Bradley, R. G.

    1980-10-01

    Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems.

  13. Access Control in Data Management Systems

    CERN Document Server

    Ferrari, Elena

    2010-01-01

    Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary,

  14. An electronically controlled automatic security access gate

    Directory of Open Access Journals (Sweden)

    Jonathan A. ENOKELA

    2014-11-01

    Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.

  15. Analysing Accessible Tourism in Religious Destinations: The Case of Lourdes, France

    OpenAIRE

    Gassiot, Ariadna; Prats, Lluís; Coromina, Lluís

    2016-01-01

    Accessible tourism and religious tourism are normally treated separately. Even so, curative shrines can be defined as places where these two types of tourism are especially co-habitual. Behaviour of both religious tourists (Battour, Battor, & Bhatti, 2013; Nolan & Nolan, 1992; Rinschede, 1992) and of people with special access needs (Burnett & Baker, 2001; Figueiredo, Eusébio, & Kastenholz, 2012) has been analysed before. However, the behaviour of visitors with special access needs in religio...

  16. LANSCE personnel access control system (PACS)

    International Nuclear Information System (INIS)

    The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described

  17. VHDL IMPLEMENTATION OF TEST ACCESS PORT CONTROLLER

    Directory of Open Access Journals (Sweden)

    MANPREET KAUR

    2012-06-01

    Full Text Available In this paper, an implementation of IEEE 1149.7 standard is used for designing Test Access Port (TAP Controller and testing of interconnects is done using boundary scan. By c-JTAG the pin count gets reduced which increases the performance and simplifies the connection between devices. TAP Controller is a synchronous Moore type finite state machine that is changed when the TMS and TCK signals of the test access port gets change. This controls the sequence operation of the circuitry conveyed by JTAG and c-JTAG. JTAGmainly used four pins with TAP and fifth pin is for optional use in Boundary scan. But c-JTAG uses only two pins with TAP. In this approach TDI and TDO gets multiplexed by using class T4 and T5 of c-JTAG. Various instructions are used for testing interconnects using IEEE 1149.7 standard (std.

  18. Speed control system for an access gate

    Science.gov (United States)

    Bzorgi, Fariborz M.

    2012-03-20

    An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.

  19. Establishing mandatory access control on Android OS

    OpenAIRE

    Bugiel, Sven

    2015-01-01

    Common characteristic of all mobile operating systems for smart devices is an extensive middleware that provides a feature-rich API for the onboard sensors and user’s data (e.g., contacts). To effectively protect the device’s integrity, the user’s privacy, and to ensure non-interference between mutually distrusting apps, it is imperative that the middleware enforces rigid security and privacy policies. This thesis presents a line of work that integrates mandatory access control (MAC) mecha...

  20. Studying Media Access andControl Protocols

    OpenAIRE

    Mohammed, Alalelddin Fuad Yousif

    2010-01-01

    This thesis project’s goal is to enable undergraduate students to gain insight into media access and control protocols based upon carrying out laboratory experiments. The educational goal is to de-mystifying radio and other link and physical layer communication technologies as the students can follow packets from the higher layers down through the physical layer and back up again. The thesis fills the gap between the existing documentation for the Universal Software Radio Peripheral (USRP) re...

  1. Predictive access control for distributed computation

    DEFF Research Database (Denmark)

    Yang, Fan; Hankin, Chris; Nielson, Flemming;

    2013-01-01

    We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future...... behavior of a program. A novel feature of our approach is that we can define policies concerning secondary use of data....

  2. External access to ALICE controls conditions data

    International Nuclear Information System (INIS)

    ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead – users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data – an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

  3. External access to ALICE controls conditions data

    Science.gov (United States)

    Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.

    2014-06-01

    ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

  4. Distributed medium access control in wireless networks

    CERN Document Server

    Wang, Ping

    2013-01-01

    This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi

  5. Integrating Attributes into Role-Based Access Control

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram

    2015-01-01

    Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area of...... research recently. We propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that takes into account the current contextual information while making the access control decisions....

  6. Secure Dynamic access control scheme of PHR in cloud computing.

    Science.gov (United States)

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  7. Cardea: Dynamic Access Control in Distributed Systems

    Science.gov (United States)

    Lepro, Rebekah

    2004-01-01

    Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This . paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functionality goals are examined. Next, critical features of the system architecture and its handling of the authorization process are then examined. Then the S A M L and XACML standards, as incorporated into the system, are analyzed. Finally, the future directions of this project are outlined and connection points with general components of an authorization system are highlighted.

  8. Research of user access control for networked manufacturing system

    Institute of Scientific and Technical Information of China (English)

    ZHENG Xiao-lin; LEI Yu; CHEN De-ren

    2006-01-01

    An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

  9. Analysis and Comparison of Access Control Policies Validation Mechanisms

    OpenAIRE

    Muhammad Aqib; Riaz Ahmed Shaikh

    2014-01-01

    Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature....

  10. [Access to birth control: a world estimate].

    Science.gov (United States)

    Blanco, C

    1988-04-01

    The populations of the developed countries have easy access to contraception, but adequate family planning services are lacking in 80 of 93 recently studied Third World countries. 58% of the population of the developing world lives in these 80 countries. 43% or 372 million of the world's reproductive aged couples use modern and safe contraception. Of these, 102 million live in industrialized countries, about 146 million in the People's Republic of China, and 124 million in other developing countries. Only 27% of couples in developing countries apart from China use modern contraception. Abortion continues to be the most used method of fertility control. About 33 million legal abortions and 27 million illegal abortions are performed annually. Some 250 million women in developing countries who do not desire pregnancy are without family planning information or services. 1 year of protection costs about US $20 per couple in a developing country. Governments of developed countries spend about US $1.5 billion on family planning programs, of which about $500 million is slated for external aid to population programs. An additional investment of $5 billion is needed to provide family planning services to the 250 million women needing them. The 15 most populated industrialized countries which account for 91% of the population of the developed world mostly have good or excellent access to family planning services and information, although some comparatively minor problems may persist. Access to contraception in the countries of Eastern Europe is considered only good because of governmental restrictions on sterilization. Access is hampered in Japan by unavailability of some types of IUDs and pills and severe restrictions on sterilization. Family planning services are only average in the USSR because of poor quality and irregular supplies of modern contraceptives, especially in rural areas. Abortion, although not always easy to arrange because of bureaucratic delays, remains the

  11. Break-glass handling exceptional situations in access control

    CERN Document Server

    Petritsch, Helmut

    2014-01-01

    Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres

  12. Delegation in Role Based Access Control Model for Workflow Systems

    Directory of Open Access Journals (Sweden)

    Prasanna H Bammigatti

    2008-03-01

    Full Text Available Role -based access control (RBAC has been introduced in the last few years, and offers a powerful means of specifying access control decisions. The model of RBAC usually assumes that, if there is a role hierarchy then access rights are inherited upwards through the hierarchy. In organization workflow the main threat is of access control. The Role based access control is one of the best suitable access control model one can think of. It is not only the role hierarchies but also other control factors that affect the access control in the workflow. The paper discusses the control factors and role hierarchies in workflow and brings a new model of RBAC. This paper also over comes the conflicts and proves that the system is safe by applying the new model to the workflow

  13. Context-Based E-Health System Access Control Mechanism

    Science.gov (United States)

    Al-Neyadi, Fahed; Abawajy, Jemal H.

    E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.

  14. Attributes Enhanced Role-Based Access Control Model

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram

    2015-01-01

    Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an...... important area of research. In this paper, we propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control...... decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy....

  15. Income sources as underlying business models’ attributes for scholarly journals: preliminary findings from analysing open access journals data

    OpenAIRE

    Polydoratou, P.; Schimmer, R.

    2010-01-01

    The Study for Open Access Publishing (SOAP) project is one of the initiatives undertaken to explore the risks and opportunities of the transition to open access publishing. Some of the early analyses of open access journals listed in the Directory of Open Access Journals (DOAJ) show that more than half of the open access publishing initiatives (56%) were undertaken by smaller publishers associated with a small number of journals. The study differentiates between 14 large publishers and other ...

  16. Income sources as underlying business models’ attributes for scholarly journals: preliminary findings from analysing open access journals’ data

    OpenAIRE

    The SOAP consortium; Polydoratou, Panayiota; Schimmer, Ralf

    2010-01-01

    The Study for Open Access Publishing (SOAP) project is one of the initiatives undertaken to explore the risks and opportunities of the transition to open access publishing. Some of the early analyses of open access journals listed in the Directory of Open Access Journals (DOAJ) show that more than half of the open access publishing initiatives (56%) were undertaken by smaller publishers associated with a small number of journals. The study differentiates between 14 large publishers and other ...

  17. Verifying Resource Access Control on Mobile Interactive Devices

    OpenAIRE

    Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas; Pichardie, David

    2010-01-01

    A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operation...

  18. MATISSE: A novel tool to access, visualize and analyse data from planetary exploration missions

    OpenAIRE

    Zinzi, Angelo; Capria, Maria Teresa; Palomba, Ernesto; Giommi, Paolo; Antonelli, Lucio Angelo

    2016-01-01

    The increasing number and complexity of planetary exploration space missions require new tools to access, visualize and analyse data to improve their scientific return. ASI Science Data Center (ASDC) addresses this request with the web-tool MATISSE (Multi-purpose Advanced Tool for the Instruments of the Solar System Exploration), allowing the visualization of single observation or real-time computed high-order products, directly projected on the three-dimensional model of the selected target ...

  19. The Galaxy platform for accessible, reproducible and collaborative biomedical analyses: 2016 update.

    Science.gov (United States)

    Afgan, Enis; Baker, Dannon; van den Beek, Marius; Blankenberg, Daniel; Bouvier, Dave; Čech, Martin; Chilton, John; Clements, Dave; Coraor, Nate; Eberhard, Carl; Grüning, Björn; Guerler, Aysam; Hillman-Jackson, Jennifer; Von Kuster, Greg; Rasche, Eric; Soranzo, Nicola; Turaga, Nitesh; Taylor, James; Nekrutenko, Anton; Goecks, Jeremy

    2016-07-01

    High-throughput data production technologies, particularly 'next-generation' DNA sequencing, have ushered in widespread and disruptive changes to biomedical research. Making sense of the large datasets produced by these technologies requires sophisticated statistical and computational methods, as well as substantial computational power. This has led to an acute crisis in life sciences, as researchers without informatics training attempt to perform computation-dependent analyses. Since 2005, the Galaxy project has worked to address this problem by providing a framework that makes advanced computational tools usable by non experts. Galaxy seeks to make data-intensive research more accessible, transparent and reproducible by providing a Web-based environment in which users can perform computational analyses and have all of the details automatically tracked for later inspection, publication, or reuse. In this report we highlight recently added features enabling biomedical analyses on a large scale. PMID:27137889

  20. A Formal Model of Access Control for Mobile Interactive Devices

    OpenAIRE

    Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas

    2006-01-01

    This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Javaenabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for...

  1. ACADA: Access Control-driven Architecture with Dynamic Adaptation

    OpenAIRE

    Pereira, Óscar Narciso Mortágua; Rui L. Aguiar; Santos, Maribel Yasmina

    2012-01-01

    Programmers of relational database applications use software solutions (Hibernate, JDBC, LINQ, ADO.NET) to ease the development process of business tiers. These software solutions were not devised to address access control policies, much less for evolving access control policies, in spite of their unavoidable relevance. Currently, access control policies, whenever implemented, are enforced by independent components leading to a separation between policies and their enf...

  2. Performance analysis of multichannel medium access control algorithms for opportunistic spectrum access

    NARCIS (Netherlands)

    Pawelczak, P.; Pollin, S.; So, H.-S.W.; Bahai, A.R.S.; Prasad, R.V.; Hekmat, R.

    2009-01-01

    In this paper, different control channel (CC) implementations for multichannel medium access control (MAC) algorithms are compared and analyzed in the context of opportunistic spectrum access (OSA) as a function of spectrum-sensing performance and licensed user activity. The analysis is based on a d

  3. CONTEXT BASED ACCESS CONTROL MODEL FOR PROTECTING PERVASIVE ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    V. Nirmalrani

    2014-04-01

    Full Text Available -In Pervasive Computing, access control is a critical issue which gives many opportunities for users to access and share the resources anytime and anywhere in a more easiest way. Pervasive Computing Environments are heterogeneous and dynamic sensor-rich environments characterized by frequent and unpredictable changes on users, resources, and environment situations. These environments call the access control solutions that allow dynamic adjustments of access permissions based on information describing the conditions of these entities (context, such as location and time. Some existing models attempt to identify context information which is used as an optional attribute for limiting the scope of access control permissions. However, these approaches normally exploit identities and roles dynamically assigned to the users in order to grant access permissions, which is an inappropriate solution for open and dynamic environments. Those environments cannot assume the existence of predefined roles and user-role associations. Hence the access permissions are claimed and assigned to the users only based on context information, which characterizing the three most important entities of any access control framework: owners, requestors, and resources. Thus, this paper proposes a generalized context-based access control model for making access control decisions completely based on context information, offering seven types of context-based access control policies. The proposed model also takes into account the privacy requirements when enforcing access control policies, such as the support to purposes and obligations. In addition this paper proposes the integration of mechanism to detect / resolve dynamic and static conflict on context-based access control policies.

  4. Campus Access Control System RFID Based

    Directory of Open Access Journals (Sweden)

    Mr. SANTHOSH S

    2012-06-01

    Full Text Available Radio frequency identification (RFID technology has helped many organizations to reduce cost. Nevertheless, there are challenges and issues associated with RFID adoption. The most common internal challenge for many organizations is justifying the investment and modification of processes. The focus of this project is to show the business value of RFID technology and its applications. The important issue is the security level of the whole campus because it needs to be carefully differentiated. Dormitories and special research laboratories should benefit from higher levels of security than any other campuses. The key to the problem is represented by the new Radio Frequency Identification (RFID which can support contactless cards with memory. The most important feature of the proposed system is the updating of access permission level at any time for the user based on the availability of that user. The data transfer from the reader to the database was done using wireless communication (RF communication. To achieve this here RF transmitter and the RF receiver is used. The data which is read by the reader is sent to the microcontroller. Then from the controller we can transfer the data to the database by using the UART module (serial communication which is inbuilt in the microcontroller through RF transmitter. RF receiver of the same frequency at the receiver end receives and then stores the data in the database. RF transmitter and Receiver – frequency for transmitting and receiving the data depends on the user as per the requirement for the application and it is based on the range of distance. For the data encoding and decoding process HCS-101 protocol is used.

  5. Open versus Controlled-Access Data | Office of Cancer Genomics

    Science.gov (United States)

    OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

  6. Law-Aware Access Control and its Information Model

    CERN Document Server

    Stieghahn, Michael

    2010-01-01

    Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation dir...

  7. The development of the microcomputer controlling system for micro uranium on-line analyser

    International Nuclear Information System (INIS)

    The author presents the microcomputer controlling system for micro uranium on-line analyser under Windows 3.2 system (Chinese). The user program is designed with Visual Basic 4.0, the program of controlling the hardware interface with Windows Dynamic Linking Library (DLL) which is programmed by Borland C++ 4.5, and the date processing is with Access 2.0 database

  8. Distributed Role-based Access Control for Coaliagion Application

    Institute of Scientific and Technical Information of China (English)

    HONG Fan; ZHU Xian; XING Guanglin

    2005-01-01

    Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.

  9. Dynamic User Role Assignment in Remote Access Control

    NARCIS (Netherlands)

    Saffarian, Mohsen; Tang, Qiang; Jonker, Willem; Hartel, Pieter

    2009-01-01

    The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,

  10. Analysis of Access Control Policies in Operating Systems

    Science.gov (United States)

    Chen, Hong

    2009-01-01

    Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

  11. Analysis and Comparison of Access Control Policies Validation Mechanisms

    Directory of Open Access Journals (Sweden)

    Muhammad Aqib

    2014-12-01

    Full Text Available Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature. In this paper, we have provided a first detailed survey of this domain and presented the taxonomy of the access control policy validation mechanisms. Furthermore, we have provided a qualitative comparison and trend analysis of the existing schemes. From this survey, we found that only few validation mechanisms exist that can handle both inconsistency and incompleteness problem. Also, most of the policy validation techniques are inefficient in handling continuous values and Boolean expressions.

  12. A Model of Workflow-oriented Attributed Based Access Control

    Directory of Open Access Journals (Sweden)

    Guoping Zhang

    2011-02-01

    Full Text Available the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC, and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.

  13. Media Access Control for Wireless Sensor and Actuator Networks

    OpenAIRE

    Nabi, Muaz Un

    2012-01-01

    In a wireless network, the medium is a shared resource. The nodes in the network negotiate access of the shared resource using the Medium Access Control (MAC) protocol. The design of a MAC protocol for a sensor node is not the same as that for a wireless transceiver. Due to the transceiver characteristics, the MAC protocol design is limited in terms of medium access methods. However, in most cases, the protocols rely on simple access methods i.e. Time Division Multiple Access (TDMA) or Carrie...

  14. MATISSE: A novel tool to access, visualize and analyse data from planetary exploration missions

    Science.gov (United States)

    Zinzi, A.; Capria, M. T.; Palomba, E.; Giommi, P.; Antonelli, L. A.

    2016-04-01

    The increasing number and complexity of planetary exploration space missions require new tools to access, visualize and analyse data to improve their scientific return. ASI Science Data Center (ASDC) addresses this request with the web-tool MATISSE (Multi-purpose Advanced Tool for the Instruments of the Solar System Exploration), allowing the visualization of single observation or real-time computed high-order products, directly projected on the three-dimensional model of the selected target body. Using MATISSE it will be no longer needed to download huge quantity of data or to write down a specific code for every instrument analysed, greatly encouraging studies based on joint analysis of different datasets. In addition the extremely high-resolution output, to be used offline with a Python-based free software, together with the files to be read with specific GIS software, makes it a valuable tool to further process the data at the best spatial accuracy available. MATISSE modular structure permits addition of new missions or tasks and, thanks to dedicated future developments, it would be possible to make it compliant to the Planetary Virtual Observatory standards currently under definition. In this context the recent development of an interface to the NASA ODE REST API by which it is possible to access to public repositories is set.

  15. Distributed Access Control Policies for Spectrum Sharing

    OpenAIRE

    Baldini, Gianmarco; NAI-FOVINO Igor; Trombetta, Alberto; Braghin, Stefano

    2012-01-01

    Cognitive Radio (CR) is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio (CR) technology can be used in innovative spectrum management approaches like spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various...

  16. Controlled trial of an open-access physiotherapy service

    OpenAIRE

    Gentle, P. H.; Herlihy, P. J.; Roxburgh, I. O.

    1984-01-01

    A randomized controlled trial of outpatient open-access physiotherapy was carried out at West Cornwall Hospital during 1979/80. The referral rate to consultant outpatient clinics for those patients offered open-access physiotherapy was considerably lower than for the control group (17 per cent and 56 per cent respectively). Patients using the service received physiotherapy promptly although this did not result in shorter treatments. Those of the control group who eventually received physiothe...

  17. Robust access control framework for mobile cloud computing network

    OpenAIRE

    Li, F; Rahulamathavan, Y.; Conti, M.; Rajarajan, M.

    2015-01-01

    Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not su...

  18. A new access control system by fingerprint for radioisotope facilities

    Energy Technology Data Exchange (ETDEWEB)

    Kawamura, Hiroko; Hirata, Yasuki [Kyushu Univ., Fukuoka (Japan). Radioisotope Center; Kondo, Takahiro; Takatsuki, Katsuhiro

    1998-04-01

    We applied a new fingerprint checker for complete access control to the radiation controlled area and to the radioisotope storage room, and prepared softwares for the best use of this checker. This system consists of a personal computer, access controllers, a fingerprint register, fingerprint checkers, a tenkey and mat sensors, permits ten thousand users to register their fingerprints and its hard disk to keep more than a million records of user`s access. Only 1% of users could not register their fingerprints worn-out, registered four numbers for a fingerprint. The softwares automatically provide varieties of reports, caused a large reduction in manual works. (author)

  19. An Extended Role Based Access Control Method for XML Documents

    Institute of Scientific and Technical Information of China (English)

    MENG Xiao-feng; LUO Dao-feng; OU Jian-bo

    2004-01-01

    As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

  20. Role Based Access Control system in the ATLAS experiment

    International Nuclear Information System (INIS)

    The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (∼3000), roles (∼320), groups (∼80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.

  1. Role Based Access Control system in the ATLAS experiment

    Science.gov (United States)

    Valsan, M. L.; Dobson, M.; Lehmann Miotto, G.; Scannicchio, D. A.; Schlenker, S.; Filimonov, V.; Khomoutnikov, V.; Dumitru, I.; Zaytsev, A. S.; Korol, A. A.; Bogdantchikov, A.; Avolio, G.; Caramarcu, C.; Ballestrero, S.; Darlea, G. L.; Twomey, M.; Bujor, F.

    2011-12-01

    The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.

  2. Geospacial information utilized under the access control strategy

    Institute of Scientific and Technical Information of China (English)

    TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming

    2007-01-01

    This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.

  3. On the Impact of information access delays on remote control of a wind turbine

    DEFF Research Database (Denmark)

    Madsen, Jacob Theilgaard; Barradas Berglind, Jose de Jesus; Madsen, Tatiana Kozlova;

    2015-01-01

    on a wind farm controller. The controller attempts to reduce fatigue on the wind turbine, which is used as a measure of the controller performance. Via simulation analysis, we show the degradation of the controller performance when subject to network delays. We analyse different access strategies...... useable by the controller to gather sensor information and and quantitatively characterize the impact of these access strategies on the controller performance......It is important to reduce the impact of renewable production in the power grid by means of control, due to increased frequency deviations and imbalances caused by these assets. Cost efficient deployment of asset control frequently results in a distributed control architecture where the controller...

  4. Modeling Access Control Policy of a Social Network

    Directory of Open Access Journals (Sweden)

    Chaimaa Belbergui

    2016-06-01

    Full Text Available Social networks bring together users in a virtual platform and offer them the ability to share -within the Community- personal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information, privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work.

  5. Access Control of Web- and Java-Based Applications

    Science.gov (United States)

    Tso, Kam S.; Pajevski, Michael J.

    2013-01-01

    Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

  6. Personnel Access Control System Evaluation for National Ignition Facility Operations

    Energy Technology Data Exchange (ETDEWEB)

    Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.

    2001-06-01

    The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.

  7. Mining Attribute-Based Access Control Policies from Logs

    OpenAIRE

    Xu, Zhongyuan; Stoller, Scott,

    2014-01-01

    Attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for mining ABAC policies from operation logs and attribute data. To the best of our knowledge, it is the ...

  8. A United Access Control Model for Systems in Collaborative Commerce

    OpenAIRE

    Ruo-Fei Han; Hou-Xiang Wang; Qian Xiao; Xiao-Pei Jing; Hui Li

    2009-01-01

    The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management...

  9. Reinforcement Learning Technique in Multiple Motorway Access Control Strategy Design

    OpenAIRE

    Veljanovska, Kostandina; M. Bombol, Kristi; Maher, Tomaž

    2010-01-01

    An appropriately designed motorway access control can decrease the total travel time spent in the system up to 30% and consequently increase the merging operations safety. To date, implemented traffic responsive motorway access control systems have been of local or regulatory type and not truly adaptive in the real sense of the meaning. Hence, traffic flow can be influenced positively by numerous intelligent transportation system (ITS) techniques. In this paper a contemporary approach is pres...

  10. MATISSE: A novel tool to access, visualize and analyse data from planetary exploration missions

    CERN Document Server

    Zinzi, Angelo; Palomba, Ernesto; Giommi, Paolo; Antonelli, Lucio Angelo

    2016-01-01

    The increasing number and complexity of planetary exploration space missions require new tools to access, visualize and analyse data to improve their scientific return. ASI Science Data Center (ASDC) addresses this request with the web-tool MATISSE (Multi-purpose Advanced Tool for the Instruments of the Solar System Exploration), allowing the visualization of single observation or real-time computed high-order products, directly projected on the three-dimensional model of the selected target body. Using MATISSE it will be no longer needed to download huge quantity of data or to write down a specific code for every instrument analysed, greatly encouraging studies based on joint analysis of different datasets. In addition the extremely high-resolution output, to be used offline with a Python-based free software, together with the files to be read with specific GIS software, makes it a valuable tool to further process the data at the best spatial accuracy available. MATISSE modular structure permits addition of ...

  11. An accessible, scalable ecosystem for enabling and sharing diverse mass spectrometry imaging analyses.

    Science.gov (United States)

    Fischer, Curt R; Ruebel, Oliver; Bowen, Benjamin P

    2016-01-01

    Mass spectrometry imaging (MSI) is used in an increasing number of biological applications. Typical MSI datasets contain unique, high-resolution mass spectra from tens of thousands of spatial locations, resulting in raw data sizes of tens of gigabytes per sample. In this paper, we review technical progress that is enabling new biological applications and that is driving an increase in the complexity and size of MSI data. Handling such data often requires specialized computational infrastructure, software, and expertise. OpenMSI, our recently described platform, makes it easy to explore and share MSI datasets via the web - even when larger than 50 GB. Here we describe the integration of OpenMSI with IPython notebooks for transparent, sharable, and replicable MSI research. An advantage of this approach is that users do not have to share raw data along with analyses; instead, data is retrieved via OpenMSI's web API. The IPython notebook interface provides a low-barrier entry point for data manipulation that is accessible for scientists without extensive computational training. Via these notebooks, analyses can be easily shared without requiring any data movement. We provide example notebooks for several common MSI analysis types including data normalization, plotting, clustering, and classification, and image registration. PMID:26365033

  12. Dynamically Authorized Role-Based Access Control for Grid Applications

    Institute of Scientific and Technical Information of China (English)

    YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan

    2006-01-01

    Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.

  13. Access Control in Cloud Computing Environment

    Directory of Open Access Journals (Sweden)

    Soorat Hussain

    2014-01-01

    Full Text Available Cloud Computing is a new technology which is directly connected with the internet which provide on demand self service internet infrastructure where a customer can pay and use only what is needed. Cloud Computing all services are managed by third party cloud service provider. Nowadays majority using static password to login into the system or access the online accounts in cloud but never change the password which is not secure . Since Cloud computing is a quite new subject, most of the cloud providers have not yet tighten up their security and still use insecure or complicated login method. Static password thoroughly investigated and found out that it is not completing the cloud computing security requirement. Proposed solution is One Time Password and One Day Password, OTP will get expire after two minutes, if user again login will request and receive new password via email and ODP will get expire after 24 hours and on request receive new password via email for new login session. OTP/ODP used with AES encryption. This paper focuses the authentication and transmission encryption in cloud computing services.

  14. Biofuel quality control by portable XRF-analyser

    OpenAIRE

    Golubev, Vitaly

    2015-01-01

    The objective of this thesis project was to find out feasibility of using a handheld XRF-analyser in solid biofuel quality control, particularly for recovered wood. Global biomass supply is estimated to grow rapidly, creating demand for automatic quality control systems. X-ray fluorescent technology brings about quick, accurate and non-destructive elemental analysis. Recovered wood fuel is challenging for combustion due to high levels of contaminants. During this work a list of challenging ch...

  15. Hopping control channel MAC protocol for opportunistic spectrum access networks

    Institute of Scientific and Technical Information of China (English)

    FU Jing-tuan; JI Hong; MAO Xu

    2010-01-01

    Opportunistic spectrum access (OSA) is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access (CHMA) protocol,we introduce a hopping control channel medium access control (MAC) protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users' occupancy of the channel,we use a primary user (PU) detection model to calculate the channel availability for unlicensed users' access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.

  16. A United Access Control Model for Systems in Collaborative Commerce

    Directory of Open Access Journals (Sweden)

    Ruo-Fei Han

    2009-06-01

    Full Text Available The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management of internal functions is of the same importance as external service management. It is very troublesome to control authorizations merely with attributes and composition of policies introduced from attribute-based access control (ABAC. So, we introduce a united access control model for systems in collaborative commerce, combining the advantages of conventional role-based access control (RBAC, task-based authentication control (TBAC and that of recent ABAC and automated trust negotiation (ATN. Innovational ideas in the model are analyzed, and the implement architecture is discussed. The paper concludes with a summary of the united model’s benefits and future work.

  17. SPS access control system a new user interface

    CERN Document Server

    Riesco, T

    1999-01-01

    This document describes the project to implement at CERN new trends in industrial control systems and integrate new requirements and functions requested by users. This project will be the testing ground for the specification of procedures in the Access Control and Machine Interlock of LHC. The last modification in the Access Control System to the primary beam areas was made in 1995, and this new project is to improve the fields of personal security, access security and the introduction of modern communication networks used in the industrial control systems. Inside the cycle model of project life, it is at the present time in the test phase in terms of security and exploitation inside the Accelerator Decelerator (AD) project. The presence of Authorization Management System (AMS) to guarantee the automatic information distribution of authorizations to controlled areas is in line with this project.

  18. Face recognition in controlled access points

    OpenAIRE

    Mur Escartín, Olga

    2009-01-01

    The thesis consist in the study and evaluation of different methods for face recognition. The final objective is to select the most suitable techniques for face detection and recognition. Some of these techniques will be intergrated in a real time demontrator which will be a preliminary prototype that will have to work in controlled conditions (for ilumination and pose) and with reduced databases. The demonstrator will be done in Matlab and the main image acquisition rotines and face detectio...

  19. Role Based Access Control system in the ATLAS experiment

    CERN Document Server

    Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G

    2011-01-01

    The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...

  20. Role Based Access Control System in the ATLAS Experiment

    CERN Document Server

    Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F

    2010-01-01

    The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...

  1. A Survey of Access Control Models in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Htoo Aung Maw

    2014-06-01

    Full Text Available Wireless sensor networks (WSNs have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.

  2. Control with a random access protocol and packet dropouts

    Science.gov (United States)

    Wang, Liyuan; Guo, Ge

    2016-08-01

    This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.

  3. Efficient medium access control protocol for geostationary satellite systems

    Institute of Scientific and Technical Information of China (English)

    王丽娜; 顾学迈

    2004-01-01

    This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.

  4. Public information: control, secret and right of access

    OpenAIRE

    Carmem Lúcia Batista

    2012-01-01

    Recently, in November 2011, it was published the law on access to public information, legal and historic mark in the struggle for human rights in Brazil. This achievement is the result of a process marked by denial of access to public archives, as it was the case of the Araguaia Guerrilla, valuing the culture of secrecy, abuse of power and relations between public and private in Brazil. Thus, the aim of this paper is to present a brief history about the control of access to public information...

  5. Law-Aware Access Control and its Information Model

    OpenAIRE

    Stieghahn, Michael; Engel, Thomas

    2010-01-01

    Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for exa...

  6. Open Platform Strategies and Innovation: Granting Access vs. Devolving Control

    OpenAIRE

    Kevin Boudreau

    2010-01-01

    This paper studies two fundamentally distinct approaches to opening a technology platform and their different impacts on innovation. One approach is to grant access to a platform and thereby open up markets for complementary components around the platform. Another approach is to give up control over the platform itself. Using data on 21 handheld computing systems (1990-2004), I find that granting greater levels of access to independent hardware developer firms produces up to a fivefold accele...

  7. User Behavior Trust Based Cloud Computing Access Control Model

    OpenAIRE

    Jiangcheng, Qin

    2016-01-01

    Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud...

  8. Task-role-based Access Control Model in Smart Health-care System

    OpenAIRE

    Wang Peng; Jiang Lingyun

    2015-01-01

    As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for...

  9. PGA: power calculator for case-control genetic association analyses

    OpenAIRE

    Chen Bingshu E; Rosenberg Philip S; Menashe Idan

    2008-01-01

    Abstract Background Statistical power calculations inform the design and interpretation of genetic association studies, but few programs are tailored to case-control studies of single nucleotide polymorphisms (SNPs) in unrelated subjects. Results We have developed the "Power for Genetic Association analyses" (PGA) package which comprises algorithms and graphical user interfaces for sample size and minimum detectable risk calculations using SNP or haplotype effects under different genetic mode...

  10. TEMPERATURE DISTRIBUTION MONITORING AND ANALYSES AT DIFFERENT HEATING CONTROL PRINCIPLES

    DEFF Research Database (Denmark)

    Simone, Angela; Rode, Carsten; Olesen, Bjarne W.

    2010-01-01

    control sensor which was already installed. The room was heated by means of electrical radiators, which should be able to control the indoor environment to guarantee the desired thermal conditions for the occupants and to supply heat according to desired load patterns. Five series of experiments were done...... comfort conditions for the building occupants. During the winter and spring of 2009 a study based on analyses of the local temperatures distribution in a room was performed. The purpose was to compare the temperature distribution in the room with the temperature measured and logged by the heating system...... when temperature control strategy THERM was used. Notable vertical temperature gradients were monitored in the occupied zone (especially for the PRBS control strategy) when there were high solar gains....

  11. A Service Access Security Control Model in Cyberspace

    Science.gov (United States)

    Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi

    A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.

  12. Access to Health Care and Control of ABCs of Diabetes

    OpenAIRE

    Zhang, Xuanping; Bullard, Kai McKeever; Gregg, Edward W.; Beckles, Gloria L.; Williams, Desmond E.; Barker, Lawrence E; Albright, Ann L.; Imperatore, Giuseppina

    2012-01-01

    OBJECTIVE To examine the relationship between access to health care and diabetes control. RESEARCH DESIGN AND METHODS Using data from the National Health and Nutrition Examination Survey, 1999–2008, we identified 1,221 U.S. adults (age 18–64 years) with self-reported diabetes. Access was measured by current health insurance coverage, number of times health care was received over the past year, and routine place to go for health care. Diabetes control measures included the proportion of people...

  13. Privacy Preservation in Role-based Access Control Model

    Directory of Open Access Journals (Sweden)

    Zuo Chen

    2011-08-01

    Full Text Available Privacy preservation is a crucial problem in resource sharing and collaborating among multi-domains. Based on this problem, we propose a role-based access control model for privacy preservation. This scheme avoided the privacy leakage of resources while implementing access control, and it has the advantage of lower communication overhead. We demonstrate this scheme meets the IND-CCA2 semantic security by using random oracle. The simulation result shows this scheme has better execution efficiency and application effects.

  14. Optical label-controlled transparent metro-access network interface

    DEFF Research Database (Denmark)

    Osadchiy, Alexey Vladimirovich

    control. Highlights of my research include my proposal and experimental proof of principle of an optical coherent detection based optical access network architecture providing support for a large number of users over a single distribution fiber; a spectral amplitude encoded label detection technique for......This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges are...... arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...

  15. Controlling user access to electronic resources without password

    Energy Technology Data Exchange (ETDEWEB)

    Smith, Fred Hewitt

    2015-06-16

    Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

  16. Regulatory Accessibility and Social Influences on State Self-Control

    OpenAIRE

    vanDellen, Michelle R.; Hoyle, Rick H.

    2009-01-01

    The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...

  17. Review of Access Control Models for Cloud Computing

    Directory of Open Access Journals (Sweden)

    Natarajan Meghanathan

    2013-05-01

    Full Text Available The relationship between users and resources is dyn amic in the cloud, and service providers and users are typically not in the same security do main. Identity-based security (e.g., discretionary or mandatory access control models c annot be used in an open cloud computing environment, where each resource node may not be fa miliar, or even do not know each other. Users are normally identified by their attributes o r characteristics and not by predefined identities. There is often a need for a dynamic acc ess control mechanism to achieve cross- domain authentication. In this paper, we will focus on the following three broad categories of access control models for cloud computing: (1 Role -based models; (2 Attribute-based encryption models and (3 Multi-tenancy models. We will review the existing literature on each of the above access control models and their varian ts (technical approaches, characteristics, applicability, pros and cons, and identify future research directions for developing access control models for cloud computing environments .

  18. Access Control of Web and Java Based Applications

    Science.gov (United States)

    Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

    2011-01-01

    Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

  19. Doping control analyses in horseracing: a clinician's guide.

    Science.gov (United States)

    Wong, Jenny K Y; Wan, Terence S M

    2014-04-01

    Doping(1) in sports is highly detrimental, not only to the athletes involved but to the sport itself as well as to the confidence of the spectators and other participants. To protect the integrity of any sport, there must be in place an effective doping control program. In human sports, a 'top-down' and generally unified approach is taken where the rules and regulations against doping for the majority of elite sport events held in any country are governed by the World Anti-Doping Agency (WADA). However, in horseracing, there is no single organisation regulating this form of equestrian sport; instead, the rules and regulations are provided by individual racing authorities and so huge variations exist in the doping control programs currently in force around the world. This review summarises the current status of doping control analyses in horseracing, from sample collection, to the analyses of the samples, and to the need for harmonisation as well as exploring some of the difficulties currently faced by racing authorities, racing chemists and regulatory veterinarians worldwide. PMID:24485918

  20. Research on a dynamic workflow access control model

    Science.gov (United States)

    Liu, Yiliang; Deng, Jinxia

    2007-12-01

    In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.

  1. Object oriented programming techniques applied to device access and control

    International Nuclear Information System (INIS)

    In this paper a model, called the device server model, has been presented for solving the problem of device access and control faced by all control systems. Object Oriented Programming techniques were used to achieve a powerful yet flexible solution. The model provides a solution to the problem which hides device dependancies. It defines a software framework which has to be respected by implementors of device classes - this is very useful for developing groupware. The decision to implement remote access in the root class means that device servers can be easily integrated in a distributed control system. A lot of the advantages and features of the device server model are due to the adoption of OOP techniques. The main conclusion that can be drawn from this paper is that 1. the device access and control problem is adapted to being solved with OOP techniques, 2. OOP techniques offer a distinct advantage over traditional programming techniques for solving the device access problem. (J.P.N.)

  2. Fine-Grained Access Control for Electronic Health Record Systems

    Science.gov (United States)

    Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

    There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

  3. Audit-Based Access Control for Electronic Health Records

    NARCIS (Netherlands)

    Dekker, M.A.C.; Etalle, S.; Gadducci, F.

    2006-01-01

    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acce

  4. Audit-Based Access Control for Electronic Health Records

    NARCIS (Netherlands)

    Dekker, M.A.C.; Etalle, S.

    2006-01-01

    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori acc

  5. Access control issues and solutions for large sites

    International Nuclear Information System (INIS)

    The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them

  6. Adaptive Medium Access Control Protocol for Wireless Body Area Networks

    OpenAIRE

    Javaid, N.; Ahmad, A.; A. Rahim; Z.A. Khan; M. Ishfaq; Qasim, U.

    2014-01-01

    Wireless Body Area Networks (WBANs) are widely used for applications such as modern health-care systems, where wireless sensors (nodes) monitor the parameter(s) of interest. Nodes are provided with limited battery power and battery power is dependent on radio activity. MAC protocols play a key role in controlling the radio activity. Therefore, we present Adaptive Medium Access Control (A-MAC) protocol for WBANs supported by linear programming models for the minimization of energy consumption ...

  7. Access control and interlock system at the Advanced Photon Source

    Energy Technology Data Exchange (ETDEWEB)

    Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D. [Argonne National Lab., IL (United States). Advanced Photon Source

    1997-08-01

    The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS`s design philosophy, configuration, hardware, functionality, validation requirements, and operational experience.

  8. Ubiquitous access control and policy management in personal networks

    DEFF Research Database (Denmark)

    Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.

    2006-01-01

    In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures-having in this case...... distributed master devices acting as access points- and also pure peer-to-peer interactions inside the PN. Taking benefit from the modularity and scalability of the design, this solution can be extended into supporting coalitions of different security domains, deriving from the creation of PNs federations....

  9. A User Profile Based Access Control Model and Architecture

    Directory of Open Access Journals (Sweden)

    Meriem Zerkouk

    2013-02-01

    Full Text Available Personalization and adaptation to the user profile capability are the hottest issues to ensure ambientassisted living and context awareness in nowadays environments. With the growing healthcare andwellbeing context aware applications, modeling security policies becomes an important issue in thedesign of future access control models. This requires rich semantics using ontology modeling for themanagement of services provided to dependant people. However, current access control models remainunsuitable due to lack of personalization, adaptability and smartness to the handicap situation.In this paper, we propose a novel adaptable access control model and its related architecture in whichthe security policy is based on the handicap situation analyzed from the monitoring of user’s behavior inorder to grant a service using any assistive device within intelligent environment. The design of ourmodel is an ontology-learning and evolving security policy for predicting the future actions of dependentpeople. This is reached by reasoning about historical data, contextual data and user behavior accordingto the access rules that are used in the inference engine to provide the right service according to theuser’s needs.

  10. With or Without: Empirical Analyses of Disparities in Health Care Access and Quality

    OpenAIRE

    Pande, Aakanksha

    2012-01-01

    The existence of unfair differences or disparities in access to and quality of health care is well known. However, the nature of disparities at different stages of the health seeking pathway and interventions to reduce them are less clear. Applying the tools of statistics and quasi experimental design-- interrupted time series, propensity score matching, hierarchical models---we can analyze how care is accessed in low, middle and high income countries and assess for disparities. The results a...

  11. A formal model for access control with supporting spatial context

    Institute of Scientific and Technical Information of China (English)

    ZHANG Hong; HE YePing; SHI ZhiGuo

    2007-01-01

    There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented,and the role is assigned a logical location domain to specify the spatial boundary.Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints,location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.

  12. PGA: power calculator for case-control genetic association analyses

    Directory of Open Access Journals (Sweden)

    Chen Bingshu E

    2008-05-01

    Full Text Available Abstract Background Statistical power calculations inform the design and interpretation of genetic association studies, but few programs are tailored to case-control studies of single nucleotide polymorphisms (SNPs in unrelated subjects. Results We have developed the "Power for Genetic Association analyses" (PGA package which comprises algorithms and graphical user interfaces for sample size and minimum detectable risk calculations using SNP or haplotype effects under different genetic models and study constrains. The software accounts for linkage disequilibrium and statistical multiple comparisons. The results are presented in graphs or tables and can be printed or exported in standard file formats. Conclusion PGA is user friendly software that can facilitate decision making for association studies of candidate genes, fine-mapping studies, and whole-genome scans. Stand-alone executable files and a Matlab toolbox are available for download at: http://dceg.cancer.gov/bb/tools/pga

  13. Type-Based Access Control in Data-Centric Systems

    Science.gov (United States)

    Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

    Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

  14. Access Control with RFID in the Internet of Things

    DEFF Research Database (Denmark)

    Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg

    2013-01-01

    , to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....

  15. An Access Control Model of Virtual Machine Security

    OpenAIRE

    QIN Zhong-yuan; Chen, Qi; Lv, You; Qiang, Yong; GUO Ai-wen; SHEN Ri-sheng; Zhang Qunfang

    2013-01-01

    Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improve...

  16. Integrating CERN e-groups into TWiki access control.

    CERN Document Server

    Jones, PL; Hoymr, N; CERN. Geneva. IT Department

    2010-01-01

    Wikis allow for easy collaborative editing of documents on the web for users located in different buildings, cities or even countries. TWiki culture lends to open free form editing and most pages are world readable and editable by CERN authenticated users, however access control is possible and is used to protect sensitive documents. This note discusses the integration of E-groups for authorisation purposes at CERN.

  17. Adaptive Media Access Control for Energy Harvesting - Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Fafoutis, Xenofon; Dragoni, Nicola

    2012-01-01

    ODMAC (On-Demand Media Access Control) is a recently proposed MAC protocol designed to support individual duty cycles for Energy Harvesting — Wireless Sensor Networks (EH-WSNs). Individual duty cycles are vital for EH-WSNs, because they allow nodes to adapt their energy consumption to the ever...... three key properties of EH-WSNs: adaptability of energy consumption, distributed energy-aware load balancing and support for different application-specific requirements....

  18. Achieving Fine-grained Access Control in Virtual Organisations

    OpenAIRE

    Zhang, Nien Fan; Yao, L.; Nenadic, A.; Chin, J.; Goble, C.; Rector, A.; Chadwick, David W; Otenko, Sassa; Shi, Q.

    2007-01-01

    In a virtual organization environment, where services and data are provided and shared amongorganizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication strengths derived from the authentication methods and tokens should be incorporated into an access-control decision-making process, so that more sen...

  19. Access and control of resources: Lessons from the SANREM CRSP

    OpenAIRE

    Flora, Cornelia B.

    2001-01-01

    Metadata only record Developing sustainability in an agricultural ecosystem requires that attention be given to inequities within communities. The experiences of SANREM CRSP revealed that gender inequality was a significant factor in the access and control of resources that were critical for the projects reaching their goals. Among the resources of financial, manufactured, human, environmental, and social capital, enhancing social capital among women was a crucial component of plans for in...

  20. THE ADMINISTRATOR OBJECT PATTERN FOR ROLE-BASED ACCESS CONTROL

    OpenAIRE

    S. R. KODITUWAKKU

    2010-01-01

    The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC). Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.

  1. THE ADMINISTRATOR OBJECT PATTERN FOR ROLE-BASED ACCESS CONTROL

    Directory of Open Access Journals (Sweden)

    S. R. KODITUWAKKU

    2010-12-01

    Full Text Available The Object-Oriented paradigm approaches the software development by representing real world entities into classes of software objects. Object oriented design patterns facilitate small scale and large scale design reuse. This paper presents an object oriented design pattern, Administrator Object, to address the User-Role assignment problem in Role Based Access Control (RBAC. Two alternative solutions are proposed. The pattern is presented according to the Gang of Four template.

  2. A Model of Workflow-oriented Attributed Based Access Control

    OpenAIRE

    Guoping Zhang; Jing Liu

    2011-01-01

    the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue ...

  3. Authorisation and access control for electronic health record systems.

    Science.gov (United States)

    Blobel, Bernd

    2004-03-31

    Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555

  4. Teaching skills for accessing and interpreting information from systematic reviews/meta-analyses, practice guidelines, and the Internet.

    OpenAIRE

    Wolf, F. M.; Miller, J. G.; Gruppen, L D; Ensminger, W. D.

    1997-01-01

    Skills and practice related to accessing and interpreting clinical information from systematic reviews/meta-analyses, practice guidelines, and the Internet have been integrated into a new senior year elective designed to teach medical students how to critically appraise information from a variety of sources and evaluate it's applicability to patient care. Small groups of senior medical students under the direction of a multidisciplinary team (behavioral scientist, information specialist, phys...

  5. Material control and surveillance for high frequency access vaults project

    International Nuclear Information System (INIS)

    The 'Material Control and Surveillance for High Frequency Access Vaults' project sponsored by United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) focuses on enhancing nuclear materials control and surveillance in vaults that are frequently accessed. The focus of this effort is to improve materials control and accountability (MC and A) while decreasing the operational impact of these activities. Los Alamos and Y-12 have developed a testbed at the Los Alamos National Laboratory for evaluating and demonstrating integrated technologies for use in enhancing materials control and accountability in active nuclear material storage vaults. An update will be provided on the new systems demonstrated in the test-bed including a 'confirmatory cart' for expediting the performance of inventory and radio-frequency actuated video that demonstrates the concept of automated data entry for materials moving between MBA's. The United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) has sponsored a project where nuclear material inventory, control and surveillance systems are evaluated, developed, and demonstrated in an effort to provide technologies that reduce risk, increase material assurance, and provide cost-efficient alternatives to manpower-intensive physical inventory and surveillance approaches for working (high-frequency-access) vaults. This Fiscal Year has been largely focused on evaluating and developing components of two sub-systems that could be used either separately in nuclear material vaults or as part of a larger integrated system for nuclear materials accountability, control and surveillance.

  6. ARCPAS - Automatic radiation control point access system an automated data collection terminal for radiation dose and access control

    International Nuclear Information System (INIS)

    Nuclear facilities such as nuclear power plants or fuel processing facilities are required to maintain accurate records of personnel access, exposure and work performed. Most facilities today have some sort of computerized data collection system for radiation dose and access control. The great majority rely on handwritten records, i.e., dose card or sign-in sheet which in turn are transferred to a computerized records management system manually. The ARCPAS terminal provides a method for automating personnel exposure data collection and processing. The terminal is a user interactive device which contains a unit for automatically reading and zeroing pocket dosemeters, a security badge reader for personnel identification, a 16 digit key pad for RWP information entry, a high resolution color CRT for interactive communication and a high speed tape printer providing an entry chit. The chit provides the individual worker with a record of the transaction including an individual identifying number, remaining dose for the quarter or period and RWP under which the worker entered the controlled area. The purpose of automating the access control is to provide fast, accurate, realtime data to the records management system. A secondary purpose is to relieve trained health physics technicians of control point duties so that their training and skills can be utilized more effectively in a facility's health physics program

  7. State control, access to capital and firm performance

    Institute of Scientific and Technical Information of China (English)

    Oliver Zhen Li; Xijia Su; Zhifeng Yang

    2012-01-01

    We study the effect of state control on capital allocation and investment in China, where the government screens prospective stock issuers. We find that state firms are more likely to obtain government approval to conduct seasoned equity offerings than non-state firms. Further, non-state firms exhibit greater sensitivities of subsequent investment and stock performance to regulatory decisions on stock issuances than state firms. Our work suggests that state control of capital access distorts resource allocation and impedes the growth of non-state firms. We also provide robust evidence that financial constraints cause underinvestment.

  8. OJADEAC: An Ontology Based Access Control Model for JADE Platform

    Directory of Open Access Journals (Sweden)

    Ban Sharief Mustafa

    2014-06-01

    Full Text Available Java Agent Development Framework (JADE is a software framework to make easy the development of Multi-Agent applications in compliance with the Foundation for Intelligent Physical Agents (FIPA specifications. JADE propose new infrastructure solutions to support the development of useful and convenient distributed applications. Security is one of the most important issues in implementing and deploying such applications. JADE-S security add-ons are one of the most popular security solutions in JADE platform. It provides several security services including authentication, authorization, signature and encryption services. Authorization service will give authorities to perform an action based on a set of permission objects attached to every authenticated user. This service has several drawbacks when implemented in a scalable distributed context aware applications. In this paper, an ontology-based access control model called (OJADEAC is proposed to be applied in JADE platform by combining Semantic Web technologies with context-aware policy mechanism to overcome the shortcoming of this service. The access control model is represented by a semantic ontology, and a set of two level semantic rules representing platform and application specific policy rules. OJADEAC model is distributed, intelligent, dynamic, context-aware and use reasoning engine to infer access decisions based on ontology knowledge.

  9. Multihop Medium Access Control for WSNs: An Energy Analysis Model

    Directory of Open Access Journals (Sweden)

    Haapola Jussi

    2005-01-01

    Full Text Available We present an energy analysis technique applicable to medium access control (MAC and multihop communications. Furthermore, the technique's application gives insight on using multihop forwarding instead of single-hop communications. Using the technique, we perform an energy analysis of carrier-sense-multiple-access (CSMA- based MAC protocols with sleeping schemes. Power constraints set by battery operation raise energy efficiency as the prime factor for wireless sensor networks. A detailed energy expenditure analysis of the physical, the link, and the network layers together can provide a basis for developing new energy-efficient wireless sensor networks. The presented technique provides a set of analytical tools for accomplishing this. With those tools, the energy impact of radio, MAC, and topology parameters on the network can be investigated. From the analysis, we extract key parameters of selected MAC protocols and show that some traditional mechanisms, such as binary exponential backoff, have inherent problems.

  10. A model to reduce complexity and maintain coherence between Access Control and Transmission Control policies

    OpenAIRE

    Bertrand, Yoann; Blay-Fornarino, Mireille; Boudaoud, Karima; Riveill, Michel

    2016-01-01

    In order to protect resources from unauthorized access and data leakage in companies, security experts and administrators can use mechanisms such as Access Control (AC) and Transmission Control (TC). Both AC and TC are based on policies that are defined, modified and revoked by these experts. However, policy management can be a time-consuming and tiresome task, especially when both mechanisms are used on large sets of users and resources. Moreover, contradictions between AC and TC policies ca...

  11. Admission Control and Interference Management in Dynamic Spectrum Access Networks

    Directory of Open Access Journals (Sweden)

    Jorge Martinez-Bauset

    2010-01-01

    Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.

  12. An Access Control Model of Virtual Machine Security

    Directory of Open Access Journals (Sweden)

    QIN Zhong-yuan

    2013-07-01

    Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.

  13. Privacy and Access Control for IHE-Based Systems

    Science.gov (United States)

    Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

    Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

  14. Advent of Biometric Sensors in Field of Access Control

    Directory of Open Access Journals (Sweden)

    Ali Anas

    2015-09-01

    Full Text Available Biometrics is the science of measuring and analyzing biological data. It is used to uniquely identify individuals by their physical characteristics or personal behavior traits.The results from scrutiny of various themes including unimodal, multimodal, physiological, behavioural bio-metrics. Bio-metrics, Physiological and behavioural are compared in the review. The article addresses a particular aspect of utilizing biometrics for authentication, identification and access control. The use of systems like fingerprint, face recognition, hand geometry, Palm print, DNA analysis, iris recognition, retina and odour/scent will be dealt with herewith. This study deals with various applications of this technology, like surveillance, employee identification, device access etc with mentions respective of hardware used. The influence of such features is yet to be documented properly, but it is safe to say that it has been a huge step towards better information security and identification control.Over the course of this text, we will try to bring to light our analysis of the subject and provide an in-depth examination of contemporary and futuristic technologies pertaining to this field.

  15. THE USAGE OF HRU SEGMENT MATRIX ACCESS IN THE ANALYSIS OF INFORMATION SECURITY SYSTEMS WHICH MAKE MANDATORY ACCESS CONTROL

    Directory of Open Access Journals (Sweden)

    Korolev I. D.

    2014-09-01

    Full Text Available In this article we consider the usage of HRU access matrix changing system allowing for information security system which makes mandatory access control in case of information security analysis by using an automatic classification of formalized documents in the system of electronic document management

  16. 78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-08-21

    ... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...

  17. 77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

    Science.gov (United States)

    2012-04-30

    ... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...

  18. 77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-01-17

    ...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10 a.m.-4..., Airport Security Access Control Systems. The agenda will include the following: February 9, 2012...

  19. Trust-based Access Control in Virtual Learning Community

    Science.gov (United States)

    Wang, Shujuan; Liu, Qingtang

    The virtual learning community is an important application pattern of E-Learning. It emphasizes the cooperation of the members in the community, the members would like to share their learning resources, to exchange their experience and complete the study task together. This instructional mode has already been proved as an effective way to improve the quality and efficiency of instruction. At the present time, the virtual learning communities are mostly designed using static access control policy by which the access permission rights are authorized by the super administrator, the super administrator assigns different rights to different roles, but the virtual and social characteristics of virtual learning community make information sharing and collaboration a complex problem, the community realizes its instructional goal only if the members in it believe that others will offer the knowledge they owned and believe the knowledge others offered is well-meaning and worthy. This paper tries to constitute an effective trust mechanism, which could promise favorable interaction and lasting knowledge sharing.

  20. A Semantic Context-Based Model for MobileWeb Services Access Control

    OpenAIRE

    Haibo Shen; Yu Cheng

    2011-01-01

    As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC) to be applied in mobile web services environment by combining ...

  1. Database Security System for Applying Sophisticated Access Control via Database Firewall Server

    OpenAIRE

    Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim

    2014-01-01

    Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...

  2. Access Control in Decentralised Publish/Subscribe Systems

    Directory of Open Access Journals (Sweden)

    Lauri I.W. Pesonen

    2007-04-01

    Full Text Available Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. Large scale publish/subscribe systems are likely to employ components of the event transport network owned by cooperating, but independent organisations. As the number of participants in the network increases, security becomes an increasing concern. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. This paper extends our previous work to present and evaluate a secure multi-domain publish/subscribe infrastructure that supports and enforces fine-grained access control over the individual attributes of event types.

  3. Safety systems and access control in the National Ignition Facility.

    Science.gov (United States)

    Reed, Robert K; Bell, Jayce C

    2013-06-01

    The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061

  4. Access Control in the ATLAS TDAQ Online Cluster

    CERN Document Server

    Leahu, Marius Constantin; Stoichescu, D A; Lehmann Miotto, G

    ATLAS (A Toroidal LHC Apparatus) is a general-purpose detector for studying high-energy particle interactions: it is the largest particle detector experiment at CERN and it is built around one of the interaction points of the proton beams accelerated by the Large Hadron Collider (LHC). The detector generates an impressive amount of raw data: 64 TB per second as a result of 40 MHz proton-proton collision rate with 1.6 MB data for each such event. The handling of such data rate is managed by a three levels Trigger and Data Acquisition (TDAQ) system, which filters out the events not relevant from physics research point of view and selects in the end in the order of 1000 events per second to be stored for offline analyses. This system comprises a significant number of hardware devices, software applications and human personnel to supervise the experiment operation. Their protection against damages as a result of misuse and their optimized exploitation by avoiding the conflicting accesses to resources are key requ...

  5. Metabolomics Analyses of Cancer Cells in Controlled Microenvironments.

    Science.gov (United States)

    Gravel, Simon-Pierre; Avizonis, Daina; St-Pierre, Julie

    2016-01-01

    The tumor microenvironment is a complex and heterogeneous milieu in which cancer cells undergo metabolic reprogramming to fuel their growth. Cancer cell lines grown in vitro using traditional culture methods represent key experimental models to gain a mechanistic understanding of tumor biology. This protocol describes the use of gas chromatography-mass spectrometry (GC-MS) to assess metabolic changes in cancer cells grown under varied levels of oxygen and nutrients that may better mimic the tumor microenvironment. Intracellular metabolite changes, metabolite uptake and release, as well as stable isotope ((13)C) tracer analyses are done in a single experimental setup to provide an integrated understanding of metabolic adaptation. Overall, this chapter describes some essential tools and methods to perform comprehensive metabolomics analyses. PMID:27581029

  6. A stochastic control approach to Slotted-ALOHA random access protocol

    Science.gov (United States)

    Pietrabissa, Antonio

    2013-12-01

    ALOHA random access protocols are distributed protocols based on transmission probabilities, that is, each node decides upon packet transmissions according to a transmission probability value. In the literature, ALOHA protocols are analysed by giving necessary and sufficient conditions for the stability of the queues of the node buffers under a control vector (whose elements are the transmission probabilities assigned to the nodes), given an arrival rate vector (whose elements represent the rates of the packets arriving in the node buffers). The innovation of this work is that, given an arrival rate vector, it computes the optimal control vector by defining and solving a stochastic control problem aimed at maximising the overall transmission efficiency, while keeping a grade of fairness among the nodes. Furthermore, a more general case in which the arrival rate vector changes in time is considered. The increased efficiency of the proposed solution with respect to the standard ALOHA approach is evaluated by means of numerical simulations.

  7. Designing and analysing parallel control for multifeed ternary systems

    Directory of Open Access Journals (Sweden)

    Rocío Solar-González

    2010-06-01

    Full Text Available This paper explores a parallel control structure for improving the behaviour of a chemical plant having recycling and multi- ple feed streams; a ternary system is taken as an example,having an A + B → C second-order irreversible reaction. Material recycling dynamics can induce the so-called snowball effect in the presence of disturbance in the feed stream. The snowball effect can be prevented by distributing load through the parallel control scheme. A control structure was thus pro- posed where product composition was regulated by means of simultaneous feedback manipulation of final column vapour boilup rate and reactor temperature. An extension was made for one reactor, one distillation column and recycle stream configuration. Nonlinear simulations showed that effective composition control could be obtained with moderate vapour boilup control efforts.

  8. Requirements and Challenges of Location-Based Access Control in Healthcare Emergency Response

    DEFF Research Database (Denmark)

    Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel;

    2009-01-01

    Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC), are not...... complex access control decisions based on spatio-temporal relationships among subjects and objects. Furthermore, such relationships change frequently in dynamic environments, requiring efficient mechanisms to monitor and re-evaluate access control decisions. In this position paper, we present a healthcare...... emergency response scenario which highlights the novel challenges that arise when enforcing access control in an environment with moving subjects and objects. To address a realistic application scenario, we consider movement on road networks, and we identify complex access control decisions relevant to such...

  9. Advanced stability theory analyses for laminar flow control

    Science.gov (United States)

    Orszag, S. A.

    1980-01-01

    Recent developments of the SALLY computer code for stability analysis of laminar flow control wings are summarized. Extensions of SALLY to study three dimensional compressible flows, nonparallel and nonlinear effects are discussed.

  10. Kinematic Analyses of a Parallel-type Independently Controllable Transmission

    OpenAIRE

    Guan-Shyong Hwang; Der-Min Tsay; Wei-Hsiang Liao; Jao-Hwa Kuang; Tzuen-Lih Chern

    2011-01-01

    This study proposes a novel design of a parallel-type Independently Controllable Transmission (ICT). The parallel-type ICT can produce a continuously variable transmission ratio and a required angular output velocity that can be independently manipulated by a controller yet not affected by the angular velocity of the input shaft. The proposed parallel-type ICT is composed of two planetary gear trains and two transmission-connecting members. A prototype was built to investigate its kinematic c...

  11. A Trusted Host's Authentication Access and Control Model Faced on User Action

    Institute of Scientific and Technical Information of China (English)

    ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian

    2006-01-01

    The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.

  12. Noisemetry as diagnostic mean of core and analysing instrument of stability of control loop of nuclear reactors

    International Nuclear Information System (INIS)

    Determination of real frequency transfer functions of reactor based on principles of regime diagnostics on noises of technological parameters is a suitable additional instrument for analysing reactor dynamics and assessing stability of its control loops. Data of experimental stands and NPP assure of availability of approach. This approach can be especially interesting for diagnosing of processes in the designed reactors of new generation, where access to the distance remote equipment is minimal. The approach can be used for data maintenance of technical objects in area of nuclear energy, but most effective for an equipment which operation can be related to the risk and requires more careful control.

  13. Cross-layer rate control, medium access control and routing design in cooperative VANET

    OpenAIRE

    Zhou, Liang; Zheng, Baoyu; Geller, Benoit; Wei, Anne; Xu, Shan; Li, Yajun

    2008-01-01

    In this paper, we address the rate control, the Medium Access Control (MAC) and the routing problem for cooperative Vehicular Ad-Hoc Network (VANET) in the framework of cross-layer design. At first, we introduce the cooperative communication conception to VANET, and propose an opportunistic cooperation strategy to improve the system performance. And then, we develop a cross-layer solution which consists of the link capacity detection with adjusting persistence probability at the MAC Layer, th...

  14. Access Control Mechanisms for Semantic Web services-A Discussion on Requirements & Future Directions

    CERN Document Server

    Gondara, Mandeep Kaur

    2011-01-01

    Semantic Web is an open, distributed, and dynamic environment where access to resources cannot be controlled in a safe manner unless the access decision takes into account during discovery of web services. Security becomes the crucial factor for the adoption of the semantic based web services. An access control means that the users must fulfill certain conditions in order to gain access over web services. Access control is important in both perspectives i.e. legal and security point of view. This paper discusses important requirements for effective access control in semantic web services which have been extracted from the literature surveyed. I have also discussed open research issues in this context, focusing on access control policies and models in this paper.

  15. The new biometric access control system resembles a big electronic eye. It will be used to control access to the LHC from 2007 onwards.

    CERN Multimedia

    Maximilien Brice

    2006-01-01

    The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.

  16. Quality controlled water, sediment, tissue, and tar/oil chemistry analyses from the Deepwater Horizon (DWH) oil spill event in the Gulf of Mexico from 2010-04 to 2011-06, sourced from NOAA's Query Manager data management system (NODC Accession 0108924)

    Data.gov (United States)

    National Oceanic and Atmospheric Administration, Department of Commerce — This collection includes 4 data files (one each for water, sediment, tissue, and tar/oil analyses) containing data from the Deepwater Horizon (DWH) Oil Spill Event...

  17. Collaboration Policies: Access Control Management in Decentralized Heterogeneous Workflows

    Directory of Open Access Journals (Sweden)

    Mine Altunay

    2006-07-01

    Full Text Available Service-oriented computing promotes collaboration by defining the standards layer that allows compatibility between disparate domains. Workflows, by taking advantage of the service oriented framework, provide the necessary tools to harness services in order to tackle complicated problems. As a result, a service is no longer exposed to a small pre-determined homogeneous pool of users; instead it has a large, undefined, and heterogeneous pool of users. This paradigm shift in computing results in increased service exposure. The interactions among the services of a workflow must be carefully evaluated against the security risks associated with them. Classical security problems, such as delegation of rights, conflict of interest, and access control in general, become more complicated due to multiple autonomous security domains and the absence of pre- established trust relationships among the domains. Our work tackles these problems in two aspects: it provides a service owner with the necessary means to express and evaluate its trust requirements from a workflow (collaboration policies, and it incorporates these trust requirements into the workflow-planning framework (workflow authorization framework. Our policy-based framework allows bilateral peer-level trust evaluations that are based on each peer’s collaboration policies, and incorporates the outcome of these evaluations into the workflow planning logic. As a result, our work provides the necessary tools for promoting multi-party ad-hoc collaborations, and aims to reduce the reluctance and hesitation towards these collaborations by attacking the security risks associated with them.

  18. Concurrency control and recovery on lightweight directory access protocol

    Science.gov (United States)

    Potnis, Rohit R.; Sathaye, Archana S.

    2003-04-01

    In this paper we provide a concurrency control and recovery (CCR) mechanism over cached LDAP objects. An LDAP server can be directly queried using system calls to retrieve data. Existing LDAP implementations do not provide CCR mechanisms. In such cases, it is up to the application to verify that accesses remain serialized. Our mechanism provides an independent layer over an existing LDAP server (Sun One Directory Server), which handles all user requests, serializes them based on 2 Phase Locking and Timestamp Ordering mechanisms and provides XML-based logging for recovery management. Furthermore, while current LDAP servers only provide object-level locking, our scheme serializes transactions on individual attributes of LDAP objects (attribute-level locking). We have developed a Directory Enabled Network (DEN) Simulator that operates on a subset of directory objects on an existing LDAP server to test the proposed mechanism. We perform experiments to show that our mechanism can gracefully address concurrency and recovery related issues over and LDAP server.

  19. Enhanced Role Based Access Control Mechanism for Electronic Examination System

    Directory of Open Access Journals (Sweden)

    Adebukola Onashoga

    2014-02-01

    Full Text Available Over the years, e-learning and e-examination has become standard in many institutions of higher learning. It has been observed that examination questions and results can be easily intercepted by invalid users, thus the security of resources shared among valid users is not guaranteed. In order to solve these problems as it relates to access control, a Role based Examination System (RBES was designed, developed and evaluated. RBES attempted to solve the security issue by the combination of two authentication techniques: text-based authentication and graphical password authentication. The Text-based authentication utilizes two text-based parameters namely the username and password. The graphical password authentication makes use of a finite set of controls (RBES chooses radio buttons which are identified by numbers. These numbers constitute the password used for graphical authentication. To improve on resource sharing among users in the examination system, RBES proposes role management (role creation, role update, role removal and user management (user creation, user update and user removal. The developed system made use of asp.net, C#, IIS server, WAMP server, Mysql and other tools for its development. RBES was tested by some legitimate and illegitimate users and the performance of the system was found to be satisfactory, hence RBES shows an efficient and reliable scheme that can be deployed in any examination or e-learning system. Finally the potential threats to the system were modeled and the use of weak passwords was found to be the most likely threat the system could be vulnerable to.

  20. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    OpenAIRE

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.

  1. A 4D-Role Based Access Control Model for Multitenancy Cloud Platform

    OpenAIRE

    Jiangfeng Li; Zhenyu Liao; Chenxi Zhang; Yang Shi

    2016-01-01

    Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC) model. Moreover, mana...

  2. Quality control of analyses of mercury in hair

    International Nuclear Information System (INIS)

    A quality control programme for mercury determinations in hair was developed within a study of 'Mental effects of prenatal methylmercury exposure in New Zealand children'. Hair was obtained from seven females with a mercury concentration of about 0.5-4 μg Hg/g. The hair was cut into 1-5 cm pieces and pulverized by liquid nitrogen grinding using a ring mill. In order to obtain a series of QC samples with varying Hg concentrations, different amounts of powder from all the samples and a reference sample of pulverized hair (11.2 μg Hg/g) were mixed. The mercury concentrations in the original samples and the mixtures were determined by radiochemical neutron activation analysis (RNAA). In total four laboratories participated in the interlaboratory comparison. All laboratories used the cold vapor AAS technique and Hg monitor model 1235, LDC for determinations after wet digestion of the samples. (orig./RB)

  3. Broadband passive optical network media access control protocols

    Science.gov (United States)

    Quayle, Alan

    1996-11-01

    Most telecommunication operators are currently deciding on how to respond to customers' needs stimulated by the synergy between compression coding of multimedia and the emergence of broadband digital networks. This paper describes a range of broadband access architectures under consideration in the full services access network initiative. All architectures have a common requirement for a broadband ATM PON. A common broadband PON applicable to many operators increases the world-wide market for the product. With greater production volumes manufacturers' costs reduce because of the experience curve effect making broadband access systems economic.

  4. Role-based access control through on-demand classification of electronic health record.

    Science.gov (United States)

    Tiwari, Basant; Kumar, Abhay

    2015-01-01

    Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority. PMID:26559071

  5. Designing a Secure E-commerce with Credential Purpose-based Access Control

    OpenAIRE

    Norjihan Abdul Ghani; Harihodin Selamat; Zailani Mohamed Sidek

    2014-01-01

    The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only tho...

  6. Task-and-role-based access-control model for computational grid

    Institute of Scientific and Technical Information of China (English)

    LONG Tao; HONG Fan; WU Chi; SUN Ling-li

    2007-01-01

    Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.

  7. Wi-Fi Networks Security and Accessing Control

    Directory of Open Access Journals (Sweden)

    Tarek S. Sobh

    2013-06-01

    Full Text Available As wireless networks access gains popularity in corporate, private and personal networks, the nature of wireless networks opens up new possibilities for network attacks. This paper negotiating Wi-Fi security against scanning of rogue Wi-Fi networks and other related activities and considers the monitoring of Wi-Fi traffic effects. The unauthorized access point (AP problem has raised more attention and resulted in obtaining wireless access without subscriber permission.This work assumes Wi-Fi AP under attack specially rogue AP and/or ad-hoc client. It provides a solution for detecting and preventing this attack. In addition, it provides the required user permissions to allow/block access of the files on the user of ad-hoc client. The experiments include the rogue AP attack are maintained and the effectiveness of the proposed solution are tested.

  8. An access control architecture for metropolitan area wireless networks

    OpenAIRE

    Friday, Adrian; Wu, Maomao; Schmid, Stefan; Finney, Joseph; Cheverst, Keith; Davies, Nigel

    2001-01-01

    This paper presents a novel wireless access point architecture designed to support the development of next generation mobile context-aware applications over metropolitan scale areas. In addition, once deployed, this network will allow ordinary citizens secure, accountable and convenient access to the Internet from their local city and campus environments. The proposed architecture is based on an approach utilising a modified Mobile IPv6 protocol stack that uses packet marking and network leve...

  9. Security analysis and improvements of authentication and access control in the Internet of Things.

    Science.gov (United States)

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  10. A Generic Role Based Access Control Model for Wind Power Systems

    DEFF Research Database (Denmark)

    Nagarajan, Anand; Jensen, Christian D.

    2010-01-01

    infrastructure in a software domain in a manufacturer independent manner as well as establishing secure communication and authenticating the other parties in electrical power infrastructures, but they do not address the problem of access control. We therefore propose a generic model for access control in wind...... power systems, which is based on the widely used role-based access control model. The proposed model is tested using a prototype designed in conformance with the standards that are in use in modern wind power infrastructure and the results are presented to determine the overhead in communication caused...... while adhering to the proposed access model....

  11. An effective access control approach to support mobility in IPv6 networks

    Science.gov (United States)

    Peng, Xue-hai; Lin, Chuang

    2005-11-01

    Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.

  12. On the Decidability of the Safety Problem for Access Control Policies

    OpenAIRE

    Kleiner, Eldar; Newcomb, Tom

    2006-01-01

    An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisation of access control presented a model and a safety specification for which satisfaction is undecida...

  13. Random access procedures and radio access network (RAN) overload control in standard and advanced long-term evolution (LTE and LTE-A) networks

    DEFF Research Database (Denmark)

    Kiilerich Pratas, Nuno; Thomsen, Henning; Popovski, Petar

    2015-01-01

    In this chapter, we describe and discuss the current LTE random access procedure and the Radio Access Network Load Control solution within LTE/LTE-A. We provide an overview of the several considered load control solutions and give a detailed description of the standardized Extended Access Class...... Barring solution. We then provide a brief overview of the Load Control solutions provided by the Enhanced Packet Core (EPC) Network and how they intertwine with the Extended Access Barring at the Enhanced Universal Terrestrial Radio Access Network (E-UTRAN). We also provide an outlook on the current 3GPP...... efforts in regards to MTC related load control issues....

  14. H-RBAC: A Hierarchical Access Control Model for SaaS Systems

    Directory of Open Access Journals (Sweden)

    Dancheng Li

    2011-08-01

    Full Text Available SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1 role name conflicts (2 cross-level management (3 the isomerism of tenants' access control (4 temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.

  15. 77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-11-30

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13, 2012... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security...

  16. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-07-22

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security...

  17. 77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-10-23

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15, 2012... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security...

  18. 78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-03-18

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from 9... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security...

  19. 78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-05-24

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Second Meeting: RTCA Special Committee 224, Airport Security...

  20. 78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-02-04

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21, 2013... Federal Aviation Administration Nineteenth Meeting: RTCA Special Committee 224, Airport Security...

  1. 77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-09-11

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28, 2012... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security...

  2. Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

    NARCIS (Netherlands)

    Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

    2007-01-01

    This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an a

  3. 78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-04-12

    ...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10, 2013... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security...

  4. 75 FR 4007 - Risk Management Controls for Brokers or Dealers With Market Access

    Science.gov (United States)

    2010-01-26

    ... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... market access to customers or other persons, to implement risk management controls and supervisory.... 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66). Certain market participants...

  5. 76 FR 60398 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Science.gov (United States)

    2011-09-29

    ... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published in... Rulemaking Proceeding The Digital Millennium Copyright Act, Public Law 105-304 (1998), amended title 17...

  6. Summary of dynamic analyses of the advanced neutron source reactor inner control rods

    International Nuclear Information System (INIS)

    A summary of the structural dynamic analyses that were instrumental in providing design guidance to the Advanced Neutron source (ANS) inner control element system is presented in this report. The structural analyses and the functional constraints that required certain performance parameters were combined to shape and guide the design effort toward a prediction of successful and reliable control and scram operation to be provided by these inner control rods

  7. A dynamic access control method based on QoS requirement

    Science.gov (United States)

    Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang

    2013-03-01

    A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.

  8. The Study of Access Control for Service-Oriented Computing in Internet of Things

    Directory of Open Access Journals (Sweden)

    Guoping Zhang

    2012-06-01

    Full Text Available In Internet of Things, computing and processing of information is the core supporting. In this paper, we introduce “Service-Oriented Computing” to solve the computing and processing of information in IoT. However, a key challenge in service-oriented environment is the design of effective access control schemas.We put forward a model of Workflow -oriented Attributed Based Access Control (WABAC, and an access control framework based on WABAC model. WABAC model grants and adapts permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.

  9. On the performance of shared access control strategy for femtocells

    KAUST Repository

    Magableh, Amer M.

    2013-02-18

    Femtocells can be employed in cellular systems to enhance the indoor coverage, especially in the areas with high capacity growing demands and high traffic rates. In this paper, we propose an efficient resource utilization protocol, named as shared access protocol (SAP), to enable the unauthorized macrocell user equipment to communicate with partially closed-access femtocell base station to improve and enhance the system performance. The system model considers a femtocell that is equipped with a total of N separated antennas or channels to multiplex independent traffic. Then, a set of N1 channels is used for closed access only by the authorized users, and the remaining set of channel resources can be used for open access by either authorized or unauthorized users upon their demands and spatial locations. For this system model, we obtain the signal-to-interference ratio characteristics, such as the distribution and the moment generating function, in closed forms for two fading models of indoor and outdoor environments. The signal-tointerference ratio statistics are then used to derive some important performance measures of the proposed SAP in closed form, such as the average bit error rate, outage probability, and average channel capacity for the two fading models under consideration. Numerical results for the obtained expressions are provided and supported by Monte Carlo simulations to validate the analytical development and study the effectiveness of the proposed SAP under different conditions. Copyright © 2012 John Wiley and Sons, Ltd.

  10. Role mining in business taming role-based access control administration

    CERN Document Server

    Colantonio, Alessandro; Ocello, Alberto

    2012-01-01

    With continuous growth in the number of information objects and the users that can access these objects, ensuring that access is compliant with company policies has become a big challenge. Role-based Access Control (RBAC) - a policy-neutral access control model that serves as a bridge between academia and industry - is probably the most suitable security model for commercial applications. Interestingly, role design determines RBAC's cost. When there are hundreds or thousands of users within an organization, with individual functions and responsibilities to be accurately reflected in terms of a

  11. Characterization of accessibility for affine connection control systems at some points with nonzero velocity

    CERN Document Server

    Barbero-Liñán, María

    2011-01-01

    Affine connection control systems are mechanical control systems that model a wide range of real systems such as robotic legs, hovercrafts, planar rigid bodies, rolling pennies, snakeboards and so on. In 1997 the accessibility and a particular notion of controllability was intrinsically described by A. D. Lewis and R. Murray at points of zero velocity. Here, we present a novel generalization of the description of accessibility algebra for those systems at some points with nonzero velocity as long as the affine connection restricts to the distribution given by the symmetric closure. The results are used to describe the accessibility algebra of different mechanical control systems.

  12. A Fault-Tolerant Emergency-Aware Access Control Scheme for Cyber-Physical Systems

    CERN Document Server

    Wu, Guowei; Xia, Feng; Yao, Lin

    2012-01-01

    Access control is an issue of paramount importance in cyber-physical systems (CPS). In this paper, an access control scheme, namely FEAC, is presented for CPS. FEAC can not only provide the ability to control access to data in normal situations, but also adaptively assign emergency-role and permissions to specific subjects and inform subjects without explicit access requests to handle emergency situations in a proactive manner. In FEAC, emergency-group and emergency-dependency are introduced. Emergencies are processed in sequence within the group and in parallel among groups. A priority and dependency model called PD-AGM is used to select optimal response-action execution path aiming to eliminate all emergencies that occurred within the system. Fault-tolerant access control polices are used to address failure in emergency management. A case study of the hospital medical care application shows the effectiveness of FEAC.

  13. A General Attribute and Rule Based Role-Based Access Control Model

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.

  14. Enhancing Security and Privacy in Video Surveillance through Role-Oriented Access Control Mechanism

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim

    Use of video surveillance has significantly increased in the last few decades. Modern video surveillance systems are equipped with techniques that automatically extract information about the objects and events from the video streams and allow traversal of data in an effective and efficient manner...... that is suitable for video surveillance systems as well as other domains sharing similar requirements. As the currently dominant access control models – the role-based access control (RBAC) and the attribute-based access control (ABAC) – suffer from limitations while offering features complementary to each other......, their integration has become an important area of research. Our access control model combines the two models in a novel way in order to unify their benefits while avoiding their limitations. Our approach provides a mechanism that not only takes information about the current circumstances into account during access...

  15. Identity driven Capability based Access Control (ICAC) Scheme for the Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;

    2012-01-01

    Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...... to complexity and dynamics of device identities. ICAC is implemented for 802.11 and results shows that ICAC has less scalability issues and better performance analysis compared with other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against...

  16. Secure Remote Access Issues in a Control Center Environment

    Science.gov (United States)

    Pitts, Lee; McNair, Ann R. (Technical Monitor)

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  17. An entity access control model for network services management

    OpenAIRE

    Dias, Bruno

    2005-01-01

    The Network Services Management Framework tries to overcome the most important limitations of present network management frameworks, namely the most widely supported framework – the Internet Network Management Framework – by defining a management framework using a network services management distributed architecture that provides services management functions with any desired level of functionality. This document introduces one of the most important parts of this framework, the Entity Access ...

  18. Workflow management systems, their security and access control mechanisms

    OpenAIRE

    Chehrazi, Golriz

    2007-01-01

    This paper gives an overview of workflow management systems (WfMSs) and their security requirements with focus on access mechanisms. It is a descriptive paper in which we examine the state of the art of workflow systems, describe what security risks affect WfMSs in particular, and how these can be diminiuished. WfMSs manage, illustrate and support business processes. They contribute to the performance, automation and optimization of processes, which is important in the global economy today. ...

  19. A View-Based Access Control Model for SPARQL

    OpenAIRE

    Gabillon, Alban; Letouzey, Léo

    2010-01-01

    Existing security models for RDF use RDF patterns for defining the security policy. This approach leads to a number of security rules which rapidly tends to be unmanageable. In this paper we define a new security model which follows the traditional approach of creating security views, which has long been used by SQL database administrators. Our model first logically distributes RDF data into SPARQL views and then it defines security rules regulating SPARQL access to views. Moreover our model ...

  20. Proximity-based access control for context-sensitive information provision in SOA-based systems

    Science.gov (United States)

    Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew

    2014-06-01

    Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.

  1. Assessment of current practices in creating and using passwords as a control mechanism for information access

    Directory of Open Access Journals (Sweden)

    P. L. Wessels

    2007-11-01

    Full Text Available One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.

  2. Identity Establishment and Capability Based Access Control (IECAC) Scheme for Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;

    2012-01-01

    Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...

  3. A Distributed Architecture for Sharing Ecological Data Sets with Access and Usage Control Guarantees

    DEFF Research Database (Denmark)

    Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres

    2014-01-01

    new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....

  4. A Semantic Context-Based Model for MobileWeb Services Access Control

    Directory of Open Access Journals (Sweden)

    Haibo Shen

    2011-02-01

    Full Text Available As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. The proposed model is a context-centric access control solutions, context is the first-class principle that explicitly guides both policy specification and enforcement process. In order to handle context information in the model, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. As well as, this paper specifies access control policies as rules over ontologies representing the concepts introduced in the SCBAC model, and uses semantic web rule language (SWRL to form policy rule and infer those rules by JESS inference engine. The proposed model can also be applied to context-aware applications.

  5. WWW--Wealth, Weariness or Waste. Controlled Vocabulary and Thesauri in Support of Online Information Access.

    Science.gov (United States)

    Batty, David

    1998-01-01

    Discusses the problems of access to information in a machine-sensible environment, and the potential of modern library techniques to help in solving them. Explains how authors and publishers can make information more accessible by providing indexing information that uses controlled vocabulary, terms from a thesaurus, or other linguistic assistance…

  6. The Smart Card concept applied to access control

    International Nuclear Information System (INIS)

    Passwords tend to be handled carelessly, and so are easily lost or stolen. Because they are intangible, their loss or theft generally goes unnoticed. Because they are constant, they may be used by anyone for as long as they remain in active use by a legitimate user. A step up in password security is offered by a new range of products which generate a new code each time the device is used. Devices are being produced in packages as small as a standard plastic credit card, including internal battery power, integral keyboard and LCD display. Security features of the Smart Card are reviewed, and several random access code generators currently available in the commercial marketplace are described

  7. Purpose engineering for Contextual Role-Based Access Control (C-RBAC

    Directory of Open Access Journals (Sweden)

    Muhammad Nabeel Tahir

    2008-09-01

    Full Text Available Distributed and ubiquitous computing environments have brought enormous efficiency to the collection, manipulation and distribution of information and services. Although this efficiency has revolutionized countless organizations but it has also increased the threats to individual’s privacy because the information stored within the collection of heterogeneous distributed components is sensitive and requires some form of access control. The way to protect privacy in this age of information technology requires such access control system that can accommodate organization requirements to protect privacy of individuals with ease in management and administration of resources. Among those requirements, purpose inference is one of the major problems as the total access control decision mainly relies on the user intentions/purposed. This work in this paper is an attempt to provide purpose engineering semantics that we use for the proposed contextual role-based access control model (C-RBAC in order to comply with HIPAA.

  8. Human engineering considerations in designing a computerized controlled access security system

    International Nuclear Information System (INIS)

    This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad

  9. Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.;

    2013-01-01

    In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...

  10. The RFID smart card management application for the hotel access control

    OpenAIRE

    Kreslin, Robert

    2011-01-01

    In this thesis we wanted to present the project that was made for a smaller hotel in Nova Gorica. The goal was to create an application for managing access control according to customer's wishes as well as to introduce the system into the existent infrastructure. The first step was to define what access control actually means. In broad terms it is divided into RFID – radio-frequency identification and biometric identification. Both have their strengths and their weaknesses. Next step was choo...

  11. ConXsense - Automated Context Classification for Context-Aware Access Control

    OpenAIRE

    Miettinen, Markus; Heuser, Stephan; Kronz, Wiebke; Sadeghi, Ahmad-Reza; Asokan, N.

    2013-01-01

    We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context se...

  12. Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns

    OpenAIRE

    Near, Joseph Paul; Jackson, Daniel

    2016-01-01

    We propose a specification-free technique for finding missing security checks in web applications using a catalog of access control patterns in which each pattern models a common access control use case. Our implementation, Space, checks that every data exposure allowed by an application's code matches an allowed exposure from a security pattern in our catalog. The only user-provided input is a mapping from application types to the types of the catalog; the rest of the process is entirely au...

  13. Grid-based access control for Unix environments, Filesystems and Web Sites

    OpenAIRE

    McNab, A.

    2003-01-01

    The EU DataGrid has deployed a grid testbed at approximately 20 sites across Europe, with several hundred registered users. This paper describes authorisation systems produced by GridPP and currently used on the EU DataGrid Testbed, including local Unix pool accounts and fine-grained access control with Access Control Lists and Grid-aware filesystems, fileservers and web developement environments.

  14. A New Access Control Scheme for Facebook-style Social Networks

    OpenAIRE

    Pang, Jun; Zhang, Yang

    2013-01-01

    The popularity of online social networks (OSNs) makes the protection of users' private information an important but scientifically challenging problem. In the literature, relationship-based access control schemes have been proposed to address this problem. However, with the dynamic developments of OSNs, we identify new access control requirements which cannot be fully captured by the current schemes. In this paper, we focus on public information in OSNs and treat it as a new dimension which u...

  15. Intelligent Security Auditing Based on Access Control of Devices in Ad Hoc Network

    Institute of Scientific and Technical Information of China (English)

    XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying

    2006-01-01

    Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.

  16. The access control and radiation monitoring system for the Austin Hospital PET Centre

    International Nuclear Information System (INIS)

    A Positron Emission Tomography Centre is being established at the Austin Hospital, Melbourne. The cyclotron vault and hotcell laboratories have been categorized according to the National Council on Radiation Protection and Measurements guidelines for access control to radiation areas. An access control system incorporating visual alarm systems, signs, barriers and interlocks has been designed for the safe operation of the Centre. These features are briefly described. 6 refs., 1 fig

  17. An Efficient Mutual Authentication and Access Control Scheme for Wireless Sensor Networks in Healthcare

    OpenAIRE

    Xuan Hung Le; Murad Khalid; Ravi Sankar; Sungyoung Lee

    2011-01-01

    Wireless sensor networks (WSNs) will play an active role in the 21th Century Healthcare IT to reduce the healthcare cost and improve the quality of care. The protection of data confidentiality and patient privacy are the most critical requirements for the ubiquitous use of WSNs in healthcare environments. This requires a secure and lightweight user authentication and access control. Symmetric key - based access control is not suitable for WSNs in healthcare due to dynamic network topology, mo...

  18. Database application research in real-time data access of accelerator control system

    International Nuclear Information System (INIS)

    The control system of Shanghai Synchrotron Radiation Facility (SSRF) is a large-scale distributed real-time control system, It involves many types and large amounts of real-time data access during the operating. Database system has wide application prospects in the large-scale accelerator control system. It is the future development direction of the accelerator control system, to replace the differently dedicated data structures with the mature standardized database system. This article discusses the application feasibility of database system in accelerators based on the database interface technology, real-time data access testing, and system optimization research and to establish the foundation of the wide scale application of database system in the SSRF accelerator control system. Based on the database interface technology, real-time data access testing and system optimization research, this article will introduce the application feasibility of database system in accelerators, and lay the foundation of database system application in the SSRF accelerator control system. (authors)

  19. Preliminary access routes and cost study analyses for seven potentially acceptable salt sites: Final report, October 1984

    International Nuclear Information System (INIS)

    This report analyzes highway and railroad access to seven potentially acceptable salt repository sites: Richton Dome and Cypress Creek Dome in Mississippi, Vacherie Dome in Louisiana, Swisher County and Deaf Smith County in Texas, and Davis Canyon and Lavender Canyon in utah. The objectives of the study were to investigate the routing of reasonable access corridors to the sites, describe major characteristics of each route, and estimate the costs for constructing or upgrading highways and railroads. The routes used in the analysis are not necessarily recommended or preferred over other routes, nor do they represent an implied final selection. Detailed engineering studies must be performed for the Davis Canyon and Lavender Canyon highway access before the analyzed routes can be considered to be viable. 20 refs., 7 figs., 3 tabs

  20. Distributed Medium Access Control with SDMA Support for WLANs

    Science.gov (United States)

    Zhou, Sheng; Niu, Zhisheng

    With simultaneous multi-user transmissions, spatial division multiple access (SDMA) provides substantial throughput gain over the single user transmission. However, its implementation in WLANs with contention-based IEEE 802.11 MAC remains challenging. Problems such as coordinating and synchronizing the multiple users need to be solved in a distributed way. In this paper, we propose a distributed MAC protocol for WLANs with SDMA support. A dual-mode CTS responding mechanism is designed to accomplish the channel estimation and user synchronization required for SDMA. We analytically study the throughput performance of the proposed MAC, and dynamic parameter adjustment is designed to enhance the protocol efficiency. In addition, the proposed MAC protocol does not rely on specific physical layer realizations, and can work on legacy IEEE 802.11 equipment with slight software updates. Simulation results show that the proposed MAC outperforms IEEE 802.11 significantly, and that the dynamic parameter adjustment can effectively track the load variation in the network.

  1. A Security Architecture for Data Aggregation and Access Control in Smart Grids

    CERN Document Server

    Ruj, Sushmita; Stojmenovic, Ivan

    2011-01-01

    We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The ac...

  2. Quality control of chemical and isotopic analyses of geothermal water samples

    Energy Technology Data Exchange (ETDEWEB)

    Reed, Marshall J.; Mariner, Robert H.

    1991-01-01

    Chemical and isotopic analyses of geothermal water samples must meet certain levels of accuracy and reliability to be useful for identifying geochemical processes in hydrothermal systems. Quality control is largely a concern for the analytical laboratory, but the geochemist or reservoir engineer using the chemical data must also be concerned with analytical quality. To test accuracy and reliability of analyses available from laboratories, splits of seven water samples were sent to four stable-isotope laboratories, and splits of five water samples were sent to four chemical laboratories. The analyses of each sample were compared among laboratories, and the differences in analyses were evaluated using criteria developed for this comparison. Isotopic compositions were considered reliable if they deviated from mean values by less than 2{per_thousand}, for hydrogen and by less than 0.15{per_thousand}, for oxygen. Concentrations of each chemical component were considered reliable if they differed from mean values by less than 10%. Chemical analyses were examined for internal consistency by calculating the error in ionic charge balance and the error between ionic charge and electrical conductivity. To be considered internally consistent, chemical analyses must have less than 5% error in charge balance and less than 10% error in conductivity balance. Three isotope laboratories gave consistent compositions of all samples. No chemical laboratory gave consistent analyses of all samples. Recommendations are made that provide the user of isotopic and chemical data with the ability to better evaluate the quality of analyses.

  3. ACCESS METHODS CONCERNING THE CONSTITUTIONAL CONTROL OF THE CONSTITUTIONAL COURT

    OpenAIRE

    Gabriela NEMTOI

    2009-01-01

    The study concerning the laws’ constitutionality represents the reason of constitutional warranty on judicial standards, which governs a democratic state. The supremacy of constitution is only a principle, which has to be doubled by establishing a mechanism creating consistency to it. In order to assure the supremacy of constitution, the doctrine and constitutional practice have created efficient judicial institutions, the control of laws’ constitutionality by the competency of Constitutional...

  4. Technical enforcement of european privacy legislation: an access control approach

    OpenAIRE

    Bekara, Kheira; Laurent, Maryline; Nguyen, Than Ha

    2012-01-01

    Until today, the protection of personal data is mainly left to the legislation by means of guidelines. This paper aims to increase the perceived control by users over their data by helping the user's agent to check the service requests conformity to the legislation. To do so, it discusses the main concepts involved in the legislative privacy principles, and deduces a privacy semantic information model. The proposed model focuses on the main concepts involved in legislative privacy principles....

  5. TRBAC:基于信任的访问控制模型%TRBAC: Trust Based Access Control Model

    Institute of Scientific and Technical Information of China (English)

    刘武; 段海新; 张洪; 任萍; 吴建平

    2011-01-01

    访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.

  6. A Group-oriented Access Control Scheme for P2P Networks

    OpenAIRE

    Wang Xiaoming; Cheng Fan

    2011-01-01

    A group-oriented access control scheme is proposed for P2P (peer to peer) networks. In the proposed scheme, authentication control, admission control and revocation control are used in order to provide security services for P2P networks. Moreover, the proposed scheme can simply and efficient establish share key between two members without interactions, therefore it can perform secure communications with them. The analysis of security and performance shows that the proposed scheme not only can...

  7. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Bruce Ndibanje

    2014-08-01

    Full Text Available Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. According to our analysis, Jing et al.’s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

  8. Medium Access Control in Energy Harvesting - Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Fafoutis, Xenofon

    Control (MAC) protocols that are following the receiver-initiated paradigm of asynchronous communication. According to the receiver-initiated paradigm the communication is initiated by the receiver that states its availability to receive data through beacons. The sender is passively listening...... to the channel until it receives the beacon of interest. In this context, the dissertation begins with an in-depth survey of all the receiverinitiated MAC protocols and presents their unique optimization features, which deal with several challenges of the link layer such as mitigation of the energy consumption......-efficient features that aim to adapt the consumed energy to match the harvested energy, distribute the load with respect to the harvested energy, decrease the overhead of the communication, address the requirements for collision avoidance, prioritize urgent traffic and secure the system against beacon replay attacks...

  9. Capability-based Access Control Delegation Model on the Federated IoT Network

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;

    2012-01-01

    no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...... the identity-based capability-based access control approach as well as contextual information and secure federated IoT, this proposed model provides scalability and flexibility as well as secure authority delegation for highly distributed system....

  10. A novel decentralized hierarchical access control scheme for the medical scenario

    DEFF Research Database (Denmark)

    Eskeland, Sigurd; Prasad, Neeli R.

    Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered to be the...... property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover, the...... hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....

  11. A novel decentralized hierarchical access control scheme for the medical scenario

    DEFF Research Database (Denmark)

    Eskeland, Sigurd; Prasad, Neeli R.

    2006-01-01

    property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover, the......Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered to be the...... hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....

  12. Methodology for Analysing Controllability and Observability of Bladed Disc Coupled Vibrations

    DEFF Research Database (Denmark)

    Christensen, Rene Hardam; Santos, Ilmar

    2004-01-01

    Many bladed rotating machines such as helicopters, turbines and compressors are susceptible to blade faults due to vibration problems. Typically, blade vibrations in this kind of machines are suppressed by using passive mechanical components. However, when passive control techniques are not...... a time-variant mathematical model, which presents parametric vibration modes and centrifugal stiffening effects resulting in increasing blade natural frequencies. In this framework the objective and contribution of this paper is to present a methodology for analysing the modal controllability and...

  13. Steganography-based access control to medical data hidden in electrocardiogram.

    Science.gov (United States)

    Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman

    2013-01-01

    Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data. PMID:24109934

  14. Analysis of Decision Factors for the Application of Information Access Controls within the Organization

    Science.gov (United States)

    Foerster, Carl A.

    2013-01-01

    The application of access controls on internal information necessarily impacts the availability of that information for sharing inside the enterprise. The decisions establishing the degree of control are a crucial first step to balance the requirements to protect and share. This research develops a set of basic decision factors and examines other…

  15. Socio-economic status influences blood pressure control despite equal access to care

    DEFF Research Database (Denmark)

    Paulsen, M S; Andersen, M; Munck, A P;

    2012-01-01

    OBJECTIVE: Denmark has a health care system with free and equal access to care irrespective of age and socio-economic status (SES). We conducted a cross-sectional study to investigate a possible association between SES and blood pressure (BP) control of hypertensive patients treated in general...... Statistics Denmark. The outcome measure was BP control defined as BP...

  16. 75 FR 69791 - Risk Management Controls for Brokers or Dealers With Market Access

    Science.gov (United States)

    2010-11-15

    ... Exchange Commission 17 CFR Part 240 Risk Management Controls for Brokers or Dealers With Market Access... Regulations#0;#0; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls... person other than a broker or dealer, to establish, document, and maintain a system of risk...

  17. A hybrid medium access control for convergence of broadband wireless and wireline ATM networks

    DEFF Research Database (Denmark)

    Liu, Hong; Gliese, Ulrik Bo; Dittmann, Lars

    2000-01-01

    In this paper, we propose a hybrid medium access control protocol for supporting broadband integrated services in the wireless ATM networks. The integrated services include CBR, VBR and ABR traffic varying from low bit-rate to very high bit-rate. The proposed protocol is an excellent compromise of...... contention, reservation and polling access techniques based on the dynamic TDMA system. Extensive simulation results using realistic data traffic sources, show that the proposed medium access scheme may provide QoS guarantees to different ATM traffic including the realistic MPEG video traces with low cell...

  18. Quality control and conduct of genome-wide association meta-analyses

    DEFF Research Database (Denmark)

    Winkler, Thomas W; Day, Felix R; Croteau-Chonka, Damien C;

    2014-01-01

    Rigorous organization and quality control (QC) are necessary to facilitate successful genome-wide association meta-analyses (GWAMAs) of statistics aggregated across multiple genome-wide association studies. This protocol provides guidelines for (i) organizational aspects of GWAMAs, and for (ii) Q...

  19. SparkXS: efficient access control for intelligent and large-scale streaming data applications

    OpenAIRE

    Preuveneers, Davy; Joosen, Wouter

    2015-01-01

    The exponential data growth in intelligent environments fueled by the Internet of Things is not only a major push behind distributed programming frameworks for big data, it also magnifies security and privacy concerns about unauthorized access to data. The huge diversity and the streaming nature of data raises the demand for new enabling technologies for scalable access control that can deal with the growing velocity, volume and variety of volatile data. This paper presents SparkXS, ...

  20. A survey of medium access control protocols for wireless ad hoc networks

    OpenAIRE

    Elvio João Leonardo; Ailton Akira Shinoda

    2004-01-01

    A number of issues distinguishes Medium Access Control (MAC) protocols for wireless networks from those used in wireline systems. In addition, for ad-hoc networks, the characteristics of the radio channel, the diverse physical-layer technologies available and the range of services envisioned make it a difficult task to design an algorithm to discipline the access to the shared medium that results efficient, fair, power consumption sensitive and delay bound. This article presents the current “...

  1. A Model-driven Role-based Access Control for SQL Databases

    OpenAIRE

    Raimundas Matulevičius; Henri Lakk

    2015-01-01

    Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering app...

  2. A novel technique to extract events from access control system and locate persons

    International Nuclear Information System (INIS)

    Indira Gandhi Centre for Atomic Research houses many laboratories which handle radioactive materials and classified materials. Protection and accounting of men and material and critical facilities are important aspect of nuclear security. Access Control System (ACS) is used to enhance the protective measures against elevated threat environment. Access control system hardware consists of hand geometry readers, RFID readers, Controllers, Electromagnetic door locks, Turnstiles, fiber cable laying and termination etc. Access Control System controls and monitors the people accessing the secured facilities. Access Control System generates events on: 1. Showing of RFID card, 2. Rotation of turnstile, 3. Download of valid card numbers, 4. Generation of alarms etc. Access control system turnstiles are located in main entrance of a facility, entrance of inside laboratory and door locks are fixed on secured facilities. Events are stored in SQL server database. From the events stored in database a novel technique is developed to extract events and list the persons in a particular facility, list all entry/exit events on one day, list the first in and last out entries. This paper discusses the complex multi level group by queries and software developed to extract events from database, locate persons and generate reports. Software is developed as a web application in ASP.Net and query is written in SQL. User can select the doors, type of events and generate reports. Reports are generated using the master data stored about employees RFID cards and events data stored in tables. Four types of reports are generated 1. Plant Emergency Report, 2. Locate User Report, 3. Entry - Exit Report, 4. First in Last out Report. To generate plant emergency report for whole plant only events generated in outer gates have to be considered. To generate plant emergency report for inside laboratory, events generated in entrance gates have to be ignored. (author)

  3. Cognitive radio networks medium access control for coexistence of wireless systems

    CERN Document Server

    Bian, Kaigui; Gao, Bo

    2014-01-01

    This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing.  From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources.  Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems.   • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...

  4. A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure

    Institute of Scientific and Technical Information of China (English)

    ZHANG Shaomin; WANG Baoyi; ZHOU Lihua

    2006-01-01

    PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.

  5. 78 FR 63479 - Meta-Analyses of Randomized Controlled Clinical Trials (RCTs) for the Evaluation of Risk To...

    Science.gov (United States)

    2013-10-24

    ... HUMAN SERVICES Food and Drug Administration Meta-Analyses of Randomized Controlled Clinical Trials (RCTs... scientific approaches for the conduct and assessment of meta-analyses of randomized controlled clinical... others from the general public, about the use of meta-analyses of randomized trials as a tool for...

  6. Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

    OpenAIRE

    Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin

    2013-01-01

    This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...

  7. Virus spreading in wireless sensor networks with a medium access control mechanism

    International Nuclear Information System (INIS)

    In this paper, an extended version of standard susceptible-infected (SI) model is proposed to consider the influence of a medium access control mechanism on virus spreading in wireless sensor networks. Theoretical analysis shows that the medium access control mechanism obviously reduces the density of infected nodes in the networks, which has been ignored in previous studies. It is also found that by increasing the network node density or node communication radius greatly increases the number of infected nodes. The theoretical results are confirmed by numerical simulations. (general)

  8. Consistency maintenance for constraint in role-based access control model

    Institute of Scientific and Technical Information of China (English)

    韩伟力; 陈刚; 尹建伟; 董金祥

    2002-01-01

    Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.

  9. Joint Random Access and Power Control Game in Ad Hoc Networks with Noncooperative Users

    Science.gov (United States)

    Long, Chengnian; Guan, Xinping

    We consider a distributed joint random access and power control scheme for interference management in wireless ad hoc networks. To derive decentralized solutions that do not require any cooperation among the users, we formulate this problem as non-cooperative joint random access and power control game, in which each user minimizes its average transmission cost with a given rate constraint. Using supermodular game theory, the existence and uniqueness of Nash equilibrium are established. Furthermore, we present an asynchronous distributed algorithm to compute the solution of the game based on myopic best response updates, which converges to Nash equilibrium globally.

  10. A low-order model for analysing effects of blade fatigue load control

    Energy Technology Data Exchange (ETDEWEB)

    Kallesoee, B.S. [Technical Univ. of Denmark, Dept. of Mechanical Engineering, Lyngby (Denmark)

    2006-07-01

    A new low-order mathematical model is introduced to analyse blade dynamics and blade load-reducing control strategies for wind turbines. The model consists of a typical wing section model combined with a rotor speed model, leading to four structural degrees of freedom (flapwise, edgewise and torsional blade oscillations and rotor speed). The aerodynamics is described by an unsteady aerodynamic model. The equations of motion are derived in non-linear and linear form. The linear equations of motion are used for stability analysis and control design. The non-linear equations of motion are used for time simulations to evaluate control performance. The stability analysis shows that the model is capable of predicting classical flutter and stall-induced vibrations. The results from the stability analysis are compared with known results, showing good agreement. The model is used to compare the performance of one proportional-integral-derivative controller and two full-state feedback controllers. (Author)

  11. Automated biometric access control system for two-man-rule enforcement

    International Nuclear Information System (INIS)

    This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule

  12. Performance Evaluation of Virtualization Techniques for Control and Access of Storage Systems in Data Center Applications

    Science.gov (United States)

    Ahmadi, Mohammad Reza

    2013-09-01

    Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.

  13. Accessibility to tuberculosis control services and tuberculosis programme performance in southern Ethiopia

    Directory of Open Access Journals (Sweden)

    Mesay Hailu Dangisso

    2015-11-01

    Full Text Available Background: Despite the expansion of health services and community-based interventions in Ethiopia, limited evidence exists about the distribution of and access to health facilities and their relationship with the performance of tuberculosis (TB control programmes. We aim to assess the geographical distribution of and physical accessibility to TB control services and their relationship with TB case notification rates (CNRs and treatment outcome in the Sidama Zone, southern Ethiopia. Design: We carried out an ecological study to assess physical accessibility to TB control facilities and the association of physical accessibility with TB CNRs and treatment outcome. We collected smear-positive pulmonary TB (PTB cases treated during 2003–2012 from unit TB registers and TB service data such as availability of basic supplies for TB control and geographic locations of health services. We used ArcGIS 10.2 to measure the distance from each enumeration location to the nearest TB control facilities. A linear regression analysis was employed to assess factors associated with TB CNRs and treatment outcome. Results: Over a decade the health service coverage (the health facility–to-population ratio increased by 36% and the accessibility to TB control facilities also improved. Thus, the mean distance from TB control services was 7.6 km in 2003 (ranging from 1.8 to 25.5 km between kebeles (the smallest administrative units and had decreased to 3.2 km in 2012 (ranging from 1.5 to 12.4 km. In multivariate linear regression, as distance from TB diagnostic facilities (b-estimate=−0.25, p<0.001 and altitude (b-estimate=−0.31, p<0.001 increased, the CNRs of TB decreased, whereas a higher population density was associated with increased TB CNRs. Similarly, distance to TB control facilities (b-estimate=−0.27, p<0.001 and altitude (b-estimate=−0.30, p<0.001 were inversely associated with treatment success (proportion of treatment completed or cured cases

  14. Electronic Wallet and Access Control Solution Based on RFID MiFare Cards

    Directory of Open Access Journals (Sweden)

    Stefan Victor Lefter

    2013-03-01

    Full Text Available With the advent of Radio Frequency Identification technologies or RFID for short, different types of products and security-relevant applications have been developed for use in fields and businesses like: inventory management, product tracking, access control, passports or transport fare collection. Even though RFID has been around for quite some time, there are some types of businesses like theme parks, water parks or music festivals that haven’t yet tested the benefits that this technology brings. This paper focuses on presenting advantages and disadvantages of using an unified access control and electronic wallet system based on RFID cards like MiFare tags as an alternative to existing ticket/currency access and payment systems employed by the majority of the businesses mentioned above.

  15. Access to the Birth Control Pill and the Career Plans of Young Men and Women

    DEFF Research Database (Denmark)

    Steingrimsdottir, Herdis

    The paper explores the effect of unrestricted access to the birth control pill on young people’s career plans, using annual surveys of college freshmen from 1968 to 1980. In particular it addresses the question of who was affected by the introduction of the birth control pill by looking at career...... plans of both men and women, and by separating the effect by level of academic ability, race and family income. The results show that unrestricted access to the pill caused high ability women to move towards occupations with higher wages, higher occupational prestige scores and higher male ratios. The...... estimated effects for women with low grades and from low selectivity colleges are in the opposite direction. Men were also affected by unrestricted access to the pill, as their aspirations shifted towards traditionally male dominated occupations, across all ability groups. The biggest effect of unrestricted...

  16. A Study on Automated Context-aware Access Control Model Using Ontology

    Science.gov (United States)

    Jang, Bokman; Jang, Hyokyung; Choi, Euiin

    Applications in context-aware computing environment will be connected wireless network and various devices. According to, recklessness access of information resource can make trouble of system. So, access authority management is very important issue both information resource and adapt to system through founding security policy of needed system. But, existing security model is easy of approach to resource through simply user ID and password. This model has a problem that is not concerned about user's environment information. In this paper, propose model of automated context-aware access control using ontology that can more efficiently control about resource through inference and judgment of context information that collect user's information and user's environment context information in order to ontology modeling.

  17. Pace: Privacy-Protection for Access Control Enforcement in P2P Networks

    Science.gov (United States)

    Sánchez-Artigas, Marc; García-López, Pedro

    In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.

  18. FreeBSD Mandatory Access Control Usage for Implementing Enterprise Security Policies

    OpenAIRE

    Bolshakov, Kirill; Reshetova, Elena

    2007-01-01

    FreeBSD was one of the first widely deployed free operating systems to provide mandatory access control. It supports a number of classic MAC models. This tutorial paper addresses exploiting this implementation to enforce typical enterprise security policies of varying complexities.

  19. Access and control of agro-biotechnology : Bt cotton, ecological change and risk in China

    NARCIS (Netherlands)

    Ho, Peter; Zhao, Jennifer H.; Xue, Dayuan

    2009-01-01

    This article argues that if the introduction of genetically modified crops (GM crops) in developing countries is to be successful, we can and should not evade questions of access and control of technology. It implies probing into the experiences, perceptions and understanding of GM crops by the prim

  20. Mining Roles and Access Control for Relational Data under Privacy and Accuracy Constraints

    Science.gov (United States)

    Pervaiz, Zahid

    2013-01-01

    Access control mechanisms protect sensitive information from unauthorized users. However, when sensitive information is shared and a Privacy Protection Mechanism (PPM) is not in place, an authorized insider can still compromise the privacy of a person leading to identity disclosure. A PPM can use suppression and generalization to anonymize and…

  1. A METHOD OF AND A SYSTEM FOR CONTROLLING ACCESS TO A SHARED RESOURCE

    DEFF Research Database (Denmark)

    2006-01-01

    A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority will be...

  2. Multi-level access control in the data pipeline of the international supply chain system

    NARCIS (Netherlands)

    Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.

    2013-01-01

    The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to b

  3. A Random-Walk Based Privacy-Preserving Access Control for Online Social Networks

    Directory of Open Access Journals (Sweden)

    You-sheng Zhou

    2016-02-01

    Full Text Available Online social networks are popularized with people to connect friends, share resources etc. Meanwhile, the online social networks always suffer the problem of privacy exposure. The existing methods to prevent exposure are to enforce access control provided by the social network providers or social network users. However, those enforcements are impractical since one of essential goal of social network application is to share updates freely and instantly. To better the security and availability in social network applications, a novel random walking based access control of social network is proposed in this paper. Unlike using explicit attribute based match in the existing schemes, the results from random walking are employed to securely compute L1 distance between two social network users in the presented scheme, which not only avoids the leakage of private attributes, but also enables each social network user to define access control policy independently. The experimental results show that the proposed scheme can facilitate the access control for online social network.

  4. Policy Based Access Control in Dynamic Grid-based Collaborative Environment

    NARCIS (Netherlands)

    Y. Demchenko; L. Gommans; A. Tokmakoff; R. van Buuren

    2006-01-01

    This paper describes the design and development of a flexible, customer-driven, security infrastructure for Gridbased Collaborative Environments. The paper proposes further development of the access control model built around a service or resource provisioning agreement (e.g., an experiment or proje

  5. 30 CFR 816.66 - Use of explosives: Blasting signs, warnings, and access control.

    Science.gov (United States)

    2010-07-01

    ... 30 Mineral Resources 3 2010-07-01 2010-07-01 false Use of explosives: Blasting signs, warnings... STANDARDS-SURFACE MINING ACTIVITIES § 816.66 Use of explosives: Blasting signs, warnings, and access control. (a) Blasting signs. Blasting signs shall meet the specifications of § 816.11. The operator shall—...

  6. 30 CFR 817.66 - Use of explosives: Blasting signs, warnings, and access control.

    Science.gov (United States)

    2010-07-01

    ... 30 Mineral Resources 3 2010-07-01 2010-07-01 false Use of explosives: Blasting signs, warnings... STANDARDS-UNDERGROUND MINING ACTIVITIES § 817.66 Use of explosives: Blasting signs, warnings, and access control. (a) Blasting signs. Blasting signs shall meet the specifications of § 817.11. The operator...

  7. Control of Access to Memory: The Use of Task Interference as a Behavioral Probe

    Science.gov (United States)

    Loft, Shayne; Humphreys, Michael S.; Whitney, Susannah J.

    2008-01-01

    Directed forgetting and prospective memory methods were combined to examine differences in the control of memory access. Between studying two lists of target words, participants were either instructed to forget the first list, or to continue remembering the first list. After study participants performed a lexical decision task with an additional…

  8. Hierarchies in Contextual Role- Based Access Control Model (C-RBAC

    Directory of Open Access Journals (Sweden)

    Muhammad Nabeel Tahir

    2008-11-01

    Full Text Available Hierarchical representation is a natural way of organizing roles in role-based access control systems. Besides its advantages of providing a way of establishing parent-child relationships among different roles, it also provides a facility to design and organize context dependant application roles that users may activate depending on their current context (spatial, temporal conditions. In this paper, we show that if spatial roles are organized in hierarchical relationships, it can cause the problem of disambiguation in making access control decisions especially when the user moves from one location to another location frequently in a single transaction and a single session. We extend our work of Contextual Role-Based Access Control (C-RBAC by introducing hierarchical relationship among subject, location and purpose roles and solve the disambiguation problem in hierarchy by considering user motion direction and his/her context roles (spatial and spatial purpose in order to make more fine grained and better access control decisions.

  9. Dominion- An Introductory Concept of Access Control Between Valuable Assets and Mobile Device

    Directory of Open Access Journals (Sweden)

    Neha Dubey

    2013-11-01

    Full Text Available At present methods for providing conditional access to restricted resources and applications for permitting personnel, such as military members, government agencies, or first-responders are not available. The conditional access is provided if the user is an authentic user in one of the authorized geographic location and is connected to specific base transceiver stations or base station controllers. In this work we introduce dominions for mobile security, which are designed to provide this conditional access, are adjustable and congenial with mobile cellular systems, and can run even without being connected to a devoted back-end network. The aim of the architecture is to provide users who satisfy specific pre-conditions access to restricted resources and applications to which they otherwise normally would not be granted access. These mobile security dominions not only provide strict security by authenticating the user and the geographic location of the device, but also prevent access to networks or resources outside of authorized areas and restrict unauthorized users.

  10. Toward an Open-Access Global Database for Mapping, Control, and Surveillance of Neglected Tropical Diseases

    OpenAIRE

    Hürlimann, Eveline; Schur, Nadine; Boutsika, Konstantina; Stensgaard, Anna-Sofie; de Himpsl, Maiti Laserna; Ziegelbauer, Kathrin; Laizer, Nassor; Camenzind, Lukas; Pasquale, Aurelio Di; Ekpo, Uwem F.; Simoonga, Christopher; Mushinge, Gabriel; Saarnak, Christopher Florian Larsen; Utzinger, Jürg; Kristensen, Thomas K

    2011-01-01

    Background After many years of general neglect, interest has grown and efforts came under way for the mapping, control, surveillance, and eventual elimination of neglected tropical diseases (NTDs). Disease risk estimates are a key feature to target control interventions, and serve as a benchmark for monitoring and evaluation. What is currently missing is a georeferenced global database for NTDs providing open-access to the available survey data that is constantly updated and can be utilized b...

  11. The Ground Test Accelerator control system database: Configuration, run-time operation, and access

    International Nuclear Information System (INIS)

    A database is used to implement the interface between the control system and the accelerator and to provide flexibility in configuring the I/O. This flexibility is necessary to allow the control system to keep pace with the changing requirements that are inherent in an experimental environmental environment. This is not achieved without cost. Problems often associated with using databases are painful data entry, poor performance, and embedded knowledge of the database structure in code throughout the control system. This report describes how the database configuration, access, conversion, and execution in the Ground Test Accelerator (GTA) Control System overcome these problems. 2 figs

  12. A survey of medium access control protocols for wireless ad hoc networks

    Directory of Open Access Journals (Sweden)

    Elvio João Leonardo

    2004-01-01

    Full Text Available A number of issues distinguishes Medium Access Control (MAC protocols for wireless networks from those used in wireline systems. In addition, for ad-hoc networks, the characteristics of the radio channel, the diverse physical-layer technologies available and the range of services envisioned make it a difficult task to design an algorithm to discipline the access to the shared medium that results efficient, fair, power consumption sensitive and delay bound. This article presents the current “state-of-art” in this area, including solutions already commercially available as well as those still in study.

  13. Distributed SIR-Aware Opportunistic Access Control for D2D Underlaid Cellular Networks

    OpenAIRE

    Chen, Zheng; Kountouris, Marios

    2014-01-01

    In this paper, we propose a distributed interference and channel-aware opportunistic access control technique for D2D underlaid cellular networks, in which each potential D2D link is active whenever its estimated signal-to-interference ratio (SIR) is above a predetermined threshold so as to maximize the D2D area spectral efficiency. The objective of our SIR-aware opportunistic access scheme is to provide sufficient coverage probability and to increase the aggregate rate of D2D links by harnes...

  14. Access Scheme for Controlling Mobile Agents and its Application to Share Medical Information.

    Science.gov (United States)

    Liao, Yu-Ting; Chen, Tzer-Shyong; Chen, Tzer-Long; Chung, Yu-Fang; Chen, Yu- Xin; Hwang, Jen-Hung; Wang, Huihui; Wei, Wei

    2016-05-01

    This study is showing the advantage of mobile agents to conquer heterogeneous system environments and contribute to a virtual integrated sharing system. Mobile agents will collect medical information from each medical institution as a method to achieve the medical purpose of data sharing. Besides, this research also provides an access control and key management mechanism by adopting Public key cryptography and Lagrange interpolation. The safety analysis of the system is based on a network attacker's perspective. The achievement of this study tries to improve the medical quality, prevent wasting medical resources and make medical resources access to appropriate configuration. PMID:27010391

  15. An Efficient Mutual Authentication and Access Control Scheme for Wireless Sensor Networks in Healthcare

    Directory of Open Access Journals (Sweden)

    Xuan Hung Le

    2011-03-01

    Full Text Available Wireless sensor networks (WSNs will play an active role in the 21th Century Healthcare IT to reduce the healthcare cost and improve the quality of care. The protection of data confidentiality and patient privacy are the most critical requirements for the ubiquitous use of WSNs in healthcare environments. This requires a secure and lightweight user authentication and access control. Symmetric key - based access control is not suitable for WSNs in healthcare due to dynamic network topology, mobility, and stringent resource constraints. In this paper, we propose a secure, lightweight public key - based security scheme, Mutual Authentication and Access Control based on Elliptic curve cryptography (MAACE. MAACE is a mutual authentication protocol where a healthcare professional can authenticate to an accessed node (a PDA or medical sensor and vice versa. This is to ensure that medical data is not exposed to an unauthorized person. On the other hand, it ensures that medical data sent to healthcare professionals did not originate from a malicious node. MAACE is more scalable and requires less memory compared to symmetric key-based schemes. Furthermore, it is much more lightweight than other public key-based schemes. Security analysis and performance evaluation results are presented and compared to existing schemes to show advantages of the proposed scheme.

  16. DOE's nation-wide system for access control can solve problems for the federal government

    International Nuclear Information System (INIS)

    The U.S. Department of Energy's (DOE's) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by many different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location's level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals

  17. A Novel Medium Access Control for Ad hoc Networks Based on OFDM System

    Institute of Scientific and Technical Information of China (English)

    YU Yi-fan; YIN Chang-chuan; YUE Guang-xin

    2005-01-01

    Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%~80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.

  18. Extending AAA operational model for profile-based access control in ethernet-based Neutral Access Networks

    NARCIS (Netherlands)

    J. Matias; E. Jacob; Y. Demchenko; C. de Laat; L. Gommans

    2010-01-01

    Neutral Access Networks (NAN) have appeared as a new model to overcome some restrictions and lack of flexibility that are present currently in broadband access networks. NAN brings new business opportunities by opening this market to new stakeholders. Although the NAN model is accepted, there are so

  19. Optimal Medium Access Control in Cognitive Radios: A Sequential Design Approach

    CERN Document Server

    Lai, Lifeng; Jiang, Hai; Poor, H Vincent

    2008-01-01

    The design of medium access control protocols for a cognitive user wishing to opportunistically exploit frequency bands within parts of the radio spectrum having multiple bands is considered. In the scenario under consideration, the availability probability of each channel is unknown a priori to the cognitive user. Hence efficient medium access strategies must strike a balance between exploring the availability of channels and exploiting the opportunities identified thus far. Using a sequential design approach, an optimal medium access strategy is derived. To avoid the prohibitive computational complexity of this optimal strategy, a low complexity asymptotically optimal strategy is also developed. The proposed strategy does not require any prior statistical knowledge about the traffic pattern on the different channels.

  20. Parametric analyses for synthetic jet control on separation and stall over rotor airfoil

    Directory of Open Access Journals (Sweden)

    Zhao Guoqing

    2014-10-01

    Full Text Available Numerical simulations are performed to investigate the effects of synthetic jet control on separation and stall over rotor airfoils. The preconditioned and unsteady Reynolds-averaged Navier–Stokes equations coupled with a k − ω shear stream transport turbulence model are employed to accomplish the flowfield simulation of rotor airfoils under jet control. Additionally, a velocity boundary condition modeled by a sinusoidal function is developed to fulfill the perturbation effect of periodic jets. The validity of the present CFD procedure is evaluated by the simulated results of an isolated synthetic jet and the jet control case for airfoil NACA0015. Then, parametric analyses are conducted specifically for an OA213 rotor airfoil to investigate the effects of jet parameters (forcing frequency, jet location and momentum coefficient, jet direction, and distribution of jet arrays on the control effect of the aerodynamic characteristics of a rotor airfoil. Preliminary results indicate that the efficiency of jet control can be improved with specific frequencies (the best lift-drag ratio at F+ = 2.0 and jet angles (40° or 75° when the jets are located near the separation point of the rotor airfoil. Furthermore, as a result of a suitable combination of jet arrays, the lift coefficient of the airfoil can be improved by nearly 100%, and the corresponding drag coefficient decreased by 26.5% in comparison with the single point control case.

  1. Secure Access Control and Authority Delegation Based on Capability and Context Awareness for Federated IoT

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.;

    2013-01-01

    Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... information and secure federated IoT, this proposed model provides scalability, flexibility, and secure authority delegation for highly distributed system. The protocol evaluation results show that the capability creation and access mechanism of CCAAC is secure against a rigorous man-in-the-middle attack, e...

  2. Development of an OPC and PLC Based Remote-Access Laboratory: A Synchronous Motor Control Experiment

    OpenAIRE

    VADI, Seyfettin

    2015-01-01

    In this study, OPC and PLC based remote-access laboratory has been developed for synchronous motor control experiment. The monitoring and control of the parameters of synchronous motor has been realized using GPRS and Profi-Lab OPC Server through the visual programming language. In addition, S7-1200 CPU 1214 DC/DC/DC series PLC was used for control of the system. The motor parameters monitored in real-time by the user to visually is shown the effect of any change in the parameters of the moto...

  3. Experimental and computer analyses of control rod drive systems seismic capacity

    International Nuclear Information System (INIS)

    The experimental and computer analyses of the 1/4 scale Control Rod Drive System (CRDS) model of WWER-440 reactor has been carried out. The experimental study has been undertaken on CVS 20 ton's capacity shaking table with modeling operability of CRDS during earthquake and operational vibration. A special PC computer program has been developed for evaluation of CRDS seismic and vibration margins. The program enables estimation of different nonlinear effects in bearings and gaps of CRDS including shocks and friction that highly influence on dynamic capacity of CRDS. The results of these investigations are presented in this paper. (author)

  4. Measurement of electromagnetic fields generated by air traffic control radar systems with spectrum analysers

    International Nuclear Information System (INIS)

    Air traffic control (ATC) primary radars are 'classical' radars that use echoes of radiofrequency (RF) pulses from aircraft to determine their position. High-power RF pulses radiated from radar antennas may produce high electromagnetic field levels in the surrounding area. Measurement of electromagnetic fields produced by RF-pulsed radar by means of a swept-tuned spectrum analyser are investigated here. Measurements have been carried out both in the laboratory and in situ on signals generated by an ATC primary radar. (authors)

  5. Combating logical back doors into physically protected areas. The role of computer security in modern access control systems

    International Nuclear Information System (INIS)

    As long as nuclear fission has been used for energy production, substantial efforts have been made to protect the critical process and nuclear materials from unauthorized access. Electronic systems have been designed to assist security staff in access control and have become increasingly sophisticated as technology has advanced. With the latest access control systems being fully computerized, new questions of computer security have arisen. The paper outlines the latest trends in computer based access control systems, demonstrates where these systems are vulnerable to hacking attacks, and provides guidance on what can be done to avoid the introduction of new computer technologies creating back doors to bypass physical plant and material protection. (author)

  6. BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs

    Science.gov (United States)

    Frias-Martinez, Vanessa; Stolfo, Salvatore J.; Keromytis, Angelos D.

    Mobile Ad-hoc Networks (MANETs) are very dynamic networks with devices continuously entering and leaving the group. The highly dynamic nature of MANETs renders the manual creation and update of policies associated with the initial incorporation of devices to the MANET (admission control) as well as with anomaly detection during communications among members (access control) a very difficult task. In this paper, we present BARTER, a mechanism that automatically creates and updates admission and access control policies for MANETs based on behavior profiles. BARTER is an adaptation for fully distributed environments of our previously introduced BB-NAC mechanism for NAC technologies. Rather than relying on a centralized NAC enforcer, MANET members initially exchange their behavior profiles and compute individual local definitions of normal network behavior. During admission or access control, each member issues an individual decision based on its definition of normalcy. Individual decisions are then aggregated via a threshold cryptographic infrastructure that requires an agreement among a fixed amount of MANET members to change the status of the network. We present experimental results using content and volumetric behavior profiles computed from the ENRON dataset. In particular, we show that the mechanism achieves true rejection rates of 95% with false rejection rates of 9%.

  7. State of the Art Authentication, Access Control, and Secure Integration in Smart Grid

    Directory of Open Access Journals (Sweden)

    Neetesh Saxena

    2015-10-01

    Full Text Available The smart grid (SG is a promising platform for providing more reliable, efficient, and cost effective electricity to the consumers in a secure manner. Numerous initiatives across the globe are taken by both industry and academia in order to compile various security issues in the smart grid network. Unfortunately, there is no impactful survey paper available in the literature on authentications in the smart grid network. Therefore, this paper addresses the required objectives of an authentication protocol in the smart grid network along with the focus on mutual authentication, access control, and secure integration among different SG components. We review the existing authentication protocols, and analyze mutual authentication, privacy, trust, integrity, and confidentiality of communicating information in the smart grid network. We review authentications between the communicated entities in the smart grid, such as smart appliance, smart meter, energy provider, control center (CC, and home/building/neighborhood area network gateways (GW. We also review the existing authentication schemes for the vehicle-to-grid (V2G communication network along with various available secure integration and access control schemes. We also discuss the importance of the mutual authentication among SG entities while providing confidentiality and privacy preservation, seamless integration, and required access control with lower overhead, cost, and delay. This paper will help to provide a better understanding of current authentication, authorization, and secure integration issues in the smart grid network and directions to create interest among researchers to further explore these promising areas.

  8. An Internet of Things Example: Classrooms Access Control over Near Field Communication

    Directory of Open Access Journals (Sweden)

    Daniel Palma

    2014-04-01

    Full Text Available The Internet of Things is one of the ideas that has become increasingly relevant in recent years. It involves connecting things to the Internet in order to retrieve information from them at any time and from anywhere. In the Internet of Things, sensor networks that exchange information wirelessly via Wi-Fi, Bluetooth, Zigbee or RF are common. In this sense, our paper presents a way in which each classroom control is accessed through Near Field Communication (NFC and the information is shared via radio frequency. These data are published on the Web and could easily be used for building applications from the data collected. As a result, our application collects information from the classroom to create a control classroom tool that displays access to and the status of all the classrooms graphically and also connects this data with social networks.

  9. A MATHEMATICAL MODEL OF ACCESS CONTROL IN BIG DATA USING CONFIDENCE INTERVAL AND DIGITAL SIGNATURE

    Directory of Open Access Journals (Sweden)

    Amine RAHMANI

    2015-11-01

    Full Text Available Nowadays, the concept of big data grows incessantly; recent researches proved that 90% of the whole data existed on the web had been created in last two years. However, this growing bumped by many critical challenges resides generally in security level; the users care about how could providers protect their privacy on their data. Access control, cryptography, and deidentification are the main search areas grouped under a specific domain known as Privacy Preserving Data Publishing. In this paper, we bring in suggestion a new model for access control over big data using digital signature and confidence interval; we first introduce our work by presenting some general concepts used to build our approach then presenting the idea of this report and finally we evaluate our system by conducting several experiments and showing and discussing the results that we got.

  10. A distributed Synchronous reservation multiple access control protocol for mobile Ad hoc networks

    Institute of Scientific and Technical Information of China (English)

    ZHANG Yanling; SUN Xianpu; LI Jiandong

    2007-01-01

    This study proposes a new multiple access control protocol named distributed synchronous reservation multiple access control protocol.in which the hidden and exposed terminal problems are solved,and the quality of service(QoS)requirements for real-time traffic are guaranteed.The protocol is founded on time division multiplex address and a different type of traffic is assigned to difierent priority,according to which a node should compete for and reserve the free slots in a different method.Moreover,there is a reservation acknowledgement process before data transmit in each reserved slot,so that the intruded terminal problem is solved.The throughput and average packets drop probability of this protocol are analyzed and simulated in a fully connected network.the results of which indicate that this protocol is efficient enough to support the real-time traffic.and it is more suitable to MANETs.

  11. An internet of things example: classrooms access control over near field communication.

    Science.gov (United States)

    Palma, Daniel; Agudo, Juan Enrique; Sánchez, Héctor; Macías, Miguel Macías

    2014-01-01

    The Internet of Things is one of the ideas that has become increasingly relevant in recent years. It involves connecting things to the Internet in order to retrieve information from them at any time and from anywhere. In the Internet of Things, sensor networks that exchange information wirelessly via Wi-Fi, Bluetooth, Zigbee or RF are common. In this sense, our paper presents a way in which each classroom control is accessed through Near Field Communication (NFC) and the information is shared via radio frequency. These data are published on the Web and could easily be used for building applications from the data collected. As a result, our application collects information from the classroom to create a control classroom tool that displays access to and the status of all the classrooms graphically and also connects this data with social networks. PMID:24755520

  12. NEOREG: design and implementation of an online Neonatal Registration System to access, follow and analyse the data of newborns with congenital cytomegalovirus infection.

    Science.gov (United States)

    Steurbaut, Kristof; De Backere, Femke; Keymeulen, Annelies; De Leenheer, Marc; Smets, Koenraad; De Turck, Filip

    2013-09-01

    Today's registration of newborns with congenital cytomegalovirus (cCMV) infection is still performed on paper-based forms in Flanders, Belgium. This process has a large administrative impact. It is important that all screening tests are registered to have a complete idea of the impact of cCMV. Although these registrations are usable in computerised data analysis, these data are not available in a format to perform electronic processing. An online Neonatal Registry (NEOREG) System was designed and developed to access, follow and analyse the data of newborns remotely. It allows remote access and monitoring by the physician. The Java Enterprise layered application provides patients' diagnostic registration and treatment follow-up through a web interface and uses document forms in Portable Document Format (PDF), which incorporate all the elements from the existing forms. Forms are automatically processed to structured EHRs. Modules are included to perform statistical analysis. The design was driven by extendibility, security and usability requirements. The website load time, throughput and execution time of data analysis were evaluated in detail. The NEOREG system is able to replace the existing paper-based CMV records. PMID:23323747

  13. Dramatic reduction of read disturb through pulse width control in spin torque random access memory

    Science.gov (United States)

    Wang, Zihui; Wang, Xiaobin; Gan, Huadong; Jung, Dongha; Satoh, Kimihiro; Lin, Tsann; Zhou, Yuchen; Zhang, Jing; Huai, Yiming; Chang, Yao-Jen; Wu, Te-ho

    2013-09-01

    Magnetizations dynamic effect in low current read disturb region is studied both experimentally and theoretically. Dramatic read error rate reduction through read pulse width control is theoretically predicted and experimentally observed. The strong dependence of read error rate upon pulse width contrasts conventional energy barrier approach and can only be obtained considering detailed magnetization dynamics at long time thermal magnetization reversal region. Our study provides a design possibility for ultra-fast low current spin torque random access memory.

  14. A MATHEMATICAL MODEL OF ACCESS CONTROL IN BIG DATA USING CONFIDENCE INTERVAL AND DIGITAL SIGNATURE

    OpenAIRE

    Amine RAHMANI; Amine, Abdelmalek; Mohamed Reda HAMOU

    2015-01-01

    Nowadays, the concept of big data grows incessantly; recent researches proved that 90% of the whole data existed on the web had been created in last two years. However, this growing bumped by many critical challenges resides generally in security level; the users care about how could providers protect their privacy on their data. Access control, cryptography, and deidentification are the main search areas grouped under a specific domain known as Privacy Preserving Data Publishi...

  15. Quality Test Template toward Multi-user Access Control of Internet-Based System

    Directory of Open Access Journals (Sweden)

    Nan Nie

    2011-06-01

    Full Text Available Aiming at three kinds of Internet-based system quality problems, which is performance, liability and security, the paper proposes a kind of test template during multi-user login and resource access control, which includes test requirement, login script, role-resource correlating and mutation test technique. Some Internet-based systems are tested and diagnosed by automation test technique of test template. At last, system quality can be verified and improved through the realization mechanism of test template.

  16. Enforcing Access Control in Virtual Organizations Using Hierarchical Attribute-Based Encryption

    OpenAIRE

    Asim, Muhammad; Ignatenko, Tanya; Petkovic, Milan; Trivellato, Daniel; Zannone, Nicola

    2012-01-01

    Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hierarchical attribute-based encryption (D-HABE) scheme that allows the insti...

  17. Context Driven Access Control to SNMP MIB objects in multi-homed environments

    OpenAIRE

    State, Radu; Festor, Olivier; Chrisment, Isabelle

    2003-01-01

    The advent of multi-technologies networks offering the service continuum over multiple network infrastructures implies new challenges to integrated management. One of this challenge is the auto-configuration of the management plane needed to allow dynamic relationships among several managers and one management agent. This paper proposes the use of provisional policies in order to dynamically auto-configure the access control plane of a management agent. This allows simple management based on ...

  18. A Combined Solution for Routing and Medium Access Control Layer Attacks in Mobile Ad Hoc Networks

    OpenAIRE

    R. Murugan; Shanmugam, A.

    2010-01-01

    Problem statement: In Mobile Ad hoc Network (MANET), both the routing layer and the Medium Access Control (MAC) layer are vulnerable to several attacks. There are very few techniques to detect and isolate the attacks of both these layers simultaneously. In this study, we developed a combined solution for routing and MAC layer attacks. Approach: Our approach, makes use of three techniques simultaneously which consists of a cumulative frequency based detection technique for&...

  19. A Study of Medium Access Control Protocols for Wireless Body Area Networks

    OpenAIRE

    Ullah, Sana; Shen, Bin; Islam, S.M. Riazul; Khan, Pervez; Saleem, Shahnaz; Kwak, Kyung Sup

    2010-01-01

    The seamless integration of low-power, miniaturised, invasive/non-invasive lightweight sensor nodes have contributed to the development of a proactive and unobtrusive Wireless Body Area Network (WBAN). A WBAN provides long-term health monitoring of a patient without any constraint on his/her normal dailylife activities. This monitoring requires low-power operation of invasive/non-invasive sensor nodes. In other words, a power-efficient Medium Access Control (MAC) protocol is required to satis...

  20. Implementing Role Based Access Controls using X.509 Privilege Management - the PERMIS Authorisation Infrastructure

    OpenAIRE

    Chadwick, David W; Otenko, Alexander

    2004-01-01

    This paper describes the PERMIS role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. Users roles can be assigned by multiple widely distributed management authorities (called Attribute Authorities in X.509), thereby easing the burden of management. All the ACs can be stored in one or more LDAP directories, thus making them widely available. The PERMIS distribution includes a Privilege Allocator GUI tool, and a bulk loader tool, that a...

  1. Design of an Integrated Role-Based Access Control Infrastructure for Adaptive Workflow Systems

    OpenAIRE

    C Narendra, Nanjangud

    2003-01-01

    With increasing numbers of organizations automating their business processes by using workflow systems, security aspects of workflow systems has become a heavily researched area. Also, most workflow processes nowadays need to be adaptive, i.e., constantly changing, to meet changing business conditions. However, little attention has been paid to integrating Security and Adaptive Workflow. In this paper, we investigate this important research topic, with emphasis on Role Based Access Control (R...

  2. Enhancing Access-Control with Risk-Metrics for Collaboration on Social Cloud-Platforms

    OpenAIRE

    Bouchami, Ahmed; Goettelmann, Elio; Perrin, Olivier; Godart, Claude

    2015-01-01

    Cloud computing promotes the exchange of information , resources and tasks between different organizations by facilitating the deployment and adoption of centralized collaboration platforms: Professional Social Networking (PSN). However, issues concerning security management are preventing their widespread use, as organizations still need to protect some of their sensitive data. Traditional access control policies, defined over the triplet (User, Action, Resource) are difficult to put in plac...

  3. A fuzzy expert system to Trust-Based Access Control in crowdsourcing environments

    OpenAIRE

    Olusegun Folorunso; Olusegun Afeez Mustapha

    2015-01-01

    Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC) strategy and fuzzy-expert systems was used to enhance the qu...

  4. Energy-Efficient Boarder Node Medium Access Control Protocol for Wireless Sensor Networks

    OpenAIRE

    Abdul Razaque; Elleithy, Khaled M.

    2014-01-01

    This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC) for wireless sensor networks (WSNs), which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols,...

  5. Collision-free prioritized medium access control in wireless networks with hidden nodes

    OpenAIRE

    Andersson, Björn; Pereira, Nuno; Tovar, Eduardo

    2006-01-01

    We propose a collision-free medium access control (MAC) protocol, which implements static-priority scheduling and works in the presence of hidden nodes. The MAC protocol allows multiple masters and is fully distributed; it is an adaptation to a wireless channel of the dominance protocol used in the CAN bus. But unlike that protocol, our protocol does not require a node having the ability to sense the channel while transmitting to the channel. Our protocol is collision-free even in...

  6. Design of Novel Online Access and Control Interface for Remote Experiment on DC Drives

    Directory of Open Access Journals (Sweden)

    Jagadeesh Chandra A.P

    2009-05-01

    Full Text Available Internet has revolutionized the way in which the information is delivered. Laboratory based courses play an important role in technical education. Automation is changing the nature of these laboratories and the system designer’s focus on Internet accessed experiments owing to the availability of several tools to integrate electronic and mechanical hardware with the World Wide Web. Stand-alone approaches in remote learning have grown tremendously in the recent years. One of the important components in remote experimentation is the integration of Virtual Instruments to perform real hardware tasks in near real-time. The paper describes a web interface to the electrical hardware and integration of LabVIEW Virtual Instruments to the remote access and control of DC Drives. Customized electrical hardware serves as the web interface, supporting various features to remotely control and measure the parameters of the electrical machine. Novel techniques have been used to interface a low power data acquisition system with the DC machine driven by the AC power supply. The system uses the client-server architecture to access the web page of the Virtual Instruments through web browser. The developed system imitates the real control of experiment hardware, but being operated remotely through Internet.

  7. A 4D-Role Based Access Control Model for Multitenancy Cloud Platform

    Directory of Open Access Journals (Sweden)

    Jiangfeng Li

    2016-01-01

    Full Text Available Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC model. Moreover, management problems may emerge in the multitenancy platform with the increment of the number of tenants. In this paper, a novel concept of 4D-role is presented. With a detailed definition on the concept of 4D-role, a 4D-role based multitenancy model is proposed for running various applications and services in the multitenancy cloud platform. A theoretical analysis indicates that the model has the characters of tenant isolation, role hierarchy, and administration independence. The three characters are also verified by experimental evaluation. Moreover, the evaluation results indicate that the model has a good performance in using cloud resources when large-scale users are operating in the cloud platform simultaneously.

  8. Multidimensional morphometric 3D MRI analyses for detecting brain abnormalities in children: impact of control population.

    Science.gov (United States)

    Wilke, Marko; Rose, Douglas F; Holland, Scott K; Leach, James L

    2014-07-01

    Automated morphometric approaches are used to detect epileptogenic structural abnormalities in 3D MR images in adults, using the variance of a control population to obtain z-score maps in an individual patient. Due to the substantial changes the developing human brain undergoes, performing such analyses in children is challenging. This study investigated six features derived from high-resolution T1 datasets in four groups: normal children (1.5T or 3T data), normal clinical scans (3T data), and patients with structural brain lesions (3T data), with each n = 10. Normative control data were obtained from the NIH study on normal brain development (n = 401). We show that control group size substantially influences the captured variance, directly impacting the patient's z-scores. Interestingly, matching on gender does not seem to be beneficial, which was unexpected. Using data obtained at higher field scanners produces slightly different base rates of suprathreshold voxels, as does using clinically derived normal studies, suggesting a subtle but systematic effect of both factors. Two approaches for controlling suprathreshold voxels in a multidimensional approach (combining features and requiring a minimum cluster size) were shown to be substantial and effective in reducing this number. Finally, specific strengths and limitations of such an approach could be demonstrated in individual cases. PMID:25050423

  9. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

    Science.gov (United States)

    Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

    2014-02-01

    Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies "bridges" that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources-the ability to read and write contacts list, local files, etc.-to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign-origin Web content

  10. An enhancement of the role-based access control model to facilitate information access management in context of team collaboration and workflow.

    Science.gov (United States)

    Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen

    2012-12-01

    Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care. PMID:22732236

  11. Development of the exposure and access control dosimeter system for nuclear facilities

    Energy Technology Data Exchange (ETDEWEB)

    Chang, Si Young; Lee, B. J.; Kim, B. H.; Kim, J. S.; Lee, K. C.; Kang, B. H.; Kim, C. K.; Ham, C. S.; Kwon, K. C.; Park, W. M.; Kim, C. H.; Kim, J. T.; Koo, C. H.; Park, S. J.; Kim, T. W

    1999-12-01

    In this paper an electronic personal dosimeter(EPD) adopt in a PIN type silicon semiconductor as a radiation detector has been developed, designed and a prototype dosimeter has been manufactured. A series of performance test of this EPD on reference radiation field has been carried out. A dosimeter reader which reads the radiation dose from EPD and make a real time access control in connection with the entrance door to radiation controlled area has been developed, designed and manufactured. S/W program supporting hangul (Korean language) has been developed to operate the EPD and reader system with a personal computer. (author)

  12. Development of the exposure and access control dosimeter system for nuclear facilities

    International Nuclear Information System (INIS)

    In this paper an electronic personal dosimeter(EPD) adopt in a PIN type silicon semiconductor as a radiation detector has been developed, designed and a prototype dosimeter has been manufactured. A series of performance test of this EPD on reference radiation field has been carried out. A dosimeter reader which reads the radiation dose from EPD and make a real time access control in connection with the entrance door to radiation controlled area has been developed, designed and manufactured. S/W program supporting hangul (Korean language) has been developed to operate the EPD and reader system with a personal computer. (author)

  13. Cater: an Opportunistic Medium Access Control Protocol for Wireless Local Area Networks

    OpenAIRE

    Mullins, Barry E.

    1997-01-01

    An adaptive MAC protocol is developed and analyzed that offers a "best case" scenario by allowing the MAC to control medium parameters thereby fully exploiting the channel of an ad hoc wireless LAN. This new, opportunistic medium access control protocol is called CATER (Code Adapts To Enhance Reliability) and is based on the proposed MAC standard for wireless local area networks (WLAN)-IEEE 802.11 [IEE96]. As currently proposed, IEEE 802.11 uses a fixed pseudo-noise (PN) code for spreading ...

  14. The development of access control system in Fukushima No.2 nuclear power station

    Energy Technology Data Exchange (ETDEWEB)

    Ookubo, S.; Nakai, Y.; Oohira, N.; Kishishita, S. [Tokyo Electric power Co., Tokyo (Japan); Kobayashi, H.; Sano, F. [Fuji Electric Co., Tokyo (Japan); Masuda, M.; Tajima, T.; Oohira, K. [Toshiba Corporation, Tokyo (Japan)

    2002-07-01

    A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No. 2 Nuclear Power Station of Tokyo Electric Power Co., Inc. since October, 1999. The system is designed to reduce workers burden by simplifying the operation of each equipment that controls access to radiation controlled areas, and to minimize radiation exposure by automatically acquiring dose data during each access and each task. The new system adopted electronic personal dosimeters (gamma radiation EPD) which permit data collection by radio communication, thus improving the conventional alarm-equipped personal dosimeter (EPD) and increasing reliability as primary dosimeters. Furthermore, additional electronic personal dosimeters capable of measuring beta radiation (gamma and beta radiations EPD) were also utilized in specific tasks in October 2001. After a six-month test run of these EPDs, the film badges were discontinued in April 2002 and replaced solely with the EPDs. EPDs are now used as the primary dosimetry for radiation workers.

  15. ACCIDENT ANALYSES & CONTROL OPTIONS IN SUPPORT OF THE SLUDGE WATER SYSTEM SAFETY ANALYSIS

    Energy Technology Data Exchange (ETDEWEB)

    WILLIAMS, J.C.

    2003-11-15

    This report documents the accident analyses and nuclear safety control options for use in Revision 7 of HNF-SD-WM-SAR-062, ''K Basins Safety Analysis Report'' and Revision 4 of HNF-SD-SNF-TSR-001, ''Technical Safety Requirements - 100 KE and 100 KW Fuel Storage Basins''. These documents will define the authorization basis for Sludge Water System (SWS) operations. This report follows the guidance of DOE-STD-3009-94, ''Preparation Guide for US. Department of Energy Nonreactor Nuclear Facility Safety Analysis Reports'', for calculating onsite and offsite consequences. The accident analysis summary is shown in Table ES-1 below. While this document describes and discusses potential control options to either mitigate or prevent the accidents discussed herein, it should be made clear that the final control selection for any accident is determined and presented in HNF-SD-WM-SAR-062.

  16. A Group-oriented Access Control Scheme for P2P Networks

    Directory of Open Access Journals (Sweden)

    Wang Xiaoming

    2011-02-01

    Full Text Available A group-oriented access control scheme is proposed for P2P (peer to peer networks. In the proposed scheme, authentication control, admission control and revocation control are used in order to provide security services for P2P networks. Moreover, the proposed scheme can simply and efficient establish share key between two members without interactions, therefore it can perform secure communications with them. The analysis of security and performance shows that the proposed scheme not only can realize authentication and secure communication, but also can easily and efficiently add new group members and revoke malicious group members. Therefore, it is more efficient, and more practical protocol for P2P networks.

  17. Control protocol: the proposed new CERN standard access procedure to accelerator equipment

    International Nuclear Information System (INIS)

    Control protocol provides a normalized access procedure for equipment of the same kind from a control system. Modelisation and the subsequent identification of functionalities with their parameters, variables and attributes have now been carried out at CERN for representative families of devices. ISO specifications, such as the ASN.1 metalanguage for data structure representation and MMS definitions and services have, to some extent, been introduced in the design for generality and compatibility with external world. The final product of this design is totally independent of the control systems and permits object oriented implementations in any controls frame. The present paper describes the different phases of the project with a short overview of the various implementations under development at CERN. (author)

  18. Design of IP Camera Access Control Protocol by Utilizing Hierarchical Group Key

    Directory of Open Access Journals (Sweden)

    Jungho Kang

    2015-08-01

    Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.

  19. Can “Feature” be used to Model the Changing Access Control Policies?

    Directory of Open Access Journals (Sweden)

    K.Shantha Kumari

    2012-11-01

    Full Text Available Access control policies [ACPs] regulate the access to data and resources in information systems. These ACPs are framed from the functional requirements and the Organizational security & privacy policies. It was found to be beneficial, when the ACPs are included in the early phases of the software development leading to secure development of information systems. Many approaches are available for including the ACPs in requirements and design phase. They relied on UML artifacts, Aspects and also Feature for this purpose. But the earlier modeling approaches are limited in expressing the evolving ACPs due to organizational policy changes and business process modifications. In this paper, we analyze, whether “Feature”- defined as an increment in program functionality can be used as a modeling entity to represent the Evolving Access control requirements. We discuss the two prominent approaches that use Feature in modeling ACPs. Also we have a comparative analysis to find the suitability of Features in the context of changing ACPs. We conclude with our findings and provide directions for further research.

  20. A Network Access Control Framework for 6LoWPAN Networks

    Directory of Open Access Journals (Sweden)

    Amaro F. de Sousa

    2013-01-01

    Full Text Available Low power over wireless personal area networks (LoWPAN, in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes.

  1. An interaction-based access control model (IBAC) for collaborative services

    Energy Technology Data Exchange (ETDEWEB)

    Altunay, Mine; /Fermilab; Byrd, Gregory T.; Brown, Doug E.; Dean, Ralph A.; /North Carolina State U.

    2008-04-01

    A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated.

  2. The equipment access software for a distributed UNIX-based accelerator control system

    International Nuclear Information System (INIS)

    This paper presents a generic equipment access software package for a distributed control system using computers with UNIX or UNIX-like operating systems. The package consists of three main components, an application Equipment Access Library, Message Handler and Equipment Data Base. An application task, which may run in any computer in the network, sends requests to access equipment through Equipment Library calls. The basic request is in the form Equipment-Action-Data and is routed via a remote procedure call to the computer to which the given equipment is connected. In this computer the request is received by the Message Handler. According to the type of the equipment connection, the Message Handler either passes the request to the specific process software in the same computer or forwards it to a lower level network of equipment controllers using MIL1553B, GPIB, RS232 or BITBUS communication. The answer is then returned to the calling application. Descriptive information required for request routing and processing is stored in the real-time Equipment Data Base. The package has been written to be portable and is currently available on DEC Ultrix, LynxOS, HPUX, XENIX, OS-9 and Apollo domain. ((orig.))

  3. AN IDENTITY PRESERVATION SCHEME (IDPS FOR ACCESS CONTROL OF HETEROGENEOUS RESOURCES

    Directory of Open Access Journals (Sweden)

    GULSHAN AHUJA,

    2011-01-01

    Full Text Available The Service Oriented Architecture (SOA is swiftly enabling inter-organizational processes. Web services are the key elements of modern SOA and are composed of self-describing components that can be used by service requestors across the web in a platform independent manner. Dynamic web services environment includes operations between entities from different domains which typically require uthentication and authorization of service requests. However the assumption that all domains may share a global services registry introduces a variety of challenges like how to establish trust relations among unknown service types, controlling and securing access to resources etc. In this paper, authors have proposed an identity preservation scheme (IDPS which will eliminate the need of validating the identity certificates of a service requestor after a level of trust has been established and verified. The proposed scheme will greatly reduce the amount of authorization work required for accessing a across varied domains.

  4. Gain transient control for wavelength division multiplexed access networks using semiconductor optical amplifiers

    DEFF Research Database (Denmark)

    Gibbon, Timothy Braidwood; Osadchiy, Alexey Vladimirovich; Kjær, Rasmus;

    2009-01-01

    Gain transients can severely hamper the upstream network performance in wavelength division multiplexed (WDM) access networks featuring erbium doped fiber amplifiers (EDFAs) or Raman amplification. We experimentally demonstrate for the first time using 10 Gb/s fiber transmission bit error rate...... measurements how a near-saturated semiconductor optical amplifier (SOA) can be used to control these gain transients. An SOA is shown to reduce the penalty of transients originating in an EDFA from 2.3 dB to 0.2 dB for 10 Gb/s transmission over standard single mode fiber using a 231-1 PRBS pattern. The results...... suggest that a single SOA integrated within a WDM receiver at the metro node could offer a convenient all-optical solution for upstream transient controlin WDM access networks....

  5. Reduce Threats in Competitive Intelligence System: A Generic Information Fusion Access Control Model

    Directory of Open Access Journals (Sweden)

    Anass El haddadi

    2011-03-01

    Full Text Available Information fusion is a cornerstone of competitive intelligence activity that aims at supporting decisionmaking by collecting, analyzing and disseminating information. This information comes fromheterogeneous data sources. In this paper we present an approach of access control. This approach isfocused both on the information that must be bring to decision-makers and the privacy of individuals whosedata is used to extract this information. This model is based on the standard “Role Based Access Control”(RBAC and is implemented within the entire life cycle of Xplor Every Where (Web service of Tetralogie,it follows methodologies tailored to design privacy-aware systems to be compliant with data protectionregulations.

  6. Design of a control system for self-shielded irradiators with remote access capability

    International Nuclear Information System (INIS)

    With self-shielded irradiators like Gamma chambers, and Blood irradiators are being sold by BRIT to customers both within and outside the country, it has become necessary to improve the quality of service without increasing the overheads. The recent advances in the field of communications and information technology can be exploited for improving the quality of service to the customers. A state of the art control system with remote accessibility has been designed for these irradiators enhancing their performance. This will provide an easy access to these units wherever they might be located, through the Internet. With this technology it will now be possible to attend to the needs of the customers, as regards fault rectification, error debugging, system software update, performance testing, data acquisition etc. This will not only reduce the downtime of these irradiators but also reduce the overheads. (author)

  7. Centralized Role-Based Access Control for Federated Multi-Domain Environments

    Institute of Scientific and Technical Information of China (English)

    YU Guangcan; LU Zhengding; LI Ruixuan; MUDAR Sarem

    2006-01-01

    The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.

  8. Design and Analysis of an Attack Resilient and Adaptive Medium access Control Protocol for Computer Networks

    CERN Document Server

    Shukla, Piyush Kumar; Bhadoria, Dr Sarita Singh

    2009-01-01

    The challenge of designing an efficient Medium Access Control (MAC) protocol and analyzing it has been an important research topic for over 30 years. This paper focuses on the performance analysis (through simulation) and modification of a well known MAC protocol CSMA/CD. The existing protocol does not consider the wastage of bandwidth due to unutilized periods of the channel. By considering this fact, performance of MAC protocol can be enhanced. The purpose of this work is to modify the existing protocol by enabling it to adapt according to state of the network. The modified protocol takes appropriate action whenever unutilized periods detected. In this way, to increase the effective bandwidth utilization and determine how it behaves under increasing load, and varying packet sizes. It will also include effects of attacks i.e. Denial of service attacks, Replay Attack, Continuous Channel Access or Exhaustion attack, Flooding attack, Jamming (Radio interference) attack, Selective forwarding attack which degrade...

  9. A fuzzy expert system to Trust-Based Access Control in crowdsourcing environments

    Directory of Open Access Journals (Sweden)

    Olusegun Folorunso

    2015-07-01

    Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.

  10. In-home Power Line Communication Media Access Control Protocol Based on Collision Resolution

    Institute of Scientific and Technical Information of China (English)

    WANG Bo; HUANG Pei-wei; ZHONG You-ping; QI Ying-hao

    2009-01-01

    Most existing media access control (MAC) protocols in power line communication (PLC) networks just discard the colliding data packets when collision occurs. The collision deteriorates throughput and delay performance of system under high traffic conditions. This article presents a novel media access scheme with fast collision resolution for in-home power line networks. It works by first recognizing the colliding stations through detecting the inserted unique ID sequence ahead of data packets, then the source nodes retransmitting their packets immediately after the collision slot. The proposed protocol maintains the benefits of ALOHA systems. It needs no scheduling overhead and is suitable for bursty sources, such as multimedia data packets. Computer simulations have demonstrated that this approach can achieve high throughput due to its ability of resolving collisions.

  11. Concordance of Results from Randomized and Observational Analyses within the Same Study: A Re-Analysis of the Women's Health Initiative Limited-Access Dataset.

    Directory of Open Access Journals (Sweden)

    Mark J Bolland

    Full Text Available Observational studies (OS and randomized controlled trials (RCTs often report discordant results. In the Women's Health Initiative Calcium and Vitamin D (WHI CaD RCT, women were randomly assigned to CaD or placebo, but were permitted to use personal calcium and vitamin D supplements, creating a unique opportunity to compare results from randomized and observational analyses within the same study.WHI CaD was a 7-year RCT of 1g calcium/400IU vitamin D daily in 36,282 post-menopausal women. We assessed the effects of CaD on cardiovascular events, death, cancer and fracture in a randomized design- comparing CaD with placebo in 43% of women not using personal calcium or vitamin D supplements- and in a observational design- comparing women in the placebo group (44% using personal calcium and vitamin D supplements with non-users. Incidence was assessed using Cox proportional hazards models, and results from the two study designs deemed concordant if the absolute difference in hazard ratios was ≤0.15. We also compared results from WHI CaD to those from the WHI Observational Study(WHI OS, which used similar methodology for analyses and recruited from the same population.In WHI CaD, for myocardial infarction and stroke, results of unadjusted and 6/8 covariate-controlled observational analyses (age-adjusted, multivariate-adjusted, propensity-adjusted, propensity-matched were not concordant with the randomized design results. For death, hip and total fracture, colorectal and total cancer, unadjusted and covariate-controlled observational results were concordant with randomized results. For breast cancer, unadjusted and age-adjusted observational results were concordant with randomized results, but only 1/3 other covariate-controlled observational results were concordant with randomized results. Multivariate-adjusted results from WHI OS were concordant with randomized WHI CaD results for only 4/8 endpoints.Results of randomized analyses in WHI CaD were

  12. Concordance of Results from Randomized and Observational Analyses within the Same Study: A Re-Analysis of the Women’s Health Initiative Limited-Access Dataset

    Science.gov (United States)

    Bolland, Mark J.; Grey, Andrew; Gamble, Greg D.; Reid, Ian R.

    2015-01-01

    Background Observational studies (OS) and randomized controlled trials (RCTs) often report discordant results. In the Women’s Health Initiative Calcium and Vitamin D (WHI CaD) RCT, women were randomly assigned to CaD or placebo, but were permitted to use personal calcium and vitamin D supplements, creating a unique opportunity to compare results from randomized and observational analyses within the same study. Methods WHI CaD was a 7-year RCT of 1g calcium/400IU vitamin D daily in 36,282 post-menopausal women. We assessed the effects of CaD on cardiovascular events, death, cancer and fracture in a randomized design- comparing CaD with placebo in 43% of women not using personal calcium or vitamin D supplements- and in a observational design- comparing women in the placebo group (44%) using personal calcium and vitamin D supplements with non-users. Incidence was assessed using Cox proportional hazards models, and results from the two study designs deemed concordant if the absolute difference in hazard ratios was ≤0.15. We also compared results from WHI CaD to those from the WHI Observational Study(WHI OS), which used similar methodology for analyses and recruited from the same population. Results In WHI CaD, for myocardial infarction and stroke, results of unadjusted and 6/8 covariate-controlled observational analyses (age-adjusted, multivariate-adjusted, propensity-adjusted, propensity-matched) were not concordant with the randomized design results. For death, hip and total fracture, colorectal and total cancer, unadjusted and covariate-controlled observational results were concordant with randomized results. For breast cancer, unadjusted and age-adjusted observational results were concordant with randomized results, but only 1/3 other covariate-controlled observational results were concordant with randomized results. Multivariate-adjusted results from WHI OS were concordant with randomized WHI CaD results for only 4/8 endpoints. Conclusions Results of

  13. Perti Net-Based Workflow Access Control Model%基于Perti网的工作流访问控制模型研究

    Institute of Scientific and Technical Information of China (English)

    陈卓; 骆婷; 石磊; 洪帆

    2004-01-01

    Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.

  14. Design, stability and robustness analyses of neural networks in control systems

    Science.gov (United States)

    Shen, Jie

    1998-12-01

    Artificial Neural Network (ANN), also known as connectionist learning and parallel distributed processing, is finding its applications in diverse fields: many branches of engineering, health sciences, cognitive science, archaeology, finance, etc. This research tries to make some efforts to emphasize "design" methodology in ANN, and to explore the structures by which ANN can solve difficult problems by identifying proper ANN architecture. Two classes of ANN--multi-layer neural networks and recurrent networks--are investigated in the context of control of systems and estimation of unknown parameters. The multi-layer neural networks converge to optimal solutions by satisfying mathematical formulations associated with the Hamilton approach and the dynamic programming approach. A benchmark aerospace application is used for illustration. A variant of the Hopfield network, called the Modified Hopfield Neural Network (MHNN), is proposed to show the design approach to the determination of weights in recurrent networks. It is shown how the equilibrium point of this network helps with inversion operations arising in optimal gain determination. Control of dynamic systems using recurrent neural networks are presented. The robustness of the recurrent networks to parameter variation is considered in the context of weights. Analyses are carried out in the frequency domain and the time domain.

  15. Experimental Investigation on Transmission Control Protocol Throughput Behavior in Optical Fiber Access Networks

    Science.gov (United States)

    Tego, Edion; Matera, Francesco; del Buono, Donato

    2016-03-01

    This article describes an experimental investigation on the behavior of transmission control protocol in throughput measurements to be used in the verification of the service-level agreement between the Internet service provider and user in terms of line capacity for ultra-broadband access networks typical of fiber-to-the-x architectures. It is experimentally shown different conditions in high bandwidth-delay product links where the estimation of the line capacity based on a single transmission control protocol session results are unreliable. Simple equations reported in this work, and experimentally verified, point out the conditions in terms of packet loss, time delay, and line capacity, that allow consideration of the reliability of the measurement carried out with a single transmission control protocol session test by adopting a suitable measurement time duration.

  16. Physical protection of hardware and software. Linking access control systems with operational computer systems

    International Nuclear Information System (INIS)

    The existence and use of software and networks have generated another possibility for perpetrators to influence systems in nuclear facilities or to prepare malevolent acts. Data security has become an element of physical protection plans, not as an end in itself but as a means to achieve physical protection objectives. Physical protection measures are additional measures, which become necessary when other measures that have to be taken (e.g. in compliance with international standards) are insufficient to prevent a hazard to the protection goals through data manipulation by software and hardware. In planning or assessing data protection measures for the purpose of physical protection, it is necessary to differentiate between applications which can, if manipulated, directly endanger the protection goals. The importance of software protection is growing. In particular, because of ageing of components, the existing instrumentation and control systems with their fixed wiring and discrete elements will have to be updated. Computerized access control systems play an eminent role in the physical protection of a nuclear facility. Therefore, most systems are operated as islands. The paper shows that linking of certain systems with other computer systems is possible without inadmissible drawbacks for the physical protection level. It is shown by means of the example of linking together the computer networks of access control, health physics, the flexitime system, the key administration and the operational management system that such linking of systems in nuclear facilities had hidden advantages for all participants

  17. Directional Medium Access Control (MAC Protocols in Wireless Ad Hoc and Sensor Networks: A Survey

    Directory of Open Access Journals (Sweden)

    David Tung Chong Wong

    2015-06-01

    Full Text Available This survey paper presents the state-of-the-art directional medium access control (MAC protocols in wireless ad hoc and sensor networks (WAHSNs. The key benefits of directional antennas over omni-directional antennas are longer communication range, less multipath interference, more spatial reuse, more secure communications, higher throughput and reduced latency. However, directional antennas lead to single-/multi-channel directional hidden/exposed terminals, deafness and neighborhood, head-of-line blocking, and MAC-layer capture which need to be overcome. Addressing these problems and benefits for directional antennas to MAC protocols leads to many classes of directional MAC protocols in WAHSNs. These classes of directional MAC protocols presented in this survey paper include single-channel, multi-channel, cooperative and cognitive directional MACs. Single-channel directional MAC protocols can be classified as contention-based or non-contention-based or hybrid-based, while multi-channel directional MAC protocols commonly use a common control channel for control packets/tones and one or more data channels for directional data transmissions. Cooperative directional MAC protocols improve throughput in WAHSNs via directional multi-rate/single-relay/multiple-relay/two frequency channels/polarization, while cognitive directional MAC protocols leverage on conventional directional MAC protocols with new twists to address dynamic spectrum access. All of these directional MAC protocols are the pillars for the design of future directional MAC protocols in WAHSNs.

  18. An Efficient Medium Access Control Protocol with Parallel Transmission for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mitsuji Matsumoto

    2012-08-01

    Full Text Available In this paper, we present a novel low power medium access control protocol for wireless sensor networks (WSNs. The proposed protocol, EP-MAC (Efficient MAC with Parallel Transmission achieves high energy efficiency and high packet delivery ratio under different traffic load. EP-MAC protocol is basically based on the Time Division Multiple Access (TDMA approach. The power of Carrier Sense Multiple Access (CSMA is used in order to offset the fundamental problems that the stand-alone TDMA method suffers from, i.e., problems such as lack of scalability, adaptability to varying situations, etc. The novel idea behind the EP-MAC is that it uses the parallel transmission concept with the TDMA link scheduling. EP-MAC uses the methods for the transmission power adjustment, i.e., uses the minimum level power necessary to reach the intended neighbor within a specified bit error rate [BER] target. This reduces energy consumption, as well as further enhances the scope of parallel transmission of the protocol. The simulation studies support the theoretical results, and validate the efficiency of our proposed EP-MAC protocol.

  19. A Model-driven Role-based Access Control for SQL Databases

    Directory of Open Access Journals (Sweden)

    Raimundas Matulevičius

    2015-07-01

    Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.

  20. A High Throughput Medium Access Control Implementation Based on IEEE 802.11e Standard

    Science.gov (United States)

    Huang, Min Li; Lee, Jin; Setiawan, Hendra; Ochi, Hiroshi; Park, Sin-Chong

    With the growing demand for high-performance multimedia applications over wireless channels, we need to develop a Medium Access Control (MAC) system that supports high throughput and quality of service enhancements. This paper presents the standard analysis, design architecture and design issues leading to the implementation of an IEEE 802.11e based MAC system that supports MAC throughput of over 100Mbps. In order to meet the MAC layer timing constraints, a hardware/software co-design approach is adopted. The proposed MAC architecture is implemented on the Xilinx Virtex-II Pro Field-Programmable Gate Array (FPGA) (XC2VP70-5FF1704C) prototype, and connected to a host computer through an external Universal Serial Bus (USB) interface. The total FPGA resource utilization is 11, 508 out of 33, 088 (34%) available slices. The measured MAC throughput is 100.7Mbps and 109.2Mbps for voice and video access categories, transmitted at a data rate of 260Mbps based on IEEE 802.11n Physical Layer (PHY), using the contention-based hybrid coordination function channel access mechanism.

  1. Implementing portable channel access server software in the KEKB accelerator control system

    International Nuclear Information System (INIS)

    KEKB (KEK B-factory) accelerators are under construction and the control computer system for them is also in the last phase of installation. KEKB accelerators are composed of two storage rings, namely, HER (High Energy Ring for electrons of 8 GeV) and LER (Low Energy Ring for positrons of 3.5 GeV). These rings are placed in the underground tunnel in which former TRISTAN electron-positron colliding accelerator was. We have been constructing control system for KEKB from the scratch based on EPICS (Experimental Physics and Industrial Control Systems). But, for the injector linac, its control computer system was rejuvenated just a few years ago and it is not an EPICS based system but an original one. To operate KEKB accelerators, tuning of the linac as the injector for the KEKB rings is thought to be very essential. Ideally, KEKB control system can control both KEKB rings and linac. And both operators at linac control room and at KEKB control room should be able to monitor and adjust equipment of the other accelerators. For that purpose, we have to develop suitable method in between two systems to communicate with each other. In the EPICS collaborations, there is a Portable CA (Channel Access) Server for EPICS developed at Los Alamos National Laboratory for SUN workstations. We decided to modify it for our purposes and have been implementing it to KEKB control system step by step. And now, we can monitor and set magnetic field of Q-magnets in the linac, control beam transport magnets in the linac beam line, control klystrons, and measure beam positions by strip-line monitors through EPICS. In the near future, other equipment of the linac will be added to the CA server before the commissioning of the KEKB rings. (author)

  2. Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

    Directory of Open Access Journals (Sweden)

    Hassan Rasheed

    2013-09-01

    Full Text Available Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the impact of using risk data in policy evaluation and enforcement.

  3. Medium Access Control for Thermal Energy Harvesting in Advanced Metering Infrastructures

    DEFF Research Database (Denmark)

    Vithanage, Madava D.; Fafoutis, Xenofon; Andersen, Claus Bo;

    2013-01-01

    the potential energy that can be harvested from Low Surface Temperature (LST) radiators. The experiments are based on a developed Energy-Harvesting Heat Cost Allocator (EH-HCA) prototype. On the basis of this measured power budget, we model and analytically compare the currently used Medium Access...... Control (MAC) scheme of an industrial case study (IMR+) to a MAC scheme specifically designed for energy harvesting systems (ODMAC). Our analytical comparison shows the efficiency of the latter, as well as its ability to adapt to harvested ambient energy....

  4. 角色访问控制%Role based Access Control Model

    Institute of Scientific and Technical Information of China (English)

    毛碧波; 孙玉芳

    2003-01-01

    Role based access control (RBAC)was proposed in 70's, and prevailed in 90's, and then Sandhu etc pro-posed formal RBAC model. Now RBAC is attracting increasing attention, and many governmental and commercial or-ganizations have adopted it, its importance is more and more apparent. In this paper we illuminates the distinctionsand similarities of role and user groups, and based the model that was proposed by Sandhu, we examine the relation-ship of role hierarchies and role constraints and formally describes that, and explain the most important part of roleconstraints ,which is separation of duties.

  5. Locks and raspberries: a comparative study of single-board computers for access control

    OpenAIRE

    Romin, Andreas

    2016-01-01

    Over the past decade, there has been a drastic development of the single-board computer market. These computers are now in a position where they can compete with classic embedded hardware. Such fast improvement has led ASSA ABLOY, a well-known lock and security company, to see value in replacing some of their existing access control hardware with an off-the-shelf single-board computer. Therefore, a comparative study of single-board computers was performed for this company. Some of the compare...

  6. GSM-Based Wireless Database Access For Food And Drug Administration And Control

    OpenAIRE

    Engr. Prof Hyacinth C. Inyiama; Engr. Mrs Lois Nwobodo; Engr. Dr. Mrs. Christiana C. Okezie; Engr. Mrs. Nkolika O. Nwazor

    2012-01-01

    GSM (Global system for mobile communication) based wireless database access for food and drug administration and control is a system that enables one to send a query to the database using the short messaging system (SMS) for information about a particular food or drug. It works in such a way that a user needs only send an SMS in order to obtain information about a particular drug produced by a pharmaceutical industry. The system then receives the SMS, interprets it and uses its contents to qu...

  7. Authenticated Blind Issuing of Symmetric Keys for Mobile Access Control System without Trusted Parties

    OpenAIRE

    Shin-Yan Chiou

    2013-01-01

    Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control syst...

  8. A Flexible Component based Access Control Architecture for OPeNDAP Services

    Science.gov (United States)

    Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank

    2010-05-01

    Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC

  9. F2AC: A Lightweight, Fine-Grained, and Flexible Access Control Scheme for File Storage in Mobile Cloud Computing

    Directory of Open Access Journals (Sweden)

    Wei Ren

    2016-01-01

    Full Text Available Current file storage service models for cloud servers assume that users either belong to single layer with different privileges or cannot authorize privileges iteratively. Thus, the access control is not fine-grained and flexible. Besides, most access control methods at cloud servers mainly rely on computationally intensive cryptographic algorithms and, especially, may not be able to support highly dynamic ad hoc groups with addition and removal of group members. In this paper, we propose a scheme called F2AC, which is a lightweight, fine-grained, and flexible access control scheme for file storage in mobile cloud computing. F2AC can not only achieve iterative authorization, authentication with tailored policies, and access control for dynamically changing accessing groups, but also provide access privilege transition and revocation. A new access control model called directed tree with linked leaf model is proposed for further implementations in data structures and algorithms. The extensive analysis is given for justifying the soundness and completeness of F2AC.

  10. Control of Echinococcus multilocularis: strategies, feasibility and cost-benefit analyses.

    Science.gov (United States)

    Hegglin, Daniel; Deplazes, Peter

    2013-04-01

    Echinococcus multilocularis, the zoonotic agent of human alveolar echinococcosis, has considerably extended its range and became more prevalent in many parts of the endemic areas. Accordingly, there is an increasing demand for measures to prevent human infections. Rising public awareness of this zoonosis and individual protective actions should be part of every prevention program. Considering the high reproduction of E. multilocularis in domestic dogs which live in close contact to humans, a monthly deworming scheme for domestic dogs with access to rodents is likely to be of high importance. This holds true if only low prevalences in domestic dogs are recorded, as high densities of these pets can easily outweigh low infections rates. Thus, in central Europe their estimated contribution to environmental contamination with E. multilocularis eggs ranges between 4% and 19%. The estimated contribution of domestic cats is insignificant (<0.3%) due to low parasite reproduction in this species. Control of the parasite by reducing its main wildlife hosts (foxes, vole species) is barely achievable on a larger scale and is generally not well accepted due to ecological considerations and animal welfare concerns. In general, the frequency of the parasite sharply decreases when anthelmintic baits are regularly distributed to foxes. However, eradication of the parasite is unlikely and long-term baiting campaigns are actually the most effective tool to significantly lower the infection pressure with parasite eggs. Regarding the long latency of 5-15 years of alveolar echinococcosis, however, such measures can only be cost effective if they are pursued for several decades and concentrate on restricted areas which are most relevant for the transmission of alveolar echinococcosis such as highly endemic areas in densely populated zones. Thus, the implementation of this approach strongly depends on factors such as public attitude, available financial resources and priority setting of

  11. IMPROVING CONTROL ROOM DESIGN AND OPERATIONS BASED ON HUMAN FACTORS ANALYSES OR HOW MUCH HUMAN FACTORS UPGRADE IS ENOUGH?

    International Nuclear Information System (INIS)

    THE JOSE CABRERA NUCLEAR POWER PLANT IS A ONE LOOP WESTINGHOUSE PRESSURIZED WATER REACTOR. IN THE CONTROL ROOM, THE DISPLAYS AND CONTROLS USED BY OPERATORS FOR THE EMERGENCY OPERATING PROCEDURES ARE DISTRIBUTED ON FRONT AND BACK PANELS. THIS CONFIGURATION CONTRIBUTED TO RISK IN THE PROBABILISTIC SAFETY ASSESSMENT WHERE IMPORTANT OPERATOR ACTIONS ARE REQUIRED. THIS STUDY WAS UNDERTAKEN TO EVALUATE THE IMPACT OF THE DESIGN ON CREW PERFORMANCE AND PLANT SAFETY AND TO DEVELOP DESIGN IMPROVEMENTS.FIVE POTENTIAL EFFECTS WERE IDENTIFIED. THEN NUREG-0711 [1], PROGRAMMATIC, HUMAN FACTORS, ANALYSES WERE CONDUCTED TO SYSTEMATICALLY EVALUATE THE CR-LA YOUT TO DETERMINE IF THERE WAS EVIDENCE OF THE POTENTIAL EFFECTS. THESE ANALYSES INCLUDED OPERATING EXPERIENCE REVIEW, PSA REVIEW, TASK ANALYSES, AND WALKTHROUGH SIMULATIONS. BASED ON THE RESULTS OF THESE ANALYSES, A VARIETY OF CONTROL ROOM MODIFICATIONS WERE IDENTIFIED. FROM THE ALTERNATIVES, A SELECTION WAS MADE THAT PROVIDED A REASONABLEBALANCE BE TWEEN PERFORMANCE, RISK AND ECONOMICS, AND MODIFICATIONS WERE MADE TO THE PLANT

  12. Design and analysis of a biometric access control system using an electronic olfactory device to identify human odour characteristics

    OpenAIRE

    McMillan, Stephen

    2000-01-01

    The use of an electronic olfactory device, termed an electronic 'nose', was investigated for the detection of unique human odour characteristics. The detection of these unique odours was applied to the field of biometrics for access control, where a human's unique characteristics were used to authenticate a user of an access control system. An electronic odour sensing device was designed and constructed using an array of conducting polymer gas sensors in order to facilitate the regular screen...

  13. Parametric Study of Control Rod Exposure for PWR Burnup Credit Criticality Safety Analyses

    International Nuclear Information System (INIS)

    The Interim Staff Guidance on burnup credit (ISG-8) for pressurized water reactor (PWR) spent nuclear fuel (SNF), issued by the Nuclear Regulatory Commission's (NRC) Spent Fuel Project Office, recommends the use of analyses that provide an ''adequate representation of the physics'' and notes particular concern with the ''need to consider the more reactive actinide compositions of fuels burned with fixed absorbers or with control rods fully or partly inserted.'' In the absence of readily available information on the extent of control rod (CR) usage in U.S. PWRs and the subsequent reactivity effect of CR exposure on discharged SNF, NRC staff have indicated a need for greater understanding in these areas. In response, this paper presents results of a parametric study of the effect of CR exposure on the reactivity of discharged SNF for various CR designs (including Axial Power Shaping Rods), fuel enrichments, and exposure conditions (i.e., burnup and axial insertion). The study is performed in two parts. In the first part, two-dimensional calculations are performed, effectively assuming full axial CR insertion. These calculations are intended to bound the effect of CR exposure and facilitate comparisons of the various CR designs. In the second part, three-dimensional calculations are performed to determine the effect of various axial insertion conditions and gain a better understanding of reality. The results from the study demonstrate that the reactivity effect increases with increasing CR exposure (e.g., burnup) and decreasing initial fuel enrichment (for a fixed burnup). Additionally, the results show that even for significant burnup exposures, minor axial CR insertions (e.g., eff of a spent fuel cask

  14. Improved efficiency access control equipment and explosive, weapons and drug abuse detection

    International Nuclear Information System (INIS)

    The second generation portal explosives detector has been designed with increased detection capability and convenience in service. The method of detection and performance relative to the first generation is described. A novel method of auto-calibration and self diagnosis is described and results are discussed. Improvements in convenience of operation have been achieved and operating space and costs reduced by combining metal detection capability, together with explosives detection. This allows both alarm signal and diagnostic outputs to be combined on a single remote panel in the guard room, and reduces the number of guards needed to man the access control. This type of access control is entirely a defensive measure against attack but a further additional feature is proposed which will also check the state of mind of all personnel passing through the check point. Any person suffering from the effect of narcotic or alcohol will be detected by their inability to reproduce their normal signature. A new method of signature analysis in five dimensions is described together with proposals for integrating the check without increasing the time in the test area. Some recent results on the effects of alcohol on signature reproduction is given

  15. OBLIVIOUS TRANSFER WITH ACCESS CONTROL AND IDENTITYBASED ENCRYPTION WITH ANONYMOUS KEY ISSUING

    Institute of Scientific and Technical Information of China (English)

    Xu Lingling; Zhang Fangguo; Wen Yamin

    2011-01-01

    In ACM'CCS 2009,Camenisch,et al.proposed the Obhvious Transfer with Access Control (AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the simplified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption (IBE) with Anonymous Key Issuing (AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.

  16. Design of a Distributed Personal Information Access Control Scheme for Secure Integrated Payment in NFC

    Directory of Open Access Journals (Sweden)

    Jungho Kang

    2015-06-01

    Full Text Available At the center of core technologies for a future cyber world, such as Internet of Things (IoT or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC-based electronic payments. Near-field Communication (NFC integrated payment services collect the payment information of the credit card and the location information to generate patterns in the user’s consumption or movement through big data technology. Based on such pattern information, tailored services, such as advertisement, are offered to users. However, there is difficulty in controlling access to personal information, as there is a collaborative relationship focused on the trusted service manager (TSM that is close knit to shared personal information. Moreover, in the case of Hadoop, among the many big data analytical technologies, it offers access control functions, but not a way to authorize the processing of personal information, making it impossible to grant authority between service providers to process information. As such, this paper proposes a key generation and distribution method, as well as a secure communication protocol. The analysis has shown that the efficiency was greater for security and performance compared to relation works.

  17. CONTEXT BASED ANDROID APPLICATIONADMINISTRATIVE ACCESS CONTROL (CBAA–AAC FOR SMART PHONES

    Directory of Open Access Journals (Sweden)

    S. Sharavanan

    2016-07-01

    Full Text Available Android applications in smart phones are generally towards provide greater flexibility and convince for users. Considering the fact that the Android applications are having privilege to access data and resources in mobile after it gets installed (one time permission provided by end user on the time installation, these application may also lead to issues in security for the user data as well as issues relate smart phone with peripheral environment. A practical example for an issue which relates smart phone with peripheral environment can be even an Android smart phone application of a college student use camera resource to capture photos of R&D cell and transfer without user or organization permission. The security of the organization and user should be prevented by providing an adoptable solution. The proposed concept of CBAA-AAC (Context Based Android Application Administrative Access Control is used to control the privileges of any Android application over a corresponding longitude and latitude by the organization administrator. In this way, administrator is able to block malicious application of every individual smart phone which can have activity towards utilizing services and resources that may affect the security of the organization, such an move is must for assuring security of any organization and educational institutions while they allow users to “bring their own smart phones/mobile devices” into the campus.

  18. Gate controllable resistive random access memory devices using reduced graphene oxide

    Science.gov (United States)

    Hazra, Preetam; Resmi, A. N.; Jinesh, K. B.

    2016-04-01

    The biggest challenge in the resistive random access memory (ReRAM) technology is that the basic operational parameters, such as the set and reset voltages, the current on-off ratios (hence the power), and their operational speeds, strongly depend on the active and electrode materials and their processing methods. Therefore, for its actual technological implementations, the unification of the operational parameters of the ReRAM devices appears to be a difficult task. In this letter, we show that by fabricating a resistive memory device in a thin film transistor configuration and thus applying an external gate bias, we can control the switching voltage very accurately. Taking partially reduced graphene oxide, the gate controllable switching is demonstrated, and the possible mechanisms are discussed.

  19. On the Design of Energy Efficient Optical Networks with Software Defined Networking Control Across Core and Access Networks

    DEFF Research Database (Denmark)

    Wang, Jiayuan; Yan, Ying; Dittmann, Lars

    2013-01-01

    This paper presents a Software Defined Networking (SDN) control plane based on an overlay GMPLS control model. The SDN control platform manages optical core networks (WDM/DWDM networks) and the associated access networks (GPON networks), which makes it possible to gather global information and...

  20. On the Design of Energy Efficient Optical Networks with Software Defined Networking Control Across Core and Access Networks

    DEFF Research Database (Denmark)

    Wang, Jiayuan; Yan, Ying; Dittmann, Lars

    This paper presents a Software Defined Networking (SDN) control plane based on an overlay GMPLS control model. The SDN control platform manages optical core networks (WDM/DWDM networks) and the associated access networks (GPON networks), which makes it possible to gather global information and...

  1. Bank Access Control of Electronic Payment Based on SPKI%基于SPKI电子支付中的银行端访问控制

    Institute of Scientific and Technical Information of China (English)

    王茜; 王富强; 傅鹤岗; 朱庆生

    2003-01-01

    In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.

  2. Identification of Soybean Genes Involved in Circadian Clock Mechanism and Photoperiodic Control of Flowering Time by In Silico Analyses Flowering Time by In Silico Analyses

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    Glycine max is a photoperiodic short-day plant and the practical consequence of the response is latitude and sowing period limitations to commercial crops.Genetic and physiological studies using the model plants Arabidopsis thaliana and rice (Oryza sativa)have uncovered several genes and genetic pathways controlling the process,however information about the corresponding pathways in legumes is scarce.Data mining prediction methodologies,Including multiple sequence alignment,phylogenetic analysis,bioinformatics expression and sequence motif pattern identification were used to identify soybean genes involved In day length perception and photoperiodic flowering induction.We have investigated approximately 330 000 sequences from open-access databases and have identified all bona fide central oscillator genes and circadian photoreceptors from A.thaliana in soybean sequence databases.We propose e working model for the photoperiodic control of flowering time in G.max,based on the identified key components.These results demonstrate the power of comparative genomics between model systems and crop species to elucidate the several aspects of plant physiology and metabolism.

  3. Polymorphisms in the XPC gene affect urinary bladder cancer risk: a case-control study, meta-analyses and trial sequential analyses.

    Science.gov (United States)

    Sankhwar, Monica; Sankhwar, Satya Narayan; Bansal, Sandeep Kumar; Gupta, Gopal; Rajender, Singh

    2016-01-01

    Compromised activity of the DNA repair enzymes may raise the risk of a number of cancers. We analyzed polymorphisms in the Xeroderma Pigmentosum, Complementation Group C (XPC) gene for their correlation with urinary bladder cancer. Ala499Val and Lys939Gln polymorphisms were genotyped in 234 urinary bladder cancer cases and 258 control samples. A significant association between Ala499Val polymorphism and bladder cancer was observed (OR = 1.78, CI = 1.19-2.66, p = 0.005); however, Lys939Gln was unrelated (OR = 0.97, CI = 0.65-1.45, P = 0.89). Further analysis revealed that Ala499Val was a significant risk factor only in the presence of smoking (OR = 2.23, CI = 1.28-3.87, p < 0.004) or tobacco chewing (OR = 2.40, CI = 1.43-4.04, p = 0.0008). To further appraise the association, we undertook meta-analyses on seven studies (2893 cases and 3056 controls) on Ala499Val polymorphism and eleven studies (5064 cases and 5208 controls) on Lys939Gln polymorphism. Meta-analyses corroborated the above results, showing strong association of Ala499Val (OR = 1.54, CI = 1.21-1.97, p = 0.001) but not that of Lys939Gln (OR = 1.13, CI = 0.95-1.34, p = 0.171) with urinary bladder cancer risk. In conclusion, XPC Ala499Val substitution increases urinary bladder cancer risk, but Lys939Gln appears to be neutral. PMID:27246180

  4. PANATIKI: A Network Access Control Implementation Based on PANA for IoT Devices

    Directory of Open Access Journals (Sweden)

    Antonio F. Gomez Skarmeta

    2013-11-01

    Full Text Available Internet of Things (IoT networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA has been standardized by the Internet engineering task force (IETF to carry the Extensible Authentication Protocol (EAP, which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1 to demonstrate the feasibility of EAP/PANA in IoT devices; (2 to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS, called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices.

  5. PANATIKI: a network access control implementation based on PANA for IoT devices.

    Science.gov (United States)

    Moreno Sanchez, Pedro; Marin Lopez, Rafa; Gomez Skarmeta, Antonio F

    2013-01-01

    Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices. PMID:24189332

  6. Energy-Efficient Boarder Node Medium Access Control Protocol for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Abdul Razaque

    2014-03-01

    Full Text Available This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC for wireless sensor networks (WSNs, which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols, BN-MAC reduces idle listening time, emissions, and collision handling at low cost at one-hop neighbor nodes and achieves high channel utilization under heavy network loads. BN-MAC is particularly designed for region-wise WSNs. Each region is controlled by a boarder node (BN, which is of paramount importance. The BN coordinates with the remaining nodes within and beyond the region. Unlike other hybrid MAC protocols, BN-MAC incorporates three promising models that further reduce the energy consumption, idle listening time, overhearing, and congestion to improve the throughput and reduce the latency. One of the models used with BN-MAC is automatic active and sleep (AAS, which reduces the ideal listening time. When nodes finish their monitoring process, AAS lets them automatically go into the sleep state to avoid the idle listening state. Another model used in BN-MAC is the intelligent decision-making (IDM model, which helps the nodes sense the nature of the environment. Based on the nature of the environment, the nodes decide whether to use the active or passive mode. This decision power of the nodes further reduces energy consumption because the nodes turn off the radio of the transceiver in the passive mode. The third model is the least-distance smart neighboring search (LDSNS, which determines the shortest efficient path to the one-hop neighbor and also provides cross-layering support to handle the mobility of the nodes. The BN-MAC also incorporates a semi

  7. Energy-efficient boarder node medium access control protocol for wireless sensor networks.

    Science.gov (United States)

    Razaque, Abdul; Elleithy, Khaled M

    2014-01-01

    This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC) for wireless sensor networks (WSNs), which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols, BN-MAC reduces idle listening time, emissions, and collision handling at low cost at one-hop neighbor nodes and achieves high channel utilization under heavy network loads. BN-MAC is particularly designed for region-wise WSNs. Each region is controlled by a boarder node (BN), which is of paramount importance. The BN coordinates with the remaining nodes within and beyond the region. Unlike other hybrid MAC protocols, BN-MAC incorporates three promising models that further reduce the energy consumption, idle listening time, overhearing, and congestion to improve the throughput and reduce the latency. One of the models used with BN-MAC is automatic active and sleep (AAS), which reduces the ideal listening time. When nodes finish their monitoring process, AAS lets them automatically go into the sleep state to avoid the idle listening state. Another model used in BN-MAC is the intelligent decision-making (IDM) model, which helps the nodes sense the nature of the environment. Based on the nature of the environment, the nodes decide whether to use the active or passive mode. This decision power of the nodes further reduces energy consumption because the nodes turn off the radio of the transceiver in the passive mode. The third model is the least-distance smart neighboring search (LDSNS), which determines the shortest efficient path to the one-hop neighbor and also provides cross-layering support to handle the mobility of the nodes. The BN-MAC also incorporates a semi

  8. A Cloud-Assisted Random Linear Network Coding Medium Access Control Protocol for Healthcare Applications

    Science.gov (United States)

    Kartsakli, Elli; Antonopoulos, Angelos; Alonso, Luis; Verikoukis, Christos

    2014-01-01

    Relay sensor networks are often employed in end-to-end healthcare applications to facilitate the information flow between patient worn sensors and the medical data center. Medium access control (MAC) protocols, based on random linear network coding (RLNC), are a novel and suitable approach to efficiently handle data dissemination. However, several challenges arise, such as additional delays introduced by the intermediate relay nodes and decoding failures, due to channel errors. In this paper, we tackle these issues by adopting a cloud architecture where the set of relays is connected to a coordinating entity, called cloud manager. We propose a cloud-assisted RLNC-based MAC protocol (CLNC-MAC) and develop a mathematical model for the calculation of the key performance metrics, namely the system throughput, the mean completion time for data delivery and the energy efficiency. We show the importance of central coordination in fully exploiting the gain of RLNC under error-prone channels. PMID:24618727

  9. Study on Mandatory Access Control in a Secure Database Management System

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

  10. RFID card based access control system with counter for Indus Complex

    International Nuclear Information System (INIS)

    As per norms of the Atomic energy regulatory board (AERB) to operate a facility in round the clock which has a potential of radiation exposure, radiation safety rules are to be followed. Indus -1 and Indus-2 are synchrotron radiation sources which are open for various users round the clock. To monitor the persons inside the defined zone at any given time, a system is setup consisting of RF ID cards and their readers along with dedicated software. Software is developed in Visual Basic and uses UDP network protocol for receiving data from readers installed at various locations and connected to local area network. The paper describes the access control scheme followed in Indus Accelerator Complex. (author)

  11. A novel distributed algorithm for media access control address assignment in wireless sensor networks

    Institute of Scientific and Technical Information of China (English)

    TIAN Ye; SHENG Min; LI Jiandong

    2007-01-01

    This Paper presents a novel distributed media access control(MAC)address assignment algorithm,namely virtual grid spatial reusing(VGSR),for wireless sensor networks,which reduces the size of the MAC address efficiently on the basis of both the spatial reuse of MAC address and the mapping of geographical position.By adjusting the communication range of sensor nodes,VGSR algorithm can minimize the size of MAC address and meanwhile guarantee the connectivity of the sensor network.Theoretical analysis and experimental results show that VGSR algorithm is not only of low energy cost,but also scales well with the network ize,with its performance superior to that of other existing algorithms.

  12. Separation of Duty and Context Constraints For Contextual Role-Based Access Control (C-RBAC

    Directory of Open Access Journals (Sweden)

    Muhammad Nabeel Tahir

    2009-03-01

    Full Text Available This paper presents the separation of duty and context constraints of recently proposed Contextual Role-Based Access Control Model C-RBAC. Constraints in C-RBAC enabled the specification of a rich set of Separation of Duty (SoD constraints over spatial purpose roles. In healthcare environment in which user roles are position and are purpose dependant, the notion of SoD is still meaningful and relevant to the concept of conflict of interest. SoD may be defined as Static Separation of Duty (SSoD and Dynamic Separation of Duty (DSoD depending on whether exclusive role constraints are evaluated against the user-role assignment set or against the set of roles activated in user’s session. In particular, the model is capable of expressing a wider range of constraints on spatial domains, location hierarchy schemas, location hierarchy instances, spatial purposes and spatial purpose roles.

  13. Access Control in IoT/M2M - Cloud Platform

    DEFF Research Database (Denmark)

    Anggorojati, Bayu

    Billions of devices are connected to the Internet nowadays, and the number will continue to grow in the future thanks to the advances in the electronics and telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity...... a big role to perform tracking of RFID tags. Scalability and efficiency are two important requirements in location management when big numbers of tags are moving from one reading location to the others, i.e. being mobile. Thus, designing a fine-grained access control along with scalable location...... for both sides. The study also includes a general fact that each node has a set of assets or resources with different values. Finally, an optimum strategy for both attacker and defender will be derived by considering their respective costs and benefits....

  14. A Time Tree Medium Access Control for Energy Efficiency and Collision Avoidance in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Kilhung Lee

    2010-03-01

    Full Text Available This paper presents a medium access control and scheduling scheme for wireless sensor networks. It uses time trees for sending data from the sensor node to the base station. For an energy efficient operation of the sensor networks in a distributed manner, time trees are built in order to reduce the collision probability and to minimize the total energy required to send data to the base station. A time tree is a data gathering tree where the base station is the root and each sensor node is either a relaying or a leaf node of the tree. Each tree operates in a different time schedule with possibly different activation rates. Through the simulation, the proposed scheme that uses time trees shows better characteristics toward burst traffic than the previous energy and data arrival rate scheme.

  15. Cooperative Medium Access Control Protocol for Mobile Ad-hoc Networks using Spatial Diversity

    Directory of Open Access Journals (Sweden)

    Tazeem Ahmad Khan

    2013-10-01

    Full Text Available Enhancement the Performance of MANET (Mobile Ad-hoc Network using spatial diversity. Spatial diversity implemented using cooperative transmission technique in Medium access control (MAC layer level protocol. In noisy environment limit the network performance like coverage area, limit number of node, degrade packet transmission rate, increase packet loss rate etc. In this paper enhance the source to destination transmission range, minimize the packet loss, improve packet transmission rate and appropriate end to end delay. When direct link is fail to transmit packet then Cooperative scheme help to transmit packet. Cooperative scheme is to help the packet transmission with five handshakes instead of four. This scheme implemented in MANET network on MAC layer protocol. Cooperative scheme improve the performance with help of intermediate node between sources to destination. We are performance analysis using discrete simulator NS-2 in MANET. Our performance based on MAC layer level with cooperative scheme in IEEE WLAN standard CSMA/CA protocol.

  16. Near-Optimal Deviation-Proof Medium Access Control Designs in Wireless Networks

    CERN Document Server

    Phan, Khoa Tran; van der Schaar, Mihaela

    2010-01-01

    Distributed medium access control (MAC) protocols are essential for the proliferation of low cost, decentralized wireless local area networks (WLANs). Most MAC protocols are designed with the presumption that nodes comply with prescribed rules. However, selfish nodes have natural motives to manipulate protocols in order to improve their own performance. This often degrades the performance of other nodes as well as that of the overall system. In this work, we propose a class of protocols that limit the performance gain which nodes can obtain through selfish manipulation while incurring only a small efficiency loss. The proposed protocols are based on the idea of a review strategy, with which nodes collect signals about the actions of other nodes over a period of time, use a statistical test to infer whether or not other nodes are following the prescribed protocol, and trigger a punishment if a departure from the protocol is perceived. We consider the cases of private and public signals and provide analytical a...

  17. 基于XACML的EPCIS访问控制模型%Access Control Model for EPCIS Based on XACML

    Institute of Scientific and Technical Information of China (English)

    李景峰; 李云鹏

    2013-01-01

    根据供应链系统对EPC信息服务(EPCIS)提出的访问控制需求,设计一种基于可扩展访问控制标记语言(XACML)的EPCIS访问控制模型.模型中的访问控制执行接口利用方法拦截技术实现对访问请求的拦截,并生成决策上下文对象.访问控制服务组件基于决策上下文对象中包含的用户、资源、环境和动作属性实现对访问请求的动态评估.安全通信组件利用安全性断言标记语言,结合缓存机制实现XACML授权请求/响应的实时传输.访问控制流程表明,该模型能够实现灵活的访问控制策略部署和管理,具有供应链产品信息访问控制的动态性、异构性等特点.%The special access control requirements of EPC Information Service(EPCIS) in the supply chains are analyzed,and an EPCIS access control model based on Extensible Access Control Markup Language(XACML) is presented.The access control execution interface in the model can intercept the access requests by using the method intercepting technology,and produce the corresponding judgment context.Based on the user property,resource property,environment property and action property,which are included into the judgment context,the access control service component can dynamically assess the access requests.The secure communication component can effectively provide the real-time transmission for XACML authorization request/response messages,by combining the Security Assertion Markup Language(SAML) and the caching mechanism.The access control workflow indicates that the model can implement the flexible and variable deployment and management of the access control strategies,which is well fit for implement highly dynamic and heterogeneous access control function for the product information in the supply chains.

  18. Thermal Control System Development to Support the Crew Exploration Vehicle and Lunar Surface Access Module

    Science.gov (United States)

    Anderson, Molly; Westheimer, David

    2006-01-01

    All space vehicles or habitats require thermal management to maintain a safe and operational environment for both crew and hardware. Active Thermal Control Systems (ATCS) perform the functions of acquiring heat from both crew and hardware within a vehicle, transporting that heat throughout the vehicle, and finally rejecting that energy into space. Almost all of the energy used in a space vehicle eventually turns into heat, which must be rejected in order to maintain an energy balance and temperature control of the vehicle. For crewed vehicles, Active Thermal Control Systems are pumped fluid loops that are made up of components designed to perform these functions. NASA has recently evaluated all of the agency s technology development work and identified key areas that must be addressed to aid in the successful development of a Crew Exploration Vehicle (CEV) and a Lunar Surface Access Module (LSAM). The technologies that have been selected and are currently under development include: fluids that enable single loop ATCS architectures, a gravity insensitive vapor compression cycle heat pump, a sublimator with reduced sensitivity to feedwater contamination, an evaporative heat sink that can operate in multiple ambient pressure environments, a compact spray evaporator, and lightweight radiators that take advantage of carbon composites and advanced optical coatings.

  19. Coordinated Scheduling and Power Control in Cloud-Radio Access Networks

    KAUST Repository

    Douik, Ahmed

    2015-12-01

    This paper addresses the joint coordinated scheduling and power control problem in cloud-enabled networks. Consider the downlink of a cloud-radio access network (CRAN), where the cloud is only responsible for the scheduling policy, power control, and synchronization of the transmit frames across the single-antenna base-stations (BS). The transmit frame consists of several time/frequency blocks, called power-zones (PZ). The paper considers the problem of scheduling users to PZs and determining their power levels (PL), by maximizing the weighted sum-rate under the practical constraints that each user cannot be served by more than one base-station, but can be served by one or more power-zones within each base-station frame. The paper solves the problem using a graph theoretical approach by introducing the joint scheduling and power control graph formed by several clusters, where each is formed by a set of vertices, representing the possible association of users, BSs, and PLs for one specific PZ. The problem is, then, formulated as a maximumweight clique problem, in which the weight of each vertex is the sum of the benefits of the individual associations belonging to that vertex. Simulation results suggest that the proposed crosslayer scheme provides appreciable performance improvement as compared to schemes from recent literature.

  20. Cloud and the City: Facilitating Flexible Access Control over Data Streams

    CERN Document Server

    Wang, Wen Qiang; Lim, Hock Beng; Datta, Anwitaman

    2012-01-01

    The proliferation of sensing devices create plethora of data-streams, which in turn can be harnessed to carry out sophisticated analytics to support various real-time applications and services as well as long-term planning, e.g., in the context of intelligent cities or smart homes to name a few prominent ones. A mature cloud infrastructure brings such a vision closer to reality than ever before. However, we believe that the ability for data-owners to flexibly and easily to control the granularity at which they share their data with other entities is very important - in making data owners feel comfortable to share to start with, and also to leverage on such fine-grained control to realize different business models or logics. In this paper, we explore some basic operations to flexibly control the access on a data stream and propose a framework eXACML+ that extends OASIS's XACML model to achieve the same. We develop a prototype using the commercial StreamBase engine to demonstrate a seamless combination of strea...

  1. 组合Web服务访问控制技术研究综述%Survey on Access Control Technology of Web Services Composition

    Institute of Scientific and Technical Information of China (English)

    上超望; 赵呈领; 刘清堂; 王艳凤

    2011-01-01

    Access control is one of the key technologies in secure and reliable Web services composition value-added application. This paper briefly reviewed the state of the research for access control in Web services composition environment We firstly discussed the challenges to Web services secure compositioa Subsequently we analysed the security problems concerning Web services composition from a hierarchical perspective. Then, we discussed the research progress on the key access control technology from three respects of Web services composition access control architecture, atomic security policy consistent coordination and business process authorization. Finally, the conclusion was given and the problems were pointed out,which should be resolved in future research.%访问控制技术是保证Web服务组合增值应用安全性和可靠性的关键技术.主要论述了组合Web服务访问控制技术的研究现状及其问题.首先论述了组合Web服务安全面临的挑战;接着基于层的视角对组合Web服务安全问题进行了分析;然后从组合Web服务访问控制体系构架、原子安全策略的一致性协同和业务流程访问控制3个方面分析了组合Web服务访问控制核心技术研究的进展;最后,结合已有的研究成果,指出了目前研究的不足以及未来的发展趋势.

  2. 组合Web服务访问控制技术研究综述%Survey on Access Control Technology of Web Services Composition

    Institute of Scientific and Technical Information of China (English)

    上超望; 赵呈领; 刘清堂; 王艳凤

    2011-01-01

    访问控制技术是保证Web服务组合增值应用安全性和可靠性的关键技术.主要论述了组合Web服务访问控制技术的研究现状及其问题.首先论述了组合Web服务安全面临的挑战;接着基于层的视角对组合Web服务安全问题进行了分析;然后从组合Web服务访问控制体系构架、原子安全策略的一致性协同和业务流程访问控制3个方面分析了组合Web服务访问控制核心技术研究的进展;最后,结合已有的研究成果,指出了目前研究的不足以及未来的发展趋势.%Access control is one of the key technologies in secure and reliable Web services composition value-added application. This paper briefly reviewed the state of the research for access control in Web services composition environment. We firstly discussed the challenges to Web services secure composition. Subsequently we analysed the security problems concerning Web services composition from a hierarchical perspective. Then, we discussed the research progress on the key access control technology from three respects of Web services composition access control architecture, atomic security policy consistent coordination and business process authorization. Finally, the conclusion was given and the problems were pointed out,which should be resolved in future research.

  3. Radiation exposure control software with networked data access for nuclear facilities

    International Nuclear Information System (INIS)

    The main aim of personnel monitoring programme is to keep checks on the personnel exposure by application of ALARA principle and to ensure compliance with the permissible dose limits specified by ICRP and the National Regulatory Authority. Keeping in mind the requirement of different facilities at the Bhabha Atomic Research Centre site and to have uniform dose control software for all the facilities, programme was developed using Visual Foxpro. Provision is made to store the photograph of the employee in the database. It is a state of the art program in the field of radiation protection using the database management. The main features of the developed software is the Access Control into the Radiation area by controlling the issue and return of Direct Reading Dosimeters (DRD), Thermo luminescent Dosimeters (TLD) on the basis of display of entire dose details of the employee with his photograph, internal dose calculations, weekly reports, monthly and quarterly reports, Dose analysis on the basis of various criteria. The software also gives the DRD- TLD discrepancy report. Data security is built into the software. Practically all the operations carried out in the nuclear facility need some sort of health physics coverage. Budgeting of dose is an important tool to effectively control the collective dose incurred in the Nuclear Facility and can be carried out easily using this package. This concept of dose budgeting represents a set of yardsticks or guidelines for use in controlling the activities, involving radiation exposure. By this approach, the management can evaluate the radiation protection performance at every level of the organisation where a number of independent functional groups work on routine and non-routine jobs. This program has proved very useful in nuclear facilities which employ large number of persons (typically 100 to 1000). (author)

  4. Development of access control system in Fukushima No.2 nuclear power station

    International Nuclear Information System (INIS)

    A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No.2 Nuclear Power Station of Tokyo Electric Power Co. Inc., since October, 1999. The newly developed system uses an access control device (ACD) for automatically lending an alarm-equipped personal dosimeter (APD) to each worker, and also radio communication for gathering dose data while contamination is measured by a body surface monitor upon exit, to reduce the workload for workers. The APD accurately measures both x-rays and γ-rays and sounds an alarm if the set dose level is reached. The ACD incorporates a charging function for 150 dosimeters in addition to the identification (ID) card reading and entrance/exit qualification judgment functions that are available with conventional entrance/exit control devices. Also, at the time of entrance, the ID number and alarm setpoint are written into an APD, which is then lent automatically, thereby making entry quicker and easier for workers. After returning the APD, it can be recharged rapidly and trend data during work can be automatically collected. The body surface monitor system is designed as follows. While contamination of the body surface is being measured at the time of exit, the data of the APD and ID card is read to perform an exit check. After completion of contamination measurement, the results of the exit check and dose data are printed out and collected by the tested person. Radio communication is used to transmit and receive the APD data, and to ensure precise radio communication during body surface monitoring two antennas are used, one for transmission and one for reception, so data can be read during contamination measurement. The developed system reduces workers' burden and improves functionality and reliability. (Suetake, M.)

  5. Automated Analysis of Scenario-based Specifications of Distributed Access Control Policies with Non-Mechanizable Activities (Extended Version)

    OpenAIRE

    Barletta, Michele; Ranise, Silvio; Viganò, Luca

    2012-01-01

    The advance of web services technologies promises to have far-reaching effects on the Internet and enterprise networks allowing for greater accessibility of data. The security challenges presented by the web services approach are formidable. In particular, access control solutions should be revised to address new challenges, such as the need of using certificates for the identification of users and their attributes, human intervention in the creation or selection of the certificates, and (cha...

  6. Prevention of Relapse and Recurrence in Adults with Major Depressive Disorder: Systematic Review and Meta-Analyses of Controlled Trials

    OpenAIRE

    Sim, Kang; Lau, Wai Keat; Sim, Jordan; Sum, Min Yi; Baldessarini, Ross J.

    2015-01-01

    Background: Findings of substantial remaining morbidity in treated major depressive disorder (MDD) led us to review controlled trials of treatments aimed at preventing early relapses or later recurrences in adults diagnosed with MDD to summarize available data and to guide further research. Methods: Reports (n = 97) were identified through systematic, computerized literature searching up to February 2015. Treatment versus control outcomes were summarized by random-effects meta-analyses. Resul...

  7. Capabilities and applications of a computer program system for dynamic loads analyses of flexible airplanes with active controls /DYLOFLEX/

    Science.gov (United States)

    Perry, B., III; Goetz, R. C.; Kroll, R. I.; Miller, R. D.

    1979-01-01

    This paper describes and illustrates the capabilities of the DYLOFLEX Computer Program System. DYLOFLEX is an integrated system of computer programs for calculating dynamic loads of flexible airplanes with active control systems. A brief discussion of the engineering formulation for each of the nine DYLOFLEX programs is described. The capabilities of the system are illustrated by the analyses of two example configurations.

  8. Technique of pneumatic pest controlanalyses and a new device

    OpenAIRE

    Schäfer, Winfried

    2005-01-01

    Pest control in organic production of berries, potatoes and vegetables usually employs spreading technique of registered phytopharmaceutical agents. This technique may be supported or even replaced by pneumatic pest control. Pneumatic pest control means suction of pest using a vacuum device similar to a home vacuum cleaner. Up to now there is no evaluation of pneumatic pest control available from an agricultural engineering point of view. This paper concerns the following questions: Which tec...

  9. Analyzing the effect of routing protocols on media access control protocols in radio networks

    Energy Technology Data Exchange (ETDEWEB)

    Barrett, C. L. (Christopher L.); Drozda, M. (Martin); Marathe, A. (Achla); Marathe, M. V. (Madhav V.)

    2002-01-01

    We study the effect of routing protocols on the performance of media access control (MAC) protocols in wireless radio networks. Three well known MAC protocols: 802.11, CSMA, and MACA are considered. Similarly three recently proposed routing protocols: AODV, DSR and LAR scheme 1 are considered. The experimental analysis was carried out using GloMoSim: a tool for simulating wireless networks. The main focus of our experiments was to study how the routing protocols affect the performance of the MAC protocols when the underlying network and traffic parameters are varied. The performance of the protocols was measured w.r.t. five important parameters: (i) number of received packets, (ii) average latency of each packet, (iii) throughput (iv) long term fairness and (v) number of control packets at the MAC layer level. Our results show that combinations of routing and MAC protocols yield varying performance under varying network topology and traffic situations. The result has an important implication; no combination of routing protocol and MAC protocol is the best over all situations. Also, the performance analysis of protocols at a given level in the protocol stack needs to be studied not locally in isolation but as a part of the complete protocol stack. A novel aspect of our work is the use of statistical technique, ANOVA (Analysis of Variance) to characterize the effect of routing protocols on MAC protocols. This technique is of independent interest and can be utilized in several other simulation and empirical studies.

  10. A Novel Interoperable Mobile Wallet Model with Capability Based Access Control Framework

    Directory of Open Access Journals (Sweden)

    Neeharika P

    2014-07-01

    Full Text Available Initially mobile phones were used only for calls and messaging services. Nowadays almost all the basic utility devices around us have been replaced by mobile phones, ranging from simple alarm clock to controlling ubiquitous devices remotely. Mobile phones nowadays are much smarter compared to the devices used for payment processing in the early ages of banking. The plastic cards that we carry in our wallets like financial cards, membership cards, driving license etc all hold digital data. This gave inception to the idea of placing the plastic cards onto a mobile phone. There are a large number of mobile wallet initiatives currently. We have given the existing challenges that the current initiatives are facing. In this paper we have given a model for the development of a mobile wallet that can work across various platforms. Security is the major concern when it comes to finance related information. To address the security issues of our proposed mobile wallet model, we have also given an access control model that works with our interoperable mobile wallet in detail.

  11. A Multi-Domain Access Control Infrastructure Based on Diameter and EAP

    Science.gov (United States)

    Ben Ayed, Souheil; Teraoka, Fumio

    The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.

  12. An Efficient Radio Access Control Mechanism for Wireless Network-On-Chip Architectures

    Directory of Open Access Journals (Sweden)

    Maurizio Palesi

    2015-03-01

    Full Text Available Modern systems-on-chip (SoCs today contain hundreds of cores, and this number is predicted to reach the thousands by the year 2020. As the number of communicating elements increases, there is a need for an efficient, scalable and reliable communication infrastructure. As technology geometries shrink to the deep submicron regime, however, the communication delay and power consumption of global interconnections become the major bottleneck. The network-on-chip (NoC design paradigm, based on a modular packet-switched mechanism, can address many of the on-chip communication issues, such as the performance limitations of long interconnects and integration of large number of cores on a chip. Recently, new communication technologies based on the NoC concept have emerged with the aim of improving the scalability limitations of conventional NoC-based architectures. Among them, wireless NoCs (WiNoCs use the radio medium for reducing the performance and energy penalties of long-range and multi-hop communications. As the radio medium can be accessed by a single transmitter at a time, a radio access control mechanism (RACM is needed. In this paper, we present a novel RACM, which allows one to improve both the performance and energy figures of the WiNoC. Experiments, carried out on both synthetic and real traffic scenarios, have shown the effectiveness of the proposed RACM. On average, a 30% reduction in communication delay and a 25% energy savings have been observed when the proposed RACM is applied to a known WiNoC architecture.

  13. Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

    Directory of Open Access Journals (Sweden)

    Wen-Jye Shyr

    2013-02-01

    Full Text Available This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equipment from a remote location. Mechatronics control and long‐distance monitoring were realized by establishing communication between the PLC and WebAccess. Analytical results indicate that the proposed system is feasible. The suitability of this system is demonstrated in the department of industrial education and technology at National Changhua University of Education, Taiwan. Preliminary evaluation of the system was encouraging and has shown that it has achieved success in helping students understand concepts and master remote monitoring and control techniques.

  14. The IEO Data Center Management System: Tools for quality control, analysis and access marine data

    Science.gov (United States)

    Casas, Antonia; Garcia, Maria Jesus; Nikouline, Andrei

    2010-05-01

    Since 1994 the Data Centre of the Spanish Oceanographic Institute develops system for archiving and quality control of oceanographic data. The work started in the frame of the European Marine Science & Technology Programme (MAST) when a consortium of several Mediterranean Data Centres began to work on the MEDATLAS project. Along the years, old software modules for MS DOS were rewritten, improved and migrated to Windows environment. Oceanographic data quality control includes now not only vertical profiles (mainly CTD and bottles observations) but also time series of currents and sea level observations. New powerful routines for analysis and for graphic visualization were added. Data presented originally in ASCII format were organized recently in an open source MySQL database. Nowadays, the IEO, as part of SeaDataNet Infrastructure, has designed and developed a new information system, consistent with the ISO 19115 and SeaDataNet standards, in order to manage the large and diverse marine data and information originated in Spain by different sources, and to interoperate with SeaDataNet. The system works with data stored in ASCII files (MEDATLAS, ODV) as well as data stored within the relational database. The components of the system are: 1.MEDATLAS Format and Quality Control - QCDAMAR: Quality Control of Marine Data. Main set of tools for working with data presented as text files. Includes extended quality control (searching for duplicated cruises and profiles, checking date, position, ship velocity, constant profiles, spikes, density inversion, sounding, acceptable data, impossible regional values,...) and input/output filters. - QCMareas: A set of procedures for the quality control of tide gauge data according to standard international Sea Level Observing System. These procedures include checking for unexpected anomalies in the time series, interpolation, filtering, computation of basic statistics and residuals. 2. DAMAR: A relational data base (MySql) designed to

  15. URSA: Ubiquitous and Robust Access Control for Mobile Ad Hoc Networks

    OpenAIRE

    Luo, Haiyun; Kong, Jiejun; Zerfos, Petros; Lu, Songwu; Zhang, Lixia

    2004-01-01

    Restricting network access of routing and packet forwarding to well-behaving nodes and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastructure, the dynamics of the network topology and node membership, and the potential attacks from inside the network by malicious and/or noncooperative selfish nodes make the conventional network access...

  16. Time series analyses reveal environmental and fisheries controls on Atlantic horse mackerel (Trachurus trachurus) catch rates

    Science.gov (United States)

    Leitão, Francisco

    2015-12-01

    Time-series models (Dynamic factorial analyses and; Min/max autocorrelation factor analysis) were used to explore the relative influences of environmental variables and fishing pressure of trawl, seine and artisanal fleets on catch rates on Trachurus trachurus in ICES IXa sub-divisions (IXaCN-North coast; IXa- CS-South coast; IXaS-Algarve, South coast, Algarve). Fishing effort influenced catch rates in all areas with a 2 year lag and fishing pressure for each area was related to specific fleet sectors effort. In IXaCN, winter upwelling (spawning peak) and both summer northerly wind and wind magnitude (outside of the spawning peak) were strongly correlated with catch rates. In IXaCS summer/autumn westerly winds were related with catch rates. Northerly winds in spring, upwelling and SST (winter and autumn) were related with catch rates in IXaS-Algarve. For species with a long spawning season such as horse mackerel, seasonal analyses at broad regional scales can detract from a better understanding of variability in short term sub-stock catch rates. Favorable environmental conditions, even during seasons with low spawning activity can positively affect catch rates. Ignoring the role of regional oceanographic features on the spatial distribution of the sub-stocks when analysing variability in catch rates can lead to poor inferences about the productivity of the populations.

  17. Crypto Keys Based Secure Access Control for JTAG and Logic BIST Architecture

    OpenAIRE

    Ramesh Bhakthavatchalu; Nirmala Devi.M

    2015-01-01

    A technique to provide programmable secure access to the scan based Logic Built in Self- Test (BIST) structures is proposed. Joint Test Access Group (JTAG) interface is the major test access method used in VLSI IC’s. At the same time, it can be misused as a means to access and hack the hardware circuitry of the IC. It is addressed in this method to prevent unauthorized users from hacking the JTAG interface and interfering in the Logic BIST test functions. A two stage, multiple crypto algorith...

  18. Presidential Management Fellows (PMF) Talent Acquisition System, PMF-TAS (ACCESS CONTROLLED)

    Data.gov (United States)

    Office of Personnel Management — Application and Assessment system for Presidential Management Fellows (PMF) and PMF Science, Technology, Engineering, and Math (STEM) programs. This sytem is access...

  19. Underwater acoustic sensor networks: Medium access control, routing and reliable transfer

    Science.gov (United States)

    Xie, Peng

    Recently there have been growing interests in monitoring aquatic environments for scientific exploration, commercial exploitation and coastline protection. The ideal vehicle for this type of extensive monitoring is a mobile underwater sensor network (M-UWSN), consisting of a large number of low cost underwater sensors that can move with water currents and dispersion. M-UWSNs are significantly different from terrestrial sensor networks: (1) Radio channels do not work well under water. They must be replaced by acoustic channels, which feature long propagation delays, low communication bandwidth and high channel error rates; (2) While most ground sensors are static, underwater sensor nodes may move with water currents (and other underwater activities), as introduces passive sensor mobility. Due to the very different environment properties and the unique characteristics of acoustic channels, the protocols developed for terrestrial sensor networks are not applicable to M-UWSNs, and new research at every level of the protocol suite is demanded. In this dissertation work, we investigate three fundamental networking problems in M-UWSN design: medium access control, multi-hop routing and reliable data transfer. (1) Medium access control (MAC): the long propagation delays and narrow communication bandwidth of acoustic channels pose the major challenges to the energy-efficient MAC design in M-UWSNs. For the first time, we formally investigate the random access and RTS/CTS techniques in networks with long propagation delays and low communication bandwidth (as in M-UWSNs). Based on this study, we propose a novel reservation-based MAC approach, called R-MAC, for dense underwater sensor networks with unevenly distributed (spatially and temporally) traffic. Simulation results show that R-MAC is not only energy efficient but also supports fairness. (2) Multi-hop routing: In M-UWSNs, energy efficiency and mobility handling are the two major concerns for multi-hop routing, which have

  20. Energy-Efficient Reservation-Based Medium Access Control Protocol for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Kohvakka Mikko

    2010-01-01

    Full Text Available In Wireless Sensor Networks (WSNs, a robust and energy-efficient Medium Access Control (MAC protocol is required for high energy efficiency in harsh operating conditions, where node and link failures are common. This paper presents the design of a novel MAC protocol for low-power WSNs. The developed MAC protocol minimizes the energy overhead of idle time and collisions by strict frame synchronization and slot reservation. It combines a dynamic bandwidth adjustment mechanism, multi-cluster-tree network topology, and a network channel allowing rapid and low-energy neighbor discoveries. The protocol achieves high scalability by employing frequency and time division between clusters. Performance analysis shows that the MAC protocol outperforms current state-of-the-art protocols in energy efficiency, and the energy overhead compared to an ideal MAC protocol is only 2.85% to 27.1%. The high energy efficiency is achieved in both leaf and router nodes. The models and the feasibility of the protocol were verified by simulations and with a full-scale prototype implementation.

  1. Ongoing spontaneous activity controls access to consciousness: a neuronal model for inattentional blindness.

    Directory of Open Access Journals (Sweden)

    Stanislas Dehaene

    2005-05-01

    Full Text Available Even in the absence of sensory inputs, cortical and thalamic neurons can show structured patterns of ongoing spontaneous activity, whose origins and functional significance are not well understood. We use computer simulations to explore the conditions under which spontaneous activity emerges from a simplified model of multiple interconnected thalamocortical columns linked by long-range, top-down excitatory axons, and to examine its interactions with stimulus-induced activation. Simulations help characterize two main states of activity. First, spontaneous gamma-band oscillations emerge at a precise threshold controlled by ascending neuromodulator systems. Second, within a spontaneously active network, we observe the sudden "ignition" of one out of many possible coherent states of high-level activity amidst cortical neurons with long-distance projections. During such an ignited state, spontaneous activity can block external sensory processing. We relate those properties to experimental observations on the neural bases of endogenous states of consciousness, and particularly the blocking of access to consciousness that occurs in the psychophysical phenomenon of "inattentional blindness," in which normal subjects intensely engaged in mental activity fail to notice salient but irrelevant sensory stimuli. Although highly simplified, the generic properties of a minimal network may help clarify some of the basic cerebral phenomena underlying the autonomy of consciousness.

  2. Medium Access Control Protocols for Wireless Sensor Networks with Energy Harvesting

    CERN Document Server

    Iannello, Fabio; Spagnolini, Umberto

    2011-01-01

    The design of Medium Access Control (MAC) protocols for wireless sensor networks (WSNs) has been conventionally tackled by assuming battery-powered devices and by adopting the network lifetime as the main performance criterion. While WSNs operated by energy-harvesting (EH) devices are not limited by network lifetime, they pose new design challenges due to the uncertain amount of harvestable energy. Novel design criteria are thus required to capture the trade-offs between the potentially infinite network lifetime and the uncertain energy availability. This paper addresses the analysis and design of WSNs with EH devices by focusing on conventional MAC protocols, namely TDMA, Framed-ALOHA (FA) and Dynamic-FA (DFA), and by accounting for the performance trade-offs and design issues arising due to EH. A novel metric, referred to as delivery probability, is introduced to measure the capability of a MAC protocol to deliver the measure of any sensor in the network to the intended destination (or fusion center, FC). T...

  3. Peptide-controlled access to the interior surface of empty virus nanoparticles.

    Science.gov (United States)

    Sainsbury, Frank; Saunders, Keith; Aljabali, Alaa A A; Evans, David J; Lomonossoff, George P

    2011-11-01

    The structure of Cowpea mosaic virus (CPMV) is known to high resolution, thereby enabling the rational use of the particles in diverse applications, from vaccine design to nanotechnology. A recently devised method for the production of empty virus-like particles (eVLPs) has opened up new possibilities for CPMV capsid-based technologies, such as internal mineralisation of the particle. We have investigated the role of the carboxyl (C) terminus of the small coat (S) protein in controlling access to the interior of CPMV eVLPs by determining the efficiency of internal mineralisation. The presence of the C-terminal 24-amino acid peptide of the S protein was found to inhibit internal mineralisation, an effect that could be eliminated by enzymatic removal of this region. We have also demonstrated the amenability of the C terminus to genetic modification. Substitution with six histidine residues generated stable particles and facilitated external mineralisation by cobalt. These findings demonstrate consistent internal and external mineralisation of CPMV, and will aid the further exploration and development of the use of eVLPs for bionanotechnological and medical applications. PMID:21953809

  4. A Combined Solution for Routing and Medium Access Control Layer Attacks in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    R. Murugan

    2010-01-01

    Full Text Available Problem statement: In Mobile Ad hoc Network (MANET, both the routing layer and the Medium Access Control (MAC layer are vulnerable to several attacks. There are very few techniques to detect and isolate the attacks of both these layers simultaneously. In this study, we developed a combined solution for routing and MAC layer attacks. Approach: Our approach, makes use of three techniques simultaneously which consists of a cumulative frequency based detection technique for detecting MAC layers attacks, data forwarding behavior based detection technique for detecting packet drops and message authentication code based technique for packet modification. Results: Our combined solution presents a reputation value for detecting the malicious nodes and isolates them from further network participation till its revocation. Our approach periodically checks all nodes, including the isolated nodes, at regular time period λ. A node which recovers from its misbehaving condition is revoked to its normal condition after the time period λ. Conclusion/Recommendations: By simulation results, we show that our combined solution provides more security by increased packet delivery ratio and reduced packet drops. We also shown that our approach has less overhead compared to the existing technique.

  5. A Study of Medium Access Control Protocols for Wireless Body Area Networks

    CERN Document Server

    Ullah, Sana; Islam, S M Riazul; Khan, Pervez; Saleem, Shahnaz; Kwak, Kyung Sup; 10.3390/s100100128

    2010-01-01

    The seamless integration of low-power, miniaturised, invasive/non-invasive lightweight sensor nodes have contributed to the development of a proactive and unobtrusive Wireless Body Area Network (WBAN). A WBAN provides long-term health monitoring of a patient without any constraint on his/her normal dailylife activities. This monitoring requires low-power operation of invasive/non-invasive sensor nodes. In other words, a power-efficient Medium Access Control (MAC) protocol is required to satisfy the stringent WBAN requirements, including low-power consumption. In this paper, we first outline the WBAN requirements that are important for the design of a low-power MAC protocol. Then we study low-power MAC protocols proposed/investigated for a WBAN with emphasis on their strengths and weaknesses. We also review different power-efficient mechanisms for a WBAN. In addition, useful suggestions are given to help the MAC designers to develop a low-power MAC protocol that will satisfy the stringent WBAN requirements.

  6. An energy-efficient media access control protocol for chain-type wireless sensor networks

    Science.gov (United States)

    Wang, Yu; Chen, Chang Wen

    2005-06-01

    We present in this paper an energy efficient media access control (MAC) protocol for chain-type wireless sensor networks. The chain-type sensor networks are fundamentally different from traditional sensor networks in that the sensor nodes in this class of networks are deployed along narrow and elongated geographical areas and form a chain-type topology. Recently, we have successfully developed hierarchical network architecture, sensor deployment strategy, and corresponding network initialization and operation protocols for this class of sensor networks. In this paper, we present a novel TDMA scheduling protocol that takes full advantages of the available channel reuse inherent in the chain-type sensor networks to develop energy efficient and high data throughput MAC protocols for sensor data transmission. The synchronized TDMA scheduling allows the nodes to power on only when it is scheduled to send and receive and therefore results in additional energy saving. Within a cluster, parallel transmission is made possible because of the linear distribution of nodes within the chain-type topology and this yields the desired high throughput. Preliminary simulations have been carried out to show that the proposed TDMA scheduling outperforms the well-know SMAC scheme in terms of energy efficiency and data throughput under various duty cycles.

  7. Improvement in Medium Access Control protocol based on new contention scheme for wireless ad hoc network

    Directory of Open Access Journals (Sweden)

    C.Ellammal

    2012-05-01

    Full Text Available In todays wireless networks, stations using the IEEE 802.11 standard contend for the channel using the Distributed Coordination Function (DCF. Research has shown that DCF€™s performance degrades especially with the large number of stations. This becomes more concerning due to the increasing proliferation of wireless devices. In this paper, we present a Medium Access Control (MAC scheme for wireless LANs and compare its performance to DCF . Our scheme, which attempts to resolve the contention in a constant number of slots (or constant time, is called CONSTI. The contention resolution happens over a predefined number of slots. In a slot, the stations probabilistically send a jam signal on the channel. The stations listening retire if they hear a jam signal. The others continue to the next slot. Over several slots, we aim to have one station remaining in the contention, which will then transmit its data. We find the optimal parameters of CONSTI and present an analysis on its performance.

  8. Authenticated Blind Issuing of Symmetric Keys for Mobile Access Control System without Trusted Parties

    Directory of Open Access Journals (Sweden)

    Shin-Yan Chiou

    2013-01-01

    Full Text Available Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.

  9. REDUCTION IN PROBABILITY OF TRAFFIC CONGESTION ON HIGH-CLASS ROAD USING RAMP ACCESS CONTROL

    Directory of Open Access Journals (Sweden)

    R. Yu. Lagerev

    2016-02-01

    Full Text Available Мerging traffic junctions on high-class roads are considered as bottlenecks in the network and quality of their operation determines a probability for formation of traffic congestions. Investigations on congestion situations in the merging zones of ramp and freeway traffic flows have demonstrated that queuing ramp traffic flow leads to formation of so called “turbulence” effect due to re-arrangement of transport facilities and reduction in their speed on main road direction. Having high queuing traffic flow on main road the “turbulence” component can result in formation of an impact blow in the main traffic flow. It has been proved that an impact of the ramp traffic flow on congestion probability is higher in comparison with main road traffic flow. The paper makes it possible to establish that some transport facilities moving along a high-way simul taneously occupy two lanes in the merging traffic zones and they reduce capacity of the used road section. It is necessary to take into account this specific feature and it is necessary to pay attention to it in the zones of “turbulence” effect formation. The paper presents main approaches, methodology, principles and stages required for access control of high-class roads which are directed on higher quality of their operation including improvement of road traffic safety. The paper proposes a methodоlogy that allows to evaluate and optimize ramp control in the context of a transport queue length minimization at adjoining ramps for the purposes of probability reduction in transport congestion.

  10. Multilevel Access Control in a MANET for a Defense Messaging system using Elliptic Curve Cryptography

    Directory of Open Access Journals (Sweden)

    J.Nafeesa Begum, K.Kumar, Dr.V.Sumathy

    2010-06-01

    Full Text Available The trend of the Civilian society has moved from the industrial age focus onautomation and scale towards information based on computing andcommunication. Today’s Warfare is also moving towards an information ageparadigm based on information sharing, situational awareness, and distributedpoints of intelligence, command and control. A widely-networked fighting force isbetter able to share information about tactical situations that may begeographically widespread, asymmetric, and rapidly changing. Commandersmust be able to better assess situations across broad theaters, with extensivedata, voice, and especially video feeds as strategic inputs. Thus, network-centricwarfare improves effectiveness at both the tactical "point of the spear" and in theachievement of broader strategic goals. Broadly disseminated knowledge assetsenable fighting forces that must self-synchronize, even as they physicallydisperse to address dynamic battlefield conditions. The speed of decision hasincreased and command decisions must be rapidly relayed and implemented, toimprove battlefield outcomes. Multilevel access control in a MANET for aDefense messaging system is used to have the command decisions relayed toall people who are active in the group and also to all people who have beenidentified as higher in the hierarchy instead of sending one to one messages toeach individual.. The system developed is secure, multi site and allows for globalcommunication using the inherent properties of Elliptic Curve cryptography .Elliptic Curve cryptography provides a greater security with less bit size and it isfast when compared to other schemes. The implementation suggests that it is asecure system which occupies fewer bits and can be used for low power devices.

  11. An Ounce of Prevention: Technologists Use Network-Access Control to Protect System Resources, Students

    Science.gov (United States)

    Bolch, Matt

    2009-01-01

    Whether for an entire district, a single campus, or one classroom, allowing authorized access to a computer network can be fraught with challenges. The login process should be fairly seamless to approved users, giving them speedy access to approved Web sites, databases, and other sources of information. It also should be tough on unauthorized…

  12. High-Alpha Research Vehicle (HARV) longitudinal controller: Design, analyses, and simulation resultss

    Science.gov (United States)

    Ostroff, Aaron J.; Hoffler, Keith D.; Proffitt, Melissa S.; Brown, Philip W.; Phillips, Michael R.; Rivers, Robert A.; Messina, Michael D.; Carzoo, Susan W.; Bacon, Barton J.; Foster, John F.

    1994-01-01

    This paper describes the design, analysis, and nonlinear simulation results (batch and piloted) for a longitudinal controller which is scheduled to be flight-tested on the High-Alpha Research Vehicle (HARV). The HARV is an F-18 airplane modified for and equipped with multi-axis thrust vectoring. The paper includes a description of the facilities, a detailed review of the feedback controller design, linear analysis results of the feedback controller, a description of the feed-forward controller design, nonlinear batch simulation results, and piloted simulation results. Batch simulation results include maximum pitch stick agility responses, angle of attack alpha captures, and alpha regulation for full lateral stick rolls at several alpha's. Piloted simulation results include task descriptions for several types of maneuvers, task guidelines, the corresponding Cooper-Harper ratings from three test pilots, and some pilot comments. The ratings show that desirable criteria are achieved for almost all of the piloted simulation tasks.

  13. Parametric analyses for synthetic jet control on separation and stall over rotor airfoil

    OpenAIRE

    Zhao Guoqing; Zhao Qijun

    2014-01-01

    Numerical simulations are performed to investigate the effects of synthetic jet control on separation and stall over rotor airfoils. The preconditioned and unsteady Reynolds-averaged Navier–Stokes equations coupled with a k − ω shear stream transport turbulence model are employed to accomplish the flowfield simulation of rotor airfoils under jet control. Additionally, a velocity boundary condition modeled by a sinusoidal function is developed to fulfill the perturbation effect of periodic jet...

  14. Safety analyse of cryptography protocol used within safety-related control systems in industry

    OpenAIRE

    Franeková, Mária; Fedor KÁLLAY; Kurytnik, Igor Piotr

    2008-01-01

    In the paper the possibilities of solution safety communication within area of safety-related control industry system are summarised with using cryptography techniques. Requirements to safety are based on generic standard for functional safety of Electrical/Electronic/Programmable Electronic (E/E/PE) systems IEC 61508 and standards, which define safety and security profiles in industrial network used in measurement and control systems. In mainly part of paper the model of safe...

  15. Analyses of quality control samples at EML and a contractor laboratory during 1981

    International Nuclear Information System (INIS)

    Sets of biological and fallout samples analyzed at Environmental Measurements Laboratory (EML) and by contractor laboratories include quality control samples which are usually submitted as blinds. These checks consist of blanks, reference samples analyzed repeatedly over a period of years, replicates or splits of unknowns, spikes, and duplicate samplings. Quality control data are summarized for ashed bone, ashed foods, tap water, deposition, and resin samples analyzed for Sr-90, Cs-137 and Ca during 1981

  16. Analyses of quality control samples at EML and contractor laboratories during 1978

    International Nuclear Information System (INIS)

    Sets of biological and fallout samples analyzed at EML and by contractor laboratories include quality control samples which are submitted as blinds. These checks consist of blanks, reference samples analyzed repeatedly over a period of years, replicates or splits of unknowns, spikes, and duplicate samplings. This report summarizes quality control data for ashed bone, various ashed foods, tap water, and fallout samples analyzed for Sr-90, Cs-137, Pu-239,240, Am-241, and Ca during 1978

  17. Effects of high-frequency electromagnetic fields emitted from card readers of access control systems on electronic pocket dosimeters

    Energy Technology Data Exchange (ETDEWEB)

    Deji, Shizuhiko [Graduate School of Environmental Studies, Nagoya University, Furo-cho, Chikusa-ku, Nagoya 464-8602 (Japan); Nishizawa, Kunihide [Radioisotope Research Center, Nagoya University, Furo-cho, Chlkusa-ku, Nagoya 464-8602 (Japan)]. E-mail: j45616a@nucc.cc.nagoya-u.ac.jp

    2005-06-01

    High-frequency electromagnetic fields in the 120 kHz band emitted from card readers for access control systems caused abnormally high doses on electronic pocket dosimeters (EPDs). All EPDs recovered their normal performance by resetting after the exposure ceased. The electric and magnetic immunity levels of the EPDs were estimated by using the distances needed to prevent electromagnetic interference.

  18. Use of the tools of an operating system kernel to control access to the entities of application servers

    International Nuclear Information System (INIS)

    A method has been proposed for using the tools of kernel of an operating system to control access to the entities of application servers. The possibility of using an information protection system incorporated into the operating system to store and implement security policy has been demonstrated for a database management system

  19. Protocol for analyses of adverse event data from randomized controlled trials of statin therapy.

    Science.gov (United States)

    2016-06-01

    The Cholesterol Treatment Trialists' (CTT) Collaboration was originally established to conduct individual participant data meta-analyses of major vascular events, cause-specific mortality, and site-specific cancers in large, long-term, randomized trials of statin therapy (and other cholesterol-modifying treatments). The results of the trials of statin therapy and their associated meta-analyses have shown that statins significantly reduce the risk of major vascular events without any increase in the risk of nonvascular causes of death or of site-specific cancer, but do produce small increases in the incidence of myopathy, diabetes, and, probably, hemorrhagic stroke. The CTT Collaboration has not previously sought data on other outcomes, and so a comprehensive meta-analysis of all adverse events recorded in each of the eligible trials has not been conducted. This protocol prospectively describes plans to extend the CTT meta-analysis data set so as to provide a more complete understanding of the nature and magnitude of any other effects of statin therapy. PMID:27264221

  20. Root Cause Analysis and New Practical Schemes for better Accessing and Establishing of Dedicated Control Channel in Cellular Networks

    Directory of Open Access Journals (Sweden)

    Mohammad Rasoul Tanhatalab

    2013-12-01

    Full Text Available The Dedicated Control Channel (DCCH plays an important role in all generations of cellular networks, such as, GSM , HSPA and LTE ; through this logical channel, some information between user equipment and network can be carried. It should be considered that accessing to the DCCH is the entry gate of entrance to the every cellular network; and without a successful DCCH access call-setup process will not be possible. Hence, DCCH channel accessing is one of the most critical issues that RF planner and optimization engineers must consider. More than this, these schemes can contribute to achieve some algorithms in SON for ameliorating the DCCH accessing and serving better services at 4G. In this paper, a real fundamentally established cellular network (GSM is surveyed and its radio frequency network performance is evaluated and presented on the basis of KPI parameters in general. Furthermore, the DCCH Access Success in particular and different issues, findings, trials and improvements have been summarized. Also, recommendations have been listed to correlate the practical aspects of RF optimization, which affect the improvement of DCCH Access Success rate in cellular networks.

  1. A Brief Survey of Media Access Control, Data Link Layer, and Protocol Technologies for Lunar Surface Communications

    Science.gov (United States)

    Wallett, Thomas M.

    2009-01-01

    This paper surveys and describes some of the existing media access control and data link layer technologies for possible application in lunar surface communications and the advanced wideband Direct Sequence Code Division Multiple Access (DSCDMA) conceptual systems utilizing phased-array technology that will evolve in the next decade. Time Domain Multiple Access (TDMA) and Code Division Multiple Access (CDMA) are standard Media Access Control (MAC) techniques that can be incorporated into lunar surface communications architectures. Another novel hybrid technique that is recently being developed for use with smart antenna technology combines the advantages of CDMA with those of TDMA. The relatively new and sundry wireless LAN data link layer protocols that are continually under development offer distinct advantages for lunar surface applications over the legacy protocols which are not wireless. Also several communication transport and routing protocols can be chosen with characteristics commensurate with smart antenna systems to provide spacecraft communications for links exhibiting high capacity on the surface of the Moon. The proper choices depend on the specific communication requirements.

  2. Reactivity response analyses for the design of automatic power level control system of upgraded JRR-3

    International Nuclear Information System (INIS)

    This reports the analytical results of transient responses to inserted reactivities for the design of the automatic power level control system of upgraded JRR-3. The parameters of reactor kinetics, prompt neutron lifetime and effective delayed neutron fraction, have been calculated by neutron diffusion theory and perturbation theory using the SRAC code system. Burn-up processes, reactor temperatures and configurations of control rods have been taken into account in the calculation. The transient responses of the automatic control system to a step reactivity change of +- 7.3 * 10-4 Δk/k and a ramp reactivity change of +- 3.0 * 10-4 Δk/k/sec have been obtained by analogue computer. As the result, when a regulator rod is used for the automatic power control, its driving velocity has been designed to be 30 cm/min. It has been confirmed that this designed control system can quickly respond to the reactivity perturbations and maintain a desired power level. (author)

  3. Performance analyses of the communication networks of a modern supervision and control system of research reactors

    International Nuclear Information System (INIS)

    The functions of the Instrumentation and Control (I and C) system in research reactors, the changes in its design according to the advances in the technology, and the internationally established safety requirements on the design and operational performance of this system are reviewed. The main features of the communication networks commonly used in the Supervision and Control systems (SCS) are presented. A methodology for the performance analysis of the communication networks of computer-based distributed SCS is developed and presented along with discussions. Application of this methodology to a modern SCS of a typical research reactor is illustrated. (orig.)

  4. Analysing potato late blight control as a social-ecological system using fuzzy cognitive mapping

    NARCIS (Netherlands)

    Pacilly, Francine C.A.; Groot, Jeroen C.J.; Hofstede, Gert Jan; Schaap, Ben F.; Lammerts van Bueren, Edith

    2016-01-01

    Potato late blight, caused by Phytophthora infestans, is one of the main diseases in potato production, causing major losses in yield. Applying environmentally harmful fungicides is the prevailing and classical method for controlling late blight, thus contaminating food and water. There is theref

  5. Medium access control and hardware prototype designs for low-energy wireless sensor networks

    Energy Technology Data Exchange (ETDEWEB)

    Kohvakka, M.

    2009-07-01

    A Wireless Sensor Network (WSN) is an emerging technology consisting of small, cheap, and ultra-low energy sensor nodes, which cooperatively monitor physical quantities, actuate, and perform data processing tasks. A deployment may comprise thousands of randomly distributed autonomous nodes, which must self-configure and create a multi-hop network topology.This thesis focuses on low-energy WSNs targeting to long network lifetime. The main research problem is the combination of adaptive and scalable multi-hop networking with constrained energy budget, processing power, and communication bandwidth. The research problem is approached by energy-efficient protocols and low-power sensor node platforms. The main contribution of this thesis is an energy-efficient Medium Access Control (MAC) design for TUTWSN (Tampere University of Technology Wireless Sensor Network). The design comprises channel access and networking mechanisms, which specify data exchange, link synchronization, network self-configuration, and neighbor discovery operations. The second outcome are several low-power sensor node platforms, which have been designed and implemented to evaluate the performance of the MAC design and hardware components in real deployments. The third outcome are the performance models and analysis of several MAC designs including TUTWSN, IEEE 802.15.4, and the most essential research proposals.The results and conclusion of this Thesis indicate that it is possible to implement multi-hop WSNs in harsh and dynamic operation conditions with years of lifetime using current low-cost components and batteries. Energy analysis results indicate that the lowest energy consumption is achieved by using simple and high data-rate transceivers. It is also critical to minimize sleep mode power consumption of all components and to use accurate wake-up timers. However, the selection of components constitutes only a minor part of the solution, and an energy-efficient MAC layer design being able to

  6. Intelligent Voice-Based Door Access Control System Using Adaptive-Network-based Fuzzy Inference Systems (ANFIS for Building Security

    Directory of Open Access Journals (Sweden)

    Wahyudi

    2007-01-01

    Full Text Available Secure buildings are currently protected from unauthorized access by a variety of devices. Even though there are many kinds of devices to guarantee the system safety such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures, the people voice can also be used. The ability to verify the identity of a speaker by analyzing speech, or speaker verification, is an attractive and relatively unobtrusive means of providing security for admission into an important or secured place. An individual’s voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. Due to these advantages, this paper describes design and prototyping a voice-based door access control system for building security. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the user’s identity claim or possibly to report insufficient confidence and request additional input before making the decision. Furthermore, intelligent system approach is used to develop authorized person models based on theirs voice. Particularly Adaptive-Network-based Fuzzy Inference Systems is used in the proposed system to identify the authorized and unauthorized people. Experimental result confirms the effectiveness of the proposed intelligent voice-based door access control system based on the false acceptance rate and false rejection rate.

  7. Analysing adjustment factors for using lanes at traffic-light-controlled intersections in Bogotá, Colombia.

    Directory of Open Access Journals (Sweden)

    Ricardo José Peña Lindarte

    2010-05-01

    Full Text Available This article was focused on analyzing the lane use adjustment factor (fLU forming one of the eleven adjustment factors proposed in the current calculation methodology contained in the 2000 version of the Transportation Research Board’s (TRB Highway Capacity Manual (HCM for analyzing traffic-light-controlled intersection capacity in terms of saturation intensity. A methodology was established when analyzing the fLU factor that considered operational conditions regarding traffic-light-controlled intersections in Bogota. Road traffic flows were analyzed, including characterizing road traffic based on statistical sampling, field data collection and analysis. The project proposed equations allowing reference values to be gathered for determining adjustment factors regarding lane use on roads in Bogota in relation to existing access typologies and road traffic volume for analyzing traffic-light- controlled intersections. For example, in the specific case of roads having direct double-lane access (2CCD, the basic equation was determined to be y=-3,03E-08X2+3,44E-05X+0,888988, having a 1.0 coefficient of correlation. The dependent variable y referred to the fLU factor and the independent variable X was the volume of road traffic in mixed vehicles/hour. This equation was considered to be statistically relevant. A comparative analysis of the lane use adjustment factors estimated in the project is also presented and compared to the values recommended by the US Highway Capacity Manual. The project’s conclusions and re- commendations were thus sustained, validating the recommended factors summarized by the HCM and recommending that the results obtained from the project should be used in traffic-light-controlled design and planning projects.

  8. Analysing the Control Software of the Compact Muon Solenoid Experiment at the Large Hadron Collider

    CERN Document Server

    Hwong, Yi-Ling; Willemse, Tim A C

    2011-01-01

    The control software of the CERN Compact Muon Solenoid experiment contains over 30,000 finite state machines. These state machines are organised hierarchically: commands are sent down the hierarchy and state changes are sent upwards. The sheer size of the system makes it virtually impossible to fully understand the details of its behaviour at the macro level. This is fuelled by unclarities that already exist at the micro level. We have solved the latter problem by formally describing the finite state machines in the mCRL2 process algebra. The translation has been implemented using the ASF+SDF meta-environment, and its correctness was assessed by means of simulations and visualisations of individual finite state machines and through formal verification of subsystems of the control software. Based on the formalised semantics of the finite state machines, we have developed dedicated tooling for checking properties that can be verified on finite state machines in isolation.

  9. Optimal design and experimental analyses of a new micro-vibration control payload-platform

    Science.gov (United States)

    Sun, Xiaoqing; Yang, Bintang; Zhao, Long; Sun, Xiaofen

    2016-07-01

    This paper presents a new payload-platform, for precision devices, which possesses the capability of isolating the complex space micro-vibration in low frequency range below 5 Hz. The novel payload-platform equipped with smart material actuators is investigated and designed through optimization strategy based on the minimum energy loss rate, for the aim of achieving high drive efficiency and reducing the effect of the magnetic circuit nonlinearity. Then, the dynamic model of the driving element is established by using the Lagrange method and the performance of the designed payload-platform is further discussed through the combination of the controlled auto regressive moving average (CARMA) model with modified generalized prediction control (MGPC) algorithm. Finally, an experimental prototype is developed and tested. The experimental results demonstrate that the payload-platform has an impressive potential of micro-vibration isolation.

  10. On the proportional hazards model for occupational and environmental case-control analyses

    OpenAIRE

    Gauvin, Héloïse; Lacourt, Aude; Leffondré, Karen

    2013-01-01

    Background Case-control studies are generally designed to investigate the effect of exposures on the risk of a disease. Detailed information on past exposures is collected at the time of study. However, only the cumulated value of the exposure at the index date is usually used in logistic regression. A weighted Cox (WC) model has been proposed to estimate the effects of time-dependent exposures. The weights depend on the age conditional probabilities to develop the disease in the source popul...

  11. Automotive energy use and emissions control: a simulation model to analyse transport strategies for Indian metropolises

    International Nuclear Information System (INIS)

    A transport simulation model is formulated to analyse energy use and emissions in meeting the travel requirements of the residents of four Indian metropolises, namely Delhi, Calcutta, Mumbai and Bangalore, during the period 1990-2011. The model includes the following variables: travel demand, modal split, penetration of technologies, vehicle space per passenger, energy intensity and emission factors of CO, HC, NOx, SO2, TSP and Pb. The model illustrates the effect of two strategies, namely strengthening public transport and promoting cleaner, and alternative fuels with improved technologies, on energy use and emissions. If both the strategies are implemented, energy worth 0.82 million tonnes of oil equivalent (mtoe) could he saved in 2010/2011, the breakdown of which is as follows: over 22% in Delhi (0.36 mtoe), 55% in Calcutta (0.19 mtoe), 15% in Mumbai (0.11 mtoe) and 24% in Bangalore (0.16 mtoe). The strategies could also reduce the emissions of CO, HC, TSP and Pb in these cities as follows: 28-75% for CO, 28-80% HC, 21-59% TSP and 31-83% Pb in 2010/201 1. Reduction potential of SO2 emissions in Delhi, Calcutta and Mumbai would be 24%, 46% and 27%, respectively, while in Bangalore this would increase by 5%. Reduction potential of NOx is 15% and 22% in Delhi and Mumbai, while in Calcutta and Bangalore this would increase by 12% and 16%, respectively. (author)

  12. Wie wird GMS Medizin – Bibliothek – Information genutzt? Analyse der Zugriffszahlen einer Open Access-Zeitschrift / Usage of "GMS Medizin – Bibliothek – Information": analysis of usage data from an Open Access journal

    Directory of Open Access Journals (Sweden)

    Bauer, Bruno

    2008-12-01

    Full Text Available In 2006 the journal "MEDIZIN – BIBLIOTHEK – INFORMATION" changed from the internet platform of the "Arbeitsgemeinschaft für Medizinisches Bibliothekswesen" (AGMB to the Open Access platform German Medical Science (GMS. The printed journal version ceased. Thitherto it was sent to all members of the AGMB. The editorial staff made a few arrangements in order to support acceptance and perceptibility of this journal, now issued electronic only. The published papers were included in the database of the Deutsches Bibliothekswesen (DABI and in the Directory of Open Access Journals (DOAJ Content. Furthermore current articles were introduced in MEDINFO, a weblog for medical librarians. The paper compares usage data trends from September 2005 to May 2008 for selected articles.

  13. Algorithms and Complexity Analyses for Control of Singleton Attractors in Boolean Networks

    Directory of Open Access Journals (Sweden)

    Wai-Ki Ching

    2008-09-01

    Full Text Available A Boolean network (BN is a mathematical model of genetic networks. We propose several algorithms for control of singleton attractors in BN. We theoretically estimate the average-case time complexities of the proposed algorithms, and confirm them by computer experiments. The results suggest the importance of gene ordering. Especially, setting internal nodes ahead yields shorter computational time than setting external nodes ahead in various types of algorithms. We also present a heuristic algorithm which does not look for the optimal solution but for the solution whose computational time is shorter than that of the exact algorithms.

  14. Grape juice quality control by means of ¹H nmr spectroscopy and chemometric analyses

    Directory of Open Access Journals (Sweden)

    Caroline Werner Pereira da Silva Grandizoli

    2014-01-01

    Full Text Available This work shows the application of ¹H NMR spectroscopy and chemometrics for quality control of grape juice. A wide range of quality assurance parameters were assessed by single ¹H NMR experiments acquired directly from juice. The investigation revealed that conditions and time of storage should be revised and indicated on all labels. The sterilization process of homemade grape juices was efficient, making it possible to store them for long periods without additives. Furthermore, chemometric analysis classified the best commercial grape juices to be similar to homemade grape juices, indicating that this approach can be used to determine the authenticity after adulteration.

  15. The acceptability and impact of a randomised controlled trial of welfare rights advice accessed via primary health care: qualitative study

    Directory of Open Access Journals (Sweden)

    Howel Denise

    2006-06-01

    Full Text Available Abstract Background Qualitative research is increasingly used alongside randomised controlled trials (RCTs to study a range of factors including participants' experiences of a trial. The need for a sound evidence base within public health will increase the need for RCTs of non-clinical interventions. Welfare rights advice has been proposed as an intervention with potential to reduce health inequalities. This qualitative study, nested within an RCT of the impact of welfare rights advice, examined the acceptability of the intervention, the acceptability of the research process and the perceived impact of the intervention. Methods 25 men and women aged 60 years or over were recruited from four general practices in Newcastle upon Tyne (UK, a sub-sample of those who consented to be contacted (n = 96 during the RCT baseline interview. Semi-structured interviews were undertaken and analysed using the Framework Method. Results Participants viewed the trial positively although, despite agreeing that the information leaflet was clear, some had agreed to participate without being fully aware of what was involved. Some participants were unaware of the implications of randomisation. Most thought it fair, but a few concerns were raised about the control condition. The intervention was acceptable and made participants feel confident about applying for benefit entitlements. 14 out of 25 participants received some financial award; median weekly income gain was £57 (€84, $101. The perceived impact of additional finances was considerable and included: increased affordability of necessities and occasional expenses; increased capacity to deal with emergencies; and a reduction in stress related to financial worries. Overall, perceived independence and ability to participate in society increased. Most participants perceived benefits to their mental well-being, but no-one reported an improvement in physical health. The RCT showed little or no effect on a wide range

  16. Risk access control model for Hadoop%面向Hadoop的风险访问控制模型

    Institute of Scientific and Technical Information of China (English)

    李甲帅; 彭长根; 朱义杰; 马海峰

    2016-01-01

    Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.%传统的访问控制机制难以约束授权用户的恶意行为,使得采用这种访问控制机制的Hadoop平台面临着大数据隐私泄露的风险。提出了一种基于风险的访问控制模型,该模型通过对主体和客体标签的设定,根据用户的历史行为记录构造信息熵风险值计算函数,并进一步建立风险值波动的追踪链,通过风险值及其波动幅度动态调整用户的访问权限。将该模型应用于Hadoop的Kerberos认证协议的改进,结合访问令牌及风险监测实现大数据隐私保护风险访问控制机制。最后,针对医疗大数据进行应用仿真,实验表明该模型可以有效约束大数据应用平台中授权用户的访问行为。

  17. Nutraceuticals and Blood Pressure Control: Results from Clinical Trials and Meta-Analyses.

    Science.gov (United States)

    Cicero, Arrigo F G; Colletti, Alessandro

    2015-09-01

    Beyond the well-known effects on blood pressure (BP) of the dietary approaches to stop hypertension (DASH) and the Mediterranean diets, a large number of studies has investigated the possible BP lowering effect of different dietary supplements and nutraceuticals, the most part of them being antioxidant agents with a high tolerability and safety profile. In particular relatively large body of evidence support the use of potassium, L-arginine, vitamin C, cocoa flavonoids, beetroot juice, coenzyme Q10, controlled-release melatonin, and aged garlic extract. However there is a need for data about the long-term safety of a large part of the above discussed products. Moreover further clinical research is advisable to identify between the available active nutraceuticals those with the best cost-effectiveness and risk-benefit ratio for a large use in general population with low-added cardiovascular risk related to uncomplicated hypertension. PMID:25788027

  18. Isotopic footprint: ¿does the forensic analyses improve forest control?

    Directory of Open Access Journals (Sweden)

    Ulrich Melessa

    2013-10-01

    Full Text Available In the Ecuadorian market a high percentage of timber from tropical forests is of illegal origin. Illegal acts and infringments along the production chain are more frequent if the concern species is valuable such as mahogany (Swietenia macrophylla and cedar (Cedrela odorata. In this regard, one of the most frequently falsified data is the geographical origin of wood. At date there is no forensic scientific method for determining objectively and independently the geographic source stated in the documentation of traded timber. The analysis of the isotope composition, known as a isotope fingerprint, has a clear special pattern and is feasible for this purpose.From Ecuador samples of mahogany and cedar were contributed to build a geo-referenced database and improve the method to make it more operational to serve in control and surveillance programs. This article explains the problems related to the subject, the method and its potential use. 

  19. HIERARCHICAL ACCESS CONTROL IN DYNAMIC PEER GROUPS USING SYMMETRIC POLYNOMIAL AND TREE BASED GROUP ELLIPTIC CURVE DIFFIE HELLMAN SCHEME

    Directory of Open Access Journals (Sweden)

    Nafeesa Begum Jeddy

    2014-01-01

    Full Text Available Hierarchical Access Control in group communication is an active area of research which is difficult to achieve it. Its primary objective is to allow users of a higher authority group to access information or resource held by lower group users and preventing the lower group users to access information held by higher class users. Large collection of collaborative applications in organizations inherently has hierarchical structures for functioning, where providing security by efficient group key management is a big challenging issue. While preserving centralized methods for hierarchical access control, it is difficult to achieve efficiency as a single membership change will result in lot of changes which are difficult to maintain. So, using distributed key agreement techniques is more appropriate for this scenario. This study explore on novel group key agreement approach, which combines both the symmetric polynomial scheme and Tree Based Group elliptic Curve key exchange. Also, it yields a secure protocol suite that is good in fault-tolerant and simple. The efficiency of SP-TGECDH is better than many other schemes. Using TGECDH makes the scheme suitable small Low powered devices.

  20. Crypto Keys Based Secure Access Control for JTAG and Logic BIST Architecture

    Directory of Open Access Journals (Sweden)

    Ramesh Bhakthavatchalu

    2015-06-01

    Full Text Available A technique to provide programmable secure access to the scan based Logic Built in Self- Test (BIST structures is proposed. Joint Test Access Group (JTAG interface is the major test access method used in VLSI IC’s. At the same time, it can be misused as a means to access and hack the hardware circuitry of the IC. It is addressed in this method to prevent unauthorized users from hacking the JTAG interface and interfering in the Logic BIST test functions. A two stage, multiple crypto algorithms based separate authorization schemes are used. A configuration register can be programmed to select the level of security to a specific user group. Different crypto algorithms can be chosen, with user specifiable key lengths. A challenge response protocol is employed to authenticate the user and corresponding accessibility. All the features included are compliant with the IEEE JTAG standard 1149.1. This technique is applied on ISCAS-89 and ISCAS-99 benchmark designs with the help of Cadence Encounter true time 13.1 design automation tools and results are shown. A small amount of (less than 2 to 5% increase in area reported for implementing the security features.

  1. Review of the Reporting of Survival Analyses within Randomised Controlled Trials and the Implications for Meta-Analysis

    Science.gov (United States)

    Batson, Sarah; Greenall, Gemma; Hudson, Pollyanna

    2016-01-01

    Background Meta-analysis is a growing approach to evidence synthesis and network meta-analysis in particular represents an important and developing method within Health Technology Assessment (HTA). Meta-analysis of survival data is usually performed using the individual summary statistic—the hazard ratio (HR) from each randomised controlled trial (RCT). Objectives The objectives of this study are to: (i) review the methods and reporting of survival analyses in oncology RCTs; and (ii) assess the suitability and relevance of survival data reported in RCTs for inclusion into meta-analysis. Methods Five oncology journals were searched to identify Phase III RCTs published between April and July 2015. Eligible studies included those that analysed a survival outcome. Results Thirty-two RCTs reporting survival outcomes in cancer populations were identified. None of the publications reported details relating to a strategy for statistical model building, the goodness of fit of the final model, or final model validation for the analysis of survival outcomes. The majority of studies (88%) reported the use of Cox proportional hazards (PH) regression to analyse survival endpoints. However, most publications failed to report the validation of the statistical models in terms of the PH assumption. Conclusions This review highlights deficiencies in terms of reporting the methods and validity of survival analyses within oncology RCTs. We support previous recommendations to encourage authors to improve the reporting of survival analyses in journal publications. We also recommend that the final choice of a statistical model for survival should be informed by goodness of model fit to a given dataset, and that model assumptions are validated. The failure of trial investigators and statisticians to investigate the PH for RCT survival data is likely to result in clinical decisions based on inappropriate methods. The development of alternative approaches for the meta-analysis of survival

  2. Patterns and Prevalence of School Access, Transitions and Equity in South Africa: Secondary Analyses of BT20 Large-Scale Data Sources. CREATE Pathways to Access. Research Monograph No. 27

    Science.gov (United States)

    Fleisch, Brahm; Shindler, Jennifer

    2009-01-01

    This monograph looks at patterns and prevalence of initial school enrolment, late entry, attainment promotion, and repetition in urban South Africa. The paper pays special attention to the particular gender nature of the patterns of school participation. The study analyses data generated in the genuine representative cohort study, Birth-to-Twenty…

  3. Nutrient analyses and quality assurance/quality control: training course in the Philippines

    International Nuclear Information System (INIS)

    Full text: AMETEC (APEC Marine Environmental Training and Education Center) situated at the scenic Geoje island of the Republic of Korea has recently (Oct.14-28, 2006) completed a training course on 'Nutrient Analysis and Quality Assurance/Quality Control: Enhancing reliability and comparability of data for the Integrated Environmental Monitoring program' in University of Philippines at Diliman, Quezon, Philippines. This = programme was co-sponsored by GEF/UNDP/IMO Regional Programme on Partnership in Environmental Management for Seas of East Asia (PEMSEA); National Science Research Institute (NSRI) and Marine Science Institute (MSI), University of the Philippines in Diliman, Philippines. For the first time in AMETEC's history such a programme was conducted outside their campus in the Republic of Korea. Twenty participants, mostly from the developing nations of the Asia Pacific Economic Cooperation (APEC) region joined the course. QA/QC tools were effectively implemented in solving problems/issues that were encountered: program design - location, time of collection (tidal variation), and number of samples that represent the water body, etc.; sampling contamination issues, appropriate sampling techniques, containers, sample handling, sample identification and subsequent processing, sample storage; analysis - values of quality control samples, spike, IHRMs (in house reference materials)), control charts, acceptance criteria; method validation, repeatability, reproducibility, method detection limits, report limits, accuracy and uncertainty. These were especially useful in establishing a new laboratory environment in a developing nation. While utilizing the basic laboratory facilities available at NSRI and MSI in the Philippines, additional laboratory supplies and some equipment were shipped from the Republic of Korea and Australia. To minimize issues relating to language, the trainers had to prepare well ahead and develop templates for each day's activities. Trainers

  4. Transcriptomic and proteomic analyses of the Aspergillus fumigatus hypoxia response using an oxygen-controlled fermenter

    Directory of Open Access Journals (Sweden)

    Barker Bridget M

    2012-02-01

    Full Text Available Abstract Background Aspergillus fumigatus is a mold responsible for the majority of cases of aspergillosis in humans. To survive in the human body, A. fumigatus must adapt to microenvironments that are often characterized by low nutrient and oxygen availability. Recent research suggests that the ability of A. fumigatus and other pathogenic fungi to adapt to hypoxia contributes to their virulence. However, molecular mechanisms of A. fumigatus hypoxia adaptation are poorly understood. Thus, to better understand how A. fumigatus adapts to hypoxic microenvironments found in vivo during human fungal pathogenesis, the dynamic changes of the fungal transcriptome and proteome in hypoxia were investigated over a period of 24 hours utilizing an oxygen-controlled fermenter system. Results Significant increases in transcripts associated with iron and sterol metabolism, the cell wall, the GABA shunt, and transcriptional regulators were observed in response to hypoxia. A concomitant reduction in transcripts was observed with ribosome and terpenoid backbone biosynthesis, TCA cycle, amino acid metabolism and RNA degradation. Analysis of changes in transcription factor mRNA abundance shows that hypoxia induces significant positive and negative changes that may be important for regulating the hypoxia response in this pathogenic mold. Growth in hypoxia resulted in changes in the protein levels of several glycolytic enzymes, but these changes were not always reflected by the corresponding transcriptional profiling data. However, a good correlation overall (R2 = 0.2, p A. fumigatus. Conclusions Taken together, our data suggest a robust cellular response that is likely regulated both at the transcriptional and post-transcriptional level in response to hypoxia by the human pathogenic mold A. fumigatus. As with other pathogenic fungi, the induction of glycolysis and transcriptional down-regulation of the TCA cycle and oxidative phosphorylation appear to major

  5. Analysing GCN4 translational control in yeast by stochastic chemical kinetics modelling and simulation

    Directory of Open Access Journals (Sweden)

    Romano M Carmen

    2011-08-01

    Full Text Available Abstract Background The yeast Saccharomyces cerevisiae responds to amino acid starvation by inducing the transcription factor Gcn4. This is mainly mediated via a translational control mechanism dependent upon the translation initiation eIF2·GTP·Met-tRNAiMet ternary complex, and the four short upstream open reading frames (uORFs in its 5' mRNA leader. These uORFs act to attenuate GCN4 mRNA translation under normal conditions. During amino acid starvation, levels of ternary complex are reduced. This overcomes the GCN4 translation attenuation effect via a scanning/reinitiation control mechanism dependent upon uORF spacing. Results Using published experimental data, we have developed and validated a probabilistic formulation of GCN4 translation using the Chemical Master Equation (Model 1. Model 1 explains GCN4 translation's nonlinear dependency upon uORF placements, and predicts that an as yet unidentified factor, which was proposed to regulate GCN4 translation under some conditions, only has pronounced effects upon GCN4 translation when intercistronic distances are unnaturally short. A simpler Model 2 that does not include this unidentified factor could well represent the regulation of a natural GCN4 mRNA. Using parameter values optimised for this algebraic Model 2, we performed stochastic simulations by Gillespie algorithm to investigate the distribution of ribosomes in different sections of GCN4 mRNA under distinct conditions. Our simulations demonstrated that ribosomal loading in the 5'-untranslated region is mainly determined by the ratio between the rates of 5'-initiation and ribosome scanning, but was not significantly affected by rate of ternary complex binding. Importantly, the translation rate for codons starved of cognate tRNAs is predicted to be the most significant contributor to the changes in ribosomal loading in the coding region under repressing and derepressing conditions. Conclusions Our integrated probabilistic Models 1 and 2

  6. 多域环境下的分布式RBAC模型%A distributed role-based access control model for multi-domain environments

    Institute of Scientific and Technical Information of China (English)

    洪帆; 朱贤; 邢光林

    2006-01-01

    Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain,the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.

  7. The dynamic mechanism of presenilin-function: Sensitive gate dynamics and loop unplugging control protein access

    DEFF Research Database (Denmark)

    Somavarapu, Arun Kumar; Kepp, Kasper Planeta

    2016-01-01

    106-131 loop acts as a "hinge" for the TM2 and TM6 "doors". More importantly, we identify an unplugging mechanism of the Exon 9 loop associated only with mature PSEN1. Proper opening of both the "gate" and "plug" in the membrane produces channel-like morphologies and access to the catalytic aspartates....... Dynamically, these features seem linked. The long-range sensitivity of this gate-plug system to subtle conformational changes can explain why so many PSEN1 mutants cause disease. Reduced access and imprecise substrate cleavage associated with impaired gate-plug dynamics is directly illustrated by the effect...

  8. 一种面向XML文档的RBAC模型%A Role-based Access Control Model For XML Documents

    Institute of Scientific and Technical Information of China (English)

    郭宗军; 姚志强

    2013-01-01

    Currently, the XML document is being widely used in the exchange and storage of information. But it is needed to formulate specific access control method because of the particular grammar of XML document. In this paper a RBAC model for XML documents is put forwards .The architecture of access control and authorization mechanism are introduced in detail.%  目前应用XML文档进行信息的交换与存储已经越来越广泛,由于XML文档的特殊性,需要制定特定的访问控制方法。在传统RBAC模型的基础上,提出了一种面向XML文档的RBAC模型,并详细介绍了相应访问控制体系及授权机制。

  9. Cancer control in developing countries: using health data and health services research to measure and improve access, quality and efficiency

    OpenAIRE

    Kangolle Alfred CT; Hanna Timothy P

    2010-01-01

    Abstract Background Cancer is a rapidly increasing problem in developing countries. Access, quality and efficiency of cancer services in developing countries must be understood to advance effective cancer control programs. Health services research can provide insights into these areas. Discussion This article provides an overview of oncology health services in developing countries. We use selected examples from peer-reviewed literature in health services research and relevant publicly availab...

  10. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    Science.gov (United States)

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626

  11. Population and forensic genetic analyses of mitochondrial DNA control region variation from six major provinces in the Korean population.

    Science.gov (United States)

    Hong, Seung Beom; Kim, Ki Cheol; Kim, Wook

    2015-07-01

    We generated complete mitochondrial DNA (mtDNA) control region sequences from 704 unrelated individuals residing in six major provinces in Korea. In addition to our earlier survey of the distribution of mtDNA haplogroup variation, a total of 560 different haplotypes characterized by 271 polymorphic sites were identified, of which 473 haplotypes were unique. The gene diversity and random match probability were 0.9989 and 0.0025, respectively. According to the pairwise comparison of the 704 control region sequences, the mean number of pairwise differences between individuals was 13.47±6.06. Based on the result of mtDNA control region sequences, pairwise FST genetic distances revealed genetic homogeneity of the Korean provinces on a peninsular level, except in samples from Jeju Island. This result indicates there may be a need to formulate a local mtDNA database for Jeju Island, to avoid bias in forensic parameter estimates caused by genetic heterogeneity of the population. Thus, the present data may help not only in personal identification but also in determining maternal lineages to provide an expanded and reliable Korean mtDNA database. These data will be available on the EMPOP database via accession number EMP00661. PMID:25900647

  12. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks

    OpenAIRE

    Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

    2014-01-01

    Hybrid mobile applications (apps) combine the features of Web applications and “native” mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file system, location, camera, contacts, etc.

  13. 77 FR 65260 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Science.gov (United States)

    2012-10-26

    ... disability would thus be required to have an iPhone, iPad, or other Apple device in order to access the book... sale through its ``App Store,'' the only authorized source of iPhone and iPad applications. EFF further...--i.e., used (or perhaps unused) phones previously purchased or otherwise acquired by a...

  14. Effectiveness and Safety of Computer-controlled Periodontal Ligament Injection System in Endodontic Access to the Mandibular Posterior Teeth

    Institute of Scientific and Technical Information of China (English)

    Quan Jing; Kuo Wan; Xiao-jun Wang; Lin Ma

    2014-01-01

    Objective To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. Methods A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth:the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4%articaine and 1∶100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. Results The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively;χ2=34.3, P Conclusion The computer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.

  15. The effects of hands free communication devices on clinical communication: balancing communication access needs with user control.

    Science.gov (United States)

    Richardson, Joshua E; Richardson, Joshua Edwin; Ash, Joan S; Ash, Joan

    2008-01-01

    Hands Free Communication Device (HFCD) systems are a relatively new information and communication technology. HFCD systems enable clinicians to directly contact and communicate with one another using wearable, voice-controlled badges that are VoIP-based (voice-over IP) and are linked to one another over a wireless local area network (WLAN). This qualitative study utilized a grounded theory, multiple perspectives approach to understand how the use of HFCDs affected communication in the hospitals that implemented them. The study generated five themes revolving around HFCDs impact on communication. This paper specifically focuses on two of those themes: Communication Access and Control. PMID:18999046

  16. Novel implementations of optical switch control module and 3D-CSP for 10 Gbps active optical access system

    Science.gov (United States)

    Wakayama, Koji; Okuno, Michitaka; Matsuoka, Yasunobu; Hosomi, Kazuhiko; Sagawa, Misuzu; Sugawara, Toshiki

    2009-11-01

    We propose an optical switch control procedure for high-performance and cost-effective 10 Gbps Active Optical Access System (AOAS) in which optical switches are used instead of optical splitters in PON (Passive Optical Network). We demonstrate the implemented optical switch control module on Optical Switching Unit (OSW) with logic circuits works effectively. We also propose a compact optical 3D-CSP (Chip Scale Package) to achieve the high performance of AOAS without losing cost advantage of PON. We demonstrate the implemented 3D-CSP works effectively.

  17. Massive Access Control Aided by Knowledge-Extraction for Co-Existing Periodic and Random Services over Wireless Clinical Networks.

    Science.gov (United States)

    Du, Qinghe; Zhao, Weidong; Li, Weimin; Zhang, Xuelin; Sun, Bo; Song, Houbing; Ren, Pinyi; Sun, Li; Wang, Yichen

    2016-07-01

    The prosperity of e-health is boosted by fast development of medical devices with wireless communications capability such as wearable devices, tiny sensors, monitoring equipments, etc., which are randomly distributed in clinic environments. The drastically-increasing population of such devices imposes new challenges on the limited wireless resources. To relieve this problem, key knowledge needs to be extracted from massive connection attempts dispersed in the air towards efficient access control. In this paper, a hybrid periodic-random massive access (HPRMA) scheme for wireless clinical networks employing ultra-narrow band (UNB) techniques is proposed. In particular, the proposed scheme towards accommodating a large population of devices include the following new features. On one hand, it can dynamically adjust the resource allocated for coexisting periodic and random services based on the traffic load learned from signal collision status. On the other hand, the resource allocation within periodic services is thoroughly designed to simultaneously align with the timing requests of differentiated services. Abundant simulation results are also presented to demonstrate the superiority of the proposed HPRMA scheme over baseline schemes including time-division multiple access (TDMA) and random access approach, in terms of channel utilization efficiency, packet drop ratio, etc., for the support of massive devices' services. PMID:27240842

  18. Unsynchronized Energy-Efficient Medium Access Control and Routing in Wireless Sensor Networks

    Science.gov (United States)

    Hurni, Philipp

    This master thesis investigates optimizations on recently proposed fully unsynchronized power saving sensor MAC protocols. In contrast to many other sensor MAC protocols, unsynchronized sensor MAC protocols renounce on any kind of network- or cluster-wide synchronization for channel access coordination and maintenance of a common wake-sleep pattern, because in wireless sensor networks with low traffic requirements, the overhead for maintaining synchronization is likely to exceed the energy spent for the actual data traffic.

  19. A Context Aware Content Based Federated Access Control System for Healthcare Domain

    OpenAIRE

    Amjad, Haseeb

    2007-01-01

    Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of ...

  20. OECD’S CONTROL INSTRUMENTS IN THE CONTEXT OF RUSSIA’S ACCESSION TO THIS ORGANISATION

    OpenAIRE

    Natalia Efimova; M. Samarina

    2013-01-01

    Russia’s accession to the OECD will definitely have a positive effect on Russia’s image worldwide. However, Russia’s OECD membership may have an adverse effect though the use of certain OECD’s instruments. Russia should take account of potential pressure which it may be subject to both by most powerful OECD members and international organizations equipped with formally defined instruments of pressure which cooperate closely with the OECD. Therefore, it may not only prevent Russia from pursuin...

  1. Streamforce: outsourcing access control enforcement for stream data to the clouds

    OpenAIRE

    Dinh, Tien Tuan Anh; Datta, Anwitaman

    2013-01-01

    As tremendous amount of data being generated everyday from human activity and from devices equipped with sensing capabilities, cloud computing emerges as a scalable and cost-effective platform to store and manage the data. While benefits of cloud computing are numerous, security concerns arising when data and computation are outsourced to a third party still hinder the complete movement to the cloud. In this paper, we focus on the problem of data privacy on the cloud, particularly on access c...

  2. PANATIKI: A Network Access Control Implementation Based on PANA for IoT Devices

    OpenAIRE

    Antonio F. Gomez Skarmeta; Rafa Marin Lopez; Pedro Moreno Sanchez

    2013-01-01

    Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and a...

  3. An Efficient Authentication and Access Control Scheme to Protect Integrity of Anonymous Networks

    Directory of Open Access Journals (Sweden)

    Santhosh S, Asst. Prof. Alok Ranjan

    2013-03-01

    Full Text Available Concerns about privacy and security have received greater attention with the rapid growth and public acceptance of the Internet and the pervasive deployment of various network technologies. Anonymous network services is a large field of research and development that steadily continues to grow. Several credential systems have been proposed in which users can authenticate to services anonymously. Various anonymous network are readily available such as tor, i2p these allow users to access Internet services privately by using a series of routers to hide the client’s IP address from the server. But this provision can be utilized both by the genuine users and misbehaving ones alike. Dishonest users take advantage of anonymity for abusive purpose such as website defacing. The administrators of these websites are unable to blacklist such users since their identity is not known. As a result they block the complete network using onion routing to ensure protection to their servers denying anonymous access to genuine and dishonest users alike. To surmount this problem, assuming a tor environment a credential system is proposed which enables the system administrators to detect any malicious activity and further block the malicious user continuing un-interrupted access to genuine users

  4. 门禁系统在博物馆的应用%Application of Access Control Systems in Museums

    Institute of Scientific and Technical Information of China (English)

    王振

    2015-01-01

    在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理,它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。%got rapid development in the rapid development of digital technology, network technology today access technology. Access control systems have already gone beyond the simple road and key management, it has gradual y developed into a complete access control system. It plays a great role in administrative work environment safety, personnel at endance management etc. In this paper, the museum entrance guard system in the research on the application of.

  5. Fingerprint authentication via joint transform correlator and its application in remote access control of a 3D microscopic system

    Science.gov (United States)

    He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang

    2014-05-01

    We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.

  6. ACCESS CONTROL IN DISTRIBUTED SYSTEMS%分布式环境下的访问控制

    Institute of Scientific and Technical Information of China (English)

    刘琼波; 施军; 尤晋元

    2001-01-01

    The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.%为适应分布式环境下的安全需求,提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述,限定权限传播的深度,利用不同的优先次序定义了多种消解冲突的规则,并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理,描述了如何判定访问请求的算法.解决了3个问题:分布式授权、私有权限和冲突消解方法.

  7. SCALE: A modular code system for performing standardized computer analyses for licensing evaluation: Control modules C4, C6

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1997-03-01

    This Manual represents Revision 5 of the user documentation for the modular code system referred to as SCALE. The history of the SCALE code system dates back to 1969 when the current Computational Physics and Engineering Division at Oak Ridge National Laboratory (ORNL) began providing the transportation package certification staff at the U. S. Atomic Energy Commission with computational support in the use of the new KENO code for performing criticality safety assessments with the statistical Monte Carlo method. From 1969 to 1976 the certification staff relied on the ORNL staff to assist them in the correct use of codes and data for criticality, shielding, and heat transfer analyses of transportation packages. However, the certification staff learned that, with only occasional use of the codes, it was difficult to become proficient in performing the calculations often needed for an independent safety review. Thus, shortly after the move of the certification staff to the U.S. Nuclear Regulatory Commission (NRC), the NRC staff proposed the development of an easy-to-use analysis system that provided the technical capabilities of the individual modules with which they were familiar. With this proposal, the concept of the Standardized Computer Analyses for Licensing Evaluation (SCALE) code system was born. This volume is part of the manual related to the control modules for the newest updated version of this computational package.

  8. SCALE: A modular code system for performing standardized computer analyses for licensing evaluation: Control modules C4, C6

    International Nuclear Information System (INIS)

    This Manual represents Revision 5 of the user documentation for the modular code system referred to as SCALE. The history of the SCALE code system dates back to 1969 when the current Computational Physics and Engineering Division at Oak Ridge National Laboratory (ORNL) began providing the transportation package certification staff at the U. S. Atomic Energy Commission with computational support in the use of the new KENO code for performing criticality safety assessments with the statistical Monte Carlo method. From 1969 to 1976 the certification staff relied on the ORNL staff to assist them in the correct use of codes and data for criticality, shielding, and heat transfer analyses of transportation packages. However, the certification staff learned that, with only occasional use of the codes, it was difficult to become proficient in performing the calculations often needed for an independent safety review. Thus, shortly after the move of the certification staff to the U.S. Nuclear Regulatory Commission (NRC), the NRC staff proposed the development of an easy-to-use analysis system that provided the technical capabilities of the individual modules with which they were familiar. With this proposal, the concept of the Standardized Computer Analyses for Licensing Evaluation (SCALE) code system was born. This volume is part of the manual related to the control modules for the newest updated version of this computational package

  9. Medium Access Control for Thermal Energy Harvesting in Advanced Metering Infrastructures

    DEFF Research Database (Denmark)

    Vithanage, Madava D.; Fafoutis, Xenofon; Andersen, Claus Bo; Dragoni, Nicola

    In this paper we investigate the feasibility of powering wireless metering devices, namely heat cost allocators, by thermal energy harvested from radiators. The goal is to take a first step toward the realization of Energy-Harvesting Advanced Metering Infrastructures (EH-AMIs). While traditional...... the potential energy that can be harvested from Low Surface Temperature (LST) radiators. The experiments are based on a developed Energy-Harvesting Heat Cost Allocator (EH-HCA) prototype. On the basis of this measured power budget, we model and analytically compare the currently used Medium Access...

  10. PRBAC:A role-based provenance access control model%PRBAC:一种基于角色的起源访问控制模型

    Institute of Scientific and Technical Information of China (English)

    马晓; 王凤英; 常玲霞

    2016-01-01

    T his paper proposes a novel role-based provenance access control model (PRBAC )to better utilize provenance data to control access to the other data .The model is built on prove‐nance-based access control (PBAC) and role-based access control (RBAC) .And this scheme di‐vided the dependency list as a foundation of access control ,introduced the notion of role in role-based access control and gave out the access control algorithm .The analysis results indicate the proposed model can solve the issues that the authorization management is not flexible ,the system has low access efficiency and access control policy is not secure enough ,and other problems .%为了更好地利用数据起源对其它数据进行访问控制,建立了一种基于角色的起源访问控制模型(PRBAC )。该模型以基于起源的访问控制模型(PBAC )和基于角色的访问控制模型(RBAC)为基础,划分了作为访问控制基础的依赖关系列表,并引入RBAC中角色集的概念,给出了具体的访问控制算法。分析结果表明PRBAC能解决基于起源的访问控制模型中授权管理不灵活、系统运行效率低和访问控制策略不够安全等问题。

  11. Bearer channel control protocol for the dynamic VB5.2 interface in ATM access networks

    Science.gov (United States)

    Fragoulopoulos, Stratos K.; Mavrommatis, K. I.; Venieris, Iakovos S.

    1996-12-01

    In the multi-vendor systems, a customer connected to an Access network (AN) must be capable of selecting a specific Service Node (SN) according to the services the SN provides. The multiplicity of technologically varying AN calls for the definition of a standard reference point between the AN and the SN widely known as the VB interface. Two versions are currently offered. The VB5.1 is simpler to implement but is not as flexible as the VB5.2, which supports switched connections. The VB5.2 functionality is closely coupled to the Broadband Bearer Channel Connection Protocol (B-BCCP). The B-BCCP is used for conveying the necessary information for dynamic resource allocation, traffic policing and routing in the AN as well as for information exchange concerning the status of the AN before a new call is established by the SN. By relying on such a protocol for the exchange of information instead of intercepting and interpreting signalling messages in the AN, the architecture of the AN is simplified because the functionality related to processing is not duplicated. In this paper a prominent B- BCCP candidate is defined, called the Service node Access network Interaction Protocol.

  12. A Data Capsule Framework For Web Services: Providing Flexible Data Access Control To Users

    CERN Document Server

    Kannan, Jayanthkumar; Chun, Byung-Gon

    2010-01-01

    This paper introduces the notion of a secure data capsule, which refers to an encapsulation of sensitive user information (such as a credit card number) along with code that implements an interface suitable for the use of such information (such as charging for purchases) by a service (such as an online merchant). In our capsule framework, users provide their data in the form of such capsules to web services rather than raw data. Capsules can be deployed in a variety of ways, either on a trusted third party or the user's own computer or at the service itself, through the use of a variety of hardware or software modules, such as a virtual machine monitor or trusted platform module: the only requirement is that the deployment mechanism must ensure that the user's data is only accessed via the interface sanctioned by the user. The framework further allows an user to specify policies regarding which services or machines may host her capsule, what parties are allowed to access the interface, and with what parameter...

  13. Communication, Control, and Computer Access for Disabled and Elderly Individuals. ResourceBook 3: Software and Hardware. Rehab/Education Technology ResourceBook Series.

    Science.gov (United States)

    Brandenburg, Sara A., Ed.; Vanderheiden, Gregg C., Ed.

    One of a series of three resource guides concerned with communication, control, and computer access for the disabled or the elderly, the book focuses on hardware and software. The guide's 13 chapters each cover products with the same primary function. Cross reference indexes allow access to listings of products by function, input/output…

  14. Cancer control in developing countries: using health data and health services research to measure and improve access, quality and efficiency

    Directory of Open Access Journals (Sweden)

    Kangolle Alfred CT

    2010-10-01

    Full Text Available Abstract Background Cancer is a rapidly increasing problem in developing countries. Access, quality and efficiency of cancer services in developing countries must be understood to advance effective cancer control programs. Health services research can provide insights into these areas. Discussion This article provides an overview of oncology health services in developing countries. We use selected examples from peer-reviewed literature in health services research and relevant publicly available documents. In spite of significant limitations in the available data, it is clear there are substantial barriers to access to cancer control in developing countries. This includes prevention, early detection, diagnosis/treatment and palliation. There are also substantial limitations in the quality of cancer control and a great need to improve economic efficiency. We describe how the application of health data may assist in optimizing (1 Structure: strengthening planning, collaboration, transparency, research development, education and capacity building. (2 Process: enabling follow-up, knowledge translation, patient safety and quality assurance. (3 Outcome: facilitating evaluation, monitoring and improvement of national cancer control efforts. There is currently limited data and capacity to use this data in developing countries for these purposes. Summary There is an urgent need to improve health services for cancer control in developing countries. Current resources and much-needed investments must be optimally managed. To achieve this, we would recommend investment in four key priorities: (1 Capacity building in oncology health services research, policy and planning relevant to developing countries. (2 Development of high-quality health data sources. (3 More oncology-related economic evaluations in developing countries. (4 Exploration of high-quality models of cancer control in developing countries. Meeting these needs will require national, regional and

  15. Toward an open-access global database for mapping, control, and surveillance of neglected tropical diseases

    DEFF Research Database (Denmark)

    Hürlimann, Eveline; Schur, Nadine; Boutsika, Konstantina;

    2011-01-01

    After many years of general neglect, interest has grown and efforts came under way for the mapping, control, surveillance, and eventual elimination of neglected tropical diseases (NTDs). Disease risk estimates are a key feature to target control interventions, and serve as a benchmark for monitor......After many years of general neglect, interest has grown and efforts came under way for the mapping, control, surveillance, and eventual elimination of neglected tropical diseases (NTDs). Disease risk estimates are a key feature to target control interventions, and serve as a benchmark...

  16. Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

    Science.gov (United States)

    Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

    2012-01-01

    As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are

  17. Fast remote data access for control of TCP/IP network using android Mobile device

    Directory of Open Access Journals (Sweden)

    Vaibhav Muddebihalkar

    2014-04-01

    Full Text Available In this paper we will creating architecture which will helps user to control LAN using the android mobile. As the most of the all application are now creating the cross platform version for the android, we will also make the control using the android platform. This is purely network administrative application which useful for the controlling network. The architecture will consist the nodes in the LAN and one server as well as one android phone which use to control the nodes. We use connectivity options as Wi-Fi or Internet; if connectivity internet is taken in grant then we will provide the static IP address to the server. For all this kind of application we should use JAVA technology and the android SDK in programming point of view. After testing application on LAN it works very well while file browsing and controlling the process.

  18. California leaking underground fuel tank (LUFT) historical case analyses: Data collection, data input and data quality control

    International Nuclear Information System (INIS)

    By 1994, more than 27,000 leaking underground fuel tank (LUFT) cases had been identified in the State of California, with about 21,000 active cases. Since 1985, regulatory oversight agencies have accumulated literal mountains of paperwork containing both spatial and time-series hydrogeologic, chemical, and other data reported at LUFT sites. Prior to November 1994, there had been no systematic attempt to assemble these data into a computerized format suitable for statistical evaluation. In November of 1994, the State Water Resources Control Board (SWRCB) began collection of LUFT data throughout California to create such a database in support of the Lawrence Livermore National Laboratories (LLNL) ''California Leaking Underground Fuel Tank (LUFT) Historical Case Analyses.'' The purpose of these efforts was to evaluate the distribution of measured soil and groundwater impacts caused by gasoline, diesel, and waste oil, and to identify the controlling factors which influence the magnitude and extent of fuel hydrocarbon plumes in groundwater. From the eligible pool, the SWRCB selected a representative (or targeted) subset of 1,831 sites for its own data collection efforts. Pertinent data were collected by two SWRCB teams who traveled to various regulatory agencies throughout the State and obtained the most complete, up-to-date information available in the files for each site

  19. The dynamic mechanism of presenilin-1 function: Sensitive gate dynamics and loop unplugging control protein access.

    Science.gov (United States)

    Somavarapu, Arun Kumar; Kepp, Kasper P

    2016-05-01

    There is no molecular explanation for the many presenilin 1 (PSEN1) mutations causing Alzheimer's disease, but both gain of function relating to amyloid production and loss of isolated PSEN1 function have been implied. We report here the first detailed dynamic all-atom model of mature PSEN1 from molecular dynamics in an explicit membrane with particular account of the as yet unexplored loop dynamics. We find that mature PSEN1 contains multiple distinct conformational states whereas non-mature PSEN1 is a typical one-state protein. We confirm a previously suggested gating mechanism, and find that the 106-131 loop acts as a "hinge" for the TM2 and TM6 "doors". More importantly, we identify an unplugging mechanism of the Exon 9 loop associated only with mature PSEN1. Proper opening of both the "gate" and "plug" in the membrane produces channel-like morphologies and access to the catalytic aspartates. Dynamically, these features seem linked. The long-range sensitivity of this gate-plug system to subtle conformational changes can explain why so many PSEN1 mutants cause disease. Reduced access and imprecise substrate cleavage associated with impaired gate-plug dynamics is directly illustrated by the effect of maturation in our work and could explain the overall reduction in Aβ levels upon PSEN1 mutation and the increase in the Aβ 42/40 ratio. Yet, our PSEN1-only dynamics are particularly insightful in revealing PSEN1-only dynamics relating to e.g. its role as membrane channel. Thus, our identified gate-plug mechanism is relevant for designing PSEN1 modulating therapies for treatment of Alzheimer's disease within both the amyloid/γ-secretase hypothesis and within the PSEN1 loss of function paradigm. PMID:26852951

  20. On the control, stability, and waiting time in a slotted ALOHA random-access system

    Science.gov (United States)

    Ferguson, M. J.

    1975-01-01

    This paper explores some of the boundaries in performance of slotted ALOHA systems by analyzing a simple and almost optimal centrally supervised control. The control results in a very simple Markov chain model and allows an examination of stability, conditional waiting time distribution of transmitting terminals, and many other system measures. The key to the simplicity is to have a probability of successful packet transmission that is independent of the number of transmitting terminals. In considering waiting time, we calculate the mean and other moments of the waiting time of a terminal when it enters the system to find (n - 1) other terminals already there competing for the channel. Under this control, the average time is proportional to n. The control requires exact knowledge of the number of terminals contending for the channel, and hence is not implementable, except as an approximation.