An Extended Role Based Access Control Method for XML Documents

Institute of Scientific and Technical Information of China (English)

MENG Xiao-feng; LUO Dao-feng; OU Jian-bo

2004-01-01

As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

An application-layer based centralized information access control for VPN

Institute of Scientific and Technical Information of China (English)

OUYANG Kai; ZHOU Jing-li; XIA Tao; YU Sheng-sheng

2006-01-01

With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the internal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that ifone vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem.To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC-the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC's constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.

Role Based Access Control system in the ATLAS experiment

CERN Document Server

Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G

2011-01-01

The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...

Role Based Access Control System in the ATLAS Experiment

CERN Document Server

Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F

2010-01-01

The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...

Role based access control design using Triadic concept analysis

Institute of Scientific and Technical Information of China (English)

Ch Aswani Kumar; S Chandra Mouliswaran; LI Jin-hai; C Chandrasekar

2016-01-01

Role based access control is one of the widely used access control models. There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis (FCA), description logics, and Ontology for representing access control mechanism. However, while using FCA, investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts. This transformation is mainly to derive the formal concepts, lattice structure and implications to represent role hierarchy and constraints of RBAC. In this work, we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts. Our discussion is on two lines of inquiry. We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.

Role-Based Access Control in Retrospect

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Wieringa, Roelf J.

Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of

Attributes Enhanced Role-Based Access Control Model

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram

2015-01-01

as an important area of research. In this paper, we propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control...... decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy....

Access control based on attribute certificates for medical intranet applications.

Science.gov (United States)

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

Consistency maintenance for constraint in role-based access control model

Institute of Scientific and Technical Information of China (English)

韩伟力; 陈刚; 尹建伟; 董金祥

2002-01-01

Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule-based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-oriented product data management (PDM) system.

Integrating Attributes into Role-Based Access Control

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram

2015-01-01

of research recently. We propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that takes into account the current contextual information while making the access control decisions....

Automatic Access Control Based on Face and Hand Biometrics in A Non-Cooperative Context

DEFF Research Database (Denmark)

Jahromi, Mohammad Naser Sabet; Bonderup, Morten Bojesen; Nasrollahi, Kamal

2018-01-01

Automatic access control systems (ACS) based on the human biometrics or physical tokens are widely employed in public and private areas. Yet these systems, in their conventional forms, are restricted to active interaction from the users. In scenarios where users are not cooperating with the system......, these systems are challenged. Failure in cooperation with the biometric systems might be intentional or because the users are incapable of handling the interaction procedure with the biometric system or simply forget to cooperate with it, due to for example, illness like dementia. This work introduces...

A federated capability-based access control mechanism for internet of things (IoTs)

Science.gov (United States)

Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

2018-05-01

The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide intelligent services with or without human intervention. While leveraging the large-scale IoT-based applications like Smart Gird and Smart Cities, IoT also incurs more concerns on privacy and security. Among the top security challenges that IoTs face is that access authorization is critical in resource and information protection over IoTs. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanisms to meet requirement of IoT systems. The extraordinary large number of nodes, heterogeneity as well as dynamicity, necessitate more fine-grained, lightweight mechanisms for IoT devices. In this paper, a federated capability-based access control (FedCAC) framework is proposed to enable an effective access control processes to devices, services and information in large scale IoT systems. The federated capability delegation mechanism, based on a propagation tree, is illustrated for access permission propagation. An identity-based capability token management strategy is presented, which involves registering, propagation and revocation of the access authorization. Through delegating centralized authorization decision-making policy to local domain delegator, the access authorization process is locally conducted on the service provider that integrates situational awareness (SAW) and customized contextual conditions. Implemented and tested on both resources-constrained devices, like smart sensors and Raspberry PI, and non-resource-constrained devices, like laptops and smart phones, our experimental results demonstrate the feasibility of the proposed FedCAC approach to offer a scalable, lightweight and fine-grained access control solution to IoT systems connected to a system network.

Consistency maintenance for constraint in role-based access control model

Institute of Scientific and Technical Information of China (English)

韩伟力; 陈刚; 尹建伟; 董金祥

2002-01-01

Constraint is an important aspect of role-based access control and is sometimes argued to be the principal motivation for role-based access control (RBAC). But so far'few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces correaponding formal rules, rulebased reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally,the paper introduces briefly the application of consistency maintenance in ZD-PDM, an enterprise-ori-ented product data management (PDM) system.

Capability-based Access Control Delegation Model on the Federated IoT Network

DEFF Research Database (Denmark)

Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

2012-01-01

Flexibility is an important property for general access control system and especially in the Internet of Things (IoT), which can be achieved by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has...... no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. To this end, this paper presents an access delegation method with security considerations based on Capability-based Context Aware Access Control (CCAAC) model intended for federated...... machine-to-machine communication or IoT networks. The main idea of our proposed model is that the access delegation is realized by means of a capability propagation mechanism, and incorporating the context information as well as secure capability propagation under federated IoT environments. By using...

Simple measurement-based admission control for DiffServ access networks

Science.gov (United States)

Lakkakorpi, Jani

2002-07-01

In order to provide good Quality of Service (QoS) in a Differentiated Services (DiffServ) network, a dynamic admission control scheme is definitely needed as an alternative to overprovisioning. In this paper, we present a simple measurement-based admission control (MBAC) mechanism for DiffServ-based access networks. Instead of using active measurements only or doing purely static bookkeeping with parameter-based admission control (PBAC), the admission control decisions are based on bandwidth reservations and periodically measured & exponentially averaged link loads. If any link load on the path between two endpoints is over the applicable threshold, access is denied. Link loads are periodically sent to Bandwidth Broker (BB) of the routing domain, which makes the admission control decisions. The information needed in calculating the link loads is retrieved from the router statistics. The proposed admission control mechanism is verified through simulations. Our results prove that it is possible to achieve very high bottleneck link utilization levels and still maintain good QoS.

Requirements and Challenges of Location-Based Access Control in Healthcare Emergency Response

DEFF Research Database (Denmark)

Vicente, Carmen Ruiz; Kirkpatrick, Michael; Ghinita, Gabriel

2009-01-01

Recent advances in positioning and tracking technologies have led to the emergence of novel location-based applications that allow participants to access information relevant to their spatio-temporal context. Traditional access control models, such as role-based access control (RBAC), are not suf...... to such settings. We overview the main technical issues to be addressed, and we describe the architecture for policy decision and enforcement points....

Providing Access to Census-based Interaction Data in the UK: That's WICID!

Directory of Open Access Journals (Sweden)

John Stillwell

2006-08-01

Full Text Available The Census Interaction Data Service (CIDS is funded by the Economic and Social Research Council in the UK to provide access for social science researchers and students to the detailed migration and journey-to-work statistics that are collected by the national statistical agencies. These interaction data sets are known collectively as the Special Migration Statistics (SMS and the Special Workplace Statistics (SWS. This paper outlines how problems of user access to these data have been tackled through the development of a web-based system known as WICID (Web-based Interface to Census Interaction Data. The paper illustrates various interface features including some of the query building facilities that enable users to extract counts of flows of particular groups of individuals between selected origin and destination areas. New tools are outlined for assisting area selection using digital maps of census geographies, for planning output and for adding value to the data through analysis. Mapping of flows of migrants between London boroughs and the rest of the UK demonstrates the value of the data. The paper begins with a summary of the data sets that are contained within the system and an outline of the system architecture.

A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure

Institute of Scientific and Technical Information of China (English)

ZHANG Shaomin; WANG Baoyi; ZHOU Lihua

2006-01-01

PMI(privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC(Role-based Access Control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is described in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.

Secure Access Control and Authority Delegation Based on Capability and Context Awareness for Federated IoT

DEFF Research Database (Denmark)

Anggorojati, Bayu; Mahalle, Parikshit N.; Prasad, Neeli R.

2013-01-01

Access control is a critical functionality in Internet of Things (IoT), and it is particularly promising to make access control secure, efficient and generic in a distributed environment. Another an important property of access control system in the IoT is flexibility which can be achieved...... by access or authority delegation. Delegation mechanisms in access control that have been studied until now have been intended mainly for a system that has no resource constraint, such as a web-based system, which is not very suitable for a highly pervasive system such as IoT. This chapter presents...... the Capability-based Context Aware Access Control (CCAAC) model including the authority delegation method, along with specification and protocol evaluation intended for federated Machine-to-Machine (M2M)/IoT. By using the identity and capability-based access control approach together with the contextual...

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

Directory of Open Access Journals (Sweden)

Luis Cruz-Piris

2018-03-01

Full Text Available Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT. One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.. To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on message exchange, specifically Message Queuing Telemetry Transport (MQTT. As an access control scheme, we have selected User-Managed Access (UMA, an existing Open Authorization (OAuth 2.0 profile originally developed for the protection of Internet services. We have performed tests focused on validating the proposed solution in terms of the correctness of the access control system. Finally, we have evaluated the energy consumption overhead when using our proposal.

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources.

Science.gov (United States)

Cruz-Piris, Luis; Rivera, Diego; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2018-03-20

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.). To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on message exchange, specifically Message Queuing Telemetry Transport (MQTT). As an access control scheme, we have selected User-Managed Access (UMA), an existing Open Authorization (OAuth) 2.0 profile originally developed for the protection of Internet services. We have performed tests focused on validating the proposed solution in terms of the correctness of the access control system. Finally, we have evaluated the energy consumption overhead when using our proposal.

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

Science.gov (United States)

2018-01-01

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.). To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on message exchange, specifically Message Queuing Telemetry Transport (MQTT). As an access control scheme, we have selected User-Managed Access (UMA), an existing Open Authorization (OAuth) 2.0 profile originally developed for the protection of Internet services. We have performed tests focused on validating the proposed solution in terms of the correctness of the access control system. Finally, we have evaluated the energy consumption overhead when using our proposal. PMID:29558406

Benefits of Location-Based Access Control:A Literature Study

NARCIS (Netherlands)

van Cleeff, A.; Pieters, Wolter; Wieringa, Roelf J.

2010-01-01

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been

Health Information System Role-Based Access Control Current Security Trends and Challenges.

Science.gov (United States)

de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

2018-01-01

This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

TRBAC:基于信任的访问控制模型%TRBAC: Trust Based Access Control Model

Institute of Scientific and Technical Information of China (English)

刘武; 段海新; 张洪; 任萍; 吴建平

2011-01-01

访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.

Evaluation of secure capability-based access control in the M2M local cloud platform

DEFF Research Database (Denmark)

Anggorojati, Bayu; Prasad, Neeli R.; Prasad, Ramjee

2016-01-01

delegation. Recently, the capability based access control has been considered as method to manage access in the Internet of Things (IoT) or M2M domain. In this paper, the implementation and evaluation of a proposed secure capability based access control in the M2M local cloud platform is presented......Managing access to and protecting resources is one of the important aspect in managing security, especially in a distributed computing system such as Machine-to-Machine (M2M). One such platform known as the M2M local cloud platform, referring to BETaaS architecture [1], which conceptually consists...... of multiple distributed M2M gateways, creating new challenges in the access control. Some existing access control systems lack in scalability and flexibility to manage access from users or entity that belong to different authorization domains, or fails to provide fine grained and flexible access right...

A Novel Medium Access Control for Ad hoc Networks Based on OFDM System

Institute of Scientific and Technical Information of China (English)

YU Yi-fan; YIN Chang-chuan; YUE Guang-xin

2005-01-01

Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%～80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.

An intelligent trust-based access control model for affective ...

African Journals Online (AJOL)

In this study, a fuzzy expert system Trust-Based Access Control (TBAC) model for improving the Quality of crowdsourcing using emotional affective computing is presented. This model takes into consideration a pre-processing module consisting of three inputs such as crowd-workers category, trust metric and emotional ...

Automated Biometric Voice-Based Access Control in Automatic Teller Machine (ATM)

OpenAIRE

Yekini N.A.; Itegboje A.O.; Oyeyinka I.K.; Akinwole A.K.

2012-01-01

An automatic teller machine requires a user to pass an identity test before any transaction can be granted. The current method available for access control in ATM is based on smartcard. Efforts were made to conduct an interview with structured questions among the ATM users and the result proofed that a lot of problems was associated with ATM smartcard for access control. Among the problems are; it is very difficult to prevent another person from attaining and using a legitimate persons card, ...

Identity driven Capability based Access Control (ICAC) Scheme for the Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2012-01-01

Internet of Things (IoT) becomes discretionary part of everyday life. Scalability and manageability is daunting due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is equally important to establish secure communication between multiple...... devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related...... to complexity and dynamics of device identities. ICAC is implemented for 802.11 and results shows that ICAC has less scalability issues and better performance analysis compared with other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against...

An Efficient Role and Object Based Access Control Model Implemented in a PDM System

Institute of Scientific and Technical Information of China (English)

HUANG Xiaowen; TAN Jian; HUANG Xiangguo

2006-01-01

An effective and reliable access control is crucial to a PDM system. This article has discussed the commonly used access control models, analyzed their advantages and disadvantages, and proposed a new Role and Object based access control model that suits the particular needs of a PDM system. The new model has been implemented in a commercial PDM system, which has demonstrated enhanced flexibility and convenience.

Enterprise Dynamic Access Control (EDAC)

National Research Council Canada - National Science Library

Fernandez, Richard

2005-01-01

.... Resources can represent software applications, web services and even facility access. An effective access control model should be capable of evaluating resource access based on user characteristics and environmentals...

Android Access Control Extension

Directory of Open Access Journals (Sweden)

Anton Baláž

2015-12-01

Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.

Identity Establishment and Capability Based Access Control (IECAC) Scheme for Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2012-01-01

Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...

Auditing Medical Records Accesses via Healthcare Interaction Networks

Science.gov (United States)

Chen, You; Nyemba, Steve; Malin, Bradley

2012-01-01

Healthcare organizations are deploying increasingly complex clinical information systems to support patient care. Traditional information security practices (e.g., role-based access control) are embedded in enterprise-level systems, but are insufficient to ensure patient privacy. This is due, in part, to the dynamic nature of healthcare, which makes it difficult to predict which care providers need access to what and when. In this paper, we show that modeling operations at a higher level of granularity (e.g., the departmental level) are stable in the context of a relational network, which may enable more effective auditing strategies. We study three months of access logs from a large academic medical center to illustrate that departmental interaction networks exhibit certain invariants, such as the number, strength, and reciprocity of relationships. We further show that the relations extracted from the network can be leveraged to assess the extent to which a patient’s care satisfies expected organizational behavior. PMID:23304277

An Access Control Framework for Reflective Middleware

Institute of Scientific and Technical Information of China (English)

Gang Huang; Lian-Shan Sun

2008-01-01

Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

Distributed Role-based Access Control for Coaliagion Application

Institute of Scientific and Technical Information of China (English)

HONG Fan; ZHU Xian; XING Guanglin

2005-01-01

Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.

RFID-Based Monitoring And Access Control System For Parliamentary Campus

Directory of Open Access Journals (Sweden)

Sai Thu Rein Htun

2015-08-01

Full Text Available This paper is to implement monitoring and access control system based on RFID and Zigbee technology which can be used at Parliamentary Campus. Nowadays RFID technology is widely used for access control system because it is cheap waterproof and easy to use as well as it contains unique EPC electronic protect code .In addition Zigbee wireless module is cost-effective and can be reliable for security. Sothis system consists of RFID tag RFID reader Arduino Uno and Zigbee. This system can also be used for industrial amp commercial and security HVAC closures. This paper describes the results of point-to-point connection and point-to-multipoint connection using Zigbee and RFID technology.

Research of user access control for networked manufacturing system

Institute of Scientific and Technical Information of China (English)

ZHENG Xiao-lin; LEI Yu; CHEN De-ren

2006-01-01

An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

Web-based interactive drone control using hand gesture

Science.gov (United States)

Zhao, Zhenfei; Luo, Hao; Song, Guang-Hua; Chen, Zhou; Lu, Zhe-Ming; Wu, Xiaofeng

2018-01-01

This paper develops a drone control prototype based on web technology with the aid of hand gesture. The uplink control command and downlink data (e.g., video) are transmitted by WiFi communication, and all the information exchange is realized on web. The control command is translated from various predetermined hand gestures. Specifically, the hardware of this friendly interactive control system is composed by a quadrotor drone, a computer vision-based hand gesture sensor, and a cost-effective computer. The software is simplified as a web-based user interface program. Aided by natural hand gestures, this system significantly reduces the complexity of traditional human-computer interaction, making remote drone operation more intuitive. Meanwhile, a web-based automatic control mode is provided in addition to the hand gesture control mode. For both operation modes, no extra application program is needed to be installed on the computer. Experimental results demonstrate the effectiveness and efficiency of the proposed system, including control accuracy, operation latency, etc. This system can be used in many applications such as controlling a drone in global positioning system denied environment or by handlers without professional drone control knowledge since it is easy to get started.

Web-based interactive drone control using hand gesture.

Science.gov (United States)

Zhao, Zhenfei; Luo, Hao; Song, Guang-Hua; Chen, Zhou; Lu, Zhe-Ming; Wu, Xiaofeng

2018-01-01

This paper develops a drone control prototype based on web technology with the aid of hand gesture. The uplink control command and downlink data (e.g., video) are transmitted by WiFi communication, and all the information exchange is realized on web. The control command is translated from various predetermined hand gestures. Specifically, the hardware of this friendly interactive control system is composed by a quadrotor drone, a computer vision-based hand gesture sensor, and a cost-effective computer. The software is simplified as a web-based user interface program. Aided by natural hand gestures, this system significantly reduces the complexity of traditional human-computer interaction, making remote drone operation more intuitive. Meanwhile, a web-based automatic control mode is provided in addition to the hand gesture control mode. For both operation modes, no extra application program is needed to be installed on the computer. Experimental results demonstrate the effectiveness and efficiency of the proposed system, including control accuracy, operation latency, etc. This system can be used in many applications such as controlling a drone in global positioning system denied environment or by handlers without professional drone control knowledge since it is easy to get started.

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2013-01-01

In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...

A Fine-Grained Data Access Control System in Wireless Sensor Network

Directory of Open Access Journals (Sweden)

Boniface K. Alese

2015-12-01

Full Text Available The evolving realities of Wireless Sensor Network (WSN deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.

A Distributed Architecture for Sharing Ecological Data Sets with Access and Usage Control Guarantees

DEFF Research Database (Denmark)

Bonnet, Philippe; Gonzalez, Javier; Granados, Joel Andres

2014-01-01

new insights, there are signicant barriers to the realization of this vision. One of the key challenge is to allow scientists to share their data widely while retaining some form of control over who accesses this data (access control) and more importantly how it is used (usage control). Access...... and usage control is necessary to enforce existing open data policies. We have proposed the vision of trusted cells: A decentralized infrastructure, based on secure hardware running on devices equipped with trusted execution environments at the edges of the Internet. We originally described the utilization...... data sets with access and usage control guarantees. We rely on examples from terrestrial research and monitoring in the arctic in the context of the INTERACT project....

An Internet of Things Based Multi-Level Privacy-Preserving Access Control for Smart Living

Directory of Open Access Journals (Sweden)

Usama Salama

2018-05-01

Full Text Available The presence of the Internet of Things (IoT in healthcare through the use of mobile medical applications and wearable devices allows patients to capture their healthcare data and enables healthcare professionals to be up-to-date with a patient’s status. Ambient Assisted Living (AAL, which is considered as one of the major applications of IoT, is a home environment augmented with embedded ambient sensors to help improve an individual’s quality of life. This domain faces major challenges in providing safety and security when accessing sensitive health data. This paper presents an access control framework for AAL which considers multi-level access and privacy preservation. We focus on two major points: (1 how to use the data collected from ambient sensors and biometric sensors to perform the high-level task of activity recognition; and (2 how to secure the collected private healthcare data via effective access control. We achieve multi-level access control by extending Public Key Infrastructure (PKI for secure authentication and utilizing Attribute-Based Access Control (ABAC for authorization. The proposed access control system regulates access to healthcare data by defining policy attributes over healthcare professional groups and data classes classifications. We provide guidelines to classify the data classes and healthcare professional groups and describe security policies to control access to the data classes.

Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

Science.gov (United States)

Kim, Seungjoo

2014-01-01

There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information. PMID:25374943

Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

Directory of Open Access Journals (Sweden)

Seungsoo Baek

2014-01-01

Full Text Available There has been an explosive increase in the population of the OSN (online social network in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information.

Efficient Access Control in Multimedia Social Networks

Science.gov (United States)

Sachan, Amit; Emmanuel, Sabu

Multimedia social networks (MMSNs) have provided a convenient way to share multimedia contents such as images, videos, blogs, etc. Contents shared by a person can be easily accessed by anybody else over the Internet. However, due to various privacy, security, and legal concerns people often want to selectively share the contents only with their friends, family, colleagues, etc. Access control mechanisms play an important role in this situation. With access control mechanisms one can decide the persons who can access a shared content and who cannot. But continuously growing content uploads and accesses, fine grained access control requirements (e.g. different access control parameters for different parts in a picture), and specific access control requirements for multimedia contents can make the time complexity of access control to be very large. So, it is important to study an efficient access control mechanism suitable for MMSNs. In this chapter we present an efficient bit-vector transform based access control mechanism for MMSNs. The proposed approach is also compatible with other requirements of MMSNs, such as access rights modification, content deletion, etc. Mathematical analysis and experimental results show the effectiveness and efficiency of our proposed approach.

Problems and Concerns Regarding Access Control System Construction in Radiation Facilities Based on the NIFS Experience

International Nuclear Information System (INIS)

Kawano, T.; Inoue, N.; Sakuma, Y.; Motojima, O.

2001-01-01

Full text: In 1998, access control system for the large helical device (LHD) experimental hall was constructed and put into operation at the National Institute for Fusion Science (NIFS) in Toki, Japan. Since then, the system has been continuously improved. It now controls access into the LHD controlled area through four entrances. The system has five turnstile gates and enables control of access at the four entrances. The system is always checking whether the shielding doors are open or closed at eight positions. The details pertaining to the construction of the system were reported at IRPA-10 held in Hiroshima, Japan, in 2000. Based on our construction experience of the NIFS access control system, we will discuss problems related to software and operational design of the system. We will also discuss some concerns regarding the use of the system in radiation facilities. The problems we will present concern, among other thing, individual registration, time control, turnstile control, interlock signal control, data aggregation and transactions, automatic and manual control, and emergency procedures. For example, in relation to the time control and turnstile control functions, we will discuss the gate-opening time interval for an access event, the timing of access data recording, date changing, turn bar control, double access, and access error handling. (author)

Intelligent Security Auditing Based on Access Control of Devices in Ad Hoc Network

Institute of Scientific and Technical Information of China (English)

XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying

2006-01-01

Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.

C-DAM: CONTENTION BASED DISTRIBUTED RESERVATION PROTOCOL ALLOCATION ALGORITHM FOR WIMEDIA MEDIUM ACCESS CONTROL

Directory of Open Access Journals (Sweden)

UMADEVI K. S.

2017-07-01

Full Text Available WiMedia Medium Access Control (MAC provides high rate data transfer for wireless networking thereby enables construction of high speed home networks. It facilitates data communication between the nodes through two modes namely: i Distributed Reservation Protocol (DRP for isochronous traffic and ii Prioritized Contention Access (PCA for asynchronous traffic. PCA mode enables medium access using CSMA/CA similar to IEEE 802.11e. In the presence of DRP, the throughput of PCA saturates when there is an increase in the number of devices accessing PCA channel. Researchers suggest that the better utilization of medium resolves many issues in an effective way. To demonstrate the effective utilization of the medium, Contention Based Distributed Reservation Protocol Allocation Algorithm for WiMedia Medium Access Control is proposed for reserving Medium Access Slots under DRP in the presence of PCA. The proposed algorithm provides a better medium access, reduces energy consumption and enhances the throughput when compared to the existing methodologies.

BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs

Science.gov (United States)

Frias-Martinez, Vanessa; Stolfo, Salvatore J.; Keromytis, Angelos D.

Mobile Ad-hoc Networks (MANETs) are very dynamic networks with devices continuously entering and leaving the group. The highly dynamic nature of MANETs renders the manual creation and update of policies associated with the initial incorporation of devices to the MANET (admission control) as well as with anomaly detection during communications among members (access control) a very difficult task. In this paper, we present BARTER, a mechanism that automatically creates and updates admission and access control policies for MANETs based on behavior profiles. BARTER is an adaptation for fully distributed environments of our previously introduced BB-NAC mechanism for NAC technologies. Rather than relying on a centralized NAC enforcer, MANET members initially exchange their behavior profiles and compute individual local definitions of normal network behavior. During admission or access control, each member issues an individual decision based on its definition of normalcy. Individual decisions are then aggregated via a threshold cryptographic infrastructure that requires an agreement among a fixed amount of MANET members to change the status of the network. We present experimental results using content and volumetric behavior profiles computed from the ENRON dataset. In particular, we show that the mechanism achieves true rejection rates of 95% with false rejection rates of 9%.

Usage Control Enhanced Access Control Based on XACML%使用控制支持的基于XACML的访问控制

Institute of Scientific and Technical Information of China (English)

陶宇炜; 符彦惟

2011-01-01

针对网格环境下资源访问控制的特点,提出了一个基于使用控制模型UCON,结合XACML和SAML的访问控制模型.用可扩展访问标记语占XACML描述访问控制的授权策略,结合SAML声明和请求/响应机制,根据用户、资源、环境的属性进行访问控制决策,可动态地评估访问请求,提供细粒度的访问控制和良好的互操作性.%Combining the feature of resource access control in the grid environment, this paper presents an access control model based on UCON, combined with XACML and SAML. The paper describes authorization policy about access control by XACML, combines SAML statement and request/response mechanism, executes access control decision based on user, resource and environment attributes, evaluates access request dynamically, and provides fine-grained access control and good interoperability.

The equipment access software for a distributed UNIX-based accelerator control system

International Nuclear Information System (INIS)

Trofimov, Nikolai; Zelepoukine, Serguei; Zharkov, Eugeny; Charrue, Pierre; Gareyte, Claire; Poirier, Herve

1994-01-01

This paper presents a generic equipment access software package for a distributed control system using computers with UNIX or UNIX-like operating systems. The package consists of three main components, an application Equipment Access Library, Message Handler and Equipment Data Base. An application task, which may run in any computer in the network, sends requests to access equipment through Equipment Library calls. The basic request is in the form Equipment-Action-Data and is routed via a remote procedure call to the computer to which the given equipment is connected. In this computer the request is received by the Message Handler. According to the type of the equipment connection, the Message Handler either passes the request to the specific process software in the same computer or forwards it to a lower level network of equipment controllers using MIL1553B, GPIB, RS232 or BITBUS communication. The answer is then returned to the calling application. Descriptive information required for request routing and processing is stored in the real-time Equipment Data Base. The package has been written to be portable and is currently available on DEC Ultrix, LynxOS, HPUX, XENIX, OS-9 and Apollo domain. ((orig.))

Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

OpenAIRE

Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin

2013-01-01

This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...

Access Control Management for SCADA Systems

Science.gov (United States)

Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

dSPACE based adaptive neuro-fuzzy controller of grid interactive inverter

International Nuclear Information System (INIS)

Altin, Necmi; Sefa, İbrahim

2012-01-01

Highlights: ► We propose a dSPACE based neuro-fuzzy controlled grid interactive inverter. ► The membership functions and rule base of fuzzy logic controller by using ANFIS. ► A LCL output filter is designed. ► A high performance controller is designed. - Abstract: In this study, design, simulation and implementation of a dSPACE based grid interactive voltage source inverter are proposed. This inverter has adaptive neuro-fuzzy controller and capable of importing electrical energy, generated from renewable energy sources such as the wind, the solar and the fuel cells to the grid. A line frequency transformer and a LCL filter are used at the output of the grid interactive inverter which is designed as current controlled to decrease the susceptibility to phase errors. Membership functions and rule base of the fuzzy logic controller, which control the inverter output current, are determined by using artificial neural networks. Both simulation and experimental results show that, the grid interactive inverter operates synchronously with the grid. The inverter output current which is imported to the grid is in sinusoidal waveform and the harmonic level of it meets the international standards (4.3 < 5.0%). In addition, simulation and experimental results of the neuro-fuzzy and the PI controlled inverter are given together and compared in detail. Simulation and experimental results show that the proposed inverter has faster response to the reference variations and lower steady state error than PI controller.

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

OpenAIRE

Luis Cruz-Piris; Diego Rivera; Ivan Marsa-Maestre; Enrique de la Hoz; Juan R. Velasco

2018-01-01

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to o...

Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System

Institute of Scientific and Technical Information of China (English)

Wen-Min Li; Xue-Lei Li; Qiao-Yan Wen; Shuo Zhang; Hua Zhang

2017-01-01

In hybrid cloud computing, encrypted data access control can provide a fine-grained access method for orga-nizations to enact policies closer to organizational policies. This paper presents an improved CP-ABE (ciphertext-policy attribute-based encryption) scheme to construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. In our improvement, we split the original decryption keys into a control key, a secret key and a set of transformation keys. The private cloud managed by the organization administrator takes charge of updating the transformation keys using the control key. It helps to handle the situation of flexible access management and attribute alteration. Meanwhile, the mobile user's single secret key remains unchanged as well as the ciphertext even if the data user's attribute has been revoked. In addition, we modify the access control list through adding the attributes with corresponding control key and transformation keys so as to manage user privileges depending upon the system version. Finally, the analysis shows that our scheme is secure, flexible and efficient to be applied in mobile hybrid cloud computing.

A Model-driven Role-based Access Control for SQL Databases

Directory of Open Access Journals (Sweden)

Raimundas Matulevičius

2015-07-01

Full Text Available Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC, which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.

BlendCAC: A BLockchain-ENabled Decentralized Capability-based Access Control for IoTs

OpenAIRE

Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

2018-01-01

The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide smart services with or without human intervention. While leveraging the large scale IoT based applications like Smart Gird or Smart Cities, IoTs also incur more concerns on privacy and security. Among the top security challenges that IoTs face, access authorization is critical in resource sharing and information protection. One of the weaknesses in today's access control (AC) is ...

A Federated Capability-based Access Control Mechanism for Internet of Things (IoTs)

OpenAIRE

Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

2018-01-01

The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide intelligent services with or without human intervention. While leveraging the large-scale IoT-based applications like Smart Gird and Smart Cities, IoT also incurs more concerns on privacy and security. Among the top security challenges that IoTs face is that access authorization is critical in resource and information protection over IoTs. Traditional access control approaches, l...

Access Request Trustworthiness in Weighted Access Control Framework

Institute of Scientific and Technical Information of China (English)

WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min

2005-01-01

Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.

Research and Design of Dynamic Migration Access Control Technology Based on Heterogeneous Network

Directory of Open Access Journals (Sweden)

Wang Feng

2017-01-01

Full Text Available With the continuous development of wireless networks, the amount of privacy services in heterogeneous mobile networks is increasing, such as information storage, user access, and so on. Access control security issues for heterogeneous mobile radio network, this paper proposes a dynamic migration access control technology based on heterogeneous network. Through the system architecture of the mutual trust system, we can understand the real-time mobile node failure or abnormal state. To make the service can be terminated for the node. And adopt the 802.1X authentication way to improve the security of the system. Finally, it by combining the actual running test data, the trust update algorithm of the system is optimized to reduce the actual security threats in the environment. Experiments show that the system’s anti-attack, the success rate of access, bit error rate is in line with the expected results. This system can effectively reduce the system authentication information is illegally obtained after the network security protection mechanism failure and reduce the risk of user data leakage.

Nutrient demand and fungal access to resources control the carbon allocation to the symbiotic partners in tripartite interactions of Medicago truncatula.

Science.gov (United States)

Kafle, Arjun; Garcia, Kevin; Wang, Xiurong; Pfeffer, Philip E; Strahan, Gary D; Bücking, Heike

2018-06-02

Legumes form tripartite interactions with arbuscular mycorrhizal (AM) fungi and rhizobia, and both root symbionts exchange nutrients against carbon from their host. The carbon costs of these interactions are substantial, but our current understanding of how the host controls its carbon allocation to individual root symbionts is limited. We examined nutrient uptake and carbon allocation in tripartite interactions of Medicago truncatula under different nutrient supply conditions, and when the fungal partner had access to nitrogen, and followed the gene expression of several plant transporters of the SUT and SWEET family. Tripartite interactions led to synergistic growth responses and stimulated the phosphate and nitrogen uptake of the plant. Plant nutrient demand but also fungal access to nutrients played an important role for the carbon transport to different root symbionts, and the plant allocated more carbon to rhizobia under nitrogen demand, but more carbon to the fungal partner when nitrogen was available. These changes in carbon allocation were consistent with changes in the SUT and SWEET expression. Our study provides important insights into how the host plant controls its carbon allocation under different nutrient supply conditions and changes its carbon allocation to different root symbionts to maximize its symbiotic benefits. This article is protected by copyright. All rights reserved.

An Attribute-Based Access Control with Efficient and Secure Attribute Revocation for Cloud Data Sharing Service

Institute of Scientific and Technical Information of China (English)

Nyamsuren Vaanchig; Wei Chen; Zhi-Guang Qin

2017-01-01

Nowadays, there is the tendency to outsource data to cloud storage servers for data sharing purposes. In fact, this makes access control for the outsourced data a challenging issue. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution for this challenge. It gives the data owner (DO) direct control on access policy and enforces the access policy cryptographically. However, the practical application of CP-ABE in the data sharing service also has its own inherent challenge with regard to attribute revocation. To address this challenge, we proposed an attribute-revocable CP-ABE scheme by taking advantages of the over-encryption mechanism and CP-ABE scheme and by considering the semi-trusted cloud service provider (CSP) that participates in decryption processes to issue decryption tokens for authorized users. We further presented the security and performance analysis in order to assess the effectiveness of the scheme. As compared with the existing attribute-revocable CP-ABE schemes, our attribute-revocable scheme is reasonably efficient and more secure to enable attribute-based access control over the outsourced data in the cloud data sharing service.

An Effective Massive Sensor Network Data Access Scheme Based on Topology Control for the Internet of Things.

Science.gov (United States)

Yi, Meng; Chen, Qingkui; Xiong, Neal N

2016-11-03

This paper considers the distributed access and control problem of massive wireless sensor networks' data access center for the Internet of Things, which is an extension of wireless sensor networks and an element of its topology structure. In the context of the arrival of massive service access requests at a virtual data center, this paper designs a massive sensing data access and control mechanism to improve the access efficiency of service requests and makes full use of the available resources at the data access center for the Internet of things. Firstly, this paper proposes a synergistically distributed buffer access model, which separates the information of resource and location. Secondly, the paper divides the service access requests into multiple virtual groups based on their characteristics and locations using an optimized self-organizing feature map neural network. Furthermore, this paper designs an optimal scheduling algorithm of group migration based on the combination scheme between the artificial bee colony algorithm and chaos searching theory. Finally, the experimental results demonstrate that this mechanism outperforms the existing schemes in terms of enhancing the accessibility of service requests effectively, reducing network delay, and has higher load balancing capacity and higher resource utility rate.

External access to ALICE controls conditions data

International Nuclear Information System (INIS)

Jadlovský, J; Jadlovská, A; Sarnovský, J; Jajčišin, Š; Čopík, M; Jadlovská, S; Papcun, P; Bielek, R; Čerkala, J; Kopčík, M; Chochula, P; Augustinus, A

2014-01-01

ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead – users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data – an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation.

Science.gov (United States)

Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

2018-05-17

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

PANATIKI: A Network Access Control Implementation Based on PANA for IoT Devices

Directory of Open Access Journals (Sweden)

Antonio F. Gomez Skarmeta

2013-11-01

Full Text Available Internet of Things (IoT networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA has been standardized by the Internet engineering task force (IETF to carry the Extensible Authentication Protocol (EAP, which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1 to demonstrate the feasibility of EAP/PANA in IoT devices; (2 to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS, called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices.

PANATIKI: a network access control implementation based on PANA for IoT devices.

Science.gov (United States)

Moreno Sanchez, Pedro; Marin Lopez, Rafa; Gomez Skarmeta, Antonio F

2013-11-01

Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices.

Enabling Accessibility Through Model-Based User Interface Development.

Science.gov (United States)

Ziegler, Daniel; Peissner, Matthias

2017-01-01

Adaptive user interfaces (AUIs) can increase the accessibility of interactive systems. They provide personalized display and interaction modes to fit individual user needs. Most AUI approaches rely on model-based development, which is considered relatively demanding. This paper explores strategies to make model-based development more attractive for mainstream developers.

Interactive Web-based e-learning for Studying Flexible Manipulator Systems

Directory of Open Access Journals (Sweden)

Abul K. M. Azad

2008-03-01

Full Text Available Abstract— This paper presents a web-based e-leaning facility for simulation, modeling, and control of flexible manipulator systems. The simulation and modeling part includes finite difference and finite element simulations along with neural network and genetic algorithm based modeling strategies for flexible manipulator systems. The controller part constitutes a number of open-loop and closed-loop designs. Closed loop control designs include the classical, adaptive, and neuro-model based strategies. Matlab software package and its associated toolboxes are used to implement these. The Matlab web server is used as the gateway between the facility and web-access. ASP.NET technology and SQL database are utilized to develop web applications for access control, user account and password maintenance, administrative management, and facility utilization monitoring. The reported facility provides a flexible but effective approach of web-based interactive e-learning facility of an engineering system. This can be extended to incorporate additional engineering systems within the e-learning framework.

An Expressive, Lightweight and Secure Construction of Key Policy Attribute-Based Cloud Data Sharing Access Control

Science.gov (United States)

Lin, Guofen; Hong, Hanshu; Xia, Yunhao; Sun, Zhixin

2017-10-01

Attribute-based encryption (ABE) is an interesting cryptographic technique for flexible cloud data sharing access control. However, some open challenges hinder its practical application. In previous schemes, all attributes are considered as in the same status while they are not in most of practical scenarios. Meanwhile, the size of access policy increases dramatically with the raise of its expressiveness complexity. In addition, current research hardly notices that mobile front-end devices, such as smartphones, are poor in computational performance while too much bilinear pairing computation is needed for ABE. In this paper, we propose a key-policy weighted attribute-based encryption without bilinear pairing computation (KP-WABE-WB) for secure cloud data sharing access control. A simple weighted mechanism is presented to describe different importance of each attribute. We introduce a novel construction of ABE without executing any bilinear pairing computation. Compared to previous schemes, our scheme has a better performance in expressiveness of access policy and computational efficiency.

A Flexible Component based Access Control Architecture for OPeNDAP Services

Science.gov (United States)

Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank

2010-05-01

Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC

Development of Remote Monitoring and a Control System Based on PLC and WebAccess for Learning Mechatronics

Directory of Open Access Journals (Sweden)

Wen-Jye Shyr

2013-02-01

Full Text Available This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC and WebAccess. A mechatronics module, a Web-CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equipment from a remote location. Mechatronics control and long-distance monitoring were realized by establishing communication between the PLC and WebAccess. Analytical results indicate that the proposed system is feasible. The suitability of this system is demonstrated in the department of industrial education and technology at National Changhua University of Education, Taiwan. Preliminary evaluation of the system was encouraging and has shown that it has achieved success in helping students understand concepts and master remote monitoring and control techniques.

A fuzzy expert system to Trust-Based Access Control in crowdsourcing environments

Directory of Open Access Journals (Sweden)

Olusegun Folorunso

2015-07-01

Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.

An Effective Massive Sensor Network Data Access Scheme Based on Topology Control for the Internet of Things

Directory of Open Access Journals (Sweden)

Meng Yi

2016-11-01

Full Text Available This paper considers the distributed access and control problem of massive wireless sensor networks’ data access center for the Internet of Things, which is an extension of wireless sensor networks and an element of its topology structure. In the context of the arrival of massive service access requests at a virtual data center, this paper designs a massive sensing data access and control mechanism to improve the access efficiency of service requests and makes full use of the available resources at the data access center for the Internet of things. Firstly, this paper proposes a synergistically distributed buffer access model, which separates the information of resource and location. Secondly, the paper divides the service access requests into multiple virtual groups based on their characteristics and locations using an optimized self-organizing feature map neural network. Furthermore, this paper designs an optimal scheduling algorithm of group migration based on the combination scheme between the artificial bee colony algorithm and chaos searching theory. Finally, the experimental results demonstrate that this mechanism outperforms the existing schemes in terms of enhancing the accessibility of service requests effectively, reducing network delay, and has higher load balancing capacity and higher resource utility rate.

Understanding and Creating Accessible Touch Screen Interactions for Blind People

Science.gov (United States)

Kane, Shaun K.

2011-01-01

Using touch screens presents a number of usability and accessibility challenges for blind people. Most touch screen-based user interfaces are optimized for visual interaction, and are therefore difficult or impossible to use without vision. This dissertation presents an approach to redesigning gesture-based user interfaces to enable blind people…

Semantically Enriched Data Access Policies in eHealth.

Science.gov (United States)

Drozdowicz, Michał; Ganzha, Maria; Paprzycki, Marcin

2016-11-01

Internet of Things (IoT) requires novel solutions to facilitate autonomous, though controlled, resource access. Access policies have to facilitate interactions between heterogeneous entities (devices and humans). Here, we focus our attention on access control in eHealth. We propose an approach based on enriching policies, based on well-known and widely-used eXtensible Access Control Markup Language, with semantics. In the paper we describe an implementation of a Policy Information Point integrated with the HL7 Security and Privacy Ontology.

Perti Net-Based Workflow Access Control Model%基于Perti网的工作流访问控制模型研究

Institute of Scientific and Technical Information of China (English)

陈卓; 骆婷; 石磊; 洪帆

2004-01-01

Access control is an important protection mechanism for information systems.This paper shows how to make access control in workflow system.We give a workflow access control model (WACM) based on several current access control models.The model supports roles assignment and dynamic authorization.The paper defines the workflow using Petri net.It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM).Finally, an example of an e-commerce workflow access control model is discussed in detail.

Audit-Based Access Control for Electronic Health Records

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, Sandro

2006-01-01

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori

Audit-Based Access Control for Electronic Health Records

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, Sandro; Gadducci, F.

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori

METHOD AND ABSTRACT MODEL FOR CONTROL AND ACCESS RIGHTS BY REQUESTS REDIRECTION

Directory of Open Access Journals (Sweden)

K. A. Shcheglov

2015-11-01

Full Text Available We have researched implementation problems of control and access rights of subjects to objects in modern computer systems. We have suggested access control method based on objects access requests redirection. The method possesses a distinctive feature as compared to discretional access control. In case when a subject needs to deny writing (object modification, it is not denied but redirected (access rights are not changed, but operation is performed with another object. This gives the possibility to implement access policies to system objects without breaking the system and applications operability, and share correctly access objects between subjects. This important property of suggested access control method enables to solve fundamentally new system objects securing problems like system resources virtualization aimed to protect system objects from users’ and applications attacks. We have created an abstract model, and it shows that this method (access control from subjects to objects based on requests redirection can be used as self-sufficient access control method, implementing any access control policy (from subjects to objects, thus being an alternative to discretional access control method.

Concurrent use of data base and graphics computer workstations to provide graphic access to large, complex data bases for robotics control of nuclear surveillance and maintenance

International Nuclear Information System (INIS)

Dalton, G.R.; Tulenko, J.S.; Zhou, X.

1990-01-01

The University of Florida is part of a multiuniversity research effort, sponsored by the US Department of Energy which is under way to develop and deploy an advanced semi-autonomous robotic system for use in nuclear power stations. This paper reports on the development of the computer tools necessary to gain convenient graphic access to the intelligence implicit in a large complex data base such as that in a nuclear reactor plant. This program is integrated as a man/machine interface within the larger context of the total computerized robotic planning and control system. The portion of the project described here addresses the connection between the three-dimensional displays on an interactive graphic workstation and a data-base computer running a large data-base server program. Programming the two computers to work together to accept graphic queries and return answers on the graphic workstation is a key part of the interactive capability developed

A utility perspective on radiation worker access control systems

International Nuclear Information System (INIS)

Watson, B.A.; Goff, T.E.

1984-01-01

Based on an evaluation of the current commercial Radiation Worker Access Control Software Systems, Baltimore Gas and Electric Company has elected to design and develop a site specific access control and accountability system for the Calvert Cliffs Nuclear Power Plant. The vendor provided systems allow for radiation worker access control based on training and external exposure records and authorizations. These systems do not afford internal exposure control until after bioassay measurements or maximum permissible concentration-hours are tabulated. The vendor provided systems allow for data trending for ALARA purposes, but each software package must be modified to meet site specific requirements. Unlike the commercial systems, the Calvert Cliffs Radiological Controls and Accountability System (RCAS) will provide radiation worker exposure control, both internal and external. The RCAS is designed to fulfill the requirements by integrating the existing Radiation Safety, Dosemetry, and Training data bases with a comprehensive radiological surveillance program. Prior to each worker's entry into the Radiological Control Area; his training and qualifications, radiation exposure history and authorization, will be compared with administrative controls, such as radiation work permits, and respiratory protection requirements and the radiological conditions in the work area. The RCAS, a computer based applied health physics access control system is described as it is presently configured for development. The mechanisms for enhancing worker internal and external exposure controls are discussed. Proposed data application to both the Calvert Cliffs ALARA and outage planning programs is included

Distributed Fair Auto Rate Medium Access Control for IEEE 802.11 Based WLANs

Science.gov (United States)

Zhu, Yanfeng; Niu, Zhisheng

Much research has shown that a carefully designed auto rate medium access control can utilize the underlying physical multi-rate capability to exploit the time-variation of the channel. In this paper, we develop a simple analytical model to elucidate the rule that maximizes the throughput of RTS/CTS based multi-rate wireless local area networks. Based on the discovered rule, we propose two distributed fair auto rate medium access control schemes called FARM and FARM+ from the view-point of throughput fairness and time-share fairness, respectively. With the proposed schemes, after receiving a RTS frame, the receiver selectively returns the CTS frame to inform the transmitter the maximum feasible rate probed by the signal-to-noise ratio of the received RTS frame. The key feature of the proposed schemes is that they are capable of maintaining throughput/time-share fairness in asymmetric situation where the distribution of SNR varies with stations. Extensive simulation results show that the proposed schemes outperform the existing throughput/time-share fair auto rate schemes in time-varying channel conditions.

Designing a Secure E-commerce with Credential Purpose-based Access Control

OpenAIRE

Norjihan Abdul Ghani; Harihodin Selamat; Zailani Mohamed Sidek

2014-01-01

The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only tho...

Access Control in Smart Homes by Android-Based Liveness Detection

Directory of Open Access Journals (Sweden)

Susanna Spinsante

2017-05-01

Full Text Available Technologies for personal safety and security play an increasing role in modern life, and are among the most valuable features expected to be supported by so-called smart homes. This paper presents a low-complexity Android application designed for both mobile and embedded devices, that exploits the available on-board camera to easily capture two images of a subject, and processes them to discriminate a true 3D and live face, from a fake or printed 2D one. The liveness detection based on such a discrimination provides anti-spoofing capabilities to secure access control based on face recognition. The limited computational complexity of the developed application makes it suitable for practical implementation in video-entry phones based on embedded Android platforms. The results obtained are satisfactory even in different ambient light conditions, and further improvements are being developed to deal with low precision image acquisition.

Mandatory and Location-Aware Access Control for Relational Databases

Science.gov (United States)

Decker, Michael

Access control is concerned with determining which operations a particular user is allowed to perform on a particular electronic resource. For example, an access control decision could say that user Alice is allowed to perform the operation read (but not write) on the resource research report. With conventional access control this decision is based on the user's identity whereas the basic idea of Location-Aware Access Control (LAAC) is to evaluate also a user's current location when making the decision if a particular request should be granted or denied. LAAC is an interesting approach for mobile information systems because these systems are exposed to specific security threads like the loss of a device. Some data models for LAAC can be found in literature, but almost all of them are based on RBAC and none of them is designed especially for Database Management Systems (DBMS). In this paper we therefore propose a LAAC-approach for DMBS and describe a prototypical implementation of that approach that is based on database triggers.

Accessing Wireless Sensor Networks Via Dynamically Reconfigurable Interaction Models

Directory of Open Access Journals (Sweden)

Maria Cecília Gomes

2012-12-01

Full Text Available The Wireless Sensor Networks (WSNs technology is already perceived as fundamental for science across many domains, since it provides a low cost solution for environment monitoring. WSNs representation via the service concept and its inclusion in Web environments, e.g. through Web services, supports particularly their open/standard access and integration. Although such Web enabled WSNs simplify data access, network parameterization and aggregation, the existing interaction models and run-time adaptation mechanisms available to clients are still scarce. Nevertheless, applications increasingly demand richer and more flexible accesses besides the traditional client/server. For instance, applications may require a streaming model in order to avoid sequential data requests, or the asynchronous notification of subscribed data through the publish/subscriber. Moreover, the possibility to automatically switch between such models at runtime allows applications to define flexible context-based data acquisition. To this extent, this paper discusses the relevance of the session and pattern abstractions on the design of a middleware prototype providing richer and dynamically reconfigurable interaction models to Web enabled WSNs.

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

Science.gov (United States)

Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

2014-02-01

Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies "bridges" that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources-the ability to read and write contacts list, local files, etc.-to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign-origin Web content

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks

Science.gov (United States)

Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

2014-01-01

Hybrid mobile applications (apps) combine the features of Web applications and “native” mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies “bridges” that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources—the ability to read and write contacts list, local files, etc.—to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

Institute of Scientific and Technical Information of China (English)

YANG Chang; CHEN Xiaolin; ZHANG Huanguo

2006-01-01

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members' access control and distributing authorization of traditional IP multicast.

Integrity Based Access Control Model for Multilevel XML Document

Institute of Scientific and Technical Information of China (English)

HONG Fan; FENG Xue-bin; HUANO Zhi; ZHENG Ming-hui

2008-01-01

XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents and discussion of the integrity properties of multilevel XML document. Then, the algorithms for decomposition/recovery multilevel XML document into/from single level document are given, and the manipulation rules for typical operations of XQuery and XUpdate: QUERY, INSERT,UPDATE, and REMOVE, are elaborated. The multilevel XML document access model can meet the requirement of sensitive information processing application.

Access control and privilege management in electronic health record: a systematic literature review.

Science.gov (United States)

Jayabalan, Manoj; O'Daniel, Thomas

2016-12-01

This study presents a systematic literature review of access control for electronic health record systems to protect patient's privacy. Articles from 2006 to 2016 were extracted from the ACM Digital Library, IEEE Xplore Digital Library, Science Direct, MEDLINE, and MetaPress using broad eligibility criteria, and chosen for inclusion based on analysis of ISO22600. Cryptographic standards and methods were left outside the scope of this review. Three broad classes of models are being actively investigated and developed: access control for electronic health records, access control for interoperability, and access control for risk analysis. Traditional role-based access control models are extended with spatial, temporal, probabilistic, dynamic, and semantic aspects to capture contextual information and provide granular access control. Maintenance of audit trails and facilities for overriding normal roles to allow full access in emergency cases are common features. Access privilege frameworks utilizing ontology-based knowledge representation for defining the rules have attracted considerable interest, due to the higher level of abstraction that makes it possible to model domain knowledge and validate access requests efficiently.

Towards an Approach of Semantic Access Control for Cloud Computing

Science.gov (United States)

Hu, Luokai; Ying, Shi; Jia, Xiangyang; Zhao, Kai

With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

The linked medical data access control framework.

Science.gov (United States)

Kamateri, Eleni; Kalampokis, Evangelos; Tambouris, Efthimios; Tarabanis, Konstantinos

2014-08-01

The integration of medical data coming from multiple sources is important in clinical research. Amongst others, it enables the discovery of appropriate subjects in patient-oriented research and the identification of innovative results in epidemiological studies. At the same time, the integration of medical data faces significant ethical and legal challenges that impose access constraints. Some of these issues can be addressed by making available aggregated instead of raw record-level data. In many cases however, there is still a need for controlling access even to the resulting aggregated data, e.g., due to data provider's policies. In this paper we present the Linked Medical Data Access Control (LiMDAC) framework that capitalizes on Linked Data technologies to enable controlling access to medical data across distributed sources with diverse access constraints. The LiMDAC framework consists of three Linked Data models, namely the LiMDAC metadata model, the LiMDAC user profile model, and the LiMDAC access policy model. It also includes an architecture that exploits these models. Based on the framework, a proof-of-concept platform is developed and its performance and functionality are evaluated by employing two usage scenarios. Copyright © 2014 Elsevier Inc. All rights reserved.

The Methods and Mechanisms for Access Control of Encrypted Data in Clouds

Directory of Open Access Journals (Sweden)

Sergey Vladimirovich Zapechnikov

2013-09-01

Full Text Available The paper is about the problem of data access control in clouds. The main mechanisms for access control of encrypted data in untrusted cloud environments are analyzed and described. The comparative analysis of access control algorithms and implementation issues are offered. The main practical result of research is a web-based (Wikipedia-like reference and information system devoted to the access control methods and mechanisms.

A Theorem on Grid Access Control

Institute of Scientific and Technical Information of China (English)

XU ZhiWei(徐志伟); BU GuanYing(卜冠英)

2003-01-01

The current grid security research is mainly focused on the authentication of grid systems. A problem to be solved by grid systems is to ensure consistent access control. This problem is complicated because the hosts in a grid computing environment usually span multiple autonomous administrative domains. This paper presents a grid access control model, based on asynchronous automata theory and the classic Bell-LaPadula model. This model is useful to formally study the confidentiality and integrity problems in a grid computing environment. A theorem is proved, which gives the necessary and sufficient conditions to a grid to maintain confidentiality.These conditions are the formalized descriptions of local (node) relations or relationship between grid subjects and node subjects.

Classifying a Person's Degree of Accessibility From Natural Body Language During Social Human-Robot Interactions.

Science.gov (United States)

McColl, Derek; Jiang, Chuan; Nejat, Goldie

2017-02-01

For social robots to be successfully integrated and accepted within society, they need to be able to interpret human social cues that are displayed through natural modes of communication. In particular, a key challenge in the design of social robots is developing the robot's ability to recognize a person's affective states (emotions, moods, and attitudes) in order to respond appropriately during social human-robot interactions (HRIs). In this paper, we present and discuss social HRI experiments we have conducted to investigate the development of an accessibility-aware social robot able to autonomously determine a person's degree of accessibility (rapport, openness) toward the robot based on the person's natural static body language. In particular, we present two one-on-one HRI experiments to: 1) determine the performance of our automated system in being able to recognize and classify a person's accessibility levels and 2) investigate how people interact with an accessibility-aware robot which determines its own behaviors based on a person's speech and accessibility levels.

Receiver-initiated medium access control protocols for wireless sensor networks

DEFF Research Database (Denmark)

Fafoutis, Xenofon; Di Mauro, Alessio; Vithanage, Madava D.

2015-01-01

One of the fundamental building blocks of a Wireless Sensor Network (WSN) is the Medium Access Control (MAC) protocol, that part of the system governing when and how two independent neighboring nodes activate their respective transceivers to directly interact. Historically, data exchange has always...

CONTEXT BASED ANDROID APPLICATIONADMINISTRATIVE ACCESS CONTROL (CBAA–AAC FOR SMART PHONES

Directory of Open Access Journals (Sweden)

S. Sharavanan

2016-07-01

Full Text Available Android applications in smart phones are generally towards provide greater flexibility and convince for users. Considering the fact that the Android applications are having privilege to access data and resources in mobile after it gets installed (one time permission provided by end user on the time installation, these application may also lead to issues in security for the user data as well as issues relate smart phone with peripheral environment. A practical example for an issue which relates smart phone with peripheral environment can be even an Android smart phone application of a college student use camera resource to capture photos of R&D cell and transfer without user or organization permission. The security of the organization and user should be prevented by providing an adoptable solution. The proposed concept of CBAA-AAC (Context Based Android Application Administrative Access Control is used to control the privileges of any Android application over a corresponding longitude and latitude by the organization administrator. In this way, administrator is able to block malicious application of every individual smart phone which can have activity towards utilizing services and resources that may affect the security of the organization, such an move is must for assuring security of any organization and educational institutions while they allow users to “bring their own smart phones/mobile devices” into the campus.

Experience with ActiveX control for simple channel access

International Nuclear Information System (INIS)

Timossi, C.; Nishimura, H.; McDonald, J.

2003-01-01

Accelerator control system applications at Berkeley Lab's Advanced Light Source (ALS) are typically deployed on operator consoles running Microsoft Windows 2000 and utilize EPICS[2]channel access for data access. In an effort to accommodate the wide variety of Windows based development tools and developers with little experience in network programming, ActiveX controls have been deployed on the operator stations. Use of ActiveX controls for use in the accelerator control environment has been presented previously[1]. Here we report on some of our experiences with the use and development of these controls

Database design for Physical Access Control System for nuclear facilities

Energy Technology Data Exchange (ETDEWEB)

Sathishkumar, T., E-mail: satishkumart@igcar.gov.in; Rao, G. Prabhakara, E-mail: prg@igcar.gov.in; Arumugam, P., E-mail: aarmu@igcar.gov.in

2016-08-15

Highlights: • Database design needs to be optimized and highly efficient for real time operation. • It requires a many-to-many mapping between Employee table and Doors table. • This mapping typically contain thousands of records and redundant data. • Proposed novel database design reduces the redundancy and provides abstraction. • This design is incorporated with the access control system developed in-house. - Abstract: A (Radio Frequency IDentification) RFID cum Biometric based two level Access Control System (ACS) was designed and developed for providing access to vital areas of nuclear facilities. The system has got both hardware [Access controller] and software components [server application, the database and the web client software]. The database design proposed, enables grouping of the employees based on the hierarchy of the organization and the grouping of the doors based on Access Zones (AZ). This design also illustrates the mapping between the Employee Groups (EG) and AZ. By following this approach in database design, a higher level view can be presented to the system administrator abstracting the inner details of the individual entities and doors. This paper describes the novel approach carried out in designing the database of the ACS.

Database design for Physical Access Control System for nuclear facilities

International Nuclear Information System (INIS)

Sathishkumar, T.; Rao, G. Prabhakara; Arumugam, P.

2016-01-01

Highlights: • Database design needs to be optimized and highly efficient for real time operation. • It requires a many-to-many mapping between Employee table and Doors table. • This mapping typically contain thousands of records and redundant data. • Proposed novel database design reduces the redundancy and provides abstraction. • This design is incorporated with the access control system developed in-house. - Abstract: A (Radio Frequency IDentification) RFID cum Biometric based two level Access Control System (ACS) was designed and developed for providing access to vital areas of nuclear facilities. The system has got both hardware [Access controller] and software components [server application, the database and the web client software]. The database design proposed, enables grouping of the employees based on the hierarchy of the organization and the grouping of the doors based on Access Zones (AZ). This design also illustrates the mapping between the Employee Groups (EG) and AZ. By following this approach in database design, a higher level view can be presented to the system administrator abstracting the inner details of the individual entities and doors. This paper describes the novel approach carried out in designing the database of the ACS.

Access control system operation

International Nuclear Information System (INIS)

Barnes, L.D.

1981-06-01

An automated method for the control and monitoring of personnel movement throughout the site was developed under contract to the Department of Energy by Allied-General Nuclear Services (AGNS) at the Barnwell Nuclear Fuel Plant (BNFP). These automated features provide strict enforcement of personnel access policy without routine patrol officer involvement. Identification methods include identification by employee ID number, identification by voice verification and identification by physical security officer verification. The ability to grant each level of access authority is distributed over the organization to prevent any single individual at any level in the organization from being capable of issuing an authorization for entry into sensitive areas. Each access event is recorded. As access events occur, the inventory of both the entered and the exited control area is updated so that a current inventory is always available for display. The system has been operated since 1979 in a development mode and many revisions have been implemented in hardware and software as areas were added to the system. Recent changes have involved the installation of backup systems and other features required to achieve a high reliability. The access control system and recent operating experience are described

Implementing Discretionary Access Control with Time Character in Linux and Performance Analysis

Institute of Scientific and Technical Information of China (English)

TAN Liang; ZHOU Ming-Tian

2006-01-01

DAC (Discretionary Access Control Policy) is access control based on ownership relations between subject and object, the subject can discretionarily decide on that who, by what methods, can access his owns object. In this paper, the system time is looked as a basic secure element. The DAC_T (Discretionary Access Control Policy with Time Character) is presented and formalized. The DAC_T resolves that the subject can discretionarily decide that who, on when, can access his owns objects. And then the DAC_T is implemented on Linux based on GFAC (General Framework for Access Control), and the algorithm is put forward. Finally, the performance analysis for the DAC_T_Linux is carried out. It is proved that the DAC_T_Linux not only can realize time constraints between subject and object but also can still be accepted by us though its performance have been decreased.

Human engineering considerations in designing a computerized controlled access security system

International Nuclear Information System (INIS)

Moore, J.W.; Banks, W.W.

1988-01-01

This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad

A service-oriented data access control model

Science.gov (United States)

Meng, Wei; Li, Fengmin; Pan, Juchen; Song, Song; Bian, Jiali

2017-01-01

The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

Access control, security, and trust a logical approach

CERN Document Server

Chin, Shiu-Kai

2010-01-01

Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti

Playground Accessibility and Neighbourhood Social Interaction among Parents

Science.gov (United States)

Bennet, Scott A.; Yiannakoulias, Nikolaos; Williams, Allison M.; Kitchen, Peter

2012-01-01

While the positive association between social interaction and access to green space is well accepted, little research has sought to understand the role of children's playgrounds in facilitating social interaction within a community. Playgrounds are spaces designed to facilitate play and the interaction of children, but may also be important places…

A Document-Based EHR System That Controls the Disclosure of Clinical Documents Using an Access Control List File Based on the HL7 CDA Header.

Science.gov (United States)

Takeda, Toshihiro; Ueda, Kanayo; Nakagawa, Akito; Manabe, Shirou; Okada, Katsuki; Mihara, Naoki; Matsumura, Yasushi

2017-01-01

Electronic health record (EHR) systems are necessary for the sharing of medical information between care delivery organizations (CDOs). We developed a document-based EHR system in which all of the PDF documents that are stored in our electronic medical record system can be disclosed to selected target CDOs. An access control list (ACL) file was designed based on the HL7 CDA header to manage the information that is disclosed.

Interactive web-based mapping: bridging technology and data for health.

Science.gov (United States)

Highfield, Linda; Arthasarnprasit, Jutas; Ottenweller, Cecelia A; Dasprez, Arnaud

2011-12-23

The Community Health Information System (CHIS) online mapping system was first launched in 1998. Its overarching goal was to provide researchers, residents and organizations access to health related data reflecting the overall health and well-being of their communities within the Greater Houston area. In September 2009, initial planning and development began for the next generation of CHIS. The overarching goal for the new version remained to make health data easily accessible for a wide variety of research audiences. However, in the new version we specifically sought to make the CHIS truly interactive and give the user more control over data selection and reporting. In July 2011, a beta version of the next-generation of the application was launched. This next-generation is also a web based interactive mapping tool comprised of two distinct portals: the Breast Health Portal and Project Safety Net. Both are accessed via a Google mapping interface. Geographic coverage for the portals is currently an 8 county region centered on Harris County, Texas. Data accessed by the application include Census 2000, Census 2010 (underway), cancer incidence from the Texas Cancer Registry (TX Dept. of State Health Services), death data from Texas Vital Statistics, clinic locations for free and low-cost health services, along with service lists, hours of operation, payment options and languages spoken, uninsured and poverty data. The system features query on the fly technology, which means the data is not generated until the query is provided to the system. This allows users to interact in real-time with the databases and generate customized reports and maps. To the author's knowledge, the Breast Health Portal and Project Safety Net are the first local-scale interactive online mapping interfaces for public health data which allow users to control the data generated. For example, users may generate breast cancer incidence rates by Census tract, in real time, for women aged 40

Interactive web-based mapping: bridging technology and data for health

Directory of Open Access Journals (Sweden)

Highfield Linda

2011-12-01

Full Text Available Abstract Background The Community Health Information System (CHIS online mapping system was first launched in 1998. Its overarching goal was to provide researchers, residents and organizations access to health related data reflecting the overall health and well-being of their communities within the Greater Houston area. In September 2009, initial planning and development began for the next generation of CHIS. The overarching goal for the new version remained to make health data easily accessible for a wide variety of research audiences. However, in the new version we specifically sought to make the CHIS truly interactive and give the user more control over data selection and reporting. Results In July 2011, a beta version of the next-generation of the application was launched. This next-generation is also a web based interactive mapping tool comprised of two distinct portals: the Breast Health Portal and Project Safety Net. Both are accessed via a Google mapping interface. Geographic coverage for the portals is currently an 8 county region centered on Harris County, Texas. Data accessed by the application include Census 2000, Census 2010 (underway, cancer incidence from the Texas Cancer Registry (TX Dept. of State Health Services, death data from Texas Vital Statistics, clinic locations for free and low-cost health services, along with service lists, hours of operation, payment options and languages spoken, uninsured and poverty data. Conclusions The system features query on the fly technology, which means the data is not generated until the query is provided to the system. This allows users to interact in real-time with the databases and generate customized reports and maps. To the author's knowledge, the Breast Health Portal and Project Safety Net are the first local-scale interactive online mapping interfaces for public health data which allow users to control the data generated. For example, users may generate breast cancer incidence rates

Bank Access Control of Electronic Payment Based on SPKI%基于SPKI电子支付中的银行端访问控制

Institute of Scientific and Technical Information of China (English)

王茜; 王富强; 傅鹤岗; 朱庆生

2003-01-01

In the system of electronic payment based on SPKI, access control of bank acts as the important function of identification, protecting customer's privacy and ensuring payment. The paper proposes the model of bank access control, and describes the frame and the steps of the access control. Finally, the paper analyzes the characteristics of the model.

Privacy and Access Control for IHE-Based Systems

Science.gov (United States)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

Flexible Access Control for Dynamic Collaborative Environments

NARCIS (Netherlands)

Dekker, M.A.C.

2009-01-01

Access control is used in computer systems to control access to confidential data. In this thesis we focus on access control for dynamic collaborative environments where multiple users and systems access and exchange data in an ad hoc manner. In such environments it is difficult to protect

Interactive SIGHT: textual access to simple bar charts

Science.gov (United States)

Demir, Seniz; Oliver, David; Schwartz, Edward; Elzer, Stephanie; Carberry, Sandra; Mccoy, Kathleen F.; Chester, Daniel

2010-12-01

the system offering different options to access the content of a chart to meet their specific needs and that they would use Interactive SIGHT if it was publicly available so as not to have to ignore graphics on the web. Being a language based assistive technology designed to compensate for the lack of sight, our work paves the road for a stronger acceptance of natural language interfaces to graph interpretation that we believe will be of great benefit to the visually impaired community.

Role-Based Access Control for Coalition Partners in Maritime Domain Awareness

National Research Council Canada - National Science Library

McDaniel, Christopher R; Tardy, Matthew L

2005-01-01

The need for Shared Situational Awareness (SSA) in accomplishing joint missions by coalition militaries, law enforcement, the intelligence community, and the private sector creates a unique challenge to providing access control...

Pigeon interaction mode switch-based UAV distributed flocking control under obstacle environments.

Science.gov (United States)

Qiu, Huaxin; Duan, Haibin

2017-11-01

Unmanned aerial vehicle (UAV) flocking control is a serious and challenging problem due to local interactions and changing environments. In this paper, a pigeon flocking model and a pigeon coordinated obstacle-avoiding model are proposed based on a behavior that pigeon flocks will switch between hierarchical and egalitarian interaction mode at different flight phases. Owning to the similarity between bird flocks and UAV swarms in essence, a distributed flocking control algorithm based on the proposed pigeon flocking and coordinated obstacle-avoiding models is designed to coordinate a heterogeneous UAV swarm to fly though obstacle environments with few informed individuals. The comparative simulation results are elaborated to show the feasibility, validity and superiority of our proposed algorithm. Copyright © 2017 ISA. Published by Elsevier Ltd. All rights reserved.

Authenticated IGMP for Controlling Access to Multicast Distribution Tree

Science.gov (United States)

Park, Chang-Seop; Kang, Hyun-Sun

A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

A New Key-lock Method for User Authentication and Access Control

Institute of Scientific and Technical Information of China (English)

JI Dongyao; ZHANG Futai; WANG Yumin

2001-01-01

We propose a new key-lock methodfor user authentication and access control based onChinese remainder theorem, the concepts of the ac-cess control matrix, key-lock-pair, time stamp, and the NS public key protocol. Our method is dynamicand needs a minimum amount of computation in thesense that it only updates at most one key/lock foreach access request. We also demonstrate how an au-thentication protocol can be integrated into the ac-cess control method. By applying a time stamp, themethod can not only withstand replay attack, butalso strengthen the authenticating mechanism, whichcould not be achieved simultaneously in previous key-lock methods.

Interactions Between Indirect DC-Voltage Estimation and Circulating Current Controllers of MMC-Based HVDC Transmission Systems

DEFF Research Database (Denmark)

Wickramasinghe, Harith R.; Konstantinou, Georgios; Pou, Josep

2018-01-01

Estimation-based indirect dc-voltage control in MMCs interacts with circulating current control methods. This paper proposes an estimation-based indirect dc-voltage control method for MMC-HVDC systems and analyzes its performance compared to alternative estimations. The interactions between......-state and transient performance is demonstrated using a benchmark MMC-HVDC transmission system, implemented in a real-time digital simulator. The results verify the theoretical evaluations and illustrate the operation and performance of the proposed indirect dc-voltage control method....

多域环境下的分布式RBAC模型%A distributed role-based access control model for multi-domain environments

Institute of Scientific and Technical Information of China (English)

洪帆; 朱贤; 邢光林

2006-01-01

Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain,the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.

Joint control algorithm in access network

Institute of Scientific and Technical Information of China (English)

2008-01-01

To deal with long probing delay and inaccurate probing results in the endpoint admission control method,a joint local and end-to-end admission control algorithm is proposed,which introduces local probing of access network besides end-to-end probing.Through local probing,the algorithm accurately estimated the resource status of the access network.Simulation shows that this algorithm can improve admission control performance and reduce users' average waiting time when the access network is heavily loaded.

Enforcing access control in virtual organizations using hierarchical attribute-based encryption

NARCIS (Netherlands)

Asim, M.; Ignatenko, T.; Petkovic, M.; Trivellato, D.; Zannone, N.

2012-01-01

Virtual organizations are dynamic, interorganizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed

Bodystorming for Movement-Based Interaction Design

Directory of Open Access Journals (Sweden)

Elena Márquez Segura

2016-11-01

Full Text Available After a decade of movement-based interaction in human–computer interaction, designing for the moving body still remains a challenge. Research in this field requires methods to help access, articulate, and harness embodied experiences in ways that can inform the design process. To address this challenge, this article appropriates bodystorming, an embodied ideation method for movement-based interaction design. The proposed method allows for early consideration of the physical, collocated, and social aspects of a designed activity as illustrated with two explorative workshops in different application domains: interactive body games and interactive performances. Using a qualitative methods approach, we used video material from the workshops, feedback from participants, and our own experience as participants and facilitators to outline important characteristics of the bodystorming method in the domain of movement-based interaction. The proposed method is compared with previous ones and application implications are discussed.

Yoink: An interaction-based partitioning API.

Science.gov (United States)

Zheng, Min; Waller, Mark P

2018-05-15

Herein, we describe the implementation details of our interaction-based partitioning API (application programming interface) called Yoink for QM/MM modeling and fragment-based quantum chemistry studies. Interactions are detected by computing density descriptors such as reduced density gradient, density overlap regions indicator, and single exponential decay detector. Only molecules having an interaction with a user-definable QM core are added to the QM region of a hybrid QM/MM calculation. Moreover, a set of molecule pairs having density-based interactions within a molecular system can be computed in Yoink, and an interaction graph can then be constructed. Standard graph clustering methods can then be applied to construct fragments for further quantum chemical calculations. The Yoink API is licensed under Apache 2.0 and can be accessed via yoink.wallerlab.org. © 2018 Wiley Periodicals, Inc. © 2018 Wiley Periodicals, Inc.

Enforcing access control in virtual organizations using hierarchical attribute-based encryption

NARCIS (Netherlands)

Asim, M.; Ignatenko, T.; Petkovic, M.; Trivellato, D.; Zannone, N.

2012-01-01

Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed

A Trusted Host's Authentication Access and Control Model Faced on User Action

Institute of Scientific and Technical Information of China (English)

ZHANG Miao; XU Guoai; HU Zhengming; YANG Yixian

2006-01-01

The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.

Access control and personal identification systems

CERN Document Server

Bowers, Dan M

1988-01-01

Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

A novel strategy to access high resolution DICOM medical images based on JPEG2000 interactive protocol

Science.gov (United States)

Tian, Yuan; Cai, Weihua; Sun, Jianyong; Zhang, Jianguo

2008-03-01

The demand for sharing medical information has kept rising. However, the transmission and displaying of high resolution medical images are limited if the network has a low transmission speed or the terminal devices have limited resources. In this paper, we present an approach based on JPEG2000 Interactive Protocol (JPIP) to browse high resolution medical images in an efficient way. We designed and implemented an interactive image communication system with client/server architecture and integrated it with Picture Archiving and Communication System (PACS). In our interactive image communication system, the JPIP server works as the middleware between clients and PACS servers. Both desktop clients and wireless mobile clients can browse high resolution images stored in PACS servers via accessing the JPIP server. The client can only make simple requests which identify the resolution, quality and region of interest and download selected portions of the JPEG2000 code-stream instead of downloading and decoding the entire code-stream. After receiving a request from a client, the JPIP server downloads the requested image from the PACS server and then responds the client by sending the appropriate code-stream. We also tested the performance of the JPIP server. The JPIP server runs stably and reliably under heavy load.

Providing the Public with Online Access to Large Bibliographic Data Bases.

Science.gov (United States)

Firschein, Oscar; Summit, Roger K.

DIALOG, an interactive, computer-based information retrieval language, consists of a series of computer programs designed to make use of direct access memory devices in order to provide the user with a rapid means of identifying records within a specific memory bank. Using the system, a library user can be provided access to sixteen distinct and…

Fine-Grained Access Control for Electronic Health Record Systems

Science.gov (United States)

Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

Access control and service-oriented architectures

NARCIS (Netherlands)

Leune, C.J.

2007-01-01

Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the

Efficient medium access control protocol for geostationary satellite systems

Institute of Scientific and Technical Information of China (English)

王丽娜; 顾学迈

2004-01-01

This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.

Network Access Control For Dummies

CERN Document Server

Kelley, Jay; Wessels, Denzil

2009-01-01

Network access control (NAC) is how you manage network security when your employees, partners, and guests need to access your network using laptops and mobile devices. Network Access Control For Dummies is where you learn how NAC works, how to implement a program, and how to take real-world challenges in stride. You'll learn how to deploy and maintain NAC in your environment, identify and apply NAC standards, and extend NAC for greater network security. Along the way you'll become familiar with what NAC is (and what it isn't) as well as the key business drivers for deploying NAC.Learn the step

The new biometric access control system resembles a big electronic eye. It will be used to control access to the LHC from 2007 onwards.

CERN Multimedia

Maximilien Brice

2006-01-01

The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.

Predictive access control for distributed computation

DEFF Research Database (Denmark)

Yang, Fan; Hankin, Chris; Nielson, Flemming

2013-01-01

We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future beh...... behavior of a program. A novel feature of our approach is that we can define policies concerning secondary use of data....

Database application research in real-time data access of accelerator control system

International Nuclear Information System (INIS)

Chen Guanghua; Chen Jianfeng; Wan Tianmin

2012-01-01

The control system of Shanghai Synchrotron Radiation Facility (SSRF) is a large-scale distributed real-time control system, It involves many types and large amounts of real-time data access during the operating. Database system has wide application prospects in the large-scale accelerator control system. It is the future development direction of the accelerator control system, to replace the differently dedicated data structures with the mature standardized database system. This article discusses the application feasibility of database system in accelerators based on the database interface technology, real-time data access testing, and system optimization research and to establish the foundation of the wide scale application of database system in the SSRF accelerator control system. Based on the database interface technology, real-time data access testing and system optimization research, this article will introduce the application feasibility of database system in accelerators, and lay the foundation of database system application in the SSRF accelerator control system. (authors)

Optimizing data access for wind farm control over hierarchical communication networks

DEFF Research Database (Denmark)

Madsen, Jacob Theilgaard; Findrik, Mislav; Madsen, Tatiana Kozlova

2016-01-01

delays and also by the choice of the time instances at which sensor information is accessed. In order to optimize the latter, we introduce an information quality metric and a mathematical model based on Markov chains, which are compared performance-wise to a heuristic approach for finding this parameter......In this paper we investigate a centralized wind farm controller which runs periodically. The controller attempts to reduce the damage a wind turbine sustains during operation by estimating fatigue based on the wind turbine state. The investigation focuses on the impact of information access...

Optical label-controlled transparent metro-access network interface

DEFF Research Database (Denmark)

Osadchiy, Alexey Vladimirovich

This thesis presents results obtained during the course of my PhD research on optical signal routing and interfacing between the metropolitan and access segments of optical networks. Due to both increasing capacity demands and variety of emerging services types, new technological challenges...... control. Highlights of my research include my proposal and experimental proof of principle of an optical coherent detection based optical access network architecture providing support for a large number of users over a single distribution fiber; a spectral amplitude encoded label detection technique...... are arising for seamlessly interfacing metropolitan and access networks. Therefore, in this PhD project, I have analyzed those technological challenges and identified the key aspects to be addressed. I have also proposed and experimentally verified a number of solutions to metropolitan and access networks...

Extending AAA operational model for profile-based access control in ethernet-based Neutral Access Networks

NARCIS (Netherlands)

Matias, J.; Jacob, E.; Demchenko, Y.; de Laat, C.; Gommans, L.; Macías López, E.M.; Bogliolo, A.; Perry, M.; Ran, M

2010-01-01

Neutral Access Networks (NAN) have appeared as a new model to overcome some restrictions and lack of flexibility that are present currently in broadband access networks. NAN brings new business opportunities by opening this market to new stakeholders. Although the NAN model is accepted, there are

Controlling user access to electronic resources without password

Science.gov (United States)

Smith, Fred Hewitt

2017-08-22

Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes obtaining an image from a communication device of a user. An individual and a landmark are identified within the image. Determinations are made that the individual is the user and that the landmark is a predetermined landmark. Access to a restricted computing resource is granted based on the determining that the individual is the user and that the landmark is the predetermined landmark. Other embodiments are disclosed.

Immersion in Movement-Based Interaction

Science.gov (United States)

Pasch, Marco; Bianchi-Berthouze, Nadia; van Dijk, Betsy; Nijholt, Anton

The phenomenon of immersing oneself into virtual environments has been established widely. Yet to date (to our best knowledge) the physical dimension has been neglected in studies investigating immersion in Human-Computer Interaction (HCI). In movement-based interaction the user controls the interface via body movements, e.g. direct manipulation of screen objects via gestures or using a handheld controller as a virtual tennis racket. It has been shown that physical activity affects arousal and that movement-based controllers can facilitate engagement in the context of video games. This paper aims at identifying movement features that influence immersion. We first give a brief survey on immersion and movement-based interfaces. Then, we report results from an interview study that investigates how users experience their body movements when interacting with movement-based interfaces. Based on the interviews, we identify four movement-specific features. We recommend them as candidates for further investigation.

An Optimal Medium Access Control with Partial Observations for Sensor Networks

Directory of Open Access Journals (Sweden)

Servetto Sergio D

2005-01-01

Full Text Available We consider medium access control (MAC in multihop sensor networks, where only partial information about the shared medium is available to the transmitter. We model our setting as a queuing problem in which the service rate of a queue is a function of a partially observed Markov chain representing the available bandwidth, and in which the arrivals are controlled based on the partial observations so as to keep the system in a desirable mildly unstable regime. The optimal controller for this problem satisfies a separation property: we first compute a probability measure on the state space of the chain, namely the information state, then use this measure as the new state on which the control decisions are based. We give a formal description of the system considered and of its dynamics, we formalize and solve an optimal control problem, and we show numerical simulations to illustrate with concrete examples properties of the optimal control law. We show how the ergodic behavior of our queuing model is characterized by an invariant measure over all possible information states, and we construct that measure. Our results can be specifically applied for designing efficient and stable algorithms for medium access control in multiple-accessed systems, in particular for sensor networks.

Access control within military C4ISR systems

Science.gov (United States)

Maschino, Mike

2003-07-01

Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) tactical battlefield systems must provide the right information and resources to the right individuals at the right time. At the same time, the C4ISR system must enforce access controls to prevent the wrong individuals from obtaining sensitive information, or consuming scarce resources. Because lives, missions and property depend upon them, these access control mechanisms must be effective, reliable, efficient and flexible. The mechanisms employed must suit the nature of the items that are to be protected, as well as the varieties of access policies that must be enforced, and the types of access that will be made to these items. Some access control technologies are inherently centralized, while others are suitable for distributed implementation. The C4ISR architect must select from among the available technologies a combination of mechanisms that eases the burden of policy administration, but is inherently survivable, accurate, resource efficient, and which provides low latency. This paper explores various alternative access enforcement mechanisms, and assesses their effectiveness in managing policy-driven access control within the battlespace.

[Public control and equity of access to hospitals under non-State public administration].

Science.gov (United States)

Carneiro Junior, Nivaldo; Elias, Paulo Eduardo

2006-10-01

To analyze social health organizations in the light of public control and the guarantee of equity of access to health services. Utilizing the case study technique, two social health organizations in the metropolitan region of São Paulo were selected. The analytical categories were equity of access and public control, and these were based on interviews with key informants and technical-administrative reports. It was observed that the overall funding and administrative control of the social health organizations are functions of the state administrator. The presence of a local administrator is important for ensuring equity of access. Public control is expressed through supervisory actions, by means of accounting and financial procedures. Equity of access and public control are not taken into consideration in the administration of these organizations. The central question lies in the capacity of the public authorities to have a presence in implementing this model at the local level, thereby ensuring equity of access and taking public control into consideration.

Break-glass handling exceptional situations in access control

CERN Document Server

Petritsch, Helmut

2014-01-01

Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres

Access Control with RFID in the Internet of Things

DEFF Research Database (Denmark)

Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg

2013-01-01

, to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....

A novel and efficient user access control scheme for wireless body area sensor networks

Directory of Open Access Journals (Sweden)

Santanu Chatterjee

2014-07-01

Full Text Available Wireless body area networks (WBANs can be applied to provide healthcare and patient monitoring. However, patient privacy can be vulnerable in a WBAN unless security is considered. Access to authorized users for the correct information and resources for different services can be provided with the help of efficient user access control mechanisms. This paper proposes a new user access control scheme for a WBAN. The proposed scheme makes use of a group-based user access ID, an access privilege mask, and a password. An elliptic curve cryptography-based public key cryptosystem is used to ensure that a particular legitimate user can only access the information for which he/she is authorized. We show that our scheme performs better than previously existing user access control schemes. Through a security analysis, we show that our scheme is secure against possible known attacks. Furthermore, through a formal security verification using the AVISPA (Automated Validation of Internet Security Protocols and Applications tool, we show that our scheme is also secure against passive and active attacks.

Distributed medium access control in wireless networks

CERN Document Server

Wang, Ping

2013-01-01

This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi

Spatiotemporal Access Model Based on Reputation for the Sensing Layer of the IoT

Directory of Open Access Journals (Sweden)

Yunchuan Guo

2014-01-01

Full Text Available Access control is a key technology in providing security in the Internet of Things (IoT. The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC. STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM and the election-based update mechanism (EUM. We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model.

Spatiotemporal access model based on reputation for the sensing layer of the IoT.

Science.gov (United States)

Guo, Yunchuan; Yin, Lihua; Li, Chao; Qian, Junyan

2014-01-01

Access control is a key technology in providing security in the Internet of Things (IoT). The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC). STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM) and the election-based update mechanism (EUM). We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model.

An IEEE 802.3 Compatible Real Time Medium Access Control with Length-based Priority

Institute of Scientific and Technical Information of China (English)

无

2006-01-01

A new medium access control method is proposed over the predominant Ethernet broadcast channel. Taking advantages of intrinsic variable length characteristic of standard Ethernet frame, message-oriented dynamic priority mechanism is established. Prioritized medium access control operates under a so-called block mode in event of collisions.High priority messages have a chance to preempt block status incurred by low priority ones. By this means, the new MAC provides a conditional deterministic real time performance beyond a statistical one. Experiments demonstrate effectiveness and attractiveness of the proposed scheme. Moreover, this new MAC is completely compatible with IEEE802.3.

Design and Implementation of Linux Access Control Model

Institute of Scientific and Technical Information of China (English)

Wei Xiaomeng; Wu Yongbin; Zhuo Jingchuan; Wang Jianyun; Haliqian Mayibula

2017-01-01

In this paper,the design and implementation of an access control model for Linux system are discussed in detail. The design is based on the RBAC model and combines with the inherent characteristics of the Linux system,and the support for the process and role transition is added.The core idea of the model is that the file is divided into different categories,and access authority of every category is distributed to several roles.Then,roles are assigned to users of the system,and the role of the user can be transited from one to another by running the executable file.

Identifying Ant-Mirid Spatial Interactions to Improve Biological Control in Cacao-Based Agroforestry System.

Science.gov (United States)

Bagny Beilhe, Leïla; Piou, Cyril; Tadu, Zéphirin; Babin, Régis

2018-06-06

The use of ants for biological control of insect pests was the first reported case of conservation biological control. Direct and indirect community interactions between ants and pests lead to differential spatial pattern. We investigated spatial interactions between mirids, the major cocoa pest in West Africa and numerically dominant ant species, using bivariate point pattern analysis to identify potential biological control agents. We assume that potential biological control agents should display negative spatial interactions with mirids considering their niche overlap. The mirid/ant data were collected in complex cacao-based agroforestry systems sampled in three agroecological areas over a forest-savannah gradient in Cameroon. Three species, Crematogaster striatula Emery (Hymenoptera: Formicidae), Crematogaster clariventris Mayr (Hymenoptera: Formicidae), and Oecophylla longinoda Latreille (Hymenoptera: Formicidae) with high predator and aggressive behaviors were identified as dominant and showed negative spatial relationships with mirids. The weaver ant, O. longinoda was identified as the only potential biological control agent, considering its ubiquity in the plots, the similarity in niche requirements, and the spatial segregation with mirids resulting probably from exclusion mechanisms. Combining bivariate point pattern analysis to good knowledge of insect ecology was an effective method to identify a potentially good biological control agent.

LANSCE personnel access control system (PACS)

International Nuclear Information System (INIS)

Sturrock, J.C.; Gallegos, F.R.; Hall, M.J.

1997-01-01

The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described

Accessibility to tuberculosis control services and tuberculosis programme performance in southern Ethiopia

Directory of Open Access Journals (Sweden)

Mesay Hailu Dangisso

2015-11-01

Full Text Available Background: Despite the expansion of health services and community-based interventions in Ethiopia, limited evidence exists about the distribution of and access to health facilities and their relationship with the performance of tuberculosis (TB control programmes. We aim to assess the geographical distribution of and physical accessibility to TB control services and their relationship with TB case notification rates (CNRs and treatment outcome in the Sidama Zone, southern Ethiopia. Design: We carried out an ecological study to assess physical accessibility to TB control facilities and the association of physical accessibility with TB CNRs and treatment outcome. We collected smear-positive pulmonary TB (PTB cases treated during 2003–2012 from unit TB registers and TB service data such as availability of basic supplies for TB control and geographic locations of health services. We used ArcGIS 10.2 to measure the distance from each enumeration location to the nearest TB control facilities. A linear regression analysis was employed to assess factors associated with TB CNRs and treatment outcome. Results: Over a decade the health service coverage (the health facility–to-population ratio increased by 36% and the accessibility to TB control facilities also improved. Thus, the mean distance from TB control services was 7.6 km in 2003 (ranging from 1.8 to 25.5 km between kebeles (the smallest administrative units and had decreased to 3.2 km in 2012 (ranging from 1.5 to 12.4 km. In multivariate linear regression, as distance from TB diagnostic facilities (b-estimate=−0.25, p<0.001 and altitude (b-estimate=−0.31, p<0.001 increased, the CNRs of TB decreased, whereas a higher population density was associated with increased TB CNRs. Similarly, distance to TB control facilities (b-estimate=−0.27, p<0.001 and altitude (b-estimate=−0.30, p<0.001 were inversely associated with treatment success (proportion of treatment completed or cured cases

Secure access control and large scale robust representation for online multimedia event detection.

Science.gov (United States)

Liu, Changyu; Lu, Bin; Li, Huiling

2014-01-01

We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

Secure Access Control and Large Scale Robust Representation for Online Multimedia Event Detection

Directory of Open Access Journals (Sweden)

Changyu Liu

2014-01-01

Full Text Available We developed an online multimedia event detection (MED system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

An Approach to Enforcing Clark-Wilson Model in Role-based Access Control Model

Institute of Scientific and Technical Information of China (English)

LIANGBin; SHIWenchang; SUNYufang; SUNBo

2004-01-01

Using one security model to enforce another is a prospective solution to multi-policy support. In this paper, an approach to the enforcing Clark-Wilson data integrity model in the Role-based access control (RBAC) model is proposed. An enforcement construction with great feasibility is presented. In this construction, a direct way to enforce the Clark-Wilson model is provided, the corresponding relations among users, transformation procedures, and constrained data items are strengthened; the concepts of task and subtask are introduced to enhance the support to least-privilege. The proposed approach widens the applicability of RBAC. The theoretical foundation for adopting Clark-Wilson model in a RBAC system with small cost is offered to meet the requirements of multi-policy support and policy flexibility.

The OPL Access Control Policy Language

Science.gov (United States)

Alm, Christopher; Wolf, Ruben; Posegga, Joachim

Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use complicated and complex language constructs to express such concepts. The latter, however, is cumbersome and error-prone for humans dealing with policy administration.

Activity-Based Collaboration for Interactive Spaces

DEFF Research Database (Denmark)

Bardram, Jakob Eyvind; Esbensen, Morten; Tabard, Aurélien

2017-01-01

, folder, documents, etc., users are able to interact with ‘activities’ which encapsulate files and other low-level resources. In ABC an ‘activity’ can be shared between collaborating users and can be accessed on different devices. As such, ABC is a framework that suits the requirements of designing...... interactive spaces. This chapter provides an overview of ABC with a special focus on its support for collaboration (‘Activity Sharing’) and multiple devices (‘Activity Roaming’). These ABC concepts are illustrated as implemented in two different interactive spaces technologies; ReticularSpaces [1] and the e......LabBench [2, 3]. The chapter discusses the benefits of activity-based collaboration support for these interactive spaces, while also discussing limitations and challenges to be addressed in further research....

Analysing Access Control Specifications

DEFF Research Database (Denmark)

Probst, Christian W.; Hansen, René Rydhof

2009-01-01

When prosecuting crimes, the main question to answer is often who had a motive and the possibility to commit the crime. When investigating cyber crimes, the question of possibility is often hard to answer, as in a networked system almost any location can be accessed from almost anywhere. The most...... common tool to answer this question, analysis of log files, faces the problem that the amount of logged data may be overwhelming. This problems gets even worse in the case of insider attacks, where the attacker’s actions usually will be logged as permissible, standard actions—if they are logged at all....... Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set...

Keep on Blockin’ in the Free World: Personal Access Control for Low-Cost RFID Tags

OpenAIRE

Rieback, Melanie; Crispo, Bruno; Tanenbaum, Andrew

2007-01-01

This paper introduces an off-tag RFID access control mechanism called “Selective RFID Jamming”. Selective RFID Jamming protects low-cost RFID tags by enforcing access control on their behalf, in a similar manner to the RFID Blocker Tag. However, Selective RFID Jamming is novel because it uses an active mobile device to enforce centralized ACL-based access control policies. Selective RFID Jamming also solves a Differential Signal Analysis attack to which the RFID Blocker Tag is susceptible.

Developing Access Control Model of Web OLAP over Trusted and Collaborative Data Warehouses

Science.gov (United States)

Fugkeaw, Somchart; Mitrpanont, Jarernsri L.; Manpanpanich, Piyawit; Juntapremjitt, Sekpon

This paper proposes the design and development of Role- based Access Control (RBAC) model for the Single Sign-On (SSO) Web-OLAP query spanning over multiple data warehouses (DWs). The model is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of RBAC authorization based on dimension privilege specified in attribute certificate (AC) and user identification. Particularly, the way of attribute mapping between DW user authentication and privilege of dimensional access is illustrated. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the paper culminates in the prototype system A-COLD (Access Control of web-OLAP over multiple DWs) that incorporates the OLAP features and authentication and authorization enforcement in the multi-user and multi-data warehouse environment.

An interactive web-based extranet system model for managing ...

African Journals Online (AJOL)

... objectives for students, lecturers and parents to access and compute results ... The database will serve as repository of students' academic records over a ... Keywords: Extranet-Model, Interactive, Web-Based, Students, Academic, Records ...

Disk access controller for Multi 8 computer

International Nuclear Information System (INIS)

Segalard, Jean

1970-01-01

After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements

Face Recognition for Access Control Systems Combining Image-Difference Features Based on a Probabilistic Model

Science.gov (United States)

Miwa, Shotaro; Kage, Hiroshi; Hirai, Takashi; Sumi, Kazuhiko

We propose a probabilistic face recognition algorithm for Access Control System(ACS)s. Comparing with existing ACSs using low cost IC-cards, face recognition has advantages in usability and security that it doesn't require people to hold cards over scanners and doesn't accept imposters with authorized cards. Therefore face recognition attracts more interests in security markets than IC-cards. But in security markets where low cost ACSs exist, price competition is important, and there is a limitation on the quality of available cameras and image control. Therefore ACSs using face recognition are required to handle much lower quality images, such as defocused and poor gain-controlled images than high security systems, such as immigration control. To tackle with such image quality problems we developed a face recognition algorithm based on a probabilistic model which combines a variety of image-difference features trained by Real AdaBoost with their prior probability distributions. It enables to evaluate and utilize only reliable features among trained ones during each authentication, and achieve high recognition performance rates. The field evaluation using a pseudo Access Control System installed in our office shows that the proposed system achieves a constant high recognition performance rate independent on face image qualities, that is about four times lower EER (Equal Error Rate) under a variety of image conditions than one without any prior probability distributions. On the other hand using image difference features without any prior probabilities are sensitive to image qualities. We also evaluated PCA, and it has worse, but constant performance rates because of its general optimization on overall data. Comparing with PCA, Real AdaBoost without any prior distribution performs twice better under good image conditions, but degrades to a performance as good as PCA under poor image conditions.

Petri Nets Based Modelling of Control Flow for Memory-Aid Interactive Programs in Telemedicine

CERN Document Server

Khoromskaia, V K

2004-01-01

Petri Nets (PN) based modelling of the control flow for the interactive memory assistance programs designed for personal pocket computers and having special requirements for robustness is considered. The proposed concept allows one to elaborate the programs which can give users a variety of possibilities for a day-time planning in the presence of environmental and time restrictions. First, a PN model for a known simple algorithm is constructed and analyzed using the corresponding state equations and incidence matrix. Then a PN graph for a complicated algorithm with overlapping actions and choice possibilities is designed, supplemented by an example of its analysis. Dynamic behaviour of this graph is tested by tracing of all possible paths of the flow of control using the PN simulator. It is shown that PN based modelling provides reliably predictable performance of interactive algorithms with branched structures and concurrency requirements.

Efficient traffic grooming with dynamic ONU grouping for multiple-OLT-based access network

Science.gov (United States)

Zhang, Shizong; Gu, Rentao; Ji, Yuefeng; Wang, Hongxiang

2015-12-01

Fast bandwidth growth urges large-scale high-density access scenarios, where the multiple Passive Optical Networking (PON) system clustered deployment can be adopted as an appropriate solution to fulfill the huge bandwidth demands, especially for a future 5G mobile network. However, the lack of interaction between different optical line terminals (OLTs) results in part of the bandwidth resources waste. To increase the bandwidth efficiency, as well as reduce bandwidth pressure at the edge of a network, we propose a centralized flexible PON architecture based on Time- and Wavelength-Division Multiplexing PON (TWDM PON). It can provide flexible affiliation for optical network units (ONUs) and different OLTs to support access network traffic localization. Specifically, a dynamic ONU grouping algorithm (DGA) is provided to obtain the minimal OLT outbound traffic. Simulation results show that DGA obtains an average 25.23% traffic gain increment under different OLT numbers within a small ONU number situation, and the traffic gain will increase dramatically with the increment of the ONU number. As the DGA can be deployed easily as an application running above the centralized control plane, the proposed architecture can be helpful to improve the network efficiency for future traffic-intensive access scenarios.

A role based coordination model in agent systems

Institute of Scientific and Technical Information of China (English)

ZHANG Ya-ying; YOU Jin-yuan

2005-01-01

Coordination technology addresses the construction of open, flexible systems from active and independent software agents in concurrent and distributed systems. In most open distributed applications, multiple agents need interaction and communication to achieve their overall goal. Coordination technologies for the Internet typically are concerned with enabling interaction among agents and helping them cooperate with each other.At the same time, access control should also be considered to constrain interaction to make it harmless. Access control should be regarded as the security counterpart of coordination. At present, the combination of coordination and access control remains an open problem. Thus, we propose a role based coordination model with policy enforcement in agent application systems. In this model, coordination is combined with access control so as to fully characterize the interactions in agent systems. A set of agents interacting with each other for a common global system task constitutes a coordination group. Role based access control is applied in this model to prevent unauthorized accesses. Coordination policy is enforced in a distributed manner so that the model can be applied to the open distributed systems such as Intemet. An Internet online auction system is presented as a case study to illustrate the proposed coordination model and finally the performance analysis of the model is introduced.

STAR-TYPE LOCAL AREA NETWORK ACCESS CONTROL

Institute of Scientific and Technical Information of China (English)

逯昭义; 齐藤忠夫

1990-01-01

The multiple access fashion is a new resolution for the star-type local area network (LAN) access control and star-type optical fibre LAN. Arguments about this network are discussed, and the results are introduced.

Estimating spatial accessibility to facilities on the regional scale: an extended commuting-based interaction potential model

Directory of Open Access Journals (Sweden)

Charreire Hélène

2011-01-01

Full Text Available Abstract Background There is growing interest in the study of the relationships between individual health-related behaviours (e.g. food intake and physical activity and measurements of spatial accessibility to the associated facilities (e.g. food outlets and sport facilities. The aim of this study is to propose measurements of spatial accessibility to facilities on the regional scale, using aggregated data. We first used a potential accessibility model that partly makes it possible to overcome the limitations of the most frequently used indices such as the count of opportunities within a given neighbourhood. We then propose an extended model in order to take into account both home and work-based accessibility for a commuting population. Results Potential accessibility estimation provides a very different picture of the accessibility levels experienced by the population than the more classical "number of opportunities per census tract" index. The extended model for commuters increases the overall accessibility levels but this increase differs according to the urbanisation level. Strongest increases are observed in some rural municipalities with initial low accessibility levels. Distance to major urban poles seems to play an essential role. Conclusions Accessibility is a multi-dimensional concept that should integrate some aspects of travel behaviour. Our work supports the evidence that the choice of appropriate accessibility indices including both residential and non-residential environmental features is necessary. Such models have potential implications for providing relevant information to policy-makers in the field of public health.

ACCESS: Detector Control and Performance

Science.gov (United States)

Morris, Matthew J.; Kaiser, M.; McCandliss, S. R.; Rauscher, B. J.; Kimble, R. A.; Kruk, J. W.; Wright, E. L.; Bohlin, R.; Kurucz, R. L.; Riess, A. G.; Pelton, R.; Deustua, S. E.; Dixon, W. V.; Sahnow, D. J.; Mott, D. B.; Wen, Y.; Benford, D. J.; Gardner, J. P.; Feldman, P. D.; Moos, H. W.; Lampton, M.; Perlmutter, S.; Woodgate, B. E.

2014-01-01

ACCESS, Absolute Color Calibration Experiment for Standard Stars, is a series of rocket-borne sub-orbital missions and ground-based experiments that will enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass (companion poster, Kaiser et al.). The flight detector and detector spare have been selected and integrated with their electronics and flight mount. The controller electronics have been flight qualified. Vibration testing to launch loads and thermal vacuum testing of the detector, mount, and housing have been successfully performed. Further improvements to the flight controller housing have been made. A cryogenic ground test system has been built. Dark current and read noise tests have been performed, yielding results consistent with the initial characterization tests of the detector performed by Goddard Space Flight Center’s Detector Characterization Lab (DCL). Detector control software has been developed and implemented for ground testing. Performance and integration of the detector and controller with the flight software will be presented. NASA APRA sounding rocket grant NNX08AI65G supports this work.

Access and completion of a Web-based treatment in a population-based sample of tornado-affected adolescents.

Science.gov (United States)

Price, Matthew; Yuen, Erica K; Davidson, Tatiana M; Hubel, Grace; Ruggiero, Kenneth J

2015-08-01

Although Web-based treatments have significant potential to assess and treat difficult-to-reach populations, such as trauma-exposed adolescents, the extent that such treatments are accessed and used is unclear. The present study evaluated the proportion of adolescents who accessed and completed a Web-based treatment for postdisaster mental health symptoms. Correlates of access and completion were examined. A sample of 2,000 adolescents living in tornado-affected communities was assessed via structured telephone interview and invited to a Web-based treatment. The modular treatment addressed symptoms of posttraumatic stress disorder, depression, and alcohol and tobacco use. Participants were randomized to experimental or control conditions after accessing the site. Overall access for the intervention was 35.8%. Module completion for those who accessed ranged from 52.8% to 85.6%. Adolescents with parents who used the Internet to obtain health-related information were more likely to access the treatment. Adolescent males were less likely to access the treatment. Future work is needed to identify strategies to further increase the reach of Web-based treatments to provide clinical services in a postdisaster context. (c) 2015 APA, all rights reserved).

Modelling and Analysing Access Control Policies in XACML 3.0

DEFF Research Database (Denmark)

Ramli, Carroline Dewi Puspa Kencana

(c.f. GM03,Mos05,Ris13) and manual analysis of the overall effect and consequences of a large XACML policy set is a very daunting and time-consuming task. In this thesis we address the problem of understanding the semantics of access control policy language XACML, in particular XACML version 3.0....... The main focus of this thesis is modelling and analysing access control policies in XACML 3.0. There are two main contributions in this thesis. First, we study and formalise XACML 3.0, in particular the Policy Decision Point (PDP). The concrete syntax of XACML is based on the XML format, while its standard...... semantics is described normatively using natural language. The use of English text in standardisation leads to the risk of misinterpretation and ambiguity. In order to avoid this drawback, we define an abstract syntax of XACML 3.0 and a formal XACML semantics. Second, we propose a logic-based XACML analysis...

Analysis of Access Control Policies in Operating Systems

Science.gov (United States)

Chen, Hong

2009-01-01

Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

The Arabidopsis SWI/SNF protein BAF60 mediates seedling growth control by modulating DNA accessibility

KAUST Repository

Jé gu, Teddy; Veluchamy, Alaguraj; Ramirez Prado, Juan Sebastian; Rizzi-Paillet, Charley; Perez, Magalie; Lhomme, Anaï s; Latrasse, David; Coleno, Emeline; Vicaire, Serge; Legras, Sté phanie; Jost, Bernard; Rougé e, Martin; Barneche, Fredy; Bergounioux, Catherine; Crespi, Martin; Mahfouz, Magdy M.; Hirt, Heribert; Raynaud, Cé cile; Benhamed, Moussa

2017-01-01

Plant adaptive responses to changing environments involve complex molecular interplays between intrinsic and external signals. Whilst much is known on the signaling components mediating diurnal, light, and temperature controls on plant development, their influence on chromatin-based transcriptional controls remains poorly explored.In this study we show that a SWI/SNF chromatin remodeler subunit, BAF60, represses seedling growth by modulating DNA accessibility of hypocotyl cell size regulatory genes. BAF60 binds nucleosome-free regions of multiple G box-containing genes, opposing in cis the promoting effect of the photomorphogenic and thermomorphogenic regulator Phytochrome Interacting Factor 4 (PIF4) on hypocotyl elongation. Furthermore, BAF60 expression level is regulated in response to light and daily rhythms.These results unveil a short path between a chromatin remodeler and a signaling component to fine-tune plant morphogenesis in response to environmental conditions.

The Arabidopsis SWI/SNF protein BAF60 mediates seedling growth control by modulating DNA accessibility

KAUST Repository

Jégu, Teddy

2017-06-15

Plant adaptive responses to changing environments involve complex molecular interplays between intrinsic and external signals. Whilst much is known on the signaling components mediating diurnal, light, and temperature controls on plant development, their influence on chromatin-based transcriptional controls remains poorly explored.In this study we show that a SWI/SNF chromatin remodeler subunit, BAF60, represses seedling growth by modulating DNA accessibility of hypocotyl cell size regulatory genes. BAF60 binds nucleosome-free regions of multiple G box-containing genes, opposing in cis the promoting effect of the photomorphogenic and thermomorphogenic regulator Phytochrome Interacting Factor 4 (PIF4) on hypocotyl elongation. Furthermore, BAF60 expression level is regulated in response to light and daily rhythms.These results unveil a short path between a chromatin remodeler and a signaling component to fine-tune plant morphogenesis in response to environmental conditions.

Hybrid Solution for Privacy-Preserving Access Control for Healthcare Data

Directory of Open Access Journals (Sweden)

SMITHAMOL, M. B.

2017-05-01

Full Text Available The booming in cloud and IoT technologies has accelerated the growth of healthcare system. The IoT devices monitor the patient's health, and upload collected data as Electronic Medical Records (EMRs to the cloud for storage and sharing. Outsourcing EMRs to the cloud introduce new security and privacy challenges. In this paper, we proposed a novel architecture ensuring security and privacy for the outsourced health records. The proposed model uses partially ordered set (POSET for constructing the group based access structure and Ciphertext-Policy Attribute-Based Encryption (CP-ABE to provide fine-grained EMR access control. The modified group based CP-ABE (G-CP-ABE minimizes the computational overhead by reducing the number of leaf nodes in the access tree. Also, the proposed G-CP-ABE framework merges symmetric encryption and CP-ABE scheme to minimize the overall encryption time. As a result, G-CP-ABE can be used to monitor health conditions even from a resource constrained IoT device. The performance analysis shows the efficiency of the proposed model, making it suitable for practical use.

Automatic Control of Contextual Interaction Integrated with Affection and Architectural Attentional Control

Directory of Open Access Journals (Sweden)

Yanrong Jiang

2013-03-01

Full Text Available It is still a challenge for robots to interact with complex environments in a smooth and natural manner. The robot should be aware of its surroundings and inner status to make decisions accordingly and appropriately. Contexts benefit the interaction a lot, such as avoiding frequent interruptions (e.g., the explicit inputting requests and thus are essential for interaction. Other challenges, such as shifting attentional focus to a more important stimulus, etc., are also crucial in interaction control. This paper presents a hybrid automatic control approach for interaction, as well as its integration, with these multiple important factors, aiming at performing natural, human-like interactions in robots. In particular, a novel approach of architectural attentional control, based on affection is presented, which attempts to shift the attentional focus in a natural manner. Context-aware computing is combined with interaction to endow the robot with proactive abilities. The long-term interaction control approaches are described. Emotion and personality are introduced into the interaction and their influence mechanism on interaction is explored. We implemented the proposal in an interactive head robot (IHR and the experimental results indicate the effectiveness.

A Comparative Analysis of Wiki Discretionary Access Control in a CONOPS Environment

National Research Council Canada - National Science Library

Crawford, Frederick L

2008-01-01

.... The derivation of the author's thesis focuses awareness on effective information allocation that is reliable and accurate while maintaining its confidentiality based upon some level of discretionary access control (DAC...

Power Allocation and Outage Probability Analysis for SDN-based Radio Access Networks

Science.gov (United States)

Zhao, Yongxu; Chen, Yueyun; Mai, Zhiyuan

2018-01-01

In this paper, performance of Access network Architecture based SDN (Software Defined Network) is analyzed with respect to the power allocation issue. A power allocation scheme PSO-PA (Particle Swarm Optimization-power allocation) algorithm is proposed, the proposed scheme is subjected to constant total power with the objective of minimizing system outage probability. The entire access network resource configuration is controlled by the SDN controller, then it sends the optimized power distribution factor to the base station source node (SN) and the relay node (RN). Simulation results show that the proposed scheme reduces the system outage probability at a low complexity.

LudusScope: Accessible Interactive Smartphone Microscopy for Life-Science Education.

Science.gov (United States)

Kim, Honesty; Gerber, Lukas Cyrill; Chiu, Daniel; Lee, Seung Ah; Cira, Nate J; Xia, Sherwin Yuyang; Riedel-Kruse, Ingmar H

2016-01-01

For centuries, observational microscopy has greatly facilitated biology education, but we still cannot easily and playfully interact with the microscopic world we see. We therefore developed the LudusScope, an accessible, interactive do-it-yourself smartphone microscopy platform that promotes exploratory stimulation and observation of microscopic organisms, in a design that combines the educational modalities of build, play, and inquire. The LudusScope's touchscreen and joystick allow the selection and stimulation of phototactic microorganisms such as Euglena gracilis with light. Organismal behavior is tracked and displayed in real time, enabling open and structured game play as well as scientific inquiry via quantitative experimentation. Furthermore, we used the Scratch programming language to incorporate biophysical modeling. This platform is designed as an accessible, low-cost educational kit for easy construction and expansion. User testing with both teachers and students demonstrates the educational potential of the LudusScope, and we anticipate additional synergy with the maker movement. Transforming observational microscopy into an interactive experience will make microbiology more tangible to society, and effectively support the interdisciplinary learning required by the Next Generation Science Standards.

Measuring interactivity on tobacco control websites.

Science.gov (United States)

Freeman, Becky; Chapman, Simon

2012-08-01

With the increased reach of Web 2.0, Internet users expect webpages to be interactive. No studies have been conducted to assess whether tobacco control-relevant sites have implemented these features. The authors conducted an analysis of an international sample of tobacco control-relevant websites to determine their level of interactivity. The sample included 68 unique websites selected from Google searches in 5 countries, on each country's Google site, using the term smoking. The 68 sites were analyzed for 10 categories of interactive tools. The most common type of interactive content found on 46 (68%) of sites was for multimedia featuring content that was not primarily text based, such as photo galleries, videos, or podcasts. Only 11 (16%) websites-outside of media sites-allowed people to interact and engage with the site owners and other users by allowing posting comments on content and/or hosting forums/discussions. Linkages to social networking sites were low: 17 pages (25%) linked to Twitter, 15 (22%) to Facebook, and 11 (16%) to YouTube. Interactivity and connectedness to online social media appears to still be in its infancy among tobacco control-relevant sites.

XACML to build access control policies for Internet of Things

OpenAIRE

Atlam, Hany F.; Alassafi, Madini, Obad; Alenezi, Ahmed; Walters, Robert; Wills, Gary

2018-01-01

Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an ef...

Accessing remote data bases using microcomputers

OpenAIRE

Saul, Peter D.

1985-01-01

General practitioners' access to remote data bases using microcomputers is increasing, making even the most obscure information readily available. Some of the systems available to general practitioners in the UK are described and the methods of access are outlined. General practitioners should be aware of the advances in technology; data bases are increasing in size, the cost of access is falling and their use is becoming easier.

Interactive, open source, travel time scenario modelling: tools to facilitate participation in health service access analysis.

Science.gov (United States)

Fisher, Rohan; Lassa, Jonatan

2017-04-18

Modelling travel time to services has become a common public health tool for planning service provision but the usefulness of these analyses is constrained by the availability of accurate input data and limitations inherent in the assumptions and parameterisation. This is particularly an issue in the developing world where access to basic data is limited and travel is often complex and multi-modal. Improving the accuracy and relevance in this context requires greater accessibility to, and flexibility in, travel time modelling tools to facilitate the incorporation of local knowledge and the rapid exploration of multiple travel scenarios. The aim of this work was to develop simple open source, adaptable, interactive travel time modelling tools to allow greater access to and participation in service access analysis. Described are three interconnected applications designed to reduce some of the barriers to the more wide-spread use of GIS analysis of service access and allow for complex spatial and temporal variations in service availability. These applications are an open source GIS tool-kit and two geo-simulation models. The development of these tools was guided by health service issues from a developing world context but they present a general approach to enabling greater access to and flexibility in health access modelling. The tools demonstrate a method that substantially simplifies the process for conducting travel time assessments and demonstrate a dynamic, interactive approach in an open source GIS format. In addition this paper provides examples from empirical experience where these tools have informed better policy and planning. Travel and health service access is complex and cannot be reduced to a few static modeled outputs. The approaches described in this paper use a unique set of tools to explore this complexity, promote discussion and build understanding with the goal of producing better planning outcomes. The accessible, flexible, interactive and

Development of a wireless protection against imitation system for identification and control of vehicle access

Directory of Open Access Journals (Sweden)

Aleksei A. Gavrishev

2018-03-01

Full Text Available This article deals with wireless systems for identification and control of vehicle access to protected objects. Known systems are considered. As a result, it has been established that one of the most promising approaches to identifying and controlling vehicle access to protected objects is the use of systems based on the "friend or foe" principle. Among these systems, there are "one-directional" and "bedirectional" identification and access control systems. "Bidirectional" systems are more preferable for questions of identification and access control. However, at present, these systems should have a reduced probability of recognizing the structure of the request and response signals because the potential attacker can easily perform unauthorized access to the radio channel of the system. On this basis, developed a wireless system identification and control vehicle access to protected objects based on the principle of "friend or foe", featuring increased protection from unauthorized access and jamming through the use of rewritable drives chaotic sequences. In addition, it’s proposed to use to identify the vehicle's RFID tag containing additional information about it. Are some specifications of the developed system (the possible frequency range of the request-response signals, the communication range, data rate, the size of the transmitted data, guidelines for choosing RFID. Also, with the help of fuzzy logic, was made the security assessment from unauthorized access request-response signals based on the system of "friend or foe", which are transferred via radio channel, developed systems and analogues. The security assessment of the developed system shows an adequate degree of protection against complex threats (view, spoofing, interception and jamming of traffic in comparison with known systems of this class. Among the main advantages of the developed system it’s necessary to mention increased security from unauthorized access and jamming

The new ALICE DQM client: a web access to ROOT-based objects

International Nuclear Information System (INIS)

Von Haller, B; Carena, F; Carena, W; Chapeland, S; Barroso, V Chibante; Costa, F; Delort, C; Diviá, R.; Fuchs, U; Niedziela, J; Simonetti, G; Soós, C; Telesca, A; Vyvre, P Vande; Wegrzynek, A; Dénes, E

2015-01-01

A Large Ion Collider Experiment (ALICE) is the heavy-ion detector designed to study the physics of strongly interacting matter and the quark-gluon plasma at the CERN Large Hadron Collider (LHC). The online Data Quality Monitoring (DQM) plays an essential role in the experiment operation by providing shifters with immediate feedback on the data being recorded in order to quickly identify and overcome problems.An immediate access to the DQM results is needed not only by shifters in the control room but also by detector experts worldwide. As a consequence, a new web application has been developed to dynamically display and manipulate the ROOT-based objects produced by the DQM system in a flexible and user friendly interface.The architecture and design of the tool, its main features and the technologies that were used, both on the server and the client side, are described. In particular, we detail how we took advantage of the most recent ROOT JavaScript I/O and web server library to give interactive access to ROOT objects stored in a database. We describe as well the use of modern web techniques and packages such as AJAX, DHTMLX and jQuery, which has been instrumental in the successful implementation of a reactive and efficient application.We finally present the resulting application and how code quality was ensured. We conclude with a roadmap for future technical and functional developments. (paper)

Interactive computer-based instruction: Basic material control and accounting demonstration

International Nuclear Information System (INIS)

Keisch, B.

1993-01-01

The use of interactive, computer-based training (CBT) courses can be a time- and resource-saving alternative to formal instruction in a classroom milieu. With CBT, students can proceed at their own pace, fit the study course into their schedule, and avoid the extra time and effort involved in travel and other special arrangements. The demonstration given here is an abbreviated, annotated version of a recently developed course in basic material control and accounting designed for the MC and A novice. The system used is ''Quest'' which includes multi-media capabilities, individual scoring, and built-in result-reporting capabilities for the course administrator. Efficient instruction and training are more important than ever because of the growing numbers of relatively inexperienced persons becoming active in safeguards

Access control system for ISABELLE

International Nuclear Information System (INIS)

Potter, K.; Littenberg, L.

1977-01-01

An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release

rpanel: Simple Interactive Controls for R Functions Using the tcltk Package

Directory of Open Access Journals (Sweden)

Gavin Alexander

2006-01-01

Full Text Available In a variety of settings it is extremely helpful to be able to apply R functions through buttons, sliders and other types of graphical control. This is particularly true in plotting activities where immediate communication between such controls and a graphical display allows the user to interact with a plot in a very effective manner. The tcltk package provides extensive tools for this and the aim of the rpanel package is to provide simple and well documented functions which make these facilities as accessible as possible. In addition, the operations which form the basis of communication within tcltk are managed in a way which allows users to write functions with a more standard form of parameter passing. This paper describes the basic design of the software and illustrates it on a variety of examples of interactive control of graphics. The tkrplot system is used to allow plots to be integrated with controls into a single panel. An example of the use of a graphical image, and the ability to interact with this, is also discussed.

How Drug Control Policy and Practice Undermine Access to Controlled Medicines.

Science.gov (United States)

Burke-Shyne, Naomi; Csete, Joanne; Wilson, Duncan; Fox, Edward; Wolfe, Daniel; Rasanathan, Jennifer J K

2017-06-01

Drug conventions serve as the cornerstone for domestic drug laws and impose a dual obligation upon states to prevent the misuse of controlled substances while ensuring their adequate availability for medical and scientific purposes. Despite the mandate that these obligations be enforced equally, the dominant paradigm enshrined in the drug conventions is an enforcement-heavy criminal justice response to controlled substances that prohibits and penalizes their misuse. Prioritizing restrictive control is to the detriment of ensuring adequate availability of and access to controlled medicines, thereby violating the rights of people who need them. This paper argues that the drug conventions' prioritization of criminal justice measures-including efforts to prevent non-medical use of controlled substances-undermines access to medicines and infringes upon the right to health and the right to enjoy the benefits of scientific progress. While the effects of criminalization under drug policy limit the right to health in multiple ways, we draw on research and documented examples to highlight the impact of drug control and criminalization on access to medicines. The prioritization and protection of human rights-specifically the right to health and the right to enjoy the benefits of scientific progress-are critical to rebalancing drug policy.

An electronically controlled automatic security access gate

Directory of Open Access Journals (Sweden)

Jonathan A. ENOKELA

2014-11-01

Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.

Interaction between production control and quality control

NARCIS (Netherlands)

Bij, van der J.D.; Ekert, van J.H.W.

1999-01-01

Describes a qualitative study on interaction between systems for production control and quality control within industrial organisations. Production control and quality control interact in a sense. Good performance for one aspect often influences or frustrates the performance of the other. As far as

Foundation for a Time Interval Access Control Model

National Research Council Canada - National Science Library

Afinidad, Francis B; Levin, Timothy E; Irvine, Cynthia E; Nguyen, Thuy D

2005-01-01

A new model for representing temporal access control policies is introduced. In this model, temporal authorizations are represented by time attributes associated with both subjects and objects, and a time interval access graph...

Performance estimates for personnel access control systems

International Nuclear Information System (INIS)

Bradley, R.G.

1980-10-01

Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems

Interactive water monitoring system accessible by cordless telephone

Science.gov (United States)

Volpicelli, Richard; Andeweg, Pierre; Hagar, William G.

1985-12-01

A battery-operated, microcomputer-controlled monitoring device linked with a cordless telephone has been developed for remote measurements. This environmental sensor is self-contained and collects and processes data according to the information sent to its on-board computer system. An RCA model 1805 microprocessor forms the basic controller with a program encoded in memory for data acquisition and analysis. Signals from analog sensing devices used to monitor the environment are converted into digital signals and stored in random access memory of the microcomputer. This remote sensing system is linked to the laboratory by means of a cordless telephone whose base unit is connected to regular telephone lines. This offshore sensing system is simply accessed by a phone call originating from a computer terminal in the laboratory. Data acquisition is initiated upon request: Information continues to be processed and stored until the computer is reprogrammed by another phone call request. Information obtained may be recalled by a phone call after the desired environmental measurements are finished or while they are in progress. Data sampling parameters may be reset at any time, including in the middle of a measurement cycle. The range of the system is limited only by existing telephone grid systems and by the transmission characteristics of the cordless phone used as a communications link. This use of a cordless telephone, coupled with the on-board computer system, may be applied to other field studies requiring data transfer between an on-site analytical system and the laboratory.

Gaze-Based Controlling a Vehicle

DEFF Research Database (Denmark)

Mardanbeigi, Diako; Witzner Hansen, Dan

) as an example of a complex gaze-based task in environment. This paper discusses the possibilities and limitations of how gaze interaction can be performed for controlling vehicles not only using a remote gaze tracker but also in general challenging situations where the user and robot are mobile...... modality if gaze trackers are embedded into the head- mounted devices. The domain of gaze-based interactive applications increases dramatically as interaction is no longer constrained to 2D displays. This paper proposes a general framework for gaze-based controlling a non- stationary robot (vehicle...... and the movements may be governed by several degrees of freedom (e.g. flying). A case study is also introduced where the mobile gaze tracker is used for controlling a Roomba vacuum cleaner....

Interacting With Robots to Investigate the Bases of Social Interaction.

Science.gov (United States)

Sciutti, Alessandra; Sandini, Giulio

2017-12-01

Humans show a great natural ability at interacting with each other. Such efficiency in joint actions depends on a synergy between planned collaboration and emergent coordination, a subconscious mechanism based on a tight link between action execution and perception. This link supports phenomena as mutual adaptation, synchronization, and anticipation, which cut drastically the delays in the interaction and the need of complex verbal instructions and result in the establishment of joint intentions, the backbone of social interaction. From a neurophysiological perspective, this is possible, because the same neural system supporting action execution is responsible of the understanding and the anticipation of the observed action of others. Defining which human motion features allow for such emergent coordination with another agent would be crucial to establish more natural and efficient interaction paradigms with artificial devices, ranging from assistive and rehabilitative technology to companion robots. However, investigating the behavioral and neural mechanisms supporting natural interaction poses substantial problems. In particular, the unconscious processes at the basis of emergent coordination (e.g., unintentional movements or gazing) are very difficult-if not impossible-to restrain or control in a quantitative way for a human agent. Moreover, during an interaction, participants influence each other continuously in a complex way, resulting in behaviors that go beyond experimental control. In this paper, we propose robotics technology as a potential solution to this methodological problem. Robots indeed can establish an interaction with a human partner, contingently reacting to his actions without losing the controllability of the experiment or the naturalness of the interactive scenario. A robot could represent an "interactive probe" to assess the sensory and motor mechanisms underlying human-human interaction. We discuss this proposal with examples from our

The ARAC client system: network-based access to ARAC

International Nuclear Information System (INIS)

Leach, M J; Sumikawa, D; Webster, C

1999-01-01

The ARAC Client System allows users (such as emergency managers and first responders) with commonly available desktop and laptop computers to utilize the central ARAC system over the Internet or any other communications link using Internet protocols. Providing cost-effective fast access to the central ARAC system greatly expands the availability of the ARAC capability. The ARAC Client system consists of (1) local client applications running on the remote user's computer, and (2) ''site servers'' that provide secure access to selected central ARAC system capabilities and run on a scalable number of dedicated workstations residing at the central facility. The remote client applications allow users to describe a real or potential them-bio event, electronically sends this information to the central ARAC system which performs model calculations, and quickly receive and visualize the resulting graphical products. The site servers will support simultaneous access to ARAC capabilities by multiple users. The ARAC Client system is based on object-oriented client/server and distributed computing technologies using CORBA and Java, and consists of a large number of interacting components

The Practice of Hospital Intranet Terminal Access Control Solution

Institute of Scientific and Technical Information of China (English)

QI Shi-tao; TANG Li-ming

2016-01-01

Along with the increasingly urgent management needs of intranet terminals in hospital, and large scaled deployment of terminal management system, terminal access control has become one of the standard functions of terminal management. This paper mainly aims at some simple research for the system construction of hospital intranet terminal access control.

Flexible and Lightweight Access Control for Online Healthcare Social Networks in the Context of the Internet of Things

Directory of Open Access Journals (Sweden)

Zhen Qin

2017-01-01

Full Text Available Online healthcare social networks (OHSNs play an essential role in sharing information among medical experts and patients who are equipped with similar experiences. To access other patients’ data or experts’ diagnosis anywhere and anytime, it is necessary to integrate the OHSN into the Internet as part of the Internet of Things (IoT. Therefore, it is crucial to design an efficient and versatile access control scheme that can grant and revoke a user to access the OHSN. In this paper, we propose novel attribute-based encryption (ABE features with user revocation and verifiable decryption outsourcing to control the access privilege of the users. The security of the proposed ABE scheme is given in the well-studied random oracle model. With the proposed ABE scheme, the malicious users can be excluded from the system and the user can offload most of the overhead in the decryption to an untrusted cloud server in a verifiable manner. An access control scheme for the OHSN has been given in the context of the IoT based on the proposed ABE scheme. The simulation demonstrates that our access control mechanism is practical.

Interacting with the biomolecular solvent accessible surface via a haptic feedback device

Directory of Open Access Journals (Sweden)

Hayward Steven

2009-10-01

Full Text Available Abstract Background From the 1950s computer based renderings of molecules have been produced to aid researchers in their understanding of biomolecular structure and function. A major consideration for any molecular graphics software is the ability to visualise the three dimensional structure of the molecule. Traditionally, this was accomplished via stereoscopic pairs of images and later realised with three dimensional display technologies. Using a haptic feedback device in combination with molecular graphics has the potential to enhance three dimensional visualisation. Although haptic feedback devices have been used to feel the interaction forces during molecular docking they have not been used explicitly as an aid to visualisation. Results A haptic rendering application for biomolecular visualisation has been developed that allows the user to gain three-dimensional awareness of the shape of a biomolecule. By using a water molecule as the probe, modelled as an oxygen atom having hard-sphere interactions with the biomolecule, the process of exploration has the further benefit of being able to determine regions on the molecular surface that are accessible to the solvent. This gives insight into how awkward it is for a water molecule to gain access to or escape from channels and cavities, indicating possible entropic bottlenecks. In the case of liver alcohol dehydrogenase bound to the inhibitor SAD, it was found that there is a channel just wide enough for a single water molecule to pass through. Placing the probe coincident with crystallographic water molecules suggests that they are sometimes located within small pockets that provide a sterically stable environment irrespective of hydrogen bonding considerations. Conclusion By using the software, named HaptiMol ISAS (available from http://www.haptimol.co.uk, one can explore the accessible surface of biomolecules using a three-dimensional input device to gain insights into the shape and water

IAACaaS: IoT Application-Scoped Access Control as a Service

Directory of Open Access Journals (Sweden)

Álvaro Alonso

2017-10-01

Full Text Available access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability.

RFID card based access control system with counter for Indus Complex

International Nuclear Information System (INIS)

Jathar, M.R.; Vikas, Meshram; Patidar, S.C.

2015-01-01

As per norms of the Atomic energy regulatory board (AERB) to operate a facility in round the clock which has a potential of radiation exposure, radiation safety rules are to be followed. Indus -1 and Indus-2 are synchrotron radiation sources which are open for various users round the clock. To monitor the persons inside the defined zone at any given time, a system is setup consisting of RF ID cards and their readers along with dedicated software. Software is developed in Visual Basic and uses UDP network protocol for receiving data from readers installed at various locations and connected to local area network. The paper describes the access control scheme followed in Indus Accelerator Complex. (author)

Motion Intention Analysis-Based Coordinated Control for Amputee-Prosthesis Interaction

Directory of Open Access Journals (Sweden)

Fei Wang

2010-01-01

Full Text Available To study amputee-prosthesis (AP interaction, a novel reconfigurable biped robot was designed and fabricated. In homogeneous configuration, two identical artificial legs (ALs were used to simulate the symmetrical lower limbs of a healthy person. Linear inverted pendulum model combining with ZMP stability criterion was used to generate the gait trajectories of ALs. To acquire interjoint coordination for healthy gait, rate gyroscopes were mounted on CoGs of thigh and shank of both legs. By employing principal component analysis, the measured angular velocities were processed and the motion synergy was obtained in the final. Then, one of two ALs was replaced by a bionic leg (BL, and the biped robot was changed into heterogeneous configuration to simulate the AP coupling system. To realize symmetrical stable walking, master/slave coordinated control strategy is proposed. According to information acquired by gyroscopes, BL recognized the motion intention of AL and reconstructed its kinematic variables based on interjoint coordination. By employing iterative learning control, gait tracking of BL to AL was archived. Real environment robot walking experiments validated the correctness and effectiveness of the proposed scheme.

Development of an access control system for the LHD experimental hall

International Nuclear Information System (INIS)

Kawano, T.; Inoue, N.; Sakuma, Y.; Uda, T.; Yamanishi, H.; Miyake, H.; Tanahashi, S.; Motozima, O.

2000-01-01

An access control system for the LHD (Large Helical Device) experimental hall had been constructed and its practical operation started in March 1998. Continuously, the system has been improved. The present system keeps watch on involved entrance and exit for the use of persons at four entrances by using five turnstile gates while watching on eight shielding doors at eight positions (four entrances, three carriage entrances and a hall overview) and a stairway connecting the LHD main hall with the LHD basement. Besides, for the security of safety operation of the LHD, fifteen kinds of interlock signals are exchanged between the access control system and the LHD control system. Seven of the interlock signals are properly sent as the occasional demands from the access control system to the LHD control system, in which three staple signals are B Personnel Access to Controlled Area, D Shielding Door Closed, and E No Entrance. It is important that any plasma experiments of the LHD are not permitted while the signal B being sent or D being not sent. The signal E is sent to inform the LHD control system that the turnstile gates are locked. All the plasma experiments should not be done unless the lock procedure of the turnstile is confirmed. When the turnstile gates are locked, any persons cannot enter into the LHD controlled area, but are permissible to exit only. Six of the interlock signals are used to send the information of the working at that time in the LHD controlled area to the access control system. When one signal of the operation mode is sent to the access control system from the LHD, the access control system sets the turnstile gate in situation corresponding to the operation mode, A Equipment Operation, B Vacuum Pumping, C Coil Cooling, D Coil Excitation, and E Plasma Experiment. If the access control system receives, for example, the signal B, this system sets the turnstile gate in the condition of control such that only persons assigned to the work of vacuum

Interactive Learning Environment: Web-based Virtual Hydrological Simulation System using Augmented and Immersive Reality

Science.gov (United States)

Demir, I.

2014-12-01

Recent developments in internet technologies make it possible to manage and visualize large data on the web. Novel visualization techniques and interactive user interfaces allow users to create realistic environments, and interact with data to gain insight from simulations and environmental observations. The hydrological simulation system is a web-based 3D interactive learning environment for teaching hydrological processes and concepts. The simulation systems provides a visually striking platform with realistic terrain information, and water simulation. Students can create or load predefined scenarios, control environmental parameters, and evaluate environmental mitigation alternatives. The web-based simulation system provides an environment for students to learn about the hydrological processes (e.g. flooding and flood damage), and effects of development and human activity in the floodplain. The system utilizes latest web technologies and graphics processing unit (GPU) for water simulation and object collisions on the terrain. Users can access the system in three visualization modes including virtual reality, augmented reality, and immersive reality using heads-up display. The system provides various scenarios customized to fit the age and education level of various users. This presentation provides an overview of the web-based flood simulation system, and demonstrates the capabilities of the system for various visualization and interaction modes.

Energy-Efficient Boarder Node Medium Access Control Protocol for Wireless Sensor Networks

OpenAIRE

Razaque, Abdul; Elleithy, Khaled M.

2014-01-01

This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC) for wireless sensor networks (WSNs), which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols,...

Open versus Controlled-Access Data | Office of Cancer Genomics

Science.gov (United States)

OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

Access control and confidentiality in radiology

Science.gov (United States)

Noumeir, Rita; Chafik, Adil

2005-04-01

A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

Performance Evaluation of TDMA Medium Access Control Protocol in Cognitive Wireless Networks

Directory of Open Access Journals (Sweden)

Muhammed Enes Bayrakdar

2017-02-01

Full Text Available Cognitive radio paradigm has been revealed as a new communication technology that shares channels in wireless networks. Channel assignment is a crucial issue in the field of cognitive wireless networks because of the spectrum scarcity. In this work, we have evaluated the performance of TDMA medium access control protocol. In our simulation scenarios, primary users and secondary users utilize TDMA as a medium access control protocol. We have designed a network environment in Riverbed simulation software that consists of primary users, secondary users, and base stations. In our system model, secondary users sense the spectrum and inform the base station about empty channels. Then, the base station decides accordingly which secondary user may utilize the empty channel. Energy detection technique is employed as a spectrum sensing technique because it is the best when information about signal of primary user is acquired. Besides, different number of users is selected in simulation scenarios in order to obtain accurate delay and throughput results. Comparing analytical model with simulation results, we have shown that performance analysis of our system model is consistent and accurate.

Web Based Remote Access Microcontroller Laboratory

OpenAIRE

H. Çimen; İ. Yabanova; M. Nartkaya; S. M. Çinar

2008-01-01

This paper presents a web based remote access microcontroller laboratory. Because of accelerated development in electronics and computer technologies, microcontroller-based devices and appliances are found in all aspects of our daily life. Before the implementation of remote access microcontroller laboratory an experiment set is developed by teaching staff for training microcontrollers. Requirement of technical teaching and industrial applications are considered when expe...

PKI-based secure mobile access to electronic health services and data.

Science.gov (United States)

Kambourakis, G; Maglogiannis, I; Rouskas, A

2005-01-01

Recent research works examine the potential employment of public-key cryptography schemes in e-health environments. In such systems, where a Public Key Infrastructure (PKI) is established beforehand, Attribute Certificates (ACs) and public key enabled protocols like TLS, can provide the appropriate mechanisms to effectively support authentication, authorization and confidentiality services. In other words, mutual trust and secure communications between all the stakeholders, namely physicians, patients and e-health service providers, can be successfully established and maintained. Furthermore, as the recently introduced mobile devices with access to computer-based patient record systems are expanding, the need of physicians and nurses to interact increasingly with such systems arises. Considering public key infrastructure requirements for mobile online health networks, this paper discusses the potential use of Attribute Certificates (ACs) in an anticipated trust model. Typical trust interactions among doctors, patients and e-health providers are presented, indicating that resourceful security mechanisms and trust control can be obtained and implemented. The application of attribute certificates to support medical mobile service provision along with the utilization of the de-facto TLS protocol to offer competent confidentiality and authorization services is also presented and evaluated through experimentation, using both the 802.11 WLAN and General Packet Radio Service (GPRS) networks.

Statistical Modeling of Antenna: Urban Equipment Interactions for LTE Access Points

Directory of Open Access Journals (Sweden)

Xin Zeng

2012-01-01

Full Text Available The latest standards for wireless networks such as LTE are essentially based on small cells in order to achieve a large network capacity. This applies for antennas to be deployed at street level or even within buildings. However, antennas are commonly designed, simulated, and measured in ideal conditions, which is not the real situation for most applications where antennas are often deployed in proximity to objects acting as disturbers. In this paper, three conventional wireless access point scenarios (antenna-wall, antenna-shelter, and antenna lamppost are investigated for directional or omnidirectional antennas. The paper first addresses the definition of three performance indicators for such scenarios and secondly uses such parameters towards the statistical analysis of the interactions between the wall and the antennas.

A Novel Dynamic Spectrum Access Framework Based on Reinforcement Learning for Cognitive Radio Sensor Networks

Directory of Open Access Journals (Sweden)

Yun Lin

2016-10-01

Full Text Available Cognitive radio sensor networks are one of the kinds of application where cognitive techniques can be adopted and have many potential applications, challenges and future research trends. According to the research surveys, dynamic spectrum access is an important and necessary technology for future cognitive sensor networks. Traditional methods of dynamic spectrum access are based on spectrum holes and they have some drawbacks, such as low accessibility and high interruptibility, which negatively affect the transmission performance of the sensor networks. To address this problem, in this paper a new initialization mechanism is proposed to establish a communication link and set up a sensor network without adopting spectrum holes to convey control information. Specifically, firstly a transmission channel model for analyzing the maximum accessible capacity for three different polices in a fading environment is discussed. Secondly, a hybrid spectrum access algorithm based on a reinforcement learning model is proposed for the power allocation problem of both the transmission channel and the control channel. Finally, extensive simulations have been conducted and simulation results show that this new algorithm provides a significant improvement in terms of the tradeoff between the control channel reliability and the efficiency of the transmission channel.

SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing.

Science.gov (United States)

Huang, Qinlong; Yang, Yixian; Shi, Yuxiang

2018-02-24

With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC.

Block Access Token Renewal Scheme Based on Secret Sharing in Apache Hadoop

Directory of Open Access Journals (Sweden)

Su-Hyun Kim

2014-07-01

Full Text Available In a cloud computing environment, user data is encrypted and stored using a large number of distributed servers. Global Internet service companies such as Google and Yahoo have recognized the importance of Internet service platforms and conducted their own research and development to utilize large cluster-based cloud computing platform technologies based on low-cost commercial off-the-shelf nodes. Accordingly, as various data services are now allowed over a distributed computing environment, distributed management of big data has become a major issue. On the other hand, security vulnerability and privacy infringement due to malicious attackers or internal users can occur by means of various usage types of big data. In particular, various security vulnerabilities can occur in the block access token, which is used for the permission control of data blocks in Hadoop. To solve this problem, we have proposed a weight-applied XOR-based efficient distribution storage and recovery scheme in this paper. In particular, various security vulnerabilities can occur in the block access token, which is used for the permission control of data blocks in Hadoop. In this paper, a secret sharing-based block access token management scheme is proposed to overcome such security vulnerabilities.

Development of a new ALWR control concept using a PC-based interactive environment

International Nuclear Information System (INIS)

Godbole, S.S.; Eschbach, S.L.; Gabler, W.E.; Brown, R.J.

1988-01-01

This paper describes a new control concept for an advanced light water reactor (ALWR) and the personal computer (PC) based environment on which it was developed. In this concept, a mathematical model of the plant is used to calculate the demands and certain setpoints. The model takes into account stored energy and mass, and plant interactions, and thus the calculated demands represent dynamic balance between subsystems. Corrections to these demands based on certain key measurements are determined to account for deviation between the model and the plant and to keep the plant away from protection and operating limits. The expected results are smoother plant maneuvers and runbacks and fewer challenges to safety systems

An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environments

Science.gov (United States)

Zhang, Yue

2010-01-01

Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and…

A method to implement fine-grained access control for personal health records through standard relational database queries.

Science.gov (United States)

Sujansky, Walter V; Faus, Sam A; Stone, Ethan; Brennan, Patricia Flatley

2010-10-01

Online personal health records (PHRs) enable patients to access, manage, and share certain of their own health information electronically. This capability creates the need for precise access-controls mechanisms that restrict the sharing of data to that intended by the patient. The authors describe the design and implementation of an access-control mechanism for PHR repositories that is modeled on the eXtensible Access Control Markup Language (XACML) standard, but intended to reduce the cognitive and computational complexity of XACML. The authors implemented the mechanism entirely in a relational database system using ANSI-standard SQL statements. Based on a set of access-control rules encoded as relational table rows, the mechanism determines via a single SQL query whether a user who accesses patient data from a specific application is authorized to perform a requested operation on a specified data object. Testing of this query on a moderately large database has demonstrated execution times consistently below 100ms. The authors include the details of the implementation, including algorithms, examples, and a test database as Supplementary materials. Copyright © 2010 Elsevier Inc. All rights reserved.

EPICS channel access using websocket

International Nuclear Information System (INIS)

Uchiyama, A.; Furukawa, K.; Higurashi, Y.

2012-01-01

Web technology is useful as a means of widely disseminating accelerator and beam status information. For this purpose, WebOPI was implemented by SNS as a web-based system using Ajax (asynchronous JavaScript and XML) with EPICS. On the other hand, it is often necessary to control the accelerator from different locations as well as the central control room during beam operation and maintenance. However, it is not realistic to replace the GUI-based operator interface (OPI) with a Web-based system using Ajax technology because of interactive performance issue. Therefore, as a next generation OPI over the web using EPICS Channel Access (CA), we developed a client system based on WebSocket, which is a new protocol provided by the Internet Engineering Task Force (IETF) for Web-based systems. WebSocket is a web technology that provides bidirectional, full-duplex communication channels over a single TCP connection. By utilizing Node.js and the WebSocket access library called Socket.IO, a WebSocket server was implemented. Node.js is a server-side JavaScript language built on the Google V8 JavaScript Engine. In order to construct the WebSocket server as an EPICS CA client, an add-on for Node.js was developed in C/C++ using the EPICS CA library, which is included in the EPICS base. As a result, for accelerator operation, Web-based client systems became available not only in the central control room but also with various types of equipment. (author)

Network-based production quality control

Science.gov (United States)

Kwon, Yongjin; Tseng, Bill; Chiou, Richard

2007-09-01

This study investigates the feasibility of remote quality control using a host of advanced automation equipment with Internet accessibility. Recent emphasis on product quality and reduction of waste stems from the dynamic, globalized and customer-driven market, which brings opportunities and threats to companies, depending on the response speed and production strategies. The current trends in industry also include a wide spread of distributed manufacturing systems, where design, production, and management facilities are geographically dispersed. This situation mandates not only the accessibility to remotely located production equipment for monitoring and control, but efficient means of responding to changing environment to counter process variations and diverse customer demands. To compete under such an environment, companies are striving to achieve 100%, sensor-based, automated inspection for zero-defect manufacturing. In this study, the Internet-based quality control scheme is referred to as "E-Quality for Manufacturing" or "EQM" for short. By its definition, EQM refers to a holistic approach to design and to embed efficient quality control functions in the context of network integrated manufacturing systems. Such system let designers located far away from the production facility to monitor, control and adjust the quality inspection processes as production design evolves.

A Web Based Educational Programming Logic Controller Training Set Based on Vocational High School Students' Demands

Directory of Open Access Journals (Sweden)

Abdullah Alper Efe

2018-01-01

Full Text Available The purpose of this study was to design and develop aProgramming Logic Controller Training Set according to vocational high school students’ educational needs. In this regard, by using the properties of distance education the proposed system supported “hands-on” PLC programming laboratory exercises in industrial automation area. The system allowed students to access and control the PLC training set remotely. For this purpose, researcher designed a web site to facilitate students’ interactivity and support PLC programming. In the training set, Induction Motor, Frequency Converter and Encoder tripart controlled by Siemens Simatic S7-200 PLC controller by the help of SIMATIC Step 7 Programming Software were used to make the system more effective and efficient. Moreover, training set included an IP camera system allowing to monitor devices and pilot application. By working with this novel remote accessible training set, students and researchers recieved a chance to inhere self paced learning experiences. Also, The PLC training set offered an effective learning enviroenment for distance education, which is based on presenting the content on the web and opening it to the online users and provided a safe and economical solution for multiple users in a workplace to enhance the quality of education with less overall cost.

Controlling Second Harmonic Efficiency of Laser Beam Interactions

Science.gov (United States)

Barnes, Norman P. (Inventor); Walsh, Brian M. (Inventor); Reichle, Donald J. (Inventor)

2011-01-01

A method is provided for controlling second harmonic efficiency of laser beam interactions. A laser system generates two laser beams (e.g., a laser beam with two polarizations) for incidence on a nonlinear crystal having a preferred direction of propagation. Prior to incidence on the crystal, the beams are optically processed based on the crystal's beam separation characteristics to thereby control a position in the crystal along the preferred direction of propagation at which the beams interact.

Regulatory accessibility and social influences on state self-control.

Science.gov (United States)

vanDellen, Michelle R; Hoyle, Rick H

2010-02-01

The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals' state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-control leads to increases in state self-control and thinking of others with bad trait or state self-control leads to decreases in state self-control. Study 5 provides evidence that the salience of significant others influences both regulatory accessibility and state self-control. Combined, these studies suggest that the effects of social influences on state self-control occur through multiple mechanisms.

Object oriented programming techniques applied to device access and control

International Nuclear Information System (INIS)

Goetz, A.; Klotz, W.D.; Meyer, J.

1992-01-01

In this paper a model, called the device server model, has been presented for solving the problem of device access and control faced by all control systems. Object Oriented Programming techniques were used to achieve a powerful yet flexible solution. The model provides a solution to the problem which hides device dependancies. It defines a software framework which has to be respected by implementors of device classes - this is very useful for developing groupware. The decision to implement remote access in the root class means that device servers can be easily integrated in a distributed control system. A lot of the advantages and features of the device server model are due to the adoption of OOP techniques. The main conclusion that can be drawn from this paper is that 1. the device access and control problem is adapted to being solved with OOP techniques, 2. OOP techniques offer a distinct advantage over traditional programming techniques for solving the device access problem. (J.P.N.)

Access Control Model for Sharing Composite Electronic Health Records

Science.gov (United States)

Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

Identity based Encryption and Biometric Authentication Scheme for Secure Data Access in Cloud Computing

DEFF Research Database (Denmark)

Cheng, Hongbing; Rong, Chunming; Tan, Zheng-Hua

2012-01-01

Cloud computing will be a main information infrastructure in the future; it consists of many large datacenters which are usually geographically distributed and heterogeneous. How to design a secure data access for cloud computing platform is a big challenge. In this paper, we propose a secure data...... access scheme based on identity-based encryption and biometric authentication for cloud computing. Firstly, we describe the security concern of cloud computing and then propose an integrated data access scheme for cloud computing, the procedure of the proposed scheme include parameter setup, key...... distribution, feature template creation, cloud data processing and secure data access control. Finally, we compare the proposed scheme with other schemes through comprehensive analysis and simulation. The results show that the proposed data access scheme is feasible and secure for cloud computing....

Depth camera-based 3D hand gesture controls with immersive tactile feedback for natural mid-air gesture interactions.

Science.gov (United States)

Kim, Kwangtaek; Kim, Joongrock; Choi, Jaesung; Kim, Junghyun; Lee, Sangyoun

2015-01-08

Vision-based hand gesture interactions are natural and intuitive when interacting with computers, since we naturally exploit gestures to communicate with other people. However, it is agreed that users suffer from discomfort and fatigue when using gesture-controlled interfaces, due to the lack of physical feedback. To solve the problem, we propose a novel complete solution of a hand gesture control system employing immersive tactile feedback to the user's hand. For this goal, we first developed a fast and accurate hand-tracking algorithm with a Kinect sensor using the proposed MLBP (modified local binary pattern) that can efficiently analyze 3D shapes in depth images. The superiority of our tracking method was verified in terms of tracking accuracy and speed by comparing with existing methods, Natural Interaction Technology for End-user (NITE), 3D Hand Tracker and CamShift. As the second step, a new tactile feedback technology with a piezoelectric actuator has been developed and integrated into the developed hand tracking algorithm, including the DTW (dynamic time warping) gesture recognition algorithm for a complete solution of an immersive gesture control system. The quantitative and qualitative evaluations of the integrated system were conducted with human subjects, and the results demonstrate that our gesture control with tactile feedback is a promising technology compared to a vision-based gesture control system that has typically no feedback for the user's gesture inputs. Our study provides researchers and designers with informative guidelines to develop more natural gesture control systems or immersive user interfaces with haptic feedback.

Depth Camera-Based 3D Hand Gesture Controls with Immersive Tactile Feedback for Natural Mid-Air Gesture Interactions

Directory of Open Access Journals (Sweden)

Kwangtaek Kim

2015-01-01

Full Text Available Vision-based hand gesture interactions are natural and intuitive when interacting with computers, since we naturally exploit gestures to communicate with other people. However, it is agreed that users suffer from discomfort and fatigue when using gesture-controlled interfaces, due to the lack of physical feedback. To solve the problem, we propose a novel complete solution of a hand gesture control system employing immersive tactile feedback to the user’s hand. For this goal, we first developed a fast and accurate hand-tracking algorithm with a Kinect sensor using the proposed MLBP (modified local binary pattern that can efficiently analyze 3D shapes in depth images. The superiority of our tracking method was verified in terms of tracking accuracy and speed by comparing with existing methods, Natural Interaction Technology for End-user (NITE, 3D Hand Tracker and CamShift. As the second step, a new tactile feedback technology with a piezoelectric actuator has been developed and integrated into the developed hand tracking algorithm, including the DTW (dynamic time warping gesture recognition algorithm for a complete solution of an immersive gesture control system. The quantitative and qualitative evaluations of the integrated system were conducted with human subjects, and the results demonstrate that our gesture control with tactile feedback is a promising technology compared to a vision-based gesture control system that has typically no feedback for the user’s gesture inputs. Our study provides researchers and designers with informative guidelines to develop more natural gesture control systems or immersive user interfaces with haptic feedback.

Accessing and disclosing protected resources

DEFF Research Database (Denmark)

Olesen, Henning; Khajuria, Samant

2014-01-01

TODAY, DATA IS MONEY. Whether it is private users’ personal data or confidential data and assets belonging to service providers, all parties have a strong need to protect their resources when interacting with each other, i.e. for access control and authorization. For service providers and enterpr......TODAY, DATA IS MONEY. Whether it is private users’ personal data or confidential data and assets belonging to service providers, all parties have a strong need to protect their resources when interacting with each other, i.e. for access control and authorization. For service providers...... and enterprises resources are usually well safeguarded, while private users are often missing the tools and the know-how to protect their own data and preserve their privacy. The user’s personal data have become an economic asset, not necessarily to the owners of these data, but to the service providers, whose...... business mod- els often includes the use of these data. In this paper we focus on the user – service provider interaction and discuss how recent technological progress, in particular the framework of User Managed Access (UMA), can enable users to understand the value of their protected resources...

Controlling Access to Suicide Means

Directory of Open Access Journals (Sweden)

Miriam Iosue

2011-12-01

Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.

Eye Tracking Based Control System for Natural Human-Computer Interaction

Directory of Open Access Journals (Sweden)

Xuebai Zhang

2017-01-01

Full Text Available Eye movement can be regarded as a pivotal real-time input medium for human-computer communication, which is especially important for people with physical disability. In order to improve the reliability, mobility, and usability of eye tracking technique in user-computer dialogue, a novel eye control system with integrating both mouse and keyboard functions is proposed in this paper. The proposed system focuses on providing a simple and convenient interactive mode by only using user’s eye. The usage flow of the proposed system is designed to perfectly follow human natural habits. Additionally, a magnifier module is proposed to allow the accurate operation. In the experiment, two interactive tasks with different difficulty (searching article and browsing multimedia web were done to compare the proposed eye control tool with an existing system. The Technology Acceptance Model (TAM measures are used to evaluate the perceived effectiveness of our system. It is demonstrated that the proposed system is very effective with regard to usability and interface design.

Eye Tracking Based Control System for Natural Human-Computer Interaction.

Science.gov (United States)

Zhang, Xuebai; Liu, Xiaolong; Yuan, Shyan-Ming; Lin, Shu-Fan

2017-01-01

Eye movement can be regarded as a pivotal real-time input medium for human-computer communication, which is especially important for people with physical disability. In order to improve the reliability, mobility, and usability of eye tracking technique in user-computer dialogue, a novel eye control system with integrating both mouse and keyboard functions is proposed in this paper. The proposed system focuses on providing a simple and convenient interactive mode by only using user's eye. The usage flow of the proposed system is designed to perfectly follow human natural habits. Additionally, a magnifier module is proposed to allow the accurate operation. In the experiment, two interactive tasks with different difficulty (searching article and browsing multimedia web) were done to compare the proposed eye control tool with an existing system. The Technology Acceptance Model (TAM) measures are used to evaluate the perceived effectiveness of our system. It is demonstrated that the proposed system is very effective with regard to usability and interface design.

Design and Implementation of File Access and Control System Based on Dynamic Web

Institute of Scientific and Technical Information of China (English)

GAO Fuxiang; YAO Lan; BAO Shengfei; YU Ge

2006-01-01

A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.

Interactive Control System, Intended Strategy, Implemented Strategy dan Emergent Strategy

Directory of Open Access Journals (Sweden)

Tubagus Ismail

2012-09-01

Full Text Available The purpose of this study was to examine the relationship between management control system (MCS and strategy formation processes, namely: intended strategy, emergent strategy and impelemented strategy. The focus of MCS in this study was interactive control system. The study was based on Structural Equation Modeling (SEM as its multivariate analyses instrument. The samples were upper middle managers of manufacturing company in Banten Province, DKI Jakarta Province and West Java Province. AMOS Software 16 program is used as an additional instrument to resolve the problem in SEM modeling. The study found that interactive control system brought a positive and significant influence on Intended strategy; interactive control system brought a positive and significant influence on implemented strategy; interactive control system brought a positive and significant influence on emergent strategy. The limitation of this study is that our empirical model only used one way relationship between the process of strategy formation and interactive control system.

An Interaction Measure for Control Configuration Selection for Multivariable Bilinear Systems

DEFF Research Database (Denmark)

Shaker, Hamid Reza; Stoustrup, Jakob

2013-01-01

are needed to be controlled, are nonlinear and linear models are insufficient to describe the behavior of the processes. The focus of this paper is on the problem of control configuration selection for a class of nonlinear systems which is known as bilinear systems. A gramian-based interaction measure...... for control configuration selection of MIMO bilinear processes is described. In general, most of the results on the control configuration selection, which have been proposed so far, can only support linear systems. The proposed gramian-based interaction measure not only supports bilinear processes but also...

Access and control of information and intellectual property

Science.gov (United States)

Lang, Gerald S.

1996-03-01

This paper introduces the technology of two pioneering patents for the secure distribution of information and intellectual property. The seminal technology has been used in the control of sensitive material such as medical records and imagery in distributed networks. It lends itself to the implementation of an open architecture access control system that provides local or remote user selective access to digital information stored on any computer system or storage medium, down to the data element, pixel, and sub-pixel levels. Use of this technology is especially suited for electronic publishing, health care records, MIS, and auditing.

A new adaptive control scheme based on the interacting multiple model (IMM) estimation

International Nuclear Information System (INIS)

Afshari, Hamed H.; Al-Ani, Dhafar; Habibi, Saeid

2016-01-01

In this paper, an Interacting multiple model (IMM) adaptive estimation approach is incorporated to design an optimal adaptive control law for stabilizing an Unmanned vehicle. Due to variations of the forward velocity of the Unmanned vehicle, its aerodynamic derivatives are constantly changing. In order to stabilize the unmanned vehicle and achieve the control objectives for in-flight conditions, one seeks for an adaptive control strategy that can adjust itself to varying flight conditions. In this context, a bank of linear models is used to describe the vehicle dynamics in different operating modes. Each operating mode represents a particular dynamic with a different forward velocity. These models are then used within an IMM filter containing a bank of Kalman filters (KF) in a parallel operating mechanism. To regulate and stabilize the vehicle, a Linear quadratic regulator (LQR) law is designed and implemented for each mode. The IMM structure determines the particular mode based on the stored models and in-flight input-output measurements. The LQR controller also provides a set of controllers; each corresponds to a particular flight mode and minimizes the tracking error. Finally, the ultimate control law is obtained as a weighted summation of all individual controllers whereas weights are obtained using mode probabilities of each operating mode.

Design and Implementation of a Web-based Monitoring System by using EPICS Channel Access Protocol

International Nuclear Information System (INIS)

An, Eun Mi; Song, Yong Gi

2009-01-01

Proton Engineering Frontier Project (PEFP) has developed a 20MeV proton accelerator, and established a distributed control system based on EPICS for sub-system components such as vacuum unit, beam diagnostics, and power supply system. The control system includes a real-time monitoring and alarm functions. From the aspect of a efficient maintenance of a control system and a additional extension of subsystems, EPICS software framework was adopted. In addition, a control system should be capable of providing an easy access for users and a real-time monitoring on a user screen. Therefore, we have implemented a new web-based monitoring server with several libraries. By adding DB module, the new IOC web monitoring system makes it possible to monitor the system through the web. By integrating EPICS Channel Access (CA) and Database libraries into a Database module, the web-based monitoring system makes it possible to monitor the sub-system status through user's internet browser. In this study, we developed a web based monitoring system by using EPICS IOC (Input Output Controller) with IBM server

Hopping control channel MAC protocol for opportunistic spectrum access networks

Institute of Scientific and Technical Information of China (English)

FU Jing-tuan; JI Hong; MAO Xu

2010-01-01

Opportunistic spectrum access （OSA） is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access （CHMA） protocol,we introduce a hopping control channel medium access control （MAC） protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users＇ occupancy of the channel,we use a primary user （PU） detection model to calculate the channel availability for unlicensed users＇ access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.

Access Agent Improving The Performance Of Access Control Lists

Directory of Open Access Journals (Sweden)

Thelis R. S.

2015-08-01

Full Text Available The main focus of the proposed research is maintaining the security of a network. Extranet is a popular network among most of the organizations where network access is provided to a selected group of outliers. Limiting access to an extranet can be carried out using Access Control Lists ACLs method. However handling the workload of ACLs is an onerous task for the router. The purpose of the proposed research is to improve the performance and to solidify the security of the ACLs used in a small organization. Using a high performance computer as a dedicated device to share and handle the router workload is suggested in order to increase the performance of the router when handling ACLs. Methods of detecting and directing sensitive data is also discussed in this paper. A framework is provided to help increase the efficiency of the ACLs in an organization network using the above mentioned procedures thus helping the organizations ACLs performance to be improved to be more secure and the system to perform faster. Inbuilt methods of Windows platform or Software for open source platforms can be used to make a computer function as a router. Extended ACL features allow the determining of the type of packets flowing through the router. Combining these mechanisms allows the ACLs to be improved and perform in a more efficient manner.

Towards Automatic Testing of Reference Point Based Interactive Methods

OpenAIRE

Ojalehto, Vesa; Podkopaev, Dmitry; Miettinen, Kaisa

2016-01-01

In order to understand strengths and weaknesses of optimization algorithms, it is important to have access to different types of test problems, well defined performance indicators and analysis tools. Such tools are widely available for testing evolutionary multiobjective optimization algorithms. To our knowledge, there do not exist tools for analyzing the performance of interactive multiobjective optimization methods based on the reference point approach to communicating ...

Evaluation of Standards for Access Control Enabling PHR-S Federation.

Science.gov (United States)

Mense, Alexander; Urbauer, Philipp; Sauermann, Stefan

2017-01-01

The adoption of the Internet of Things (IoT) and mobile applications in the healthcare may transform the healthcare industry by offering better disease tracking and management as well as patient empowerment. Unfortunately, almost all of these new systems set up their own ecosystem and to be really valuable for the care process they need to be integrated or federated with user managed access control services based on international standards and profiles to enable interoperability. Thus, this work presents the results of an evaluation of available specifications for federated authorization, based on a set of basic requirements.

A highly efficient SDRAM controller supporting variable-length burst access and batch process for discrete reads

Science.gov (United States)

Li, Nan; Wang, Junzheng

2016-03-01

A highly efficient Synchronous Dynamic Random Access Memory (SDRAM) controller supporting variable-length burst access and batch process for discrete reads is proposed in this paper. Based on the Principle of Locality, command First In First Out (FIFO) and address range detector are designed within this controller to accelerate its responses to discrete read requests, which dramatically improves the average Effective Bus Utilization Ratio (EBUR) of SDRAM. Our controller is finally verified by driving the Micron 256-Mb SDRAM MT48LC16M16A2. Successful simulation and verification results show that our controller exhibits much higher EBUR than do most existing designs in case of discrete reads.

75 FR 4007 - Risk Management Controls for Brokers or Dealers With Market Access

Science.gov (United States)

2010-01-26

... 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access AGENCY: Securities and... or other persons, to implement risk management controls and supervisory procedures reasonably... access may not utilize any pre-trade risk management controls (i.e., ``unfiltered'' or ``naked'' access...

Interactive access to LP DAAC satellite data archives through a combination of open-source and custom middleware web services

Science.gov (United States)

Davis, Brian N.; Werpy, Jason; Friesz, Aaron M.; Impecoven, Kevin; Quenzer, Robert; Maiersperger, Tom; Meyer, David J.

2015-01-01

Current methods of searching for and retrieving data from satellite land remote sensing archives do not allow for interactive information extraction. Instead, Earth science data users are required to download files over low-bandwidth networks to local workstations and process data before science questions can be addressed. New methods of extracting information from data archives need to become more interactive to meet user demands for deriving increasingly complex information from rapidly expanding archives. Moving the tools required for processing data to computer systems of data providers, and away from systems of the data consumer, can improve turnaround times for data processing workflows. The implementation of middleware services was used to provide interactive access to archive data. The goal of this middleware services development is to enable Earth science data users to access remote sensing archives for immediate answers to science questions instead of links to large volumes of data to download and process. Exposing data and metadata to web-based services enables machine-driven queries and data interaction. Also, product quality information can be integrated to enable additional filtering and sub-setting. Only the reduced content required to complete an analysis is then transferred to the user.

Interaction design challenges and solutions for ALMA operations monitoring and control

Science.gov (United States)

Pietriga, Emmanuel; Cubaud, Pierre; Schwarz, Joseph; Primet, Romain; Schilling, Marcus; Barkats, Denis; Barrios, Emilio; Vila Vilaro, Baltasar

2012-09-01

The ALMA radio-telescope, currently under construction in northern Chile, is a very advanced instrument that presents numerous challenges. From a software perspective, one critical issue is the design of graphical user interfaces for operations monitoring and control that scale to the complexity of the system and to the massive amounts of data users are faced with. Early experience operating the telescope with only a few antennas has shown that conventional user interface technologies are not adequate in this context. They consume too much screen real-estate, require many unnecessary interactions to access relevant information, and fail to provide operators and astronomers with a clear mental map of the instrument. They increase extraneous cognitive load, impeding tasks that call for quick diagnosis and action. To address this challenge, the ALMA software division adopted a user-centered design approach. For the last two years, astronomers, operators, software engineers and human-computer interaction researchers have been involved in participatory design workshops, with the aim of designing better user interfaces based on state-of-the-art visualization techniques. This paper describes the process that led to the development of those interface components and to a proposal for the science and operations console setup: brainstorming sessions, rapid prototyping, joint implementation work involving software engineers and human-computer interaction researchers, feedback collection from a broader range of users, further iterations and testing.

A Comparative Analysis of Wiki Discretionary Access Control in a CONOPS Environment

National Research Council Canada - National Science Library

Crawford, Frederick L

2008-01-01

This research conducts a comparative analysis of discretionary access controls of current wikis by experimenting with their discretionary access controls and functionality, comparing the wiki software...

Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network.

Science.gov (United States)

Omala, Anyembe Andrew; Mbandu, Angolo Shem; Mutiria, Kamenyi Domenic; Jin, Chunhua; Li, Fagen

2018-04-28

Wireless body area network (WBAN) provides a medium through which physiological information could be harvested and transmitted to application provider (AP) in real time. Integrating WBAN in a heterogeneous Internet of Things (IoT) ecosystem would enable an AP to monitor patients from anywhere and at anytime. However, the IoT roadmap of interconnected 'Things' is still faced with many challenges. One of the challenges in healthcare is security and privacy of streamed medical data from heterogeneously networked devices. In this paper, we first propose a heterogeneous signcryption scheme where a sender is in a certificateless cryptographic (CLC) environment while a receiver is in identity-based cryptographic (IBC) environment. We then use this scheme to design a heterogeneous access control protocol. Formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model is presented. In comparison with some of the existing access control schemes, our scheme has lower computation and communication cost.

Requirements for Scalable Access Control and Security Management Architectures

National Research Council Canada - National Science Library

Keromytis, Angelos D; Smith, Jonathan M

2005-01-01

Maximizing local autonomy has led to a scalable Internet. Scalability and the capacity for distributed control have unfortunately not extended well to resource access control policies and mechanisms...

Ubiquitous access control and policy management in personal networks

DEFF Research Database (Denmark)

Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.

2006-01-01

distributed master devices acting as access points- and also pure peer-to-peer interactions inside the PN. Taking benefit from the modularity and scalability of the design, this solution can be extended into supporting coalitions of different security domains, deriving from the creation of PNs federations....

An object-oriented feature-based design system face-based detection of feature interactions

International Nuclear Information System (INIS)

Ariffin Abdul Razak

1999-01-01

This paper presents an object-oriented, feature-based design system which supports the integration of design and manufacture by ensuring that part descriptions fully account for any feature interactions. Manufacturing information is extracted from the feature descriptions in the form of volumes and Tool Access Directions, TADs. When features interact, both volumes and TADs are updated. This methodology has been demonstrated by developing a prototype system in which ACIS attributes are used to record feature information within the data structure of the solid model. The system implemented in the C++ programming language and embedded in a menu-driven X-windows user interface to the ACIS 3D Toolkit. (author)

Urban Studies: A Study of Bibliographic Access and Control.

Science.gov (United States)

Anderson, Barbara E.

This paper analyzes: (1) the bibliographic access to publications in urban studies via printed secondary sources; (2) development and scope of classification systems and of vocabulary control for urban studies; and (3) currently accessible automated collections of bibliographic citations. Urban studies is defined as "an agglomeration of…

Evaluating mobile centric information access and interaction compatibility for learning websites

CSIR Research Space (South Africa)

Chipangura, B

2013-11-01

Full Text Available guidelines for One web design, not all websites meet these standards. Research has shown that accessing websites that were designed for desktop computer access on mobile hand held devices results in negative user experience [12]. The reasons... to identify mobile phone accessibility problems of university websites [14, 18]. At organizational level, many universities are struggling with adapting their current desktop-based websites to be accessible on mobile devices [20]. A number...

Improving the Accessibility of Mobile OCR Apps Via Interactive Modalities.

Science.gov (United States)

Cutter, Michael; Manduchi, Roberto

2017-10-01

Mobile optical character recognition (OCR) apps have come of age. Many blind individuals use them on a daily basis. The usability of such tools, however, is limited by the requirement that a good picture of the text to be read must be taken, something that is difficult to do without sight. Some mobile OCR apps already implement auto-shot and guidance mechanisms to facilitate this task. In this paper, we describe two experiments with blind participants, who tested these two interactive mechanisms on a customized iPhone implementation. These experiments bring to light a number of interesting aspects of accessing a printed document without sight, and enable a comparative analysis of the available interaction modalities.

GBOOST: a GPU-based tool for detecting gene-gene interactions in genome-wide case control studies.

Science.gov (United States)

Yung, Ling Sing; Yang, Can; Wan, Xiang; Yu, Weichuan

2011-05-01

Collecting millions of genetic variations is feasible with the advanced genotyping technology. With a huge amount of genetic variations data in hand, developing efficient algorithms to carry out the gene-gene interaction analysis in a timely manner has become one of the key problems in genome-wide association studies (GWAS). Boolean operation-based screening and testing (BOOST), a recent work in GWAS, completes gene-gene interaction analysis in 2.5 days on a desktop computer. Compared with central processing units (CPUs), graphic processing units (GPUs) are highly parallel hardware and provide massive computing resources. We are, therefore, motivated to use GPUs to further speed up the analysis of gene-gene interactions. We implement the BOOST method based on a GPU framework and name it GBOOST. GBOOST achieves a 40-fold speedup compared with BOOST. It completes the analysis of Wellcome Trust Case Control Consortium Type 2 Diabetes (WTCCC T2D) genome data within 1.34 h on a desktop computer equipped with Nvidia GeForce GTX 285 display card. GBOOST code is available at http://bioinformatics.ust.hk/BOOST.html#GBOOST.

A slotted access control protocol for metropolitan WDM ring networks

Science.gov (United States)

Baziana, P. A.; Pountourakis, I. E.

2009-03-01

In this study we focus on the serious scalability problems that many access protocols for WDM ring networks introduce due to the use of a dedicated wavelength per access node for either transmission or reception. We propose an efficient slotted MAC protocol suitable for WDM ring metropolitan area networks. The proposed network architecture employs a separate wavelength for control information exchange prior to the data packet transmission. Each access node is equipped with a pair of tunable transceivers for data communication and a pair of fixed tuned transceivers for control information exchange. Also, each access node includes a set of fixed delay lines for synchronization reasons; to keep the data packets, while the control information is processed. An efficient access algorithm is applied to avoid both the data wavelengths and the receiver collisions. In our protocol, each access node is capable of transmitting and receiving over any of the data wavelengths, facing the scalability issues. Two different slot reuse schemes are assumed: the source and the destination stripping schemes. For both schemes, performance measures evaluation is provided via an analytic model. The analytical results are validated by a discrete event simulation model that uses Poisson traffic sources. Simulation results show that the proposed protocol manages efficient bandwidth utilization, especially under high load. Also, comparative simulation results prove that our protocol achieves significant performance improvement as compared with other WDMA protocols which restrict transmission over a dedicated data wavelength. Finally, performance measures evaluation is explored for diverse numbers of buffer size, access nodes and data wavelengths.

DOOCS based control system for FPGA based cavity simulator and controller in VUV FEL

International Nuclear Information System (INIS)

Pucyk, P.

2005-09-01

The X-ray free-electron laser XFEL that is being planned at the DESY research center in cooperation with European partners will produce high-intensity ultra-short X-ray flashes with the properties of laser light. This new light source, which can only be described in terms of superlatives, will open up a whole range of new perspectives for the natural sciences. It could also offer very promising opportunities for industrial users. SIMCON (SIMulator and CONtroller) is the project of the fast, low latency digital controller dedicated for LLRF 1 system in VUV FEL experiment It is being developed by ELHEP 2 group in Institute of Electronic Systems at Warsaw University of Technology. The main purpose of the project is to create a controller for stabilizing the vector sum of fields in cavities of one cryo module in the experiment. The device can be also used as the simulator of the cavity and test bench for other devices. Ths paper describes the concept, implementation and tests of the DOOCS based control system for SIMCON. The designed system is based the concept of autonomic and extendable modules connected by well defined, unified interfaces. The communication module controls the access to the hardware. It is crucial, that all modules (this presented in thesis and developed in the future) use this interface. Direct access to the control tables let the engineers to perform algorithm development or diagnostic measurements of the LLRF system. Default control tables generator makes the whole SIMCON an autonomic device, which can start immediately the operation without any additional tools. (orig.)

DOOCS based control system for FPGA based cavity simulator and controller in VUV FEL

International Nuclear Information System (INIS)

Pucyk, P.D.

2006-03-01

The X-ray free-electron laser XFEL that is being planned at the DESY research center in cooperation with European partners will produce high-intensity ultra-short X-ray flashes with the properties of laser light. This new light source, which can only be described in terms of superlatives, will open up a whole range of new perspectives for the natural sciences. It could also offer very promising opportunities for industrial users. SIMCON (SIMulator and CONtroller) is the project of the fast, low latency digital controller dedicated for LLRF 1 system in VUV FEL experiment It is being developed by ELHEP 2 group in Institute of Electronic Systems at Warsaw University of Technology. The main purpose of the project is to create a controller for stabilizing the vector sum of fields in cavities of one cryo module in the experiment. The device can be also used as the simulator of the cavity and test bench for other devices. This paper describes the concept, implementation and tests of the DOOCS based control system for SIMCON. The designed system is based the concept of autonomic and extendable modules connected by well defined, unified interfaces. The communication module controls the access to the hardware. It is crucial, that all modules (this presented in thesis and developed in the future) use this interface. Direct access to the control tables let the engineers to perform algorithm development or diagnostic measurements of the LLRF system. Default control tables generator makes the whole SIMCON an autonomic device, which can start immediately the operation without any additional tools. (Orig.)

Optimizing data access in the LAMPF control system

International Nuclear Information System (INIS)

Schaller, S.C.; Corley, J.K.; Rose, P.A.

1985-01-01

The LAMPF control system data access software offers considerable power and flexibility to application programs through symbolic device naming and an emphasis on hardware independence. This paper discusses optimizations aimed at improving the performance of the data access software while retaining these capabilities. The only aspects of the optimizations visible to the application programs are ''vector devices'' and ''aggregate devices.'' A vector device accesses a set of hardware related data items through a single device name. Aggregate devices allow run-time optimization of references to groups of unrelated devices. Optimizations not visible on the application level include careful handling of: network message traffic; the sharing of global resources; and storage allocation

Policy reconciliation for access control in dynamic cross-enterprise collaborations

Science.gov (United States)

Preuveneers, D.; Joosen, W.; Ilie-Zudor, E.

2018-03-01

In dynamic cross-enterprise collaborations, different enterprises form a - possibly temporary - business relationship. To integrate their business processes, enterprises may need to grant each other limited access to their information systems. Authentication and authorization are key to secure information handling. However, access control policies often rely on non-standardized attributes to describe the roles and permissions of their employees which convolutes cross-organizational authorization when business relationships evolve quickly. Our framework addresses the managerial overhead of continuous updates to access control policies for enterprise information systems to accommodate disparate attribute usage. By inferring attribute relationships, our framework facilitates attribute and policy reconciliation, and automatically aligns dynamic entitlements during the evaluation of authorization decisions. We validate our framework with a Industry 4.0 motivating scenario on networked production where such dynamic cross-enterprise collaborations are quintessential. The evaluation reveals the capabilities and performance of our framework, and illustrates the feasibility of liberating the security administrator from manually provisioning and aligning attributes, and verifying the consistency of access control policies for cross-enterprise collaborations.

Access Control from an Intrusion Detection Perspective

NARCIS (Netherlands)

Nunes Leal Franqueira, V.

Access control and intrusion detection are essential components for securing an organization's information assets. In practice, these components are used in isolation, while their fusion would contribute to increase the range and accuracy of both. One approach to accomplish this fusion is the

Automated biometric access control system for two-man-rule enforcement

International Nuclear Information System (INIS)

Holmes, J.P.; Maxwell, R.L.; Henderson, R.W.

1991-01-01

This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule

An Access Control Model for the Uniframe Framework

National Research Council Canada - National Science Library

Crespi, Alexander M

2005-01-01

... security characteristics from the properties of individual components would aid in the creation of more secure systems In this thesis, a framework for characterizing the access control properties...

Automatic Access Control Based on Face and Hand Biometrics in A Non-Cooperative Context

DEFF Research Database (Denmark)

Jahromi, Mohammad Naser Sabet; Bonderup, Morten Bojesen; Nasrollahi, Kamal

2018-01-01

a challenging bimodal database, including face and hand information of the users when they approach a door to open it by its handle in a noncooperative context. We have defined two (an easy and a challenging) protocols on how to use the database. We have reported results on many baseline methods, including deep...... learning techniques as well as conventional methods on the database. The obtained results show the merit of the proposed database and the challenging nature of access control with non-cooperative users....

Random access procedures and radio access network (RAN) overload control in standard and advanced long-term evolution (LTE and LTE-A) networks

DEFF Research Database (Denmark)

Kiilerich Pratas, Nuno; Thomsen, Henning; Popovski, Petar

2015-01-01

In this chapter, we describe and discuss the current LTE random access procedure and the Radio Access Network Load Control solution within LTE/LTE-A. We provide an overview of the several considered load control solutions and give a detailed description of the standardized Extended Access Class B...

Rural providers' access to online resources: a randomized controlled trial

Science.gov (United States)

Hall, Laura J.; McElfresh, Karen R.; Warner, Teddy D.; Stromberg, Tiffany L.; Trost, Jaren; Jelinek, Devin A.

2016-01-01

Objective The research determined the usage and satisfaction levels with one of two point-of-care (PoC) resources among health care providers in a rural state. Methods In this randomized controlled trial, twenty-eight health care providers in rural areas were stratified by occupation and region, then randomized into either the DynaMed or the AccessMedicine study arm. Study participants were physicians, physician assistants, and nurses. A pre- and post-study survey measured participants' attitudes toward different information resources and their information-seeking activities. Medical student investigators provided training and technical support for participants. Data analyses consisted of analysis of variance (ANOVA), paired t tests, and Cohen's d statistic to compare pre- and post-study effects sizes. Results Participants in both the DynaMed and the AccessMedicine arms of the study reported increased satisfaction with their respective PoC resource, as expected. Participants in both arms also reported that they saved time in finding needed information. At baseline, both arms reported too little information available, which increased to “about right amounts of information” at the completion of the study. DynaMed users reported a Cohen's d increase of +1.50 compared to AccessMedicine users' reported use of 0.82. DynaMed users reported d2 satisfaction increases of 9.48 versus AccessMedicine satisfaction increases of 0.59 using a Cohen's d. Conclusion Participants in the DynaMed arm of the study used this clinically oriented PoC more heavily than the users of the textbook-based AccessMedicine. In terms of user satisfaction, DynaMed users reported higher levels of satisfaction than the users of AccessMedicine. PMID:26807050

Spectrum sharing in cognitive radio networks medium access control protocol based approach

CERN Document Server

Pandit, Shweta

2017-01-01

This book discusses the use of the spectrum sharing techniques in cognitive radio technology, in order to address the problem of spectrum scarcity for future wireless communications. The authors describe a cognitive radio medium access control (MAC) protocol, with which throughput maximization has been achieved. The discussion also includes use of this MAC protocol for imperfect sensing scenarios and its effect on the performance of cognitive radio systems. The authors also discuss how energy efficiency has been maximized in this system, by applying a simple algorithm for optimizing the transmit power of the cognitive user. The study about the channel fading in the cognitive user and licensed user and power adaption policy in this scenario under peak transmit power and interference power constraint is also present in this book.

Controlling Access to Input/Output Peripheral Devices

Directory of Open Access Journals (Sweden)

E. Y. Rodionov

2010-03-01

Full Text Available In this paper the author proposes a system that manages information security policy on enterprise. Problems related to managing information security policy on enterprise and access to peripheral devices in computer systems functioning under control of Microsoft Windows NT operating systems are considered.

Does Access Trump Ownership? Exploring Consumer Acceptance of Access-Based Consumption in the Case of Smartphones

Directory of Open Access Journals (Sweden)

Flora Poppelaars

2018-06-01

Full Text Available Value creation in a circular economy is based on products being returned after use. In the case of smartphones, most are never returned and tend to be kept in drawers. Smartphone access services (e.g., leasing or upgrade have been experimented with in the Netherlands but have been largely unsuccessful. This study explores the reasons why consumers rejected these access-based smartphone services and is one of the very few to address this topic. The findings are compared with the case of car access services, which are socially better accepted, to identify potential areas for improvement. The qualitative study consists of in-depth interviews with consumers (n = 18 who either adopted and used a smartphone or car access service, or had considered a new smartphone or car but did not choose access-based consumption. The findings of this small-scale study suggest that the main reasons for the rejection of smartphone access services are a lack of awareness, misunderstanding of terms and conditions, and unsatisfactory compensation for their sacrifice of not owning. Smartphone access providers could thus clearly communicate customers’ rights and responsibilities, offer an excellent service experience (especially during repair by taking over the burdens of ownership, and stimulate the societal logic shift from ownership to access.

Need an Information Security in Access Control System?

Directory of Open Access Journals (Sweden)

V. R. Petrov

2011-12-01

Full Text Available The purpose of this paper is the general problems of information security in access control system. The field of using is the in project of reconstruction Physical protection system.

Controlling user access to electronic resources without password

Science.gov (United States)

Smith, Fred Hewitt

2015-06-16

Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

Science.gov (United States)

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

Science.gov (United States)

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-01-01

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

TheCellMap.org: A Web-Accessible Database for Visualizing and Mining the Global Yeast Genetic Interaction Network.

Science.gov (United States)

Usaj, Matej; Tan, Yizhao; Wang, Wen; VanderSluis, Benjamin; Zou, Albert; Myers, Chad L; Costanzo, Michael; Andrews, Brenda; Boone, Charles

2017-05-05

Providing access to quantitative genomic data is key to ensure large-scale data validation and promote new discoveries. TheCellMap.org serves as a central repository for storing and analyzing quantitative genetic interaction data produced by genome-scale Synthetic Genetic Array (SGA) experiments with the budding yeast Saccharomyces cerevisiae In particular, TheCellMap.org allows users to easily access, visualize, explore, and functionally annotate genetic interactions, or to extract and reorganize subnetworks, using data-driven network layouts in an intuitive and interactive manner. Copyright © 2017 Usaj et al.

Formalization of the Access Control on ARM-Android Platform with the B Method

Science.gov (United States)

Ren, Lu; Wang, Wei; Zhu, Xiaodong; Man, Yujia; Yin, Qing

2018-01-01

ARM-Android is a widespread mobile platform with multi-layer access control mechanisms, security-critical in the system. Many access control vulnerabilities still exist due to the course-grained policy and numerous engineering defects, which have been widely studied. However, few researches focus on the mechanism formalization, including the Android permission framework, kernel process management and hardware isolation. This paper first develops a comprehensive formal access control model on the ARM-Android platform using the B method, from the Android middleware to hardware layer. All the model specifications are type checked and proved to be well-defined, with 75%of proof obligations demonstrated automatically. The results show that the proposed B model is feasible to specify and verify access control schemes in the ARM-Android system, and capable of implementing a practical control module.

Energy-Efficient Boarder Node Medium Access Control Protocol for Wireless Sensor Networks

Science.gov (United States)

Razaque, Abdul; Elleithy, Khaled M.

2014-01-01

This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC) for wireless sensor networks (WSNs), which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols, BN-MAC reduces idle listening time, emissions, and collision handling at low cost at one-hop neighbor nodes and achieves high channel utilization under heavy network loads. BN-MAC is particularly designed for region-wise WSNs. Each region is controlled by a boarder node (BN), which is of paramount importance. The BN coordinates with the remaining nodes within and beyond the region. Unlike other hybrid MAC protocols, BN-MAC incorporates three promising models that further reduce the energy consumption, idle listening time, overhearing, and congestion to improve the throughput and reduce the latency. One of the models used with BN-MAC is automatic active and sleep (AAS), which reduces the ideal listening time. When nodes finish their monitoring process, AAS lets them automatically go into the sleep state to avoid the idle listening state. Another model used in BN-MAC is the intelligent decision-making (IDM) model, which helps the nodes sense the nature of the environment. Based on the nature of the environment, the nodes decide whether to use the active or passive mode. This decision power of the nodes further reduces energy consumption because the nodes turn off the radio of the transceiver in the passive mode. The third model is the least-distance smart neighboring search (LDSNS), which determines the shortest efficient path to the one-hop neighbor and also provides cross-layering support to handle the mobility of the nodes. The BN-MAC also incorporates a semi

Energy-efficient boarder node medium access control protocol for wireless sensor networks.

Science.gov (United States)

Razaque, Abdul; Elleithy, Khaled M

2014-03-12

This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC) for wireless sensor networks (WSNs), which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols, BN-MAC reduces idle listening time, emissions, and collision handling at low cost at one-hop neighbor nodes and achieves high channel utilization under heavy network loads. BN-MAC is particularly designed for region-wise WSNs. Each region is controlled by a boarder node (BN), which is of paramount importance. The BN coordinates with the remaining nodes within and beyond the region. Unlike other hybrid MAC protocols, BN-MAC incorporates three promising models that further reduce the energy consumption, idle listening time, overhearing, and congestion to improve the throughput and reduce the latency. One of the models used with BN-MAC is automatic active and sleep (AAS), which reduces the ideal listening time. When nodes finish their monitoring process, AAS lets them automatically go into the sleep state to avoid the idle listening state. Another model used in BN-MAC is the intelligent decision-making (IDM) model, which helps the nodes sense the nature of the environment. Based on the nature of the environment, the nodes decide whether to use the active or passive mode. This decision power of the nodes further reduces energy consumption because the nodes turn off the radio of the transceiver in the passive mode. The third model is the least-distance smart neighboring search (LDSNS), which determines the shortest efficient path to the one-hop neighbor and also provides cross-layering support to handle the mobility of the nodes. The BN-MAC also incorporates a semi

Energy-Efficient Boarder Node Medium Access Control Protocol for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Abdul Razaque

2014-03-01

Full Text Available This paper introduces the design, implementation, and performance analysis of the scalable and mobility-aware hybrid protocol named boarder node medium access control (BN-MAC for wireless sensor networks (WSNs, which leverages the characteristics of scheduled and contention-based MAC protocols. Like contention-based MAC protocols, BN-MAC achieves high channel utilization, network adaptability under heavy traffic and mobility, and low latency and overhead. Like schedule-based MAC protocols, BN-MAC reduces idle listening time, emissions, and collision handling at low cost at one-hop neighbor nodes and achieves high channel utilization under heavy network loads. BN-MAC is particularly designed for region-wise WSNs. Each region is controlled by a boarder node (BN, which is of paramount importance. The BN coordinates with the remaining nodes within and beyond the region. Unlike other hybrid MAC protocols, BN-MAC incorporates three promising models that further reduce the energy consumption, idle listening time, overhearing, and congestion to improve the throughput and reduce the latency. One of the models used with BN-MAC is automatic active and sleep (AAS, which reduces the ideal listening time. When nodes finish their monitoring process, AAS lets them automatically go into the sleep state to avoid the idle listening state. Another model used in BN-MAC is the intelligent decision-making (IDM model, which helps the nodes sense the nature of the environment. Based on the nature of the environment, the nodes decide whether to use the active or passive mode. This decision power of the nodes further reduces energy consumption because the nodes turn off the radio of the transceiver in the passive mode. The third model is the least-distance smart neighboring search (LDSNS, which determines the shortest efficient path to the one-hop neighbor and also provides cross-layering support to handle the mobility of the nodes. The BN-MAC also incorporates a semi

Interactive effects of carbon footprint information and its accessibility on value and subjective qualities of food products.

Science.gov (United States)

Kimura, Atsushi; Wada, Yuji; Kamada, Akiko; Masuda, Tomohiro; Okamoto, Masako; Goto, Sho-ichi; Tsuzuki, Daisuke; Cai, Dongsheng; Oka, Takashi; Dan, Ippeita

2010-10-01

We aimed to explore the interactive effects of the accessibility of information and the degree of carbon footprint score on consumers' value judgments of food products. Participants (n=151, undergraduate students in Japan) rated their maximum willingness to pay (WTP) for four food products varying in information accessibility (active-search or read-only conditions) and in carbon footprint values (low, middle, high, or non-display) provided. We also assessed further effects of information accessibly and carbon footprint value on other product attributes utilizing the subjective estimation of taste, quality, healthiness, and environmental friendliness. Results of the experiment demonstrated an interactive effect of information accessibility and the degree of carbon emission on consumer valuation of carbon footprint-labeled food. The carbon footprint value had a stronger impact on participants' WTP in the active-search condition than in the read-only condition. Similar to WTP, the results of the subjective ratings for product qualities also exhibited an interactive effect of the two factors on the rating of environmental friendliness for products. These results imply that the perceived environmental friendliness inferable from a carbon footprint label contributes to creating value for a food product.

Optimizing man-machine performance of a personnel access restriction security system

International Nuclear Information System (INIS)

Banks, W.W.; Moore, J.W.

1988-01-01

This paper describes a human engineering design and analysis effort for a major security system upgrade at a DOE facility. This upgrade was accomplished by replacing an obsolete and poorly human engineered security screening both the with a new, user oriented, semiautomated, computer-based access control system. Human factors engineers assisted the designer staff in specifying a security access interface to physically and cognitively accommodate all employees which included handicapped individuals in wheel chairs, and several employees who were severely disabled, both visually and aurally. The new access system was intended to control entry into sensitive exclusion areas by requiring personnel to enter a security screening booth and interact with card reader devices and a-simple-to-operate access control panel system. Extensive man-machine testing with prototype mock-ups was conducted to assess human engineered design features and to illuminate potentially confusing or difficult-to-operated hardware placement, layout, and operation sequencing. These evaluations, along with the prototype mock-ups, provided input which resulted in a prototype which was easy to enter, operate, and understand by end users. This prototype later served as the design basis for the final systems design

Effects of mobile phone-based app learning compared to computer-based web learning on nursing students: pilot randomized controlled trial.

Science.gov (United States)

Lee, Myung Kyung

2015-04-01

This study aimed to determine the effect of mobile-based discussion versus computer-based discussion on self-directed learning readiness, academic motivation, learner-interface interaction, and flow state. This randomized controlled trial was conducted at one university. Eighty-six nursing students who were able to use a computer, had home Internet access, and used a mobile phone were recruited. Participants were randomly assigned to either the mobile phone app-based discussion group (n = 45) or a computer web-based discussion group (n = 41). The effect was measured at before and after an online discussion via self-reported surveys that addressed academic motivation, self-directed learning readiness, time distortion, learner-learner interaction, learner-interface interaction, and flow state. The change in extrinsic motivation on identified regulation in the academic motivation (p = 0.011) as well as independence and ability to use basic study (p = 0.047) and positive orientation to the future in self-directed learning readiness (p = 0.021) from pre-intervention to post-intervention was significantly more positive in the mobile phone app-based group compared to the computer web-based discussion group. Interaction between learner and interface (p = 0.002), having clear goals (p = 0.012), and giving and receiving unambiguous feedback (p = 0.049) in flow state was significantly higher in the mobile phone app-based discussion group than it was in the computer web-based discussion group at post-test. The mobile phone might offer more valuable learning opportunities for discussion teaching and learning methods in terms of self-directed learning readiness, academic motivation, learner-interface interaction, and the flow state of the learning process compared to the computer.

Coordinated Scheduling and Power Control in Cloud-Radio Access Networks

KAUST Repository

Douik, Ahmed

2015-12-01

This paper addresses the joint coordinated scheduling and power control problem in cloud-enabled networks. Consider the downlink of a cloud-radio access network (CRAN), where the cloud is only responsible for the scheduling policy, power control, and synchronization of the transmit frames across the single-antenna base-stations (BS). The transmit frame consists of several time/frequency blocks, called power-zones (PZ). The paper considers the problem of scheduling users to PZs and determining their power levels (PL), by maximizing the weighted sum-rate under the practical constraints that each user cannot be served by more than one base-station, but can be served by one or more power-zones within each base-station frame. The paper solves the problem using a graph theoretical approach by introducing the joint scheduling and power control graph formed by several clusters, where each is formed by a set of vertices, representing the possible association of users, BSs, and PLs for one specific PZ. The problem is, then, formulated as a maximumweight clique problem, in which the weight of each vertex is the sum of the benefits of the individual associations belonging to that vertex. Simulation results suggest that the proposed crosslayer scheme provides appreciable performance improvement as compared to schemes from recent literature.

Coordinated Scheduling and Power Control in Cloud-Radio Access Networks

KAUST Repository

Douik, Ahmed; Dahrouj, Hayssam; Al-Naffouri, Tareq Y.; Alouini, Mohamed-Slim

2015-01-01

This paper addresses the joint coordinated scheduling and power control problem in cloud-enabled networks. Consider the downlink of a cloud-radio access network (CRAN), where the cloud is only responsible for the scheduling policy, power control, and synchronization of the transmit frames across the single-antenna base-stations (BS). The transmit frame consists of several time/frequency blocks, called power-zones (PZ). The paper considers the problem of scheduling users to PZs and determining their power levels (PL), by maximizing the weighted sum-rate under the practical constraints that each user cannot be served by more than one base-station, but can be served by one or more power-zones within each base-station frame. The paper solves the problem using a graph theoretical approach by introducing the joint scheduling and power control graph formed by several clusters, where each is formed by a set of vertices, representing the possible association of users, BSs, and PLs for one specific PZ. The problem is, then, formulated as a maximumweight clique problem, in which the weight of each vertex is the sum of the benefits of the individual associations belonging to that vertex. Simulation results suggest that the proposed crosslayer scheme provides appreciable performance improvement as compared to schemes from recent literature.

Virtual reality: emerging role of simulation training in vascular access.

Science.gov (United States)

Davidson, Ingemar J A; Lok, Charmaine; Dolmatch, Bart; Gallieni, Maurizio; Nolen, Billy; Pittiruti, Mauro; Ross, John; Slakey, Douglas

2012-11-01

Evolving new technologies in vascular access mandate increased attention to patient safety; an often overlooked yet valuable training tool is simulation. For the end-stage renal disease patient, simulation tools are effective for all aspects of creating access for peritoneal dialysis and hemodialysis. Based on aviation principles, known as crew resource management, we place equal emphasis on team training as individual training to improve interactions between team members and systems, cumulating in improved safety. Simulation allows for environmental control and standardized procedures, letting the trainee practice and correct mistakes without harm to patients, compared with traditional patient-based training. Vascular access simulators range from suture devices, to pressurized tunneled conduits for needle cannulation, to computer-based interventional simulators. Simulation training includes simulated case learning, root cause analysis of adverse outcomes, and continual update and refinement of concepts. Implementation of effective human to complex systems interaction in end-stage renal disease patients involves a change in institutional culture. Three concepts discussed in this article are as follows: (1) the need for user-friendly systems and technology to enhance performance, (2) the necessity for members to both train and work together as a team, and (3) the team assigned to use the system must test and practice it to a proficient level before safely using the system on patients. Copyright © 2012 Elsevier Inc. All rights reserved.

A Comparative Study on Java Technologies for Focus and Cursor Handling in Accessible Dynamic Interactions.

Science.gov (United States)

Jitngernmadan, Prajaks; Miesenberger, Klaus

2015-01-01

For an interactive application, supporting and guiding the user in fulfilling tasks is most important. The behavior of the application that will guide users through the procedures until they finish the task has to be designed intuitively and well guiding, especially if the users has only restricted or no access to the visual and spatial arrangement on the screen. Therefore, the focus/cursor management plays an important role for orientation and navigating through the interaction. In the frame of ongoing research on a software tool supporting blind people in more efficiently doing mathematical calculations, we researched how Java technologies support implementing an accessible Graphical User Interface (GUI) with an additional focus on usable accessibility in terms of guiding blind users through the process of solving mathematical calculations. We used Java Swing [1] and Eclipse SWT [2] APIs for creating a series of prototypes. We tested a) accessibility and usability of the prototypes for blind people when using screen reader software and refreshable Braille display and b) the implementation support to developers provided by both technologies. It turned out that Eclipse SWT API delivered best results under Windows operating system.

Rural providers’ access to online resources: a randomized controlled trial

Directory of Open Access Journals (Sweden)

Jonathan D. Eldredge

2016-01-01

Full Text Available Objective: The research determined the usage and satisfaction levels with one of two point-of-care (PoC resources among health care providers in a rural state. Methods: In this randomized controlled trial, twenty-eight health care providers in rural areas were stratified by occupation and region, then randomized into either the DynaMed or the AccessMedicine study arm. Study participants were physicians, physician assistants, and nurses. A pre- and post-study survey measured participants’ attitudes toward different information resources and their information-seeking activities. Medical student investigators provided training and technical support for participants. Data analyses consisted of analysis of variance (ANOVA, paired t tests, and Cohen’s d statistic to compare pre- and post-study effects sizes. Results: Participants in both the DynaMed and the AccessMedicine arms of the study reported increased satisfaction with their respective PoC resource, as expected. Participants in both arms also reported that they saved time in finding needed information. At baseline, both arms reported too little information available, which increased to ‘‘about right amounts of information’’ at the completion of the study. DynaMed users reported a Cohen’s d increase of þ1.50 compared to AccessMedicine users’ reported use of 0.82. DynaMed users reported d2 satisfaction increases of 9.48 versus AccessMedicine satisfaction increases of 0.59 using a Cohen’s d. Conclusion: Participants in the DynaMed arm of the study used this clinically oriented PoC more heavily than the users of the textbook-based AccessMedicine. In terms of user satisfaction, DynaMed users reported higher levels of satisfaction than the users of AccessMedicine.

Collaborative Access Control For Critical Infrastructures

Science.gov (United States)

Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

Dynamic Information Management and Exchange for Command and Control Applications, Modelling and Enforcing Category-Based Access Control via Term Rewriting

Science.gov (United States)

2015-03-01

a hotel and a hospital. 2. Event handler for emergency policies (item 2 above): this has been implemented in two UG projects, one project developed a...Workshop on Logical and Se- mantic Frameworks, with Applications, Brasilia, Brazil , September 2014. Electronic Notes in Theoretical Computer Science (to...Brasilia, Brazil , September 2014, 2015. [3] S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT 2009, 14th ACM Symposium on

Java interface for asserting interactive telerobotic control

Science.gov (United States)

DePasquale, Peter; Lewis, John; Stein, Matthew R.

1997-12-01

Many current web-based telerobotic interfaces use HyperText Markup Language (HTML) forms to assert user control on a robot. While acceptable for some tasks, a Java interface can provide better client-server interaction. The Puma Paint project is a joint effort between the Department of Computing Sciences at Villanova University and the Department of Mechanical and Materials Engineering at Wilkes University. THe project utilizes a Java applet to control a Unimation Puma 1760 robot during the task of painting on a canvas. The interface allows the user to control the paint strokes as well as the pressure of a brush on the canvas and how deep the brush is dipped into a paint jar. To provide immediate feedback, a virtual canvas models the effects of the controls as the artist paints. Live color video feedback is provided, allowing the user to view the actual results of the robot's motions. Unlike the step-at-a-time model of many web forms, the application permits the user to assert interactive control. The greater the complexity of the interaction between the robot and its environment, the greater the need for high quality information presentation to the user. The use of Java allows the sophistication of the user interface to be raised to the level required for satisfactory control. This paper describes the Puma Paint project, including the interface and communications model. It also examines the challenges of using the Internet as the medium of communications and the challenges of encoding free ranging motions for transmission from the client to the robot.

Interactive and Approachable Web-Based Tools for Exploring Global Geophysical Data Records

Science.gov (United States)

Croteau, M. J.; Nerem, R. S.; Merrifield, M. A.; Thompson, P. R.; Loomis, B. D.; Wiese, D. N.; Zlotnicki, V.; Larson, J.; Talpe, M.; Hardy, R. A.

2017-12-01

Making global and regional data accessible and understandable for non-experts can be both challenging and hazardous. While data products are often developed with end users in mind, the ease of use of these data can vary greatly. Scientists must take care to provide detailed guides for how to use data products to ensure users are not incorrectly applying data to their problem. For example, terrestrial water storage data from the Gravity Recovery and Climate Experiment (GRACE) satellite mission is notoriously difficult for non-experts to access and correctly use. However, allowing these data to be easily accessible to scientists outside the GRACE community is desirable because this would allow that data to see much wider-spread use. We have developed a web-based interactive mapping and plotting tool that provides easy access to geophysical data. This work presents an intuitive method for making such data widely accessible to experts and non-experts alike, making the data approachable and ensuring proper use of the data. This tool has proven helpful to experts by providing fast and detailed access to the data. Simultaneously, the tool allows non-experts to gain familiarity with the information contained in the data and access to that information for both scientific studies and public use. In this presentation, we discuss the development of this tool and application to both GRACE and ocean altimetry satellite missions, and demonstrate the capabilities of the tool. Focusing on the data visualization aspects of the tool, we showcase our integrations of the Mapbox API and the D3.js data-driven web document framework. We then explore the potential of these tools in other web-based visualization projects, and how incorporation of such tools into science can improve the presentation of research results. We demonstrate how the development of an interactive and exploratory resource can enable further layers of exploratory and scientific discovery.

DbAccess: Interactive Statistics and Graphics for Plasma Physics Databases

International Nuclear Information System (INIS)

Davis, W.; Mastrovito, D.

2003-01-01

DbAccess is an X-windows application, written in IDL(reg s ign), meeting many specialized statistical and graphical needs of NSTX [National Spherical Torus Experiment] plasma physicists, such as regression statistics and the analysis of variance. Flexible ''views'' and ''joins,'' which include options for complex SQL expressions, facilitate mixing data from different database tables. General Atomics Plot Objects add extensive graphical and interactive capabilities. An example is included for plasma confinement-time scaling analysis using a multiple linear regression least-squares power fit

The SH2 domain of Abl kinases regulates kinase autophosphorylation by controlling activation loop accessibility

Science.gov (United States)

Lamontanara, Allan Joaquim; Georgeon, Sandrine; Tria, Giancarlo; Svergun, Dmitri I.; Hantschel, Oliver

2014-11-01

The activity of protein kinases is regulated by multiple molecular mechanisms, and their disruption is a common driver of oncogenesis. A central and almost universal control element of protein kinase activity is the activation loop that utilizes both conformation and phosphorylation status to determine substrate access. In this study, we use recombinant Abl tyrosine kinases and conformation-specific kinase inhibitors to quantitatively analyse structural changes that occur after Abl activation. Allosteric SH2-kinase domain interactions were previously shown to be essential for the leukemogenesis caused by the Bcr-Abl oncoprotein. We find that these allosteric interactions switch the Abl activation loop from a closed to a fully open conformation. This enables the trans-autophosphorylation of the activation loop and requires prior phosphorylation of the SH2-kinase linker. Disruption of the SH2-kinase interaction abolishes activation loop phosphorylation. Our analysis provides a molecular mechanism for the SH2 domain-dependent activation of Abl that may also regulate other tyrosine kinases.

Interactional Organization and Topic Control in Conciliation Hearings

Directory of Open Access Journals (Sweden)

Wânia Terezinha Ladeira

2011-07-01

Full Text Available We analyse discursive topic in talk-in-interaction within the institutional setting of three conciliation hearings held in a kind of small claims court for consumption conflict resolution. This research is based on Interactional Sociolinguistics and Conversation Analysis theories. The analysis shows that the participants of those meetings have asymmetric rights regarding the choice of discussion topics. Thus, the mediator is the one who has the right to suggest and control the discursive topics of the conversation. This topic control is the most important institutional procedure that can cause a reduction in accusations and adjacent replies. Consequently, the chance of mediators achieving their institutional task of reaching an agreement between parts in conflict is increased.

CSchema: A Downgrading Policy Language for XML Access Control

Institute of Scientific and Technical Information of China (English)

Dong-Xi Liu

2007-01-01

The problem of regulating access to XML documents has attracted much attention from both academic and industry communities.In existing approaches, the XML elements specified by access policies are either accessible or inac-cessible according to their sensitivity.However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible.This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them.The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations.CSchema language has a type system to guarantee the type correctness of the embedded calcula-tion expressions and moreover this type system also generates a security view after type checking a CSchema policy.Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies.These released documents are then ready tobe accessed by, for instance, XML query engines.By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.

LiveWire interactive boundary extraction algorithm based on Haar wavelet transform and control point set direction search

Science.gov (United States)

Cheng, Jun; Zhang, Jun; Tian, Jinwen

2015-12-01

Based on deep analysis of the LiveWire interactive boundary extraction algorithm, a new algorithm focusing on improving the speed of LiveWire algorithm is proposed in this paper. Firstly, the Haar wavelet transform is carried on the input image, and the boundary is extracted on the low resolution image obtained by the wavelet transform of the input image. Secondly, calculating LiveWire shortest path is based on the control point set direction search by utilizing the spatial relationship between the two control points users provide in real time. Thirdly, the search order of the adjacent points of the starting node is set in advance. An ordinary queue instead of a priority queue is taken as the storage pool of the points when optimizing their shortest path value, thus reducing the complexity of the algorithm from O[n2] to O[n]. Finally, A region iterative backward projection method based on neighborhood pixel polling has been used to convert dual-pixel boundary of the reconstructed image to single-pixel boundary after Haar wavelet inverse transform. The algorithm proposed in this paper combines the advantage of the Haar wavelet transform and the advantage of the optimal path searching method based on control point set direction search. The former has fast speed of image decomposition and reconstruction and is more consistent with the texture features of the image and the latter can reduce the time complexity of the original algorithm. So that the algorithm can improve the speed in interactive boundary extraction as well as reflect the boundary information of the image more comprehensively. All methods mentioned above have a big role in improving the execution efficiency and the robustness of the algorithm.

36 CFR 1256.70 - What controls access to national security-classified information?

Science.gov (United States)

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Regulatory Accessibility and Social Influences on State Self-Control

OpenAIRE

vanDellen, Michelle R.; Hoyle, Rick H.

2009-01-01

The current work examined how social factors influence self-control. Current conceptions of state self-control treat it largely as a function of regulatory capacity. The authors propose that state self-control might also be influenced by social factors because of regulatory accessibility. Studies 1 through 4 provide evidence that individuals’ state self-control is influenced by the trait and state self-control of salient others such that thinking of others with good trait or state self-contro...

Admission Control and Interference Management in Dynamic Spectrum Access Networks

Directory of Open Access Journals (Sweden)

Jorge Martinez-Bauset

2010-01-01

Full Text Available We study two important aspects to make dynamic spectrum access work in practice: the admission policy of secondary users (SUs to achieve a certain degree of quality of service and the management of the interference caused by SUs to primary users (PUs. In order to limit the forced termination probability of SUs, we evaluate the Fractional Guard Channel reservation scheme to give priority to spectrum handovers over new arrivals. We show that, contrary to what has been proposed, the throughput of SUs cannot be maximized by configuring the reservation parameter. We also study the interference caused by SUs to PUs. We propose and evaluate different mechanisms to reduce the interference, which are based on simple spectrum access algorithms for both PUs and SUs and channel repacking algorithms for SUs. Numerical results show that the reduction can be of one order of magnitude or more with respect to the random access case. Finally, we propose an adaptive admission control scheme that is able to limit simultaneously the forced termination probability of SUs and what we define as the probability of interference. Our scheme does not require any configuration parameters beyond the probability objectives. Besides, it is simple to implement and it can operate with any arrival process and distribution of the session duration.

Modified Cooperative Access with Relay’s Data (MCARD based Directional Antenna for multi-rate WLANs

Directory of Open Access Journals (Sweden)

Ahmed Magdy

2014-03-01

Full Text Available In this paper, for multi-rate wireless local area networks (WLANs, a modified protocol in Medium Access Control (MAC, called Modified Cooperative Access with Relay’s Data (MCARD based Directional Antenna using half wave length dipole in Uniform Circular Array (UCA topology is proposed. MCARD gives remote stations chance to send their information by using intermediate stations (relays to Access Point (AP at a higher data rate based practical antenna. As can be seen under MCARD, a relay station transmits its information before forwarding information from the source station because it uses directional antenna. Analytical results and simulations show that MCARD can significantly improve system quality of service (QOS in terms of throughput under different channel conditions.

Access to Urban Land and its Role in Enhancing Business ...

African Journals Online (AJOL)

Access to urban land for business activities relates to access to working space, or using and/or controlling a unit of land based on open access, land ownership, land lease, business lease or premise rentals. Diversified and broad-based access to urban land with due regulatory control against speculation and holdouts ...

Secure and Efficient Access Control Scheme for Wireless Sensor Networks in the Cross-Domain Context of the IoT

Directory of Open Access Journals (Sweden)

Ming Luo

2018-01-01

Full Text Available Nowadays wireless sensor network (WSN is increasingly being used in the Internet of Things (IoT for data collection, and design of an access control scheme that allows an Internet user as part of IoT to access the WSN becomes a hot topic. A lot of access control schemes have been proposed for the WSNs in the context of the IoT. Nevertheless, almost all of these schemes assume that communication nodes in different network domains share common system parameters, which is not suitable for cross-domain IoT environment in practical situations. To solve this shortcoming, we propose a more secure and efficient access control scheme for wireless sensor networks in the cross-domain context of the Internet of Things, which allows an Internet user in a certificateless cryptography (CLC environment to communicate with a sensor node in an identity-based cryptography (IBC environment with different system parameters. Moreover, our proposed scheme achieves known session-specific temporary information security (KSSTIS that most of access control schemes cannot satisfy. Performance analysis is given to show that our scheme is well suited for wireless sensor networks in the cross-domain context of the IoT.

RFID - based Staff Control System (SCS) in Kazakhstan

Science.gov (United States)

Saparkhojayev, N.

2015-06-01

RFID - based Staff Control System (SCS) will allow complete hands-free access control, monitoring the whereabouts of employee and record the attendance of the employee as well. Moreover, with a help of this system, it is possible to have a nice report at the end of the month and based on the total number of worked hours, the salary will be allocated to each personnel. The access tag can be read up to 10 centimeters from the RFID reader. The proposed system is based on UHF RFID readers, supported with antennas at gate and transaction sections, and employee identification cards containing RFID-transponders which are able to electronically store information that can be read / written even without the physical contact with the help of radio medium. This system is an innovative system, which describes the benefits of applying RFID- technology in the Education System process of Republic of Kazakhstan. This paper presents the experiments conducted to set up RFID based SCS.

RFID - based Staff Control System (SCS) in Kazakhstan

International Nuclear Information System (INIS)

Saparkhojayev, N

2015-01-01

RFID - based Staff Control System (SCS) will allow complete hands-free access control, monitoring the whereabouts of employee and record the attendance of the employee as well. Moreover, with a help of this system, it is possible to have a nice report at the end of the month and based on the total number of worked hours, the salary will be allocated to each personnel. The access tag can be read up to 10 centimeters from the RFID reader. The proposed system is based on UHF RFID readers, supported with antennas at gate and transaction sections, and employee identification cards containing RFID-transponders which are able to electronically store information that can be read / written even without the physical contact with the help of radio medium. This system is an innovative system, which describes the benefits of applying RFID- technology in the Education System process of Republic of Kazakhstan. This paper presents the experiments conducted to set up RFID based SCS. (paper)

Physical Access Control Database -

Data.gov (United States)

Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...

Access Control with Delegated Authorization Policy Evaluation for Data-Driven Microservice Workflows

Directory of Open Access Journals (Sweden)

Davy Preuveneers

2017-09-01

Full Text Available Microservices offer a compelling competitive advantage for building data flow systems as a choreography of self-contained data endpoints that each implement a specific data processing functionality. Such a ‘single responsibility principle’ design makes them well suited for constructing scalable and flexible data integration and real-time data flow applications. In this paper, we investigate microservice based data processing workflows from a security point of view, i.e., (1 how to constrain data processing workflows with respect to dynamic authorization policies granting or denying access to certain microservice results depending on the flow of the data; (2 how to let multiple microservices contribute to a collective data-driven authorization decision and (3 how to put adequate measures in place such that the data within each individual microservice is protected against illegitimate access from unauthorized users or other microservices. Due to this multifold objective, enforcing access control on the data endpoints to prevent information leakage or preserve one’s privacy becomes far more challenging, as authorization policies can have dependencies and decision outcomes cross-cutting data in multiple microservices. To address this challenge, we present and evaluate a workflow-oriented authorization framework that enforces authorization policies in a decentralized manner and where the delegated policy evaluation leverages feature toggles that are managed at runtime by software circuit breakers to secure the distributed data processing workflows. The benefit of our solution is that, on the one hand, authorization policies restrict access to the data endpoints of the microservices, and on the other hand, microservices can safely rely on other data endpoints to collectively evaluate cross-cutting access control decisions without having to rely on a shared storage backend holding all the necessary information for the policy evaluation.

A novel decentralized hierarchical access control scheme for the medical scenario

DEFF Research Database (Denmark)

Eskeland, Sigurd; Prasad, Neeli R.

2006-01-01

to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover......Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered......, the hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....

A novel decentralized hierarchical access control scheme for the medical scenario

DEFF Research Database (Denmark)

Eskeland, Sigurd; Prasad, Neeli R.

2006-01-01

Electronic patient records contains highly personal and confidential information that it is essential to keep private. Thus, only the medical professionals providing care to a patient should access the patient record of the concerning patient. As personal medical data can be considered...... to be the property of the corresponding patient, it is justified that patients should have the opportunity to exert control over their own data. In this paper, we propose a cryptographic access control scheme allowing patients to grant medical teams authorizations to access their medical data. Moreover......, the hierarchical aspects of teams are taken into account so that the modules of the patient record are to be accessed according to the individual privileges of the medical professionals of the team. Thus, more privileged users obtain larger portions of the data than less privileged users....

Access control system for two person rule at Rokkasho Reprocessing Plant

International Nuclear Information System (INIS)

Yanagisawa, Sawako; Ino, Munekazu; Yamada, Noriyuki; Oota, Hiroto; Iwasaki, Mitsuaki; Kodani, Yoshiki; Iwamoto, Tomonori

2014-01-01

Following the amendment and enforcement of Regulation of Reprocessing Activity on March 29th 2012, two person rule has become compulsory for the specific rooms to counter and prevent the sabotage or theft of nuclear materials by the insiders at reprocessing plant in Japan. The rooms will include those which contains cooling systems for decay heat removal from spent fuels and so on, scavenging systems to prevent the hydrogen accumulation, and those which contains nuclear material. To ensure the two person rule at Rokkasho Reprocessing Plant, JNFL has recently, after comprehensive study, introduced efficient and effective access control system for the rooms mentioned above. The system is composed of bio-attestation devices, surveillance cameras and electronic locks to establish access control system. This report outlines the access control system for two person rule and introduces the operation. (author)

Food Access, Food Subsidy, and Residue-Based Bioenergy ...

International Development Research Centre (IDRC) Digital Library (Canada)

Food Access, Food Subsidy, and Residue-Based Bioenergy Production in ... The goal is to show how the Indian government can improve access to food ... IDRC has signed a Memorandum of Understanding (MoU) with the Government of ...

A re-conceptualization of access for 21st century healthcare.

Science.gov (United States)

Fortney, John C; Burgess, James F; Bosworth, Hayden B; Booth, Brenda M; Kaboli, Peter J

2011-11-01

Many e-health technologies are available to promote virtual patient-provider communication outside the context of face-to-face clinical encounters. Current digital communication modalities include cell phones, smartphones, interactive voice response, text messages, e-mails, clinic-based interactive video, home-based web-cams, mobile smartphone two-way cameras, personal monitoring devices, kiosks, dashboards, personal health records, web-based portals, social networking sites, secure chat rooms, and on-line forums. Improvements in digital access could drastically diminish the geographical, temporal, and cultural access problems faced by many patients. Conversely, a growing digital divide could create greater access disparities for some populations. As the paradigm of healthcare delivery evolves towards greater reliance on non-encounter-based digital communications between patients and their care teams, it is critical that our theoretical conceptualization of access undergoes a concurrent paradigm shift to make it more relevant for the digital age. The traditional conceptualizations and indicators of access are not well adapted to measure access to health services that are delivered digitally outside the context of face-to-face encounters with providers. This paper provides an overview of digital "encounterless" utilization, discusses the weaknesses of traditional conceptual frameworks of access, presents a new access framework, provides recommendations for how to measure access in the new framework, and discusses future directions for research on access.

Information Security and Wireless: Alternate Approaches for Controlling Access to Critical Information

National Research Council Canada - National Science Library

Nandram, Winsome

2004-01-01

.... Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.

The design and implementation of access control management system in IHEP network

International Nuclear Information System (INIS)

Wang Yanming; An Dehai; Qi Fazhi

2010-01-01

In campus network environment of Institute of High Energy Physics, because of the number of Network devices and computers are large scale, ensuring the access validity of network devices and user's computer, and aiming at effective control the exceptional network communication are technological means to achieve network normal running. The access control system of Campus network of institute of High Energy Physics using MySQL database in the behind, and using CGI PHP HTML language to develop the front interface. The System achieves user information management, user computer access control, cutting down the exceptional network communication and alarm function. Increasing the management effective of network, to ensure campus network safety and reliable running. (authors)

Automated personal identification: a new technique for controlling access to nuclear materials and facilities

International Nuclear Information System (INIS)

Eccles, D.R.

1975-01-01

Special nuclear materials must be protected against the threat of diversion or theft, and nuclear facilities against the threat of industrial sabotage. Implicit in this protection is the means of controlling access to protected areas, material access areas, and vital areas. With the advent of automated personal identification technology, the processes of access control can be automated to yield both higher security and reduced costs. This paper first surveys the conventional methods of access control; next, automated personal identification concepts are presented and various systems approaches are highlighted; finally, Calspan's FINGERSCAN /sub TM/ system for identity verification is described

Accessing and disclosing protected resources

DEFF Research Database (Denmark)

Olesen, Henning; Khajuria, Samant

2015-01-01

Today, data is money. Whether it is private users' personal data or confidential data and assets belonging to service providers, all parties have a strong need to protect their resources when interacting with each other, i.e. for access control and authorization measures to be deployed. Enabling...... advanced user controlled privacy is essential to realize the visions of 5G applications and services. For service providers and enterprises resources are usually well safeguarded, while private users are often missing the tools and the know-how to protect their own data and preserve their privacy. The user...... the framework of User Managed Access (UMA), can enable users to understand the value of their protected resources and possibly give them control of how their data will be used by service providers....

MINDS: A microcomputer interactive data system for 8086-based controllers

Science.gov (United States)

Soeder, J. F.

1985-01-01

A microcomputer interactive data system (MINDS) software package for the 8086 family of microcomputers is described. To enhance program understandability and ease of code maintenance, the software is written in PL/M-86, Intel Corporation's high-level system implementation language. The MINDS software is intended to run in residence with real-time digital control software to provide displays of steady-state and transient data. In addition, the MINDS package provides classic monitor capabilities along with extended provisions for debugging an executing control system. The software uses the CP/M-86 operating system developed by Digital Research, Inc., to provide program load capabilities along with a uniform file structure for data and table storage. Finally, a library of input and output subroutines to be used with consoles equipped with PL/M-86 and assembly language is described.

Dynamic Characterization and Interaction Control of the CBM-Motus Robot for Upper-Limb Rehabilitation

Directory of Open Access Journals (Sweden)

Loredana Zollo

2013-10-01

Full Text Available This paper presents dynamic characterization and control of an upper-limb rehabilitation machine aimed at improving robot performance in the interaction with the patient. An integrated approach between mechanics and control is the key issue of the paper for the development of a robotic machine with desirable dynamic properties. Robot inertial and acceleration properties are studied in the workspace via a graphical representation based on ellipses. Robot friction is experimentally retrieved by means of a parametric identification procedure. A current-based impedance control is developed in order to compensate for friction and enhance control performance in the interaction with the patient by means of force feedback, without increasing system inertia. To this end, servo-amplifier motor currents are monitored to provide force feedback in the interaction, thus avoiding the need for force sensors mounted at the robot end-effector. Current-based impedance control is implemented on the robot; experimental results in free space as well as in constrained space are provided.

Visual analytics of geo-social interaction patterns for epidemic control.

Science.gov (United States)

Luo, Wei

2016-08-10

Human interaction and population mobility determine the spatio-temporal course of the spread of an airborne disease. This research views such spreads as geo-social interaction problems, because population mobility connects different groups of people over geographical locations via which the viruses transmit. Previous research argued that geo-social interaction patterns identified from population movement data can provide great potential in designing effective pandemic mitigation. However, little work has been done to examine the effectiveness of designing control strategies taking into account geo-social interaction patterns. To address this gap, this research proposes a new framework for effective disease control; specifically this framework proposes that disease control strategies should start from identifying geo-social interaction patterns, designing effective control measures accordingly, and evaluating the efficacy of different control measures. This framework is used to structure design of a new visual analytic tool that consists of three components: a reorderable matrix for geo-social mixing patterns, agent-based epidemic models, and combined visualization methods. With real world human interaction data in a French primary school as a proof of concept, this research compares the efficacy of vaccination strategies between the spatial-social interaction patterns and the whole areas. The simulation results show that locally targeted vaccination has the potential to keep infection to a small number and prevent spread to other regions. At some small probability, the local control strategies will fail; in these cases other control strategies will be needed. This research further explores the impact of varying spatial-social scales on the success of local vaccination strategies. The results show that a proper spatial-social scale can help achieve the best control efficacy with a limited number of vaccines. The case study shows how GS-EpiViz does support the design

Medium Access Control Protocols for Cognitive Radio Ad Hoc Networks: A Survey

Directory of Open Access Journals (Sweden)

Mahdi Zareei

2017-09-01

Full Text Available New wireless network paradigms will demand higher spectrum use and availability to cope with emerging data-hungry devices. Traditional static spectrum allocation policies cause spectrum scarcity, and new paradigms such as Cognitive Radio (CR and new protocols and techniques need to be developed in order to have efficient spectrum usage. Medium Access Control (MAC protocols are accountable for recognizing free spectrum, scheduling available resources and coordinating the coexistence of heterogeneous systems and users. This paper provides an ample review of the state-of-the-art MAC protocols, which mainly focuses on Cognitive Radio Ad Hoc Networks (CRAHN. First, a description of the cognitive radio fundamental functions is presented. Next, MAC protocols are divided into three groups, which are based on their channel access mechanism, namely time-slotted protocol, random access protocol and hybrid protocol. In each group, a detailed and comprehensive explanation of the latest MAC protocols is presented, as well as the pros and cons of each protocol. A discussion on future challenges for CRAHN MAC protocols is included with a comparison of the protocols from a functional perspective.

Efficient key management for cryptographically enforced access control

NARCIS (Netherlands)

Zych, Anna; Petkovic, Milan; Jonker, Willem

Cryptographic enforcement of access control mechanisms relies on encrypting protected data with the keys stored by authorized users. This approach poses the problem of the distribution of secret keys. In this paper, a key management scheme is presented where each user stores a single key and is

Health Data Interactive (HDI)

Data.gov (United States)

U.S. Department of Health & Human Services — Health Data Interactive (HDI) presents a broad range of important public health indicators through an interactive web-based application that provides access to...

Bio-Inspired Interaction Control of Robotic Machines for Motor Therapy

OpenAIRE

Zollo, Loredana; Formica, Domenico; Guglielmelli, Eugenio

2007-01-01

In this chapter basic criteria for the design and implementation of interaction control of robotic machines for motor therapy have been briefly introduced and two bio-inspired compliance control laws developed by the authors to address requirements coming from this specific application field have been presented. The two control laws are named the coactivation-based compliance control in the joint space and the torque-dependent compliance control in the joint space, respectively. They try to o...

Access control issues and solutions for large sites

International Nuclear Information System (INIS)

Warren, F.E.

1992-07-01

The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them

Cognitive radio networks medium access control for coexistence of wireless systems

CERN Document Server

Bian, Kaigui; Gao, Bo

2014-01-01

This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing.  From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources.  Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems.   • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...

Integrating Usage Control with SIP-Based Communications

Directory of Open Access Journals (Sweden)

A. Lakas

2008-11-01

Full Text Available The Session Initiation Protocol (SIP is a signaling protocol used for establishing and maintaining communication sessions involving two or more participants. SIP was initially designed for voice over IP and multimedia conferencing, and then was extended to support other services such as instant messaging and presence management. Today, SIP is also adopted to be used with 3G wireless networks, thus it becomes an integral protocol for ubiquitous environment. SIP has various methods that support a variety of applications such as subscribing to a service, notification of an event, status update, and location and presence services. However, when it comes to security, the use of wireless and mobile communication technologies and the pervasive nature of this environment introduce higher risks to security than that of the old simple environment. In this paper, we introduce new architecture that implements a new type of access control called usage access control (UCON to control the access to the SIP-based communication at preconnection, during connection, and postconnection. This will enable prescribers of SIP services to control who can identify their locations to approve or disapprove their subsequent connections, and to also set some parameters to determine whether a certain communication can continue or should terminate.

A novel technique to extract events from access control system and locate persons

International Nuclear Information System (INIS)

Vincent, M.; Vaidyanathan, Mythili; Patidar, Suresh Chandra; Prabhakara Rao, G.

2011-01-01

Indira Gandhi Centre for Atomic Research houses many laboratories which handle radioactive materials and classified materials. Protection and accounting of men and material and critical facilities are important aspect of nuclear security. Access Control System (ACS) is used to enhance the protective measures against elevated threat environment. Access control system hardware consists of hand geometry readers, RFID readers, Controllers, Electromagnetic door locks, Turnstiles, fiber cable laying and termination etc. Access Control System controls and monitors the people accessing the secured facilities. Access Control System generates events on: 1. Showing of RFID card, 2. Rotation of turnstile, 3. Download of valid card numbers, 4. Generation of alarms etc. Access control system turnstiles are located in main entrance of a facility, entrance of inside laboratory and door locks are fixed on secured facilities. Events are stored in SQL server database. From the events stored in database a novel technique is developed to extract events and list the persons in a particular facility, list all entry/exit events on one day, list the first in and last out entries. This paper discusses the complex multi level group by queries and software developed to extract events from database, locate persons and generate reports. Software is developed as a web application in ASP.Net and query is written in SQL. User can select the doors, type of events and generate reports. Reports are generated using the master data stored about employees RFID cards and events data stored in tables. Four types of reports are generated 1. Plant Emergency Report, 2. Locate User Report, 3. Entry - Exit Report, 4. First in Last out Report. To generate plant emergency report for whole plant only events generated in outer gates have to be considered. To generate plant emergency report for inside laboratory, events generated in entrance gates have to be ignored. (author)

On the performance of shared access control strategy for femtocells

KAUST Repository

Magableh, Amer M.; Radaydeh, Redha Mahmoud; Alouini, Mohamed-Slim

2013-01-01

access protocol (SAP), to enable the unauthorized macrocell user equipment to communicate with partially closed-access femtocell base station to improve and enhance the system performance. The system model considers a femtocell that is equipped with a

SoNeUCON_{ABC}Pro: an access control model for social networks with translucent user provenance

OpenAIRE

González Manzano, Lorena; Slaymaker, Mark; Fuentes García Romero de Tejada, José María de; Vayenas, Dimitris

2018-01-01

Proceedings of: SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017 Web-Based Social Networks (WBSNs) are used by millions of people worldwide. While WBSNs provide many benefits, privacy preservation is a concern. The management of access control can help to assure data is accessed by authorized users. However, it is critical to provide sufficient flexibility so that a rich set of conditions may be imposed by users. In this paper we coi...

Electromagnetic interference-aware transmission scheduling and power control for dynamic wireless access in hospital environments.

Science.gov (United States)

Phunchongharn, Phond; Hossain, Ekram; Camorlinga, Sergio

2011-11-01

We study the multiple access problem for e-Health applications (referred to as secondary users) coexisting with medical devices (referred to as primary or protected users) in a hospital environment. In particular, we focus on transmission scheduling and power control of secondary users in multiple spatial reuse time-division multiple access (STDMA) networks. The objective is to maximize the spectrum utilization of secondary users and minimize their power consumption subject to the electromagnetic interference (EMI) constraints for active and passive medical devices and minimum throughput guarantee for secondary users. The multiple access problem is formulated as a dual objective optimization problem which is shown to be NP-complete. We propose a joint scheduling and power control algorithm based on a greedy approach to solve the problem with much lower computational complexity. To this end, an enhanced greedy algorithm is proposed to improve the performance of the greedy algorithm by finding the optimal sequence of secondary users for scheduling. Using extensive simulations, the tradeoff in performance in terms of spectrum utilization, energy consumption, and computational complexity is evaluated for both the algorithms.

智能门禁系统设计要点探讨%Discussion on the Design of Intelligent Access Control System

Institute of Scientific and Technical Information of China (English)

朱矩龙

2015-01-01

Access control system is the basis and security of the use of building security, the use of advanced technology to design intelligent access control system is conducive to improve the safety of the building. Discusses a based on TM card intelligent access control system design, expounds the main problems existing in traditional access control system, comprehensive description of the hardware design and software design of the intelligent access control system, and the system is simulated and tested.%门禁系统是建筑使用安全性的基础和保障，使用先进技术对智能门禁系统进行设计有利于提高建筑的安全性能。探讨了一种基于TM卡技术的智能门禁系统设计，阐述了传统门禁系统存在的主要问题，综合说明了智能门禁系统的硬件设计和软件设计，并对系统进行了仿真测试。

Utilization and control of ecological interactions in polymicrobial infections and community-based microbial cell factories

DEFF Research Database (Denmark)

Wigneswaran, Vinoth; Amador Hierro, Cristina Isabel; Jelsbak, Lotte

2016-01-01

Microbial activities are most often shaped by interactions between co-existing microbes within mixed-species communities. Dissection of the molecular mechanisms of species interactions within communities is a central issue in microbial ecology, and our ability to engineer and control microbial co...

RESEARCH Improving access and quality of care in a TB control ...

African Journals Online (AJOL)

or treatment. Improving access and quality of care in a. TB control programme. Vera Scott, Virginia Azevedo, Judy Caldwell. Objectives. To use a quality improvement approach to improve access to and quality of tuberculosis (TB) diagnosis and care in. Cape Town. Methods. Five HIV/AIDS/sexually transmitted infections/TB.

An Effective Key Management Approach to Differential Access Control in Dynamic Environments

OpenAIRE

Yogesh Karandikar; Xukai Zou; Yuanshun Dai

2006-01-01

Applications like e-newspaper or interactive online gaming have more than one resource and a large number of users. There is a many-to-many relationship between users and resources; each user can access multiple resources and multiple users can access each resource. The resources are independent and each resource needs to be encrypted by a different Resource Encryption Key (REK). Each REK needs to be distributed to all subscribers of the resource and each subscriber must get all the REKs he/s...

Directional Medium Access Control (MAC Protocols in Wireless Ad Hoc and Sensor Networks: A Survey

Directory of Open Access Journals (Sweden)

David Tung Chong Wong

2015-06-01

Full Text Available This survey paper presents the state-of-the-art directional medium access control (MAC protocols in wireless ad hoc and sensor networks (WAHSNs. The key benefits of directional antennas over omni-directional antennas are longer communication range, less multipath interference, more spatial reuse, more secure communications, higher throughput and reduced latency. However, directional antennas lead to single-/multi-channel directional hidden/exposed terminals, deafness and neighborhood, head-of-line blocking, and MAC-layer capture which need to be overcome. Addressing these problems and benefits for directional antennas to MAC protocols leads to many classes of directional MAC protocols in WAHSNs. These classes of directional MAC protocols presented in this survey paper include single-channel, multi-channel, cooperative and cognitive directional MACs. Single-channel directional MAC protocols can be classified as contention-based or non-contention-based or hybrid-based, while multi-channel directional MAC protocols commonly use a common control channel for control packets/tones and one or more data channels for directional data transmissions. Cooperative directional MAC protocols improve throughput in WAHSNs via directional multi-rate/single-relay/multiple-relay/two frequency channels/polarization, while cognitive directional MAC protocols leverage on conventional directional MAC protocols with new twists to address dynamic spectrum access. All of these directional MAC protocols are the pillars for the design of future directional MAC protocols in WAHSNs.

Validation of Housing Standards Addressing Accessibility

DEFF Research Database (Denmark)

Helle, Tina

2013-01-01

The aim was to explore the use of an activity-based approach to determine the validity of a set of housing standards addressing accessibility. This included examination of the frequency and the extent of accessibility problems among older people with physical functional limitations who used...... participant groups were examined. Performing well-known kitchen activities was associated with accessibility problems for all three participant groups, in particular those using a wheelchair. The overall validity of the housing standards examined was poor. Observing older people interacting with realistic...... environments while performing real everyday activities seems to be an appropriate method for assessing accessibility problems....

An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

Science.gov (United States)

Bergart, Jeffrey G.; And Others

This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

An Interactive, Web-based High Performance Modeling Environment for Computational Epidemiology.

Science.gov (United States)

Deodhar, Suruchi; Bisset, Keith R; Chen, Jiangzhuo; Ma, Yifei; Marathe, Madhav V

2014-07-01

We present an integrated interactive modeling environment to support public health epidemiology. The environment combines a high resolution individual-based model with a user-friendly web-based interface that allows analysts to access the models and the analytics back-end remotely from a desktop or a mobile device. The environment is based on a loosely-coupled service-oriented-architecture that allows analysts to explore various counter factual scenarios. As the modeling tools for public health epidemiology are getting more sophisticated, it is becoming increasingly hard for non-computational scientists to effectively use the systems that incorporate such models. Thus an important design consideration for an integrated modeling environment is to improve ease of use such that experimental simulations can be driven by the users. This is achieved by designing intuitive and user-friendly interfaces that allow users to design and analyze a computational experiment and steer the experiment based on the state of the system. A key feature of a system that supports this design goal is the ability to start, stop, pause and roll-back the disease propagation and intervention application process interactively. An analyst can access the state of the system at any point in time and formulate dynamic interventions based on additional information obtained through state assessment. In addition, the environment provides automated services for experiment set-up and management, thus reducing the overall time for conducting end-to-end experimental studies. We illustrate the applicability of the system by describing computational experiments based on realistic pandemic planning scenarios. The experiments are designed to demonstrate the system's capability and enhanced user productivity.

Toward Optimization of Gaze-Controlled Human-Computer Interaction: Application to Hindi Virtual Keyboard for Stroke Patients.

Science.gov (United States)

Meena, Yogesh Kumar; Cecotti, Hubert; Wong-Lin, Kongfatt; Dutta, Ashish; Prasad, Girijesh

2018-04-01

Virtual keyboard applications and alternative communication devices provide new means of communication to assist disabled people. To date, virtual keyboard optimization schemes based on script-specific information, along with multimodal input access facility, are limited. In this paper, we propose a novel method for optimizing the position of the displayed items for gaze-controlled tree-based menu selection systems by considering a combination of letter frequency and command selection time. The optimized graphical user interface layout has been designed for a Hindi language virtual keyboard based on a menu wherein 10 commands provide access to type 88 different characters, along with additional text editing commands. The system can be controlled in two different modes: eye-tracking alone and eye-tracking with an access soft-switch. Five different keyboard layouts have been presented and evaluated with ten healthy participants. Furthermore, the two best performing keyboard layouts have been evaluated with eye-tracking alone on ten stroke patients. The overall performance analysis demonstrated significantly superior typing performance, high usability (87% SUS score), and low workload (NASA TLX with 17 scores) for the letter frequency and time-based organization with script specific arrangement design. This paper represents the first optimized gaze-controlled Hindi virtual keyboard, which can be extended to other languages.

A Protective Mechanism for the Access Control System in the Virtual Domain

Institute of Scientific and Technical Information of China (English)

Jinan Shen; Deqing Zou; Hai Jin; Kai Yang; Bin Yuan; Weiming Li

2016-01-01

In traditional framework,mandatory access control (MAC) system and malicious software are run in kernel mode.Malicious software can stop MAC systems to be started and make it do invalid.This problem cannot be solved under the traditional framework if the operating system (OS) is comprised since malwares are running in ring0 level.In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems.We separate the access control system into three parts:policy management (PM),security server (SS) and policy enforcement (PE).Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks.We add an access vector cache (AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain.The policy enforcement module is retained in the guest OS for performance.The security of AVC and PE can be ensured by using a memory protection mechanism.The goal of protecting the OS kemel is to ensure the security of the execution path.We implement the system by a modified Xen hypervisor.The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter.Our system offers a centralized security policy for virtual domains in virtual machine environments.

Design of IP Camera Access Control Protocol by Utilizing Hierarchical Group Key

Directory of Open Access Journals (Sweden)

Jungho Kang

2015-08-01

Full Text Available Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied.

Study on Mandatory Access Control in a Secure Database Management System

Institute of Scientific and Technical Information of China (English)

无

2001-01-01

This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

Interaction control of a redundant mobile manipulator

International Nuclear Information System (INIS)

Chung, J.H.; Velinsky, S.A.; Hess, R.A.

1998-01-01

This paper discusses the modeling and control of a spatial mobile manipulator that consists of a robotic manipulator mounted on a wheeled mobile platform. The Lagrange-d'Alembert formulation is used to obtain a concise description of the dynamics of the system, which is subject to nonholonomic constraints. The complexity of the model is increased by introducing kinematic redundancy, which is created when a multilinked manipulator is used. The kinematic redundancy is resolved by decomposing the mobile manipulator into two subsystems: the mobile platform and the manipulator. The redundancy resolution scheme employs a nonlinear interaction-control algorithm, which is developed and applied to coordinate the two subsystems' controllers. The subsystem controllers are independently designed, based on each subsystem's dynamic characteristics. Simulation results show the promise of the developed algorithm

MultiWaveLink: An interactive data base for the coordination of multiwavelength and multifacility observations

Science.gov (United States)

Cordova, F. A.

1993-01-01

MultiWaveLink is an interactive, computerized data base that was developed to facilitate a multi-wavelength approach to studying astrophysical sources. It can be used to access information about multiwavelenth resources (observers, telescopes, data bases and analysis facilities) or to organize observing campaigns that require either many telescopes operating in different spectral regimes or a network of similar telescopes circumspanning the Earth.

Interactivity in automatic control: foundations and experiences

OpenAIRE

Dormido Bencomo, Sebastián; Guzmán Sánchez, José Luis; Costa Castelló, Ramon; Berenguel, M

2012-01-01

The first part of this paper presents the concepts of interactivity and visualization and its essential role in learning the fundamentals and techniques of automatic control. More than 10 years experience of the authors in the development and design of interactive tools dedicated to the study of automatic control concepts are also exposed. The second part of the paper summarizes the main features of the “Automatic Control with Interactive Tools” text that has been recently published by Pea...

Ongoing spontaneous activity controls access to consciousness: a neuronal model for inattentional blindness.

Directory of Open Access Journals (Sweden)

Stanislas Dehaene

2005-05-01

Full Text Available Even in the absence of sensory inputs, cortical and thalamic neurons can show structured patterns of ongoing spontaneous activity, whose origins and functional significance are not well understood. We use computer simulations to explore the conditions under which spontaneous activity emerges from a simplified model of multiple interconnected thalamocortical columns linked by long-range, top-down excitatory axons, and to examine its interactions with stimulus-induced activation. Simulations help characterize two main states of activity. First, spontaneous gamma-band oscillations emerge at a precise threshold controlled by ascending neuromodulator systems. Second, within a spontaneously active network, we observe the sudden "ignition" of one out of many possible coherent states of high-level activity amidst cortical neurons with long-distance projections. During such an ignited state, spontaneous activity can block external sensory processing. We relate those properties to experimental observations on the neural bases of endogenous states of consciousness, and particularly the blocking of access to consciousness that occurs in the psychophysical phenomenon of "inattentional blindness," in which normal subjects intensely engaged in mental activity fail to notice salient but irrelevant sensory stimuli. Although highly simplified, the generic properties of a minimal network may help clarify some of the basic cerebral phenomena underlying the autonomy of consciousness.

Ongoing spontaneous activity controls access to consciousness: a neuronal model for inattentional blindness.

Science.gov (United States)

Dehaene, Stanislas; Changeux, Jean-Pierre

2005-05-01

Even in the absence of sensory inputs, cortical and thalamic neurons can show structured patterns of ongoing spontaneous activity, whose origins and functional significance are not well understood. We use computer simulations to explore the conditions under which spontaneous activity emerges from a simplified model of multiple interconnected thalamocortical columns linked by long-range, top-down excitatory axons, and to examine its interactions with stimulus-induced activation. Simulations help characterize two main states of activity. First, spontaneous gamma-band oscillations emerge at a precise threshold controlled by ascending neuromodulator systems. Second, within a spontaneously active network, we observe the sudden "ignition" of one out of many possible coherent states of high-level activity amidst cortical neurons with long-distance projections. During such an ignited state, spontaneous activity can block external sensory processing. We relate those properties to experimental observations on the neural bases of endogenous states of consciousness, and particularly the blocking of access to consciousness that occurs in the psychophysical phenomenon of "inattentional blindness," in which normal subjects intensely engaged in mental activity fail to notice salient but irrelevant sensory stimuli. Although highly simplified, the generic properties of a minimal network may help clarify some of the basic cerebral phenomena underlying the autonomy of consciousness.

Web-based, Interactive, Nuclear Reactor Transient Analyzer using LabVIEW and RELAP5 (ATHENA)

International Nuclear Information System (INIS)

Kim, K. D.; Chung, B. D.; Rizwan-uddin

2006-01-01

In nuclear engineering, large system analysis codes such as RELAP5, TRAC-M, etc. play an important role in evaluating a reactor system behavior during a wide range of transient conditions. One limitation that restricts their use on a wider scale is that these codes often have a complicated I/O structure. This has motivated the development of GUI tools for best estimate codes, such as SNAP and ViSA, etc. In addition to a user interface, a greater degree of freedom in simulation and analyses of nuclear transient phenomena can be achieved if computer codes and their outputs are accessible from anywhere through the web. Such a web-based interactive interface can be very useful for geographically distributed groups when there is a need to share real-time data. Using mostly off-the-shelf technology, such a capability - a web-based transient analyzer based on a best-estimate code - has been developed. Specifically, the widely used best-estimate code RELAP5 is linked with a graphical interface. Moreover, a capability to web-cast is also available. This has been achieved by using the LabVIEW virtual instruments (VIs). In addition to the graphical display of the results, interactive control functions have also been added that allow operator's actions as well as, if permitted, by a distant user through the web

Characterization of coded random access with compressive sensing based multi user detection

DEFF Research Database (Denmark)

Ji, Yalei; Stefanovic, Cedomir; Bockelmann, Carsten

2014-01-01

The emergence of Machine-to-Machine (M2M) communication requires new Medium Access Control (MAC) schemes and physical (PHY) layer concepts to support a massive number of access requests. The concept of coded random access, introduced recently, greatly outperforms other random access methods...... coded random access with CS-MUD on the PHY layer and show very promising results for the resulting protocol....

A mobile console for local access to accelerator control systems.

CERN Multimedia

1981-01-01

Microprocessors were installed as auxiliary crate controllers (ACCs) in the CAMAC interface of control systems for various accelerators. The same ACC was also at the hearth of a stand-alone system in the form of a mobile console. This was also used for local access to the control systems for tests and development work (Annual Report 1981, p. 80, Fig. 10).