Flexible role-handling in command and control systems

Landberg, Fredrik

January 2006

In organizations the permissions a member has is not decided by their person, but by their functions within the organization. This is also the approach taken within military command and control systems. Military operations are often characterized by frictions and uncontrollable factors. People being absent when needed are one such problem. This thesis has examined how roles are handled in three Swedish command and control systems. The result is a model for handling vacant roles with the possibility, in some situations, to override ordinary rules.

Command and control system

RBAC

access control

vacancy

delegation

Effective Power Consumption in MAC Protocols for Wireless Sensor Networks

Augustin, Angelika

January 2006

Wireless sensor networks offer easy implementation, flexibility and mobility of hand held devices. Sensors consist of an internal power source, which is the great limitation for the life time and the usage of sensor networks. To increase the life time, sensors should stay in energy saving sleep mode as long as possible, because in sleep mode the radio is either shut down or working with less energy. Better energy handling is implemented in different power saving mechanism of common Medium Access Control protocols, which are evaluated and analyzed and further extensions and ideas to improve the energy efficiency are presented. Slotted PSM is simulated with the NS2 and compared to the WLAN 802.11 PSM technology and the results show that energy efficiency and power consumption are much better implemented and life time increases with the use of Slotted PSM.

Wireless Sensor Network

Medium Access Control Protocol

Power Saving Mechanism

On Fine-Grained Access Control for XML

Zhuo, Donghui

January 2003

Fine-grained access control for XML is about controlling access to XML documents at the granularity of individual elements or attributes. This thesis addresses two problems related to XML access controls. The first is efficient, secure evaluation of XPath expressions. We present a technique that secures path expressions by means of query modification, and we show that the query modification algorithm is correct under a language-independent semantics for secure query evaluation. The second problem is to provide a compact, yet useful, representation of the access matrix. Since determining a user's privilege directly from access control policies can be extremely inefficient, materializing the access matrix---the net effect of the access control policies---is a common approach to speed up the authorization decision making. The fine-grained nature of XML access controls, however, makes the space cost of matrix materialization a significant issue. We present a codebook-based technique that records access matrices compactly. Our experimental study shows that the codebook approach exhibits significant space savings over other storage schemes, such as the access control list and the compressed accessibility map. The solutions to the above two problems provide a foundation for the development of an efficient mechanism that enforces fine-grained access controls for XML databases in the cases of query access.

Computer Science

access control

XML

fine-grained

security

access matrix

Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks

Cai, Lin

17 December 2009

The next-generation wireless networks are expected to integrate diverse network architectures and various wireless access technologies to provide a robust solution for ubiquitous broadband wireless access, such as wireless local area networks (WLANs), Ultra-Wideband (UWB), and millimeter-wave (mmWave) based wireless personal area networks (WPANs), etc. To enhance the spectral efficiency and link reliability, smart antenna systems have been proposed as a promising candidate for future broadband access networks. To effectively exploit the increased capabilities of the emerging wireless networks, the different network characteristics and the underlying physical layer features need to be considered in the medium access control (MAC) design, which plays a critical role in providing efficient and fair resource sharing among multiple users. In this thesis, we comprehensively investigate the MAC design in both single- and multi-hop broadband wireless networks, with and without infrastructure support. We first develop mathematical models to identify the performance bottlenecks and constraints in the design and operation of existing MAC. We then use a cross-layer approach to mitigate the identified bottleneck problems. Finally, by evaluating the performance of the proposed protocols with analytical models and extensive simulations, we determine the optimal protocol parameters to maximize the network performance. In specific, a generic analytical framework is developed for capacity study of an IEEE 802.11 WLAN in support of non-persistent asymmetric traffic flows. The analysis can be applied for effective admission control to guarantee the quality of service (QoS) performance of multimedia applications. As the access point (AP) becomes the bottleneck in an infrastructure based WLAN, we explore the multiple-input multiple-output (MIMO) capability in the future IEEE 802.11n WLANs and propose a MIMO-aware multi-user (MU) MAC. By exploiting the multi-user degree of freedom in a MIMO system to allow the AP to communicate with multiple users in the downlink simultaneously, the proposed MU MAC can minimize the AP-bottleneck effect and significantly improve the network capacity. Other enhanced MAC mechanisms, e.g., frame aggregation and bidirectional transmissions, are also studied. Furthermore, different from a narrowband system where simultaneous transmissions by nearby neighbors collide with each other, wideband system can support multiple concurrent transmissions if the multi-user interference can be properly managed. Taking advantage of the salient features of UWB and mmWave communications, we propose an exclusive region (ER) based MAC protocol to exploit the spatial multiplexing gain of centralized UWB and mmWave based wireless networks. Moreover, instead of studying the asymptotic capacity bounds of arbitrary networks which may be too loose to be useful in realistic networks, we derive the expected capacity or transport capacity of UWB and mmWave based networks with random topology. The analysis reveals the main factors affecting the network (transport) capacity, and how to determine the best protocol parameters to maximize the network capacity. In addition, due to limited transmission range, multi-hop relay is necessary to extend the communication coverage of UWB networks. A simple, scalable, and distributed UWB MAC protocol is crucial for efficiently utilizing the large bandwidth of UWB channels and enabling numerous new applications cost-effectively. To address this issue, we further design a distributed asynchronous ER based MAC for multi-hop UWB networks and derive the optimal ER size towards the maximum network throughput. The proposed MAC can significantly improve both network throughput and fairness performance, while the throughput and fairness are usually treated as a tradeoff in other MAC protocols.

Medium Access Control

Wireless Networks

Electrical and Computer Engineering

Method-Specific Access Control in Java via Proxy Objects using Annotations

Zarnett, Jeffrey

January 2010

Partially restricting access to objects enables system designers to finely control the security of their systems. We propose a novel approach that allows granting partial access at method granularity on arbitrary objects to remote clients, using proxy objects. Our initial approach considers methods to be either safe (may be invoked by anyone) or unsafe (may be invoked only by trusted users). We next generalize this approach by supporting Role-Based Access Control (RBAC) for methods in objects. In our approach, a policy implementer annotates methods, interfaces, and classes with roles. Our system automatically creates proxy objects for each role, which contain only methods to which that role is authorized. This thesis explains the method annotation process, the semantics of annotations, how we derive proxy objects based on annotations, and how clients invoke methods via proxy objects. We present the advantages to our approach, and distinguish it from existing approaches to method-granularity access control. We provide detailed semantics of our system, in First Order Logic, to describe its operation. We have implemented our system in the Java programming language and evaluated its performance and usability. Proxy objects have minimal overhead: creation of a proxy object takes an order of magnitude less time than retrieving a reference to a remote object. Deriving the interface---a one-time cost---is on the same order as retrieval. We present empirical evidence of the effectiveness of our approach by discussing its application to software projects that range from thousands to hundreds of thousands of lines of code; even large software projects can be annotated in less than a day.

Access Control

Java

Proxy Object

Annotation

Security

Electrical and Computer Engineering

Using JESS for Enforcing Separation of Duties and Binding of Duties in a Web Services-based Workflow

Jang, Yu-Shu

29 July 2010

Open distributed environments such as the World Wide Web facilitate information sharing but provide limited support to the protection of sensitive information and resources. Web services have become a part of components for quickly building a business process that satisfies the business goal of an organization, and access control is imperative to prevent the illegal access of sensitive information. In recent years, several researches have investigated the Web services-based workflow access control problem, and selection approaches for choosing the performer for each task so as to satisfy all access control constraints have been proposed. Based on the role-based access control model, we focus on two types of access control: separation of duties and binding of duties. Both role-level and participant-level of SoDs and of BoDs that need to be dynamically enforced are considered in this thesis. While dealing with complex and flexible business logics, we use rule engine to reasons with the business facts to get the result based on business rules. The proposed approach is evaluated by a workflow scenario and is shown to be flexible to develop new process with dynamic access control constraints at the cost of higher execution time.

Rule Engine

Web Services

Web Service Selection

Access Control

An Access Control Protocol based on Estimation of Multimedia Trafic with an Adpative Algorithm in CDMA Packet Network

Hirayama, Yasuhiro, Okada, Hiraku, Yamazato, Takaya, Katayama, Masaaki

09 1900

No description available.

CDMA packet communications

multimedia traffic

access control protocol

adaptive algorithm

CDMA ALOHA Systems with Modified Channel Load Sensing Protocol for Satellite Communications

Okada, Hiraku, Saito, Masato, Sato, Takeshi, Yamazato, Takaya, Katayama, Masaaki, Ogawa, Akira

12 1900

No description available.

CDMA ALOHA

throughput

access control

access timing delay

Enforcing Access Control of Web Services Based Workflows

Yin, Chuan

22 July 2008

Web services have emerged as a de facto standard for encapsulating services within or across organization boundaries. Various proposals have been made to compose Web services into workflow so as to meet the goal previously unaccomplished by a single entity. This thesis intends to investigate the Web services-based workflow access control problem. It starts by analyzing the various access control constraints proposed in the literatures and presenting three primitive constructs that are capable of specify these constraints. It then proposes a Web service selection approach that dynamically chooses a performer for each task in the workflow, not only to satisfy all access control constraints currently but also to increase the chance of completing the entire process in the future. The proposed approach is evaluated using synthetic data and is shown to result in the execution that is less likely to violate any specified access control constraints.

Reliability

Web Services

Web Service Selection

Access Control

Scheduling Algorithm with Network Coding for Wireless Access Networks

Yang, Ya-Fang

30 July 2009

Unlike the traditional store-and-forward mechanism in packet-switching networks,network coding schemes could combine and modify the contents of a number of packets from different source before the packets are forwarded.It has been recently shown that network coding techniques can significantly increase the overall throughput of wireless networks by taking advantage of their broadcast nature. In wireless networks,each transmitted packet is broadcasted within a certain area and can be overheard by the neighboring nodes.When a node needs to transmit packets,it employs the coding approach that uses the knowledge of what the node's neighbors have heard in order to reduce the number of transmissions. In this thesis,I propose jointly designing the network coding scheme and the media access control scheme to improve the performance of wireless networks.

wireless network

media access control

scheduling

network coding

broadcast