A policy language definition for provenance in pervasive computing

Alsiyami, Aeshah Abdulkarim Dammad

January 2012

Recent advances in computing technology have led to the paradigm of pervasive computing, which provides a means of simplifying daily life by integrating information processing into the everyday physical world. Pervasive computing draws its power from knowing the surroundings and creates an environment which combines computing and communication capabilities. Sensors that provide high-resolution spatial and instant measurement are most commonly used for forecasting, monitoring and real-time environmental modelling. Sensor data generated by a sensor network depends on several influences, such as the configuration and location of the sensors or the processing performed on the raw measurements. Storing sufficient metadata that gives meaning to the recorded observation is important in order to draw accurate conclusions or to enhance the reliability of the result dataset that uses this automatically collected data. This kind of metadata is called provenance data, as the origin of the data and the process by which it arrived from its origin are recorded. Provenance is still an exploratory field in pervasive computing and many open research questions are yet to emerge. The context information and the different characteristics of the pervasive environment call for different approaches to a provenance support system. This work implements a policy language definition that specifies the collecting model for provenance management systems and addresses the challenges that arise with stream data and sensor environments. The structure graph of the proposed model is mapped to the Open Provenance Model in order to facilitating the sharing of provenance data and interoperability with other systems. As provenance security has been recognized as one of the most important components in any provenance system, an access control language has been developed that is tailored to support the special requirements of provenance: fine-grained polices, privacy policies and preferences. Experimental evaluation findings show a reasonable overhead for provenance collecting and a reasonable time for provenance query performance, while a numerical analysis was used to evaluate the storage overhead.

004

Secure file sharing

Alsowail, Rakan

January 2016

File sharing has become an indispensable part of our daily lives. The shared files might be sensitive, thus, their confidentially, integrity and availability should be protected. Such protection might be against external threats that are initiated by unauthorised users or insider threats that are initiated by authorised users. Our main interest in this thesis is with insider threats. Protecting shared files against insiders is a challenging problem. Insiders enjoy various characteristics such as being trusted and authorised, in addition to being inside the network perimeter and having knowledge of information systems. This makes it difficult to prevent or detect policy violation for these users. The goal of this thesis is to protect shared files from the perspective of insider security with language-based techniques. In the first part of the thesis, we define what we mean by an insider and the insider problem precisely, and propose an approach to classify the insider problem into different categories. We then define and focus on one category that is related to file sharing. Namely, protecting the confidentiality and integrity of the shared files against accidental misuse by insiders. Furthermore, we classify the activity of file sharing into different categories that describe all possible ways of performing the activity of file sharing. These categories represent policies that describe how files should be propagated and accessed by insiders. We show that enforcing these policies can protect the files against accidental misuse by insiders while allowing the activity of sharing to be performed as desired. Thus our interest can be summarised as keeping honest users safe. In the second part of the thesis, we develop a security type system that statically enforces information flow and access control policies in a file system. Files are associated with security types that represent security policies, and programs are sets of operations to be performed on files such as read, copy, move, etc. A type checker, therefore, will statically check each operation to be performed on a file and determine whether the operation satisfies the policy of the file. We prove that our type system is sound and develop a type reconstruction algorithm and prove its soundness and completeness. The type system we developed in this thesis protects the files against accidental misuse by insiders.

005.8

Negative correlation in neural systems

Durrant, Simon

January 2010

In our attempt to understand neural systems, it is useful to identify statistical principles that may be beneficial in neural information processing, outline how these principles may work in theory, and demonstrate the benefits through computational modelling and simulation. Negative correlation is one such principle, and is the subject of this work. The main body of the work falls into three parts. The first part demonstrates the space filling and accelerated central limit convergence benefits of negative correlation, both generally and in the specific neural context of V1 receptive fields. I outline two new algorithms combining traditional ICA with a correlation objective function. Correlated component analysis seeks components with a given correlation matrix, while correlated basis analysis seeks basis functions with a given correlation matrix. The benefits of recovering components and basis functions with negative correlations are shown. The second part looks at the functional role of negative correlation for integrate- and-fire neurons in the context of suprathreshold stochastic resonance, for neurons receiving Poisson inputs modelled by a diffusion approximation. I show how the SSR effect can be seen in networks of spiking neurons, and further show how correlation can be used to control the noise level, and that optimal information transmission occurs for negatively correlated inputs when parameters take biophysically plausible values. The final part examines the question of how negative correlation may be implemented in the context of small networks of spiking neurons. Networks of integrate-and-fire neurons with and without lateral inhibitory connections are tested, and the networks with the inhibitory connections are found to perform better and show negatively correlated firing patterns. This result is extended to more biophysically detailed neuron and synapse models, highlighting the robust nature of the mechanism. Finally, the mechanism is explained as a threshold-unit approximation to non-threshold maximum likelihood signal/noise decomposition.

004

Design and implementation of a low-level language for interaction nets

Sato, Shinya

January 2015

Interaction nets are a graphical model of computation based on a restricted form of graph rewriting. A specific net can represent a program with a user-defined set of nodes and computation is modelled by a user-defined set of rewrite rules. This very simple model has had great success in modelling sharing in computation (specifically in the lambda calculus), and there is potential for generating a new theoretical foundation of parallel computation since all computation steps are local and thus can be implemented in parallel. This thesis is about the implementation of interaction nets. Specifically, for the first contributions we define a low-level language as an object language for the compilation of interaction nets. We study the efficiency and properties of different data structures, and focus on the management of the rewriting process which is usually hidden in the graph rewriting system. We provide experimental data comparing the different choices of data structures and select one for further development. For the compilation of nets and rules into this language, we show an optimisation such that allocated memory for agents is reused, and thus we obtain optimal efficiency for the rewriting process. The second part of this thesis describes extensions of interaction nets so that they can be used as a programming language. Interaction nets in their pure form are quite restrictive in expressive power. By extending the notions of agents and rules we can express computation more naturally, yet still preserve the good properties (such as strong confluence) of the rewriting system. We then implement a selection of algorithms using and extending the compilation techniques developed in the first part of the thesis. We also demonstrate experimental results on multi-core CPUs, using the Posix-thread library, thus realising some of the potential for parallel implementation mentioned above.

004

Augmented reality interfaces : architectures for visualising and interacting with virtual information

Liarokapis, F.

January 2005

Augmented reality (AR) has the ability to enhance the real world by using computer-generated information that is projected onto the user's virtual environment. Users can visualise the superimposed information with a selection of display technologies and can interact with it in a natural manner by employing software interfaces, physical markers and hardware interaction devices. AR technology is developing rapidly, but it is still in its infancy. Up to now, only a small proportion of experimental systems address an effective visualisation and interaction interface that can handle different types of multimedia content into a single environment. This thesis presents augmented reality interfaces for visualising and interacting with virtual information in indoor environments. I propose the use of AR techniques to construct innovative applications and demonstrate examples from heritage to learning systems, using an experimental framework developed in this research. A novel AR architecture based on this framework is presented that provides generic solutions to the tasks involved in augmenting different types of digital information and processing of tracking data for natural interaction. Participants within the system can experience a real-time mixture of 3D objects, static video, images, textual information and 3D sound with the real environment. An interactive and user-friendly AR interface was further developed to achieve maximum interaction using simple but effective forms of collaboration. The novelty of the system is that users can browse and select 3D digital information over the internet and superimpose it on an interactive AR environment.

720.28568

A proof-of-proximity framework for device pairing in ubiquitous computing environments

Malkani, Yasir Arfat

January 2011

Ad hoc interactions between devices over wireless networks in ubiquitous computing environments present a security problem: the generation of shared secrets to initialize secure communication over a medium that is inherently vulnerable to various attacks. However, these ad hoc scenarios also offer the potential for physical security of spaces and the use of protocols in which users must visibly demonstrate their presence and/or involvement to generate an association. As a consequence, recently secure device pairing has had significant attention from a wide community of academic as well as industrial researchers and a plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two unassociated devices. These protocols and schemes have different strengths and weaknesses – often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user‟s point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. We advocate that in a world of modern heterogeneous devices and requirements, there is a need for mechanisms that allow automated selection of the best protocols without requiring the user to have an in-depth knowledge of the minutiae of the underlying technologies. Towards this, the main argument forming the basis of this dissertation is that the integration of a discovery mechanism and several pairing schemes into a single system is more efficient from a usability point of view as well as security point of view in terms of dynamic choice of pairing schemes. In pursuit of this, we have proposed a generic system for secure device pairing by demonstration of physical proximity. Our main contribution is the design and prototype implementation of Proof-of-Proximity framework along with a novel Co- Location protocol. Other contributions include a detailed analysis of existing device pairing schemes, a simple device discovery mechanism, a protocol selection mechanism that is used to find out the best possible scheme to demonstrate the physical proximity of the devices according to the scenario, and a usability study of eight pairing schemes and the proposed system.

004

An ant-inspired, deniable routing approach in ad hoc question & answer networks

Fleming, Simon

January 2012

The ubiquity of the Internet facilitates electronic question and answering (Q&A) between real people with ease via community portals and social networking websites. It is a useful service which allows users to appeal to a broad range of answerers. In most cases however, Q&A services produce answers by presenting questions to the general public or associated digital community with little regard for the amount of time users spend examining and answering them. Ultimately, a question may receive large amounts of attention but still not be answered adequately. Several existing pieces of research investigate the reasons why questions do not receive answers on Q&A services and suggest that it may be associated with users being afraid of expressing themselves. Q&A works well for solving information needs, however, it rarely takes into account the privacy requirements of the users who form the service. This thesis was motivated by the need for a more targeted approach towards Q&A by distributing the service across ad hoc networks. The main contribution of this thesis is a novel routing technique and networking environment (distributed Q&A) which balances answer quality and user attention while protecting privacy through plausible deniability. Routing approaches are evaluated experimentally by statistics gained from peer-to-peer network simulations, composed of Q&A users modelled via features extracted from the analysis of a large Yahoo! Answers dataset. Suggestions for future directions to this work are presented from the knowledge gained from our results and conclusions.

004

Partitions of codes

Waugh, Karl Michael Vincent

January 2013

In this thesis we look at coding theory wherein we introduce the concept of perspective, a generalisation on the minimum distance of a code, which naturally leads to a partition of the code. Subsequently we introduce focused splittings, which shall be shown to be a generalisation of perfect codes. We investigate the existence of such objects, and address questions such as the complexity of finding a focused splittings, which we show to be NPComplete. We analyse the symmetries of focused splittings. We use focused splittings to address the problem of error correction and we construct an encoding method based on them. Finally we test this construction for various classes of focused splittings.

510

Design considerations for a network control language (NCL)

Chapin, Wayne Barrett

January 2010

Typescript, etc. / Digitized by Kansas Correctional Industries

Computer networks

PASCAL/S : sequential PASCAL with data type extensions

North, Barbara K

January 2010

Typescript, etc. / Digitized by Kansas Correctional Industries

Compiling (Electronic computers)

Pascal (Computer program language)