A Database Level Implementation To Enforce Fine Grained Access Control

Arjun, Vinod

06 May 2008

As privacy protection has gained significant importance, organizations have been forced to protect individual preferences and comply with many enacted privacy laws. This has been a strong driving force for access control in relational databases. Traditional relation level access control is insufficient to address the increasingly complex requirements of access control policies where each cell in the relation might be governed by a separate policy. In order to address this demand, we are in need of a more fine grained access control scheme, at the row-level or even the cell-level. A recent research paper proposed correctness criteria for query evaluation algorithms enforcing fine grained access control and showed that existing approaches did not satisfy the criteria. In addition, the paper proposed a query modification approach to implement a sound and secure query evaluation algorithm enforcing fine grained access control. To evaluate queries involving moderate table sizes of 50000 and 100000 records we experimentally find that the implementation takes approximately 8 and 32 seconds respectively. This is approximately 10 times, on an average, slower than query evaluation algorithms without access control. This performance gap increases significantly with increase in table size, thus rendering it impractical. In this thesis, we modify the query evaluation engine of POSTGRESQL to enforce fine grained access control at the database level. We address a few challenges and propose optimizations to counter inefficiencies that we encounter when moving the access control scheme to the database level. We analyze the performance of our implementation using data sets with various properties and find that it performs approximately 10 times better compared to the query modification approach on moderate table sizes of 50000 and 100000 records. Also, we find that our implementation scales well with table size. Experimental results show that our implementation is comparable to the performance of query evaluation algorithms without access control and hence is practical.

Computer Science

Supporting Electronic CRC Card Sessions with Natural Interaction

Siegler, Brad

04 June 2004

This paper is an exploration into the potential of a new collaborative tool called the DiamondTouch. An application was developed to support CRC Card Sessions and tested with different users. As part of this research, experiment participants created software designs, both using and not using the software, where metrics were gathered about their performance. The results are examined both in a qualitatively and quantitatively manner for insight into usability of the system. With these results, an evaluation is made on the hardware and the software. Suggestions are made about the future of this application and can provide guidance for developing other collaborative applications on the DiamondTouch.

Computer Science

Multiagent Referral Systems: Maintaining and Applying Trust and Expertise Mode

Ranjit, Narendran

30 May 2007

This thesis addresses the challenge of assisting people to solve a problem by helping locate other people who might have the expertise required to solve that problem. To this end, the proposed system assigns an agent to each user. Further, it models a social network as a multiagent system based on the user's existing online identity. It provides heuristics by which an agent can estimate the expertise and trust to be placed in a user with whom the agent's user interactis. Our approach seeks to reduce the problem of finding an answer to a query to the problem of finding a path to a trustworthy expert who can answer the query. To accomplish this, our system uses referrals from one agent to another in the same fashion that word-of-mouth is used when people are looking for an expert. Our models of trust help establish the authenticity and veracity of the referrals and replies. This thesis describes the architecture and implementation of such a system.

Computer Science

Benchmark Characterization of Embedded Processors

Dasarathan, Dinesh

16 May 2005

The design of a processor is an iterative process, with many cycles of simulation, performance analysis and subsequent changes. The inputs to these cycles of simulations are generally a selected subset of standard benchmarks. To aid in reducing the number of cycles involved in design, one can characterize these selected benchmarks and use those characteristics to hit at a good initial design that will converge faster. Methods and systems to characterize benchmarks for normal processors are designed and implemented. This thesis extends these approaches and defines an abstract system to characterize benchmarks for embedded processors, taking into consideration the architectural requirements, power constraints and code compressibility. To demonstrate this method, around 25 benchmarks are characterized (10 from SPEC, and 15 from standard embedded benchmark suites - Mediabench and Netbench), and compared. Moreover, the similarities between these benchmarks are also analyzed and presented.

Computer Science

Identifying Bidding Strategies on eBay: A Feasibility Study

Shah, Harshit

24 May 2002

Millions of people participate in online auctions on websites such as eBay. The data available in these public markets offer interesting opportunities to study internet auctions. The main purpose of this research is to identify common bidding patterns that appear on eBay. We examine data from eBay videogame console auctions. A new way of interpreting bidding behaviors is proposed. The analysis reveals that there are certain bidding behaviors that appear frequently in the data. We identify the behaviors and infer bidder?s strategy that might lead to such behaviors.

Computer Science

Exploring Bimanual Tool-Based Interaction in a Drawing Environment

Butler, Colin Grant

28 May 2004

In this document, I will present HabilisDraw DT, a drawing environment in which bimanual direct manipulation and a strong tool-use metaphor are supported via the DiamondTouch input device from Mitsubishi Electronics Research Lab. The goal of this research is to explore the viability of the various contributions of HabilisDraw DT in the development of future interfaces. The principles upon which HabilisDraw DT have been built include persistent tools that embody intuitive aspects of their physical counterparts and an approach to interface learnability that capitalizes on the user?s inherent ability to use tools both separately and in conjunction with other tools. In addition to these principles, HabilisDraw DT extends the physical-virtual tool correlation with bimanual input via the MERL DiamondTouch input device and a close adherence to the direct manipulation interaction model. This paper presents background work in novel interaction and an overview of the HabilisDraw interface, then explores the benefits of a desktop metaphor that closely mimics the behavior of tools and objects in a two-dimensional drawing environment and argues for the applicability of the system?s fundamental principles for improving interface usability in the future.

Computer Science

TAO: A Topology-Adaptive Overlay Framework

Kandekar, Kunal

23 May 2006

Large-scale distributed systems rely on constructing overlay networks in which nodes communicate with each other through intermediate overlay neighbors. Organizing nodes in the overlay while preserving its congruence with the underlying IP topology (the underlay) is important to reduce the communication cost between nodes. In this thesis, we study the state-of-the-art approaches to match the overlay and underlay topologies and pinpoint their limitations in Internet-like setups. We also introduce a new Topology-Adaptive Overlay organization framework, TAO, which is scalable, accurate and lightweight. As opposed to earlier approaches, TAO compiles information resulting from traceroute packets to a small number of landmarks, and clusters nodes based on (1) the number of shared hops on their path towards the landmarks, and (2) their proximity to the landmarks. TAO is also highly flexible and can complement all existing structured and unstructured distributed systems. Our experimental results, based on actual Internet data, reveal that with only five landmarks, TAO identifies the closest node to any node with 85% - 90% accuracy and returns nodes that on average are within 1 millisecond from the closest node if the latter is missed. As a result, TAO overlays enjoy very low stretch (between 1.15 and 1.25). Our results also indicate that shortest-path routing on TAO overlays result in shorter end-to-end delays than direct underlay delays in 8-10% of the overlay paths.

Computer Science

A Scalable Architecture for SIP using Content Addressable Networks

Balasubramanian, Ramrajprabu

07 June 2004

Session initiation protocol (SIP) provides call establishment functions for VoIP including location resolution, authentication, signaling compression, and billing. These functions, when combined with the text-based nature of the protocol, are highly CPU-intensive under a peak load. Practical limitation on the available CPU power of a single SIP server mandates that the SIP infrastructure supporting these functions be distributed over multiple servers. Existing approaches to this problem using multiple nodes for SIP processing with a shared location database or a replicated location database to distribute the load are unfortunately not scalable or fault-tolerant, incurring high maintenance and update overheads or introducing a single point of failure. This thesis presents a proof-of-concept design and analysis of a scalable, robust architecture for SIP infrastructures using a content addressable network (CAN) model, called CASIP (CAN-based SIP). The combination of CAN and SIP is highly complementary. The performance study of CASIP using an implementation using a real SIP stack and NS-2 simulations shows that the proposed system distributes the SIP processing (both location update and lookup) load of the network over multiple nodes very effectively without incurring much routing and maintenance overhead; with use of simple cache schemes, CASIP can linearly add the number of servers in proportion to the increase in the subscriber base. The study also indicates that CASIP keeps the reconfiguration overhead minimal. Furthermore, the CASIP architecture exhibits high availability: a CASIP network of 50 nodes recovers from a server crash within 5 minutes, during which only 2% of call setup requests are dropped. These features enable cost-effective, incremental deployment of SIP servers in response to the user population growth

Computer Science

Wireless MAC Protocol Design and Analysis

Jang , Beakcheol

01 June 2009

Wireless networks are becoming very common due to their advantages such as rapid deployment and support for mobility. In this dissertation, we design and analyze the Medium Access Control (MAC) protocol for two popular wireless networks: Wireless Sensor Networks (WSNs) and Wireless Local Area Networks (WLANs). For WSNs, we design and analyze an energy efficient MAC protocols. Energy efficiency is a key design factor of a MAC protocol for WSNs. Existing preamble-sampling based MAC protocols have large overheads due to their preambles and are inefficient at large wakeup intervals. Synchronous scheduling MAC protocols minimize the preamble by combining preamble sampling and scheduling techniques; however, they do not prevent energy loss due to overhearing. In this dissertation, we present an energy efficient MAC protocol for WSNs, called AS-MAC, that avoids overhearing and reduces contention and delay by asynchronously scheduling the wakeup time of neighboring nodes. We also provide a multi-hop energy consumption model for AS-MAC. To validate our design and analysis, we implement the proposed scheme on the MICAz and TELOSB platforms. Experimental results show that AS-MAC considerably reduces energy consumption, packet loss and delay when compared with other energy efficient MAC protocols. For WLANs, we present a saturation throughput model for IEEE 802.11, the standard of WLAN, for a simple infrastructure scenario with hidden stations. Despite the importance of the hidden terminal problem, there have been a relatively small number of studies that consider the effect of hidden terminals on IEEE 802.11 throughput. Moreover, existing models are not accurate for scenarios with the short-term unfairness. In this dissertation, we present a new analytical saturation throughput model for IEEE 802.11 for a simple but typical infrastructure scenario with small number of hidden stations. Simulation results are used to validate the model and show that our model is extremely accurate. Lastly, we provide a saturation throughput model for IEEE 802.11 for the general infrastructure scenario with hidden stations. Simulation results show that this generalized model is reasonably accurate.

Computer Science

Evolution of Trust in Anonymous Interactions

Chivukula, Srivatsa V.

04 June 2003

For many applications, the success of multiagent systems depends on cooperation among the participating agents. Autonomous entities often face the economic and social dilemma of whether to act in trustworthy manner. Reputation mechanisms and institutional norms are currently used to make an individual agent responsible for its actions. It is challenging to achieve trust in an anonymous setting. We consider the problem of trust with respect to fairness, especially in an anonymous setting. Decision mechanisms should be built into agents to yield trustworthy behavior. We study conditions under which such cooperation can evolve. Our simulations show that small group interactions make it favorable for fairness to emerge. Techniques such as tagging can generate behavior analogous to small groups.

Computer Science