The Experts below are selected from a list of 249 Experts worldwide ranked by ideXlab platform
Lanfranco Lopriore - One of the best experts on this subject based on the ideXlab platform.
-
Protected pointers to specify Access Privileges in distributed systems
Journal of Parallel and Distributed Computing, 2019Co-Authors: Lanfranco Lopriore, Antonella SantoneAbstract:Abstract With reference to a distributed environment consisting of nodes connected in an arbitrary network topology, we propose the organization of a protection system in which a set of subjects, e.g. processes, generates Access attempts to memory segments. One or more primary passwords are associated with each node. An Access to a given segment can be successfully accomplished only if the subject attempting the Access holds an Access Privilege, certified by possession of a valid protected pointer (p-pointer) referencing that segment. Each p-pointer includes a local password; the p-pointer is valid if the local password descends from a primary password by application of a universally known, parametric one-way generation function. A set of protection primitives makes it possible to manage the primary passwords, to reduce p-pointers to include less Access rights, to allocate new segments, to delete existing segments, to read the segment contents and to overwrite these contents. The resulting protection environment is evaluated from a number of viewpoints, which include p-pointer forging and revocation, the network traffic generated by the execution of the protection primitives, the memory requirements for p-pointer storage, security, and the relation of our work to previous work. An indication of the flexibility of the p-pointer concept is given by applying p-pointers to the solution of a variety of protection problems.
-
Password systems
Computers & Electrical Engineering, 2015Co-Authors: Gianluca Dini, Lanfranco LoprioreAbstract:Display Omitted A significant protection problem is to specify the Access Privileges held by each active subject on the protected objects.We associate a password system with each object, featuring a password for each Access Privilege.Access Privileges are partitioned into Privilege levels, for distribution and revocation.Password systems are implemented as hierarchical bidimensional one-way chains. Critical infrastructures require protection systems that are both flexible and efficient. Flexibility is essential to capture the multi-organizational and state-based nature of these systems, efficiency is necessary to cope with limitations of hardware resources. To meet these requirements, we consider a classical protection environment featuring subjects that attempt to Access the protected objects. We approach the problem of specifying the Access Privileges held by each subject. Our protection model associates a password system with each object; the password system features a password for each Access Privilege defined for this object. A subject can Access the object if it holds a key matching one of the passwords in the password system, and the Access Privilege corresponding to this password permits to accomplish the Access. Password systems are implemented as hierarchical bidimensional one-way chains. Trade-offs are possible between the memory requirements for storage of a password system and the processing time necessary to validate a key.
-
Encrypted Pointers in Protection System Design
The Computer Journal, 2011Co-Authors: Lanfranco LoprioreAbstract:A salient aspect of protection system design is the set of the mechanisms for the representation, distribution, verification and revocation of Access Privileges. With reference to a segmented virtual memory space, we present an approach that is based on the use of symmetric-key cryptography to represent segment pointers, including Access right specifications. Our design effort has been guided by three main objectives: (i) to maintain the simplicity of Access Privilege representation that characterizes classical capability and password-capability systems; (ii) to keep the memory requirements low even in the case of complex Access Privileges expressed in terms of several Access rights; and (iii) to allow an easy implementation of effective techniques for Access Privilege review and revocation.
-
Key-Lock Mechanisms for Object Protection in Single-Address-Space Systems
Journal of Computers, 2009Co-Authors: Lanfranco LoprioreAbstract:This paper focuses on memory addressing environments that support the notion of a single address space. We consider the problem of hampering Access attempts to the private objects of a given thread, when these attempts are generated by unauthorized threads of different processes. We introduce two different forms of Access Privilege representation - handles and gates - which are designed to coexist within the boundaries of the same protection system. The handle concept is a generalization of the classical protected pointer concept. A handle associates several keys (passwords) with an object name. Each key grants a specific Access right to the named object. A gate is a compact representation of Access Privileges, which uses a single bit to encode an Access right. Handles are protected from forgery by key sparseness. They can be freely mixed in memory with ordinary data. On the other hand, gates are sensitive data that must be kept segregated in private memory regions of the protection system. The dualism of handles and gates makes it possible to take advantage of the simplicity of Access right distribution and object sharing between threads, which is characteristic of key-based protection systems, and to avoid the negative impact on overall system performance, which results from the large key size and the high costs of lengthy processing that are connected with key validation.
-
Access Privilege management in protection systems
Information and Software Technology, 2002Co-Authors: Lanfranco LoprioreAbstract:Abstract We consider the problem of managing Access Privileges on protected objects. We associate one or more locks with each object, one lock for each Access right defined by the object type. Possession of an Access right on a given object is certified by possession of a key for this object, if this key matches one of the object locks. We introduce a number of variants to this basic key–lock technique. Polymorphic Access rights make it possible to decrease the number of keys required to certify possession of complex Access Privileges that are defined in terms of several Access rights. Multiple locks on the same Access right allow us to exercise forms of selective revocation of Access Privileges. A lock conversion function can be used to reduce the number of locks associated with any given object to a single lock. The extent of the results obtained is evaluated in relation to alternative methodologies for Access Privilege management.
Sheng Zhong - One of the best experts on this subject based on the ideXlab platform.
-
Emergency Access for online personally controlled health records system.
Informatics for health & social care, 2012Co-Authors: Yuan Zhang, Sunethra Dhileepan, Matthew Schmidt, Sheng ZhongAbstract:A personally controlled health records (PCHR) system allows a patient user to share his/her health records with trusted physicians by manually granting them the Access Privilege to his/her online records. However, it presents the problem of emergency Access in situations where the user is physically unable to grant the Access and the Access is required by an Emergency Room (ER) physician who does not have the Privilege at that moment. To deal with such a problem, we introduce an online polling system to provide the emergency Access control to PCHR systems. For each emergency Access request, the Access Privilege is controlled according to the combined opinions of the patient's preset emergency contacts and other online registered physicians. Because our system is based on the demographic number of the physician community nationwide, it provides a stable emergency Access control at all times.
-
Emergency Access Authorization for Personally Controlled Online Health Care Data
Journal of medical systems, 2010Co-Authors: Tingting Chen, Sheng ZhongAbstract:Personally controlled health records (PCHR) systems have emerged to allow patients to control their own medical data. In a PCHR system, all the Access Privileges to a patient's data are granted by the patient. However, in many emergency cases, it is impossible for the patient to participate in Access authorization on site when immediate medical treatment is needed. To solve the emergency Access authorization problem in the absence of patients, we consider two cases: a) the requester is already in the PCHR system but has not obtained the Access Privilege of the patient's health records, and b) the requester does not even have an account in the PCHR system to submit its request. For each of the two cases, we present a method for emergency Access authorization, utilizing the weighted voting and source authentication cryptographic techniques. Our methods provide an effective, secure and private solution for emergency Access authorization, that makes the existing PCHR system frameworks more practical and thus improves the patients' experiences of health care when using PCHR systems. We have implemented a prototype system as a proof of concept.
Wei Yuan - One of the best experts on this subject based on the ideXlab platform.
-
Comments on “Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption”
IEEE Transactions on Information Forensics and Security, 2016Co-Authors: Rui Zhang, Wei YuanAbstract:Most of the known attribute-based encryption (ABE) schemes focused on the data contents privacy and the Access control, but less attention was paid to the Privilege control and the identity privacy problem. Recently in IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (TIFS) (DOI:10.1109/TIFS.2014.2368352), Jung et al. proposed an anonymous attribute-based encryption scheme for Access Privilege and anonymity, which exhibited a lot of interesting ideas and gave the proof in the standard model. However, after carefully revisiting the scheme, we found that any valid user can compute the system-wide master key and their proof has some mistakes, hence, it fails to meet their security definitions.
-
Coexistence of IEEE 802.11b/g WLANs and IEEE 802.15.4 WSNs: Modeling and Protocol Enhancements
2011Co-Authors: Wei YuanAbstract:As an emerging short-range wireless technology, IEEE 802.15.4/ZigBee Wireless Sensor Networks (WSNs) are increasingly used in the fields of home control, industrial control, consumer electronics, energy management, building automation, telecom services, personal healthcare, etc. IEEE 802.15.4/Zig-Bee WSNs share the same 2.4 GHz license-free Industrial, Scientific, and Medical (ISM) band with many other wireless systems such as IEEE 802.11b/g WLANs, Bluetooth, cordless phones, etc. Due to the low power, IEEE 802.15.4/ZigBee WSNs are potentially more vulnerable to interference by those systems. Among those systems, IEEE 802.11b/g WLANs are probably the most widely deployed ones. Because of their complementary applications, IEEE 802.15.4WSNs and IEEE 802.11b/gWLANs are often colocated, which causes the coexistence issue between them. In this thesis, we focus on the coexistence between IEEE 802.15.4/ZigBee WSNs and IEEE 802.11b/g WLANs. The targets of this thesis work are to achieve a clear understanding on the coexistence issue between IEEE 802.15.4/ZigBee WSNs and IEEE 802.11b/g WLANs, and then to propose cost-effective methods to enhance the coexistence capability of IEEE 802.15.4/ZigBee WSNs. Although many studies on the coexistence issue between IEEE 802.15.4/Zig-Bee WSNs and IEEE 802.11b/g WLANs have been done, the conclusions they drew are incomplete and/or conflicting, and therefore confusing. To get a clear understanding about the coexistence issue between them, an extensive study is needed. First, we propose a coexistence model of IEEE 802.15.4 nodes and IEEE 802.11b/g nodes. The model is based on two aspects, i.e., power and the timing. Due to the significant difference in transmit powers of IEEE 802.15.4 and IEEE 802.11b/g, the sensing ranges of them are quite asymmetric. As a result, three distinct coexistence regions can be identified. In each of these coexistence regions, IEEE 802.11 nodes and IEEE 802.15.4 nodes exhibit different interactive behavior and hence different coexistence performances, which may not be the same as we expected. For example, instinctively, we may feel that the closer an IEEE 802.15.4 node gets to an IEEE 802.11b/g interferer, the worse performance the IEEE 802.15.4 node would have. Our coexistence model, however, reveals that this perception is not true. In fact, as the IEEE 802.15.4 node and the IEEE 802.11b/g interferer get so close that they are in the coexistence region R1, where they can sense each other, the coexistence performance of the IEEE 802.15.4 node is not necessarily the worst. Instead, in the coexistence region R2, where the IEEE 802.11b/g interferer cannot sense the IEEE 802.15.4 and therefore does not respect the IEEE 802.15.4 transmission, the coexistence performance of the IEEE 802.15.4 node could get even worse than in R1. Clearly, the three coexistence regions and the different interactive behavior between IEEE 802.15.4 WSNs and IEEE 802.11b/g WLANs in each region explain the incomplete/conflicting conclusions drawn by many previous studies from their incomplete analysis and/or observations. Next, by taking into account some important implementation factors, we improved the coexistence model and studied the coexistence performance of IEEE 802.15.4 WSNs under IEEE 802.11b/g interference in a real-life environment. We revealed that some implementation factors such as IEEE 802.15.4 Rx-to-Tx turnaround time and Clear Channel Assessment (CCA) partial detection effect can have significant impact on IEEE 802.15.4 WSNs coexistence performance in reality, e.g., a long IEEE 802.15.4 Rx-to-Tx turnaround time can impair the CCA performance and therefore the IEEE 802.15.4 WSNs coexistence performance. The enhanced model can precisely explain and predict the IEEE 802.15.4WSNs coexistence performance. Furthermore, under the guidance of the model, the IEEE 802.15.4 WSNs coexistence performance were extensively investigated in all of the three coexistence regions in different scenarios by analysis, simulation and experiments. The simulation and experimental results agree with our analysis. Based on the clear understanding achieved from the work above, we then explore the solutions to help IEEE 802.15.4 WSNs deal with interference. Basically, there are two categories for the ways of dealing with interference: interference control/mitigation and interference avoidance. We address solutions in each of these two categories, respectively. We first propose an interference mitigation approach, which enables an IEEE 802.15.4 WSN to mitigate heavy interference by adaptively adjusting CCA thresholds of its nodes in a distributed manner. As the heavy interference appears, the CCA thresholds are increased in order to reduce the inhibition loss, whereas the CCA threshold gets decreased so as to avoid having a permanent channel Access Privilege over peers as the interference disappears. Compared to the centralized interference management approaches, e.g., the frequency agility approach specified in the ZigBee specification, which inappropriately assumes a reliable two-way communication between nodes even in the presence of heavy interference, our adaptive CCA approach is simpler but more robust, more responsive, and easier to be implemented at a lower cost. The simulation results validate that the adaptive CCA approach may significantly improve IEEE 802.15.4 WSNs performance in the presence of heavy interference. Then, we consider an interference avoidance solution. ZigBee specification proposes a feature called frequency agility, which refers to the ability of ZigBee networks to change the operational channel in the presence of interference. However, for a large-scale ZigBee network, changing the whole network operational channel to an idle one, may be neither appropriate if there is only local interference nor possible if there is no single idle channel available globally. Therefore, we propose a distributed adaptive interference-avoidance multi-channel protocol, which enables a conventional single-channel largescale ZigBee network to distributively, adaptively and partially change the operational channel in the presence of local interference. As a result, the Zig-Bee network performance under interference can be effectively and efficiently improved. The main contributions of this thesis are a coexistence model of IEEE 802.15.4/ZigBee WSNs and IEEE 802.11b/g WLANs, and two solutions to the coexistence issue between them. The model not only explains the interesting interactive coexistence behavior of the two systems, but provides many insights on the coexistence issue. Under the guidance of those insights, two solutions are proposed. The solutions can enhance the coexistence capability of IEEE 802.15.4/ZigBee WSNs and therefore their coexistence performance in the presence of interference, which includes but not limited to IEEE 802.11b/g interference.
Meng Wan - One of the best experts on this subject based on the ideXlab platform.
-
rebuttal to comments on control cloud data Access Privilege and anonymity with fully anonymous attribute based encryption
IEEE Transactions on Information Forensics and Security, 2016Co-Authors: Taeho Jung, Zhiguo Wan, Meng WanAbstract:Ma et al. recently submitted a comment correspondence which points out a flaw in our paper (a sequel of our earlier paper published in the Proceedings of IEEE INFOCOM ). The flaw led to the leakage of the system-wide master key; therefore, we improved our own scheme by addressing it.
-
control cloud data Access Privilege and anonymity with fully anonymous attribute based encryption
IEEE Transactions on Information Forensics and Security, 2015Co-Authors: Taeho Jung, Zhiguo Wan, Meng WanAbstract:Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the Access control, while less attention is paid to the Privilege control and the identity privacy. In this paper, we present a semianonymous Privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing Access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file Access control to the Privilege control, by which Privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F , which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.
Ling Liu - One of the best experts on this subject based on the ideXlab platform.
-
Privacy-Preserving Publishing of Multilevel Utility-Controlled Graph Datasets
ACM Transactions on Internet Technology, 2018Co-Authors: Balaji Palanisamy, Ling Liu, Yang Zhou, Qingyang WangAbstract:Conventional private data publication schemes are targeted at publication of sensitive datasets either after the k-anonymization process or through differential privacy constraints. Typically these schemes are designed with the objective of retaining as much utility as possible for the aggregate queries while ensuring the privacy of the individual records. Such an approach, though suitable for publishing aggregate information as public datasets, is inapplicable when users have different levels of Access to the same data. We argue that existing schemes either result in increased disclosure of private information or lead to reduced utility when some users have more Access Privileges than the others. In this article, we present an anonymization framework for publishing large datasets with the goals of providing different levels of utility to the users based on their Access Privilege levels. We design and implement our proposed multilevel utility-controlled anonymization schemes in the context of large association graphs considering three levels of user utility, namely, (1) users having Access to only the graph structure, (2) users having Access to the graph structure and aggregate query results, and (3) users having Access to the graph structure, aggregate query results, and individual associations. Our experiments on real large association graphs show that the proposed techniques are effective and scalable and yield the required level of privacy and utility for each user privacy and Access Privilege level.
-
CLOUD - Privacy-Preserving Data Publishing in the Cloud: A Multi-level Utility Controlled Approach
2015 IEEE 8th International Conference on Cloud Computing, 2015Co-Authors: Balaji Palanisamy, Ling LiuAbstract:Conventional private data publication schemes are targeted at publication of sensitive datasets with the objective of retaining as much utility as possible for statistical (aggregate) queries while ensuring the privacy of individuals' information. However, such an approach to data publishing is no longer applicable in shared multi-tenant cloud scenarios where users often have different levels of Access to the same data. In this paper, we present a privacy-preserving data publishing framework for publishing large datasets with the goals of providing different levels of utility to the users based on their Access Privileges. We design and implement our proposed multi-level utility-controlled data anonymization schemes in the context of large association graphs considering three levels of user utility namely: (i) users having Access to only the graph structure (ii) users having Access to graph structure and aggregate query results and (iii) users having Access to graph structure, aggregate query results as well as individual associations. Our experiments on real large association graphs show that the proposed techniques are effective, scalable and yield the required level of privacy and utility for user-specific utility and Access Privilege levels.
