The Experts below are selected from a list of 351 Experts worldwide ranked by ideXlab platform
Alexander Otenko - One of the best experts on this subject based on the ideXlab platform.
-
implementing role based access Controls using x 509 privilege management the permis authorisation Infrastructure
2004Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the PERMIS role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. Users roles can be assigned by multiple widely distributed management authorities (called Attribute Authorities in X.509), thereby easing the burden of management. All the ACs can be stored in one or more LDAP directories, thus making them widely available. The PERMIS distribution includes a Privilege Allocator GUI tool, and a bulk loader tool, that allow administrators to construct and sign ACs and store them in an LDAP directory ready for use by the PERMIS decision engine. All access Control decisions are driven by an authorization policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity and trustworthiness. Authorization policies are written in XML according to a DTD that has been published at XML.org. A user friendly policy management tool is also being built that will allow non- technical managers to easily specify PERMIS authorisation policies. The access Control decision engine is written in Java and has both a Java API and SAML-SOAP interface, allowing it to be called either locally or remotely. The Java API is simple to use, comprising of just 3 methods and a constructor. The SAML-SOAP interface conforms to the OASIS SAMLv1.1 specification, as profiled by a Global Grid Forum draft standard, thus making PERMIS suitable as an authorisation server for Grid applications.
-
the permis x 509 role based privilege management Infrastructure
Future Generation Computer Systems, 2003Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the ECPERMIS project, which has developed a role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access Control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.
-
the permis x 509 role based privilege management Infrastructure
Future Generation Computer Systems, 2003Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the ECPERMIS project, which has developed a role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access Control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.
-
the permis x 509 role based privilege management Infrastructure
Symposium on Access Control Models and Technologies, 2002Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the output of the PERMIS project, which has developed a role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access Control decisions are driven by an authorization policy, which is itself stored in an X.509 attribute certificate, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs attribute certificates and stores them in an LDAP directory for subsequent use by the ADF.
Vahid Vahidinasab - One of the best experts on this subject based on the ideXlab platform.
-
a distributed event triggered Control strategy for dc microgrids based on publish subscribe model over industrial wireless sensor networks
IEEE Transactions on Smart Grid, 2019Co-Authors: Seyed Amir Alavi, Kamyar Mehran, Yang Hao, Ardavan Rahimian, Hamed Mirsaeedi, Vahid VahidinasabAbstract:This paper presents a complete design, analysis, and performance evaluation of a novel distributed event-triggered Control and estimation strategy for dc microgrids. The primary objective of this work is to efficiently stabilize the grid voltage, and to further balance the energy level of the energy storage systems. The locally-installed distributed Controllers are utilized to reduce the number of transmitted packets and battery usage of the installed sensors, based on a proposed event-triggered communication scheme. Also, to reduce the network traffic, an optimal observer is employed which utilizes a modified Kalman consensus filter to estimate the state of the dc microgrid via the distributed sensors. Furthermore, in order to effectively provide an intelligent data exchange mechanism for the proposed event-triggered Controller, the publish-subscribe communication model is employed to setup a distributed Control Infrastructure in industrial wireless sensor networks. The performance of the proposed Control and estimation strategy is validated via the simulations of a dc microgrid composed of renewable energy sources. The results confirm the appropriateness of the implemented strategy for the optimal utilization of the advanced industrial network architectures in the smart grids.
-
a distributed event triggered Control strategy for dc microgrids based on publish subscribe model over industrial wireless sensor networks
arXiv: Signal Processing, 2019Co-Authors: Seyed Amir Alavi, Kamyar Mehran, Yang Hao, Ardavan Rahimian, Hamed Mirsaeedi, Vahid VahidinasabAbstract:This paper presents a complete design, analysis, and performance evaluation of a novel distributed event-triggered Control and estimation strategy for DC microgrids. The primary objective of this work is to efficiently stabilize the grid voltage, and to further balance the energy level of the energy storage (ES) systems. The locally-installed distributed Controllers are utilised to reduce the number of transmitted packets and battery usage of the installed sensors, based on a proposed event-triggered communication scheme. Also, to reduce the network traffic, an optimal observer is employed which utilizes a modified Kalman consensus filter (KCF) to estimate the state of the DC microgrid via the distributed sensors. Furthermore, in order to effectively provide an intelligent data exchange mechanism for the proposed event-triggered Controller, the publish-subscribe communication model is employed to setup a distributed Control Infrastructure in industrial wireless sensor networks (WSNs). The performance of the proposed Control and estimation strategy is validated via the simulations of a DC microgrid composed of renewable energy sources (RESs). The results confirm the appropriateness of the implemented strategy for the optimal utilization of the advanced industrial network architectures in the smart grids.
David W Chadwick - One of the best experts on this subject based on the ideXlab platform.
-
implementing role based access Controls using x 509 privilege management the permis authorisation Infrastructure
2004Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the PERMIS role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. Users roles can be assigned by multiple widely distributed management authorities (called Attribute Authorities in X.509), thereby easing the burden of management. All the ACs can be stored in one or more LDAP directories, thus making them widely available. The PERMIS distribution includes a Privilege Allocator GUI tool, and a bulk loader tool, that allow administrators to construct and sign ACs and store them in an LDAP directory ready for use by the PERMIS decision engine. All access Control decisions are driven by an authorization policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity and trustworthiness. Authorization policies are written in XML according to a DTD that has been published at XML.org. A user friendly policy management tool is also being built that will allow non- technical managers to easily specify PERMIS authorisation policies. The access Control decision engine is written in Java and has both a Java API and SAML-SOAP interface, allowing it to be called either locally or remotely. The Java API is simple to use, comprising of just 3 methods and a constructor. The SAML-SOAP interface conforms to the OASIS SAMLv1.1 specification, as profiled by a Global Grid Forum draft standard, thus making PERMIS suitable as an authorisation server for Grid applications.
-
the permis x 509 role based privilege management Infrastructure
Future Generation Computer Systems, 2003Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the ECPERMIS project, which has developed a role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access Control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.
-
the permis x 509 role based privilege management Infrastructure
Future Generation Computer Systems, 2003Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the ECPERMIS project, which has developed a role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access Control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.
-
the permis x 509 role based privilege management Infrastructure
Symposium on Access Control Models and Technologies, 2002Co-Authors: David W Chadwick, Alexander OtenkoAbstract:This paper describes the output of the PERMIS project, which has developed a role based access Control Infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access Control decisions are driven by an authorization policy, which is itself stored in an X.509 attribute certificate, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs attribute certificates and stores them in an LDAP directory for subsequent use by the ADF.
Seyed Amir Alavi - One of the best experts on this subject based on the ideXlab platform.
-
a distributed event triggered Control strategy for dc microgrids based on publish subscribe model over industrial wireless sensor networks
IEEE Transactions on Smart Grid, 2019Co-Authors: Seyed Amir Alavi, Kamyar Mehran, Yang Hao, Ardavan Rahimian, Hamed Mirsaeedi, Vahid VahidinasabAbstract:This paper presents a complete design, analysis, and performance evaluation of a novel distributed event-triggered Control and estimation strategy for dc microgrids. The primary objective of this work is to efficiently stabilize the grid voltage, and to further balance the energy level of the energy storage systems. The locally-installed distributed Controllers are utilized to reduce the number of transmitted packets and battery usage of the installed sensors, based on a proposed event-triggered communication scheme. Also, to reduce the network traffic, an optimal observer is employed which utilizes a modified Kalman consensus filter to estimate the state of the dc microgrid via the distributed sensors. Furthermore, in order to effectively provide an intelligent data exchange mechanism for the proposed event-triggered Controller, the publish-subscribe communication model is employed to setup a distributed Control Infrastructure in industrial wireless sensor networks. The performance of the proposed Control and estimation strategy is validated via the simulations of a dc microgrid composed of renewable energy sources. The results confirm the appropriateness of the implemented strategy for the optimal utilization of the advanced industrial network architectures in the smart grids.
-
a distributed event triggered Control strategy for dc microgrids based on publish subscribe model over industrial wireless sensor networks
arXiv: Signal Processing, 2019Co-Authors: Seyed Amir Alavi, Kamyar Mehran, Yang Hao, Ardavan Rahimian, Hamed Mirsaeedi, Vahid VahidinasabAbstract:This paper presents a complete design, analysis, and performance evaluation of a novel distributed event-triggered Control and estimation strategy for DC microgrids. The primary objective of this work is to efficiently stabilize the grid voltage, and to further balance the energy level of the energy storage (ES) systems. The locally-installed distributed Controllers are utilised to reduce the number of transmitted packets and battery usage of the installed sensors, based on a proposed event-triggered communication scheme. Also, to reduce the network traffic, an optimal observer is employed which utilizes a modified Kalman consensus filter (KCF) to estimate the state of the DC microgrid via the distributed sensors. Furthermore, in order to effectively provide an intelligent data exchange mechanism for the proposed event-triggered Controller, the publish-subscribe communication model is employed to setup a distributed Control Infrastructure in industrial wireless sensor networks (WSNs). The performance of the proposed Control and estimation strategy is validated via the simulations of a DC microgrid composed of renewable energy sources (RESs). The results confirm the appropriateness of the implemented strategy for the optimal utilization of the advanced industrial network architectures in the smart grids.
Yuri Demchenko - One of the best experts on this subject based on the ideXlab platform.
-
defining intercloud federation framework for multi provider cloud services integration
International Conference on Cloud Computing, 2013Co-Authors: Marc X Makkes, Canh Ngo, Yuri Demchenko, Rudolf Strijkers, R J Meijer, C T A M De LaatAbstract:This paper presents the on-going research to define the Intercloud Federation Framework (ICFF) which is a part of the general Intercloud Architecture Framework (ICAF) proposed by the authors. ICFF attempts to address the interoperability and integration issues in provisioning on-demand multi-provider multi-domain heterogeneous cloud Infrastructure services. The paper describe the major Intercloud federation scenarios that in general involves two type of federations: customer-side federation that includes federation between cloud based services and customer campus or enterprise Infrastructure; and providerside federation that is created by a group of cloud providers to outsource or broker their resources when provisioning services to customers. The proposed ICFF uses cloud resources brokering model as the main operational model in typically non-coordinated Intercloud and multi-cloud environment. The paper analyses federated identity management scenarios and related design patterns that actually creates a basis for operating federations and providing consistent federated access Control Infrastructure. The paper also refers to successful virtual organisation experience in Grids and attempts to re-use it in ICFF. The presented work attempts to provide an architectural model for developing Intercloud middle-ware and in the way will facilitate cloud interoperability and integration.
-
policy and context management in dynamically provisioned access Control service for virtualized cloud Infrastructures
Availability Reliability and Security, 2012Co-Authors: Canh Ngo, Yuri Demchenko, Peter Membrey, Cees De LaatAbstract:Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as Infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized Infrastructures. This paper proposes an on-demand provisioned access Control Infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic Access Control Infrastructure as the part of a complex Infrastructure services provisioning system.
-
security framework for virtualised Infrastructure services provisioned on demand
IEEE International Conference on Cloud Computing Technology and Science, 2011Co-Authors: Canh Ngo, Yuri Demchenko, Peter Membrey, Cees De LaatAbstract:Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning computation, storage and network resources which are generally referred to as Infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between single provider and single customer with simple security and trust model. New architectural models should allow multi-provider heterogeneous services environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches to create consistent security services in virtualised multi-provider Cloud environment and incorporate complex access Control and trust relations among Cloud actors. The paper analyzes basis use cases in Cloud services provisioning and defines a security Infrastructure reference model which is used to define other security Infrastructure aspects such as dynamic trust management, distributed access Control, policy and security context management. It also provides information about ongoing implementation of the proposed Dynamic Access Control Infrastructure based on Enterprise Service Bus as a part of complex Infrastructure services provisioning system.
-
Security Infrastructure for on-demand provisioned cloud Infrastructure services
Proceedings - 2011 3rd IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2011, 2011Co-Authors: Yuri Demchenko, Chun Ming Rong, Canh Ngo, Tomasz Wiktor Wlodarczyk, Cees De Laat, Wolfgang ZieglerAbstract:Providing consistent security services in on-demand provisioned Cloud Infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud security Infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security Infrastructure for secure Cloud IaaS operation, (2) provisioning dynamic security services, including creation and management of the dynamic security associations, as a part of the provisioned composite services or virtual Infrastructures. The first task is a traditional task in security engineering, while dynamic provisioning of managed security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required security mechanisms for secure data management in dynamically provisioned Cloud Infrastructures. The paper refers to the architectural framework for on-demand Infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access Control Infrastructure (DACI). The paper proposes the security mechanisms that are required for consistent DACI operation, in particular security tokens used for access Control, policy enforcement and authorisation session context exchange between provisioned Infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and security context between provisioned services and virtualised platform.
-
Access Control Infrastructure for on-demand provisioned virtualised Infrastructure services
2011 International Conference on Collaboration Technologies and Systems (CTS), 2011Co-Authors: Yuri Demchenko, Canh Ngo, Cees De LaatAbstract:Cloud technologies are emerging as a new way of provisioning virtualised computing and Infrastructure services on-demand for collaborative projects and groups. Security in provisioning virtual Infrastructure services should address two general aspects: supporting secure operation of the provisioning Infrastructure, and provisioning a dynamic access Control Infrastructure as part of the provisioned on-demand virtual Infrastructure. The paper refers to the architectural framework for on-demand Infrastructure services provisioning and defines the general security requirements to the security Infrastructure. Dynamically provisioned access Control Infrastructure (DACI) reveals a wide spectrum of problems related to the distributed access Control, policy and related security context management. Consistent security services design, deployment and operation require continuous security context management during the whole security services lifecycle, which is aligned to the main provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for provisioning dynamically configured access Control services. The paper discusses security mechanisms that are required for consistent DACI operation, in particular use of authorisation tokens for access Control and authorisation session context exchange between Infrastructure services and providers. The proposed security Infrastructure implementation is based on the GAAA-Toolkit that provides rich security session context management functionality with authorisation tickets and tokens. The defined Common Security Services Interface (CSSI) allows uniform call to security services both in the provisioning and virtual Infrastructures.
