Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant b...Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant benefits to spectral utilization and system capacity. The interference management and access control for open and closed femtocells in two-tier HetNets were focused. The contributions consist of two parts. Firstly, in order to reduce the uplink interference caused by MUEs (macrocell user equipments) at closed femtocells, an incentive mechanism to implement interference mitigation was proposed. It encourages femtoeells that work with closed-subscriber-group (CSG) to allow the interfering MUEs access in but only via uplink, which can reduce the interference significantly and also benefit the marco-tier. The interference issue was then studied in open-subscriber-group (OSG) femtocells from the perspective of handover and mobility prediction. Inbound handover provides an alternative solution for open femtocells when interference turns up, while this accompanies with PCI (physical cell identity) confusion during inbound handover. To reduce the PCI confusion, a dynamic PCI allocation scheme was proposed, by which the high handin femtocells have the dedicated PCI while the others share the reuse PCIs. A Markov chain based mobility prediction algorithm was designed to decide whether the femtoeell status is with high handover requests. Numerical analysis reveals that the UL interference is managed well for the CSG femtocell and the PCI confusion issue is mitigated greatly in OSG femtocell compared to the conventional approaches.展开更多
The trustworthiness analysis and evaluation are the bases of the trust chain transfer. In this paper the formal method of trustworthiness analysis of a system based on the noninterfer- ence (NI) theory of the inform...The trustworthiness analysis and evaluation are the bases of the trust chain transfer. In this paper the formal method of trustworthiness analysis of a system based on the noninterfer- ence (NI) theory of the information flow is studied. Firstly, existing methods cannot analyze the impact of the system states on the trustworthiness of software during the process of trust chain trans- fer. To solve this problem, the impact of the system state on trust- worthiness of software is investigated, the run-time mutual interfer- ence behavior of software entitles is described and an interference model of the access control automaton of a system is established. Secondly, based on the intransitive noninterference (INI) theory, a formal analytic method of trustworthiness for trust chain transfer is proposed, providing a theoretical basis for the analysis of dynamic trustworthiness of software during the trust chain transfer process. Thirdly, a prototype system with dynamic trustworthiness on a plat- form with dual core architecture is constructed and a verification algorithm of the system trustworthiness is provided. Finally, the monitor hypothesis is extended to the dynamic monitor hypothe- sis, a theorem of static judgment rule of system trustworthiness is provided, which is useful to prove dynamic trustworthiness of a system at the beginning of system construction. Compared with previous work in this field, this research proposes not only a formal analytic method for the determination of system trustworthiness, but also a modeling method and an analysis algorithm that are feasible for practical implementation.展开更多
A novel distributed cognitive radio multichannel medium access protocol without common control channel was proposed.The protocol divided a transmission interval into two parts for exchanging control information and da...A novel distributed cognitive radio multichannel medium access protocol without common control channel was proposed.The protocol divided a transmission interval into two parts for exchanging control information and data,respectively.In addition to evaluating system saturation throughput of the proposed protocol,a three-dimensional multi channel Markov chain model to describe the sate of the cognitive users (CUs) in dynamic spectrum access was presented.The proposed analysis was applied to the packet transmission schemes employed by the basic,RTS/CTS access mechanism adopted in the normal IEEE 802.11.Analyzing the advantage of the two methods,a hybrid access mechanism was proposed to improve the system throughput.The simulation results show that the experiment results are close to the value computed by the model (less than 5%),and the proposed protocol significantly improves the performance of the system throughput by borrowing the licensed spectrum.By analyzing the dependence of throughput on system parameters,hybrid mechanism dynamically selecting access mechanism can maintain high throughput.展开更多
Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient...Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.展开更多
A novel multicast communication model using a RingNet hierarchy is proposed. The RingNet hierarchy consists of 4 tiers: border router tier, access gateway tier, access proxy tier and mobile host tier. Within the hiera...A novel multicast communication model using a RingNet hierarchy is proposed. The RingNet hierarchy consists of 4 tiers: border router tier, access gateway tier, access proxy tier and mobile host tier. Within the hierarchy, the upper 2 tiers are dynamically organized into logical rings with network entities. A novel hierarchical secure access control scheme on key management is proposed based on the RingNet model. Network entities within the multicast hierarchy belong to different privileged local groups. Network entities of the higher-privileged local groups have the right to derive the keys held by network entities of the lower-privileged local groups, and the reverse operation is not allowed. With the key management approach, any insertion and changing of local group key will not affect other local groups. The analytical result shows that the scheme has higher security than Lin’s.展开更多
Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although...Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.展开更多
Many energy efficiency asynchronous duty-cycle MAC(media access control) protocols have been proposed in recent years.However,in these protocols,wireless sensor nodes almost choose their wakeup time randomly during th...Many energy efficiency asynchronous duty-cycle MAC(media access control) protocols have been proposed in recent years.However,in these protocols,wireless sensor nodes almost choose their wakeup time randomly during the operational cycle,which results in the packet delivery latency increased significantly on the multiple hops path.To reduce the packet delivery latency on multi-hop path and energy waste of the sender's idle listening,a new low latency routing-enhanced asynchronous duty-cycle MAC protocol was presented,called REA-MAC.In REA-MAC,each sensor node decided when it waked up to send the beacon based on cross-layer routing information.Furthermore,the sender adaptively waked up based on the relationship between the transmission request time and the wakeup time of its next hop node.The simulation results show that REA-MAC reduces delivery latency by 60% compared to RI-MAC and reduces 8.77% power consumption on average.Under heavy traffic,REA-MAC's throughput is 1.48 times of RI-MAC's.展开更多
The IEEE 802.11e standard is proposed to provide QoS support in WLAN by providing prioritized differentiation of traffic. Since all the stations in the same priority access category (AC) have the same set of parameter...The IEEE 802.11e standard is proposed to provide QoS support in WLAN by providing prioritized differentiation of traffic. Since all the stations in the same priority access category (AC) have the same set of parameters, when the number of stations increases, the probability of different stations in the same AC choosing the same values will increase, which will result in collisions. Random adaptive MAC (medium access control) parameters scheme (RAMPS) is proposed, which uses random adaptive MAC differentiation parameters instead of the static ones used in the 802.11e standard. The performance of RAMPS is compared with that of enhanced distributed coordination access (EDCA) using NS2. The results show that RAMPS can reduce collision rate of the AC and improve the throughput by using adaptive random contention window size and inter-frame spacing values. RAMPS ensures that at any given time, several flows of the same priority have different MAC parameter values. By using the random offset for the inter-frame spacing value and the backoff time, RAMPS can provide intra-AC differentiation. The simulation results show that RAMPS outperforms EDCA in terms of both throughput and end-to-end delay irrespective of the traffic load.展开更多
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金Project(2012AA01A301-01)supported by the National High-Tech Research and Development Plan of ChinaProjects(61301148,61272061)supported by the National Natural Science Foundation of China+3 种基金Projects(20120161120019,2013016111002)supported by the Research Fund for the Doctoral Program of Higher Education of ChinaProjects(14JJ7023,10JJ5069)supported by the Natural Science Foundation of Hunan Province,ChinaProject(ISN12-05)supported by State Key Laboratory of Integrated Services Networks Open Foundation,ChinaProject(531107040276)supported by the Fundamental Research Funds for the Central Universities,China
文摘Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant benefits to spectral utilization and system capacity. The interference management and access control for open and closed femtocells in two-tier HetNets were focused. The contributions consist of two parts. Firstly, in order to reduce the uplink interference caused by MUEs (macrocell user equipments) at closed femtocells, an incentive mechanism to implement interference mitigation was proposed. It encourages femtoeells that work with closed-subscriber-group (CSG) to allow the interfering MUEs access in but only via uplink, which can reduce the interference significantly and also benefit the marco-tier. The interference issue was then studied in open-subscriber-group (OSG) femtocells from the perspective of handover and mobility prediction. Inbound handover provides an alternative solution for open femtocells when interference turns up, while this accompanies with PCI (physical cell identity) confusion during inbound handover. To reduce the PCI confusion, a dynamic PCI allocation scheme was proposed, by which the high handin femtocells have the dedicated PCI while the others share the reuse PCIs. A Markov chain based mobility prediction algorithm was designed to decide whether the femtoeell status is with high handover requests. Numerical analysis reveals that the UL interference is managed well for the CSG femtocell and the PCI confusion issue is mitigated greatly in OSG femtocell compared to the conventional approaches.
基金supported by the Natural Science Foundation of Jiangsu Province(BK2012237)
文摘The trustworthiness analysis and evaluation are the bases of the trust chain transfer. In this paper the formal method of trustworthiness analysis of a system based on the noninterfer- ence (NI) theory of the information flow is studied. Firstly, existing methods cannot analyze the impact of the system states on the trustworthiness of software during the process of trust chain trans- fer. To solve this problem, the impact of the system state on trust- worthiness of software is investigated, the run-time mutual interfer- ence behavior of software entitles is described and an interference model of the access control automaton of a system is established. Secondly, based on the intransitive noninterference (INI) theory, a formal analytic method of trustworthiness for trust chain transfer is proposed, providing a theoretical basis for the analysis of dynamic trustworthiness of software during the trust chain transfer process. Thirdly, a prototype system with dynamic trustworthiness on a plat- form with dual core architecture is constructed and a verification algorithm of the system trustworthiness is provided. Finally, the monitor hypothesis is extended to the dynamic monitor hypothe- sis, a theorem of static judgment rule of system trustworthiness is provided, which is useful to prove dynamic trustworthiness of a system at the beginning of system construction. Compared with previous work in this field, this research proposes not only a formal analytic method for the determination of system trustworthiness, but also a modeling method and an analysis algorithm that are feasible for practical implementation.
基金Project(61071104) supported by the National Natural Science Foundation of China
文摘A novel distributed cognitive radio multichannel medium access protocol without common control channel was proposed.The protocol divided a transmission interval into two parts for exchanging control information and data,respectively.In addition to evaluating system saturation throughput of the proposed protocol,a three-dimensional multi channel Markov chain model to describe the sate of the cognitive users (CUs) in dynamic spectrum access was presented.The proposed analysis was applied to the packet transmission schemes employed by the basic,RTS/CTS access mechanism adopted in the normal IEEE 802.11.Analyzing the advantage of the two methods,a hybrid access mechanism was proposed to improve the system throughput.The simulation results show that the experiment results are close to the value computed by the model (less than 5%),and the proposed protocol significantly improves the performance of the system throughput by borrowing the licensed spectrum.By analyzing the dependence of throughput on system parameters,hybrid mechanism dynamically selecting access mechanism can maintain high throughput.
文摘Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.
文摘A novel multicast communication model using a RingNet hierarchy is proposed. The RingNet hierarchy consists of 4 tiers: border router tier, access gateway tier, access proxy tier and mobile host tier. Within the hierarchy, the upper 2 tiers are dynamically organized into logical rings with network entities. A novel hierarchical secure access control scheme on key management is proposed based on the RingNet model. Network entities within the multicast hierarchy belong to different privileged local groups. Network entities of the higher-privileged local groups have the right to derive the keys held by network entities of the lower-privileged local groups, and the reverse operation is not allowed. With the key management approach, any insertion and changing of local group key will not affect other local groups. The analytical result shows that the scheme has higher security than Lin’s.
基金the National Natural Science Foundation of China (60773049)the Natural Science Foundationof Jiangsu Province (BK2007086)the Fundamental Research Project of Natural Science in Colleges of Jiangsu Province(07KJB520016).
文摘Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.
基金Projects(61103011,61170261) supported by the National Natural Science Foundation of China
文摘Many energy efficiency asynchronous duty-cycle MAC(media access control) protocols have been proposed in recent years.However,in these protocols,wireless sensor nodes almost choose their wakeup time randomly during the operational cycle,which results in the packet delivery latency increased significantly on the multiple hops path.To reduce the packet delivery latency on multi-hop path and energy waste of the sender's idle listening,a new low latency routing-enhanced asynchronous duty-cycle MAC protocol was presented,called REA-MAC.In REA-MAC,each sensor node decided when it waked up to send the beacon based on cross-layer routing information.Furthermore,the sender adaptively waked up based on the relationship between the transmission request time and the wakeup time of its next hop node.The simulation results show that REA-MAC reduces delivery latency by 60% compared to RI-MAC and reduces 8.77% power consumption on average.Under heavy traffic,REA-MAC's throughput is 1.48 times of RI-MAC's.
基金Project(60673164) supported by the National Natural Science Foundation of ChinaProject(06JJ10009) supported by the Natural Science Foundation of Hunan Province, China+2 种基金Project(20060533057) supported by the Specialized Research Fund for the Doctoral Program of Higher Education of ChinaProject(2008CB317107) supported by the Major State Basic Research and Development Program of ChinaProject(NCET-05-0683) supported by the Program for New Century Excellent Talents in University
文摘The IEEE 802.11e standard is proposed to provide QoS support in WLAN by providing prioritized differentiation of traffic. Since all the stations in the same priority access category (AC) have the same set of parameters, when the number of stations increases, the probability of different stations in the same AC choosing the same values will increase, which will result in collisions. Random adaptive MAC (medium access control) parameters scheme (RAMPS) is proposed, which uses random adaptive MAC differentiation parameters instead of the static ones used in the 802.11e standard. The performance of RAMPS is compared with that of enhanced distributed coordination access (EDCA) using NS2. The results show that RAMPS can reduce collision rate of the AC and improve the throughput by using adaptive random contention window size and inter-frame spacing values. RAMPS ensures that at any given time, several flows of the same priority have different MAC parameter values. By using the random offset for the inter-frame spacing value and the backoff time, RAMPS can provide intra-AC differentiation. The simulation results show that RAMPS outperforms EDCA in terms of both throughput and end-to-end delay irrespective of the traffic load.
