21 research outputs found
Trustworthiness in Mobile Cyber Physical Systems
Computing and communication capabilities are increasingly embedded in diverse objects and structures in the physical environment. They will link the âcyberworldâ of computing and communications with the physical world. These applications are called cyber physical systems (CPS). Obviously, the increased involvement of real-world entities leads to a greater demand for trustworthy systems. Hence, we use "system trustworthiness" here, which can guarantee continuous service in the presence of internal errors or external attacks. Mobile CPS (MCPS) is a prominent subcategory of CPS in which the physical component has no permanent location. Mobile Internet devices already provide ubiquitous platforms for building novel MCPS applications. The objective of this Special Issue is to contribute to research in modern/future trustworthy MCPS, including design, modeling, simulation, dependability, and so on. It is imperative to address the issues which are critical to their mobility, report significant advances in the underlying science, and discuss the challenges of development and implementation in various applications of MCPS
Role Mining in the Presence of Noise
Abstract. The problem of role mining, a bottom-up process of discovering roles from the user-permission assignments (UPA), has drawn increasing attention in recent years. The role mining problem (RMP) and several of its variants have been proposed in the literature. While the basic RMP discovers roles that exactly represent the UPA, the inexact variants, such as the ÎŽ-approx RMP and MinNoise-RMP, allow for some inexactness in the sense that the discovered roles do not have to exactly cover the entire UPA. However, since data in real life is never completely clean, the role mining process is only effective if it is robust to noise. This paper takes the first step towards addressing this issue. Our goal in this paper is to examine if the effect of noise in the UPA could be ameliorated due to the inexactness in the role mining process, thus having little negative impact on the discovered roles. Specifically, we define a formal model of noise and experimentally evaluate the previously proposed algorithm for ÎŽ-approx RMP against its robustness to noise. Essentially, this would allow one to come up with strategies to minimize the effect of noise while discovering roles. Our experiments on real data indicate that the role mining process can preferentially cover a lot of the real assignments and leave potentially noisy assignments for further examination. We explore the ramifications of noisy data and discuss next steps towards coming up with more effective algorithms for handling such data
KoostööÀriprotsesside lĂ€biviimine plokiahelal: sĂŒsteem
TaÌnapaÌeval peavad organisatsioonid tegema omavahel koostoÌoÌd, et kasutada aÌra uÌksteise taÌiendavaid voÌimekusi ning seelaÌbi pakkuda oma klientidele parimaid tooteid ja teenuseid. Selleks peavad organisatsioonid juhtima aÌriprotsesse, mis uÌletavad nende organisatsioonilisi piire. Selliseid protsesse nimetatakse koostoÌoÌaÌriprotsessideks. UÌks peamisi takistusi koostoÌoÌaÌriprotsesside elluviimisel on osapooltevahelise usalduse puudumine. Plokiahel loob detsentraliseeritud pearaamatu, mida ei saa voÌltsida ning mis toetab nutikate lepingute taÌitmist. Nii on voÌimalik teha koostoÌoÌd ebausaldusvaÌaÌrsete osapoolte vahel ilma kesksele asutusele tuginemata. Paraku on aga aÌriprotsesside laÌbiviimine selliseid madala taseme plokiahela elemente kasutades tuÌlikas, veaohtlik ja erioskusi noÌudev. Seevastu juba vaÌljakujunenud aÌriprotsesside juhtimissuÌsteemid (Business Process Management System â BPMS) pakuvad kaÌepaÌraseid abstraheeringuid protsessidele orienteeritud rakenduste kiireks arendamiseks. KaÌesolev doktoritoÌoÌ kaÌsitleb koostoÌoÌaÌriprotsesside automatiseeritud laÌbiviimist plokiahela tehnoloogiat kasutades, kombineerides traditsioonliste BPMS- ide arendusvoÌimalused plokiahelast tuleneva suurendatud usaldusega. Samuti kaÌsitleb antud doktoritoÌoÌ kuÌsimust, kuidas pakkuda tuge olukordades, milles uued osapooled voÌivad jooksvalt protsessiga liituda, mistoÌttu on vajalik tagada paindlikkus aÌriprotsessi marsruutimisloogika muutmise osas. DoktoritoÌoÌ uurib tarkvaraarhitektuurilisi laÌhenemisviise ja modelleerimise kontseptsioone, pakkudes vaÌlja disainipoÌhimoÌtteid ja noÌudeid, mida rakendatakse uudsel plokiahela baasil loodud aÌriprotsessi juhtimissuÌsteemil CATERPILLAR. CATERPILLAR-i suÌsteem toetab kahte laÌhenemist plokiahelal poÌhinevate protsesside rakendamiseks, laÌbiviimiseks ja seireks: kompileeritud ja toÌlgendatatud. Samuti toetab see kahte kontrollitud paindlikkuse mehhanismi, mille abil saavad protsessis osalejad uÌhiselt otsustada, kuidas protsessi selle taÌitmise ajal uuendada ning anda ja eemaldada osaliste juurdepaÌaÌsuoÌigusi.Nowadays, organizations are pressed to collaborate in order to take advantage of their complementary capabilities and to provide best-of-breed products and services to their customers. To do so, organizations need to manage business processes that span beyond their organizational boundaries. Such processes are called collaborative business processes. One of the main roadblocks to implementing collaborative business processes is the lack of trust between the participants. Blockchain provides a decentralized ledger that cannot be tamper with, that supports the execution of programs called smart contracts. These features allow executing collaborative processes between untrusted parties and without relying on a central authority. However, implementing collaborative business processes in blockchain can be cumbersome, error-prone and requires specialized skills. In contrast, established Business Process Management Systems (BPMSs) provide convenient abstractions for rapid development of process-oriented applications. This thesis addresses the problem of automating the execution of collaborative business processes on top of blockchain technology in a way that takes advantage of the trust-enhancing capabilities of this technology while offering the development convenience of traditional BPMSs. The thesis also addresses the question of how to support scenarios in which new parties may be onboarded at runtime, and in which parties need to have the flexibility to change the default routing logic of the business process. We explore architectural approaches and modelling concepts, formulating design principles and requirements that are implemented in a novel blockchain-based BPMS named CATERPILLAR. The CATERPILLAR system supports two methods to implement, execute and monitor blockchain-based processes: compiled and interpreted. It also supports two mechanisms for controlled flexibility; i.e., participants can collectively decide on updating the process during its execution as well as granting and revoking access to parties.https://www.ester.ee/record=b536494
Towards assessing information privacy in microblogging online social networks. The IPAM framework
Les xarxes socials en lĂnia incorporen diferents formes de comunicaciĂł interactiva com serveis de microblogs, comparticiĂł de fitxers multimĂšdia o xarxes de contactes professionals. En els Ășltims anys han augmentat els escĂ ndols pĂșblics en relaciĂł amb prĂ ctiques qĂŒestionables de la indĂșstria de les xarxes socials pel que fa a la privacitat. AixĂ, doncs, cal una avaluaciĂł efectiva i eficient del nivell de privacitat en les xarxes socials en lĂnia. El focus de la present tesi Ă©s la construcciĂł d'un esquema (IPAM) per a identificar i avaluar el nivell de privacitat proporcionat per les xarxes socials en lĂnia, en particular per als serveis de microblogs. L'objectiu d'IPAM Ă©s ajudar els usuaris a identificar els riscos relacionats amb les seves dades. L'esquema tambĂ© permet comparar el nivell de protecciĂł de la privacitat entre diferents sistemes analitzats, de manera que pugui ser tambĂ© utilitzat per proveĂŻdors de servei i desenvolupadors per a provar i avaluar els seus sistemes i si les tĂšcniques de privacitat usades sĂłn eficaces i suficients.Las redes sociales en lĂnea incorporan diferentes formas de comunicaciĂłn interactiva como servicios de microblogueo, comparticiĂłn de ficheros multimedia o redes de contactos profesionales. En los Ășltimos años han aumentado los escĂĄndalos pĂșblicos relacionados con prĂĄcticas cuestionables de la industria de las redes sociales en relaciĂłn con la privacidad. AsĂ pues, es necesaria una evaluaciĂłn efectiva y eficiente del nivel de privacidad en las redes sociales en lĂnea. El foco de la presente tesis es la construcciĂłn de un esquema (IPAM) para identificar y evaluar el nivel de privacidad proporcionado por las redes sociales en lĂnea, en particular para los servicios de microblogueo. El objetivo de IPAM es ayudar a los usuarios a identificar los riesgos relacionados con sus datos. El esquema tambiĂ©n permite comparar el nivel de protecciĂłn de la privacidad entre diferentes sistemas analizados, de modo que pueda ser tambiĂ©n utilizado por proveedores de servicio y desarrolladores para probar y evaluar sus sistemas y si las tĂ©cnicas de privacidad usadas son eficaces y suficientes.Online social networks (OSNs) incorporate different forms of interactive communication, including microblogging services, multimedia sharing and business networking, among others. In recent years there has been an increase in the number of privacy-related public scandals involving questionable data handling practices in OSNs. This situation calls for an effective and efficient evaluation of the privacy level provided by such services. In this thesis, we take initial steps towards developing an information privacy assessment framework (IPAM framework) to compute privacy scores for online social networks in general, and microblogging OSNs in particular. The aim of the proposed framework is to help users identify personal data-related risks and how their privacy is protected when using one OSN or another. The IPAM framework also allows for a comparison between different systems' privacy protection level. This gives system providers, not only an idea of how they are positioned in the market vis-Ă -vis their competitors, but also recommendations on how to enhance their services
Algorithmic Results for Clustering and Refined Physarum Analysis
In the first part of this thesis, we study the Binary -Rank- problem which given a binary matrix and a positive integer , seeks to find a rank- binary matrix minimizing the number of non-zero entries of . A central open question is whether this problem admits a polynomial time approximation scheme. We give an affirmative answer to this question by designing the first randomized almost-linear time approximation scheme for constant over the reals, , and the Boolean semiring. In addition, we give novel algorithms for important variants of -low rank approximation.
The second part of this dissertation, studies a popular and successful heuristic, known as Approximate Spectral Clustering (ASC), for partitioning the nodes of a graph into clusters with small conductance. We give a comprehensive analysis, showing that ASC runs efficiently and yields a good approximation of an optimal -way node partition of .
In the final part of this thesis, we present two results on slime mold computations: i) the continuous undirected Physarum dynamics converges for undirected linear programs with a non-negative cost vector; and ii) for the discrete directed Physarum dynamics, we give a refined analysis that yields strengthened and close to optimal convergence rate bounds, and shows that the model can be initialized with any strongly dominating point.Im ersten Teil dieser Arbeit untersuchen wir das Binary -Rank- Problem. Hier sind eine bin{\"a}re Matrix und eine positive ganze Zahl gegeben und gesucht wird eine bin{\"a}re Matrix mit Rang , welche die Anzahl von nicht null Eintr{\"a}gen in minimiert. Wir stellen das erste randomisierte, nahezu lineare Aproximationsschema vor konstantes {\"u}ber die reellen Zahlen, und den Booleschen Semiring. Zus{\"a}tzlich erzielen wir neue Algorithmen f{\"u}r wichtige Varianten der -low rank Approximation.
Der zweite Teil dieser Dissertation besch{\"a}ftigt sich mit einer beliebten und erfolgreichen Heuristik, die unter dem Namen Approximate Spectral Cluster (ASC) bekannt ist. ASC partitioniert die Knoten eines gegeben Graphen in Cluster kleiner Conductance. Wir geben eine umfassende Analyse von ASC, die zeigt, dass ASC eine effiziente Laufzeit besitzt und eine gute Approximation einer optimale -Weg-Knoten Partition f{\"u}r berechnet.
Im letzten Teil dieser Dissertation pr{\"a}sentieren wir zwei Ergebnisse {\"u}ber Berechnungen mit Hilfe von Schleimpilzen: i) die kontinuierliche ungerichtete Physarum Dynamik konvergiert f{\"u}r ungerichtete lineare Programme mit einem nicht negativen Kostenvektor; und ii) f{\"u}r die diskrete gerichtete Physikum Dynamik geben wir eine verfeinerte Analyse, die st{\"a}rkere und beinahe optimale Schranken f{\"u}r ihre Konvergenzraten liefert und zeigt, dass das Model mit einem beliebigen stark dominierender Punkt initialisiert werden kann
On the Use of Migration to Stop Illicit Channels
Side and covert channels (referred to collectively as illicit channels) are an insidious affliction of high security systems brought about by the unwanted and unregulated sharing of state amongst processes.
Illicit channels can be effectively broken through isolation, which limits the degree by which processes can interact. The drawback of using isolation as a general mitigation against illicit channels is that it can be very wasteful when employed naively. In particular, permanently isolating every tenant of a public cloud service to its own separate machine would completely undermine the economics of cloud computing, as it would remove the advantages of consolidation.
On closer inspection, it transpires that only a subset of a tenant's activities are sufficiently security sensitive to merit strong isolation. Moreover, it is not generally necessary to maintain isolation indefinitely, nor is it given that isolation must always be procured at the machine level.
This work builds on these observations by exploring a fine-grained and hierarchical model of isolation, where fractions of a machine can be isolated dynamically using migration. Using different units of isolation allows a system to isolate processes from each other with a minimum of over-allocated resources, and having a dynamic and reconfigurable model enables isolation to be procured on-demand. The model is then realised as an implemented framework that allows the fine-grained provisioning of units of computation, managing migrations at the core, virtual CPU, process group, process/container and virtual machine level. Use of this framework is demonstrated in detecting and mitigating a machine-wide covert channel, and in implementing a multi-level moving target defence.
Finally, this work describes the extension of post-copy live migration mechanisms to allow temporary virtual machine migration. This adds the ability to isolate a virtual machine on a short term basis, which subsequently allows migrations to happen at a higher frequency and with fewer redundant memory transfers, and also creates the opportunity of time-sharing a particular physical machine's features amongst a set of tenants' virtual machines
Intergiciel d'intergiciels adaptable Ă base de Services, Composants et Aspects
Cette habilitation Ă diriger des recherches prĂ©sente mes travaux sur le gĂ©nie logiciel des intergiciels, domaine Ă la croisĂ©e de lâinformatique rĂ©partie et du gĂ©nie logiciel. Lâintergiciel est la couche logicielle permettant de sâabstraire de lâhĂ©tĂ©rogĂ©nĂ©itĂ© des technologies de lâinformatique distribuĂ©e et de rĂ©pondre aux besoins dâinteropĂ©rabilitĂ©, de portabilitĂ©, dâadaptation et de sĂ©paration des prĂ©occupations des applications rĂ©parties. Mes travaux ont Ă©tĂ© guidĂ©s par deux questions de recherche ouvertes : 1) quel est le paradigme de programmation le plus appropriĂ© pour les applications rĂ©parties ? 2) quelle est lâorganisation la plus appropriĂ©e pour lâintergiciel ?La premiĂšre partie prĂ©sente une synthĂšse de mes travaux et contributions. PremiĂšrement, mes travaux ont portĂ© sur la transition des objets vers les composants CORBA donnant lieu Ă deux contributions majeures : le langage de script CorbaScript standardisĂ© auprĂšs de lâOMG et la plate-forme OpenCCM pour le dĂ©veloppement, le dĂ©ploiement, lâexĂ©cution et lâadministration dâapplications rĂ©parties Ă base de composants CORBA. DeuxiĂšmement, je me suis intĂ©ressĂ© Ă la conception de canevas intergiciels hautement adaptables. Ces travaux basĂ©s sur les composants rĂ©flexifs Fractal ont donnĂ© lieu Ă un cadre de programmation par attributs sur lequel trois canevas flexibles pour la gestion du transactionnel, le dĂ©ploiement de systĂšmes distribuĂ©s hĂ©tĂ©rogĂšnes et les composants Java temps-rĂ©els ont Ă©tĂ© bĂątis. Enfin, mes travaux ont portĂ© sur la proposition du modĂšle Services Composants Aspects (SCA) et lâintergiciel dâintergiciels FraSCAti.La deuxiĂšme partie opĂšre un zoom sur le projet FraSCAti. La contribution scientifique de ce projet est de proposer un intergiciel rĂ©flexif pour lâinformatique orientĂ©e service combinant deux idĂ©es originales : la notion dâintergiciel dâintergiciels et le modĂšle Services Composants Aspects rĂ©flexif. Partant du constat quâil nâexiste pas dâintergiciel universel capable de couvrir lâensemble des besoins de toutes les applications distribuĂ©es, le projet FraSCAti propose un canevas intergiciel extensible pour lâintĂ©gration et la composition Ă©lĂ©gante des intergiciels et technologies SOA existants, câest-Ă -dire un intergiciel dâintergiciels. Le modĂšle SCA rĂ©flexif est quant Ă lui le mariage fĂ©cond du standard OASIS Service Component Architecture (SCA), du modĂšle de composants Fractal et de la programmation orientĂ©e aspects (AOP). Dans ce modĂšle, tout est composant rĂ©flexif permettant ainsi dâadapter dynamiquement aussi bien les applications mĂ©tiers, lâintergiciel, les liaisons de communication rĂ©seau que les aspects non fonctionnels. Cette contribution a Ă©tĂ© appliquĂ©e sur lâorchestration de services Ă large Ă©chelle, la construction de systĂšmes de systĂšmes et une plate-forme distribuĂ©e multi-nuages. La derniĂšre partie dresse un bilan des contributions et prĂ©sente mes perspectives de recherche centrĂ©es sur le gĂ©nie logiciel pour lâinformatique en nuage (cloud computing)