10,271 research outputs found
Towards Formal Interaction-Based Models of Grid Computing Infrastructures
Grid computing (GC) systems are large-scale virtual machines, built upon a
massive pool of resources (processing time, storage, software) that often span
multiple distributed domains. Concurrent users interact with the grid by adding
new tasks; the grid is expected to assign resources to tasks in a fair,
trustworthy way. These distinctive features of GC systems make their
specification and verification a challenging issue. Although prior works have
proposed formal approaches to the specification of GC systems, a precise
account of the interaction model which underlies resource sharing has not been
yet proposed. In this paper, we describe ongoing work aimed at filling in this
gap. Our approach relies on (higher-order) process calculi: these core
languages for concurrency offer a compositional framework in which GC systems
can be precisely described and potentially reasoned about.Comment: In Proceedings DCM 2013, arXiv:1403.768
Privacy in crowdsourcing:a systematic review
The advent of crowdsourcing has brought with it multiple privacy challenges. For example, essential monitoring activities, while necessary and unavoidable, also potentially compromise contributor privacy. We conducted an extensive literature review of the research related to the privacy aspects of crowdsourcing. Our investigation revealed interesting gender differences and also differences in terms of individual perceptions. We conclude by suggesting a number of future research directions.</p
Attack-Surface Metrics, OSSTMM and Common Criteria Based Approach to “Composable Security” in Complex Systems
In recent studies on Complex Systems and Systems-of-Systems theory, a huge effort has been put to cope with behavioral problems, i.e. the possibility of controlling a desired overall or end-to-end behavior by acting on the individual elements that constitute the system itself. This problem is particularly important in the “SMART” environments, where the huge number of devices, their significant computational capabilities as well as their tight interconnection produce a complex architecture for which it is difficult to predict (and control) a desired behavior; furthermore, if the scenario is allowed to dynamically evolve through the modification of both topology and subsystems composition, then the control problem becomes a real challenge. In this perspective, the purpose of this paper is to cope with a specific class of control problems in complex systems, the “composability of security functionalities”, recently introduced by the European Funded research through the pSHIELD and nSHIELD projects (ARTEMIS-JU programme). In a nutshell, the objective of this research is to define a control framework that, given a target security level for a specific application scenario, is able to i) discover the system elements, ii) quantify the security level of each element as well as its contribution to the security of the overall system, and iii) compute the control action to be applied on such elements to reach the security target. The main innovations proposed by the authors are: i) the definition of a comprehensive methodology to quantify the security of a generic system independently from the technology and the environment and ii) the integration of the derived metrics into a closed-loop scheme that allows real-time control of the system. The solution described in this work moves from the proof-of-concepts performed in the early phase of the pSHIELD research and enrich es it through an innovative metric with a sound foundation, able to potentially cope with any kind of pplication scenarios (railways, automotive, manufacturing, ...)
Recommended from our members
A Static Verification Framework for Secure Peer-to-Peer Applications
In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process
Laying Claim to Authenticity: Five Anthropological Dilemmas
The introduction to this special collection examines five dilemmas about
the use of the concept of authenticity in anthropological analysis. These
relate to 1) the expectation of a singular authenticity “deep” in oneself or
beyond the surface of social reality, 2) the contradictions emerging from
the opposition of authenticity with inauthenticity, 3) the irony of the notion
of invention of tradition (which deconstructs, but also offends), 4) the criteria
involved in the authentication of the age of objects (with a consideration
of their materiality), and 5) authenticity’s simultaneity, its contemporaneous
multiple conceptualizations in context. I argue for a perspective on the
study of authenticity that acknowledges the simultaneous co-existence of
more than one parallel manifestation of authenticity in any given negotiation
of the authentic
ConXsense - Automated Context Classification for Context-Aware Access Control
We present ConXsense, the first framework for context-aware access control on
mobile devices based on context classification. Previous context-aware access
control systems often require users to laboriously specify detailed policies or
they rely on pre-defined policies not adequately reflecting the true
preferences of users. We present the design and implementation of a
context-aware framework that uses a probabilistic approach to overcome these
deficiencies. The framework utilizes context sensing and machine learning to
automatically classify contexts according to their security and privacy-related
properties. We apply the framework to two important smartphone-related use
cases: protection against device misuse using a dynamic device lock and
protection against sensory malware. We ground our analysis on a sociological
survey examining the perceptions and concerns of users related to contextual
smartphone security and analyze the effectiveness of our approach with
real-world context data. We also demonstrate the integration of our framework
with the FlaskDroid architecture for fine-grained access control enforcement on
the Android platform.Comment: Recipient of the Best Paper Awar
- …