Security Analysis and Improvement Model for Web-based Applications

Today the web has become a major conduit for information. As the World Wide Web?s popularity continues to increase, information security on the web has become an increasing concern. Web information security is related to availability, confidentiality, and data integrity. According to the reports from http://www.securityfocus.com in May 2006, operating systems account for 9% vulnerability, web-based software systems account for 61% vulnerability, and other applications account for 30% vulnerability. In this dissertation, I present a security analysis model using the Markov Process Model. Risk analysis is conducted using fuzzy logic method and information entropy theory. In a web-based application system, security risk is most related to the current states in software systems and hardware systems, and independent of web application system states in the past. Therefore, the web-based applications can be approximately modeled by the Markov Process Model. The web-based applications can be conceptually expressed in the discrete states of (web_client_good; web_server_good, web_server_vulnerable, web_server_attacked, web_server_security_failed; database_server_good, database_server_vulnerable, database_server_attacked, database_server_security_failed) as state space in the Markov Chain. The vulnerable behavior and system response in the web-based applications are analyzed in this dissertation. The analyses focus on functional availability-related aspects: the probability of reaching a particular security failed state and the mean time to the security failure of a system. Vulnerability risk index is classified in three levels as an indicator of the level of security (low level, high level, and failed level). An illustrative application example is provided. As the second objective of this dissertation, I propose a security improvement model for the web-based applications using the GeoIP services in the formal methods. In the security improvement model, web access is authenticated in role-based access control using user logins, remote IP addresses, and physical locations as subject credentials to combine with the requested objects and privilege modes. Access control algorithms are developed for subjects, objects, and access privileges. A secure implementation architecture is presented. In summary, the dissertation has developed security analysis and improvement model for the web-based application. Future work will address Markov Process Model validation when security data collection becomes easy. Security improvement model will be evaluated in performance aspect

Security Analysis and Improvement Model for Web-based Applications

Today the web has become a major conduit for information. As the World Wide Web?s popularity continues to increase, information security on the web has become an increasing concern. Web information security is related to availability, confidentiality, and data integrity. According to the reports from http://www.securityfocus.com in May 2006, operating systems account for 9% vulnerability, web-based software systems account for 61% vulnerability, and other applications account for 30% vulnerability. In this dissertation, I present a security analysis model using the Markov Process Model. Risk analysis is conducted using fuzzy logic method and information entropy theory. In a web-based application system, security risk is most related to the current states in software systems and hardware systems, and independent of web application system states in the past. Therefore, the web-based applications can be approximately modeled by the Markov Process Model. The web-based applications can be conceptually expressed in the discrete states of (web_client_good; web_server_good, web_server_vulnerable, web_server_attacked, web_server_security_failed; database_server_good, database_server_vulnerable, database_server_attacked, database_server_security_failed) as state space in the Markov Chain. The vulnerable behavior and system response in the web-based applications are analyzed in this dissertation. The analyses focus on functional availability-related aspects: the probability of reaching a particular security failed state and the mean time to the security failure of a system. Vulnerability risk index is classified in three levels as an indicator of the level of security (low level, high level, and failed level). An illustrative application example is provided. As the second objective of this dissertation, I propose a security improvement model for the web-based applications using the GeoIP services in the formal methods. In the security improvement model, web access is authenticated in role-based access control using user logins, remote IP addresses, and physical locations as subject credentials to combine with the requested objects and privilege modes. Access control algorithms are developed for subjects, objects, and access privileges. A secure implementation architecture is presented. In summary, the dissertation has developed security analysis and improvement model for the web-based application. Future work will address Markov Process Model validation when security data collection becomes easy. Security improvement model will be evaluated in performance aspect

Optimal Attitude Control of Agile Spacecraft Using Combined Reaction Wheel and Control Moment Gyroscope Arrays

This dissertation explores the benefits of combined control moment gyroscope (CMG) and reaction wheel array (RWA) actuation for agile spacecraft. Agile spacecraft are capable of slewing to multiple targets in minimum time. CMGs provide the largest torque capability of current momentum exchange actuation devices but also introduce singularity events in operation. RWAs produce less torque capability than CMGs but can achieve greater pointing accuracy. In this research, a combined RWA and CMG (RWCMG) system is evaluated using analytical simulations and hardware experiments. A closed-loop control scheme is developed which takes advantage of the strengths of each actuator set.The CMGs perform slews for a representative target field. Borrowing from variable-speed CMG theory, a system of switching between CMG and RWA actuation allows the RWA to assume control of the spacecraft when desired pointing tolerance is met for a given target. During collection, the CMG gimbals may travel along null motion trajectories towardpreferred angles to prepare for the next slew. Preferred gimbal angles are pre-computed off-line using optimization techniques or set based on look-up tables. Logic is developed to ensure CMG gimbal angles travel the shortest path to the preferred values. The proportional-integral-derivative, quaternion feedback, and nonlinear Lyapunov-based controllers are assessed for the RWCMG system. Extended and unscented Kalman filter techniques are explored for improved accuracy in analytical simulation. Results of RWCMG hardware experiments show improvements in slew capability, pointing accuracy, and singularity avoidance compared to traditional CMG-only systems

Towards efficient distributed search in a peer-to-peer network.

Cheng Chun Kong.Thesis submitted in: November 2006.Thesis (M.Phil.)--Chinese University of Hong Kong, 2007.Includes bibliographical references (leaves 62-64).Abstracts in English and Chinese.Abstract --- p.1槪要 --- p.2Acknowledgement --- p.3Chapter 1. --- Introduction --- p.5Chapter 2. --- Literature Review --- p.10Chapter 3. --- DesignChapter A. --- Overview --- p.22Chapter B. --- Basic idea --- p.23Chapter C. --- Follow-up design --- p.30Chapter D. --- Summary --- p.40Chapter 4. --- Experimental FindingsChapter A. --- Goal --- p.41Chapter B. --- Analysis Methodology --- p.41Chapter C. --- Validation --- p.47Chapter D. --- Results --- p.47Chapter 5. --- DeploymentChapter A. --- Limitations --- p.58Chapter B. --- Miscellaneous Design Issues --- p.59Chapter 6. --- Future Directions and Conclusions --- p.61Reference --- p.62Appendix --- p.6

Proceedings of the NASA Conference on Space Telerobotics, volume 5

Papers presented at the NASA Conference on Space Telerobotics are compiled. The theme of the conference was man-machine collaboration in space. The conference provided a forum for researchers and engineers to exchange ideas on the research and development required for the application of telerobotics technology to the space systems planned for the 1990's and beyond. Volume 5 contains papers related to the following subject areas: robot arm modeling and control, special topics in telerobotics, telerobotic space operations, manipulator control, flight experiment concepts, manipulator coordination, issues in artificial intelligence systems, and research activities at the Johnson Space Center

Enhancing the museum experience with a sustainable solution based on contextual information obtained from an on-line analysis of users’ behaviour

Human computer interaction has evolved in the last years in order to enhance users’ experiences and provide more intuitive and usable systems. A major leap through in this scenario is obtained by embedding, in the physical environment, sensors capable of detecting and processing users’ context (position, pose, gaze, ...). Feeded by the so collected information flows, user interface paradigms may shift from stereotyped gestures on physical devices, to more direct and intuitive ones that reduce the semantic gap between the action and the corresponding system reaction or even anticipate the user’s needs, thus limiting the overall learning effort and increasing user satisfaction. In order to make this process effective, the context of the user (i.e. where s/he is, what is s/he doing, who s/he is, what are her/his preferences and also actual perception and needs) must be properly understood. While collecting data on some aspects can be easy, interpreting them all in a meaningful way in order to improve the overall user experience is much harder. This is more evident when we consider informal learning environments like museums, i.e. places that are designed to elicit visitor response towards the artifacts on display and the cultural themes proposed. In such a situation, in fact, the system should adapt to the attention paid by the user choosing the appropriate content for the user’s purposes, presenting an intuitive interface to navigate it. My research goal is focused on collecting, in a simple,unobtrusive, and sustainable way, contextual information about the visitors with the purpose of creating more engaging and personalized experiences