New platform for intelligent context-based distributed information fusion

Tesis por compendio de publicaciones[ES]Durante las últimas décadas, las redes de sensores se han vuelto cada vez más importantes y hoy en día están presentes en prácticamente todos los sectores de nuestra sociedad. Su gran capacidad para adquirir datos y actuar sobre el entorno, puede facilitar la construcción de sistemas sensibles al contexto, que permitan un análisis detallado y flexible de los procesos que ocurren y los servicios que se pueden proporcionar a los usuarios. Esta tesis doctoral se presenta en el formato de “Compendio de Artículos”, de tal forma que las principales características de la arquitectura multi-agente distribuida propuesta para facilitar la interconexión de redes de sensores se presentan en tres artículos bien diferenciados. Se ha planteado una arquitectura modular y ligera para dispositivos limitados computacionalmente, diseñando un mecanismo de comunicación flexible que permite la interacción entre diferentes agentes embebidos, desplegados en dispositivos de tamaño reducido. Se propone un nuevo modelo de agente embebido, como mecanismo de extensión para la plataforma PANGEA. Además, se diseña un nuevo modelo de organización virtual de agentes especializada en la fusión de información. De esta forma, los agentes inteligentes tienen en cuenta las características de las organizaciones existentes en el entorno a la hora de proporcionar servicios. El modelo de fusión de información presenta una arquitectura claramente diferenciada en 4 niveles, siendo capaz de obtener la información proporcionada por las redes de sensores (capas inferiores) para ser integrada con organizaciones virtuales de agentes (capas superiores). El filtrado de señales, minería de datos, sistemas de razonamiento basados en casos y otras técnicas de Inteligencia Artificial han sido aplicadas para la consecución exitosa de esta investigación. Una de las principales innovaciones que pretendo con mi estudio, es investigar acerca de nuevos mecanismos que permitan la adición dinámica de redes de sensores combinando diferentes tecnologías con el propósito final de exponer un conjunto de servicios de usuario de forma distribuida. En este sentido, se propondrá una arquitectura multiagente basada en organizaciones virtuales que gestione de forma autónoma la infraestructura subyacente constituida por el hardware y los diferentes sensores

An investigation of interoperability issues between authorisation systems within web services

The existing authorisation systems within the context of Web Services mainly apply two access control approaches – Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The RBAC approach links an authenticated Web Service Requester to its specific access control permission through roles, but RBAC is not flexible enough to cater for some cases where extra attribute information is needed in addition to the identity. By contrast, the ABAC approach has more flexibility, as it allows a Web Service Requester to submit necessary credentials containing extra attribute information that can fulfil the policies declared by a Web Service Provider, which aims to protect the sensitive resources/services.RBAC and ABAC can only help to establish a unilateral trust relationship between two Web Services to enable a Web Service Provider to make an access control decision. Unfortunately, the nature of Web Services presents a high probability that two Web Services may not know each other. Therefore, successful authorisation may fail, if the Web Service Requester does not trust the Web Service Provider.Trust Negotiation (TN) is also an access control approach, which can provide a bilateral trust relationship between two unknown entities, so it sometimes can enable authorisation success in situations where success is not possible through RBAC or ABAC approaches. However, interoperability issues will arise between authorisation systems within Web Services, where a bilateral trust-based authorisation solution is applied. In addition, a lack of a unified approach that can address the interoperability issues remains as a research problem. This research aims to explore possible factors causing the lack of interoperability first, and then to explore an approach that can address the interoperability issues. The main contributions of this research are an improved interoperability model illustrating interoperability issues at different layers of abstraction, and a novel interoperability-solution design along with an improved TN protocol as an example of utilising this design to provide interoperability between authorisation systems within Web Services

Self-reconfigurable, intrusion-tolerant, web-service composition framework

The Internet has provided an opportunity for businesses to offer their services as Web Services (WSs). WSs are used to implement Service Ori-ented Architecture (SOA). They enable composition of independent services with complementary functionalities to produce value-added services, which results in less development effort, time consumption and cost, enabling com-panies and organizations to implement their core business only and out-source other service components over the Internet, either pre-selected or on-the-fly. Simple Object Access Protocol (SOAP) based WSs are at risk of se-curity vulnerabilities related to their specific implementation technologies such as Extensible Markup Language (XML) as well as those of their under-lying platforms (e.g., operating systems and frameworks) and their applica-tions (e.g., vulnerability to SQL Injection attacks). Cyber-attacks on WSs may cause unavailability, loss of confidentiality and/or integrity as well as signifi-cant monetary penalties. Security issues become more challenging when Off-The-Shelf Web Services (OTSWSs) are used since they are beyond the con-trol of their clients. The central question underlying this work is: Can a self-reconfigurable Intrusion-Tolerant Web Ser-vice, implemented using N-version programming and diversity formed by composing Off-The-Shelf Web Services that are selected through penetration testing, Principal Component Analysis, and Cluster Analysis process-es mitigate XML-related security vulnerabilities? While aiming to answer the above question, this dissertation presents a novel framework to increase dependability by constructing an Intrusion-Tolerant Web Service (ITWS) in which N-version programming and diversity, formed by composing SOAP-OTSWSs, is used. It describes how penetration testing can be used as a measure of security vulnerabilities of available SOAP-OTSWSs (that offer the required functionality) and the resultant ITWS, how Principal Component Analysis (PCA) and Cluster Analysis (CA) and be utilized to group the SOAP-OTSWSs based on their security vulnerabilities diversity and how a further penetration testing on each group of diverse SOAP-OTSWSs can be used to select the optimal set (most secure among the groups) for construction of ITWS. This dissertation also demonstrates how the dynamic reconfiguration of ITWS, created in Business Process Engineering Language (BPEL), can be enabled using a combination of BPEL constructs and Java as BPEL exten-sion approach and using only Java as BPEL extension approach. The novelty of the work presented in this dissertation is twofold. On the one hand, it is security informed and on the other hand, it demonstrates the use of Java (as BPEL 2.0 extension) to implement self-reconfigurable composite WS. It has the advantage of, at the same time, facilitating a de-pendable service to users and exploiting existing standard technologies. This work also assesses the effectiveness of the proposed solutions through vari-ous case studies and discusses the implications of the proposed framework