Security by Spatial Reference:Using Relative Positioning to Authenticate Devices for Spontaneous Interaction

Spontaneous interaction is a desirable characteristic associated with mobile and ubiquitous computing. The aim is to enable users to connect their personal devices with devices encountered in their environment in order to take advantage of interaction opportunities in accordance with their situation. However, it is difficult to secure spontaneous interaction as this requires authentication of the encountered device, in the absence of any prior knowledge of the device. In this paper we present a method for establishing and securing spontaneous interactions on the basis of emphspatial references that capture the spatial relationship of the involved devices. Spatial references are obtained by accurate sensing of relative device positions, presented to the user for initiation of interactions, and used in a peer authentication protocol that exploits a novel mechanism for message transfer over ultrasound to ensures spatial authenticity of the sender

Hybrid Solution for Integrated Trading

Integrated applications are complex solutions, whose complexity are determined by the economic processes they implement, the amount of data employed (millions of records grouped in hundreds of tables, databases, hundreds of GB) and the number of users. Service oriented architecture (SOA), is now the most talked-about integration solution in mainstream journals, addressing both simple applications, for a department but also at enterprise level. SOA can refer to software architecture or to a way of standardizing the technical architecture of an enterprise and it shows its value when operating in several distinct and heterogeneous environments.System Integration, Data Integration, Web Services, Java, XML, Stock Market

09192 Abstracts Collection -- From Quality of Service to Quality of Experience

From 05.05. to 08.05.2009, the Dagstuhl Seminar 09192 ``From Quality of Service to Quality of Experience\u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators' consequent mistrust of systems' abilities to issue appropriate responses. The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions. The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations. The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain

The Detection Data Processing Mechanism for Vehicular Cyber Physical System in IoT Environment

With the development of the Internet of Things and big data technology, it was easy to collect personal situation information. The information collected in this way requires the user to support customized services via big data technology. However, traditional situational awareness systems request action through user cognition or provide consistent services for the specific purposes of multiple users. Therefore, this paper proposes a mechanism of Vehicular CPS with situational cognitive function that minimizes direct user intervention for user customization services. In this paper, we designed the system configuration and detailed process based on the scenario of the situation where the user is driving a car. A vector is used to provide a method for determining a dangerous water level by analyzing an abnormal state of a reception threshold with a sensor. The proposed system was analyzed by simulation. By using the authorization step that operates based on the sensor data, we were able to know that the reliability of the user is improved and that the reliable processing of the IoT service is possible. In the future, research for personal authentication and encryption is needed for more secure information processing

Cyberaide JavaScript: A Web Application Development Framework for Cyberinfrastructure

This thesis work introduces a service oriented architecture based Grid abstraction framework that allows users to access Grid infrastructure through JavaScript. Such a framework integrates well with other Web 2.0 technologies since it provides JavaScript toolkit to build web applications. The framework consists of two essential parts. A client Application Programming lnterface (API) to access the Grid via JavaScript and a full service stack in server side through which the Grid access is channeled. The framework uses commodity Web service standards and provides extended functionality such as asynchronous task management, file transfer, etc. The availability of this framework simplifies not only the development of new services, but also the development of advanced client side Grid applications that can be accessed through Web browsers. The effectiveness of the framework is demonstrated by providing an Grid portal example that integrates a variety of useful services to be accessed through a JavaScript enabled client desktop via a Web browser, as well as the opensocial gadgets for Grid task management and file transfer. Overall, Grid developers will have another tool at their disposal that projects a simpler way to distribute and maintain cyberinfrastructure related software, while simultaneously delivering advanced interfaces and integrating social services for the scientific community

M-health review: joining up healthcare in a wireless world

In recent years, there has been a huge increase in the use of information and communication technologies (ICT) to deliver health and social care. This trend is bound to continue as providers (whether public or private) strive to deliver better care to more people under conditions of severe budgetary constraint