Using trusted platform module for securing virtual environment access in cloud

With the increasing usage of Cloud and the Virtualization technology, there comes also an increasing demand to ensure the security levels of all computing environments and components associated and accordingly in this work we propose a new machine authentication mechanism using Trusted Platform Module that can be used to provide a secure access to virtual environments in the cloud. The proposed authentication module is aiming to contribute in providing a solution to Poor machine identity, Multi-tenancy as well as Malicious insiders known security problems in the cloud. It is targeting the access security to graphical user interface of virtual machines hosted on VirtualBox hypervisor in a Linux based environment through authenticating clients trying to connect using the client\u27s Trusted Platform Module Public Endorsement key as a pre-authorized signature to the virtual environment in addition to the normal user name and password authentication of the connecting user. Results obtained from the output of this work indicates that it is possible to authenticate the machines based on their Trusted Platform Module signatures and provide them access to VirtualBox environment only based on a pre-defined Access Control List with minimal one time overhead upon establishing the initial connection

The Automated Wingman: An Airborne Companion for Users of DIS Compatible Flight Simulators

A major problem encountered by users of distributed virtual environments is the lack of simulators available to populate these environments. This problem is usually remedied by using computer generated entities. Unfortunately, these entities often lack adequate human behavior and are readily identified as non-human. This violates the realism premise of distributed virtual reality and is a major problem, especially in training situations. This thesis addresses the problem by presenting a computer generated entity called the Automated Wingman. The Automated Wingman is a semi-automated computer generated aircraft simulator that operates under the control of a designated lead simulator and integrates distributed virtual environments with intelligence. Access to distributed virtual environments is provided through the DIS protocol suite while human behavior is obtained through the use of a fuzzy expert system and a voice interface. The fuzzy expert system is designed around a hierarchy of knowledgebases. Each of these knowledge bases contains a set of fuzzy logic based linguistic variables that control the actions of the Automated Wingman. The voice interface allows the pilot of the lead simulator to direct the activity of the Automated Wingman. This thesis describes the design of the Automated Wingman and presents the current status of its implementation

Role Signatures for Access Control in Grid Computing

Implementing access control efficiently and effectively in an open and distributed grid environment is a challenging problem. One reason for this is that users requesting access to remote resources may be unknown to the authorization service that controls access to the requested resources. Hence, it seems inevitable that pre-defined mappings of principals in one domain to those in the domain containing the resources are needed. A second problem in such environments is that verifying the authenticity of user credentials or attributes can be difficult. In this paper, we propose the concept of role signatures to solve these problems by exploiting the hierarchical structure of a virtual organization within a grid environment. Our approach makes use of a hierarchical identity-based signature scheme whereby verification keys are defined by generic role identifiers defined within a hierarchical namespace. We show that individual member organizations of a virtual organization are not required to agree on principal mappings beforehand to enforce access control to resources. Moreover, user authentication and credential verification is unified in our approach and can be achieved through a single role signature

A multimedia access control language for virtual and ambient intelligence environments

Access control models are becoming increasingly important in several application domains especially in distributed environments like those addressed by Web Services. Established approaches such as DAC [16] , MAC [16] RBAC [11, 12, 22] and others [6, 5, 15, 1] suggest representing users in different ways (labels, roles, credentials, etc.) in order to facilitate the association of authorization and access control policies. In intelligent and virtual ambient applications, users exist in a controlled environment equipped with multimedia sensors such as cameras and microphones, and use their terminals in several application environments. In this paper, we study the problem of integrating multimedia objects into access control models and particularly role-based ones. Here, we describe a Multimedia Access Control Language (M 2ACL) in which users and roles are described by using sets of mul- timedia objects,greatly increasing the flexibility of access control policies and their applicability to virtual and ambient intelligence (AmI) environments. We address potential risks related to the use of multimedia objects by defining the concept of filter functions used to aggregate a set of values into a relevant one.Finally,we present a set of functional specification and the experiments conducted to validate the proposed approach

ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability

Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to effi- ciently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/- client ticket. Unlike PKI certificates, SOC’s authentication time and handshake packet overhead stays constant regardless of each capability’s delegation hop distance from the root delegator. The paper compares SOC’s security bene- fits with Kerberos and the experimental results show SOC’s authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos

Virtually the same? How impaired sensory information in virtual reality may disrupt vision for action

This is the final version. Available on open access from Springer via the DOI in this recordVirtual reality (VR) is a promising tool for expanding the possibilities of psychological experimentation and implementing immersive training applications. Despite a recent surge in interest, there remains an inadequate understanding of how VR impacts basic cognitive processes. Due to the artificial presentation of egocentric distance cues in virtual environments, a number of cues to depth in the optic array are impaired or placed in conflict with each other. Moreover, realistic haptic information is all but absent from current VR systems. The resulting conflicts could impact not only the execution of motor skills in VR but also raise deeper concerns about basic visual processing, and the extent to which virtual objects elicit neural and behavioural responses representative of real objects. In this brief review, we outline how the novel perceptual environment of VR may affect vision for action, by shifting users away from a dorsal mode of control. Fewer binocular cues to depth, conflicting depth information and limited haptic feedback may all impair the specialised, efficient, online control of action characteristic of the dorsal stream. A shift from dorsal to ventral control of action may create a fundamental disparity between virtual and real-world skills that has important consequences for how we understand perception and action in the virtual world.Royal Academy of Engineering (RAE

Data security management applying trust policies for small organizations, ad hoc organizations and virtual organizations

Privacy and data security is one of the current requirements in organizations. In this paper, wepresent an implementation and management method, using trust policies based on the relative knowledgeof the users, in organizations with a high dynamism. Basically, security policies are based on severalmodels which are presented in the following. This paper starts from the need to solve problems ofinformation flow and access control to data in an organization, while the structure the organization is notdefined and the actual capabilities of its members are not known. Solution to create members' access toorganization's documents, data and information is based on trust. This article complements previousstudies concerning the possibility of document security implementation, controlling the information accessrights in virtual environments based on Web technologies