Dynamic Role Authorization in Multiparty Conversations

Protocol specifications often identify the roles involved in communications. In multiparty protocols that involve task delegation it is often useful to consider settings in which different sites may act on behalf of a single role. It is then crucial to control the roles that the different parties are authorized to represent, including the case in which role authorizations are determined only at runtime. Building on previous work on conversation types with flexible role assignment, here we report initial results on a typed framework for the analysis of multiparty communications with dynamic role authorization and delegation. In the underlying process model, communication prefixes are annotated with role authorizations and authorizations can be passed around. We extend the conversation type system so as to statically distinguish processes that never incur in authorization errors. The proposed static discipline guarantees that processes are always authorized to communicate on behalf of an intended role, also covering the case in which authorizations are dynamically passed around in messages.Comment: In Proceedings BEAT 2014, arXiv:1408.556

Using Open Stack for an Open Cloud Exchange(OCX)

We are developing a new public cloud, the Massachusetts Open Cloud (MOC) based on the model of an Open Cloud eXchange (OCX). We discuss in this paper the vision of an OCX and how we intend to realize it using the OpenStack open-source cloud platform in the MOC. A limited form of an OCX can be achieved today by layering new services on top of OpenStack. We have performed an analysis of OpenStack to determine the changes needed in order to fully realize the OCX model. We describe these proposed changes, which although significant and requiring broad community involvement will provide functionality of value to both existing single-provider clouds as well as future multi-provider ones

Doing Better by Doing Less: Approaches to Tackle Overuse of Services

Experts have projected that as much as a third of U.S. health care spending is unnecessary and wasteful. Of the estimated $765 billion of health care dollars wasted in 2009, a quarter --$210 billion -- was spent on the overuse of services, which includes services that are provided more frequently than necessary or services that are higher-cost, but no more beneficial than lower-cost alternatives.This paper provides a summary of the problem of overuse in the U.S. health care system. The analysis gives an overview of the provision of medically inappropriate and unnecessary services that drive up health care spending without making a positive impact on patients' health outcomes. It also describes approaches that have already been used to address overuse of health care services and outlines the broader payment reforms needed to minimize incentives to overdiagnose and overtreat.This overuse of services has implications for both health care costs and outcomes. There is substantial variation in the level of inappropriate use across different health care services. Research shows that the rates at which particular procedures, tests, and medications were performed or prescribed when clinically inappropriate ranged from a low of 1 percent to a high of 89 percent

Business models for deployment and operation of femtocell networks; - Are new cooperation strategies needed for mobile operators?

In this paper we discuss different business models for deployment and operation of femtocell networks intended for provisioning of public mobile broad band access services. In these types of business cases the operators use femtocells in order to reduce investments in "more costly" macro networks since the traffic can be "offloaded" to "less costly" femtocell networks. This is in contrast to the many business cases presented in Femtoforum where femtocells mainly are discussed as a solution to improve indoor coverage for voice services in homes and small offices, usually for closed user groups The main question discussed in this paper is if "operators need to consider new forms of cooperation strategies in order to enable large scale deployment of femtocells for public access?" By looking into existing solutions for indoor wireless access services we claim that the answer is both "Yes" and "No". No, since many types of cooperation are already in place for indoor deployment. Yes, because mobile operators need to re-think the femtocell specific business models, from approaches based on singe operator networks to different forms of cooperation involving multi-operator solutions, e.g. roaming and network sharing. --

HIL: designing an exokernel for the data center

We propose a new Exokernel-like layer to allow mutually untrusting physically deployed services to efficiently share the resources of a data center. We believe that such a layer offers not only efficiency gains, but may also enable new economic models, new applications, and new security-sensitive uses. A prototype (currently in active use) demonstrates that the proposed layer is viable, and can support a variety of existing provisioning tools and use cases.Partial support for this work was provided by the MassTech Collaborative Research Matching Grant Program, National Science Foundation awards 1347525 and 1149232 as well as the several commercial partners of the Massachusetts Open Cloud who may be found at http://www.massopencloud.or

Interest-Based Access Control for Content Centric Networks (extended version)

Content-Centric Networking (CCN) is an emerging network architecture designed to overcome limitations of the current IP-based Internet. One of the fundamental tenets of CCN is that data, or content, is a named and addressable entity in the network. Consumers request content by issuing interest messages with the desired content name. These interests are forwarded by routers to producers, and the resulting content object is returned and optionally cached at each router along the path. In-network caching makes it difficult to enforce access control policies on sensitive content outside of the producer since routers only use interest information for forwarding decisions. To that end, we propose an Interest-Based Access Control (IBAC) scheme that enables access control enforcement using only information contained in interest messages, i.e., by making sensitive content names unpredictable to unauthorized parties. Our IBAC scheme supports both hash- and encryption-based name obfuscation. We address the problem of interest replay attacks by formulating a mutual trust framework between producers and consumers that enables routers to perform authorization checks when satisfying interests from their cache. We assess the computational, storage, and bandwidth overhead of each IBAC variant. Our design is flexible and allows producers to arbitrarily specify and enforce any type of access control on content, without having to deal with the problems of content encryption and key distribution. This is the first comprehensive design for CCN access control using only information contained in interest messages.Comment: 11 pages, 2 figure