225,080 research outputs found
An access control model for mobile physical objects
Access to distributed databases containing tuples collected about mobile physical objects requires information about the objects ’ trajectories. Existing access control models can-not encode this information efficiently. This poses a policy management problem to administrators in real-world supply chains where companies want to protect their goods track-ing data. In this paper we propose a new access control model as an extension to attribute-based access control that allows trajectory-based visibility policies. We prove the se-curity properties of our novel authentication protocol for distributed systems that can supply the decision algorithm with the necessary reliable information using only standard passive RFID tags. As a result companies will be able to improve confidentiality protection and governance of their object tracking data and more trustingly engage in data sharing agreements
On the inability of existing security models to cope with data mobility in dynamic organizations
Modeling tools play an important role in identifying threats in traditional\ud
IT systems, where the physical infrastructure and roles are assumed\ud
to be static. In dynamic organizations, the mobility of data outside the\ud
organizational perimeter causes an increased level of threats such as the\ud
loss of confidential data and the loss of reputation. We show that current\ud
modeling tools are not powerful enough to help the designer identify the\ud
emerging threats due to mobility of data and change of roles, because they\ud
do not include the mobility of IT systems nor the organizational dynamics\ud
in the security model. Researchers have proposed security models that\ud
particularly focus on data mobility and the dynamics of modern organizations,\ud
such as frequent role changes of a person. We show that none\ud
of the current security models simultaneously considers the data mobility\ud
and organizational dynamics to a satisfactory extent. As a result, none\ud
of the current security models effectively identifies the potential security\ud
threats caused by data mobility in a dynamic organization
Exploring the Design of Pay-Per-Use Objects in the Construction Domain
Equipment used in the construction domain is often hired in order to reduce cost and maintenance overhead. The cost of hire is dependent on the time period involved and does not take into account the actual use equipment has received. This paper presents our initial investigation into how physical objects augmented with sensing and communication technologies can measure use in order to enable new pay-per-use payment models for equipment hire. We also explore user interaction with pay-per-use objects via mobile devices. The user interactions that take place within our prototype scenario range from simple information access to transactions involving multiple users. This paper presents the design, implementation and evaluation of a prototype pay-per-use system motivated by a real world equipment hire scenario. We also provide insights into the various challenges introduced by supporting a pay-per-use model, including data storage and data security in addition to user interaction issues
Modeling IoT-aware Business Processes - A State of the Art Report
This research report presents an analysis of the state of the art of modeling
Internet of Things (IoT)-aware business processes. IOT links the physical world
to the digital world. Traditionally, we would find information about events and
processes in the physical world in the digital world entered by humans and
humans using this information to control the physical world. In the IoT
paradigm, the physical world is equipped with sensors and actuators to create a
direct link with the digital world. Business processes are used to coordinate a
complex environment including multiple actors for a common goal, typically in
the context of administrative work. In the past few years, we have seen
research efforts on the possibilities to model IoT- aware business processes,
extending process coordination to real world entities directly. This set of
research efforts is relatively small when compared to the overall research
effort into the IoT and much of the work is still in the early research stage.
To create a basis for a bridge between IoT and BPM, the goal of this report is
to collect and analyze the state of the art of existing frameworks for modeling
IoT-aware business processes.Comment: 42 page
Benefits of Location-Based Access Control:A Literature Study
Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud
attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud
the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud
first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud
(i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud
(iii) formulating design criteria for facilities and working environments for optimal LBAC usage
Technology enhanced interaction framework
This paper focuses on the development of a general interaction framework to help design technology to support communication between people and improve interactions between people, technology and objects, particularly in complex situations. A review of existing interaction frameworks shows that none of them help technology designers and developers to consider all of the possible interactions that occur at the same time and in the same place. The main and sub-components of the framework are described and explained and examples are given for each type of interaction. Work is now in progress to provide designers with an easy to use tool that helps them apply the framework to create technology solutions to complex communication and interaction problems and situations
PlaceRaider: Virtual Theft in Physical Spaces with Smartphones
As smartphones become more pervasive, they are increasingly targeted by
malware. At the same time, each new generation of smartphone features
increasingly powerful onboard sensor suites. A new strain of sensor malware has
been developing that leverages these sensors to steal information from the
physical environment (e.g., researchers have recently demonstrated how malware
can listen for spoken credit card numbers through the microphone, or feel
keystroke vibrations using the accelerometer). Yet the possibilities of what
malware can see through a camera have been understudied. This paper introduces
a novel visual malware called PlaceRaider, which allows remote attackers to
engage in remote reconnaissance and what we call virtual theft. Through
completely opportunistic use of the camera on the phone and other sensors,
PlaceRaider constructs rich, three dimensional models of indoor environments.
Remote burglars can thus download the physical space, study the environment
carefully, and steal virtual objects from the environment (such as financial
documents, information on computer monitors, and personally identifiable
information). Through two human subject studies we demonstrate the
effectiveness of using mobile devices as powerful surveillance and virtual
theft platforms, and we suggest several possible defenses against visual
malware
- …