A Logical Approach to Cloud Federation

Federated clouds raise a variety of challenges for managing identity, resource access, naming, connectivity, and object access control. This paper shows how to address these challenges in a comprehensive and uniform way using a data-centric approach. The foundation of our approach is a trust logic in which participants issue authenticated statements about principals, objects, attributes, and relationships in a logic language, with reasoning based on declarative policy rules. We show how to use the logic to implement a trust infrastructure for cloud federation that extends the model of NSF GENI, a federated IaaS testbed. It captures shared identity management, GENI authority services, cross-site interconnection using L2 circuits, and a naming and access control system similar to AWS Identity and Access Management (IAM), but extended to a federated system without central control

Elements of Trust in Named-Data Networking

In contrast to today's IP-based host-oriented Internet architecture, Information-Centric Networking (ICN) emphasizes content by making it directly addressable and routable. Named Data Networking (NDN) architecture is an instance of ICN that is being developed as a candidate next-generation Internet architecture. By opportunistically caching content within the network (in routers), NDN appears to be well-suited for large-scale content distribution and for meeting the needs of increasingly mobile and bandwidth-hungry applications that dominate today's Internet. One key feature of NDN is the requirement for each content object to be digitally signed by its producer. Thus, NDN should be, in principle, immune to distributing fake (aka "poisoned") content. However, in practice, this poses two challenges for detecting fake content in NDN routers: (1) overhead due to signature verification and certificate chain traversal, and (2) lack of trust context, i.e., determining which public keys are trusted to verify which content. Because of these issues, NDN does not force routers to verify content signatures, which makes the architecture susceptible to content poisoning attacks. This paper explores root causes of, and some cures for, content poisoning attacks in NDN. In the process, it becomes apparent that meaningful mitigation of content poisoning is contingent upon a network-layer trust management architecture, elements of which we construct while carefully justifying specific design choices. This work represents the initial effort towards comprehensive trust management for NDN.Comment: 9 pages, 2 figure

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Decentralized Trust Management: Risk Analysis and Trust Aggregation

Decentralized trust management is used as a referral benchmark for assisting decision making by human or intelligence machines in open collaborative systems. During any given period of time, each participant may only interact with a few of other participants. Simply relying on direct trust may frequently resort to random team formation. Thus, trust aggregation becomes critical. It can leverage decentralized trust management to learn about indirect trust of every participant based on past transaction experiences. This paper presents alternative designs of decentralized trust management and their efficiency and robustness from three perspectives. First, we study the risk factors and adverse effects of six common threat models. Second, we review the representative trust aggregation models and trust metrics. Third, we present an in-depth analysis and comparison of these reference trust aggregation methods with respect to effectiveness and robustness. We show our comparative study results through formal analysis and experimental evaluation. This comprehensive study advances the understanding of adverse effects of present and future threats and the robustness of different trust metrics. It may also serve as a guideline for research and development of next generation trust aggregation algorithms and services in the anticipation of risk factors and mischievous threats

PKI in Government Identity Management Systems

The purpose of this article is to provide an overview of the PKI project initiated part of the UAE national ID card program. It primarily shows the operational model of the PKI implementation that is indented to integrate the federal government identity management infrastructure with e-government initiatives owners in the country. It also explicates the agreed structure of the major components in relation to key stakeholders; represented by federal and local e-government authorities, financial institutions, and other organizations in both public and private sectors. The content of this article is believed to clarify some of the misconceptions about PKI implementation in national ID schemes, and explain how the project is envisaged to encourage the diffusion of e-government services in the United Arab Emirates. The study concludes that governments in the Middle East region have the trust in PKI technology to support their e-government services and expanding outreach and population trust, if of course accompanied by comprehensive digital laws and policies.Comment: 28 pages, 9 figures, 3 table

A Comprehensive Bison Management and Research Plan for the Crane Trust

The Great Plains were once a vast grassland ecosystem, but, due to agricultural and human development, are one of the most endangered ecosystems in North America. What remains is generally fragmented, threatened by invasive species, and lacks the natural ecosystem processes that shaped these grasslands such as periodic wildfire and bison grazing. Since 1978, the Platte River Whooping Crane Maintenance Trust, Inc. (dba “Crane Trust”) has worked to maintain the function of grassland and riparian habitats to benefit endangered Whooping Cranes, Sandhill Cranes, and other migratory bird species. They protect ~8,100 acres, including the largest contiguous portion of lowland tallgrass prairie and wet meadow remaining along the Central Platte River in southcentral Nebraska. To manage their prairie ecosystems, the Crane Trust mimics natural disturbances to create a diverse mosaic of habitat structure on the landscape, supporting hundreds of grassland-obligate species. The Crane Trust piloted bison reintroduction with a small bison herd loaned throughout 2013- 2014. After a successful pilot period, the Crane Trust purchased and reintroduced forty-one American bison (Bison bison) in 2015 within a portion of their protected land. Their primary goal was to restore the functional services of bison as “ecosystem engineers”. They sought to allow bison grazing patterns to create structural heterogeneity on the landscape for the betterment migratory bird species and other grassland taxa. Beyond using bison as a management tool, the Crane Trust also sought to contribute to the continental effort to recover and research bison, while developing ways to make the herd economically self-sustaining. Though the Crane Trust has made great contributions to these goals, the various components of the bison program had yet to be synthesized into one cohesive plan, direction, and vision. The Crane Trust bison program has reached a point of relative stability, creating an opportunity to develop a reasonable long-term outlook for the bison program. This Bison Management and Research Plan (the plan) was created to document the current status, vision, goals, and practices of the Crane Trust’s bison program using conservation literature, internal records and research, and coordinated planning meetings with members of the Natural Resource Team. The creation of habitat structure can be facilitated using methods such as patch-burn-grazing and encouraging bison movement and herbivory throughout the landscape. However, invasive species and woody encroachment need to be addressed through more intensive management practices before bison are allowed to freely graze throughout their range. Like many small, conservation-oriented herds, the Crane Trust bison are spatially limited, contained within a fenced boundary. Likewise, several species that once interacted ecologically with bison, like wolves and prairie dogs, are no longer present on the landscape. These limitations to ecological function have precluded small herds from several bison recovery conversations. However, there are several advantages and opportunities for bison herds like the Crane Trust’s. This plan demonstrates the adaptability of small conservation herds. These herds provide unique opportunities for research and serve as a laboratory of bison practice. The Crane Trust has already advanced the scientific understanding of bison behavior, health, and ecology through published research conducted on their lands. Long-term monitoring, record keeping, and cooperative partnerships have and will continue to be pivotal for the Crane Trust’s scientific capacity for bison research. The Crane Trust is in an opportune position to contribute to the genetic, health, and cultural recovery of bison as a species. Through their genetic monitoring and management strategies, the herd is producing bison calves with high genetic diversity. These gains in diversity are largely due to a strategy of introducing young bulls that are genetically dissimilar to the current Crane Trust bison herd. The Crane Trust needs to consider retaining some of their female bison calves to preserve the genetic heritage of the herd and maintain a relatively young cow herd poised for high annual production. To maximize the Crane Trust’s role in genetic recovery of the species, efforts need to be made to distribute genetically diverse bison calves born at the Crane Trust to other conservation herds. There are several diseases that threaten bison conservation and recovery. Diseases such as Brucellosis and Mycoplasmosis threaten bison at a continental scale, while disease like Anthrax and Pink Eye are more localized concerns for the Crane Trust herd. Despite these concerns, the bison herd has not experienced an outbreak of any fatal diseases and remains relatively healthy. In an effort to preserve their “wild” nature, the Crane Trust limits human intervention in the health of bison to maintain the processes of natural selection. However, some intervention may be warranted, particularly if health concerns exceed that of the individual and threaten the herd as a whole. Standard practices for body condition scoring, record keeping, necropsy, and quarantine procedures within the plan will be used to monitor the health and productivity of the bison. The accessibility of the Crane Trust bison provides an opportunity to build cultural and community connections. The Crane Trust’s Nature and Visitor Center attracts thousands of visitors each spring to witness the Sandhill Crane migration and has been used as the interface between the public and the landscape, raising awareness for conservation needs and educational engagement. Reintroduction of bison on the landscape has attracted visitors outside of the spring migration, and they have become “prairie ambassadors” for the Crane Trust. Programing and educational curricula need to be developed around bison, their recovery, and their relationship to grassland and human dimensions. Bison also play an important role in many indigenous cultures and we hope to support the cultural recovery of the Bison through friendships and partnerships with regional Tribal Communities. The reintroduction of bison to the Crane Trust has provided a diverse grassland structure and suitable habitat for a wide-range of grassland species. As long-term ecological data is evaluated, the picture of bison’s ecological role within the grasslands of Nebraska and along the Platte River will become clearer. Likewise, the value of small, conservation herds to the recovery of the bison species has yet to be fully recognized. The Crane Trust’s bison plan is a testament to the organization’s commitment to realizing the potential of bison reintroduction on small to medium scales. Goal 1: Improve ecosystem structure and function by reintroducing bison as a keystone species to enhance the diversity of the native prairie and wet meadow ecosystem along the Platte River. Goal 2: Support the genetic recovery of bison in North America and provide a model of genetic diversity management. Goal 3: Maintain bison well-being with limited human intervention and develop standard operating procedures to monitor bison health while maintaining the safety of bison and bison handlers. Goal 4: Improve outreach and education efforts, contributing to the cultural significance of bison by impressing the story of their extinction and recovery, and the need to conserve native habitats similarly on to visitors and the community. Goal 5: Develop strategies of long-term economic sustainability for the bison program using ecologically sound culling decisions

DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST

Massachusetts Prevention and Wellness Trust Fund

The Prevention and Wellness Trust Fund (PWTF) of Massachusetts healthcare reform legislation (Section 60 of Chapter 224of the Acts of 2012) seeks to "reduce health care costs by preventing chronic conditions." It is designed to address four priority chronic conditions including pediatric asthma. The pediatric asthma program activities include Care Management for High-Risk Asthma Patients; Home-Based Multi-Trigger, Multi-Component Intervention (minimum of three home visits, asthma self-management and education, trigger remediation supplies, environmental services); Comprehensive SchoolBased Asthma Management Programs; Comprehensive Head Start-Based Asthma Management Programs; and Asthma Self-Management in Primary Care. In 2014, nine communities have been funded to be PWTF sites: Six offer pediatric asthma interventions, and five have initiated home-based asthma visits.

MANAGING UNKNOWN-UNKNOWNS IN CYBER-SECURITY

Techniques are described herein for managing unknown-unknowns in cyber-security. Trust degradation is a precursor index to failure. The use cases of scoring the trust degradation in a system span to almost every aspect in networking, edge and cloud included. A well devised Trust Evaluation Function (TEF) will cover many use cases: for example (1) better and adaptive private key management (e.g., re-keying); (2) better and adaptive end user experience password management and its fine grain monitoring in a data center; (3) better and adaptive digital asset certifications; (4) troubleshooting; and (5) real-time scalability and risk assessment for extremely large network, for example in federated cloud environment. The features of a digital trust scoring will start to reflect the likelihood of erosion of trust created on day 0. Platform independency is achieved when the score is a degradation of the trust and not the trust value alone. A trust value may start erroneously, but the rate of change may lead to continuous evaluation. Therefore, the originating trust is set as a prior. Erosion will thus work with time against the assumed original trust. In the example of an expiration date or a combinatorial complexity erosion of a private key, the realization of a trust erosion is not a Boolean fail pass type, but a relative factor number. On a comprehensive integrated analytical dashboard, the trust factor produces the percent life left of given a digital secret

Essential requirements for establishing and operating data trusts: practical guidance based on a working meeting of fifteen Canadian organizations and initiatives

Introduction: Increasingly, the label data trust is being applied to repeatable mechanisms or approaches to sharing data in a timely, fair, safe and equitable way. However, there is a gap in terms of practical guidance about how to establish and operate a data trust. Aim and Approach: In December 2019, the Canadian Institute for Health Information and the Vector Institute for Artificial Intelligence convened a working meeting of 19 people representing 15 Canadian organizations/initiatives involved in data sharing, most of which focus on public sector health data. The objective was to identify essential requirements for the establishment and operation of data trusts. Preliminary findings were presented during the meeting then refined as participants and co-authors identified relevant literature and contributed to this manuscript. Results: Twelve (12) minimum specification requirements (min specs) for data trusts were identified. The foundational min spec is that data trusts must meet all legal requirements, including legal authority to collect, hold or share data. In addition, there was agreement that data trusts must have (i) an accountable governing body which ensures the data trust advances its stated purpose and is transparent, (ii) comprehensive data management including responsible parties and clear processes for the collection, storage, access, disclosure and use of data, (iii) training and accountability requirements for all data users and (iv) ongoing public and stakeholder engagement. Conclusion / Implications: Based on a review of the literature and advice from participants from 15 Canadian organizations/initiatives, practical guidance in the form of twelve min specs for data trusts were agreed on. Public engagement and continued exchange of insights and experience is recommended on this evolving topic.Comment: 17 pages including references, 1 text bo