371,872 research outputs found
A Logical Approach to Cloud Federation
Federated clouds raise a variety of challenges for managing identity,
resource access, naming, connectivity, and object access control. This paper
shows how to address these challenges in a comprehensive and uniform way using
a data-centric approach. The foundation of our approach is a trust logic in
which participants issue authenticated statements about principals, objects,
attributes, and relationships in a logic language, with reasoning based on
declarative policy rules. We show how to use the logic to implement a trust
infrastructure for cloud federation that extends the model of NSF GENI, a
federated IaaS testbed. It captures shared identity management, GENI authority
services, cross-site interconnection using L2 circuits, and a naming and access
control system similar to AWS Identity and Access Management (IAM), but
extended to a federated system without central control
Elements of Trust in Named-Data Networking
In contrast to today's IP-based host-oriented Internet architecture,
Information-Centric Networking (ICN) emphasizes content by making it directly
addressable and routable. Named Data Networking (NDN) architecture is an
instance of ICN that is being developed as a candidate next-generation Internet
architecture. By opportunistically caching content within the network (in
routers), NDN appears to be well-suited for large-scale content distribution
and for meeting the needs of increasingly mobile and bandwidth-hungry
applications that dominate today's Internet.
One key feature of NDN is the requirement for each content object to be
digitally signed by its producer. Thus, NDN should be, in principle, immune to
distributing fake (aka "poisoned") content. However, in practice, this poses
two challenges for detecting fake content in NDN routers: (1) overhead due to
signature verification and certificate chain traversal, and (2) lack of trust
context, i.e., determining which public keys are trusted to verify which
content. Because of these issues, NDN does not force routers to verify content
signatures, which makes the architecture susceptible to content poisoning
attacks.
This paper explores root causes of, and some cures for, content poisoning
attacks in NDN. In the process, it becomes apparent that meaningful mitigation
of content poisoning is contingent upon a network-layer trust management
architecture, elements of which we construct while carefully justifying
specific design choices. This work represents the initial effort towards
comprehensive trust management for NDN.Comment: 9 pages, 2 figure
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Decentralized Trust Management: Risk Analysis and Trust Aggregation
Decentralized trust management is used as a referral benchmark for assisting
decision making by human or intelligence machines in open collaborative
systems. During any given period of time, each participant may only interact
with a few of other participants. Simply relying on direct trust may frequently
resort to random team formation. Thus, trust aggregation becomes critical. It
can leverage decentralized trust management to learn about indirect trust of
every participant based on past transaction experiences. This paper presents
alternative designs of decentralized trust management and their efficiency and
robustness from three perspectives. First, we study the risk factors and
adverse effects of six common threat models. Second, we review the
representative trust aggregation models and trust metrics. Third, we present an
in-depth analysis and comparison of these reference trust aggregation methods
with respect to effectiveness and robustness. We show our comparative study
results through formal analysis and experimental evaluation. This comprehensive
study advances the understanding of adverse effects of present and future
threats and the robustness of different trust metrics. It may also serve as a
guideline for research and development of next generation trust aggregation
algorithms and services in the anticipation of risk factors and mischievous
threats
PKI in Government Identity Management Systems
The purpose of this article is to provide an overview of the PKI project
initiated part of the UAE national ID card program. It primarily shows the
operational model of the PKI implementation that is indented to integrate the
federal government identity management infrastructure with e-government
initiatives owners in the country. It also explicates the agreed structure of
the major components in relation to key stakeholders; represented by federal
and local e-government authorities, financial institutions, and other
organizations in both public and private sectors. The content of this article
is believed to clarify some of the misconceptions about PKI implementation in
national ID schemes, and explain how the project is envisaged to encourage the
diffusion of e-government services in the United Arab Emirates. The study
concludes that governments in the Middle East region have the trust in PKI
technology to support their e-government services and expanding outreach and
population trust, if of course accompanied by comprehensive digital laws and
policies.Comment: 28 pages, 9 figures, 3 table
A Comprehensive Bison Management and Research Plan for the Crane Trust
The Great Plains were once a vast grassland ecosystem, but, due to agricultural and human development, are one of the most endangered ecosystems in North America. What remains is generally fragmented, threatened by invasive species, and lacks the natural ecosystem processes that shaped these grasslands such as periodic wildfire and bison grazing. Since 1978, the Platte River Whooping Crane Maintenance Trust, Inc. (dba “Crane Trust”) has worked to maintain the function of grassland and riparian habitats to benefit endangered Whooping Cranes, Sandhill Cranes, and other migratory bird species. They protect ~8,100 acres, including the largest contiguous portion of lowland tallgrass prairie and wet meadow remaining along the Central Platte River in southcentral Nebraska. To manage their prairie ecosystems, the Crane Trust mimics natural disturbances to create a diverse mosaic of habitat structure on the landscape, supporting hundreds of grassland-obligate species. The Crane Trust piloted bison reintroduction with a small bison herd loaned throughout 2013- 2014. After a successful pilot period, the Crane Trust purchased and reintroduced forty-one American bison (Bison bison) in 2015 within a portion of their protected land. Their primary goal was to restore the functional services of bison as “ecosystem engineers”. They sought to allow bison grazing patterns to create structural heterogeneity on the landscape for the betterment migratory bird species and other grassland taxa. Beyond using bison as a management tool, the Crane Trust also sought to contribute to the continental effort to recover and research bison, while developing ways to make the herd economically self-sustaining. Though the Crane Trust has made great contributions to these goals, the various components of the bison program had yet to be synthesized into one cohesive plan, direction, and vision. The Crane Trust bison program has reached a point of relative stability, creating an opportunity to develop a reasonable long-term outlook for the bison program. This Bison Management and Research Plan (the plan) was created to document the current status, vision, goals, and practices of the Crane Trust’s bison program using conservation literature, internal records and research, and coordinated planning meetings with members of the Natural Resource Team. The creation of habitat structure can be facilitated using methods such as patch-burn-grazing and encouraging bison movement and herbivory throughout the landscape. However, invasive species and woody encroachment need to be addressed through more intensive management practices before bison are allowed to freely graze throughout their range. Like many small, conservation-oriented herds, the Crane Trust bison are spatially limited, contained within a fenced boundary. Likewise, several species that once interacted ecologically with bison, like wolves and prairie dogs, are no longer present on the landscape. These limitations to ecological function have precluded small herds from several bison recovery conversations. However, there are several advantages and opportunities for bison herds like the Crane Trust’s. This plan demonstrates the adaptability of small conservation herds. These herds provide unique opportunities for research and serve as a laboratory of bison practice. The Crane Trust has already advanced the scientific understanding of bison behavior, health, and ecology through published research conducted on their lands. Long-term monitoring, record keeping, and cooperative partnerships have and will continue to be pivotal for the Crane Trust’s scientific capacity for bison research.
The Crane Trust is in an opportune position to contribute to the genetic, health, and cultural recovery of bison as a species. Through their genetic monitoring and management strategies, the herd is producing bison calves with high genetic diversity. These gains in diversity are largely due to a strategy of introducing young bulls that are genetically dissimilar to the current Crane Trust bison herd. The Crane Trust needs to consider retaining some of their female bison calves to preserve the genetic heritage of the herd and maintain a relatively young cow herd poised for high annual production. To maximize the Crane Trust’s role in genetic recovery of the species, efforts need to be made to distribute genetically diverse bison calves born at the Crane Trust to other conservation herds. There are several diseases that threaten bison conservation and recovery. Diseases such as Brucellosis and Mycoplasmosis threaten bison at a continental scale, while disease like Anthrax and Pink Eye are more localized concerns for the Crane Trust herd. Despite these concerns, the bison herd has not experienced an outbreak of any fatal diseases and remains relatively healthy. In an effort to preserve their “wild” nature, the Crane Trust limits human intervention in the health of bison to maintain the processes of natural selection. However, some intervention may be warranted, particularly if health concerns exceed that of the individual and threaten the herd as a whole. Standard practices for body condition scoring, record keeping, necropsy, and quarantine procedures within the plan will be used to monitor the health and productivity of the bison. The accessibility of the Crane Trust bison provides an opportunity to build cultural and community connections. The Crane Trust’s Nature and Visitor Center attracts thousands of visitors each spring to witness the Sandhill Crane migration and has been used as the interface between the public and the landscape, raising awareness for conservation needs and educational engagement. Reintroduction of bison on the landscape has attracted visitors outside of the spring migration, and they have become “prairie ambassadors” for the Crane Trust. Programing and educational curricula need to be developed around bison, their recovery, and their relationship to grassland and human dimensions. Bison also play an important role in many indigenous cultures and we hope to support the cultural recovery of the Bison through friendships and partnerships with regional Tribal Communities. The reintroduction of bison to the Crane Trust has provided a diverse grassland structure and suitable habitat for a wide-range of grassland species. As long-term ecological data is evaluated, the picture of bison’s ecological role within the grasslands of Nebraska and along the Platte River will become clearer. Likewise, the value of small, conservation herds to the recovery of the bison species has yet to be fully recognized. The Crane Trust’s bison plan is a testament to the organization’s commitment to realizing the potential of bison reintroduction on small to medium scales. Goal 1: Improve ecosystem structure and function by reintroducing bison as a keystone species to enhance the diversity of the native prairie and wet meadow ecosystem along the Platte River. Goal 2: Support the genetic recovery of bison in North America and provide a model of genetic diversity management. Goal 3: Maintain bison well-being with limited human intervention and develop standard operating procedures to monitor bison health while maintaining the safety of bison and bison handlers. Goal 4: Improve outreach and education efforts, contributing to the cultural significance of bison by impressing the story of their extinction and recovery, and the need to conserve native habitats similarly on to visitors and the community. Goal 5: Develop strategies of long-term economic sustainability for the bison program using ecologically sound culling decisions
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
Massachusetts Prevention and Wellness Trust Fund
The Prevention and Wellness Trust Fund (PWTF) of Massachusetts healthcare reform legislation (Section 60 of Chapter 224of the Acts of 2012) seeks to "reduce health care costs by preventing chronic conditions." It is designed to address four priority chronic conditions including pediatric asthma. The pediatric asthma program activities include Care Management for High-Risk Asthma Patients; Home-Based Multi-Trigger, Multi-Component Intervention (minimum of three home visits, asthma self-management and education, trigger remediation supplies, environmental services); Comprehensive SchoolBased Asthma Management Programs; Comprehensive Head Start-Based Asthma Management Programs; and Asthma Self-Management in Primary Care. In 2014, nine communities have been funded to be PWTF sites: Six offer pediatric asthma interventions, and five have initiated home-based asthma visits.
MANAGING UNKNOWN-UNKNOWNS IN CYBER-SECURITY
Techniques are described herein for managing unknown-unknowns in cyber-security. Trust degradation is a precursor index to failure. The use cases of scoring the trust degradation in a system span to almost every aspect in networking, edge and cloud included. A well devised Trust Evaluation Function (TEF) will cover many use cases: for example (1) better and adaptive private key management (e.g., re-keying); (2) better and adaptive end user experience password management and its fine grain monitoring in a data center; (3) better and adaptive digital asset certifications; (4) troubleshooting; and (5) real-time scalability and risk assessment for extremely large network, for example in federated cloud environment. The features of a digital trust scoring will start to reflect the likelihood of erosion of trust created on day 0. Platform independency is achieved when the score is a degradation of the trust and not the trust value alone. A trust value may start erroneously, but the rate of change may lead to continuous evaluation. Therefore, the originating trust is set as a prior. Erosion will thus work with time against the assumed original trust. In the example of an expiration date or a combinatorial complexity erosion of a private key, the realization of a trust erosion is not a Boolean fail pass type, but a relative factor number. On a comprehensive integrated analytical dashboard, the trust factor produces the percent life left of given a digital secret
Essential requirements for establishing and operating data trusts: practical guidance based on a working meeting of fifteen Canadian organizations and initiatives
Introduction: Increasingly, the label data trust is being applied to
repeatable mechanisms or approaches to sharing data in a timely, fair, safe and
equitable way. However, there is a gap in terms of practical guidance about how
to establish and operate a data trust.
Aim and Approach: In December 2019, the Canadian Institute for Health
Information and the Vector Institute for Artificial Intelligence convened a
working meeting of 19 people representing 15 Canadian organizations/initiatives
involved in data sharing, most of which focus on public sector health data. The
objective was to identify essential requirements for the establishment and
operation of data trusts. Preliminary findings were presented during the
meeting then refined as participants and co-authors identified relevant
literature and contributed to this manuscript.
Results: Twelve (12) minimum specification requirements (min specs) for data
trusts were identified. The foundational min spec is that data trusts must meet
all legal requirements, including legal authority to collect, hold or share
data. In addition, there was agreement that data trusts must have (i) an
accountable governing body which ensures the data trust advances its stated
purpose and is transparent, (ii) comprehensive data management including
responsible parties and clear processes for the collection, storage, access,
disclosure and use of data, (iii) training and accountability requirements for
all data users and (iv) ongoing public and stakeholder engagement.
Conclusion / Implications: Based on a review of the literature and advice
from participants from 15 Canadian organizations/initiatives, practical
guidance in the form of twelve min specs for data trusts were agreed on. Public
engagement and continued exchange of insights and experience is recommended on
this evolving topic.Comment: 17 pages including references, 1 text bo
- …