95 research outputs found
Improvement on PDP Evaluation Performance Based on Neural Networks and SGDK-means Algorithm
With the purpose of improving the PDP (policy decision point) evaluation performance, a novel and efficient evaluation engine, namely XDNNEngine, based on neural networks and an SGDK-means (stochastic gradient descent K-means) algorithm is proposed. We divide a policy set into different clusters, distinguish different rules based on their own features and label them for the training of neural networks by using the K-means algorithm and an asynchronous SGDK-means algorithm. Then, we utilize neural networks to search for the applicable rule. A quantitative neural network is introduced to reduce a serverâs computational cost. By simulating the arrival of requests, XDNNEngine is compared with the Sun PDP, XEngine and SBA-XACML. Experimental results show that 1) if the number of requests reaches 10,000, the evaluation time of XDNNEngine on the large-scale policy set with 10,000 rules is approximately 2.5 ms, and 2) in the same condition as 1), the evaluation time of XDNNEngine is reduced by 98.27%, 90.36% and 84.69%, respectively, over that of the Sun PDP, XEngine and SBA-XACML
Recommended from our members
The National Transport Data Framework
Report by Professor Peter Landshoff (Cambridge University) and
Professor John Polak (Imperial College London) on a project for
the Department for Transport.
emails: [email protected] [email protected] NTDF is designed to be a resource for data owners to deposit descriptions
into a central catalogue, so that people can search for data and find data
and understand their characteristics. The value of this is to individuals, to
commercial organizations, and to public bodies. For example, services that
provide better information to travellers will help to make their journey
less stressful and persuade them to make more use of public transport.
Transport operators need very diverse information to help them
plan developments to their services: demographic, geographical, economic etc.
And policy makers need a similar range of information to help them decide
how to divide their budget and afterwards to evaluate how valuable it has
been.This work was supported by the Department for Transport (DfT)
A survey of secure middleware for the Internet of Things
The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area
Tutorial: Identity Management Systems and Secured Access Control
Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Todayâs computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions
Privacy-enhanced network monitoring
This PhD dissertation investigates two necessary means that are required for
building privacy-enhanced network monitoring systems: a policy-based privacy
or confidentiality enforcement technology; and metrics measuring leakage
of private or confidential information to verify and improve these policies.
The privacy enforcement mechanism is based on fine-grained access
control and reversible anonymisation of XML data to limit or control access
to sensitive information from the monitoring systems.
The metrics can be used to support a continuous improvement process, by
quantifying leakages of private or confidential information, locating where
they are, and proposing how these leakages can be mitigated. The planned
actions can be enforced by applying a reversible anonymisation policy, or
by removing the source of the information leakages. The metrics can subsequently
verify that the planned privacy enforcement scheme works as intended.
Any significant deviations from the expected information leakage can
be used to trigger further improvement actions. The most significant results
from the dissertation are:
a privacy leakage metric based on the entropy standard deviation of
given data (for example IDS alarms), which measures how much sensitive
information that is leaking and where these leakages occur;
a proxy offering policy-based reversible anonymisation of information
in XML-based web services. The solution supports multi-level security,
so that only authorised stakeholders can get access to sensitive information;
a methodology which combines privacy metrics with the reversible anonymisation
scheme to support a continuous improvement process with reduced
leakage of private or confidential information over time.
This can be used to improve management of private or confidential information
where managed security services have been outsourced to semi-trusted
parties, for example for outsourced managed security services monitoring
health institutions or critical infrastructures. The solution is based on relevant
standards to ensure backwards compatibility with existing intrusion detection
systems and alarm databases
Conflict detection in software-defined networks
The SDN architecture facilitates the flexible deployment of network functions. While promoting innovation, this architecture induces yet a higher chance of conflicts compared to conventional networks. The detection of conflicts in SDN is the focus of this work.
Restrictions of the formal analytical approach drive our choice of an experimental approach, in which we determine a parameter space and a methodology to perform experiments. We have created a dataset covering a number of situations occurring in SDN. The investigation of the dataset yields a conflict taxonomy composed of various classes organized in three broad types: local, distributed and hidden conflicts. Interestingly, hidden conflicts caused by side-effects of control applicationsâ behaviour are completely new.
We introduce the new concept of multi-property set, and the ¡r (âdot râ) operator for the effective comparison of SDN rules. With these capable means, we present algorithms to detect conflicts and develop a conflict detection prototype. The evaluation of the prototype justifies the correctness and the realizability of our proposed concepts and methodologies for classifying as well as for detecting conflicts.
Altogether, our work establishes a foundation for further conflict handling efforts in SDN, e.g., conflict resolution and avoidance. In addition, we point out challenges to be explored.
Cuong Tran won the DAAD scholarship for his doctoral research at the Munich Network Management Team, Ludwig-Maximilians-Universität Mßnchen, and achieved the degree in 2022. He loves to do research on policy conflicts in networked systems, IP multicast and alternatives, network security, and virtualized systems. Besides, teaching and sharing are also among his interests
- âŚ