13,278 research outputs found
Recommended from our members
An architecture for certification-aware service discovery
Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation - such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment - are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. To close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domain specific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics
Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers
In order to counter forgeries of tickets for public transport or mass events,
a method to validate them, using printed unique random pattern markers was
developed. These markers themselves are unforgeable by their physically random
distribution. To assure their authenticity, however, they have to be
cryptographically protected and equipped with an environment for successful
validation, combining physical and cyber security protection. This paper
describes an architecture for cryptographically protecting these markers, which
are stored in Aztec codes on physical tickets, in order to assure that only an
authorized printer can generate a valid Aztec code of such a pattern, thus
providing forge protection in combination with the randomness and uniqueness of
the pattern. Nevertheless, the choice of the signature algorithm is heavily
constrained by the sizes of the pattern, ticket provider data, metadata and the
signature confronted by the data volume the code hold. Therefore, this paper
also defines an example for a signature layout for the proposed architecture.
This allows for a lightweight ticket validation system that is both physically
and cryptographically secured to form a smart solution for mass access
verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure
Fine Grained Component Engineering of Adaptive Overlays: Experiences and Perspectives
Recent years have seen significant research being carried out into peer-to-peer (P2P) systems. This work has focused on the styles and applications of P2P computing, from grid computation to content distribution; however, little investigation has been performed into how these systems are built. Component based engineering is an approach that has seen successful deployment in the field of middleware development; functionality is encapsulated in âbuilding blocksâ that can be dynamically plugged together to form complete systems. This allows efficient, flexible and adaptable systems to be built with lower overhead and development complexity. This paper presents an investigation into the potential of using component based engineering in the design and construction of peer-to-peer overlays. It is highlighted that the quality of these properties is dictated by the component architecture used to implement the system. Three reusable decomposition architectures are designed and evaluated using Chord and Pastry case studies. These demonstrate that significant improvements can be made over traditional design approaches resulting in much more reusable, (re)configurable and extensible systems
- âŚ