Cloud transactions and caching for improved performance in clouds and DTNs

In distributed transactional systems deployed over some massively decentralized cloud servers, access policies are typically replicated. Interdependencies ad inconsistencies among policies need to be addressed as they can affect performance, throughput and accuracy. Several stringent levels of policy consistency constraints and enforcement approaches to guarantee the trustworthiness of transactions on cloud servers are proposed. We define a look-up table to store policy versions and the concept of Tree-Based Consistency approach to maintain a tree structure of the servers. By integrating look-up table and the consistency tree based approach, we propose an enhanced version of Two-phase validation commit (2PVC) protocol integrated with the Paxos commit protocol with reduced or almost the same performance overhead without affecting accuracy and precision. A new caching scheme has been proposed which takes into consideration Military/Defense applications of Delay-tolerant Networks (DTNs) where data that need to be cached follows a whole different priority levels. In these applications, data popularity can be defined not only based on request frequency, but also based on the importance like who created and ranked point of interests in the data, when and where it was created; higher rank data belonging to some specific location may be more important though frequency of those may not be higher than more popular lower priority data. Thus, our caching scheme is designed by taking different requirements into consideration for DTN networks for defense applications. The performance evaluation shows that our caching scheme reduces the overall access latency, cache miss and usage of cache memory when compared to using caching schemes --Abstract, page iv

An Optimistic Mandatory Access Control Model for Distributed Collaborative Editors

Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a Mandatory Access Control (MAC) based on replicating the shared document and its authorization policy at the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique where enforcement of authorizations is retroactive. We show that naive coordination between updates of both copies can create security hole on the shared document by permitting illegal modification, or rejecting legal modification. Finally, we present a novel framework for managing authorizations in collaborative editing work which may be deployed easily on P2P networks

BALANCING PRIVACY, PRECISION AND PERFORMANCE IN DISTRIBUTED SYSTEMS

Privacy, Precision, and Performance (3Ps) are three fundamental design objectives in distributed systems. However, these properties tend to compete with one another and are not considered absolute properties or functions. They must be defined and justified in terms of a system, its resources, stakeholder concerns, and the security threat model. To date, distributed systems research has only considered the trade-offs of balancing privacy, precision, and performance in a pairwise fashion. However, this dissertation formally explores the space of trade-offs among all 3Ps by examining three representative classes of distributed systems, namely Wireless Sensor Networks (WSNs), cloud systems, and Data Stream Management Systems (DSMSs). These representative systems support large part of the modern and mission-critical distributed systems. WSNs are real-time systems characterized by unreliable network interconnections and highly constrained computational and power resources. The dissertation proposes a privacy-preserving in-network aggregation protocol for WSNs demonstrating that the 3Ps could be navigated by adopting the appropriate algorithms and cryptographic techniques that are not prohibitively expensive. Next, the dissertation highlights the privacy and precision issues that arise in cloud databases due to the eventual consistency models of the cloud. To address these issues, consistency enforcement techniques across cloud servers are proposed and the trade-offs between 3Ps are discussed to help guide cloud database users on how to balance these properties. Lastly, the 3Ps properties are examined in DSMSs which are characterized by high volumes of unbounded input data streams and strict real-time processing constraints. Within this system, the 3Ps are balanced through a proposed simple and efficient technique that applies access control policies over shared operator networks to achieve privacy and precision without sacrificing the systems performance. Despite that in this dissertation, it was shown that, with the right set of protocols and algorithms, the desirable 3P properties can co-exist in a balanced way in well-established distributed systems, this dissertation is promoting the use of the new 3Ps-by-design concept. This concept is meant to encourage distributed systems designers to proactively consider the interplay among the 3Ps from the initial stages of the systems design lifecycle rather than identifying them as add-on properties to systems

Security Framework for Decentralized Shared Calendars

International audienceWe propose a security framework for Decentralized Shared Calendar. The proposed security framework provides confidentiality to replicated shared calendar events and secures the commu- nication between users. It is designed in such a way that DeSCal preserves all of its characteristic features like fault-tolerance, crash recovery, availability and dynamic access control. It has been implemented on iPhone OS.Nous proposons un protocole de sécurité pour des agendas partagés dont la gestion de données est complètement décentralisée. Dans ce protocole, nous assurons à la fois (i) la confidentialité du contenu répliqué et (ii) la sécurité de communication entre les utilisateurs. Comme nous utilisons une réplication complête de données, notre protocole préserve toutes les caractéristiques d'une telle réplication, à savoir : la tolérance aux pannes et la reprise après panne. Pour valider notre solution, nous avons implémenté un prototype sur des mobiles tournant sous le système iPhone OS

Building National Forest and Land-Use Information Systems: Lessons from Cameroon, Indonesia, and Peru

This working paper examines the institutional, human resources, and financial capacities of three countries that have developed a forest and land-use information system, and highlights common enabling factors and challenges

Database security meets mobile requirements

Mobile work including mobile devices and wireless links comprehends a row of problems concerning security issues like availability, confidentiality, and accountability. Mobile processed information in database systems are distributed, heterogeneous, and replicated. They are endangered by various threats based on user's mobility and restricted mobile resources of portable devices and wireless links. Since mobile circumstances can be very dynamic, standard protection mechanisms do not work very well in such an environment. This paper presents various possibilities of an adaptation in order to dynamically adjust security belonging to changing contexts and to consider characteristics of the data. The purpose is achieving both, suitable protection and saving mobile resources. Keywords Mobile Database Security 1 Mobile Database Security Mobile work using mobile devices and wireless links comprehends a row of problems concerning security issues like availability, confidentiality, integrity..

Sharing Geographic Data: How to Update Distributed or Replicated Data

Geographic data is expensive to collect and maintain and sharing data is crucial for its effective use in urban planning at all levels. For a few hardly ever changing themes the simple distribution of copies of data is feasible, but for other data, access to “live” data and updating, sometimes even distributed updating, of the data is necessary. The organization of sharing data can be separated into three sets of issues: (1) Interpretation: how to understand the data, (2) Authorization: is a user permitted to use the data, and (3) Access: how to achieve effective and non-disturbing use and updating of data by several users? Solutions must take threats into account: hackers may try to steal or disturb the use of data, and the revelations of Snowden's documents only emphasize the danger of others reading data not intended for their eyes. Effective sharing geographic data without conflicts requires integrating results from different areas of computer science research, including at least: cryptography, computer security, database management, and computer networking

An approach to building a secure and persistent distributed object management system

The Common Object Request Broker Architecture (CORBA) proposed by the Object Management Group (OMG) is a widely accepted standard to provide a system level framework in design and implementation of distributed objects. The core of the Object Management Architecture (OMA) is an Object Request Broker (ORB), which provides transparency of object location, activation, and communications. However, the specification provided by the OMG is not sufficient. For instance, there are no security specifications when handling object requests through the ORBs. The lack of such a security service prevents the use of CORBA from handling sensitive data such as personal and corporate financial information; In view of the above, this thesis identifies, explores, and provides an approach to handling secure objects in a distributed environment along with a persistent object service using the CORBA specification. The research specifically involves the design and implementation of a secured distributed object service. This object service requires a persistent service and object storage for storing and retrieving security specific information. To provide a secure distributed object environment, a secure object service using the specifications provided by the OMG has been designed and implemented. In addition, to preserve the persistence of secure information, an object service has been implemented to provide a persistent data store; The secure object service can provide a framework for handling distributed object in applications requiring security clearance such as distributed banking, online stock tradings, internet shopping, geographic and medical information systems

EUAdb: A Resource for COVID-19 Test Development and Comparison

Due to the sheer number of COVID-19 (coronavirus disease 2019) cases there is a need for increased world-wide SARS-CoV-2 testing capability that is both efficient and effective. Having open and easy access to detailed information about these tests, their sensitivity, the types of samples they use, etc. would be highly useful to ensure their reproducibility, to help clients compare and decide which tests would be best suited for their applications, and to avoid costs of reinventing similar or identical tests. Additionally, this resource would provide a means of comparing the many innovative diagnostic tools that are currently being developed in order to provide a foundation of technologies and methods for the rapid development and deployment of tests for future emerging diseases. Such a resource might thus help to avert the delays in testing and screening that was observed in the early stages of the pandemic and plausibly led to more COVID-19-related deaths than necessary. We aim to address these needs via a relational database containing standardized ontology and curated data about COVID-19 diagnostic tests that have been granted Emergency Use Authorizations (EUAs) by the FDA (US Food and Drug Administration). Simple queries of this actively growing database demonstrate considerable variation among these tests with respect to sensitivity (limits of detection, LoD), controls and targets used, criteria used for calling results, sample types, reagents and instruments, and quality and amount of information provided