994 research outputs found
State of The Art and Hot Aspects in Cloud Data Storage Security
Along with the evolution of cloud computing and cloud storage towards matu-
rity, researchers have analyzed an increasing range of cloud computing security
aspects, data security being an important topic in this area. In this paper, we
examine the state of the art in cloud storage security through an overview of
selected peer reviewed publications. We address the question of defining cloud
storage security and its different aspects, as well as enumerate the main vec-
tors of attack on cloud storage. The reviewed papers present techniques for key
management and controlled disclosure of encrypted data in cloud storage, while
novel ideas regarding secure operations on encrypted data and methods for pro-
tection of data in fully virtualized environments provide a glimpse of the toolbox
available for securing cloud storage. Finally, new challenges such as emergent
government regulation call for solutions to problems that did not receive enough
attention in earlier stages of cloud computing, such as for example geographical
location of data. The methods presented in the papers selected for this review
represent only a small fraction of the wide research effort within cloud storage
security. Nevertheless, they serve as an indication of the diversity of problems
that are being addressed
Learning-Based Constraint Satisfaction With Sensing Restrictions
In this paper we consider graph-coloring problems, an important subset of
general constraint satisfaction problems that arise in wireless resource
allocation. We constructively establish the existence of fully decentralized
learning-based algorithms that are able to find a proper coloring even in the
presence of strong sensing restrictions, in particular sensing asymmetry of the
type encountered when hidden terminals are present. Our main analytic
contribution is to establish sufficient conditions on the sensing behaviour to
ensure that the solvers find satisfying assignments with probability one. These
conditions take the form of connectivity requirements on the induced sensing
graph. These requirements are mild, and we demonstrate that they are commonly
satisfied in wireless allocation tasks. We argue that our results are of
considerable practical importance in view of the prevalence of both
communication and sensing restrictions in wireless resource allocation
problems. The class of algorithms analysed here requires no message-passing
whatsoever between wireless devices, and we show that they continue to perform
well even when devices are only able to carry out constrained sensing of the
surrounding radio environment
EFFECTS OF AGRI-ENVIRONMENTAL PAYMENT POLICIES ON AGRICULTURAL TRADE
In many OECD countries, including the U.S., interest in developing agri-environmental payment programs is currently strong. In the future, the inclusion of an agri-environmental payment program into the WTO's "green box" could be more easily challenged by WTO member countries on the basis that it has more than "minimal" trade-distorting impacts on production. The goal of this paper is to conduct an ex ante analysis of the trade impacts of stylized examples of agri-environmental payment programs that have been proposed for implementation in the near future. To simulate the production and trade impacts of these programs, we use a partial equilibrium model of the U.S. agricultural sector in a sensitivity analysis across a range of design options for agri-environmental payments. For the three agri-environmental payment scenarios evaluated, the maximum change in exports ranges from a 7 percent decrease (wheat) to a 1 percent increase (soybeans). We do not expect the programs that decrease U.S. production, which would tend to have an upward pressure on world commodity prices, to be challenged before the WTO.Agricultural and Food Policy,
INSTRUMENT CHOICE AND BUDGET-CONSTRAINED TARGETING
We analyze how choosing to use a particular type of instrument for agri-environmental payments, when these payments are constrained by the regulatory authority's budget, implies an underlying targeting criterion with respect to costs, benefits, participation, and income, and the tradeoffs among these targeting criteria. The results provide insight into current policy debates.Research Methods/ Statistical Methods,
Process Chain-Oriented Design Evaluation of Multi-Material Components by Knowledge-Based Engineering
The design of components suitable for manufacturing requires the application of knowledge about the manufacturing process chain with which the component is to be manufactured. This article presents an assistance system for decision support in the context of design for manufacturing. The assistance system includes explicit manufacturing process chain knowledge and has an inference engine that can automatically evaluate the manufacturability of a component design based on a given manufacturing process chain and resolve emerging manufacturing conflicts by making adjustments on the component or resource side. A link with a CAD system additionally enables the three-dimensional representation of derived manufacturing stages and manufacturing resources. Within the assistance system, a manufacturing process chain is understood as a configurable design object and is implemented via a constraint satisfaction problem. Furthermore, the required abstraction of manufacturing processes within finite domains can be reduced to the extent that necessary modeling resolution is achieved by incorporating empirical or simulative surrogate models into the CSP. The assistance system was conceptually validated on a tailored forming process chain for the production of a multimaterial shaft and provides added value, as valuable manufacturing information for component designs is automatically derived and made available in explicit form during the component development
Coordinated constraint relaxation using a distributed agent protocol
The interactions among agents in a multi-agent system for coordinating a distributed,
problem solving task can be complex, as the distinct sub-problems of the individual
agents are interdependent. A distributed protocol provides the necessary framework for
specifying these interactions. In a model of interactions where the agents' social norms
are expressed as the message passing behaviours associated with roles, the dependencies
among agents can be specified as constraints. The constraints are associated with roles to
be adopted by agents as dictated by the protocol. These constraints are commonly
handled using a conventional constraint solving system that only allows two satisfactory
states to be achieved - completely satisfied or failed. Agent interactions then become
brittle as the occurrence of an over-constrained state can cause the interaction between
agents to break prematurely, even though the interacting agents could, in principle, reach
an agreement. Assuming that the agents are capable of relaxing their individual
constraints to reach a common goal, the main issue addressed by this thesis is how the
agents could communicate and coordinate the constraint relaxation process. The
interaction mechanism for this is obtained by reinterpreting a technique borrowed from
the constraint satisfaction field, deployed and computed at the protocol level.The foundations of this work are the Lightweight Coordination Calculus (LCC) and
the distributed partial Constraint Satisfaction Problem (CSP). LCC is a distributed
interaction protocol language, based on process calculus, for specifying and executing
agents' social norms in a multi-agent system. Distributed partial CSP is an extension of
partial CSP, a means for managing the relaxation of distributed, over-constrained, CSPs.
The research presented in this thesis concerns how distributed partial CSP technique,
used to address over-constrained problems in the constraint satisfaction field, could be
adopted and integrated within the LCC to obtain a more flexible means for constraint
handling during agent interactions. The approach is evaluated against a set of overconstrained Multi-agent Agreement Problems (MAPs) with different levels of hardness.
Not only does this thesis explore a flexible and novel approach for handling constraints
during the interactions of heterogeneous and autonomous agents participating in a
problem solving task, but it is also grounded in a practical implementation
Network protection with multiple availability guarantees
We develop a novel network protection scheme that provides guarantees on both the fraction of time a flow has full connectivity, as well as a quantifiable minimum grade of service during downtimes. In particular, a flow can be below the full demand for at most a maximum fraction of time; then, it must still support at least a fraction q of the full demand. This is in contrast to current protection schemes that offer either availability-guarantees with no bandwidth guarantees during the downtime, or full protection schemes that offer 100% availability after a single link failure. We develop algorithms that provide multiple availability guarantees and show that significant capacity savings can be achieved as compared to full protection. If a connection is allowed to drop to 50% of its bandwidth for 1 out of every 20 failures, then a 24% reduction in spare capacity can be achieved over traditional full protection schemes. In addition, for the case of q = 0, corresponding to the standard availability constraint, an optimal pseudo-polynomial time algorithm is presented.National Science Foundation (U.S.) (NSF grants CNS-1116209)National Science Foundation (U.S.) (NSF grants CNS-0830961)United States. Defense Threat Reduction Agency (grant HDTRA-09-1-005)United States. Defense Threat Reduction Agency (grant HDTRA1-07-1-0004)United States. Air Force (Air Force contract # FA8721-05-C-0002
Can i take your subdomain? Exploring same-site attacks in the modern web
Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention from the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including cookies, CSP, CORS, postMessage, and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications
- …