Distributed urban traffic applications based on CORBA event services

Intelligent transportation systems (ITS) in urban environments are based today on modern embedded systems with enhanced digital connectivity and higher processing capabilities, supporting distributed applications working in a cooperative manner. This paper provides an overview about modern cooperative ITS equipments and presents a distributed application to be used in an urban data network. As a case example, an application based on an embedded CORBA-compliant middleware layer and several computer vision equipments is presented. Results prove the feasibility of distributed applications for building intelligent urban environments

Web services security: A proposed architecture for interdomain trust relationship

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2006Includes bibliographical references (leaves: 49)Text in English; Abstract: Turkish and Englishix, 68 leavesWeb services technology is vulnerable to security threats similar to other technologies which are based on communication over internet. Some applications working over internet typically require strong authentication. The security requirements of a scenario may involve interdomain authentication mechanisms. These domains may be operating using different technologies. In order to enable such scenarios, we leverage existing approaches with emerging standards and propose an architecture. Our proposed architecture takes advantage of XML technology and emerging SAML standard. The most important aim of the proposed architecture is platform indepedence. Our proposed architecture includes a Security Token Service and a protocol for communication between token requesters, consumers and issuers. Although, the exact flow of execution depends on the scenario, we believe our approaches can be used as common ground for implementation

Enterprise Adoption Oriented Cloud Computing Performance Optimization

Cloud computing in the Enterprise has emerged as a new paradigm that brings both business opportunities and software engineering challenges. In Cloud computing, business participants such as service providers, enterprise solutions, and marketplace applications are required to adopt a Cloud architecture engineered for security and performance. One of the major hurdles of formal adoption of Cloud solutions in the enterprise is performance. Enterprise applications (e.g., SAP, SharePoint, Yammer, Lync Server, and Exchange Server) require a mechanism to predict and manage performance expectations in a secure way. This research addresses two areas of performance challenges: Capacity planning to ensure resources are provisioned in a way that meets requirements while minimizing total cost of ownership; and optimization to authentication protocols that enable enterprise applications to authenticate among each other and meet the performance requirements for enterprise servers, including third party marketplace applications. For the first set of optimizations, the theory was formulated using a stochastic process where multiple experiments were monitored and data collected over time. The results were then validated using a real-life enterprise product called Lync Server. The second set of optimizations was achieved by introducing provisioning steps to pre-establish trust among enterprise applications servers, the associated authorisation server, and the clients interested in access to protected resources. In this architecture, trust is provisioned and synchronized as a pre-requisite step 3 to authentication among all communicating entities in the authentication protocol and referral tokens are used to establish trust federation for marketplace applications across organizations. Various case studies and validation on commercially available products were used throughout the research to illustrate the concepts. Such performance optimizations have proved to help enterprise organizations meet their scalability requirements. Some of the work produced has been adopted by Microsoft and made available as a downloadable tool that was used by customers around the globe assisting them with Cloud adoption

Security Analysis of an Operations Support System

Operations support systems (OSS) are used by Communications service providers (CSP) to configure and monitor their network infrastructure in order to fulfill, assure and bill services. With the industry moving towards cloud-based deployments, CSPs are apprehensive about their internal OSS applications being deployed on external infrastructure. Today's OSS systems are complex and have a large attack surface. Moreover, a literature review of OSS systems security does not reveal much information about the security analysis of OSS systems. Hence, a security analysis of OSS systems is needed. In this thesis, we study a common architecture of an OSS system for provisioning and activation (P&A) of telecommunications networks. We create a threat model of the P&A system. We create data flow diagrams to analyse the entry and exit points of the application and list different threats using the STRIDE methodology. We also describe various vulnerabilities based on the common architecture that OSS vendors must address. We describe mitigation for the threats and vulnerabilities found and mention dos and don'ts for OSS developers and deployment personnel. We also present the results of a survey we conducted to find out the current perception of security in the OSS industry. Finally, we conclude by stressing the importance of a layered security approach and recommend that the threat model and mitigation must be validated periodically. We also observe that it is challenging to create a common threat model for OSS systems because of the lack of an open architecture and the closed nature of OSS software

Optimization of Web Services for Cloud Deployment and Mobile Consumption

Research performed for this thesis indicates an impedance mismatch between prevailing approaches to development of service-oriented enterprise applications and the consumption capabilities of mobile devices. The rich semantics and strong validation mechanisms inherent in SOAP-based web services, common to large-scale enterprise development, introduce inefficiencies of network bandwidth consumption and serialization/de-serialization processing requirements. These inefficiencies may be financially burdensome when systems are migrated to a cloud-based hosting environment and both costly and non-performant when accessed from network and processor constrained mobile devices. Yet wholesale abandonment of established enterprise practice and legacy systems for the adoption of unfamiliar architectural styles is rarely practical.  This thesis proposes a series of incremental changes to enterprise web services architecture that, individually, provide measurable efficiency benefits both when served from the cloud and when consumed from mobile devices. The objective of this research is to quantify the benefits and illustrate trade-offs for each. Within a cloud deployment, selective application of HTTP compression is shown to yield performance improvements in excess of 40% with data transfer  reductions of up to 85%. Analysis identifies the characteristics of services that suffer degraded performance under compression, and illustrates how similar performance and data reduction benefits may be achieved through service augmentation with alternative message and request formats.  Thesis focus then turns to options for improving efficiency in the consumption of these services from native applications on prevailing mobile device platforms. Development and measurements performed for this thesis identify approaches for faster and more efficient processing of existing services on mobile devices and relates these to the developer effort required. Further enhancements to application performance and development simplicity are demonstrated through mobile consumption of the augmented services and formats proposed for optimized cloud deployment. Research for this thesis suggests that in both cloud and mobile sides of a distributed system, performance and financial benefits may be achieved while building upon, rather than replacing, existing services code and architectural patterns.  M.S

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Cross-enterprise access control security for electronic health records: Technical, practical and legislation impact

In this thesis we investigate the relationship of security, privacy, legislation, computational power in relation to Cross-Enterprise User Assertions (XUA), which allows us to develop the recommendations for the appropriate, architecture, functionality, cryptographic algorithms, and key lengths. The evolution of health records from paper to electronic media promises to be an important part of improving the quality of health care. The diversity of organizations, systems, geography,laws and regulations create a significant challenge for ensuring the privacy of Electronic Health Records (EHRs), while maintaining availability. XUA is a technology that attempts to address the problem of sharing EHRs across enterprise boundaries. We rely on NSA suite B cryptography to provide the fundamental framework of the minimum security requirements at the 128 bit security level. We also recommend the use of the National Institute of Standards and Technologys (NIST) FIPS 140-2 specification to establish confidence in the software\u27s security features

Dynamic Assembly for System Adaptability, Dependability, and Assurance

(DASASA) ProjectAuthor-contributed print ite

Proceedings of Monterey Workshop 2001 Engineering Automation for Sofware Intensive System Integration

The 2001 Monterey Workshop on Engineering Automation for Software Intensive System Integration was sponsored by the Office of Naval Research, Air Force Office of Scientific Research, Army Research Office and the Defense Advance Research Projects Agency. It is our pleasure to thank the workshop advisory and sponsors for their vision of a principled engineering solution for software and for their many-year tireless effort in supporting a series of workshops to bring everyone together.This workshop is the 8 in a series of International workshops. The workshop was held in Monterey Beach Hotel, Monterey, California during June 18-22, 2001. The general theme of the workshop has been to present and discuss research works that aims at increasing the practical impact of formal methods for software and systems engineering. The particular focus of this workshop was "Engineering Automation for Software Intensive System Integration". Previous workshops have been focused on issues including, "Real-time & Concurrent Systems", "Software Merging and Slicing", "Software Evolution", "Software Architecture", "Requirements Targeting Software" and "Modeling Software System Structures in a fastly moving scenario".Office of Naval ResearchAir Force Office of Scientific Research Army Research OfficeDefense Advanced Research Projects AgencyApproved for public release, distribution unlimite