Trust management schemes for peer-to-peer networks

Peer-to-peer (P2P) networking enables users with similar interests to exchange, or obtain files. This network model has been proven popular to exchange music, pictures, or software applications. These files are saved, and most likely executed, at the downloading host. At the expense of this mechanism, worms, viruses, and malware find an open front door to the downloading host and gives them a convenient environment for successful proliferation throughout the network. Although virus detection software is currently available, this countermeasure works in a reactive fashion, and in most times, in an isolated manner. A trust management scheme is considered to contain the proliferation of viruses in P2P networks. Specifically, a cooperative and distributed trust management scheme based on a two-layer approach to bound the proliferation of viruses is proposed. The new scheme is called double-layer dynamic trust (DDT) management scheme. The results show that the proposed scheme bounds the proliferation of malware. With the proposed scheme, the number of infected hosts and the proliferation rate are limited to small values. In addition, it is shown that network activity is not discouraged by using the proposed scheme. Moreover, to improve the efficiency on the calculation of trust values of ratio based normalization models, a model is proposed for trust value calculation using a three-dimensional normalization to represent peer activity with more accuracy than that of a conventional ratio based normalization. Distributed network security is also considered, especially in P2P network security. For many P2P systems, including ad hoc networks and online markets, reputation systems have been considered as a solution for mitigating the affects of malicious peers. However, a sybil attack, wherein forging identities is performed to unfairly and arbitrarily influence the reputation of peers in a network or community. To defend against sybil attack, each reported transaction, which is used to calculate trust values, is verified. In this thesis, it is shown that peer reputation alone cannot bound network subversion of a sybil attack. Therefore, a new trust management framework, called Sybildefense, is introduced. This framework combines a trust management scheme with a cryptography mechanism to verify different transaction claims issue by peers, including those bogus claims of sybil peers. To improve the efficiency on the identification of honest peers from sybil peers, a k-means clustering mechanism is adopted. Moreover, to include a list of peer’s trustees in a warning messages is proposed to generate a local table for a peer that it is used to identify possible clusters of sybil peers. The defensive performance of these algorithms are compared under sybil attacks. The performance results show that the proposed framework (Sybildefense) can thwart sybil attacks efficiently

The Pan American (1988-04)

https://scholarworks.utrgv.edu/panamerican/1503/thumbnail.jp

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators' consequent mistrust of systems' abilities to issue appropriate responses. The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions. The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations. The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain

Risk Management for the Future

A large part of academic literature, business literature as well as practices in real life are resting on the assumption that uncertainty and risk does not exist. We all know that this is not true, yet, a whole variety of methods, tools and practices are not attuned to the fact that the future is uncertain and that risks are all around us. However, despite risk management entering the agenda some decades ago, it has introduced risks on its own as illustrated by the financial crisis. Here is a book that goes beyond risk management as it is today and tries to discuss what needs to be improved further. The book also offers some cases

Combining SOA and BPM Technologies for Cross-System Process Automation

This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation

Dissolving boundaries among applied disciplines: a narrative study of transdisciplinary collaboration during a charrette

2021 Spring.Includes bibliographical references.Charrettes have a long history of use in medical, architectural, and planning professions. An extensive literature search found little application of the charrette model implemented to advance, support, and identify transdisciplinarity (TD) research, transdisciplinary teaming models (TDM), transdisciplinary learning (TDL) supporting transformative learning (TL) among participants. This study highlighted differing approaches among teams as they navigated ideation and proposed solutions advancing comprehension among students of applied disciplines and how each approached, negotiated, and solved community-based problems. I implemented a TDM charrette to address TDL in educational settings. This two charrette case study implemented 1) an exploratory investigation joined a competition to create a high school of the future in underserved Montbello, Colorado, and 2) a proposal to renovate and develop a historic homestead on a working cattle ranch and wildlife reserve to support a multi-generational educational program, in Sedalia, Colorado. Charrettes included college students from architectural design, construction management, education, environmental sciences, and fish and wildlife. High school students were joined by POs from education, business and ranching professions, artists, and authors. Participants were challenged to create programs using site attributes. Charrette's culminated with team project proposals shared with invited stakeholders. Using Hall's four-phases of TD team based experiential learning and Kolb's Learning Style Models I used visual narrative and a sustainability lens to reflect and incorporate participant experiences and outcomes. Findings identified how students experienced charrettes, how they interacted with other disciplines, participant observers (PO)/facilitator observers (FO), and project stakeholders. TDM emphasized the importance of self-reflection revealed by mutual learning of transferable solutions, synthesis of results, and the visibility and relevance to problem solving. Outcomes showed how participants explored, described discipline knowledge; how shared skills shaped and influenced information sharing, leading to transformative learning (TL). Key findings identified knowledge derived from multiple modes of inquiry gained from TDL addressed problems, contributed to transferability. Challenges identified recruitment of participants from more than three disciplines. This study described and shared how participation advanced knowledge production and integration to solve unstructured problems. The TDM charrette supported TDL and knowledge production that bridged solution oriented approaches among participants leading to TL

Feasibility research into the controlled availability of opioids, Volume 2a - Background Papers

Executive Summary: The results of a three month exploration of legal, ethical, political, medical and logistic issues lead us to the interim conclusion that it would be feasible to undertake a randomised controlled trial as a test of the policy of expanding the availability of heroin in a controlled fashion for the management of heroin dependent users in the ACT. There is evidence that the ACT community is willing to consider such a trial, but also that ACT police have significant concerns about its logistics and possible ill effects. The trial would compare oral methadone treatment with a program of expanded opioid availability, in which dependent individuals would be able to take intravenous, oral or smoked heroin and/or methadone under careful medical supervision. Volunteers would be subject to strict residential eligibility criteria and would need to agree to extensive medical tests and data collections. They would be randomly assigned either to methadone treatment or to the expanded availability program. The two groups would be carefully followed for at least one year in an effort to discover whether or not the expanded availability program provides benefits for dependent drug users, their families and to society at large which methadone programs cannot provide. The purpose of the study would be to discover whether or not a policy of controlled heroin availability could ameliorate the massive burden which illegal heroin use currently imposes on Australian and ACT societies. Our exploration of these matters leads us to recommend to the Select Committee on HIV, Illegal Drugs and Prostitution of the ACT Legislative Assembly that it cautiously proceeds to a second stage exploration of the feasibility of such a study without commitment to the trial until logistic issues are more fully described