Ontology for Data Representation in the Production of Cotton Fiber in Brazil

An important feature in computer systems developed for the agricultural sector is to satisfy the heterogeneity of data generated in different processes. Most problems related with this heterogeneity arise from the lack of standard for different computing solutions proposed. An efficient solution for that is to create a single standard for data exchange. The study on the actual process involved in cotton production was based on a research developed by the Brazilian Agricultural Research Corporation (EMBRAPA) that reports all phases as a result of the compilation of several theoretical and practical researches related to cotton crop. The proposition of a standard starts with the identification of the most important classes of data involved in the process, and includes an ontology that is the systematization of concepts related to the production of cotton fiber and results in a set of classes, relations, functions and instances. The results are used as a reference for the development of computational tools, transforming implicit knowledge into applications that support the knowledge described. This research is based on data from the Midwest of Brazil. The choice of the cotton process as a study case comes from the fact that Brazil is one of the major players and there are several improvements required for system integration in this segment

Implementing the Payment Card Industry (PCI) Data Security Standard (DSS)

Underpinned by the rise in online criminality, the payment card industry (PCI) data security standards (DSS) were introduced which outlines a subset of the core principals and requirements that must be followed, including precautions relating to the software that processes credit card data. The necessity to implement these requirements in existing software applications can present software owners and developers with a range of issues. We present here a generic solution to the sensitive issue of PCI compliance where aspect orientated programming (AOP) can be applied to meet the requirement of masking the primary account number (PAN).  Our architecture allows a definite amount of code to be added which intercepts all the methods specified in the aspect, regardless of future additions to the system thus reducing the amount of work required to the maintain aspect. We believe that the concepts here will provide an insight into how to approach the PCI requirements to undertake the task. The software artefact should also serve as a guide to developers attempting to implement new applications, where security and design are fundamental elements that should be considered through each phase of the software development lifecycle and not as an afterthought

Towards secure web services: Performance analysis, decision making and steganography approaches

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Web services provide a platform neutral and programming language independent technology that supports interoperable machine-to-machine interaction over a network. Clients and other systems interact with Web services using a standardised XML messaging system, such as the Simple Object Access Protocol (SOAP), typically conveyed using HTTP with an XML serialisation in conjunction with other related Web standards. Nevertheless, the idea of applications from different parties communicating together raises a security threat. The challenge of Web services security is to understand and consider the risks of securing a Web-based service depending on the existing security techniques and simultaneously follow evolving standards in order to fill the gap in Web services security. However, the performance of the security mechanisms is fraught with concerns due to additional security contents in SOAP messages, the higher number of message exchanges to establish trust, as well as the extra CPU time to process these additions. As the interaction between service providers and requesters occurs via XML-based SOAP messages, securing Web services tends to make these messages longer than they would be otherwise and consequently requires interpretation by XML parsers on both sides, which reduces the performance of Web services. The work described in this thesis can be broadly divided into three parts, the first of which is studying and comparing the performance of various security profiles applied on a Web service tested with different initial message sizes. The second part proposes a multi-criteria decision making framework to aid Web services developers and architects in selecting the best suited security profile that satisfies the different requirements of a given application during the development process in a systematic, manageable, and effective way. The proposed framework, based on the Analytical Hierarchy Process (AHP) approach, incorporates not only the security requirements, but also the performance considerations as well as the configuration constraints of these security profiles. The framework is then validated and evaluated using a scenario-driven approach to demonstrate situations where the decision making framework is used to make informed decisions to rank various security profiles in order to select the most suitable one for each scenario. Finally, the last part of this thesis develops a novel steganography method to be used for SOAP messages within Web services environments. This method is based on changing the order of XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because it uses the communication protocol as a cover medium, and keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value

MIDDLEWARE FOR DATABASE ACCESS THROUGH WEB SERVICES BASED IN AXIS2 SECURITY MODEL

En este artículo se presenta el diseño de un middleware para el acceso a bases de datos a través de Web Services (WS) basado en el modelo de seguridad Axis2. El WS denominado MABDA (Middleware para Acceso a Bases de Datos con Axis2), es una capa de software entre la base de datos y las aplicaciones que soliciten acceso a la misma. MABDA accede al Sistema Integral de Información (SII) de la institución, sin comprometer la seguridad. Esto se logra gracias a que las aplicaciones cliente envían únicamente: 1) un código relacionado con la consulta a realizar en la base de datos y 2) un certificado cifrado. Una vez autenticados estas credenciales, se obtiene como resultado un archivo en formato XML con el resultado de la consulta. El protocolo de seguridad Axis2 está orientado a XML y soporta estándares como WS-Security y WS-SecurityPolicy. Axis2 verifica el contenido de los mensajes entrantes y salientes para no comprometer la seguridad. Con el uso de MABDA, los desarrolladores podrán crear aplicaciones y solicitar datos del sistema legado “SII”, sin importar la plataforma o lenguaje de programación.In this paper, a design of a middleware to access databases through Web Services (WS) based on the Axis2 security model is presented. The WS called MABDA (Middleware for Access to Databases based on Axis2) is a software layer between the database and the applications that request access to it. MABDA is able to connect to the Integral Information System (IIS) of the institution without compromising the security. This is achieved because client applications only send: 1) a code related to the query to be performed in the database and 2) an encrypted certificate. Once these credentials have been authenticated, an XML file with the data requested is returned. The Axis2 security protocol is XML oriented and supports standards such as WS-Security and WS-SecurityPolicy. Axis2 verifies the content of the incoming and outgoing messages in order to preserve the data security. With the use of MABDA, developers will be able to develop applications and request data stored in the “IIS” legacy system, in any platform or programming language

Enhancing Privacy Preservation of Web Service through Negotiation Mechanism

ABSTRACT: Web service composition is a web technology which is use for combining the information from multiple sources into single application. With the help of this web service we can collected the large amount of data. Web Service is a technique provides a special type of composition application that aims at integrating data from multiple data provider depending on user request. DaaS depend on the specified useful data can be supplied according to the user demand. The main use of DaaS is eliminating redundancy and reduces associated expenditures. It modifies the data via single update point for multiple users. This paper proposes a formal privacy model in order to extend DaaS description with privacy capabilities. DaaS composition approach allowing verifying the compatibilities between privacy requirements and policies in DaaS composition

Preserving confidentiality in PCE-based multi-domain networks

n/

Towards secure web services : performance analysis, decision making and steganography approaches

Web services provide a platform neutral and programming language independent technology that supports interoperable machine-to-machine interaction over a network. Clients and other systems interact with Web services using a standardised XML messaging system, such as the Simple Object Access Protocol (SOAP), typically conveyed using HTTP with an XML serialisation in conjunction with other related Web standards. Nevertheless, the idea of applications from different parties communicating together raises a security threat. The challenge of Web services security is to understand and consider the risks of securing a Web-based service depending on the existing security techniques and simultaneously follow evolving standards in order to fill the gap in Web services security. However, the performance of the security mechanisms is fraught with concerns due to additional security contents in SOAP messages, the higher number of message exchanges to establish trust, as well as the extra CPU time to process these additions. As the interaction between service providers and requesters occurs via XML-based SOAP messages, securing Web services tends to make these messages longer than they would be otherwise and consequently requires interpretation by XML parsers on both sides, which reduces the performance of Web services. The work described in this thesis can be broadly divided into three parts, the first of which is studying and comparing the performance of various security profiles applied on a Web service tested with different initial message sizes. The second part proposes a multi-criteria decision making framework to aid Web services developers and architects in selecting the best suited security profile that satisfies the different requirements of a given application during the development process in a systematic, manageable, and effective way. The proposed framework, based on the Analytical Hierarchy Process (AHP) approach, incorporates not only the security requirements, but also the performance considerations as well as the configuration constraints of these security profiles. The framework is then validated and evaluated using a scenario-driven approach to demonstrate situations where the decision making framework is used to make informed decisions to rank various security profiles in order to select the most suitable one for each scenario. Finally, the last part of this thesis develops a novel steganography method to be used for SOAP messages within Web services environments. This method is based on changing the order of XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because it uses the communication protocol as a cover medium, and keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Participant Domain Name Token Profile for security enhancements supporting service oriented architecture

This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the Service-Oriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Currently, the market push is towards SOA, which provides several advantages, for instance: integration with heterogeneous systems, services reuse, standardization of data exchange, etc. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP). A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile called: Participant Domain Name Token Profile (PDNT) is created to tackle this issue. The PDNT provides a new security feature, which the existing token profiles do not address. Location-based authentication is achieved if adopting the PDNT when using Web Services. In the performance evaluation, PDNT is demonstrated to be significantly faster than other secure token profiles. The processing overhead of using the PDNT with other secure token profiles is very small given the additional security provided. Therefore all the participants can acquire the benefits of increased security and performance at low cost

Uma implementação do protocolo OAuth 2 em Erlang para uma arquitetura orientada a serviço

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2017.A utilização da Arquitetura Orientada a Serviço (SOA) oferece alguns benefícios, tais como: baixo acoplamento e interoperabilidade, sendo bastante utilizada para a integração de aplicações dentro de uma organização. Essa característica faz com que a arquitetura orientada a serviço seja utilizada na modernização de sistemas legados. No entanto, a sua implantação ainda merece alguns cuidados relacionados aos problemas de segurança. Este trabalho apresenta um mapeamento sistemático a cerca dos mecanismos de autenticação e autorização em SOA e levanta algumas questões de pesquisa, bem como alguns protocolos utilizados em SOA. Como resultado deste mapeamento foi identificado uma solução de autorização considerada adequada para a arquitetura utilizada pelo CPD para modernizar os seus sistemas legados. O protocolo OAuth 2.0 foi implementado no Enterprise Service Bus (ESB) que será utilizado para a modernização dos sistemas legados da UnB. Foram realizados testes de desempenho na solução permitindo verificar o aumento da latência introduzida pelo protocolo e a vazão média suportada. Foram realizadas ainda simulações de segurança com o objetivo de verificar o comportamento do protocolo implementado quando exposto a uma ataque de repetição.The utilization of Service-Oriented Architecture (SOA) offers certain benefits, such as low coupling and interoperability. It widely used for the integration of applications within an organization. This characteristic makes it so service-oriented architecture is used in the modernization of legacy systems, being thoroughly discussed and used as an architecture solution for the modernization of the legacy systems of the IT Center (CPD) of University of Brasília (UnB). Nevertheless, its implementation still requires some care related to the security problems. This study presents a systematic mapping regarding the authentication and authorization mechanisms in SOA, and raises some research questions, as well as some of the protocols used in SOA. As a result of the mapping, an authorization solution considered adequate for the architecture used by the CPD to modernize its legacy systems was identified. The OAuth 2.0 protocol was implemented in the Enterprise Service Bus (ESB) that will be used for modernization of legacy systems of UnB. Performance tests were carried out in the solution allowing to check the increase in the latency introduced by the Protocol and the average flow supported. Simulations were carried out with the objective to verify the behavior of the Protocol implemented when exposed to a replay attack

Transacção de componentes multimédia suportada por agentes

O objectivo do projecto descrito nesta dissertação é o desenvolvimento da interface entre as empresas e a plataforma Business-to-Business (B2B) de negociação automática de anúncios em construção. A plataforma, no seu todo, deve garantir que os intervalos da programação são preenchidos com um alinhamento de anúncios compatível com os interesses expressos e o perfil construído dos espectadores. A plataforma funciona como um mercado electrónico de negociação automática destinado a agências de publicidade (empresas produtoras) e empresas provedoras de conteúdos e serviços multimédia aos consumidores finais (empresas distribuidoras). As empresas, uma vez registadas na plataforma, passam a ser representadas por agentes que negoceiam automaticamente os itens submetidos com o comportamento especificado. Do ponto de vista da arquitectura, a plataforma consiste num sistema multiagente organizado em três camadas compostas por: (i) agentes de interface com as empresas; (ii) agentes de modelação das empresas; e (iii) agentes delegados, de duração efémera, exclusivamente criados para participar em negociações específicas de conteúdos multimédia. Cada empresa representada na plataforma possui, para além de um número indeterminado de delegados envolvidos em negociações específicas, dois agentes: (i) o agente de interface com a empresa, que expõe um conjunto de operações de interface ao exterior através de um serviço Web, localizado na primeira camada; e (ii) o agente que modela a empresa na plataforma, que expõe através de um serviço Web um conjunto de operações aos agentes das restantes camadas da plataforma, residente na camada intermédia. Este projecto focou-se no desenvolvimento da camada superior de interface da plataforma com as empresas e no enriquecimento da camada intermédia. A realização da camada superior incluiu a especificação da parte da ontologia da plataforma que dá suporte às operações de interface com o exterior, à sua exposição como serviços Web e à criação e controlo dos agentes de interface. Esta camada superior deve permitir às empresas carregar e descarregar toda informação relevante de e para a plataforma, através de uma interface gráfica ou de forma automática, e apresentar de forma gráfica e intuitiva os resultados alcançados, nomeadamente, através da apresentação da evolução das transacções. Em relação à camada intermédia, adicionou-se à ontologia da plataforma a representação do conhecimento de suporte às operações de interface com a camada superior, adoptaram-se taxonomias de classificação de espectadores, anúncios e programas, desenvolveu-se um algoritmo de emparelhamento entre os espectadores, programas e anúncios disponíveis e, por fim, procedeu-se ao armazenamento persistente dos resultados das negociações. Do ponto de vista da plataforma, testou-se o seu funcionamento numa única plataforma física e assegurou-se a segurança e privacidade da comunicação entre empresa e plataforma e entre agentes que representam uma mesma empresa.The objective of the project described in this dissertation is the development of the interface between companies and the platform (B2B) of automatic trading of ads under construction. The platform as a whole, must ensure that the gaps are filled with programming Ad alignment with the interests expressed and the profile created of viewers. The platform acts as an electronic marketplace for Automatic trading for the advertising agencies (companies producers) and companies providing content and servicesmultimedia to end consumers (distribution companies). The Companies, once registered on the platform become represented by agents who negotiate automatically the items submitted with the specified behavior. This platform is arranged in a multiagent system three layers consisting of: (i) to interface with agents companies; (ii) agents modeling of enterprises; (iii) delegated agents of short-lived, created solely to participate in specific negotiations of multimedia content. Each company has represented the platform, in addition to a indeterminate number of delegates involved in specific negotiations, two agents: (i) the agent interface of the company, which exposes a set of interface operations to outside through an Web Service, located in first layer, and (ii) the agent that shapes the company’s platform, which exposes a Web Service set of operations to agents of the other layers of the platform, residing in the intermediate layer. This design has focused on development of the topsheet platform interface with business and the enrichment of intermediate layer. The performance of the topsheet includes a specification of the ontology platform that supports the operations interface with the outside world, to its exposure as Web Services and the creation and control of interface agents. This top layer should allow companies to load and unload all the relevant information to and from the platform, through a graphical interface or automatically, and presenting intuitive graphical achievements, in particular, through the presentation of the evolution of the transactions. In relation to the intermediate layer, added to the ontology platform for knowledge representation to support operations interfacing with the topsheet, measures have been taxonomies classification of viewers, ads and programs, developed a pairing algorithm between the audience, programs and advertisements available and, finally, proceeded to the persistent storage of the results of negotiations. From the viewpoint of the platform, we tested its operation a single physical platform and ensured the safety and privacy of communication between the company and between platform and agents representing the same company