Optimization approach with ρ-proximal convexification for Internet traffic control, Journal of Telecommunications and Information Technology, 2005, nr 3

The optimization flow control algorithm for traffic control in computer networks, introduced by Steven H. Low, works only for concave utility functions. This assumption is rather optimistic and leads to several problems, especially with streaming applications. In an earlier paper we introduced a modification of the algorithm based on the idea of proximal convexification. In this paper we extend this approach, replacing the proximal method with the ρ-proximal method. The new method mixes the quadratic proximal term with higher-order terms, achieving better results. The algorithms are compared in a simple numerical experiment

Main problems of the evaluation and selection of advanced weapon systems exemplified by a multi-role combat aircraft

This paper presents a selection of issues related to the methods of evaluation and selection of advanced weapon systems for armed forces. The paper’s focus is ranking in the form of typical Multidimensional Comparative Analysis Methods, and the AHP method which represents a large group of Multi-Criteria Decision Analysis methods. Both methods were illustrated with a practical computational example related to combat aircraft. The example can help determine the defensive capabilities of friendly forces; it can also support the decision-making process in the acquisition of novel armament, including aircraft, ships, surface-to-air missile defense systems, etc. Keywords: armament, military aviation, decision making support, multi-criteria analysis, AHP method, ranking

RTT+ – Time Validity Constraints in RT RTT Language, Journal of Telecommunications and Information Technology, 2012, nr 2

Most of the traditional access control models, like mandatory, discretionary and role based access control make authorization decisions based on the identity, or the role of the requester, who must be known to the resource owner. Thus, they may be suitable for centralized systems but not for decentralized environments, where the requester and service provider or resource owner are often unknown to each other. To overcome the shortcomings of traditional access control models, trust management models have been presented. The topic of this paper is three different semantics (set-theoretic, operational, and logic- programming) of RTT , language from the family of role-based trust management languages (RT). RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The set-theoretic semantics maps roles to a set of sets of entity names. Members of such a set must cooperate in order to satisfy the role. In the case of logic-programming semantics, the credentials are translated into a logic program. In the operational semantics the credentials can be established using a simple set of inference rules. It turns out to be fundamental mainly in large- scale distributed systems, where users have only partial view of their execution context. The core part of this paper is the introduction of time validity constraints to show how that can make RTT language more realistic. The new language, named RTT+ takes time validity constraints into account. The semantics for RTT+ language will also be shown. Inference system will be introduced not just for specific moment but also for time intervals. It will evaluate maximal time validity, when it is possible to derive the credential from the set of available credentials. The soundness and completeness of the inference systems with the time validity constraints with respect to the set-theoretic semantics of RTT+ will be proven

Model of User Access Contro to Virtual Machines Based on RT-Family Trust Management Language with Temporal Validity Constraints – Practical Application, Journal of Telecommunications and Information Technology, 2012, nr 3

The paper presents an application of an RT-family trust management language as a basis for an access control model. The discussion concerns a secure workstation running multiple virtual machines used to process sensitive information from multiple security domains, providing strict separation of the domains. The users may act in several different roles, with different access rights. The inference mechanisms of the language are used to translate credentials allowing users to access different functional domains, and assigning virtual machines to these domains into clear rules, regulating the rights of a particular user to a particular machine, taking into account different periods of validity of different credentials. The paper also describes a prototype implementation of the model

BSBI – a Simple Protocol for Remote Verification of Identity, Journal of Telecommunications and Information Technology, 2012, nr 3

The paper presents the design and the rationale behind a simple verification protocol for autonomous verification modules, and the architecture enabling use of such modules. The architecture assumes strict separation of all personal metadata and the actual verification data. The paper also describes a prototype implementation of the protocol and its extension enabling the state of the module to be monitored from the main system. The proposed design solves the problem of using advanced verification methods, especially biometric ones, in systems where direct implementation is not possible due to hardware incompatibilities, insufficient resources or other limitations

Intrusion Detection in Heterogeneous Networks of Resource-Limited Things, Journal of Telecommunications and Information Technology, 2015, nr 4

The paper discusses the threats to networks of resource-limited things such as wireless sensors and the different mechanisms used to deal with them. A novel approach to threat detection is proposed. MOTHON is a movement-assisted threat detection system using mobility to enhance a global threat assessment and provide a separate physical secure channel to deliver collected information

Detecting Security Violations Based on Multilayered Event Log Processing, Journal of Telecommunications and Information Technology, 2015, nr 4

design. First layer, named the event source layer, describes sources of information that can be used for misuse investigation. Transport layer represents the method of collecting event data, preserving it in the form of logs and passing it to another layer, called the analysis layer. This third layer is responsible for analyzing the logs' content, picking relevant information and generating security alerts. Last layer, called normalization layer, is custom software which normalizes and correlates produced alerts to raise notice on more complex attacks. Logs from remote hosts are collected by using rsyslog software and OSSEC HIDS with custom decoders and rules is used on a central log server for log analysis. A novel method of handling OSSEC HIDS alerts by their normalization and correlation is proposed. The output can be optionally suppressed to protect the system against alarm flood and reduce the count of messages transmitted in the network

Application of bioinformatics methods to recognition of network threats, Journal of Telecommunications and Information Technology, 2007, nr 4

Bioinformatics is a large group of methods used in biology, mostly for analysis of gene sequences. The algorithms developed for this task have recently found a new application in network threat detection. This paper is an introduction to this area of research, presenting a survey of bioinformatics methods applied to this task, outlining the individual tasks and methods used to solve them. It is argued that the early conclusion that such methods are ineffective against polymorphic attacks is in fact too pessimistic