Efficient and Extensible Policy Mining for Relationship-Based Access Control

Relationship-based access control (ReBAC) is a flexible and expressive framework that allows policies to be expressed in terms of chains of relationship between entities as well as attributes of entities. ReBAC policy mining algorithms have a potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. Existing ReBAC policy mining algorithms support a policy language with a limited set of operators; this limits their applicability. This paper presents a ReBAC policy mining algorithm designed to be both (1) easily extensible (to support additional policy language features) and (2) scalable. The algorithm is based on Bui et al.'s evolutionary algorithm for ReBAC policy mining algorithm. First, we simplify their algorithm, in order to make it easier to extend and provide a methodology that extends it to handle new policy language features. However, extending the policy language increases the search space of candidate policies explored by the evolutionary algorithm, thus causes longer running time and/or worse results. To address the problem, we enhance the algorithm with a feature selection phase. The enhancement utilizes a neural network to identify useful features. We use the result of feature selection to reduce the evolutionary algorithm's search space. The new algorithm is easy to extend and, as shown by our experiments, is more efficient and produces better policies

Contextual and Granular Policy Enforcement in Database-backed Applications

Database-backed applications rely on inlined policy checks to process users' private and confidential data in a policy-compliant manner as traditional database access control mechanisms cannot enforce complex policies. However, application bugs due to missed checks are common in such applications, which result in data breaches. While separating policy from code is a natural solution, many data protection policies specify restrictions based on the context in which data is accessed and how the data is used. Enforcing these restrictions automatically presents significant challenges, as the information needed to determine context requires a tight coupling between policy enforcement and an application's implementation. We present Estrela, a framework for enforcing contextual and granular data access policies. Working from the observation that API endpoints can be associated with salient contextual information in most database-backed applications, Estrela allows developers to specify API-specific restrictions on data access and use. Estrela provides a clean separation between policy specification and the application's implementation, which facilitates easier auditing and maintenance of policies. Policies in Estrela consist of pre-evaluation and post-evaluation conditions, which provide the means to modulate database access before a query is issued, and to impose finer-grained constraints on information release after the evaluation of query, respectively. We build a prototype of Estrela and apply it to retrofit several real world applications (from 1000-80k LOC) to enforce different contextual policies. Our evaluation shows that Estrela can enforce policies with minimal overheads

A Hybrid Framework Combining Vehicle System Knowledge with Machine Learning Methods for Improved Highway Trajectory Prediction

Vehicle-to-vehicle communication is a solution to improve the quality of on-road traveling in terms of throughput, safety, efficiency and comfort. However, road users that do not communicate their planned activities can create dangerous situations, so prediction models are needed to foresee and anticipate their motions in the drivable space. Various prediction methods exist, either physics-based, data-based or hybrids, but they all make conservative assumptions about others’ intentions, or they are developed using unrealistic data, and it is unclear how they perform for trajectory prediction. In this work, we introduce and demonstrate an optimal hybrid framework that overcomes these limitations, by combining the predictions of several physics-based and data-based models. Using on-road measured data we show that this novel framework outperforms the individual models in both longitudinal and lateral position predictions. We also discuss the required prediction boundaries from a safety perspective and estimate the accuracies of the models in relation to automated vehicle functions. The results achieved by this method will enable increased safety, comfort and even more proactive reactions of the automated vehicles

Big IoT data mining for real-time energy disaggregation in buildings Citation for published version (APA): Big IoT data mining for real-time energy disaggregation in buildings

Abstract-In the smart grid context, the identification and prediction of building energy flexibility is a challenging open question, thus paving the way for new optimized behaviors from the demand side. At the same time, the latest smart meters developments allow us to monitor in real-time the power consumption level of the home appliances, aiming at a very accurate energy disaggregation. However, due to practical constraints is infeasible in the near future to attach smart meter devices on all home appliances, which is the problem addressed herein. We propose a hybrid approach, which combines sparse smart meters with machine learning methods. Using a subset of buildings equipped with subset of smart meters we can create a database on which we train two deep learning models, i.e. Factored FourWay Conditional Restricted Boltzmann Machines (FFW-CRBMs) and Disjunctive FFW-CRBM. We show how our method may be used to accurately predict and identify the energy flexibility of buildings unequipped with smart meters, starting from their aggregated energy values. The proposed approach was validated on a real database, namely the Reference Energy Disaggregation Dataset. The results show that for the flexibility prediction problem solved here, Disjunctive FFW-CRBM outperforms the FFWCRBMs approach, where for classification task their capabilities are comparable

Cognitive no-reference video quality assessment for mobile streaming services Citation for published version (APA): Cognitive No-Reference Video Quality Assessment for Mobile Streaming Services

Abstract-The evaluation of mobile streaming services, particularly in terms of delivered Quality of Experience (QoE), entails the use of automated methods (which excludes subjective QoE) that can be executed in real-time (i.e. without delaying the streaming process). This calls for lightweight algorithms that provide accurate results under considerable constraints. Starting from a low complexity no-reference objective algorithm for still images, in this work we contribute a new version that not only works for videos but, is general enough to adjust to a diverse range of video types while not significantly increasing the computational complexity. To achieve the necessary level of flexibility and computational efficiency, our method relies merely on information available at the client side and is equipped with a lightweight Artificial Neural Network which makes the algorithm independent from type of network or video. Its resource efficiency and generality make our method fit to be used in mobile streaming services. To prove the viability of our approach, we show a high level of correlation with the well-known full-reference method SSIM

Situation-Aware Drivable Space Estimation for Automated Driving

An automated vehicle (AV) must always have a correct representation of the drivable space to position itself accurately and operate safely. To determine the drivable space, current research focuses on single sources of information, either using pre-computed high-definition maps, or mapping the environment online with sensors such as LiDARs or cameras. However, each of these information sources can fail, some are too costly, and maps could be outdated. In this work a new method for situation-aware drivable space (SDS) estimation combining multiple information sources is proposed, which is also suitable for AVs equipped with inexpensive sensors. Depending on the situation, semantic information of sensed objects is combined with domain knowledge to estimate the drivability of the space surrounding each object (e.g. traffic light, another vehicle). These estimates are modeled as probabilistic graphs to account for the uncertainty of information sources, and an optimal spatial configuration of their elements is determined via graph-based simultaneous localization and mapping (SLAM). To investigate the robustness of SDS towards potentially unreliable sensors and maps, it has been tested in a simulation environment and real world data. Results on different use cases (e.g. straight roads, curved roads, and intersections) show considerable robustness towards unreliable inputs, and the recovered drivable space allows for accurate in-lane localization of the AV even in extreme cases where no prior knowledge of the road network is available

Topological Insights into Sparse Neural Networks

Sparse neural networks are effective approaches to reduce the resource requirements for the deployment of deep neural networks. Recently, the concept of adaptive sparse connectivity, has emerged to allow training sparse neural networks from scratch by optimizing the sparse structure during training. However, comparing different sparse topologies and determining how sparse topologies evolve during training, especially for the situation in which the sparse structure optimization is involved, remain as challenging open questions. This comparison becomes increasingly complex as the number of possible topological comparisons increases exponentially with the size of networks. In this work, we introduce an approach to understand and compare sparse neural network topologies from the perspective of graph theory. We first propose Neural Network Sparse Topology Distance (NNSTD) to measure the distance between different sparse neural networks. Further, we demonstrate that sparse neural networks can outperform over-parameterized models in terms of performance, even without any further structure optimization. To the end, we also show that adaptive sparse connectivity can always unveil a plenitude of sparse sub-networks with very different topologies which outperform the dense model, by quantifying and comparing their topological evolutionary processes. The latter findings complement the Lottery Ticket Hypothesis by showing that there is a much more efficient and robust way to find “winning tickets”. Altogether, our results start enabling a better theoretical understanding of sparse neural networks, and demonstrate the utility of using graph theory to analyze them