Slowed muscle force production and sensory organization deficits contribute to altered postural control strategies in children with developmental coordination disorder

postprin

Structural alignment of RNA with triple helix structure

Structural alignment is useful in identifying members of ncRNAs. Existing tools are all based on the secondary structures of the molecules. There is evidence showing that tertiary interactions (the interaction between a single-stranded nucleotide and a base-pair) in triple helix structures are critical in some functions of ncRNAs. In this article, we address the problem of structural alignment of RNAs with the triple helix. We provide a formal definition to capture a simplified model of a triple helix structure, then develop an algorithm of O(mn(3)) time to align a query sequence (of length m) with known triple helix structure with a target sequence (of length n) with an unknown structure. The resulting algorithm is shown to be useful in identifying ncRNA members in a simulated genome. © Copyright 2012, Mary Ann Liebert, Inc. 2012.published_or_final_versio

Exclusion-intersection encryption

Identity-based encryption (IBE) has shown to be a useful cryptographic scheme enabling secure yet flexible role-based access control. We propose a new variant of IBE named as exclusion-intersection encryption: during encryption, the sender can specify the targeted groups that are legitimate and interested in reading the documents; there exists a trusted key generation centre generating the intersection private decryption keys on request. This special private key can only be used to decrypt the ciphertext which is of all the specified groups' interests, its holders are excluded from decrypting when the documents are not targeted to all these groups (e.g., the ciphertext of only a single group's interest). While recent advances in cryptographic techniques (e.g., attribute-based encryption or wicked IBE) can support a more general access control policy, the private key size may be as long as the number of attributes or identifiers that can be specified in a ciphertext, which is undesirable, especially when each user may receive a number of such keys for different decryption power. One of the applications of our notion is to support an ad-hoc joint project of two or more groups which needs extra helpers that are not from any particular group. © 2011 IEEE.published_or_final_versionThe 1st IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjuntion with IEEE INFOCOM 2011, Shanghai, China, 10-15 April 2011. In Conference Proceedings of INFOCOM WKSHPS, 2011, p. 1048-1053The 1st IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjuntion with IEEE INFOCOM 2011, Shanghai, China, 10-15 April 2011. In Conference Proceedings of INFOCOM WKSHPS, 2011, p. 1048-105

Supporting efficient authorization in delegation with supervision

Delegation is commonly used in organizations to transfer some permission by one user to another user. However, most existing delegation schemes do not support supervision, which allows the delegators to retain control over how the delegated permission can be exercised. In this paper, we will describe how to support efficient authorization in delegation with supervision using proxy signature techniques. © 2005 IEEE.published_or_final_versio

Heap graph based software theft detection

published_or_final_versio

Avoid illegal encrypted DRM content sharing with non-transferable re-encryption

Digital rights management (DRM) technology enables valuable electronic media content distribution while preserving content providers' rights and revenues. Traditional DRM system utilizes security techniques to restrict copying of media content or allow only a single copy to be made. However consumers are demanding for the right to make copies for personal use or the right to use content on any device. Several DRM infrastructures have been proposed for secure content sharing. These infrastructures usually require cooperation and participation of both DRM technology providers and content providers; however there is a popular flaw in these schemes: the malicious employees of DRM technology providers can distribute DRM enabled contents to any consumers or make copies of a purchased content accessible to any devices without letting content provider know, thus reducing content providers' benefit. In this paper, we propose a novel DRM infrastructure which is based on a non-transferable re-encryption scheme to solve the above problem inherent in existing DRM infrastructures. In the proposed infrastructure, DRM technology providers and content providers are required to cooperate to make a purchased digital content for a specific device accessible by other different devices, and get extra profit from providing such services. The system preserves DRM technology providers and content providers' security properties while achieving secure and mutual profitable DRM content sharing. Furthermore, we allow content providers to trace the content, and control the content sharing rights. Even when malicious employees in DRM technology providers and DRM agent collude, they cannot re-delegate access rights to any device without permission from content provider, thus preserving content provider's benefit. © 2011 IEEE.published_or_final_versionThe IEEE 13th International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of the 13th ICCT, 2011, p. 703-70

A privilege escalation vulnerability checking system for android applications

Android is a free, open source mobile platform based on the Linux kernel. The openness of the application platform attracts developers, both benign and malicious. Android depends on privilege separation to isolate applications from each other and from the system. However, a recent research reported that a genuine application exploited at runtime or a malicious application can escalate granted permissions. The attack depends on a carelessly designed application which fails to protect the permissions granted to it. In this research, we propose a vulnerability checking system to check if an application can be potentially leveraged by an attacker to launch such privilege escalation attack. We downloaded 1038 applications from the wild and found 217 potentially vulnerable applications that need further inspection.published_or_final_versionThe 13th IEEE International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of 13th ICCT, 2011, p. 681-68

JSBiRTH: Dynamic javascript birthmark based on the run-time heap

JavaScript is currently the dominating client-side scripting language in the web community. However, the source code of JavaScript can be easily copied through a browser. The intellectual property right of the developers lacks protection. In this paper, we consider using dynamic software birthmark for JavaScript. Instead of using control flow trace (which can be corrupted by code obfuscation) and API (which may not work if the software does not have many API calls), we exploit the run-time heap, which reflects substantially the dynamic behavior of a program, to extract birthmarks. We introduce JSBiRTH, a novel software birthmark system for JavaScript based on the comparison of run-time heaps. We evaluated our system using 20 JavaScript programs with most of them being large-scale. Our system gave no false positive or false negative. Moreover, it is robust against code obfuscation attack. We also show that our system is effective in detecting partial code theft. © 2011 IEEE.published_or_final_versionThe 35th IEEE Annual Computer Software and Applications Conference (COMPSAC 2011), Munich, Germany, 18-22 July 2011. In Proceedings of 35th COMPSAC, 2011, p. 407-41

Non-adaptive complex group testing with multiple positive sets

LNCS v. 6648 is conference proceedings of TAMC 2011Given n items with at most d of them having a particular property (referred as positive items), a single test on a selected subset of them is positive if the subset contains any positive item. The non-adaptive group testing problem is to design how to group the items to minimize the number of tests required to identify all positive items in which all tests are performed in parallel. This problem is well-studied and algorithms exist that match the lower bound with a small gap of logd asymptoticically. An important generalization of the problem is to consider the case that individual positive item cannot make a test positive, but a combination of them (referred as positive subsets) can do. The problem is referred as the non-adaptive complex group testing. Assume there are at most d positive subsets whose sizes are at most s, existing algorithms either require Ω(logs n) tests for general n or O((s+d/d) log n) tests for some special values of n . However, the number of items in each test cannot be very small or very large in real situation. The above algorithms cannot be applied because there is no control on the number of items in each test. In this paper, we provide a novel and practical derandomized algorithm to construct the tests, which has two important properties. (1) Our algorithm requires only O((d+s)d+s+1/(ddss log n) tests for all positive integers n which matches the upper bound on the number of tests when all positive subsets are singletons, i.e. s = 1. (2) All tests in our algorithm can have the same number of tested items k. Thus, our algorithm can solve the problem with additional constraints on the number of tested items in each test, such as maximum or minimum number of tested items. © 2011 Springer-Verlag.postprintThe 8th Annual Conference on Theory and Applications of Models of Computation (TAMC 2011), Tokyo, Japan, 23-25 May 2011. In Lecture Notes in Computer Science, 2011, v. 6648, p. 172-18

Secure end-to-end browsing system with mobile composition

To fix the more and more serious leakage problem in remote access to confidential data, the paper designs and implements a secure end-to-end browsing system with mobile composition. It enables mobile-authenticated users to browse confidential files stored at server side using their personal computers securely. The authentication function is in real-time such that the system can stop the browsing function once it detects that the authenticated mobile is out of the communication range of user's personal computer. © 2011 IEEE.published_or_final_versio