the paper presents SIGMA (Semantic Government Mash-up Application), a platform able to create mash-ups by providing access to open governmental data. the proposed solution is based on the existing semantic Web technol...
详细信息
the paper presents SIGMA (Semantic Government Mash-up Application), a platform able to create mash-ups by providing access to open governmental data. the proposed solution is based on the existing semantic Web technologies (especially RDF and SPARQL) and uses public distributed endpoints conforming to the Linked Data initiative. Also, SIGMA allows creating and deployment of independent plugins, encouraging the developers to build innovative applications, visualization solutions and mash-ups that give an improved access to the governmental data.
the use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, could have a detrimental effect on the ability of providers to effectively implement accesscontrols on their...
详细信息
the use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, could have a detrimental effect on the ability of providers to effectively implement accesscontrols on their content. In this article, we propose a stateful anonymous credential system that allows the provider to implement nontrivial, real-world accesscontrols on oblivious protocols conducted with anonymous users. Our system modelsthe behavior of users as a state machine and embeds that state within an anonymous credential to restrict access to resources based on the state information. the use of state machine models of user behavior allows the provider to restrict the users' actions according to a wide variety of accesscontrolmodels without learning anything about the users' identities or actions. Our system is secure in the standard model under basic assumptions and, after an initial setup phase, each transaction requires only constant time. As a concrete example, we show how to implement the Brewer-Nash (Chinese Wall) and Bell-La Padula (Multilevel Security) accesscontrolmodels within our credential system. Furthermore, we combine our credential system with an adaptive oblivious transfer scheme to create a privacy-friendly oblivious database with strong accesscontrols.
Run-time debugging tools are required to detect and diagnose post-deployment failures in wireless sensor networks. Reproducing a failure from the trace of past events can play a crucial role in diagnosis. We describe ...
详细信息
Run-time debugging tools are required to detect and diagnose post-deployment failures in wireless sensor networks. Reproducing a failure from the trace of past events can play a crucial role in diagnosis. We describe TinyTracer, an efficient interprocedural control-flow tracing tool that generates the trace of all interleaving concurrent events as well as the control-flow paths taken. TinyTracer enables reproducing failures at a later stage, allowing the programmer to diagnose failures effectively. In this demo, we demonstrate the ease of use of TinyTracer. We see TinyTracer as an important tool for post-deployment diagnosis, which can enable future research on trace-based debugging approaches for wireless sensor networks.
the enforcement of accesscontrol policies using cryptography has received considerable attention in recent years and the security of such enforcement schemes is increasingly well understood. Recent work in the area h...
详细信息
the enforcement of accesscontrol policies using cryptography has received considerable attention in recent years and the security of such enforcement schemes is increasingly well understood. Recent work in the area has considered the efficient enforcement of temporal and geo-spatial accesscontrol policies, and asymptotic results for the time and space complexity of efficient enforcement schemes have been obtained. However, for practical purposes, it is useful to have explicit bounds for the complexity of enforcement schemes. In this article we consider interval-based accesscontrol policies, of which temporal and geo-spatial accesscontrol policies are special cases. We define enforcement schemes for interval-based accesscontrol policies for which it is possible, in almost all cases, to obtain exact values for the schemes' complexity, thereby subsuming a substantial body of work in the literature. Moreover, our enforcement schemes are more practical than existing schemes, in the sense that they operate in the same way as standard cryptographic enforcement schemes, unlike other efficient schemes in the literature. the main difference between our approach and earlier work is that we develop techniques that are specific to the cryptographic enforcement of interval-based accesscontrol policies, rather than applying generic techniques that give rise to complex constructions and asymptotic bounds.
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a singl...
详细信息
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the reuse of previous authorization decisions, is one technique that has been used to address these challenges. this article introduces and evaluates the mechanisms for authorization "recycling" in RBAC enterprise systems. the algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed-accesscontrol mechanisms.
暂无评论