Publications
272 results found
Lupu EC, Sgandurra D, Di Cerbo F, et al., 2015, Sharing Data Through Confidential Clouds: An Architectural Perspective, 37th International Conference on Software Engineering (ICSE 2015), Publisher: IEEE
Cloud and mobile are two major computing paradigms that are rapidly converging. However, these models still lack a way to manage the dissemination and control of personal and business-related data. To this end, we propose a framework to control the sharing, dissemination and usage of data based on mutually agreed Data Sharing Agreements (DSAs). These agreements are enforced uniformly, and end-to-end, both on Cloud and mobile platforms, and may reflect legal, contractual or user-defined preferences. We introduce an abstraction layer that makes available the enforcement functionality across different types of nodes whilst hiding the distribution of components and platform specifics. We also discuss a set of different types of nodes that may run such a layer.
Lupu EC, Rodrigues P, Kramer J, 2015, Compositional Reliability Analysis for Probabilistic Component Automata, 37th International Workshop on Modeling in Software Engineering (ICSE 15), Publisher: Association for Computing Machinery/IEEE
In this paper we propose a modelling formalism, Probabilistic Component Automata (PCA), as a probabilistic extension to Interface Automata to represent the probabilistic behaviour of component-based systems. The aim is to supportcomposition of component-based models for both behaviour and non-functional properties such as reliability. We show how additional primitives for modelling failure scenarios, failure handling and failure propagation, as well as other algebraic operators, can be combined with models of the system architecture to automatically construct a system model by composing models of its subcomponents. The approach is supported by the tool LTSA-PCA, an extension of LTSA, which generates a composite DTMC model. The reliability of a particular system configurationcan then be automatically analysed based on the corresponding composite model using the PRISM model checker. This approach facilitates configurability and adaptation in which the software configuration of components and the associated composition of component models are changed at run time.
Lupu EC, Rodrigues P, Kramer J, 2015, On Re-Assembling Self-Managed Components, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015), Publisher: IEEE
Self-managed systems need to adapt to changes in requirements and in operational conditions. New components or services may become available, others may become unreliable or fail. Non-functional aspects, such as reliability or other quality-of service parameters usually drive the selection of new architectural configurations. However, in existing approaches, the link between non-functional aspects and software models is established through manual annotations that require human intervention on each re-configuration and adaptation is enacted through fixed rules that require anticipation of all possible changes. We proposehere a methodology to automatically re-assemble services and component-based applications to preserve their reliability. To achieve this we define architectural and behavioural models that are composable, account for non-functional aspects andcorrespond closely to the implementation. Our approach enables autonomous components to locally adapt and control their internal configuration whilst exposing interface models to upstream components.
Garcia-Alfaro J, Herrera-Joancomartà J, Lupu E, et al., 2015, Data privacy management, autonomous spontaneous security, and security assurance, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol: 8872, ISSN: 0302-9743
- Cite
- Citations: 7
Payton J, Labrador M, Silverston T, et al., 2014, CROWDSENSING'14: The first international workshop on crowdsensing methods, techniques, and applications, 2014 - Welcome and committees, 2014 IEEE International Conference on Pervasive Computing and Communication Workshops, PERCOM WORKSHOPS 2014
Rodrigues P, Lupu E, Kramer J, 2014, Compositional reliability analysis using probabilistic component automata, Departmental Technical Report: 14/9, Publisher: Department of Computing, Imperial College London, 14/9
Compositionality is a key property in the development and analy-sis of component-based systems. In non-probabilistic formalisms suchas Labelled Transition Systems (LTS) the functional behaviour of asystem can be readily constructed from the behaviours of its parts.However, this is not true for probabilistic extensions of LTS, whichare necessary to analyse non-functional properties such as reliability.We propose Probabilistic Component Automata (PCA) as a proba-bilistic extension to Interface Automata to automatically construct asystem model by composing models of its sub-components. In par-ticular, we focus on modelling failure scenarios, failure handling andfailure propagation. Additionally, we propose a novel algorithm basedon Compositional Reachability Analysis to mitigate the well-knownstate-explosion problem associated with composable models. BothProbabilistic Component Automata and the reduction algorithm havebeen implemented in the LTSA tool.
Rivera-Rubio J, Alexiou I, Bharath A, et al., 2014, Associating locations from wearable cameras
In this paper, we address a specific use-case of wearable or hand-held camera technology: indoor navigation. We explore the possibility of crowd-sourcing navigational data in the form of video sequences that are captured from wearable or hand-held cameras. Without using geometric inference techniques (such as SLAM), we test video data for navigational content, and algorithms for extracting that content. We do not include tracking in this evaluation; our purpose is to explore the hypothesis that visual content, on its own, contains cues that can be mined to infer a person's location. We test this hypothesis through estimating positional error distributions inferred during one journey with respect to other journeys along the same approximate path. The contributions of this work are threefold. First, we propose alternative methods for video feature extraction that identify candidate matches between query sequences and a database of sequences from journeys made at different times. Secondly, we suggest an evaluation methodology that estimates the error distributions in inferred position with respect to a ground truth. We assess and compare standard approaches from the field of image retrieval, such as SIFT and HOG3D, to establish associations between frames. The final contribution is a publicly available database comprising over 90,000 frames of video-sequences with positional ground-truth. The data was acquired along more than 3 km worth of indoor journeys with a hand-held device (Nexus 4) and a wearable device (Google Glass).
Markitanis A, Corapi D, Russo A, et al., 2014, Learning user behaviours in real mobile domains, Latest Advances in Inductive Logic Programming, Pages: 43-51, ISBN: 9781783265084
With the emergence of ubiquitous computing, innovations in mobile phones are increasingly changing the way users lead their lives. To make mobile devices adaptive and able to autonomously respond to changes in user behaviours, machine learning techniques can be deployed to learn behaviour from empirical data. Learning outcomes should be rulebased enforcement policies that can pervasively manage the devices, and at the same time facilitate user validation when and if required. In this chapter we demonstrate the feasibility of non-monotonic Inductive Logic Programming (ILP) in the automated task of extraction of user behaviour rules through data acquisition in the domain of mobile phones. This is a challenging task as real mobile datasets are highly noisy and unevenly distributed. We present two applications, one based on an existing dataset collected as part of the Reality Mining group, and the other generated by a mobile phone application called ULearn that we have developed to facilitate a realistic evaluation of the accuracy of the learning outcome.
Dickens L, Lupu EC, 2014, On Efficient Meta-Data Collection for Crowdsensing, First International Workshop on Crowdsensing Methods, Techniques, and Applications, Publisher: IEEE, Pages: 62-67
Participatory sensing applications have an on-going requirement to turn raw data into useful knowledge, and to achieve this, many rely on prompt human generated meta-data to support and/or validate the primary data payload. These human contributions are inherently error prone and subject to bias and inaccuracies, so multiple overlapping labels are needed to cross-validate one another. While probabilistic inference can be used to reduce the required label overlap, there is still a need to minimise the overhead and improve the accuracy of timely label collection. We present three general algorithms for efficient human meta-data collection, which support different constraints on how the central authority collects contributions, and three methods to intelligently pair annotators with tasks based on formal information theoretic principles. We test our methods’ performance on challenging synthetic data-sets, based on real data, and show that our algorithms can significantly lower the cost and improve the accuracy of human meta-data labelling, with little or no impact on time.
Rodrigues P, Lupu EC, Kramer JK, 2014, LTSA-PCA: Tool Support for Compositional Reliability Analysis, ICSE Companion 2014, Publisher: ACM, Pages: 548-551
Corapi D, Russo A, Lupu E, 2012, Inductive logic programming in answer set programming, Pages: 91-97, ISSN: 0302-9743
In this paper we discuss the design of an Inductive Logic Programming (ILP) system in Answer Set Programming (ASP) and more in general the problem of integrating the two. We show how to formalise the learning problem as an ASP program and provide details on how the optimisation features of modern solvers can be adapted to derive preferred hypotheses. © 2012 Springer-Verlag Berlin Heidelberg.
Gopalan A, Gowadia V, Scalavino E, et al., 2012, Policy driven remote attestation, Pages: 148-159, ISSN: 1867-8211
Increasingly organisations need to exchange and share data amongst their employees as well as with other organisations. This data is often sensitive and/or confidential, and access to it needs to be protected. Architectures to protect disseminated data have been proposed earlier, but absence of a trusted enforcement point on the end-user machine undermines the system security. The reason being, that an adversary can modify critical software components. In this paper, we present a policy-driven approach that allows us to prove the integrity of a system and which decouples authorisation logic from remote attestation. © 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering.
Asmare E, Gopalan A, Sloman M, et al., 2012, Self-Management Framework for Mobile Autonomous Systems, Journal of Network and Systems Management, Vol: 20, Pages: 244-275
The advent of mobile and ubiquitous systems has enabled the de- velopment of autonomous systems such as wireless-sensors for environmental data collection and teams of collaborating Unmanned Autonomous Vehicles (UAVs) used in missions unsuitable for humans. However, with these range of new application-domains come a new challenge – enabling self-management in mobile autonomous systems. Autonomous systems have to be able to manage themselves individually as well as to form self-managing teams which are able to recover or adapt to failures, protect themselves from attacks and optimise performance.This paper proposes a novel distributed policy-based framework that en- ables autonomous systems of varying scale to perform self-management indi- vidually and as a team. The framework allows missions to be specified in terms of roles in an adaptable and reusable way, enables dynamic and secure team formation with a utility-based approach for optimal role assignment, caters for communication link maintenance amongst team-members and recovery from failure. Adaptive management is achieved by employing a policy-based archi- tecture to enable dynamic modification of the management strategy relating to resources, role behaviour, communications and team management, without interrupting the basic software within the system.Evaluation of the framework shows that it is scalable with respect to the number of roles, and consequently the number of autonomous systems par- ticipating in the mission. It is also shown to be optimal with respect to role assignments, and robust to intermittent communication link disconnections and permanent team-member failures.
Rodrigues P, Lupu E, 2011, Model-based self-adaptive components: A preliminary approach, Pages: 73-79
Due to the increasing scale, complexity, dynamicity and heterogeneity of modern software systems, it is not feasible to solely rely upon human management to guarantee a good service level with such availability demand. Self-managing systems are needed as an effective approach to deal with those issues by exploiting adaptive techniques to adjust a system. On top of that, model-based adaptation improves reliability, hence enhancing trust in self-managing systems. However, a centralised approach can be too complex to manage thus compromising system dependability. This paper presents a preliminary decentralised approach on model-based self-adaptive components.
Craven, Lobo J, Lupu E, et al., 2011, Policy Refinement: Decomposition and Operationalization for Dynamic Domains, 7th IEEE Int. Conference on Network and Service Management (CNSM 2011), Publisher: IEEE
We describe a method for policy refinement. The refinement process involves stages of decomposition, operational- ization, deployment and re-refinement, and operates on policies expressed in a logical language flexible enough to be translated into many different enforceable policy dialects. We illustrate with examples from a coalition scenario, and describe how the stages of decomposition and operationaliztion work internally, and fit together in an interleaved fashion. Domains are represented in a logical formalization of UML diagrams. Both authorization and obligation policies are supported
Ma J, Russo A, Broda K, et al., 2011, Multi-agent abductive reasoning with confidentiality, Pages: 1071-1072
In the context of multi-agent hypothetical reasoning, agents typically have partial knowledge about their environments, and the union of such knowledge is still incomplete to represent the whole world. Thus, given a global query they need to collaborate with each other to make correct inferences and hypothesis, whilst maintaining global constraints. There are many real world applications in which the confidentiality of agent knowledge is of primary concern, and hence the agents may not share or communicate all their information during the collaboration. This extra constraint gives a new challenge to multi-agent reasoning. This paper shows how this dichotomy between "open communication" in collaborative reasoning and protection of confidentiality can be accommodated, by extending a general-purpose distributed abductive logic programming system for multi-agent hypothetical reasoning with confidentiality. Specifically, the system computes consistent conditional answers for a query over a set of distributed normal logic programs with possibly unbound domains and arithmetic constraints, preserving the private information within the logic programs. Copyright © 2011, International Foundation for Autonomous Agents and Multiagent Systems (www.ifaamas.org). All rights reserved.
Lobo J, Ma J, Russo A, et al., 2011, Refinement of History-Based Policies., Editors: Balduccini, Son, Publisher: Springer, Pages: 280-299, ISBN: 978-3-642-20831-7
We propose an efficient method to evaluate a large class of history-based policies written as logic programs. To achieve this, we dy- namically compute, from a given policy set, a finite subset of the history required and sufficient to evaluate the policies. We maintain this history by monitoring rules and transform the policies into a non history-based form. We further formally prove that evaluating history-based policies can be reduced to an equivalent, but more efficient, evaluation of the non history-based policies together with the monitoring rules.
Ma J, Russo A, Lupu E, et al., 2011, Multi-agent Confidential Abductive Reasoning, 27th International COnference on Logic Programming
Maggi FM, Corapi D, Russo A, et al., 2011, Revising Process Models through Inductive Learning, BPM 2010 Conference, Publisher: SPRINGER-VERLAG BERLIN, Pages: 182-+, ISSN: 1865-1348
- Author Web Link
- Cite
- Citations: 4
Ma J, Russo A, Broda K, et al., 2011, Multi-agent Hypothetical Reasoning with Confidentiality, 10th Conference on Autonomous Agents and Multi-Agent Systems
Scalavino E, Gowadia V, Ball R, et al., 2010, Mobile PAES: Demonstrating authority devolution for policy evaluation in crisis management scenarios, Proceedings - 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Policy 2010, Pages: 53-56
Traditional data protection schemes deployed in Enterprise Rights Management systems rely on centralised infrastructures where recipients must request authorisation for data access from remote evaluation authorities, trusted by the data originator to keep the data decryption keys and evaluate authorisation policies. During emergency situations when network connection is intermittent these solutions are no longer viable. This demonstration presents a implementation of the hierarchical Policy-based Authority Evaluation Protocol (PAES) that allows the devolution of authority over policy evaluations in a disconnected crisis area. The demonstration simulates the movements of rescuers in the area and the creation of opportunistic connections when they meet. These connections are then used for cross-evaluation of authority and distribution of cryptographic keys in addition to transmitting the data. PAES guarantees a correct policy evaluation at each encounter, so only authorised rescuers finally obtain the authority to access the disseminated data. © 2010 IEEE.
Russello G, Scalavino E, Dulay N, et al., 2010, Coordinating data usage control in loosely-connected networks, Pages: 30-39
In a disaster-recovery mission, rescuers need to coordinate their operations and exchange information to make the right judgments and perform their statutory duties. The information exchanged may be privileged or sensitive and not generally in the public domain. For instance, the assessment of the risk level in the disaster area where a chemical plant is located requires data about the nature of the potential chemical hazards and the probability of an hazardous event to occur. Such data may contain information that could be of value to a rival company and may generate chaos if released to the public. Retaining control of data that is shared between organisations can be achieved by deploying Enterprise Rights Management (ERM) systems. However, ERM systems rely on centralised authorities that must be contacted by client applications to obtain access rights. Such centralised solutions are not practical in a disaster scenario where communication infrastructure may have been damaged by the event making very difficult to establish reliable wide-are communications. In this paper, we propose a solution for the enforcement of usage control policies that leverage on the data dissemination model of Opportunistic Networks (oppnets). Our solution, named xDUCON, relies on the data abstraction of the Shared Data Space (SDS). Data and usage control policies are represented as tuples that are disseminated across the available SDSs connected through the oppnets. © 2010 IEEE.
Gowadia V, Scalavino E, Lupu EC, et al., 2010, Secure Cross-Domain Data Sharing Architecture for Crisis Management, ACM-DRM Workshop, Publisher: ACM
Craven R, Lobo J, Lupu EC, et al., 2010, Decomposition techniques for policy refinement., 6th Int. Conference on Network and Service Management, Publisher: IEEE, Pages: 72-79
The automation of policy refinement, whilst promis- ing great benefits for policy-based management, has hitherto received relatively little treatment in the literature, with few concrete approaches emerging. In this paper we present initial steps towards a framework for automated distributed policy refinement for both obligation and authorization policies. We present examples drawn from military scenarios, describe details of our formalism and methods for action decomposition, and discuss directions for future research.
Schaeffer A, Lupu EC, Sloman M, 2010, Policies to Enable Secure Dynamic Community Establishment, Network Science for Military Coalition Operations: Information Exchange and Interaction, Editors: Verma, Publisher: Information Science Reference, Pages: 121-145, ISBN: 9781615208555
Many coalition operations require the establishment of secure communities across the different networks that make up a coalition network. These communities are formed dynamically in order to achieve the goals of a specific mission, and frequently consist of mobile entities interconnected into a mobile ad-hoc network. Technologies are needed to create these communities, and manage their operations. In this chapter, the authors show how a framework for self-managed cells can be extended to provide this capability for coalition operations.
Calo S, Karat J, Lobo J, et al., 2010, Policy Technologies for Security Management in Coalition Networks, Network Science for Military Coalition Operations: Information Exchange and Interaction, Publisher: Information Science Reference, Pages: 146-173, ISBN: 978-1-61520-855-5
Gowadia V, Scalavino E, Lupu E, et al., 2010, Secure cross-domain data sharing architecture for crisis management, Departmental Technical Report: 10/12, Publisher: Department of Computing, Imperial College London, 10/12
Crisis management requires rapid sharing of data among organizationsresponding to the crisis. Existing crisis management practices rely on adhoc or centralized data sharing based on agreements written in natural language.The ambiguity of natural language specifications often leads to errorsand can hinder data availability. Therefore, it is desirable to develop automaticdata sharing systems. The need to share data during crises presentsadditional challenges, such as evaluation of security constraints in differentadministrative domains and in situations with intermittent network connectivity.We compare two different architectural approaches to develop securedata sharing solutions. The first approach assumes reliable network connectivity,while the second approach works in ad hoc networks. We then suggesta unified architecture that caters for both scenarios.
Bourdenas T, Sloman M, Lupu EC, 2010, Self-healing for Pervasive Computing Systems, Architecting Dependable Systems VII, Editors: Lemos, Casimiro, Gacek, Publisher: Springer, Pages: 1-25
The development of small wireless sensors and smart-phones have facilitated new pervasive applications. These pervasive systems are expected to perform in a broad set of environments with different capa- bilities and resources. Application requirements may change dynamically requiring flexible adaptation. Sensing faults appear during their lifetime and as users are not expected to have technical skills, the system needs to be self-managing. We discuss the Self-Managed Cell as an architectural paradigm and describe some fundamental components to address dis- tributed management of sensing faults as well as adaptation for wireless sensor nodes.
Bourdenas T, Sloman M, Lupu EC, 2010, Self-healing for Pervasive Computing Systems, Publisher: Springer Berlin Heidelberg, Pages: 1-25, ISSN: 0302-9743
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.