Publications
189 results found
Marinovic S, Craven R, Ma J, et al., 2011, Rumpole: a flexible break-glass access control model, New York, NY, USA, SACMAT 2011, Publisher: ACM, Pages: 73-82
Dong C, Russello G, Dulay N, 2011, Shared and searchable encrypted data for untrusted servers., Journal of Computer Security, Vol: 19, Pages: 367-397, ISSN: 0926-227X
Russello G, Scalavino E, Dulay N, et al., 2010, Coordinating data usage control in loosely-connected networks, Pages: 30-39
In a disaster-recovery mission, rescuers need to coordinate their operations and exchange information to make the right judgments and perform their statutory duties. The information exchanged may be privileged or sensitive and not generally in the public domain. For instance, the assessment of the risk level in the disaster area where a chemical plant is located requires data about the nature of the potential chemical hazards and the probability of an hazardous event to occur. Such data may contain information that could be of value to a rival company and may generate chaos if released to the public. Retaining control of data that is shared between organisations can be achieved by deploying Enterprise Rights Management (ERM) systems. However, ERM systems rely on centralised authorities that must be contacted by client applications to obtain access rights. Such centralised solutions are not practical in a disaster scenario where communication infrastructure may have been damaged by the event making very difficult to establish reliable wide-are communications. In this paper, we propose a solution for the enforcement of usage control policies that leverage on the data dissemination model of Opportunistic Networks (oppnets). Our solution, named xDUCON, relies on the data abstraction of the Shared Data Space (SDS). Data and usage control policies are represented as tuples that are disseminated across the available SDSs connected through the oppnets. © 2010 IEEE.
Twidle K, Marinovic S, Dulay N, 2010, Teleo-reactive policies in Ponder2, Pages: 57-60
Policies could potentially be an important and cost-effective technique for building and managing pervasive systems. Historically, policy-based systems have been built using a policy environment that supports the specification and enforcement of policies for a range of management concerns such as adaptation and security. In this short paper we describe our experiences with challenges in building human-centric pervasive systems. As a result of these experiences we introduce a novel management policy type based on teleo-reactive procedures that replace traditional ECA management policies. © 2010 IEEE.
Marinovic S, Twidle K, Dulay N, 2010, Teleo-Reactive workflows for pervasive healthcare, Pages: 316-321
There is growing interest in using workflows to describe, monitor and direct a wide-range of medical procedures in hospitals. Unlike their well-established business counterparts, medical workflows require a high degree of execution flexibility since it is impossible to anticipate all the possible circumstances that might influence their execution and it is important that staff are permitted to respond to situations flexibly. Medical workflows also need to be unobtrusive, since requiring staff to continually acknowledge task execution or enter workflow data will get in the way of delivering medical healthcare. In this paper we present a new approach to workflow specification based on Teleo-Reactive programs, where a workflow is not defined as a set of discrete steps, but rather as a goal-driven process. Workflow tasks are modelled as continuous context conditions or durative actions. TR workflows offer a high degree of flexibility and an easier way to model human-centric tasks than the traditional graphbased workflow models. We illustrate the approach with a small pervasive heaIthcare example and show how we also apply the approach to managing workflow resources and security. © 2010 IEEE.
Mostarda L, Sykes D, Dulay N, 2010, A state machine-based approach for reliable adaptive distributed systems, Pages: 91-100
Adaptive systems are often composed of distributed components that co-operate in order to achieve a global behaviour, and yet many approaches for adaptive systems are centralised or make strong assumptions about the distributed aspects of the problem. However, if insufficient attention is paid to the problem of decentralisation, especially in the difficult and unpredictable environments in which adaptive systems are commonly deployed, it can introduce inefficiencies, and even cause catastrophic failure. An adaptive system is either required to implement subtle synchronisation and consensus protocols or accept certain types of failure from which the system cannot recover. A major goal of our research is to facilitate the development of adaptive, reliable and distributed applications.We provide a framework in which a state machine language is used to define logically centralised behaviour. This is automatically translated into a reliable and efficient distributed implementation that enforces the correct co-ordination in the presence of unpredictable failures. © 2010 IEEE.
Mostarda L, Ball R, Dulay N, 2010, Distributed fault tolerant controllers, Departmental Technical Report: 10/3, Publisher: Department of Computing, Imperial College London, 10/3
Distributed applications are often built from sets of distributedcomponents that must be co-ordinated in order toachieve some global behaviour. The common approach is touse a centralised controller for co-ordination, or occasionallya set of distributed entities. Centralised co-ordinationis simpler but introduces a single point of failure and posesproblems of scalability. Distributed co-ordination offersgreater scalability, reliability and applicability but is harderto reason about and requires more complex algorithms forsynchronisation and consensus among components.In this paper we present a system called GOANNA thatfrom a state machine specification (FSM) of the global behaviourof interacting components can automatically generatea correct, scalable and fault tolerant distributed implementation.GOANNA can be used as a backend for differenttools as well as an implementation platform in its own right.
Dong C, Dulay N, 2010, Shinren: non-monotonic trust management for distributed systems, Departmental Technical Report: 10/5, Publisher: Department of Computing, Imperial College London, 10/5
The open and dynamic nature of modern distributed systems and pervasiveenvironments presents significant challenges to security management. Onesolution may be trust management which utilises the notion of trust in order tospecify and interpret security policies and make decisions on security-related actions.Most trust management systems assume monotonicity where additional informationcan only result in the increasing of trust. The monotonic assumptionoversimplifies the real world by not considering negative information, thus it cannothandle many real world scenarios. In this paper we present Shinren1, a novelnon-monotonic trust management system based on bilattice theory and the anyworldassumption. Shinren takes into account negative information and supportsreasoning with incomplete information, uncertainty and inconsistency. Informationfrom multiple sources such as credentials, recommendations, reputation andlocal knowledge can be used and combined in order to establish trust. Shinrenalso supports prioritisation which is important in decision making and resolvingmodality conflicts that are caused by non-monotonicity.
Russello G, Dong C, Dulay N, et al., 2010, Providing data confidentiality against malicious hosts in Shared Data Spaces, Pages: 426 - 439-426 - 439, ISSN: 0167-6423
This paper focuses on the protection of the confidentiality of the data space content when Shared Data Spaces are deployed in open, possibly hostile, environments. In previous approaches, the data space content was protected against access from unauthorised application components by means of access control mechanisms. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. When such an assumption does not hold, then encryption schemes can be used to protect the data space content from malicious hosts. However, such schemes do not support searching on encrypted data. As a consequence, performing retrieval operations is very expensive in terms of resource consumption. Moreover, in these schemes applications have to share secret keys requiring a very complex key management. In this paper, we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised components to share keys for inserting and retrieving tuples. Each authorised component can encrypt, decrypt, and search encrypted tuples without knowing other components’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given.
Cortellessa V, Trubiani C, Mostarda L, et al., 2010, An Architectural Framework for Analyzing Tradeoffs between Software Security and Performance, 1st International Symposium on Architecting Critical Systems, Publisher: SPRINGER-VERLAG BERLIN, Pages: 1-+, ISSN: 0302-9743
- Author Web Link
- Cite
- Citations: 5
Mostarda L, Marinovic S, Dulay N, 2010, Distributed Orchestration of Pervasive Services, 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), Publisher: IEEE COMPUTER SOC, Pages: 166-173, ISSN: 1550-445X
- Author Web Link
- Cite
- Citations: 16
Choujaa D, Dulay N, 2010, Predicting Human Behaviour from Selected Mobile Phone Data Points, 12th International Conference on Ubiquitous Computing, Publisher: ASSOC COMPUTING MACHINERY, Pages: 105-108
- Author Web Link
- Cite
- Citations: 12
Marinovic S, Twidle KP, Dulay N, et al., 2010, Teleo-Reactive policies for managing human-centric pervasive services., 6th IEEE Int. Conference on Network and Service Management, Publisher: IEEE, Pages: 80-87
Mostarda L, Ball R, Dulay N, 2010, Distributed Fault Tolerant Controllers, 10th IFIP International Conference on Distributed Applications and Interoperable Systems, Publisher: SPRINGER-VERLAG BERLIN, Pages: 141-154, ISSN: 0302-9743
Russello G, Dong C, Dulay N, et al., 2010, Providing data confidentiality against malicious hosts in Shared Data Spaces, Science of Computer Programming, Vol: 75, Pages: 426 - 439-426 - 439, ISSN: 0167-6423
This paper focuses on the protection of the confidentiality of the data space content when Shared Data Spaces are deployed in open, possibly hostile, environments. In previous approaches, the data space content was protected against access from unauthorised application components by means of access control mechanisms. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. When such an assumption does not hold, then encryption schemes can be used to protect the data space content from malicious hosts. However, such schemes do not support searching on encrypted data. As a consequence, performing retrieval operations is very expensive in terms of resource consumption. Moreover, in these schemes applications have to share secret keys requiring a very complex key management. In this paper, we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised components to share keys for inserting and retrieving tuples. Each authorised component can encrypt, decrypt, and search encrypted tuples without knowing other components’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given.
Dong C, Dulay N, 2010, Shinren: Non-monotonic Trust Management for Distributed Systems, 4th IFIP WG 11 11 International Conference on Trust Management, Publisher: SPRINGER-VERLAG BERLIN, Pages: 125-140, ISSN: 1868-4238
- Author Web Link
- Cite
- Citations: 5
Choujaa D, Dulay N, 2009, Routine classification through sequence alignment, Pages: 737-740
In this paper we draw a methodological connection between human routine classification and the sequence alignment problem in bioinformatics. We first observe that human days exhibit important time shifts and therefore align them for comparison prior to classification. Our technique is evaluated on bimodal data including GSM and Bluetooth information collected on mobile phones. The introduction of new alignment features is found to significantly improve the accuracy of routine classification. Copyright 2009 ACM.
Thing V, Sloman M, Dulay N, 2009, Locating Network Domain Entry and Exit point/path for DDoS Attack Traffic, IEEE Transactions on Network and Service Management, Vol: 6, Pages: 163-174, ISSN: 1932-4537
A method to determine entry and exit points or paths of DDoS attack traffic flows into and out of network domains is proposed. We observe valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses, to construct the attack paths. We consider deployment issues and show results from simulations to prove the feasibility of our scheme. We then implement our Traceback mechanism in C++ and more realistic experiments are conducted. The experiments show that accurate results, with high traceback speed of a few seconds, are achieved. Compared to existing techniques, our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. The scheme is simple and efficient, allowing for a fast traceback, and scalable due to the distribution of processing workload.
Russello G, Dulay N, 2009, xDUCON: Cross Domain Usage Control through Shared Data Spaces, IEEE Intl Symposium on Policies for Distributed Systems and Networks
, 2009, Policies for Self Tuning Home Networks, IEEE International Symposium on Policies for Distributed Systems and Networks
A home network (HN) is usually managed by a user who does not possess knowledge and skills required to perform management tasks. When abnormalities are detected, it is desirable to let the network tune itself under the direction of certain policies. However, self tuning tasks usually require coordination between several network components and most of the network\r\nmanagement policies can only specify local tasks. In this paper, we propose a state machine based policy framework to address the problem of fault and performance management in the context of HN. Policies can be specified for complex management tasks as global state machines which incorporate global system behaviour monitoring and reactions. We demonstrate the policy framework through a case study in which policies are specified for dynamic selection of frequency channel in order to improve wireless link quality when interferences present.\r\n
Thing V, Sloman M, Dulay N, 2009, Adaptive response system for distributed denial-of-service attacks, IFIP/IEEE International Symposium on Integrated Network Management, IM 2009, Publisher: IEEE, Pages: 809-814
Russello G, Dulay N, 2009, An Architectural Approach for Self-Managing Security Services, Fifth International Symposium on Frontiers of Information Systems and Network Applications
Ball R, Dulay N, 2009, Approximating Travel Times using Opportunistic Networking, 2nd IEEE Intl Workshop on Opportunistic Networking
Twidle K, Lupu E, Sloman M, et al., 2009, Ponder2: A Policy System for Autonomous Pervasive Environments, The Fifth International Conference on Autonomic and Autonomous Systems, Publisher: IEEE
Policies form an important part of management and can be an effective means of implementing self-adaptation in pervasive systems. Most policy-based systems focus on large-scale networks and distributed systems. Consequently, they are often fragmented, dependent on infrastructure and lacking flexibility and extensibility. This paper presents Pon- der2, a novel policy system that is suitable for a wide range of environments and applications. The design and implementation of Ponder2 emphasises simplicity, flexibil- ity and extensibility and provides users with the ability to interact easily with the managed system. Ponder2 can interact with other software and hardware components and is being used in environments ranging from single devices, to personal area networks, ad-hoc networks and distributed systems. We also describe PonderTalk, a high-level object orientated language inspired by Smalltalk for configuring and controlling Ponder2 systems.
Charalambides M, Flegkas P, Pavlou G, et al., 2009, Policy Conflict Analysis for DiffServ Quality of Service Management, IEEE Transactions on Network and Service Management, Vol: 6, Pages: 15-30, ISSN: 1932-4537
Policy-based management provides the ability to (re-)configure differentiated services networks so that desired Quality of Service (QoS) goals are achieved. This requires implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation to emerging traffic demands. A policy-based approach facilitates flexibility and adaptability as policies can be dynamically changed without modifying the underlying implementation. However, inconsistencies may arise in the policy specification. In this paper we provide a comprehensive set of QoS policies for managing Differentiated Services (DiffServ) networks, and classify the possible conflicts that can arise between them. We demonstrate the use of Event Calculus and formal reasoning for the analysis of both static and dynamic conflicts in a semi-automated fashion. In addition, we present a conflict analysis tool that provides network administrators with a user-friendly environment for determining and resolving potential inconsistencies. The tool has been extensively tested with large numbers of policies over a range of conflict types. © 2009 IEEE.
Asmare E, Gopalan A, Sloman M, et al., 2009, A Policy Based Management Architecture for Mobile Collaborative Teams, 2009 IEEE International Conference on Pervasive Computing and Communications (PerCom), Publisher: IEEE Computer Society, Pages: 169-174
AbstractùMany missions are deemed dangerous or impractical to perform by humans, but can use collaborating, self-managing Unmanned Autonomous Vehicles (UAVs) which adapt their behaviour to current context, recover from component failure or optimise performance. This paper describes a policy-based distributed self-management framework for both individual and teams of UAVs. We use three levels of specifications ù policy, mission class and mission instance to enable reuse of both policies and mission classes. The architecture has been tested on devices ranging from small laptops to body area networks. Initial evaluation shows the distributed architecture is scalable and outperforms a centralised mission management scheme.
Choujaa D, Dulay N, 2009, Aligning Activity Sequences for Continuous Tracking of Cellphone Users, 7th IEEE International Conference on Pervasive Computing and Communications, Publisher: IEEE, Pages: 465-470, ISSN: 2474-2503
Choujaa D, Dulay N, 2009, Activity Inference through Sequence Alignment, 4th International Workshop on Location- and Context-Awareness, Publisher: SPRINGER-VERLAG BERLIN, Pages: 19-36, ISSN: 0302-9743
- Author Web Link
- Cite
- Citations: 6
Mostarda L, Dong C, Dulay N, 2009, Context-based Authentication and Transport of Cultural Assets, Personal and Ubiquitous Computing
Choujaa D, Dulay N, 2009, Aligning Activity Sequences for Continuous Tracking of Cellphone Users., Publisher: IEEE Computer Society, Pages: 1-6
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.