Cross-Domain Authorization Management Model for Multi- Levels Hybrid Cloud Computing

Size: px
Start display at page:

Download "Cross-Domain Authorization Management Model for Multi- Levels Hybrid Cloud Computing"

Transcription

1 Internatonal Journal of Securty and Its Applcatons, pp Cross-Doman Authorzaton Management Model for Mult- Levels Hybrd Cloud Computng L Na 1, Dong Yun-We 1, Che Tan-We 2, Wang Chao 3, Gao Yang 4 and ZhangYu-Chen 3 1 The School of Computer Scence and Technology, Northwestern Polytechncal Unversty, Shaanx provnce, Xan, Chna 2 The Computer Insttute, Xdan Unversty, Shaanx provnce, Xan, Chna 3 Informaton Engneerng Unversty, ZhengZhou, Chna 4 The Insttute of Surveyng and mappng, Shaanx provnce, Xan, Chna Abstract Amed at the securty problems of the cross-cloud, cross-level and cross-doman n mult-level hybrd cloud putng, the sngleness of the role establshment method, the mplct promoton of prvlege and the separaton of dutes conflct n the tradtonal cross-doman authorzaton management models, a new cross-doman authorzaton management model for mult-levels hybrd cloud putng s proposed based on a novel two-ter role archtecture. The two-ter role archtecture whch s setted n the area of arrangement can better meet the practcal needs of role establshment and management. Based on that, the proposed undrectonal role mappng for cross-doman authorzaton can avod the role mappng rngs. Besdes, by ntroducng attrbute and condton, dynamc adustment of prvleges s realzed. The model s descrbed formally n dynamc descrpton logc, ncludng concepts, relatons and management operatons. Fnally, the securty of the model s analyzed and an example s presented to llustrate the effectveness and practcalty. Keywords: Cloud Computng; Mult-Levels Hybrd Cloud Computng; Cross-Doman Role Mappng; Authorzaton Management Model; Dynamc Descrpton Logc 1. Introducton Cloud Computng s a new putng mode whch stores putng resources n confgurable shared pool of putng resources, enablng access to putng resources through some nets that are convenent, avalable, and on-demand. Cloud putng s one of the current hot topc n the feld of nformaton technology, whch s the focus concerned by the ndustry, the academa and the government. As one of the fve deployment patterns of cloud putng, mult-level hybrd cloud has receved wde attenton n recent years. Mult-levels hybrd cloud s posed of cloud modes of dfferent securty levels, of whch each cloud has dfferent securty levels and securty requrements, remanng relatvely ndependent, mutually provdng nteroperablty and data sharng, whch must brng securty ssues among clouds, levels and domans. Through a bnaton of many new and more extensve cloud servces, the cloud can provde cross-level cloud authentcaton, authorzaton, access control and other securty functons. Due to the characterstcs of cloud servce mode tself, these securty ssues are more plex. Though the nteroperablty between doman of mult-levels hybrd cloud realzed the sharng of the doman resources and servces. How to ensure the securty of managed subects and obects, realze nteroperablty between dfferent domans safely subect ISSN: IJSIA Copyrght c 2015 SERSC

2 Internatonal Journal of Securty and Its Applcatons nformaton sharng, make access control decson and access check, and to realze the authorzaton n mult-level hybrd cloud are mportant problems to be resolved. The man methods of cross-doman authorzaton are mappng, delegaton, strategy ntegraton, etc. [1-10] Because role-based access control (RBAC) model s wdely used n the nformaton system, usng the role mappng method to acheve cross-doman authorzaton and secure nteroperablty has got great attenton wth good unversalty and practcalty. And a seres of models and correspondng realzatons based on crossdoman role mappng are proposed. But they are easy to cause doman shuttle, potental safety hazard such as cross-doman, mplct promoton of prvlege and so on. IRBAC2000 [1] mplemented the ntegraton of access control polces between two statc domans, whle drbac [2] focused on dynamc change of permssons n multdoman nteroperaton. But these two models are subect to several securty problems such as mplct promoton of prvlege and separaton of dutes conflct. In order to ensure the securty of doman asked nteroperablty, many scholars have explored from dfferent angles. SHAFIQ B [3] tred to elmnate cross-doman securty conflcts through multdoman polcy ntegraton algorthm. In the work of MOHAMED S [4], cross-doman access paths were constructed to guarantee the securty and effectveness of the mappng chan. L [5] ntroduced rsk and confdence factors to avod the securty volaton cases. Zan Yang [6] ntroduced the concept of doman and ntegrated t wth roles, permssons and domans to solve cross-doman access problems and the uncertanty durng role mappng based on the fuzzy theory, mprovng the accuracy and practcablty of role mappng. Erc Freudenthal [7] provded an nteroperable method based on delegaton mechansm for mult-doman nteroperaton through thrd party delegaton and value attrbute. Hong Fan[8] ntroduced the concept of global role, doman role and related role to establsh the mappng relatonshp among mult domans. Guo Dongheng [9-10] adusted the threshold attrbute and doman sze of role mappng to dynamcally decde the mappng capablty of a role, mprovng the securty of cross doman nteroperablty. However, all the above methods are proposed based on the classcal RBAC wth the characterstc of role management n a sngle doman. And the classcal RBAC model has the defcences such as the sngleness of the role establshment method, the mplct promoton of prvlege and the separaton of dutes conflct and so on. No matter from the perspectve of organzatonal dvson of functon, or from the perspectve of the applcaton system of busness dvsons, all can't mplement the authorzaton management well, lmts the popularzaton and applcaton of the model. In order to resolve these problems above, a cross-doman authorzaton management model was proposed for mult-levels hybrd cloud putng. In the model, a two-ter role archtecture was proposed to mprove the model s practcablty. And cross-doman undrectonal role mappng method was put forward to enhance the securty of access control n mult-doman envronment. The model can support dynamc and cross-doman authorzaton management, defned formally n dynamc descrpton logc. 2. Dynamc Descrpton Logc Descrpton logc s a decdable subset of frst-order logc wth strong representaton and reasonng ablty. But t s lmted to the statc knowledge representaton and reasonng, can t effectvely support the characterzaton and reasonng of dynamc knowledge. Dynamc descrpton logc [11-14] s a formal descrpton tool used to descrbe and reasonng dynamc knowledge, whch s proposed based on descrpton logc. It not only has strong ablty of descrpton, but also ensures the decdablty of some reasonng problems. Wth the effcent nference algorthm, t has been a useful tool to represent access control model. In 2004, Sh Zhongzh [11] put forward Dynamc Descrpton Logc (DDL) based on the descrpton logc, dynamc logc and acton theory, brngng a new formal logc 344 Copyrght c 2015 SERSC

3 Internatonal Journal of Securty and Its Applcatons framework to smultaneously handle statc and dynamc knowledge. Based on Sh s theory, Chang Lang [12-14] extended the expresson and reason of DDL and proposed ts tableau decson algorthm, provdng the logcal support for the modelng and reasonng of acton. The concepts and symbols about DDL used n ths paper are presented based on the work n lterature [11-15], ncludng concepts, relatons, formulas, actons, and some theorems. Besdes, role n DDL s defned as relaton n ths paper so as to dstnct wth the noton role n RBAC. 3. Man Idea of the Model 3.1 Two-ter Role Archtecture In order to reduce the burden of authorzaton management, the concept of role was ntroduced nto the classc RBAC as a brdge of users and permssons. Authorzaton management n RBAC ncludes User-Role assgnment and Role-Permsson assgnment. As known to all, Role-Permsson assgnment requres deep knowledge of applcaton level semantcs, whle User-Role assgnment s a personnel management functon of organzaton level, whch requres greater understandng of human sde. In an RBAC system, actually t s hard to search a manager from holdng the knowledge of both human sde and applcaton system at the same tme. To resolve ths problem, based on the work of REN Zhyu [15], we dvde the tradtonal role nto poston role of organzaton level and applcaton role of applcaton level, and a two-ter role archtecture s proposed as Fgure 1. In the organzaton level, poston role s defned based on the poston and responsblty of users n the organzaton. Whle n the applcaton level, applcaton role s defned accordng to the busness process of the applcaton system. Based on the two-ter role archtecture, the authorzaton management wll be more explct. On the one hand, admnstrators of organzaton level holdng the knowledge of human sde take responsbltes for the creaton of poston role, user-poston role assgnment and the mappng relaton between these two roles. After mappng relatonshp, the late mantenance workload s small. On the other hand, admnstrators of applcaton level famlar wth the nformaton system are responsble for the creaton of applcaton role and applcaton role-permsson assgnment. At the same tme, both roles retan role herarchy and role tree, and two knds of nodes are defned: vrtual node and role node, where vrtual node s used as a vrtual role to buld the role tree. Vrtual node n the poston role tree s known as an organzaton or department, whle several applcaton systems n the applcaton role tree. role R user U Poston role PR Applcaton role AR permsson P Organzatonal level Applcaton level Fgure 1. Two-Ter Role Archtecture of Poston Role and Applcaton Role Copyrght c 2015 SERSC 345

4 Internatonal Journal of Securty and Its Applcatons 2.2. Cross Doman Authorzaton Management based on Undrectonal Role Mappng Undrectonal role mappng method was used to realze the cross-doman authorzaton management and mantan the ndependence of the nternal polces n a sngle doman. In order to mantan the ndependence of the nternal securty polces, the poston role s dvded nto nternal role and mappng role. The former role s used to authorzaton n a sngle doman, whch s only allowed to assocate wth the applcaton role and permssons n the nternal doman. Whle the latter s specfcally desgned to crossdoman role mappng. To accord wth the start and end pont of the role mappng, the mappng poston role ncludes In-role and Out-role. The former s at the start pont of the mappng relatonshp, used to obtan the permsson mapped from external doman. Whle the latter s at the end pont, used to map the permssons n the nternal doman to other domans. The set of Inrole and that of Out-role are dsont. Users assgned In-role can obtan permssons from the external doman, but t s not allowed for users assgned Out-role. The Out-role can assocate wth applcaton role to obtan the permssons and then map them to other domans, but t s not allowed for In-role. Through the dvson of the poston roles nto nternal role and mappng role, the model can protect the securty polcy from external nfluence of other domans. And by dvdng mappng poston role nto In-role and Out-role, the model can ensure the crossdoman permsson solaton and make the permsson flow undrectonal. Meanwhle, through role dvson and undrectonal role mappng, the model can mplement statc and dynamc separaton of duty (SSoD, DSoD). Besdes, trust, condton and attrbute can be ntroduced nto the model to realze dynamc authorzaton, mprovng the flexblty, securty and extensblty. 4. DDL-Based Descrpton of the Model The proposed cross-doman authorzaton management model for mult-level hybrd cloud putng s shown as Fgure 2. The concepts, relatons and operatons are descrbed n dynamc descrpton logc (DDL), where operatons are expressed as actons n DDL. Defnton 1: Concepts (1) USER S ROLE PRMS OPE RES represent the set of users, sessons, roles, permssons, operatons and resources respectvely. As the same wth classc RBAC, permsson s a tuple conssted of operaton and resource. (2) AROLE and PROLE are respectvely applcaton roles and poston roles. ROLE AROLE PROLE. (3) CARD means cardnal number, and CARD N. It manly means the maxmum number of role assgnment, whch represents the maxmum number of poston role assgned to users or that of applcaton role mapped to applcaton role. (4) ATTR means attrbutes. Users, roles and permssons all have attrbutes. Attrbutes can be used n user-role assgnment, role actvaton and access process. (5) SYS means system states, whch are system envronmental parameters, such as tme, locaton and IP address, etc. (6) CON means condton, representng the constrants when users access resources. The concepts above use the name of management doman as the subscrpt, ndcatng that the concept belongs to dfferent management domans. The nstance of concepts also uses the name of management doman as the subscrpt, showng the concept nstances belongng to dfferent management domans. 346 Copyrght c 2015 SERSC

5 Internatonal Journal of Securty and Its Applcatons ValSatfy Prole HasCard dom PDynamc Mutex PStatc Mutex Cardnal number CARD Attrbute Value VATTR ValOfAttr Internal Role PROLEI PROLEMI PROLEMO Mappng Roles PROLEM Job Roles PROLE System status SYS Attrbute ATTR SysState OfUser PRole HasAttr HasChld PRole Assgned User Users USER CrossDomMap ValSatfy PDynamc Mutex PStatc Mutex HasChld PRole Actve PRoleInS CrossUserFoundS SysHasCon Sessons S Attrbute ValOfAttr Value Attrbute VATTR ATTR Internal Role PROLEI PROLEMI PROLEMO Mappng Roles PROLEM Job Roles PROLE Condtons CON PRole HasAttr Prole MapARole Prole HasCard Cardnal number CARD ConSatfy PrmsHasCon PrmsHasAttr Permssons PRMS Assgned ARole Applcaton Roles AROLE Fgure 2. Cross-Doman Authorzaton Management Model for Mult-Levels Hybrd Cloud Computng Defnton 2: Intra-doman atomc relatons Intra-doman atomc relatons are manly ncludes: (1) PStatcMutex, PDynamcMutex are statc and dynamc mutually exclusve relatonshp between poston roles respectvely. AStatcMutex, ADynamcMutex are statc and dynamc mutually exclusve relatonshp between applcaton roles respectvely. (2) HasChldPRole, HasChldARole, HasChldPrms are herarchy relatonshp of poston roles, applcaton roles and relatonshp between father and son of permsson respectvely. (3) AssgnedUser means user-poston role assgnment. AssgnedARole s the drect assgnment of applcaton role to permsson, whch only ncludes explct permsson of the applcaton role. (4) PRoleMapARole s the mappng relatonshp of poston role and applcaton role. Only when both are role nodes, the relatonshp exsts from poston role to applcaton role. (5) UserHasAttr, PRoleHasAttr, PrmsHasAttr means that the user, poston role and permsson have some attrbutes respectvely. (6) ValOfAttr means the tuple relatonshp between attrbute and attrbute values. ValSatfy means the satsfed relatonshp among attrbute values. (7) SysHasCon, PrmsHasCon represent the real-tme condton of current state and the condton satsfed when usng permssons respectvely. ConSatfy s the satsfed relatonshp among condtons. (8) ) UserFoundS s the relatonshp between user and sesson, where a user can creates multple sessons, whle a sesson can map to only one user. Besdes, only one poston role can be actvated n a sesson. (9) ActvePRoleInS s actvated poston role n a gven sesson. Defnton 3: Cross-doman atom relatons Cross-doman authorzaton manly ncludes the followng atom relatons: (1) CrossDomMap s cross-doman role mappng relatonshp, whch maps In-role n the ntal doman to Out-role n the target doman. It makes the In-role n the ntal doman to obtan the permsson of Out-role n the target doman. Ths relaton s not transtve and symmetry. It s undrectonal relaton mentoned above. dom Copyrght c 2015 SERSC 347

6 Internatonal Journal of Securty and Its Applcatons (2) CrossUserFoundS s the relatonshp from user n the ntal doman to the sesson n the target doman. (3) CrossPStatcMutex, CrossPDynamcMutex are cross-doman statc and dynamc mutually exclusve relatonshp of In-role n the ntal doman. It s the extended relatonshp of statc and dynamc mutually exclusve relatonshp of Out-role n the target doman. Defnton 4: Complex relatons Based on defnton 7 and defnton 8, plex relatons can be posed. The followng are some examples. (1) UserHasPrms AssgnedUser PRoleMapARole ARoleHasPrms (2) PRoleHasPrms PRoleMapARole ARoleHasPrms (3) PRoleHasPrms PRoleMapARole ARoleHasPrms (4) ActvePrmsInS ActvePRoleInS PRoleMapARole ARoleHasPrms Due to space lmtaton, only parts of relatons are presented n defnton 2,defnton 3, defnton 4 and Fgure 2. Defnton 5: Cross-doman permsson management operatons Due to space lmtaton, only some key operatons referred to cross-doman authorzaton are presented. It s assumed that, means the name of management doman, and. There are several operatons n the model, such as assgnng poston role to a user, establshng cross-doman undrectonal role mappng, establshng cross-doman sesson of access resource and so on. Take the thrd operaton above as an example, whch s defned as follows. Operaton: Establshng cross-doman sesson of access resource Create _ CrossSesson( user, s, prole ) ( USER( user ) PROLEMO( prole ) UserHasCrossPRole( user, prole ))?; dom dom ( PDynamcMutex( prole, UserActveCrossPRole. user )?; dom ( ADynamcMutex( PRoleMapARole. prole, UserActveARole. user ))?; ConSatfy( UserHasCon. user, PrmsHasCon.( PRoleHasPrms. prole ))?; ValSatfy( ValOfAttr.( UserHasAttr. user ), ( ValOfAttr.( PrmsHasAttr.( AssgnedARole.( PRoleMapARole. prole )))))?; ({ S( s ), UserFoundS( user, s ), ActvePRoleInS( s, prole )}, { S( s ), UserFoundS( user, s ), ActvePRoleInS( s, prole ), ActveARoleInS( s, PRoleMapARole. prole ), ActvePrmsInS( s, AssgnedARole.( PRoleMapARole. prole )), UserActveCrossPRole( user, prole ), UserActveCrossARole( user, PRoleMapARole. prole ), UserActveCrossPrms( user, PRoleMapARole. prole )}); UpdateValOfUserAttr( user )) The steps are as follows: 1 check whether prole s assgned to user through crossdoman operatons; 2 check whether prole s not dynamc mutually exclusve wth user s actve poston role n the target doman ; 3 check whether the applcaton role mapped from prole s not dynamc mutually exclusve wth user s actve applcaton role 348 Copyrght c 2015 SERSC

7 Internatonal Journal of Securty and Its Applcatons n the target doman; 4 check whether the current state of users satsfy the condtons of access permssons; 5 check whether the attrbute values of users n ths sesson are satsfed wth the condtons of access permssons; 6 create sesson for the user user, and actvate the correspondng poston roles, applcaton roles and permssons; 7 update the user s attrbutes. 5. Securty Analyss of the Model Accordng to securty and autonomy prncples of secure nteroperaton [16], securty n cross-doman authorzaton management should abde by the followng prncples: Prncple C1: the cross-doman role mappng shouldn t affect the ntra-doman permssons of users. Prncple C2: the statc mutually constrants won t be volated because of the crossdoman role mappng between the role n the ntal doman and that n the target doman. Prncple C3: the dynamc mutually constrants won t be volated because of the crossdoman role mappng. The method to ensure the satsfcaton of above prncples s to check whether the statc or dynamc duty of separaton may be volated because of the cross-doman role mappng. In other words, the model should ensure that the followng formulas mustn t be satsfed durng the cross-doman undrectonal role mappng. f1: PROLE ( prole ) PRMS ( prms ) PRoleHasCrossPrms ( prole, prms ) f2: PStatcMutex ( prole, prole ') UserHasCrossPRole ( user, prole ) UserHasCrossPRole ( user, prole ') f3: PDynamcMutex ( prole, prole ') UserActveCrossPRole ( user, prole ) UserActveCrossPRole ( user, prole ') Take formula f1 as an example, and the process of checkng ts satsfacton s shown as follows. Proof: the formula f1 can t be satsfed. The formula f1 manly checks whether the permsson of the poston roles n the local doman wll ncrease because of cross-doman mappng. The man dea s that, suppose the poston role prole ddn t own the permsson prms n the nternal doman, and then check whether the formula f1 s satsfed after the role mappng. After role mappng, the reason why there are changes on the permssons of the poston role n the ntal doman s that, the cross-doman role mappng and role herarchy form a crcle of permsson flow, brngng the mplct promoton of prvlege of the poston roles n the ntal doman. Because the cross-doman role mappng operaton Creat _ CrossMap requres that the start pont of the mappng should be In-role and the end pont should be Out-role, the crcle reles on both cross-doman role mappng and role herarchy n the ntra-doman. Fgure 3 llustrates that cross-doman role mappng and role herarchy, construst a mappng chan from the start pont n the ntal doman to tself, where Fgure 3(a) s an example between two domans and Fgure 3(b) among multple domans. Copyrght c 2015 SERSC 349

8 Internatonal Journal of Securty and Its Applcatons n pr n pr n ' pr ar pr pr 1 p ar pr pr ' pr ' p pr ' pr 1 ' 1 (a)role mappng between two doman (b) role mappng among mult-doman Fgure 3. Cross-Doman Role Mappng and Role Herarchy Formng Crcle of Permsson Flow Take Fgure 3(a) as an example to prove the satsfacton of formula f1. Frst, suppose that the role pr ' n doman s related to ts senor role pr through the cross-doman role mappng CrossDomMap ( pr', pr ), CrossDomMap ( pr', pr ), the role herarchy HasChldPRole ( pr, pr ') between role pr and pr '. Then, check whether the permssons of role pr ' wll ncrease through the mappng chan pr ' pr pr ', obtanng the permssons of ts senor role pr. The state of Fgure 3(a) can be expressed by the followng formulas: A ={ PROLE ( pr ), PROLE ( pr '), AROLE ( ar ), PRMS ( p ), PROLE ( pr 1), PROLE( pr ), HasChldPRole ( pr, pr '), HasChldPRole ( pr, pr '), 1 PRoleHasPrms ( pr, p ), PRoleHasPrms ( pr, p ), CrossDomMap ( pr', pr ), CrossDomMap ( pr, pr ) } Based on CrossDomMap ( pr', pr ), CrossDomMap ( pr', pr ) and HasChldPRole ( pr, pr '), though role pr ' s assocated wth pr through operaton Creat _ CrossMap, there aren t permssons transmttng n the mappng chan pr ' pr pr ' because of the followng reasons. Because cross-doman role mappng s undrectonal, pr can t gan excessve permssons of outer doman, and can only transmt permsson n doman to pr '. Therefore, t can t transmt the permssons of any outer doman, ncludng the ntal doman, to role pr '. Accordng to the defnton of the relaton between poston roles, there s no permsson nhertance relaton between a poston role and ts subordnate role. So role pr can t nhert the permssons of pr '. Based on the analyss above, the cross-doman undrectonal role mappng won t make the permssons of poston role n the ntra doman ncrease. The concluson s effectve for multple domans as Fgure 3(b) as well. Based on the dscusson above, t s easy to know that formula f1 s not tenable and the prncple C1 s satsfed. The formula f2 and formula f3 can be proved n the same way. 6. An Example of Cross-Doman Authorzaton An example s present to llustrate the applcaton of the cross-doman authorzaton management model for mult-level hybrd cloud putng. 350 Copyrght c 2015 SERSC

9 Internatonal Journal of Securty and Its Applcatons Suppose that a school un cooperates wth a pany to do some research. Durng the cooperaton, there are two poston roles named admnstrator and developer n the pany. For better resource sharng, cooperaton and secure resource access, a new role named as parner un s ntroduced nto the poston role set of the school, used to map the roles of outer doman. The poston role parner un s mapped to applcaton role user un n un through the relaton PRolrMapARole ( parner un, user un ). And the poston role developer n s mapped to parner un n the school through cross-doman mappng relatons CrossDomMap ( developer, parner un ). Suppose zhang s a user n the pany, who was assgned role developer, and then obtaned the outer-doman role parner un through cross-doman role mappng. The example s shown as Fgure 4. dowwnload zhang developer partner user browse un Fgure 4. An Example of Cross Doman Role Mappng and Authorzaton The process of cross-doman access by user Create _ CrossSesson( zhang, s, partner ) un un zhang s presented as follows: ( USER( zhang ) PROLER( partner ) UserHasCrossPRole( zhang, partner ))?; un un ( PDynamcMutex( zhang, UserActveCrossPRole. zhang ))?; ( ADynamcMutex( PRoleMapARole. partner, UserActveARole. zhang ))?; ConSatfy( UserHasCon. zhang, Pr mshascon. download )?; ValSatfy( ValOfAttr.( UserHasAttr. zhang ), un ( ValOfAttr.( Pr mshasattr.( AssgnedARole.( PRoleMapARole. partner )))))?; ({ S( s ), UserFoundS( zhang, s ), ActvePRoleInS( s, partner )}, un un un un { S( s ), UserFoundS( zhang, s ), ActvePRoleInS ( s, partner ) un un un un ActveARoleInS ( s, PRoleMapARole. partner ), un Actve Pr msins ( s, AssgnedARole.( PRoleMapARole. partner )), un UserActveCrossPRole( zhang, partner ), UserActveCrossARole( zhang, PRoleMapARole. partner ), UserActveCross Pr ms( zhang, PRoleMapARole. partner )}); UpdateValOfUserAttr( zhang ) Based on the current state, the attrbute of the user zhang can satsfy the condton of executng the operaton Create _ CrossSesson ( zhang, sun, partner un ). So the request s allowed and zhang can access the requested resources. un un un un un un un Copyrght c 2015 SERSC 351

10 Internatonal Journal of Securty and Its Applcatons From the example above, t s not dffcult to conclude that the cross-doman authorzaton management model for mult-levels hybrd cloud putng s effectve and feasble n resolvng the authorzaton of cross-doman envronment. 7. Concluson Due to the securty problems of the cross-cloud, cross-level and cross-doman n multlevels hybrd cloud putng, the sngleness of the role establshment method, the mplct promoton of prvlege and the separaton of dutes conflct, a cross-doman authorzaton management model for mult-levels hybrd cloud putng was proposed. Based on the role splttng, a novel two-ter role archtecture of poston role and applcaton role was ntroduced nto the model to satsfy the practcal needs of organzaton level and applcaton level at the same tme. Undrectonal role mappng was presented to realze the secure cross-doman authorzaton and nteroperaton. Attrbutes, condtons and other dynamc elements are ntroduced to provde dynamc and fnegraned authorzaton wth better adaptablty. The dynamc descrpton logc was used to descrbe and characterze the model. The securty of the model was analyzed wth the reasonng functon of dynamc descrpton logc, showng that the model satsfes the prncple of autonomy and securty. Fnally, the feasblty, practcalty and effectveness of the model are llustrated through an example of cross-doman authorzaton. References [1] A. Kapada, J. Al-Muhtad, CAMPBELL D, et al. IRBAC 2000:Secure Interoperablty Usng Dynamc Role Translaton[R]. Chcago: Unversty of Illnos, (2000). [2] E. Freudenthal, T. Pesn, L. Port, drbac: Dstrbuted role-based access control for dynamc coalton envronment[c]. In Proceedngs of the 22nd Internatonal Conference on Dstrbuted Computng Systems, Pscataway, NJ: IEEE Press, (2002), pp [3] B. Shafq, J B D Josh, E. Benno, Secure nteroperaton n a mult doman envronment employng RBAC polces[j], IEEE Transactons on Knowledge and Data Engneerng, vol. 17, no. 11, (2005) pp [4] S. Mohamed, B. Elsa, G. Arf, SERAT: secure role mappng technque for decentralzed secure nteroperablty[c], In Proceedngs of ACM Symposum on Access Control Models and Technologes. New York: ACM Press, (2005), pp [5] L. Ruxuan, H. Jngwe, T. Zhuo. R2BAC:a rsk-based mult-doman secure nteroperaton model [J] Journal of Communcatons, vol. 29, no. 10, (2008), pp [6] Z. Yang, L. Yang, X-yang Luo, et al. Model of Doman based RBAC and Supportng Technologes[J], JOURNAL OF COMPUTERS, vol. 8, no. 5, (2013), pp [7] E. Freudenthal, T. Pesn, et al. drbac: Dstrbuted Role-based Access Control for Dynamc Coalton Envronments[C], Proceedngs of the 22nd Internatonal Conference on Dstrbuted Computng Systems (ICDCS 02). IEEE Computer Socety, (2002). [8] L. Junguo, H. Fan, Y. Quwe et.al., Toward Securty Analyss of the drbac Model[J]. Journal of Chnese Computer Systems vol. 28, no. 7, (2007), pp [9] G. Dongheng. Research on mult-doman securty nteroperaton[d], Chong Qng: Chong Qng Unversty Master Degree Dsserton.(2013). [10] Y. Chunxao, G. Dongheng, Research on secure nteroperaton n mult-doman envronment[j] Journal of Computer Applcatons vol. 32, no. 12, (2012), pp [11] S. Zhongzh, D. Mnka, J. Yuncheng, Logc Bass of Semantc Web [J], Scence n Chna, vol. 34, no. 10, (2004), pp [12] C. Lang, S. Zhongzh, C. Lmn, Fmaly of Extended Dynamc Descrpton Logcs[J],Journal of Software, vol. 21, no. 01,(2010), pp [13] C. Lang, S. Zhongzh, Q. Lrong, A Tableau Decson Algorthm for Dynamc Descrpton Logc[J], Chnese Journal of Computers, vol. 31, no. 06, (2008), pp [14] C. Lang, C. Lmn, Acton Theory Based on the Dynamc Descrpton Logc DDL[D]. Computer Scence, vol. 38, no. 7, (2011), pp [15] R. Zhyu, C. Xngyuan, S. Dbn, Cross-doman authorzaton management model based on two-ter role mappng, Joumal of Computer Applcatons, vol. 33, no. 9, (2013), pp [16] L. Gong and X. Qan, Computatonal ssues n secure nteroperaton[c], IEEE Transactons on Software and Engneerng, vol. 22, no. 1, (1996), pp Copyrght c 2015 SERSC

A Secure Password-Authenticated Key Agreement Using Smart Cards

A Secure Password-Authenticated Key Agreement Using Smart Cards A Secure Password-Authentcated Key Agreement Usng Smart Cards Ka Chan 1, Wen-Chung Kuo 2 and Jn-Chou Cheng 3 1 Department of Computer and Informaton Scence, R.O.C. Mltary Academy, Kaohsung 83059, Tawan,

More information

A Generalized Temporal and Spatial Role-Based Access Control Model

A Generalized Temporal and Spatial Role-Based Access Control Model 92 JOURNAL OF NETWORKS, VOL. 5, NO. 8, AUGUST 200 A Generalzed Temporal Spatal Role-Based Access Control Model + Natonal Central Polce Unverst/ Depart. of Informaton Management, Taouan, Tawan E-mal: swang@mal.cpu.edu.tw

More information

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis The Development of Web Log Mnng Based on Improve-K-Means Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.

More information

Improved SVM in Cloud Computing Information Mining

Improved SVM in Cloud Computing Information Mining Internatonal Journal of Grd Dstrbuton Computng Vol.8, No.1 (015), pp.33-40 http://dx.do.org/10.1457/jgdc.015.8.1.04 Improved n Cloud Computng Informaton Mnng Lvshuhong (ZhengDe polytechnc college JangSu

More information

Some literature also use the term Process Control

Some literature also use the term Process Control A Formal Approach for Internal Controls Complance n Busness Processes Koumars Namr 1, Nenad Stojanovc 2 1 SAP Research Center CEC Karlsruhe, SAP AG, Vncenz-Preßntz-Str.1 76131 Karlsruhe, Germany Koumars.Namr@sap.com

More information

Fault tolerance in cloud technologies presented as a service

Fault tolerance in cloud technologies presented as a service Internatonal Scentfc Conference Computer Scence 2015 Pavel Dzhunev, PhD student Fault tolerance n cloud technologes presented as a servce INTRODUCTION Improvements n technques for vrtualzaton and performance

More information

A DYNAMIC CUSTOMIZABLE ARCHITECTURE FOR SAAS BASED PLATFORM

A DYNAMIC CUSTOMIZABLE ARCHITECTURE FOR SAAS BASED PLATFORM A DYNAMIC CUSTOMIZABLE ARCHITECTURE FOR SAAS BASED PLATFORM 1 WEIZHI LIAO, 2 LINFU SUN 1 School of Electromechancal Engneerng, UESTC of Chna, Chengdu 610054, Chna 2 CAD Engneerng Center, Southwest JIAOTONG

More information

Study on Model of Risks Assessment of Standard Operation in Rural Power Network

Study on Model of Risks Assessment of Standard Operation in Rural Power Network Study on Model of Rsks Assessment of Standard Operaton n Rural Power Network Qngj L 1, Tao Yang 2 1 Qngj L, College of Informaton and Electrcal Engneerng, Shenyang Agrculture Unversty, Shenyang 110866,

More information

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing www.ijcsi.org 159 A Novel Problem-solvng Metrc for Future Internet Routng Based on Vrtualzaton and Cloud-computng Rujuan Zheng, Mngchuan Zhang, Qngtao Wu, Wangyang We and Haxa Zhao Electronc & Informaton

More information

Open Access A Load Balancing Strategy with Bandwidth Constraint in Cloud Computing. Jing Deng 1,*, Ping Guo 2, Qi Li 3, Haizhu Chen 1

Open Access A Load Balancing Strategy with Bandwidth Constraint in Cloud Computing. Jing Deng 1,*, Ping Guo 2, Qi Li 3, Haizhu Chen 1 Send Orders for Reprnts to reprnts@benthamscence.ae The Open Cybernetcs & Systemcs Journal, 2014, 8, 115-121 115 Open Access A Load Balancng Strategy wth Bandwdth Constrant n Cloud Computng Jng Deng 1,*,

More information

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment Survey on Vrtual Machne Placement Technques n Cloud Computng Envronment Rajeev Kumar Gupta and R. K. Paterya Department of Computer Scence & Engneerng, MANIT, Bhopal, Inda ABSTRACT In tradtonal data center

More information

Resource Scheduling Based on Dynamic Dependence Injection in Virtualization-based Simulation Grid

Resource Scheduling Based on Dynamic Dependence Injection in Virtualization-based Simulation Grid Proceedngs of the 200 4th Internatonal Conference on Computer Supported Cooperatve Work n Desgn Resource Schedulng Based on Dynamc Dependence Injecton n Vrtualzaton-based Smulaton Grd Hanbng Lu,Hongy Su,

More information

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network 700 Proceedngs of the 8th Internatonal Conference on Innovaton & Management Forecastng the Demand of Emergency Supples: Based on the CBR Theory and BP Neural Network Fu Deqang, Lu Yun, L Changbng School

More information

Research of concurrency control protocol based on the main memory database

Research of concurrency control protocol based on the main memory database Research of concurrency control protocol based on the man memory database Abstract Yonghua Zhang * Shjazhuang Unversty of economcs, Shjazhuang, Shjazhuang, Chna Receved 1 October 2014, www.cmnt.lv The

More information

Research of Network System Reconfigurable Model Based on the Finite State Automation

Research of Network System Reconfigurable Model Based on the Finite State Automation JOURNAL OF NETWORKS, VOL., NO. 5, MAY 24 237 Research of Network System Reconfgurable Model Based on the Fnte State Automaton Shenghan Zhou and Wenbng Chang School of Relablty and System Engneerng, Behang

More information

Research on Privacy Protection Approach for Cloud Computing Environments

Research on Privacy Protection Approach for Cloud Computing Environments , pp. 113-120 http://dx.do.org/10.14257/jsa.2015.9.3.11 Research on Prvacy Protecton Approach for Cloud Computng Envronments Xaohu L 1,2, Hongxng Lang 3 and Dan Ja 1 1 College of Electrcal and Informaton

More information

Extending Probabilistic Dynamic Epistemic Logic

Extending Probabilistic Dynamic Epistemic Logic Extendng Probablstc Dynamc Epstemc Logc Joshua Sack May 29, 2008 Probablty Space Defnton A probablty space s a tuple (S, A, µ), where 1 S s a set called the sample space. 2 A P(S) s a σ-algebra: a set

More information

A Programming Model for the Cloud Platform

A Programming Model for the Cloud Platform Internatonal Journal of Advanced Scence and Technology A Programmng Model for the Cloud Platform Xaodong Lu School of Computer Engneerng and Scence Shangha Unversty, Shangha 200072, Chna luxaodongxht@qq.com

More information

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING Matthew J. Lberatore, Department of Management and Operatons, Vllanova Unversty, Vllanova, PA 19085, 610-519-4390,

More information

Research on Transformation Engineering BOM into Manufacturing BOM Based on BOP

Research on Transformation Engineering BOM into Manufacturing BOM Based on BOP Appled Mechancs and Materals Vols 10-12 (2008) pp 99-103 Onlne avalable snce 2007/Dec/06 at wwwscentfcnet (2008) Trans Tech Publcatons, Swtzerland do:104028/wwwscentfcnet/amm10-1299 Research on Transformaton

More information

Network Security Situation Evaluation Method for Distributed Denial of Service

Network Security Situation Evaluation Method for Distributed Denial of Service Network Securty Stuaton Evaluaton Method for Dstrbuted Denal of Servce Jn Q,2, Cu YMn,2, Huang MnHuan,2, Kuang XaoHu,2, TangHong,2 ) Scence and Technology on Informaton System Securty Laboratory, Bejng,

More information

A Performance Analysis of View Maintenance Techniques for Data Warehouses

A Performance Analysis of View Maintenance Techniques for Data Warehouses A Performance Analyss of Vew Mantenance Technques for Data Warehouses Xng Wang Dell Computer Corporaton Round Roc, Texas Le Gruenwald The nversty of Olahoma School of Computer Scence orman, OK 739 Guangtao

More information

Research on Evaluation of Customer Experience of B2C Ecommerce Logistics Enterprises

Research on Evaluation of Customer Experience of B2C Ecommerce Logistics Enterprises 3rd Internatonal Conference on Educaton, Management, Arts, Economcs and Socal Scence (ICEMAESS 2015) Research on Evaluaton of Customer Experence of B2C Ecommerce Logstcs Enterprses Yle Pe1, a, Wanxn Xue1,

More information

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur Module LOSSLESS IMAGE COMPRESSION SYSTEMS Lesson 3 Lossless Compresson: Huffman Codng Instructonal Objectves At the end of ths lesson, the students should be able to:. Defne and measure source entropy..

More information

RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo.

RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo. ICSV4 Carns Australa 9- July, 007 RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL Yaoq FENG, Hanpng QIU Dynamc Test Laboratory, BISEE Chna Academy of Space Technology (CAST) yaoq.feng@yahoo.com Abstract

More information

An Integrated Approach of AHP-GP and Visualization for Software Architecture Optimization: A case-study for selection of architecture style

An Integrated Approach of AHP-GP and Visualization for Software Architecture Optimization: A case-study for selection of architecture style Internatonal Journal of Scentfc & Engneerng Research Volume 2, Issue 7, July-20 An Integrated Approach of AHP-GP and Vsualzaton for Software Archtecture Optmzaton: A case-study for selecton of archtecture

More information

Canon NTSC Help Desk Documentation

Canon NTSC Help Desk Documentation Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent

More information

A Dynamic Load Balancing for Massive Multiplayer Online Game Server

A Dynamic Load Balancing for Massive Multiplayer Online Game Server A Dynamc Load Balancng for Massve Multplayer Onlne Game Server Jungyoul Lm, Jaeyong Chung, Jnryong Km and Kwanghyun Shm Dgtal Content Research Dvson Electroncs and Telecommuncatons Research Insttute Daejeon,

More information

Recurrence. 1 Definitions and main statements

Recurrence. 1 Definitions and main statements Recurrence 1 Defntons and man statements Let X n, n = 0, 1, 2,... be a MC wth the state space S = (1, 2,...), transton probabltes p j = P {X n+1 = j X n = }, and the transton matrx P = (p j ),j S def.

More information

BUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK. 0688, dskim@ssu.ac.kr

BUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK. 0688, dskim@ssu.ac.kr Proceedngs of the 41st Internatonal Conference on Computers & Industral Engneerng BUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK Yeong-bn Mn 1, Yongwoo Shn 2, Km Jeehong 1, Dongsoo

More information

A New Task Scheduling Algorithm Based on Improved Genetic Algorithm

A New Task Scheduling Algorithm Based on Improved Genetic Algorithm A New Task Schedulng Algorthm Based on Improved Genetc Algorthm n Cloud Computng Envronment Congcong Xong, Long Feng, Lxan Chen A New Task Schedulng Algorthm Based on Improved Genetc Algorthm n Cloud Computng

More information

A Dynamic Energy-Efficiency Mechanism for Data Center Networks

A Dynamic Energy-Efficiency Mechanism for Data Center Networks A Dynamc Energy-Effcency Mechansm for Data Center Networks Sun Lang, Zhang Jnfang, Huang Daochao, Yang Dong, Qn Yajuan A Dynamc Energy-Effcency Mechansm for Data Center Networks 1 Sun Lang, 1 Zhang Jnfang,

More information

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm Avalable onlne www.ocpr.com Journal of Chemcal and Pharmaceutcal Research, 2014, 6(7):1884-1889 Research Artcle ISSN : 0975-7384 CODEN(USA) : JCPRC5 A hybrd global optmzaton algorthm based on parallel

More information

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression Novel Methodology of Workng Captal Management for Large Publc Constructons by Usng Fuzzy S-curve Regresson Cheng-Wu Chen, Morrs H. L. Wang and Tng-Ya Hseh Department of Cvl Engneerng, Natonal Central Unversty,

More information

Multiple-Period Attribution: Residuals and Compounding

Multiple-Period Attribution: Residuals and Compounding Multple-Perod Attrbuton: Resduals and Compoundng Our revewer gave these authors full marks for dealng wth an ssue that performance measurers and vendors often regard as propretary nformaton. In 1994, Dens

More information

Performance Management and Evaluation Research to University Students

Performance Management and Evaluation Research to University Students 631 A publcaton of CHEMICAL ENGINEERING TRANSACTIONS VOL. 46, 2015 Guest Edtors: Peyu Ren, Yancang L, Hupng Song Copyrght 2015, AIDIC Servz S.r.l., ISBN 978-88-95608-37-2; ISSN 2283-9216 The Italan Assocaton

More information

An Alternative Way to Measure Private Equity Performance

An Alternative Way to Measure Private Equity Performance An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate

More information

FORMAL ANALYSIS FOR REAL-TIME SCHEDULING

FORMAL ANALYSIS FOR REAL-TIME SCHEDULING FORMAL ANALYSIS FOR REAL-TIME SCHEDULING Bruno Dutertre and Vctora Stavrdou, SRI Internatonal, Menlo Park, CA Introducton In modern avoncs archtectures, applcaton software ncreasngly reles on servces provded

More information

Set. algorithms based. 1. Introduction. System Diagram. based. Exploration. 2. Index

Set. algorithms based. 1. Introduction. System Diagram. based. Exploration. 2. Index ISSN (Prnt): 1694-0784 ISSN (Onlne): 1694-0814 www.ijcsi.org 236 IT outsourcng servce provder dynamc evaluaton model and algorthms based on Rough Set L Sh Sh 1,2 1 Internatonal School of Software, Wuhan

More information

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

Research Note APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES * Iranan Journal of Scence & Technology, Transacton B, Engneerng, ol. 30, No. B6, 789-794 rnted n The Islamc Republc of Iran, 006 Shraz Unversty "Research Note" ALICATION OF CHARGE SIMULATION METHOD TO ELECTRIC

More information

Profit-Aware DVFS Enabled Resource Management of IaaS Cloud

Profit-Aware DVFS Enabled Resource Management of IaaS Cloud IJCSI Internatonal Journal of Computer Scence Issues, Vol. 0, Issue, No, March 03 ISSN (Prnt): 694-084 ISSN (Onlne): 694-0784 www.ijcsi.org 37 Proft-Aware DVFS Enabled Resource Management of IaaS Cloud

More information

Multi-sensor Data Fusion for Cyber Security Situation Awareness

Multi-sensor Data Fusion for Cyber Security Situation Awareness Avalable onlne at www.scencedrect.com Proceda Envronmental Scences 0 (20 ) 029 034 20 3rd Internatonal Conference on Envronmental 3rd Internatonal Conference on Envronmental Scence and Informaton Applcaton

More information

An Interest-Oriented Network Evolution Mechanism for Online Communities

An Interest-Oriented Network Evolution Mechanism for Online Communities An Interest-Orented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne

More information

The Pricing Strategy of the Manufacturer with Dual Channel under Multiple Competitions

The Pricing Strategy of the Manufacturer with Dual Channel under Multiple Competitions Internatonal Journal of u-and e-servce, Scence and Technology Vol.7, No.4 (04), pp.3-4 http://dx.do.org/0.457/junnesst.04.7.4. The Prcng Strategy of the Manufacturer wth Dual Channel under Multple Compettons

More information

Forecasting the Direction and Strength of Stock Market Movement

Forecasting the Direction and Strength of Stock Market Movement Forecastng the Drecton and Strength of Stock Market Movement Jngwe Chen Mng Chen Nan Ye cjngwe@stanford.edu mchen5@stanford.edu nanye@stanford.edu Abstract - Stock market s one of the most complcated systems

More information

P2P/ Grid-based Overlay Architecture to Support VoIP Services in Large Scale IP Networks

P2P/ Grid-based Overlay Architecture to Support VoIP Services in Large Scale IP Networks PP/ Grd-based Overlay Archtecture to Support VoIP Servces n Large Scale IP Networks We Yu *, Srram Chellappan # and Dong Xuan # * Dept. of Computer Scence, Texas A&M Unversty, U.S.A. {weyu}@cs.tamu.edu

More information

Efficient Project Portfolio as a tool for Enterprise Risk Management

Efficient Project Portfolio as a tool for Enterprise Risk Management Effcent Proect Portfolo as a tool for Enterprse Rsk Management Valentn O. Nkonov Ural State Techncal Unversty Growth Traectory Consultng Company January 5, 27 Effcent Proect Portfolo as a tool for Enterprse

More information

DBA-VM: Dynamic Bandwidth Allocator for Virtual Machines

DBA-VM: Dynamic Bandwidth Allocator for Virtual Machines DBA-VM: Dynamc Bandwdth Allocator for Vrtual Machnes Ahmed Amamou, Manel Bourguba, Kamel Haddadou and Guy Pujolle LIP6, Perre & Mare Cure Unversty, 4 Place Jusseu 755 Pars, France Gand SAS, 65 Boulevard

More information

Design and Development of a Security Evaluation Platform Based on International Standards

Design and Development of a Security Evaluation Platform Based on International Standards Internatonal Journal of Informatcs Socety, VOL.5, NO.2 (203) 7-80 7 Desgn and Development of a Securty Evaluaton Platform Based on Internatonal Standards Yuj Takahash and Yoshm Teshgawara Graduate School

More information

A Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks

A Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks Journal of Convergence Informaton Technology A Novel Adaptve Load Balancng Routng Algorthm n Ad hoc Networks Zhu Bn, Zeng Xao-png, Xong Xan-sheng, Chen Qan, Fan Wen-yan, We Geng College of Communcaton

More information

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Internatonal Journal of Network Securty & Its Applcatons (IJNSA), Vol.5, No.3, May 2013 AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Len Harn 1 and Changlu Ln 2 1 Department of Computer Scence

More information

NEURO-FUZZY INFERENCE SYSTEM FOR E-COMMERCE WEBSITE EVALUATION

NEURO-FUZZY INFERENCE SYSTEM FOR E-COMMERCE WEBSITE EVALUATION NEURO-FUZZY INFERENE SYSTEM FOR E-OMMERE WEBSITE EVALUATION Huan Lu, School of Software, Harbn Unversty of Scence and Technology, Harbn, hna Faculty of Appled Mathematcs and omputer Scence, Belarusan State

More information

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing A Replcaton-Based and Fault Tolerant Allocaton Algorthm for Cloud Computng Tork Altameem Dept of Computer Scence, RCC, Kng Saud Unversty, PO Box: 28095 11437 Ryadh-Saud Araba Abstract The very large nfrastructure

More information

Dynamic Fleet Management for Cybercars

Dynamic Fleet Management for Cybercars Proceedngs of the IEEE ITSC 2006 2006 IEEE Intellgent Transportaton Systems Conference Toronto, Canada, September 17-20, 2006 TC7.5 Dynamc Fleet Management for Cybercars Fenghu. Wang, Mng. Yang, Ruqng.

More information

Genetic Algorithm Based Optimization Model for Reliable Data Storage in Cloud Environment

Genetic Algorithm Based Optimization Model for Reliable Data Storage in Cloud Environment Advanced Scence and Technology Letters, pp.74-79 http://dx.do.org/10.14257/astl.2014.50.12 Genetc Algorthm Based Optmzaton Model for Relable Data Storage n Cloud Envronment Feng Lu 1,2,3, Hatao Wu 1,3,

More information

A DATA MINING APPLICATION IN A STUDENT DATABASE

A DATA MINING APPLICATION IN A STUDENT DATABASE JOURNAL OF AERONAUTICS AND SPACE TECHNOLOGIES JULY 005 VOLUME NUMBER (53-57) A DATA MINING APPLICATION IN A STUDENT DATABASE Şenol Zafer ERDOĞAN Maltepe Ünversty Faculty of Engneerng Büyükbakkalköy-Istanbul

More information

Ants Can Schedule Software Projects

Ants Can Schedule Software Projects Ants Can Schedule Software Proects Broderck Crawford 1,2, Rcardo Soto 1,3, Frankln Johnson 4, and Erc Monfroy 5 1 Pontfca Unversdad Católca de Valparaíso, Chle FrstName.Name@ucv.cl 2 Unversdad Fns Terrae,

More information

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures Mnmal Codng Network Wth Combnatoral Structure For Instantaneous Recovery From Edge Falures Ashly Joseph 1, Mr.M.Sadsh Sendl 2, Dr.S.Karthk 3 1 Fnal Year ME CSE Student Department of Computer Scence Engneerng

More information

RequIn, a tool for fast web traffic inference

RequIn, a tool for fast web traffic inference RequIn, a tool for fast web traffc nference Olver aul, Jean Etenne Kba GET/INT, LOR Department 9 rue Charles Fourer 90 Evry, France Olver.aul@nt-evry.fr, Jean-Etenne.Kba@nt-evry.fr Abstract As networked

More information

A Hierarchical Reliability Model of Service-Based Software System

A Hierarchical Reliability Model of Service-Based Software System 2009 33rd Annual IEEE Internatonal Computer Software and Applcatons Conference A Herarchcal Relablty Model of Servce-Based Software System Lun Wang, Xaoyng Ba, Lzhu Zhou Department of Computer Scence and

More information

A Load-Balancing Algorithm for Cluster-based Multi-core Web Servers

A Load-Balancing Algorithm for Cluster-based Multi-core Web Servers Journal of Computatonal Informaton Systems 7: 13 (2011) 4740-4747 Avalable at http://www.jofcs.com A Load-Balancng Algorthm for Cluster-based Mult-core Web Servers Guohua YOU, Yng ZHAO College of Informaton

More information

A role based access in a hierarchical sensor network architecture to provide multilevel security

A role based access in a hierarchical sensor network architecture to provide multilevel security 1 A role based access n a herarchcal sensor network archtecture to provde multlevel securty Bswajt Panja a Sanjay Kumar Madra b and Bharat Bhargava c a Department of Computer Scenc Morehead State Unversty

More information

Pricing Model of Cloud Computing Service with Partial Multihoming

Pricing Model of Cloud Computing Service with Partial Multihoming Prcng Model of Cloud Computng Servce wth Partal Multhomng Zhang Ru 1 Tang Bng-yong 1 1.Glorous Sun School of Busness and Managment Donghua Unversty Shangha 251 Chna E-mal:ru528369@mal.dhu.edu.cn Abstract

More information

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently. Corporate Polces & Procedures Human Resources - Document CPP216 Leave Management Frst Produced: Current Verson: Past Revsons: Revew Cycle: Apples From: 09/09/09 26/10/12 09/09/09 3 years Immedately Authorsaton:

More information

IT09 - Identity Management Policy

IT09 - Identity Management Policy IT09 - Identty Management Polcy Introducton 1 The Unersty needs to manage dentty accounts for all users of the Unersty s electronc systems and ensure that users hae an approprate leel of access to these

More information

IMPACT ANALYSIS OF A CELLULAR PHONE

IMPACT ANALYSIS OF A CELLULAR PHONE 4 th ASA & μeta Internatonal Conference IMPACT AALYSIS OF A CELLULAR PHOE We Lu, 2 Hongy L Bejng FEAonlne Engneerng Co.,Ltd. Bejng, Chna ABSTRACT Drop test smulaton plays an mportant role n nvestgatng

More information

A New Service Pricing Mechanism based on Coalition Game Theory in

A New Service Pricing Mechanism based on Coalition Game Theory in A New Servce Prcng Mechansm based on Coalton Game Theory n Cloud Servce A New Servce Prcng Mechansm based on Coalton Game Theory n Cloud Servce 1 Luyun Xu, 2 Yunsheng Zhang *1, Frst Author, Correspondng

More information

Optimization Model of Reliable Data Storage in Cloud Environment Using Genetic Algorithm

Optimization Model of Reliable Data Storage in Cloud Environment Using Genetic Algorithm Internatonal Journal of Grd Dstrbuton Computng, pp.175-190 http://dx.do.org/10.14257/gdc.2014.7.6.14 Optmzaton odel of Relable Data Storage n Cloud Envronment Usng Genetc Algorthm Feng Lu 1,2,3, Hatao

More information

The Greedy Method. Introduction. 0/1 Knapsack Problem

The Greedy Method. Introduction. 0/1 Knapsack Problem The Greedy Method Introducton We have completed data structures. We now are gong to look at algorthm desgn methods. Often we are lookng at optmzaton problems whose performance s exponental. For an optmzaton

More information

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign PAS: A Packet Accountng System to Lmt the Effects of DoS & DDoS Debsh Fesehaye & Klara Naherstedt Unversty of Illnos-Urbana Champagn DoS and DDoS DDoS attacks are ncreasng threats to our dgtal world. Exstng

More information

An ILP Formulation for Task Mapping and Scheduling on Multi-core Architectures

An ILP Formulation for Task Mapping and Scheduling on Multi-core Architectures An ILP Formulaton for Task Mappng and Schedulng on Mult-core Archtectures Yng Y, We Han, Xn Zhao, Ahmet T. Erdogan and Tughrul Arslan Unversty of Ednburgh, The Kng's Buldngs, Mayfeld Road, Ednburgh, EH9

More information

A heuristic task deployment approach for load balancing

A heuristic task deployment approach for load balancing Xu Gaochao, Dong Yunmeng, Fu Xaodog, Dng Yan, Lu Peng, Zhao Ja Abstract A heurstc task deployment approach for load balancng Gaochao Xu, Yunmeng Dong, Xaodong Fu, Yan Dng, Peng Lu, Ja Zhao * College of

More information

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage Vol.48 (CIA 014), pp.103-107 http://dx.do.org/10.1457/astl.014.48.18 Watermar-based Provable Data Possesson for Multmeda Fle n Cloud Storage Yongjun Ren 1,, Jang Xu 1,, Jn Wang 1,, Lmng Fang 3, Jeong-U

More information

2008/8. An integrated model for warehouse and inventory planning. Géraldine Strack and Yves Pochet

2008/8. An integrated model for warehouse and inventory planning. Géraldine Strack and Yves Pochet 2008/8 An ntegrated model for warehouse and nventory plannng Géraldne Strack and Yves Pochet CORE Voe du Roman Pays 34 B-1348 Louvan-la-Neuve, Belgum. Tel (32 10) 47 43 04 Fax (32 10) 47 43 01 E-mal: corestat-lbrary@uclouvan.be

More information

An Architecture for Virtual Organization (VO)-Based Effective Peering of Content Delivery Networks

An Architecture for Virtual Organization (VO)-Based Effective Peering of Content Delivery Networks An Archtecture for Vrtual Organzaton (VO-Based Effectve Peerng of Content Delvery Networks Al-Mukaddm Khan Pathan, James Broberg, Krs Bubendorfer*, Kyong Hoon Km, Rajkumar Buyya Grd Computng and Dstrbuted

More information

A new anonymity-based protocol preserving privacy based cloud environment

A new anonymity-based protocol preserving privacy based cloud environment Abstract A new anonymty-based protocol preservng prvacy based cloud envronment Jan Wang 1*, Le Wang 2 1 College of Computer and Informaton Engneerng, Henan Unversty of Economcs and Law, Chna 2 SIAS Internatonal

More information

An MILP model for planning of batch plants operating in a campaign-mode

An MILP model for planning of batch plants operating in a campaign-mode An MILP model for plannng of batch plants operatng n a campagn-mode Yanna Fumero Insttuto de Desarrollo y Dseño CONICET UTN yfumero@santafe-concet.gov.ar Gabrela Corsano Insttuto de Desarrollo y Dseño

More information

Hosting Virtual Machines on Distributed Datacenters

Hosting Virtual Machines on Distributed Datacenters Hostng Vrtual Machnes on Dstrbuted Datacenters Chuan Pham Scence and Engneerng, KyungHee Unversty, Korea pchuan@khu.ac.kr Jae Hyeok Son Scence and Engneerng, KyungHee Unversty, Korea sonaehyeok@khu.ac.kr

More information

Lei Liu, Hua Yang Business School, Hunan University, Changsha, Hunan, P.R. China, 410082. Abstract

Lei Liu, Hua Yang Business School, Hunan University, Changsha, Hunan, P.R. China, 410082. Abstract , pp.377-390 http://dx.do.org/10.14257/jsa.2016.10.4.34 Research on the Enterprse Performance Management Informaton System Development and Robustness Optmzaton based on Data Regresson Analyss and Mathematcal

More information

Credit Limit Optimization (CLO) for Credit Cards

Credit Limit Optimization (CLO) for Credit Cards Credt Lmt Optmzaton (CLO) for Credt Cards Vay S. Desa CSCC IX, Ednburgh September 8, 2005 Copyrght 2003, SAS Insttute Inc. All rghts reserved. SAS Propretary Agenda Background Tradtonal approaches to credt

More information

Distributing Functionalities in a SOA-Based Multi-agent Architecture

Distributing Functionalities in a SOA-Based Multi-agent Architecture Dstrbutng Functonaltes n a SOA-Based Mult-agent Archtecture Dante I. Tapa, Javer Bajo, and Juan M. Corchado Departamento Informátca y Automátca Unversdad de Salamanca Plaza de la Merced s/n, 37008, Salamanca,

More information

An Ad Hoc Network Load Balancing Energy- Efficient Multipath Routing Protocol

An Ad Hoc Network Load Balancing Energy- Efficient Multipath Routing Protocol 246 JOURNA OF SOFTWAR, VO. 9, NO. 1, JANUARY 2014 An Ad Hoc Network oad alancng nergy- ffcent Multpath Routng Protocol De-jn Kong Shanx Fnance and Taxaton College, Tayuan, Chna mal: dejnkong@163.com Xao-lng

More information

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT Toshhko Oda (1), Kochro Iwaoka (2) (1), (2) Infrastructure Systems Busness Unt, Panasonc System Networks Co., Ltd. Saedo-cho

More information

Joint Dynamic Radio Resource Allocation and Mobility Load Balancing in 3GPP LTE Multi-Cell Network

Joint Dynamic Radio Resource Allocation and Mobility Load Balancing in 3GPP LTE Multi-Cell Network 288 FENG LI, LINA GENG, SHIHUA ZHU, JOINT DYNAMIC RADIO RESOURCE ALLOCATION AND MOBILITY LOAD BALANCING Jont Dynamc Rado Resource Allocaton and Moblty Load Balancng n 3GPP LTE Mult-Cell Networ Feng LI,

More information

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by 6 CHAPTER 8 COMPLEX VECTOR SPACES 5. Fnd the kernel of the lnear transformaton gven n Exercse 5. In Exercses 55 and 56, fnd the mage of v, for the ndcated composton, where and are gven by the followng

More information

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS 21 22 September 2007, BULGARIA 119 Proceedngs of the Internatonal Conference on Informaton Technologes (InfoTech-2007) 21 st 22 nd September 2007, Bulgara vol. 2 INVESTIGATION OF VEHICULAR USERS FAIRNESS

More information

Fuzzy Set Approach To Asymmetrical Load Balancing In Distribution Networks

Fuzzy Set Approach To Asymmetrical Load Balancing In Distribution Networks Fuzzy Set Approach To Asymmetrcal Load Balancng n Dstrbuton Networks Goran Majstrovc Energy nsttute Hrvoje Por Zagreb, Croata goran.majstrovc@ehp.hr Slavko Krajcar Faculty of electrcal engneerng and computng

More information

Reporting Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (including SME Corporate), Sovereign and Bank Instruction Guide

Reporting Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (including SME Corporate), Sovereign and Bank Instruction Guide Reportng Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (ncludng SME Corporate), Soveregn and Bank Instructon Gude Ths nstructon gude s desgned to assst n the completon of the FIRB

More information

Partner selection of cloud computing federation based on Markov chains

Partner selection of cloud computing federation based on Markov chains COMPUER MODELLING & NEW ECHNOLOGIES 2014 18(12B) 590-594 Abstract Partner selecton of cloud computng federaton based on Markov chans Lang Hong 1,2, Changyuan Gao 1* 1 School of Management, Harbn Unversty

More information

A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS

A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS Bamasak & Zhang: A Dstrbuted Reputaton Management Scheme for Moble Agent-Based Applcatons A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS Omama Bamasak School of Computer

More information

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS Yumng Jang, Chen-Khong Tham, Ch-Chung Ko Department Electrcal Engneerng Natonal Unversty Sngapore 119260 Sngapore Emal: {engp7450,

More information

Traffic State Estimation in the Traffic Management Center of Berlin

Traffic State Estimation in the Traffic Management Center of Berlin Traffc State Estmaton n the Traffc Management Center of Berln Authors: Peter Vortsch, PTV AG, Stumpfstrasse, D-763 Karlsruhe, Germany phone ++49/72/965/35, emal peter.vortsch@ptv.de Peter Möhl, PTV AG,

More information

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ). REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or

More information

A New Approach for Protocol Analysis on Design Activities Using Axiomatic Theory of Design Modeling

A New Approach for Protocol Analysis on Design Activities Using Axiomatic Theory of Design Modeling A New Approach for Protocol Analyss on Desgn Actvtes Usng Axomatc Theory of Desgn Modelng Shengj Yao and Yong Zeng * Concorda Insttute for Informaton Systems ngneerng Concorda Unversty 455 de Masonneuve

More information

Network Services Definition and Deployment in a Differentiated Services Architecture

Network Services Definition and Deployment in a Differentiated Services Architecture etwork Servces Defnton and Deployment n a Dfferentated Servces Archtecture E. kolouzou, S. Manats, P. Sampatakos,. Tsetsekas, I. S. Veners atonal Techncal Unversty of Athens, Department of Electrcal and

More information

Statistical Approach for Offline Handwritten Signature Verification

Statistical Approach for Offline Handwritten Signature Verification Journal of Computer Scence 4 (3): 181-185, 2008 ISSN 1549-3636 2008 Scence Publcatons Statstcal Approach for Offlne Handwrtten Sgnature Verfcaton 2 Debnath Bhattacharyya, 1 Samr Kumar Bandyopadhyay, 2

More information

Resource Management and Organization in CROWN Grid

Resource Management and Organization in CROWN Grid Resource Management and Organzaton n CROWN Grd Jnpeng Hua, Tanyu Wo, Yunhao Lu Dept. of Computer Scence and Technology, Behang Unversty Dept. of Computer Scence, Hong Kong Unversty of Scence & Technology

More information

Conferencing protocols and Petri net analysis

Conferencing protocols and Petri net analysis Conferencng protocols and Petr net analyss E. ANTONIDAKIS Department of Electroncs, Technologcal Educatonal Insttute of Crete, GREECE ena@chana.tecrete.gr Abstract: Durng a computer conference, users desre

More information

Research Article A Time Scheduling Model of Logistics Service Supply Chain with Mass Customized Logistics Service

Research Article A Time Scheduling Model of Logistics Service Supply Chain with Mass Customized Logistics Service Hndaw Publshng Corporaton Dscrete Dynamcs n Nature and Socety Volume 01, Artcle ID 48978, 18 pages do:10.1155/01/48978 Research Artcle A Tme Schedulng Model of Logstcs Servce Supply Chan wth Mass Customzed

More information

Research Article Enhanced Two-Step Method via Relaxed Order of α-satisfactory Degrees for Fuzzy Multiobjective Optimization

Research Article Enhanced Two-Step Method via Relaxed Order of α-satisfactory Degrees for Fuzzy Multiobjective Optimization Hndaw Publshng Corporaton Mathematcal Problems n Engneerng Artcle ID 867836 pages http://dxdoorg/055/204/867836 Research Artcle Enhanced Two-Step Method va Relaxed Order of α-satsfactory Degrees for Fuzzy

More information