Cross-Domain Authorization Management Model for Multi- Levels Hybrid Cloud Computing
|
|
- Nigel Warner
- 8 years ago
- Views:
Transcription
1 Internatonal Journal of Securty and Its Applcatons, pp Cross-Doman Authorzaton Management Model for Mult- Levels Hybrd Cloud Computng L Na 1, Dong Yun-We 1, Che Tan-We 2, Wang Chao 3, Gao Yang 4 and ZhangYu-Chen 3 1 The School of Computer Scence and Technology, Northwestern Polytechncal Unversty, Shaanx provnce, Xan, Chna 2 The Computer Insttute, Xdan Unversty, Shaanx provnce, Xan, Chna 3 Informaton Engneerng Unversty, ZhengZhou, Chna 4 The Insttute of Surveyng and mappng, Shaanx provnce, Xan, Chna Abstract Amed at the securty problems of the cross-cloud, cross-level and cross-doman n mult-level hybrd cloud putng, the sngleness of the role establshment method, the mplct promoton of prvlege and the separaton of dutes conflct n the tradtonal cross-doman authorzaton management models, a new cross-doman authorzaton management model for mult-levels hybrd cloud putng s proposed based on a novel two-ter role archtecture. The two-ter role archtecture whch s setted n the area of arrangement can better meet the practcal needs of role establshment and management. Based on that, the proposed undrectonal role mappng for cross-doman authorzaton can avod the role mappng rngs. Besdes, by ntroducng attrbute and condton, dynamc adustment of prvleges s realzed. The model s descrbed formally n dynamc descrpton logc, ncludng concepts, relatons and management operatons. Fnally, the securty of the model s analyzed and an example s presented to llustrate the effectveness and practcalty. Keywords: Cloud Computng; Mult-Levels Hybrd Cloud Computng; Cross-Doman Role Mappng; Authorzaton Management Model; Dynamc Descrpton Logc 1. Introducton Cloud Computng s a new putng mode whch stores putng resources n confgurable shared pool of putng resources, enablng access to putng resources through some nets that are convenent, avalable, and on-demand. Cloud putng s one of the current hot topc n the feld of nformaton technology, whch s the focus concerned by the ndustry, the academa and the government. As one of the fve deployment patterns of cloud putng, mult-level hybrd cloud has receved wde attenton n recent years. Mult-levels hybrd cloud s posed of cloud modes of dfferent securty levels, of whch each cloud has dfferent securty levels and securty requrements, remanng relatvely ndependent, mutually provdng nteroperablty and data sharng, whch must brng securty ssues among clouds, levels and domans. Through a bnaton of many new and more extensve cloud servces, the cloud can provde cross-level cloud authentcaton, authorzaton, access control and other securty functons. Due to the characterstcs of cloud servce mode tself, these securty ssues are more plex. Though the nteroperablty between doman of mult-levels hybrd cloud realzed the sharng of the doman resources and servces. How to ensure the securty of managed subects and obects, realze nteroperablty between dfferent domans safely subect ISSN: IJSIA Copyrght c 2015 SERSC
2 Internatonal Journal of Securty and Its Applcatons nformaton sharng, make access control decson and access check, and to realze the authorzaton n mult-level hybrd cloud are mportant problems to be resolved. The man methods of cross-doman authorzaton are mappng, delegaton, strategy ntegraton, etc. [1-10] Because role-based access control (RBAC) model s wdely used n the nformaton system, usng the role mappng method to acheve cross-doman authorzaton and secure nteroperablty has got great attenton wth good unversalty and practcalty. And a seres of models and correspondng realzatons based on crossdoman role mappng are proposed. But they are easy to cause doman shuttle, potental safety hazard such as cross-doman, mplct promoton of prvlege and so on. IRBAC2000 [1] mplemented the ntegraton of access control polces between two statc domans, whle drbac [2] focused on dynamc change of permssons n multdoman nteroperaton. But these two models are subect to several securty problems such as mplct promoton of prvlege and separaton of dutes conflct. In order to ensure the securty of doman asked nteroperablty, many scholars have explored from dfferent angles. SHAFIQ B [3] tred to elmnate cross-doman securty conflcts through multdoman polcy ntegraton algorthm. In the work of MOHAMED S [4], cross-doman access paths were constructed to guarantee the securty and effectveness of the mappng chan. L [5] ntroduced rsk and confdence factors to avod the securty volaton cases. Zan Yang [6] ntroduced the concept of doman and ntegrated t wth roles, permssons and domans to solve cross-doman access problems and the uncertanty durng role mappng based on the fuzzy theory, mprovng the accuracy and practcablty of role mappng. Erc Freudenthal [7] provded an nteroperable method based on delegaton mechansm for mult-doman nteroperaton through thrd party delegaton and value attrbute. Hong Fan[8] ntroduced the concept of global role, doman role and related role to establsh the mappng relatonshp among mult domans. Guo Dongheng [9-10] adusted the threshold attrbute and doman sze of role mappng to dynamcally decde the mappng capablty of a role, mprovng the securty of cross doman nteroperablty. However, all the above methods are proposed based on the classcal RBAC wth the characterstc of role management n a sngle doman. And the classcal RBAC model has the defcences such as the sngleness of the role establshment method, the mplct promoton of prvlege and the separaton of dutes conflct and so on. No matter from the perspectve of organzatonal dvson of functon, or from the perspectve of the applcaton system of busness dvsons, all can't mplement the authorzaton management well, lmts the popularzaton and applcaton of the model. In order to resolve these problems above, a cross-doman authorzaton management model was proposed for mult-levels hybrd cloud putng. In the model, a two-ter role archtecture was proposed to mprove the model s practcablty. And cross-doman undrectonal role mappng method was put forward to enhance the securty of access control n mult-doman envronment. The model can support dynamc and cross-doman authorzaton management, defned formally n dynamc descrpton logc. 2. Dynamc Descrpton Logc Descrpton logc s a decdable subset of frst-order logc wth strong representaton and reasonng ablty. But t s lmted to the statc knowledge representaton and reasonng, can t effectvely support the characterzaton and reasonng of dynamc knowledge. Dynamc descrpton logc [11-14] s a formal descrpton tool used to descrbe and reasonng dynamc knowledge, whch s proposed based on descrpton logc. It not only has strong ablty of descrpton, but also ensures the decdablty of some reasonng problems. Wth the effcent nference algorthm, t has been a useful tool to represent access control model. In 2004, Sh Zhongzh [11] put forward Dynamc Descrpton Logc (DDL) based on the descrpton logc, dynamc logc and acton theory, brngng a new formal logc 344 Copyrght c 2015 SERSC
3 Internatonal Journal of Securty and Its Applcatons framework to smultaneously handle statc and dynamc knowledge. Based on Sh s theory, Chang Lang [12-14] extended the expresson and reason of DDL and proposed ts tableau decson algorthm, provdng the logcal support for the modelng and reasonng of acton. The concepts and symbols about DDL used n ths paper are presented based on the work n lterature [11-15], ncludng concepts, relatons, formulas, actons, and some theorems. Besdes, role n DDL s defned as relaton n ths paper so as to dstnct wth the noton role n RBAC. 3. Man Idea of the Model 3.1 Two-ter Role Archtecture In order to reduce the burden of authorzaton management, the concept of role was ntroduced nto the classc RBAC as a brdge of users and permssons. Authorzaton management n RBAC ncludes User-Role assgnment and Role-Permsson assgnment. As known to all, Role-Permsson assgnment requres deep knowledge of applcaton level semantcs, whle User-Role assgnment s a personnel management functon of organzaton level, whch requres greater understandng of human sde. In an RBAC system, actually t s hard to search a manager from holdng the knowledge of both human sde and applcaton system at the same tme. To resolve ths problem, based on the work of REN Zhyu [15], we dvde the tradtonal role nto poston role of organzaton level and applcaton role of applcaton level, and a two-ter role archtecture s proposed as Fgure 1. In the organzaton level, poston role s defned based on the poston and responsblty of users n the organzaton. Whle n the applcaton level, applcaton role s defned accordng to the busness process of the applcaton system. Based on the two-ter role archtecture, the authorzaton management wll be more explct. On the one hand, admnstrators of organzaton level holdng the knowledge of human sde take responsbltes for the creaton of poston role, user-poston role assgnment and the mappng relaton between these two roles. After mappng relatonshp, the late mantenance workload s small. On the other hand, admnstrators of applcaton level famlar wth the nformaton system are responsble for the creaton of applcaton role and applcaton role-permsson assgnment. At the same tme, both roles retan role herarchy and role tree, and two knds of nodes are defned: vrtual node and role node, where vrtual node s used as a vrtual role to buld the role tree. Vrtual node n the poston role tree s known as an organzaton or department, whle several applcaton systems n the applcaton role tree. role R user U Poston role PR Applcaton role AR permsson P Organzatonal level Applcaton level Fgure 1. Two-Ter Role Archtecture of Poston Role and Applcaton Role Copyrght c 2015 SERSC 345
4 Internatonal Journal of Securty and Its Applcatons 2.2. Cross Doman Authorzaton Management based on Undrectonal Role Mappng Undrectonal role mappng method was used to realze the cross-doman authorzaton management and mantan the ndependence of the nternal polces n a sngle doman. In order to mantan the ndependence of the nternal securty polces, the poston role s dvded nto nternal role and mappng role. The former role s used to authorzaton n a sngle doman, whch s only allowed to assocate wth the applcaton role and permssons n the nternal doman. Whle the latter s specfcally desgned to crossdoman role mappng. To accord wth the start and end pont of the role mappng, the mappng poston role ncludes In-role and Out-role. The former s at the start pont of the mappng relatonshp, used to obtan the permsson mapped from external doman. Whle the latter s at the end pont, used to map the permssons n the nternal doman to other domans. The set of Inrole and that of Out-role are dsont. Users assgned In-role can obtan permssons from the external doman, but t s not allowed for users assgned Out-role. The Out-role can assocate wth applcaton role to obtan the permssons and then map them to other domans, but t s not allowed for In-role. Through the dvson of the poston roles nto nternal role and mappng role, the model can protect the securty polcy from external nfluence of other domans. And by dvdng mappng poston role nto In-role and Out-role, the model can ensure the crossdoman permsson solaton and make the permsson flow undrectonal. Meanwhle, through role dvson and undrectonal role mappng, the model can mplement statc and dynamc separaton of duty (SSoD, DSoD). Besdes, trust, condton and attrbute can be ntroduced nto the model to realze dynamc authorzaton, mprovng the flexblty, securty and extensblty. 4. DDL-Based Descrpton of the Model The proposed cross-doman authorzaton management model for mult-level hybrd cloud putng s shown as Fgure 2. The concepts, relatons and operatons are descrbed n dynamc descrpton logc (DDL), where operatons are expressed as actons n DDL. Defnton 1: Concepts (1) USER S ROLE PRMS OPE RES represent the set of users, sessons, roles, permssons, operatons and resources respectvely. As the same wth classc RBAC, permsson s a tuple conssted of operaton and resource. (2) AROLE and PROLE are respectvely applcaton roles and poston roles. ROLE AROLE PROLE. (3) CARD means cardnal number, and CARD N. It manly means the maxmum number of role assgnment, whch represents the maxmum number of poston role assgned to users or that of applcaton role mapped to applcaton role. (4) ATTR means attrbutes. Users, roles and permssons all have attrbutes. Attrbutes can be used n user-role assgnment, role actvaton and access process. (5) SYS means system states, whch are system envronmental parameters, such as tme, locaton and IP address, etc. (6) CON means condton, representng the constrants when users access resources. The concepts above use the name of management doman as the subscrpt, ndcatng that the concept belongs to dfferent management domans. The nstance of concepts also uses the name of management doman as the subscrpt, showng the concept nstances belongng to dfferent management domans. 346 Copyrght c 2015 SERSC
5 Internatonal Journal of Securty and Its Applcatons ValSatfy Prole HasCard dom PDynamc Mutex PStatc Mutex Cardnal number CARD Attrbute Value VATTR ValOfAttr Internal Role PROLEI PROLEMI PROLEMO Mappng Roles PROLEM Job Roles PROLE System status SYS Attrbute ATTR SysState OfUser PRole HasAttr HasChld PRole Assgned User Users USER CrossDomMap ValSatfy PDynamc Mutex PStatc Mutex HasChld PRole Actve PRoleInS CrossUserFoundS SysHasCon Sessons S Attrbute ValOfAttr Value Attrbute VATTR ATTR Internal Role PROLEI PROLEMI PROLEMO Mappng Roles PROLEM Job Roles PROLE Condtons CON PRole HasAttr Prole MapARole Prole HasCard Cardnal number CARD ConSatfy PrmsHasCon PrmsHasAttr Permssons PRMS Assgned ARole Applcaton Roles AROLE Fgure 2. Cross-Doman Authorzaton Management Model for Mult-Levels Hybrd Cloud Computng Defnton 2: Intra-doman atomc relatons Intra-doman atomc relatons are manly ncludes: (1) PStatcMutex, PDynamcMutex are statc and dynamc mutually exclusve relatonshp between poston roles respectvely. AStatcMutex, ADynamcMutex are statc and dynamc mutually exclusve relatonshp between applcaton roles respectvely. (2) HasChldPRole, HasChldARole, HasChldPrms are herarchy relatonshp of poston roles, applcaton roles and relatonshp between father and son of permsson respectvely. (3) AssgnedUser means user-poston role assgnment. AssgnedARole s the drect assgnment of applcaton role to permsson, whch only ncludes explct permsson of the applcaton role. (4) PRoleMapARole s the mappng relatonshp of poston role and applcaton role. Only when both are role nodes, the relatonshp exsts from poston role to applcaton role. (5) UserHasAttr, PRoleHasAttr, PrmsHasAttr means that the user, poston role and permsson have some attrbutes respectvely. (6) ValOfAttr means the tuple relatonshp between attrbute and attrbute values. ValSatfy means the satsfed relatonshp among attrbute values. (7) SysHasCon, PrmsHasCon represent the real-tme condton of current state and the condton satsfed when usng permssons respectvely. ConSatfy s the satsfed relatonshp among condtons. (8) ) UserFoundS s the relatonshp between user and sesson, where a user can creates multple sessons, whle a sesson can map to only one user. Besdes, only one poston role can be actvated n a sesson. (9) ActvePRoleInS s actvated poston role n a gven sesson. Defnton 3: Cross-doman atom relatons Cross-doman authorzaton manly ncludes the followng atom relatons: (1) CrossDomMap s cross-doman role mappng relatonshp, whch maps In-role n the ntal doman to Out-role n the target doman. It makes the In-role n the ntal doman to obtan the permsson of Out-role n the target doman. Ths relaton s not transtve and symmetry. It s undrectonal relaton mentoned above. dom Copyrght c 2015 SERSC 347
6 Internatonal Journal of Securty and Its Applcatons (2) CrossUserFoundS s the relatonshp from user n the ntal doman to the sesson n the target doman. (3) CrossPStatcMutex, CrossPDynamcMutex are cross-doman statc and dynamc mutually exclusve relatonshp of In-role n the ntal doman. It s the extended relatonshp of statc and dynamc mutually exclusve relatonshp of Out-role n the target doman. Defnton 4: Complex relatons Based on defnton 7 and defnton 8, plex relatons can be posed. The followng are some examples. (1) UserHasPrms AssgnedUser PRoleMapARole ARoleHasPrms (2) PRoleHasPrms PRoleMapARole ARoleHasPrms (3) PRoleHasPrms PRoleMapARole ARoleHasPrms (4) ActvePrmsInS ActvePRoleInS PRoleMapARole ARoleHasPrms Due to space lmtaton, only parts of relatons are presented n defnton 2,defnton 3, defnton 4 and Fgure 2. Defnton 5: Cross-doman permsson management operatons Due to space lmtaton, only some key operatons referred to cross-doman authorzaton are presented. It s assumed that, means the name of management doman, and. There are several operatons n the model, such as assgnng poston role to a user, establshng cross-doman undrectonal role mappng, establshng cross-doman sesson of access resource and so on. Take the thrd operaton above as an example, whch s defned as follows. Operaton: Establshng cross-doman sesson of access resource Create _ CrossSesson( user, s, prole ) ( USER( user ) PROLEMO( prole ) UserHasCrossPRole( user, prole ))?; dom dom ( PDynamcMutex( prole, UserActveCrossPRole. user )?; dom ( ADynamcMutex( PRoleMapARole. prole, UserActveARole. user ))?; ConSatfy( UserHasCon. user, PrmsHasCon.( PRoleHasPrms. prole ))?; ValSatfy( ValOfAttr.( UserHasAttr. user ), ( ValOfAttr.( PrmsHasAttr.( AssgnedARole.( PRoleMapARole. prole )))))?; ({ S( s ), UserFoundS( user, s ), ActvePRoleInS( s, prole )}, { S( s ), UserFoundS( user, s ), ActvePRoleInS( s, prole ), ActveARoleInS( s, PRoleMapARole. prole ), ActvePrmsInS( s, AssgnedARole.( PRoleMapARole. prole )), UserActveCrossPRole( user, prole ), UserActveCrossARole( user, PRoleMapARole. prole ), UserActveCrossPrms( user, PRoleMapARole. prole )}); UpdateValOfUserAttr( user )) The steps are as follows: 1 check whether prole s assgned to user through crossdoman operatons; 2 check whether prole s not dynamc mutually exclusve wth user s actve poston role n the target doman ; 3 check whether the applcaton role mapped from prole s not dynamc mutually exclusve wth user s actve applcaton role 348 Copyrght c 2015 SERSC
7 Internatonal Journal of Securty and Its Applcatons n the target doman; 4 check whether the current state of users satsfy the condtons of access permssons; 5 check whether the attrbute values of users n ths sesson are satsfed wth the condtons of access permssons; 6 create sesson for the user user, and actvate the correspondng poston roles, applcaton roles and permssons; 7 update the user s attrbutes. 5. Securty Analyss of the Model Accordng to securty and autonomy prncples of secure nteroperaton [16], securty n cross-doman authorzaton management should abde by the followng prncples: Prncple C1: the cross-doman role mappng shouldn t affect the ntra-doman permssons of users. Prncple C2: the statc mutually constrants won t be volated because of the crossdoman role mappng between the role n the ntal doman and that n the target doman. Prncple C3: the dynamc mutually constrants won t be volated because of the crossdoman role mappng. The method to ensure the satsfcaton of above prncples s to check whether the statc or dynamc duty of separaton may be volated because of the cross-doman role mappng. In other words, the model should ensure that the followng formulas mustn t be satsfed durng the cross-doman undrectonal role mappng. f1: PROLE ( prole ) PRMS ( prms ) PRoleHasCrossPrms ( prole, prms ) f2: PStatcMutex ( prole, prole ') UserHasCrossPRole ( user, prole ) UserHasCrossPRole ( user, prole ') f3: PDynamcMutex ( prole, prole ') UserActveCrossPRole ( user, prole ) UserActveCrossPRole ( user, prole ') Take formula f1 as an example, and the process of checkng ts satsfacton s shown as follows. Proof: the formula f1 can t be satsfed. The formula f1 manly checks whether the permsson of the poston roles n the local doman wll ncrease because of cross-doman mappng. The man dea s that, suppose the poston role prole ddn t own the permsson prms n the nternal doman, and then check whether the formula f1 s satsfed after the role mappng. After role mappng, the reason why there are changes on the permssons of the poston role n the ntal doman s that, the cross-doman role mappng and role herarchy form a crcle of permsson flow, brngng the mplct promoton of prvlege of the poston roles n the ntal doman. Because the cross-doman role mappng operaton Creat _ CrossMap requres that the start pont of the mappng should be In-role and the end pont should be Out-role, the crcle reles on both cross-doman role mappng and role herarchy n the ntra-doman. Fgure 3 llustrates that cross-doman role mappng and role herarchy, construst a mappng chan from the start pont n the ntal doman to tself, where Fgure 3(a) s an example between two domans and Fgure 3(b) among multple domans. Copyrght c 2015 SERSC 349
8 Internatonal Journal of Securty and Its Applcatons n pr n pr n ' pr ar pr pr 1 p ar pr pr ' pr ' p pr ' pr 1 ' 1 (a)role mappng between two doman (b) role mappng among mult-doman Fgure 3. Cross-Doman Role Mappng and Role Herarchy Formng Crcle of Permsson Flow Take Fgure 3(a) as an example to prove the satsfacton of formula f1. Frst, suppose that the role pr ' n doman s related to ts senor role pr through the cross-doman role mappng CrossDomMap ( pr', pr ), CrossDomMap ( pr', pr ), the role herarchy HasChldPRole ( pr, pr ') between role pr and pr '. Then, check whether the permssons of role pr ' wll ncrease through the mappng chan pr ' pr pr ', obtanng the permssons of ts senor role pr. The state of Fgure 3(a) can be expressed by the followng formulas: A ={ PROLE ( pr ), PROLE ( pr '), AROLE ( ar ), PRMS ( p ), PROLE ( pr 1), PROLE( pr ), HasChldPRole ( pr, pr '), HasChldPRole ( pr, pr '), 1 PRoleHasPrms ( pr, p ), PRoleHasPrms ( pr, p ), CrossDomMap ( pr', pr ), CrossDomMap ( pr, pr ) } Based on CrossDomMap ( pr', pr ), CrossDomMap ( pr', pr ) and HasChldPRole ( pr, pr '), though role pr ' s assocated wth pr through operaton Creat _ CrossMap, there aren t permssons transmttng n the mappng chan pr ' pr pr ' because of the followng reasons. Because cross-doman role mappng s undrectonal, pr can t gan excessve permssons of outer doman, and can only transmt permsson n doman to pr '. Therefore, t can t transmt the permssons of any outer doman, ncludng the ntal doman, to role pr '. Accordng to the defnton of the relaton between poston roles, there s no permsson nhertance relaton between a poston role and ts subordnate role. So role pr can t nhert the permssons of pr '. Based on the analyss above, the cross-doman undrectonal role mappng won t make the permssons of poston role n the ntra doman ncrease. The concluson s effectve for multple domans as Fgure 3(b) as well. Based on the dscusson above, t s easy to know that formula f1 s not tenable and the prncple C1 s satsfed. The formula f2 and formula f3 can be proved n the same way. 6. An Example of Cross-Doman Authorzaton An example s present to llustrate the applcaton of the cross-doman authorzaton management model for mult-level hybrd cloud putng. 350 Copyrght c 2015 SERSC
9 Internatonal Journal of Securty and Its Applcatons Suppose that a school un cooperates wth a pany to do some research. Durng the cooperaton, there are two poston roles named admnstrator and developer n the pany. For better resource sharng, cooperaton and secure resource access, a new role named as parner un s ntroduced nto the poston role set of the school, used to map the roles of outer doman. The poston role parner un s mapped to applcaton role user un n un through the relaton PRolrMapARole ( parner un, user un ). And the poston role developer n s mapped to parner un n the school through cross-doman mappng relatons CrossDomMap ( developer, parner un ). Suppose zhang s a user n the pany, who was assgned role developer, and then obtaned the outer-doman role parner un through cross-doman role mappng. The example s shown as Fgure 4. dowwnload zhang developer partner user browse un Fgure 4. An Example of Cross Doman Role Mappng and Authorzaton The process of cross-doman access by user Create _ CrossSesson( zhang, s, partner ) un un zhang s presented as follows: ( USER( zhang ) PROLER( partner ) UserHasCrossPRole( zhang, partner ))?; un un ( PDynamcMutex( zhang, UserActveCrossPRole. zhang ))?; ( ADynamcMutex( PRoleMapARole. partner, UserActveARole. zhang ))?; ConSatfy( UserHasCon. zhang, Pr mshascon. download )?; ValSatfy( ValOfAttr.( UserHasAttr. zhang ), un ( ValOfAttr.( Pr mshasattr.( AssgnedARole.( PRoleMapARole. partner )))))?; ({ S( s ), UserFoundS( zhang, s ), ActvePRoleInS( s, partner )}, un un un un { S( s ), UserFoundS( zhang, s ), ActvePRoleInS ( s, partner ) un un un un ActveARoleInS ( s, PRoleMapARole. partner ), un Actve Pr msins ( s, AssgnedARole.( PRoleMapARole. partner )), un UserActveCrossPRole( zhang, partner ), UserActveCrossARole( zhang, PRoleMapARole. partner ), UserActveCross Pr ms( zhang, PRoleMapARole. partner )}); UpdateValOfUserAttr( zhang ) Based on the current state, the attrbute of the user zhang can satsfy the condton of executng the operaton Create _ CrossSesson ( zhang, sun, partner un ). So the request s allowed and zhang can access the requested resources. un un un un un un un Copyrght c 2015 SERSC 351
10 Internatonal Journal of Securty and Its Applcatons From the example above, t s not dffcult to conclude that the cross-doman authorzaton management model for mult-levels hybrd cloud putng s effectve and feasble n resolvng the authorzaton of cross-doman envronment. 7. Concluson Due to the securty problems of the cross-cloud, cross-level and cross-doman n multlevels hybrd cloud putng, the sngleness of the role establshment method, the mplct promoton of prvlege and the separaton of dutes conflct, a cross-doman authorzaton management model for mult-levels hybrd cloud putng was proposed. Based on the role splttng, a novel two-ter role archtecture of poston role and applcaton role was ntroduced nto the model to satsfy the practcal needs of organzaton level and applcaton level at the same tme. Undrectonal role mappng was presented to realze the secure cross-doman authorzaton and nteroperaton. Attrbutes, condtons and other dynamc elements are ntroduced to provde dynamc and fnegraned authorzaton wth better adaptablty. The dynamc descrpton logc was used to descrbe and characterze the model. The securty of the model was analyzed wth the reasonng functon of dynamc descrpton logc, showng that the model satsfes the prncple of autonomy and securty. Fnally, the feasblty, practcalty and effectveness of the model are llustrated through an example of cross-doman authorzaton. References [1] A. Kapada, J. Al-Muhtad, CAMPBELL D, et al. IRBAC 2000:Secure Interoperablty Usng Dynamc Role Translaton[R]. Chcago: Unversty of Illnos, (2000). [2] E. Freudenthal, T. Pesn, L. Port, drbac: Dstrbuted role-based access control for dynamc coalton envronment[c]. In Proceedngs of the 22nd Internatonal Conference on Dstrbuted Computng Systems, Pscataway, NJ: IEEE Press, (2002), pp [3] B. Shafq, J B D Josh, E. Benno, Secure nteroperaton n a mult doman envronment employng RBAC polces[j], IEEE Transactons on Knowledge and Data Engneerng, vol. 17, no. 11, (2005) pp [4] S. Mohamed, B. Elsa, G. Arf, SERAT: secure role mappng technque for decentralzed secure nteroperablty[c], In Proceedngs of ACM Symposum on Access Control Models and Technologes. New York: ACM Press, (2005), pp [5] L. Ruxuan, H. Jngwe, T. Zhuo. R2BAC:a rsk-based mult-doman secure nteroperaton model [J] Journal of Communcatons, vol. 29, no. 10, (2008), pp [6] Z. Yang, L. Yang, X-yang Luo, et al. Model of Doman based RBAC and Supportng Technologes[J], JOURNAL OF COMPUTERS, vol. 8, no. 5, (2013), pp [7] E. Freudenthal, T. Pesn, et al. drbac: Dstrbuted Role-based Access Control for Dynamc Coalton Envronments[C], Proceedngs of the 22nd Internatonal Conference on Dstrbuted Computng Systems (ICDCS 02). IEEE Computer Socety, (2002). [8] L. Junguo, H. Fan, Y. Quwe et.al., Toward Securty Analyss of the drbac Model[J]. Journal of Chnese Computer Systems vol. 28, no. 7, (2007), pp [9] G. Dongheng. Research on mult-doman securty nteroperaton[d], Chong Qng: Chong Qng Unversty Master Degree Dsserton.(2013). [10] Y. Chunxao, G. Dongheng, Research on secure nteroperaton n mult-doman envronment[j] Journal of Computer Applcatons vol. 32, no. 12, (2012), pp [11] S. Zhongzh, D. Mnka, J. Yuncheng, Logc Bass of Semantc Web [J], Scence n Chna, vol. 34, no. 10, (2004), pp [12] C. Lang, S. Zhongzh, C. Lmn, Fmaly of Extended Dynamc Descrpton Logcs[J],Journal of Software, vol. 21, no. 01,(2010), pp [13] C. Lang, S. Zhongzh, Q. Lrong, A Tableau Decson Algorthm for Dynamc Descrpton Logc[J], Chnese Journal of Computers, vol. 31, no. 06, (2008), pp [14] C. Lang, C. Lmn, Acton Theory Based on the Dynamc Descrpton Logc DDL[D]. Computer Scence, vol. 38, no. 7, (2011), pp [15] R. Zhyu, C. Xngyuan, S. Dbn, Cross-doman authorzaton management model based on two-ter role mappng, Joumal of Computer Applcatons, vol. 33, no. 9, (2013), pp [16] L. Gong and X. Qan, Computatonal ssues n secure nteroperaton[c], IEEE Transactons on Software and Engneerng, vol. 22, no. 1, (1996), pp Copyrght c 2015 SERSC
A Secure Password-Authenticated Key Agreement Using Smart Cards
A Secure Password-Authentcated Key Agreement Usng Smart Cards Ka Chan 1, Wen-Chung Kuo 2 and Jn-Chou Cheng 3 1 Department of Computer and Informaton Scence, R.O.C. Mltary Academy, Kaohsung 83059, Tawan,
More informationA Generalized Temporal and Spatial Role-Based Access Control Model
92 JOURNAL OF NETWORKS, VOL. 5, NO. 8, AUGUST 200 A Generalzed Temporal Spatal Role-Based Access Control Model + Natonal Central Polce Unverst/ Depart. of Informaton Management, Taouan, Tawan E-mal: swang@mal.cpu.edu.tw
More informationThe Development of Web Log Mining Based on Improve-K-Means Clustering Analysis
The Development of Web Log Mnng Based on Improve-K-Means Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.
More informationImproved SVM in Cloud Computing Information Mining
Internatonal Journal of Grd Dstrbuton Computng Vol.8, No.1 (015), pp.33-40 http://dx.do.org/10.1457/jgdc.015.8.1.04 Improved n Cloud Computng Informaton Mnng Lvshuhong (ZhengDe polytechnc college JangSu
More informationSome literature also use the term Process Control
A Formal Approach for Internal Controls Complance n Busness Processes Koumars Namr 1, Nenad Stojanovc 2 1 SAP Research Center CEC Karlsruhe, SAP AG, Vncenz-Preßntz-Str.1 76131 Karlsruhe, Germany Koumars.Namr@sap.com
More informationFault tolerance in cloud technologies presented as a service
Internatonal Scentfc Conference Computer Scence 2015 Pavel Dzhunev, PhD student Fault tolerance n cloud technologes presented as a servce INTRODUCTION Improvements n technques for vrtualzaton and performance
More informationA DYNAMIC CUSTOMIZABLE ARCHITECTURE FOR SAAS BASED PLATFORM
A DYNAMIC CUSTOMIZABLE ARCHITECTURE FOR SAAS BASED PLATFORM 1 WEIZHI LIAO, 2 LINFU SUN 1 School of Electromechancal Engneerng, UESTC of Chna, Chengdu 610054, Chna 2 CAD Engneerng Center, Southwest JIAOTONG
More informationStudy on Model of Risks Assessment of Standard Operation in Rural Power Network
Study on Model of Rsks Assessment of Standard Operaton n Rural Power Network Qngj L 1, Tao Yang 2 1 Qngj L, College of Informaton and Electrcal Engneerng, Shenyang Agrculture Unversty, Shenyang 110866,
More informationA Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing
www.ijcsi.org 159 A Novel Problem-solvng Metrc for Future Internet Routng Based on Vrtualzaton and Cloud-computng Rujuan Zheng, Mngchuan Zhang, Qngtao Wu, Wangyang We and Haxa Zhao Electronc & Informaton
More informationOpen Access A Load Balancing Strategy with Bandwidth Constraint in Cloud Computing. Jing Deng 1,*, Ping Guo 2, Qi Li 3, Haizhu Chen 1
Send Orders for Reprnts to reprnts@benthamscence.ae The Open Cybernetcs & Systemcs Journal, 2014, 8, 115-121 115 Open Access A Load Balancng Strategy wth Bandwdth Constrant n Cloud Computng Jng Deng 1,*,
More informationSurvey on Virtual Machine Placement Techniques in Cloud Computing Environment
Survey on Vrtual Machne Placement Technques n Cloud Computng Envronment Rajeev Kumar Gupta and R. K. Paterya Department of Computer Scence & Engneerng, MANIT, Bhopal, Inda ABSTRACT In tradtonal data center
More informationResource Scheduling Based on Dynamic Dependence Injection in Virtualization-based Simulation Grid
Proceedngs of the 200 4th Internatonal Conference on Computer Supported Cooperatve Work n Desgn Resource Schedulng Based on Dynamc Dependence Injecton n Vrtualzaton-based Smulaton Grd Hanbng Lu,Hongy Su,
More informationForecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network
700 Proceedngs of the 8th Internatonal Conference on Innovaton & Management Forecastng the Demand of Emergency Supples: Based on the CBR Theory and BP Neural Network Fu Deqang, Lu Yun, L Changbng School
More informationResearch of concurrency control protocol based on the main memory database
Research of concurrency control protocol based on the man memory database Abstract Yonghua Zhang * Shjazhuang Unversty of economcs, Shjazhuang, Shjazhuang, Chna Receved 1 October 2014, www.cmnt.lv The
More informationResearch of Network System Reconfigurable Model Based on the Finite State Automation
JOURNAL OF NETWORKS, VOL., NO. 5, MAY 24 237 Research of Network System Reconfgurable Model Based on the Fnte State Automaton Shenghan Zhou and Wenbng Chang School of Relablty and System Engneerng, Behang
More informationResearch on Privacy Protection Approach for Cloud Computing Environments
, pp. 113-120 http://dx.do.org/10.14257/jsa.2015.9.3.11 Research on Prvacy Protecton Approach for Cloud Computng Envronments Xaohu L 1,2, Hongxng Lang 3 and Dan Ja 1 1 College of Electrcal and Informaton
More informationExtending Probabilistic Dynamic Epistemic Logic
Extendng Probablstc Dynamc Epstemc Logc Joshua Sack May 29, 2008 Probablty Space Defnton A probablty space s a tuple (S, A, µ), where 1 S s a set called the sample space. 2 A P(S) s a σ-algebra: a set
More informationA Programming Model for the Cloud Platform
Internatonal Journal of Advanced Scence and Technology A Programmng Model for the Cloud Platform Xaodong Lu School of Computer Engneerng and Scence Shangha Unversty, Shangha 200072, Chna luxaodongxht@qq.com
More informationANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING
ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING Matthew J. Lberatore, Department of Management and Operatons, Vllanova Unversty, Vllanova, PA 19085, 610-519-4390,
More informationResearch on Transformation Engineering BOM into Manufacturing BOM Based on BOP
Appled Mechancs and Materals Vols 10-12 (2008) pp 99-103 Onlne avalable snce 2007/Dec/06 at wwwscentfcnet (2008) Trans Tech Publcatons, Swtzerland do:104028/wwwscentfcnet/amm10-1299 Research on Transformaton
More informationNetwork Security Situation Evaluation Method for Distributed Denial of Service
Network Securty Stuaton Evaluaton Method for Dstrbuted Denal of Servce Jn Q,2, Cu YMn,2, Huang MnHuan,2, Kuang XaoHu,2, TangHong,2 ) Scence and Technology on Informaton System Securty Laboratory, Bejng,
More informationA Performance Analysis of View Maintenance Techniques for Data Warehouses
A Performance Analyss of Vew Mantenance Technques for Data Warehouses Xng Wang Dell Computer Corporaton Round Roc, Texas Le Gruenwald The nversty of Olahoma School of Computer Scence orman, OK 739 Guangtao
More informationResearch on Evaluation of Customer Experience of B2C Ecommerce Logistics Enterprises
3rd Internatonal Conference on Educaton, Management, Arts, Economcs and Socal Scence (ICEMAESS 2015) Research on Evaluaton of Customer Experence of B2C Ecommerce Logstcs Enterprses Yle Pe1, a, Wanxn Xue1,
More informationModule 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module LOSSLESS IMAGE COMPRESSION SYSTEMS Lesson 3 Lossless Compresson: Huffman Codng Instructonal Objectves At the end of ths lesson, the students should be able to:. Defne and measure source entropy..
More informationRESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo.
ICSV4 Carns Australa 9- July, 007 RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL Yaoq FENG, Hanpng QIU Dynamc Test Laboratory, BISEE Chna Academy of Space Technology (CAST) yaoq.feng@yahoo.com Abstract
More informationAn Integrated Approach of AHP-GP and Visualization for Software Architecture Optimization: A case-study for selection of architecture style
Internatonal Journal of Scentfc & Engneerng Research Volume 2, Issue 7, July-20 An Integrated Approach of AHP-GP and Vsualzaton for Software Archtecture Optmzaton: A case-study for selecton of archtecture
More informationCanon NTSC Help Desk Documentation
Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent
More informationA Dynamic Load Balancing for Massive Multiplayer Online Game Server
A Dynamc Load Balancng for Massve Multplayer Onlne Game Server Jungyoul Lm, Jaeyong Chung, Jnryong Km and Kwanghyun Shm Dgtal Content Research Dvson Electroncs and Telecommuncatons Research Insttute Daejeon,
More informationRecurrence. 1 Definitions and main statements
Recurrence 1 Defntons and man statements Let X n, n = 0, 1, 2,... be a MC wth the state space S = (1, 2,...), transton probabltes p j = P {X n+1 = j X n = }, and the transton matrx P = (p j ),j S def.
More informationBUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK. 0688, dskim@ssu.ac.kr
Proceedngs of the 41st Internatonal Conference on Computers & Industral Engneerng BUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK Yeong-bn Mn 1, Yongwoo Shn 2, Km Jeehong 1, Dongsoo
More informationA New Task Scheduling Algorithm Based on Improved Genetic Algorithm
A New Task Schedulng Algorthm Based on Improved Genetc Algorthm n Cloud Computng Envronment Congcong Xong, Long Feng, Lxan Chen A New Task Schedulng Algorthm Based on Improved Genetc Algorthm n Cloud Computng
More informationA Dynamic Energy-Efficiency Mechanism for Data Center Networks
A Dynamc Energy-Effcency Mechansm for Data Center Networks Sun Lang, Zhang Jnfang, Huang Daochao, Yang Dong, Qn Yajuan A Dynamc Energy-Effcency Mechansm for Data Center Networks 1 Sun Lang, 1 Zhang Jnfang,
More informationA hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm
Avalable onlne www.ocpr.com Journal of Chemcal and Pharmaceutcal Research, 2014, 6(7):1884-1889 Research Artcle ISSN : 0975-7384 CODEN(USA) : JCPRC5 A hybrd global optmzaton algorthm based on parallel
More informationA Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression
Novel Methodology of Workng Captal Management for Large Publc Constructons by Usng Fuzzy S-curve Regresson Cheng-Wu Chen, Morrs H. L. Wang and Tng-Ya Hseh Department of Cvl Engneerng, Natonal Central Unversty,
More informationMultiple-Period Attribution: Residuals and Compounding
Multple-Perod Attrbuton: Resduals and Compoundng Our revewer gave these authors full marks for dealng wth an ssue that performance measurers and vendors often regard as propretary nformaton. In 1994, Dens
More informationPerformance Management and Evaluation Research to University Students
631 A publcaton of CHEMICAL ENGINEERING TRANSACTIONS VOL. 46, 2015 Guest Edtors: Peyu Ren, Yancang L, Hupng Song Copyrght 2015, AIDIC Servz S.r.l., ISBN 978-88-95608-37-2; ISSN 2283-9216 The Italan Assocaton
More informationAn Alternative Way to Measure Private Equity Performance
An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate
More informationFORMAL ANALYSIS FOR REAL-TIME SCHEDULING
FORMAL ANALYSIS FOR REAL-TIME SCHEDULING Bruno Dutertre and Vctora Stavrdou, SRI Internatonal, Menlo Park, CA Introducton In modern avoncs archtectures, applcaton software ncreasngly reles on servces provded
More informationSet. algorithms based. 1. Introduction. System Diagram. based. Exploration. 2. Index
ISSN (Prnt): 1694-0784 ISSN (Onlne): 1694-0814 www.ijcsi.org 236 IT outsourcng servce provder dynamc evaluaton model and algorthms based on Rough Set L Sh Sh 1,2 1 Internatonal School of Software, Wuhan
More information"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *
Iranan Journal of Scence & Technology, Transacton B, Engneerng, ol. 30, No. B6, 789-794 rnted n The Islamc Republc of Iran, 006 Shraz Unversty "Research Note" ALICATION OF CHARGE SIMULATION METHOD TO ELECTRIC
More informationProfit-Aware DVFS Enabled Resource Management of IaaS Cloud
IJCSI Internatonal Journal of Computer Scence Issues, Vol. 0, Issue, No, March 03 ISSN (Prnt): 694-084 ISSN (Onlne): 694-0784 www.ijcsi.org 37 Proft-Aware DVFS Enabled Resource Management of IaaS Cloud
More informationMulti-sensor Data Fusion for Cyber Security Situation Awareness
Avalable onlne at www.scencedrect.com Proceda Envronmental Scences 0 (20 ) 029 034 20 3rd Internatonal Conference on Envronmental 3rd Internatonal Conference on Envronmental Scence and Informaton Applcaton
More informationAn Interest-Oriented Network Evolution Mechanism for Online Communities
An Interest-Orented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne
More informationThe Pricing Strategy of the Manufacturer with Dual Channel under Multiple Competitions
Internatonal Journal of u-and e-servce, Scence and Technology Vol.7, No.4 (04), pp.3-4 http://dx.do.org/0.457/junnesst.04.7.4. The Prcng Strategy of the Manufacturer wth Dual Channel under Multple Compettons
More informationForecasting the Direction and Strength of Stock Market Movement
Forecastng the Drecton and Strength of Stock Market Movement Jngwe Chen Mng Chen Nan Ye cjngwe@stanford.edu mchen5@stanford.edu nanye@stanford.edu Abstract - Stock market s one of the most complcated systems
More informationP2P/ Grid-based Overlay Architecture to Support VoIP Services in Large Scale IP Networks
PP/ Grd-based Overlay Archtecture to Support VoIP Servces n Large Scale IP Networks We Yu *, Srram Chellappan # and Dong Xuan # * Dept. of Computer Scence, Texas A&M Unversty, U.S.A. {weyu}@cs.tamu.edu
More informationEfficient Project Portfolio as a tool for Enterprise Risk Management
Effcent Proect Portfolo as a tool for Enterprse Rsk Management Valentn O. Nkonov Ural State Techncal Unversty Growth Traectory Consultng Company January 5, 27 Effcent Proect Portfolo as a tool for Enterprse
More informationDBA-VM: Dynamic Bandwidth Allocator for Virtual Machines
DBA-VM: Dynamc Bandwdth Allocator for Vrtual Machnes Ahmed Amamou, Manel Bourguba, Kamel Haddadou and Guy Pujolle LIP6, Perre & Mare Cure Unversty, 4 Place Jusseu 755 Pars, France Gand SAS, 65 Boulevard
More informationDesign and Development of a Security Evaluation Platform Based on International Standards
Internatonal Journal of Informatcs Socety, VOL.5, NO.2 (203) 7-80 7 Desgn and Development of a Securty Evaluaton Platform Based on Internatonal Standards Yuj Takahash and Yoshm Teshgawara Graduate School
More informationA Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks
Journal of Convergence Informaton Technology A Novel Adaptve Load Balancng Routng Algorthm n Ad hoc Networks Zhu Bn, Zeng Xao-png, Xong Xan-sheng, Chen Qan, Fan Wen-yan, We Geng College of Communcaton
More informationAN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS
Internatonal Journal of Network Securty & Its Applcatons (IJNSA), Vol.5, No.3, May 2013 AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Len Harn 1 and Changlu Ln 2 1 Department of Computer Scence
More informationNEURO-FUZZY INFERENCE SYSTEM FOR E-COMMERCE WEBSITE EVALUATION
NEURO-FUZZY INFERENE SYSTEM FOR E-OMMERE WEBSITE EVALUATION Huan Lu, School of Software, Harbn Unversty of Scence and Technology, Harbn, hna Faculty of Appled Mathematcs and omputer Scence, Belarusan State
More informationA Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing
A Replcaton-Based and Fault Tolerant Allocaton Algorthm for Cloud Computng Tork Altameem Dept of Computer Scence, RCC, Kng Saud Unversty, PO Box: 28095 11437 Ryadh-Saud Araba Abstract The very large nfrastructure
More informationDynamic Fleet Management for Cybercars
Proceedngs of the IEEE ITSC 2006 2006 IEEE Intellgent Transportaton Systems Conference Toronto, Canada, September 17-20, 2006 TC7.5 Dynamc Fleet Management for Cybercars Fenghu. Wang, Mng. Yang, Ruqng.
More informationGenetic Algorithm Based Optimization Model for Reliable Data Storage in Cloud Environment
Advanced Scence and Technology Letters, pp.74-79 http://dx.do.org/10.14257/astl.2014.50.12 Genetc Algorthm Based Optmzaton Model for Relable Data Storage n Cloud Envronment Feng Lu 1,2,3, Hatao Wu 1,3,
More informationA DATA MINING APPLICATION IN A STUDENT DATABASE
JOURNAL OF AERONAUTICS AND SPACE TECHNOLOGIES JULY 005 VOLUME NUMBER (53-57) A DATA MINING APPLICATION IN A STUDENT DATABASE Şenol Zafer ERDOĞAN Maltepe Ünversty Faculty of Engneerng Büyükbakkalköy-Istanbul
More informationAnts Can Schedule Software Projects
Ants Can Schedule Software Proects Broderck Crawford 1,2, Rcardo Soto 1,3, Frankln Johnson 4, and Erc Monfroy 5 1 Pontfca Unversdad Católca de Valparaíso, Chle FrstName.Name@ucv.cl 2 Unversdad Fns Terrae,
More informationMinimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures
Mnmal Codng Network Wth Combnatoral Structure For Instantaneous Recovery From Edge Falures Ashly Joseph 1, Mr.M.Sadsh Sendl 2, Dr.S.Karthk 3 1 Fnal Year ME CSE Student Department of Computer Scence Engneerng
More informationRequIn, a tool for fast web traffic inference
RequIn, a tool for fast web traffc nference Olver aul, Jean Etenne Kba GET/INT, LOR Department 9 rue Charles Fourer 90 Evry, France Olver.aul@nt-evry.fr, Jean-Etenne.Kba@nt-evry.fr Abstract As networked
More informationA Hierarchical Reliability Model of Service-Based Software System
2009 33rd Annual IEEE Internatonal Computer Software and Applcatons Conference A Herarchcal Relablty Model of Servce-Based Software System Lun Wang, Xaoyng Ba, Lzhu Zhou Department of Computer Scence and
More informationA Load-Balancing Algorithm for Cluster-based Multi-core Web Servers
Journal of Computatonal Informaton Systems 7: 13 (2011) 4740-4747 Avalable at http://www.jofcs.com A Load-Balancng Algorthm for Cluster-based Mult-core Web Servers Guohua YOU, Yng ZHAO College of Informaton
More informationA role based access in a hierarchical sensor network architecture to provide multilevel security
1 A role based access n a herarchcal sensor network archtecture to provde multlevel securty Bswajt Panja a Sanjay Kumar Madra b and Bharat Bhargava c a Department of Computer Scenc Morehead State Unversty
More informationPricing Model of Cloud Computing Service with Partial Multihoming
Prcng Model of Cloud Computng Servce wth Partal Multhomng Zhang Ru 1 Tang Bng-yong 1 1.Glorous Sun School of Busness and Managment Donghua Unversty Shangha 251 Chna E-mal:ru528369@mal.dhu.edu.cn Abstract
More informationTo manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.
Corporate Polces & Procedures Human Resources - Document CPP216 Leave Management Frst Produced: Current Verson: Past Revsons: Revew Cycle: Apples From: 09/09/09 26/10/12 09/09/09 3 years Immedately Authorsaton:
More informationIT09 - Identity Management Policy
IT09 - Identty Management Polcy Introducton 1 The Unersty needs to manage dentty accounts for all users of the Unersty s electronc systems and ensure that users hae an approprate leel of access to these
More informationIMPACT ANALYSIS OF A CELLULAR PHONE
4 th ASA & μeta Internatonal Conference IMPACT AALYSIS OF A CELLULAR PHOE We Lu, 2 Hongy L Bejng FEAonlne Engneerng Co.,Ltd. Bejng, Chna ABSTRACT Drop test smulaton plays an mportant role n nvestgatng
More informationA New Service Pricing Mechanism based on Coalition Game Theory in
A New Servce Prcng Mechansm based on Coalton Game Theory n Cloud Servce A New Servce Prcng Mechansm based on Coalton Game Theory n Cloud Servce 1 Luyun Xu, 2 Yunsheng Zhang *1, Frst Author, Correspondng
More informationOptimization Model of Reliable Data Storage in Cloud Environment Using Genetic Algorithm
Internatonal Journal of Grd Dstrbuton Computng, pp.175-190 http://dx.do.org/10.14257/gdc.2014.7.6.14 Optmzaton odel of Relable Data Storage n Cloud Envronment Usng Genetc Algorthm Feng Lu 1,2,3, Hatao
More informationThe Greedy Method. Introduction. 0/1 Knapsack Problem
The Greedy Method Introducton We have completed data structures. We now are gong to look at algorthm desgn methods. Often we are lookng at optmzaton problems whose performance s exponental. For an optmzaton
More informationPAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign
PAS: A Packet Accountng System to Lmt the Effects of DoS & DDoS Debsh Fesehaye & Klara Naherstedt Unversty of Illnos-Urbana Champagn DoS and DDoS DDoS attacks are ncreasng threats to our dgtal world. Exstng
More informationAn ILP Formulation for Task Mapping and Scheduling on Multi-core Architectures
An ILP Formulaton for Task Mappng and Schedulng on Mult-core Archtectures Yng Y, We Han, Xn Zhao, Ahmet T. Erdogan and Tughrul Arslan Unversty of Ednburgh, The Kng's Buldngs, Mayfeld Road, Ednburgh, EH9
More informationA heuristic task deployment approach for load balancing
Xu Gaochao, Dong Yunmeng, Fu Xaodog, Dng Yan, Lu Peng, Zhao Ja Abstract A heurstc task deployment approach for load balancng Gaochao Xu, Yunmeng Dong, Xaodong Fu, Yan Dng, Peng Lu, Ja Zhao * College of
More informationWatermark-based Provable Data Possession for Multimedia File in Cloud Storage
Vol.48 (CIA 014), pp.103-107 http://dx.do.org/10.1457/astl.014.48.18 Watermar-based Provable Data Possesson for Multmeda Fle n Cloud Storage Yongjun Ren 1,, Jang Xu 1,, Jn Wang 1,, Lmng Fang 3, Jeong-U
More information2008/8. An integrated model for warehouse and inventory planning. Géraldine Strack and Yves Pochet
2008/8 An ntegrated model for warehouse and nventory plannng Géraldne Strack and Yves Pochet CORE Voe du Roman Pays 34 B-1348 Louvan-la-Neuve, Belgum. Tel (32 10) 47 43 04 Fax (32 10) 47 43 01 E-mal: corestat-lbrary@uclouvan.be
More informationAn Architecture for Virtual Organization (VO)-Based Effective Peering of Content Delivery Networks
An Archtecture for Vrtual Organzaton (VO-Based Effectve Peerng of Content Delvery Networks Al-Mukaddm Khan Pathan, James Broberg, Krs Bubendorfer*, Kyong Hoon Km, Rajkumar Buyya Grd Computng and Dstrbuted
More informationA new anonymity-based protocol preserving privacy based cloud environment
Abstract A new anonymty-based protocol preservng prvacy based cloud envronment Jan Wang 1*, Le Wang 2 1 College of Computer and Informaton Engneerng, Henan Unversty of Economcs and Law, Chna 2 SIAS Internatonal
More informationAn MILP model for planning of batch plants operating in a campaign-mode
An MILP model for plannng of batch plants operatng n a campagn-mode Yanna Fumero Insttuto de Desarrollo y Dseño CONICET UTN yfumero@santafe-concet.gov.ar Gabrela Corsano Insttuto de Desarrollo y Dseño
More informationHosting Virtual Machines on Distributed Datacenters
Hostng Vrtual Machnes on Dstrbuted Datacenters Chuan Pham Scence and Engneerng, KyungHee Unversty, Korea pchuan@khu.ac.kr Jae Hyeok Son Scence and Engneerng, KyungHee Unversty, Korea sonaehyeok@khu.ac.kr
More informationLei Liu, Hua Yang Business School, Hunan University, Changsha, Hunan, P.R. China, 410082. Abstract
, pp.377-390 http://dx.do.org/10.14257/jsa.2016.10.4.34 Research on the Enterprse Performance Management Informaton System Development and Robustness Optmzaton based on Data Regresson Analyss and Mathematcal
More informationCredit Limit Optimization (CLO) for Credit Cards
Credt Lmt Optmzaton (CLO) for Credt Cards Vay S. Desa CSCC IX, Ednburgh September 8, 2005 Copyrght 2003, SAS Insttute Inc. All rghts reserved. SAS Propretary Agenda Background Tradtonal approaches to credt
More informationDistributing Functionalities in a SOA-Based Multi-agent Architecture
Dstrbutng Functonaltes n a SOA-Based Mult-agent Archtecture Dante I. Tapa, Javer Bajo, and Juan M. Corchado Departamento Informátca y Automátca Unversdad de Salamanca Plaza de la Merced s/n, 37008, Salamanca,
More informationAn Ad Hoc Network Load Balancing Energy- Efficient Multipath Routing Protocol
246 JOURNA OF SOFTWAR, VO. 9, NO. 1, JANUARY 2014 An Ad Hoc Network oad alancng nergy- ffcent Multpath Routng Protocol De-jn Kong Shanx Fnance and Taxaton College, Tayuan, Chna mal: dejnkong@163.com Xao-lng
More informationAPPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT
APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT Toshhko Oda (1), Kochro Iwaoka (2) (1), (2) Infrastructure Systems Busness Unt, Panasonc System Networks Co., Ltd. Saedo-cho
More informationJoint Dynamic Radio Resource Allocation and Mobility Load Balancing in 3GPP LTE Multi-Cell Network
288 FENG LI, LINA GENG, SHIHUA ZHU, JOINT DYNAMIC RADIO RESOURCE ALLOCATION AND MOBILITY LOAD BALANCING Jont Dynamc Rado Resource Allocaton and Moblty Load Balancng n 3GPP LTE Mult-Cell Networ Feng LI,
More information8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by
6 CHAPTER 8 COMPLEX VECTOR SPACES 5. Fnd the kernel of the lnear transformaton gven n Exercse 5. In Exercses 55 and 56, fnd the mage of v, for the ndcated composton, where and are gven by the followng
More informationINVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS
21 22 September 2007, BULGARIA 119 Proceedngs of the Internatonal Conference on Informaton Technologes (InfoTech-2007) 21 st 22 nd September 2007, Bulgara vol. 2 INVESTIGATION OF VEHICULAR USERS FAIRNESS
More informationFuzzy Set Approach To Asymmetrical Load Balancing In Distribution Networks
Fuzzy Set Approach To Asymmetrcal Load Balancng n Dstrbuton Networks Goran Majstrovc Energy nsttute Hrvoje Por Zagreb, Croata goran.majstrovc@ehp.hr Slavko Krajcar Faculty of electrcal engneerng and computng
More informationReporting Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (including SME Corporate), Sovereign and Bank Instruction Guide
Reportng Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (ncludng SME Corporate), Soveregn and Bank Instructon Gude Ths nstructon gude s desgned to assst n the completon of the FIRB
More informationPartner selection of cloud computing federation based on Markov chains
COMPUER MODELLING & NEW ECHNOLOGIES 2014 18(12B) 590-594 Abstract Partner selecton of cloud computng federaton based on Markov chans Lang Hong 1,2, Changyuan Gao 1* 1 School of Management, Harbn Unversty
More informationA DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS
Bamasak & Zhang: A Dstrbuted Reputaton Management Scheme for Moble Agent-Based Applcatons A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS Omama Bamasak School of Computer
More informationQOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS
QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS Yumng Jang, Chen-Khong Tham, Ch-Chung Ko Department Electrcal Engneerng Natonal Unversty Sngapore 119260 Sngapore Emal: {engp7450,
More informationTraffic State Estimation in the Traffic Management Center of Berlin
Traffc State Estmaton n the Traffc Management Center of Berln Authors: Peter Vortsch, PTV AG, Stumpfstrasse, D-763 Karlsruhe, Germany phone ++49/72/965/35, emal peter.vortsch@ptv.de Peter Möhl, PTV AG,
More informationbenefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).
REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or
More informationA New Approach for Protocol Analysis on Design Activities Using Axiomatic Theory of Design Modeling
A New Approach for Protocol Analyss on Desgn Actvtes Usng Axomatc Theory of Desgn Modelng Shengj Yao and Yong Zeng * Concorda Insttute for Informaton Systems ngneerng Concorda Unversty 455 de Masonneuve
More informationNetwork Services Definition and Deployment in a Differentiated Services Architecture
etwork Servces Defnton and Deployment n a Dfferentated Servces Archtecture E. kolouzou, S. Manats, P. Sampatakos,. Tsetsekas, I. S. Veners atonal Techncal Unversty of Athens, Department of Electrcal and
More informationStatistical Approach for Offline Handwritten Signature Verification
Journal of Computer Scence 4 (3): 181-185, 2008 ISSN 1549-3636 2008 Scence Publcatons Statstcal Approach for Offlne Handwrtten Sgnature Verfcaton 2 Debnath Bhattacharyya, 1 Samr Kumar Bandyopadhyay, 2
More informationResource Management and Organization in CROWN Grid
Resource Management and Organzaton n CROWN Grd Jnpeng Hua, Tanyu Wo, Yunhao Lu Dept. of Computer Scence and Technology, Behang Unversty Dept. of Computer Scence, Hong Kong Unversty of Scence & Technology
More informationConferencing protocols and Petri net analysis
Conferencng protocols and Petr net analyss E. ANTONIDAKIS Department of Electroncs, Technologcal Educatonal Insttute of Crete, GREECE ena@chana.tecrete.gr Abstract: Durng a computer conference, users desre
More informationResearch Article A Time Scheduling Model of Logistics Service Supply Chain with Mass Customized Logistics Service
Hndaw Publshng Corporaton Dscrete Dynamcs n Nature and Socety Volume 01, Artcle ID 48978, 18 pages do:10.1155/01/48978 Research Artcle A Tme Schedulng Model of Logstcs Servce Supply Chan wth Mass Customzed
More informationResearch Article Enhanced Two-Step Method via Relaxed Order of α-satisfactory Degrees for Fuzzy Multiobjective Optimization
Hndaw Publshng Corporaton Mathematcal Problems n Engneerng Artcle ID 867836 pages http://dxdoorg/055/204/867836 Research Artcle Enhanced Two-Step Method va Relaxed Order of α-satsfactory Degrees for Fuzzy
More information