Security Architecture for Sensitive Information Systems

Size: px
Start display at page:

Download "Security Architecture for Sensitive Information Systems"

Transcription

1 Securty Archtecture for Senstve Informaton Systems by Xanpng Wu BCS, MBA, MNC A Thess Submtted n Fulfllment of the Requrements for the Degree of Doctor of Phlosophy Faculty of Informaton Technology Monash Unversty Australa 2009

2 Abstract Protectng senstve nformaton s a growng concern around the globe. Securng crtcal data n all sectors, ncludng the busness, healthcare and mltary sectors, has become the frst prorty of senstve nformaton management. Falng to protect ths asset results n hgh costs and, more mportantly, can also result n lost customers and nvestor confdence and even threaten natonal securty. Senstve nformaton systems consst of three major components: communcaton channel, user nterface and senstve nformaton storage; the protecton of these three components equates to the protecton of senstve nformaton tself. Prevous research n ths area has been lmted due to the employment of long-term shared keys and publc keys. Currently, no complete securty soluton exsts to help protect senstve nformaton n the three components. Issues such as dynamc senstve nformaton ownershp, group authentcaton and authorzaton and prvacy protecton also create challenges for the protecton of senstve nformaton systems. The research descrbed n ths thess s based on dynamc key theory and group key theory to present a novel securty archtecture to enable senstve nformaton systems to overcome these challenges and meet the desred securty goals for the three major components. The proposed securty archtecture conssts of dynamc key management, userorented group key management, authentcaton and authorzaton management and I

3 senstve nformaton management, whch guarantee the securty of the three major components of senstve nformaton systems. Because of the lack of the assessment propertes of nformaton securty models, a new senstve nformaton securty model s also presented n ths thess to evaluate the effectveness of securty archtecture. Ths model proves that the securty archtecture satsfes the securty goals. It can also be used to assess other securty archtectures, and thus makes a valuable contrbuton to the feld of senstve nformaton systems securty. In summary, the proposed securty archtecture offers unque features necessary for the securty of senstve nformaton systems. It also overcomes the lmtatons assocated wth exstng securty approaches and enables the complete protecton of the three major components of senstve nformaton systems. II

4 Declaraton In accordance wth Monash Unversty Doctorate Regulaton 17 / Doctor of Phlosophy and Master of Phlosophy (MPhl) regulatons, the followng declaratons are made: I hereby declare that ths thess contans no materal whch has been accepted for the award of any other degree or dploma at any unversty or equvalent nsttuton and that, to the best of my knowledge and belef, ths thess contans no materal prevously publshed or wrtten by another person, expect where due reference s made n the text of the thess. Xanpng Wu 08 June 2009 III

5 Dedcatons Dedcated to my beloved wfe, Sha Na, to my parents, Pexue Wu and Xufen L and to the memory of grandpa IV

6 Acknowledgements Ths thess would not have been possble wthout the best efforts of many people. Frst of all, I would lke to gratefully acknowledge my supervsors, Prof Balasubramanam Srnvasan and Dr Phu Dung Le, for gvng me ths awe-nsprng opportunty to work on ths research. I am grateful for ther advce, encouragement and nvaluable techncal dscussons. I very much apprecate ther mmense help durng the research and for gvng valuable feedback durng the wrtng of ths thess. Wthout both of them, I would not have been able to complete ths thess. I would lke to specally express my grattude to Osama Dandash. I much apprecate hs fnancal ad to start my research lfe, and hs encouragement when I felt under pressure durng the research. I would also lke partcularly to acknowledge the contrbuton of Huy Hoang Ngo (Harry) and Dr Y Lng Wang (Tony) for encouragement, dscussons, branstormng and cheerng-up jokes, as well as other researchers Mnh Le Vet, Dr Alex Tze Hang Sm, Arun Man, Xya Fang, Mnh Duc Cao, Abdulah Almuhadeb, Dr Samar Zutsh and Huame Q n Central South Unversty. I am thankful for the fnancal support (scholarshp) from the Monash Research Graduate School. Specal thanks to Jule Semon n Monash College for gvng me the opportunty to teach; Nra Rahman n the Caulfeld Lbrary for thess wrtng advce; and other lbrary staff n resource fndng. I thank We Wu, Snow, Dorn, Ln Zhang for warm frendshp and support. V

7 I thank and acknowledge the proofreadng done by Megan Seen and my supervsors on thess drafts. I also acknowledge the admnstratve support from John Sedgwck, Carmen Maestr, Chrs Thomas, Mchelle Ketchen, Allson Mtchell, Jule Austn, Katherne Knght, Dana Sussman, Duke Fonas and Akamon Kunkongkapun. I cannot end wthout thankng my famly, on whose constant encouragement and love I have reled throughout my research n completng ths thess. Many thanks are due to my wfe, my soul mate, Sha Na, for her love, understandng, support, encouragement and her delcous Internet food. A mllon thanks are due to my parents and parents-n-law for ther endless love and support n my educatonal pursut. Thank you all for lettng me follow my dreams. VI

8 Table of Contents ABSTRACT... I DECLARATION... III DEDICATIONS... IV ACKNOWLEDGEMENTS... V 1. INTRODUCTION INFORMATION SYSTEMS SENSITIVE INFORMATION Characterstcs of Senstve Informaton Protecton of Senstve Informaton SECURITY AND LIMITATIONS OF SENSITIVE INFORMATION SYSTEMS Retrevng Senstve Informaton Securty Threats and Concerns of SIS MOTIVATIONS OF THE THESIS OBJECTIVES OF THE THESIS ORGANIZATION OF THE THESIS AND CONTRIBUTIONS Contrbutons of the Thess SECURITY ISSUES OF SENSITIVE INFORMATION SYSTEMS CRYPTOGRAPHIC SYSTEMS Symmetrc Cryptography Asymmetrc Cryptography Summary VII

9 2.2. SECURING COMMUNICATION CHANNEL Secure Communcaton n Uncast Channels Secure Communcaton n Multcast Channels Summary SECURING USER INTERFACE Proof by Knowledge Proof by Possesson Proof by Property Authentcaton versus Authorzaton Summary SECURING SENSITIVE INFORMATION STORAGE Dsk Encrypton Database Encrypton Summary THE CURRENT MODELS FOR INFORMATION SECURITY CIA Trad Parkeran Hexad Summary CONCLUSION SECURITY ARCHITECTURE FOR SENSITIVE INFORMATION SYSTEMS DYNAMIC KEY THEORY Cryptographc Propertes Dynamc Keys versus Symmetrc Cryptography Dynamc Keys versus Asymmetrc Cryptography SECURITY ARCHITECTURE Securty Archtecture Overvew VIII

10 Engaged Users Dynamc Key Management User-orented Group Key Management Authentcaton and Authorzaton Management Senstve Informaton Management Structure n SecureSIS Enttes Belongng Securty Agreement Goals of SecureSIS SENSITIVE INFORMATION SECURITY MODEL SecureSIS Pentad Authentcty & Authorty (AA) Integrty (IN) Non-repudaton (NR) Confdentalty (CO) Utlty (UT) Summary on the SecureSIS Pentad SUMMARY SECURITY ARCHITECTURE COMPONENTS DYNAMIC KEY MANAGEMENT Dynamc Key Agreement Securty Comparson USER-ORIENTED GROUP KEY MANAGEMENT Key Tree Structure UGKM Cryptographc Propertes Group Keys Member Jon IX

11 Member Leave Perodc Rekeyng Operaton Securty Comparson AUTHENTICATION AND AUTHORIZATION MANAGEMENT AAM Structure Intalzaton Protocol Logon Protocol AccessAuth Protocol Securty Comparson SENSITIVE INFORMATION MANAGEMENT SIM Structure Data Operaton Dynamc Membershp Operatons Securty Comparson SUMMARY SECURITY ANALYSIS AND DISCUSSION ON SECURESIS SECURITY OF DKM Dynamc Keys n DKM Summary SECURITY OF UGKM Group Key Secrecy Forward Secrecy Backward Secrecy Colluson Resstance Summary SECURITY OF AAM Introducton to the Sp Calculus X

12 Logon Protocol AccessAuth Protocol Summary SECURITY OF SIM Securty of Interchangng Senstve Informaton Securty of Senstve Informaton Storage Summary SECURESIS PANTED ASSESSMENT Authentcty & Authorty Dscusson Integrty Dscusson Non-repudaton Dscusson Confdentalty Dscusson Utlty Dscusson SecureSIS Goals Dscusson SUMMARY CONCLUSION AND FUTURE WORK REVISITING THE RESEARCH PROBLEM AND APPROACH CONTRIBUTIONS FUTURE WORK REFERENCES PUBLICATIONS XI

13 Lst of Fgures Fgure 1.1. The Archtecture of Generc Senstve Informaton System Fgure 1.2. Overvew of Thess Structure Fgure 2.1. The Comparson of ESP and AH Protected IP Packet Fgure 2.2. SRTP Sesson Key Dervaton Fgure 2.3. CKDS (ING) Protocol Fgure 2.4. GDH.1: An Example for Four Members Fgure 2.5. GDH.2: An Example of Four Members Fgure 2.6. GDH.3: An Example of Four Members Fgure 2.7. LKH Key Tree Fgure 2.8. LKH Member Jons the Group Fgure 2.9. LKH Member Leaves the Group Fgure OFT Key Tree Fgure OFT The Keys Known to a Group Member Fgure OFT Member Jon a Group Fgure OFT Member Leave a Group Fgure Subgroups and GSIs n Iolus Scheme Fgure EFS: Fle Encrypton Fgure EFS: Fle Decrypton Fgure Transparent Data Encrypton Herarchy Fgure TDE n Oracle Database Fgure CIA Trad Fgure Parkeran Hexad Fgure 3.1. Entropy of Dynamc and Long-term Keys XII

14 Fgure 3.2. SecureSIS Core Component Overvew Fgure 3.3. Tangble Conceptual Archtecture of SecureSIS Fgure 3.4. DKM Key Generaton Flow Fgure 3.5. AAM Process Fgure 3.6. Relatonshp between EI and EDK Fgure 3.7. The Structure of SecureSIS Fgure 3.8. SecureSIS Pentad Fgure 3.9. Senstve Informaton Integrty Trangle Fgure The Scope of Fve Atomc Elements Fgure 4.1. Logcal Structure of UGKM Fgure 4.2. User Jon Operatons Fgure 4.3. Actve User Jon Fgure 4.4. Passve User Jon Cluster Fgure 4.5. User Leave Operatons Fgure 4.6. Perodc Rekeyng Tmelne Fgure 4.7. AccessAuth Protocol Logcal Flow Fgure 4.8. Structure of a SIM Object Fgure 4.9. Retrevng Senstve Informaton Flow Chart Fgure Intal Status of SIM Fgure New Data Entry Status of SIM Fgure Data Update Status of SIM Fgure Data Deleton Status of SIM Fgure Data Access Status of SIM Fgure Ownershp Change of Senstve Informaton Fgure 5.1. The Organzaton of Securty Analyss and Dscusson Fgure 5.2. Structure of the Logon Protocol Fgure 5.3. Structure of the AccessAuth Protocol XIII

15 Lst of Tables Table 1.1. Senstve Informaton Levels of Classfcaton n the U.S Table 1.2. Senstve Informaton Vulnerabltes Table 2.1. Symmetrc Keys Comparson Table 2.2. Comparson of CKDS, GDH.1, GDH.2 and GDH Table 2.3. Comparson of LKH and OFT Table 2.4. Advantages and Dsadvantages of Multcast Communcaton Schemes Table 2.5. Advantages and Dsadvantages of Knowledge, Possesson and Property Factors Table 2.6. Advantages and Dsadvantages of Dsk Encrypton and Database Encrypton Table 2.7. Problems n Senstve Informaton Securty Table 3.1. Appled SecureSIS Pentad wth the Proposed SecureSIS Table 4.1. Key Managements Comparson Table 4.2. Securty Comparson of Group Key Management Table 4.3. Securty Comparson of AAM to Kerberos and ts Successors Table 4.4. Securty Comparson of SIM to other Approaches Table 4.5. SecureSIS Components vs. Goals XIV

16 Chapter 1 1. Introducton 1.1. Informaton Systems The use of nformaton has become a pervasve part of our daly lfe; we have become an nformaton socety [GoGo96]. Employees use nformaton to make personal choces and perform basc job functons; managers requre sgnfcant amounts of t for plannng, organzng and controllng; corporatons leverage t for strategc advantage. Snce the applcaton of computers n admnstratve nformaton processng began n 1954 [DaOl85], computers have become a key nstrument n the development of nformaton processng. The rapd development of nformaton technology (IT) has helped to frmly establsh the general atttude that nformaton systems 1 are a powerful nstrument for solvng problems. An nformaton system (IS) s an organzed set of components for collectng, transmttng, storng, and processng data n order to delver nformaton for acton [Zw97]. It supports operatons, management, and knowledge work n organzatons. The use of nformaton systems has ncreased due to economc and socal ssues. 1 In ths thess, we use the term of nformaton systems to represent computer-based nformaton systems. 1

17 The functons of nformaton systems nclude servces whch provde value to users or to other servces va messages, whch carry a meanng to users or servces. Also, as IT becomes more sophstcated, the avalablty of these servces and messages n organzatons grows and spreads. The avalablty of IT shfts people from conductng busness and communcaton n tradtonal to electronc ways. For example, people are able to access and manage ther own bank account va onlne bankng anytme and anywhere electroncally, rather than physcal bankng, n whch people have to wat n queues and undergo long verfcaton processes n order to gan servces. In addton, organzatons ssue electronc blls (e-blls) nstead of paper blls n order to reduce the costs of paper bll delvery. Recently, the use of nformaton systems has obtaned attenton due to ts hgh growth rate. An IDC (Internatonal Data Company) [L08] study n 2007 noted that Internet bankng n Chna had ncreased by 25.4% from the prevous year and moble bankng by 19.3%. The IDC study predcted that onlne bank and moble bankng markets from 2008 to 2012 would ncrease rapdly wth respectve compound annual growth rates of 23.1% and 24.9%. Also, WnterGreen Research and Markets [CuEu08] forecast analyss ndcates that the use of electronc medcal record (EMR) systems s antcpated to ncrease to a rate of 63% by The rapd growth of nformaton systems s not surprsng. Compared to tradtonal nformaton systems, the electronc nformaton systems offer mproved effcency, process control, servces and nformaton process [DaOl85, GoGo96, Zw97]. 2

18 1.2. Senstve Informaton The use of electronc nformaton n organzatons has rased problems. The mportance of nformaton protecton reaches to the corporate boardroom, because falure to protect electronc nformaton assets may result n lost customer and nvestor confdence. Accordng to Parker [Pa98], nformaton that has strategc value n organzatons should be protected. Ths ncludes market-senstve propretary nformaton, fnancal nformaton, trade secrets, medcal nformaton, mltary nformaton and human resources nformaton. Ths nformaton needs to be treated as senstve nformaton 2, that s, t needs to be recognzed as nformaton or knowledge that mght result n loss of an advantage or level of securty f dsclosed to others [Pu07]. Accordng to the U.S. government [Nc03], senstve nformaton s categorzed nto two classfcatons (shown n Table 1.1): non-classfed and classfed. Table 1.1. Senstve Informaton Levels of Classfcaton n the U.S. Nonclassfed Classfed Senstve Prvate Info Confdental Busness Info Restrcted Confdental Secret Top Secret Ultra Secret unauthorzed dsclosure could have a negatve effect on ts owner publc dsclosure may harm a busness publc dsclosure could have undesrable effects or do some harm unauthorzed dsclosure could damage natonal securty unauthorzed dsclosure could serously damage natonal securty unauthorzed dsclosure could severely damage natonal securty unauthorzed dsclosure could exstentally damage natonal securty, nternatonal stablty or wartme advantage 2 In ths thess, senstve nformaton refers to dgtal crtcal nformaton. 3

19 As argued by the U.S. government, loss, msuse, modfcaton or unauthorzed access to senstve nformaton can adversely affect the prvacy of an ndvdual, trade secrets of a busness or even the securty, nternal and foregn affars of a naton dependng on the level of senstvty and nature of the nformaton [Nc03] Characterstcs of Senstve Informaton Senstve nformaton has four prmary characterstcs [Pa98] that enables ts comprehenson: Knd the type of nformaton: for example, knowledge, descrptve, nstructve, expostory, factual, fctonal, monetary, artstc, accountng or another type. Representaton the presentaton of nformaton: for example, n graphc mages, coded symbols (dgtal text such as Uncode or ASCII code), dgtal sounds or vdeos. Form the structure of nformaton: for example, ts style, language, syntax, encodng (encrypton wth a secret key), format and sze. Medum the physcal manfestaton of nformaton: for example, electromagnetc pulses n space (rado waves) or electronc swtches n computers (dgtal sgnals). In addton, senstve nformaton has a number of other characterstcs 3 [LaBrHa85, Pa98, SoCh05] that help us determne the need for securty. Authentcty refers to the truthfulness of orgns, attrbutons, commtments, sncerty, devoton, and ntentons. 3 We hold over the other mportant characterstcs, based on CIA Trad [Pe08] (confdentalty, ntegrty and avalablty), Parkeran hexad [Pa98] and DoD [LaBrHa85], for later dscusson. Meanwhle, the Parkeran hexad adds three addtonal attrbutes to the three classc securty attrbutes: utlty, possesson or authorty and authentcty, and DoD adds Non-repudaton attrbute to CIA Trad. 4

20 Confdentalty ensures that nformaton s accessble only to those authorzed to have access. Possesson (authorty) refers to the ownershp or control of nformaton. Integrty-refers to the valdty, trustworthness and dependablty of nformaton. Utlty refers to the usefulness of nformaton. Non-repudaton refers to the un-denablty for enttes to perform actons on senstve nformaton. Avalablty refers to havng tmely access to nformaton Protecton of Senstve Informaton The Commttee on Natonal Securty Systems [Cn92] n the USA defnes nformaton securty as the protecton of nformaton systems aganst unauthorzed access to or modfcaton of nformaton, whether n storage, processng, or transt, and aganst the denal of servce to authorzed users or the provson of servce to unauthorzed users, ncludng those measures necessary to detect, document, and counter such threats. In ths sense, senstve nformaton s at rsk, as every senstve nformaton breach mpacts organzatons negatvely. Protectng senstve data s a growng concern for organzatons around the globe because of ts fnancal mplcatons; however data securty s also necesstated by strngent ndustry and government regulatons. Senstve nformaton requres three types of safeguards. In addton to techncal safeguards, to be secure, senstve nformaton also needs admnstratve safeguards. Ths s because, regardless of the technology used to lock or secure senstve nformaton, the way people work wth one another and wth nformaton ultmately has the greatest mpact on securty. Fnally, physcal safeguards need to be consdered. 5

21 Techncal safeguards address topcs such as authentcaton of users, audt logs, data ntegrty checks, and transmsson securty (encrypton), whle admnstratve safeguards address organzatonal controls such as polces and procedures, rsk analyss and tranng. Physcal safeguards cover ssues such as access to buldngs and workstatons (locks and keys), dsposal of computers and hard drves, and data backup and storage requrements. Techncal safeguards have become the focus of research for senstve nformaton protecton due to the ncreasng maturty of admnstratve and physcal safeguards Securty and Lmtatons of Senstve Informaton Systems The major reason behnd senstve nformaton system s (SIS) lack of securty s due to the nherent nature of IS whch requres nformaton collectng, processng, transmttng and storng n order to delver nformaton for acton. If nformaton were statc and statonery, securty would be less of an ssue. The major processes nvolved n retrevng senstve nformaton, and securty threats and concerns n SIS, are detaled as followng sectons Retrevng Senstve Informaton To descrbe the retreval process, we use a smple and generc archtecture as shown n Fgure 1.1. Frst of all, before the retreval process can be ntated, t s necessary to transform senstve nformaton nto a logcal vew, whch gves the vew of how nformaton s structured and organzed. Once the logcal vew of the senstve nformaton s defned, the nformaton manager can buld an ndex of the senstve nformaton. 6

22 Wth the senstve nformaton ndexed, the retrevng process can be ntated. The major components nvolved n the process are communcaton channel, user nterface and senstve nformaton storage. Frstly, a legal user specfes a user need va a user nterface, and the need s then processed to obtan the senstve nformaton from senstve nformaton storage through a communcaton channel. Fgure 1.1. The Archtecture of Generc Senstve Informaton System Securty Threats and Concerns of SIS The three major components nvolved n the acton of data retreval - communcaton channel, user nterface and senstve nformaton storage - are all potental targets for adversares wantng to beneft from securty weaknesses. Accordng to [ClW87, Pa98, SoCh05], securty threats and concerns are rased aganst the key aspects 4 of senstve nformaton, as shown n Table 1.2. Table 1.2. Senstve Informaton Vulnerabltes. Characterstcs Target Vulnerablty mpersonaton Authentcty user nterface guessng spoofng communcaton channel eavesdroppng Confdentalty nformaton storage nterceptng Possesson nformaton storage sesson hjackng communcaton channel falsfcaton Integrty nformaton storage forgery Utlty nformaton storage property damagng 5 4 Key aspects refer to characterstcs of senstve nformaton. 5 Property damagng means accdentally lost the encrypton key of encrypted the only copy of valuable nformaton. 7

23 As reported [We05], Brtsh hacker, Gary McKnnon, caused nearly US $1 mllon n damage due to breakng nto US Navy, US Army, NASA and Pentagon systems. Also, accordng to [Id08], US $3.2 bllon has been lost as a result of nternet dentty theft n 2007 n the Unted States alone. Wth Asa s onlne populaton rapdly ncreasng, the global fgure could easly be twce that n just a matter of years. These fgures ndcate the vulnerablty of SIS. The U.S. Department of Defense Scence Board has ssued a report Informaton Management for Net-Centrc Operatons [Ds07]. Ths report stresses the need for extraordnary effort on nformaton systems securty, because the threat to the nformaton system wll contnue to evolve as globalzaton and the nformaton revoluton force changes n structure and technology. The report goes on to state that whle the network approach and strategy enable new paradgms for sharng and usng nformaton, ths capablty also has the potental to sgnfcantly ncrease the naton s vulnerablty to nternal and external threats. It recommends an ncrease n current fundng, fundng for nformaton systems over future years n defense programs, and that the programs focus on nformaton assurance for the entre enterprse Motvatons of the Thess Wth the development of network technology, the use of the Internet has pervaded everyday lfe. It s used for many servces such as fle transfers, nternet payments, and vewng electronc documents. Meanwhle, the prolferaton of electroncallyaccessble nformaton has led to research and development n nformaton systems to help users search for, fetch and share relevant and meanngful nformaton. 8

24 The concept of nformaton s closely related to notons of constrant, communcaton, control, data, form, nstructon, knowledge, meanng, mental stmulus, pattern, percepton, and representaton. The concept has been developed rapdly n open network systems, typfed by the Internet, to provde suffcent convenence for users, especally to group users to manage nformaton for sharng, exchangng and usng. Advancement n nformaton systems promses dramatc leaps forward n our daly lfe, especally n stock markets, fnancal nsttutons, and medcal centres. For example, medcal centres employ electronc medcal record systems to share patents records from other hosptals to rapdly dagnose the patents, and fnancal advsors can respond quckly to fluctuatng stock markets by adoptng nformaton systems. Utlsng these emergng technologes, however, s not wthout problems. People start consderng ther senstve nformaton when t s transmtted through open networks; managers begn worryng about usng forged nformaton for busness plans; and corporatons worry about customer and nvestor confdence f they fal to protect senstve nformaton. Protectng senstve nformaton has consequently become a top prorty for organsatons of all szes. Despte ths prorty, the majorty of exstng electronc nformaton systems [BaF01, BhDe98, HoChWa07, MeIlKa00] focus on performance and precson of data retreval and nformaton management. A number of technques are employed to protect nformaton systems; however, n many cases, these technques are provng nadequate. For example, whle several nformaton systems [BeIsKu99, CaMSt99, GeGoMa98, GeIsKu00] use the add-ons securty features to provde nformaton confdentalty (whch allow users to share nformaton from a data meda whle 9

25 keepng ther channel prvate), these securty measures are nsuffcent. As Bard [Ba04] states, the prvate communcaton channel s breakable due to the long-term shared dentcal cryptographc keys. Also, wth the shared dentcal keys, adversares can break the securty of nformaton systems va eavesdroppng or nterceptng. Alternatvely, cryptography technques are employed to protect senstve nformaton storages rather than establshng prvate communcaton channels. These nformaton systems [Bo07, Hs08, Na05] depend on a long-term shared key to cpher all crtcal nformaton at rest (senstve nformaton storage). For example, IBM employs symmetrc keys n z/os to protect the senstve nformaton documents, and uses publc keys to wrap and unwrap the symmetrc data keys used to encrypt the documents. Wth ths technque, IBM clams that many documents can be generated usng dfferent encrypton keys [Bo07]. Smlar mechansms are also used for Oracle Database [Na05] and Mcrosoft SQL Server [Hs08], whch conduct crtcal nformaton protecton va long-term shared keys. The securty of the IBM mechansms reles on publc key nfrastructure; f the publc key pars are dsclosed, no matter how many dfferent encrypton keys are used to protect nformaton, the whole nformaton system wll be compromsed. In addton, the securty of Oracle and Mcrosoft mechansms depend on a long-term database master key; the senstve nformaton may be revealed f the database systems are breached. Securng the user nterface to prevent unauthorzed access to nformaton systems s another approach to protectng senstve nformaton n organzatons. Ths form of securty uses measures such as securty tokens, passwords or bometrc dentfers. Kerberos s a representatve authentcaton protocol whch allows ndvduals communcatng over a non-secure network to prove ther dentty to one another n a 10

26 secure manner. In the orgnal desgn of Kerberos, sesson keys exchange used longterm shared keys. Although researchers [Er03, HaMe01, SCh97] proposed the use of publc key cryptography to enhance securty for key exchange and authentcaton, the long-term shared key s stll a lmtaton of Kerberos-based nformaton systems [KoNeTs94]. In 2008, Cervesato et al. [CeJaSc08] ponted out that man-n-the-mddle attack can breach Kerberos-based nformaton systems. The exstng approaches all have a common lmtaton: the employment of longterm shared keys or publc keys. Among symmetrc key encrypton algorthms, only the one-tme pad can be proven [Sh49] to be secure aganst any adversary, regardless of the amount of computng power avalable. Also, there s no asymmetrc scheme wth the one-tme pad property, snce all asymmetrc schemes are susceptble to brute force key search attack [Ka67]. Therefore, once the keys are exposed, the protected SIS wll be compromsed. In addton to above securty threats and concerns relatng to communcaton channel, user nterface and senstve nformaton storage, the ownershp of senstve nformaton presents another securty concern. Ths concern evolves from smple organzatonal structure. A tradtonal approach to managng nformaton ownershp s to use access control [FeKuCh03]. However, ths approach does not allow for dynamc ownershp, whereby the owner of the nformaton s lkely to be changed, but the securty characterstcs of the nformaton must be mantaned. The lmtatons of exstng securty measures can be summarsed as follows: No proper authentcaton and authorzaton mechansms to conduct dynamc membershp of groups and ndvduals to share or access senstve nformaton. 11

27 No preventon of legal users accessng unauthorzed senstve nformaton aganst nternal securty threats. No proper crtcal nformaton storage protecton mechansm, whch thwarts securty threats of compromsng credentals of nformaton systems. No dealng wth dynamc nformaton ownershp. The above lmtatons n the exstng body of knowledge motvate our research n order to eradcate these weaknesses and develop approprate securty archtecture for SIS Objectves of the Thess Ths research ams to nvestgate the major securty ssues n current nformaton systems, analyze these problems and then develop novel generc securty archtecture for SIS. The objectves of ths thess are: To develop general securty archtecture for varous knds of SIS. Ths archtecture conssts of a number of components to protect senstve nformaton. It defnes characterstcs and nteractons among engagng enttes. To develop a senstve nformaton securty model to evaluate securty archtecture of SIS. To desgn practcal and secure authentcaton and authorzaton protocols 6 for ndvduals and group users to share senstve nformaton. The proposed protocols dscard the use of long-term shared keys to acheve hgh securty and tght access control. 6 It acheves securty by confrmng provenance & dentty. 12

28 To develop a new group key management component to handle dynamc nformaton ownershp and make senstve nformaton sharng more flexble and secure 7. To develop a key generaton management component to manage and delver cryptographc keys for engagng components and users. Ths component defnes key securty propertes to ensure that mnmum securty requrements are satsfed. To develop a new senstve nformaton management component for data storages 8. Ths component protects senstve nformaton when nformaton storage s compromsed. To perform formal securty analyss to llustrate that each proposed component has better securty than exstng approaches and to evaluate the archtecture usng the proposed nformaton securty model Organzaton of the Thess and Contrbutons Ths secton provdes an overvew of the research presented n the followng fve chapters. Fgure 1.2 provdes a dagrammatc overvew of the thess structure. The key contrbutons made by each chapter are descrbed n Secton Chapter 2 provdes a crtcal analyss of prevous research for senstve nformaton protecton used n SIS. Two man bodes of research are dentfed and revewed: () securty protectons of the three major components n the process of senstve nformaton retrevng are studed and revewed; and () nformaton securty model s 7 It guarantees securty of communcaton. 8 It safeguards senstve nformaton storage. 13

29 revewed. Lmtatons n prevous research of securty SIS motvate us to do more research n ths thess. Fgure 1.2. Overvew of Thess Structure. Chapter 3 proposes formal securty archtecture for SIS, and also proposes an nformaton securty model to evaluate the securty archtecture for SIS. The archtecture ncludes four components to support the model s securty, later formalzed n Chapter 4. Chapter 4 detals four components of the proposed secure archtecture. In the frst secton, dynamc key theory s summarsed and defned formally, and then the cryptographc propertes of dynamc keys are dscussed. Fnally, we demonstrate how to apply the dynamc keys to other components (communcaton channel, user nterface and senstve nformaton storage) n order to protect senstve nformaton. 14

A Secure Password-Authenticated Key Agreement Using Smart Cards

A Secure Password-Authenticated Key Agreement Using Smart Cards A Secure Password-Authentcated Key Agreement Usng Smart Cards Ka Chan 1, Wen-Chung Kuo 2 and Jn-Chou Cheng 3 1 Department of Computer and Informaton Scence, R.O.C. Mltary Academy, Kaohsung 83059, Tawan,

More information

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage Proactve Secret Sharng Or: How to Cope Wth Perpetual Leakage Paper by Amr Herzberg Stanslaw Jareck Hugo Krawczyk Mot Yung Presentaton by Davd Zage What s Secret Sharng Basc Idea ((2, 2)-threshold scheme):

More information

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis The Development of Web Log Mnng Based on Improve-K-Means Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.

More information

An Alternative Way to Measure Private Equity Performance

An Alternative Way to Measure Private Equity Performance An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate

More information

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1.

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1. HIGHER DOCTORATE DEGREES SUMMARY OF PRINCIPAL CHANGES General changes None Secton 3.2 Refer to text (Amendments to verson 03.0, UPR AS02 are shown n talcs.) 1 INTRODUCTION 1.1 The Unversty may award Hgher

More information

Can Auto Liability Insurance Purchases Signal Risk Attitude?

Can Auto Liability Insurance Purchases Signal Risk Attitude? Internatonal Journal of Busness and Economcs, 2011, Vol. 10, No. 2, 159-164 Can Auto Lablty Insurance Purchases Sgnal Rsk Atttude? Chu-Shu L Department of Internatonal Busness, Asa Unversty, Tawan Sheng-Chang

More information

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT Toshhko Oda (1), Kochro Iwaoka (2) (1), (2) Infrastructure Systems Busness Unt, Panasonc System Networks Co., Ltd. Saedo-cho

More information

Capacity-building and training

Capacity-building and training 92 Toolkt to Combat Traffckng n Persons Tool 2.14 Capacty-buldng and tranng Overvew Ths tool provdes references to tranng programmes and materals. For more tranng materals, refer also to Tool 9.18. Capacty-buldng

More information

Multiple-Period Attribution: Residuals and Compounding

Multiple-Period Attribution: Residuals and Compounding Multple-Perod Attrbuton: Resduals and Compoundng Our revewer gave these authors full marks for dealng wth an ssue that performance measurers and vendors often regard as propretary nformaton. In 1994, Dens

More information

LAW ENFORCEMENT TRAINING TOOLS. Training tools for law enforcement officials and the judiciary

LAW ENFORCEMENT TRAINING TOOLS. Training tools for law enforcement officials and the judiciary chapter 5 Law enforcement and prosecuton 261 LAW ENFORCEMENT TRAINING TOOLS Tool 5.20 Tranng tools for law enforcement offcals and the judcary Overvew Ths tool recommends resources for tranng law enforcement

More information

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ). REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or

More information

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Internatonal Journal of Network Securty & Its Applcatons (IJNSA), Vol.5, No.3, May 2013 AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Len Harn 1 and Changlu Ln 2 1 Department of Computer Scence

More information

An Interest-Oriented Network Evolution Mechanism for Online Communities

An Interest-Oriented Network Evolution Mechanism for Online Communities An Interest-Orented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne

More information

Fault tolerance in cloud technologies presented as a service

Fault tolerance in cloud technologies presented as a service Internatonal Scentfc Conference Computer Scence 2015 Pavel Dzhunev, PhD student Fault tolerance n cloud technologes presented as a servce INTRODUCTION Improvements n technques for vrtualzaton and performance

More information

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur Module LOSSLESS IMAGE COMPRESSION SYSTEMS Lesson 3 Lossless Compresson: Huffman Codng Instructonal Objectves At the end of ths lesson, the students should be able to:. Defne and measure source entropy..

More information

Hollinger Canadian Publishing Holdings Co. ( HCPH ) proceeding under the Companies Creditors Arrangement Act ( CCAA )

Hollinger Canadian Publishing Holdings Co. ( HCPH ) proceeding under the Companies Creditors Arrangement Act ( CCAA ) February 17, 2011 Andrew J. Hatnay ahatnay@kmlaw.ca Dear Sr/Madam: Re: Re: Hollnger Canadan Publshng Holdngs Co. ( HCPH ) proceedng under the Companes Credtors Arrangement Act ( CCAA ) Update on CCAA Proceedngs

More information

Scalable and Secure Architecture for Digital Content Distribution

Scalable and Secure Architecture for Digital Content Distribution Valer Bocan Scalable and Secure Archtecture for Dgtal Content Dstrbuton Mha Fagadar-Cosma Department of Computer Scence and Engneerng Informaton Technology Department Poltehnca Unversty of Tmsoara Alcatel

More information

LIFETIME INCOME OPTIONS

LIFETIME INCOME OPTIONS LIFETIME INCOME OPTIONS May 2011 by: Marca S. Wagner, Esq. The Wagner Law Group A Professonal Corporaton 99 Summer Street, 13 th Floor Boston, MA 02110 Tel: (617) 357-5200 Fax: (617) 357-5250 www.ersa-lawyers.com

More information

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently. Corporate Polces & Procedures Human Resources - Document CPP216 Leave Management Frst Produced: Current Verson: Past Revsons: Revew Cycle: Apples From: 09/09/09 26/10/12 09/09/09 3 years Immedately Authorsaton:

More information

iavenue iavenue i i i iavenue iavenue iavenue

iavenue iavenue i i i iavenue iavenue iavenue Saratoga Systems' enterprse-wde Avenue CRM system s a comprehensve web-enabled software soluton. Ths next generaton system enables you to effectvely manage and enhance your customer relatonshps n both

More information

Supporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol

Supporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol Supportng Recovery Prvacy and Securty n RFID Systems Usng a Robust Authentcaton Protocol Md. Endadul Hoque MSCS Dept. Marquette Unversty Mlwaukee Wsconsn USA. mhoque@mscs.mu.edu Farzana Rahman MSCS Dept.

More information

Small pots lump sum payment instruction

Small pots lump sum payment instruction For customers Small pots lump sum payment nstructon Please read these notes before completng ths nstructon About ths nstructon Use ths nstructon f you re an ndvdual wth Aegon Retrement Choces Self Invested

More information

DEFINING %COMPLETE IN MICROSOFT PROJECT

DEFINING %COMPLETE IN MICROSOFT PROJECT CelersSystems DEFINING %COMPLETE IN MICROSOFT PROJECT PREPARED BY James E Aksel, PMP, PMI-SP, MVP For Addtonal Informaton about Earned Value Management Systems and reportng, please contact: CelersSystems,

More information

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing A Replcaton-Based and Fault Tolerant Allocaton Algorthm for Cloud Computng Tork Altameem Dept of Computer Scence, RCC, Kng Saud Unversty, PO Box: 28095 11437 Ryadh-Saud Araba Abstract The very large nfrastructure

More information

IT09 - Identity Management Policy

IT09 - Identity Management Policy IT09 - Identty Management Polcy Introducton 1 The Unersty needs to manage dentty accounts for all users of the Unersty s electronc systems and ensure that users hae an approprate leel of access to these

More information

An Evaluation of the Extended Logistic, Simple Logistic, and Gompertz Models for Forecasting Short Lifecycle Products and Services

An Evaluation of the Extended Logistic, Simple Logistic, and Gompertz Models for Forecasting Short Lifecycle Products and Services An Evaluaton of the Extended Logstc, Smple Logstc, and Gompertz Models for Forecastng Short Lfecycle Products and Servces Charles V. Trappey a,1, Hsn-yng Wu b a Professor (Management Scence), Natonal Chao

More information

Study on Model of Risks Assessment of Standard Operation in Rural Power Network

Study on Model of Risks Assessment of Standard Operation in Rural Power Network Study on Model of Rsks Assessment of Standard Operaton n Rural Power Network Qngj L 1, Tao Yang 2 1 Qngj L, College of Informaton and Electrcal Engneerng, Shenyang Agrculture Unversty, Shenyang 110866,

More information

Assessment of the legal framework

Assessment of the legal framework 46 Toolkt to Combat Traffckng n Persons Tool 2.4 Assessment of the legal framework Overvew Ths tool offers gudelnes and resources for assessng a natonal legal framework. See also Tool 3.2 on crmnalzaton

More information

IMPACT ANALYSIS OF A CELLULAR PHONE

IMPACT ANALYSIS OF A CELLULAR PHONE 4 th ASA & μeta Internatonal Conference IMPACT AALYSIS OF A CELLULAR PHOE We Lu, 2 Hongy L Bejng FEAonlne Engneerng Co.,Ltd. Bejng, Chna ABSTRACT Drop test smulaton plays an mportant role n nvestgatng

More information

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic Lagrange Multplers as Quanttatve Indcators n Economcs Ivan Mezník Insttute of Informatcs, Faculty of Busness and Management, Brno Unversty of TechnologCzech Republc Abstract The quanttatve role of Lagrange

More information

Financial Mathemetics

Financial Mathemetics Fnancal Mathemetcs 15 Mathematcs Grade 12 Teacher Gude Fnancal Maths Seres Overvew In ths seres we am to show how Mathematcs can be used to support personal fnancal decsons. In ths seres we jon Tebogo,

More information

Overview of monitoring and evaluation

Overview of monitoring and evaluation 540 Toolkt to Combat Traffckng n Persons Tool 10.1 Overvew of montorng and evaluaton Overvew Ths tool brefly descrbes both montorng and evaluaton, and the dstncton between the two. What s montorng? Montorng

More information

A role based access in a hierarchical sensor network architecture to provide multilevel security

A role based access in a hierarchical sensor network architecture to provide multilevel security 1 A role based access n a herarchcal sensor network archtecture to provde multlevel securty Bswajt Panja a Sanjay Kumar Madra b and Bharat Bhargava c a Department of Computer Scenc Morehead State Unversty

More information

On the Optimal Control of a Cascade of Hydro-Electric Power Stations

On the Optimal Control of a Cascade of Hydro-Electric Power Stations On the Optmal Control of a Cascade of Hydro-Electrc Power Statons M.C.M. Guedes a, A.F. Rbero a, G.V. Smrnov b and S. Vlela c a Department of Mathematcs, School of Scences, Unversty of Porto, Portugal;

More information

Trivial lump sum R5.0

Trivial lump sum R5.0 Optons form Once you have flled n ths form, please return t wth your orgnal brth certfcate to: Premer PO Box 2067 Croydon CR90 9ND. Fll n ths form usng BLOCK CAPITALS and black nk. Mark all answers wth

More information

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage Vol.48 (CIA 014), pp.103-107 http://dx.do.org/10.1457/astl.014.48.18 Watermar-based Provable Data Possesson for Multmeda Fle n Cloud Storage Yongjun Ren 1,, Jang Xu 1,, Jn Wang 1,, Lmng Fang 3, Jeong-U

More information

The OC Curve of Attribute Acceptance Plans

The OC Curve of Attribute Acceptance Plans The OC Curve of Attrbute Acceptance Plans The Operatng Characterstc (OC) curve descrbes the probablty of acceptng a lot as a functon of the lot s qualty. Fgure 1 shows a typcal OC Curve. 10 8 6 4 1 3 4

More information

ADVERTISEMENT FOR THE POST OF DIRECTOR, lim TIRUCHIRAPPALLI

ADVERTISEMENT FOR THE POST OF DIRECTOR, lim TIRUCHIRAPPALLI ADVERTSEMENT FOR THE POST OF DRECTOR, lm TRUCHRAPPALL The ndan nsttute of Management Truchrappall (MT), establshed n 2011 n the regon of Taml Nadu s a leadng management school n nda. ts vson s "Preparng

More information

Canon NTSC Help Desk Documentation

Canon NTSC Help Desk Documentation Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent

More information

Forecasting the Direction and Strength of Stock Market Movement

Forecasting the Direction and Strength of Stock Market Movement Forecastng the Drecton and Strength of Stock Market Movement Jngwe Chen Mng Chen Nan Ye cjngwe@stanford.edu mchen5@stanford.edu nanye@stanford.edu Abstract - Stock market s one of the most complcated systems

More information

Traffic-light a stress test for life insurance provisions

Traffic-light a stress test for life insurance provisions MEMORANDUM Date 006-09-7 Authors Bengt von Bahr, Göran Ronge Traffc-lght a stress test for lfe nsurance provsons Fnansnspetonen P.O. Box 6750 SE-113 85 Stocholm [Sveavägen 167] Tel +46 8 787 80 00 Fax

More information

PKIS: practical keyword index search on cloud datacenter

PKIS: practical keyword index search on cloud datacenter Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 http://jwcn.euraspjournals.com/content/20//64 RESEARCH Open Access PKIS: practcal keyword ndex search on cloud datacenter Hyun-A

More information

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network 700 Proceedngs of the 8th Internatonal Conference on Innovaton & Management Forecastng the Demand of Emergency Supples: Based on the CBR Theory and BP Neural Network Fu Deqang, Lu Yun, L Changbng School

More information

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign PAS: A Packet Accountng System to Lmt the Effects of DoS & DDoS Debsh Fesehaye & Klara Naherstedt Unversty of Illnos-Urbana Champagn DoS and DDoS DDoS attacks are ncreasng threats to our dgtal world. Exstng

More information

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) 2127472, Fax: (370-5) 276 1380, Email: info@teltonika.

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) 2127472, Fax: (370-5) 276 1380, Email: info@teltonika. VRT012 User s gude V0.1 Thank you for purchasng our product. We hope ths user-frendly devce wll be helpful n realsng your deas and brngng comfort to your lfe. Please take few mnutes to read ths manual

More information

An RFID Distance Bounding Protocol

An RFID Distance Bounding Protocol An RFID Dstance Boundng Protocol Gerhard P. Hancke and Markus G. Kuhn May 22, 2006 An RFID Dstance Boundng Protocol p. 1 Dstance boundng Verfer d Prover Places an upper bound on physcal dstance Does not

More information

RUHR-UNIVERSITÄT BOCHUM

RUHR-UNIVERSITÄT BOCHUM RUHR-UNIVERSITÄT BOCHUM Horst Görtz Insttute for IT Securty Techncal Report TR-HGI-2006-002 Survey on Securty Requrements and Models for Group Key Exchange Mark Manuls Char for Network and Data Securty

More information

A Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture

A Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture A Desgn Method of Hgh-avalablty and Low-optcal-loss Optcal Aggregaton Network Archtecture Takehro Sato, Kuntaka Ashzawa, Kazumasa Tokuhash, Dasuke Ish, Satoru Okamoto and Naoak Yamanaka Dept. of Informaton

More information

The program for the Bachelor degrees shall extend over three years of full-time study or the parttime equivalent.

The program for the Bachelor degrees shall extend over three years of full-time study or the parttime equivalent. Bachel of Commerce Bachel of Commerce (Accountng) Bachel of Commerce (Cpate Fnance) Bachel of Commerce (Internatonal Busness) Bachel of Commerce (Management) Bachel of Commerce (Marketng) These Program

More information

Ameriprise Financial Services, Inc. or RiverSource Life Insurance Company Account Registration

Ameriprise Financial Services, Inc. or RiverSource Life Insurance Company Account Registration CED0105200808 Amerprse Fnancal Servces, Inc. 70400 Amerprse Fnancal Center Mnneapols, MN 55474 Incomng Account Transfer/Exchange/ Drect Rollover (Qualfed Plans Only) for Amerprse certfcates, Columba mutual

More information

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures Mnmal Codng Network Wth Combnatoral Structure For Instantaneous Recovery From Edge Falures Ashly Joseph 1, Mr.M.Sadsh Sendl 2, Dr.S.Karthk 3 1 Fnal Year ME CSE Student Department of Computer Scence Engneerng

More information

A powerful tool designed to enhance innovation and business performance

A powerful tool designed to enhance innovation and business performance A powerful tool desgned to enhance nnovaton and busness performance The LEGO Foundaton has taken over the responsblty for the LEGO SERIOUS PLAY method. Ths change wll help create the platform for the contnued

More information

Project Networks With Mixed-Time Constraints

Project Networks With Mixed-Time Constraints Project Networs Wth Mxed-Tme Constrants L Caccetta and B Wattananon Western Australan Centre of Excellence n Industral Optmsaton (WACEIO) Curtn Unversty of Technology GPO Box U1987 Perth Western Australa

More information

Account Transfer and Direct Rollover

Account Transfer and Direct Rollover CED0105 Amerprse Fnancal Servces, Inc. 70100 Amerprse Fnancal Center Mnneapols, MN 55474 Account Transfer and Drect Rollover Important: Before fnal submsson to the Home Offce you wll need a Reference Number.

More information

Multi-sensor Data Fusion for Cyber Security Situation Awareness

Multi-sensor Data Fusion for Cyber Security Situation Awareness Avalable onlne at www.scencedrect.com Proceda Envronmental Scences 0 (20 ) 029 034 20 3rd Internatonal Conference on Envronmental 3rd Internatonal Conference on Envronmental Scence and Informaton Applcaton

More information

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College Feature selecton for ntruson detecton Slobodan Petrovć NISlab, Gjøvk Unversty College Contents The feature selecton problem Intruson detecton Traffc features relevant for IDS The CFS measure The mrmr measure

More information

Uncrystallised funds pension lump sum payment instruction

Uncrystallised funds pension lump sum payment instruction For customers Uncrystallsed funds penson lump sum payment nstructon Don t complete ths form f your wrapper s derved from a penson credt receved followng a dvorce where your ex spouse or cvl partner had

More information

sscada: securing SCADA infrastructure communications

sscada: securing SCADA infrastructure communications Int. J. Communcaton Networks and Dstrbuted Systems, Vol. 6, No. 1, 2011 59 sscada: securng SCADA nfrastructure communcatons Yongge Wang Department of SIS, UNC Charlotte, 9201 Unversty Cty Blvd, Charlotte,

More information

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010 Internatonal Journal of Innovatve Computng, Informaton and Control ICIC Internatonal c 2011 ISSN 1349-4198 Volume 7, Number 8, August 2011 pp. 4821 4831 A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION

More information

= (2) T a,2 a,2. T a,3 a,3. T a,1 a,1

= (2) T a,2 a,2. T a,3 a,3. T a,1 a,1 A set of tools for buldng PostgreSQL dstrbuted databases n bomedcal envronment. M. Cavaller, R. Prudentno, U. Pozzol, G. Ren IRCCS E. Medea, Bosso Parn (LC), Italy. E-mal: gren@bp.lnf.t Abstract PostgreSQL

More information

Calculating the high frequency transmission line parameters of power cables

Calculating the high frequency transmission line parameters of power cables < ' Calculatng the hgh frequency transmsson lne parameters of power cables Authors: Dr. John Dcknson, Laboratory Servces Manager, N 0 RW E B Communcatons Mr. Peter J. Ncholson, Project Assgnment Manager,

More information

Reporting Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (including SME Corporate), Sovereign and Bank Instruction Guide

Reporting Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (including SME Corporate), Sovereign and Bank Instruction Guide Reportng Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (ncludng SME Corporate), Soveregn and Bank Instructon Gude Ths nstructon gude s desgned to assst n the completon of the FIRB

More information

One Click.. Ȯne Location.. Ȯne Portal...

One Click.. Ȯne Location.. Ȯne Portal... New Addton to your NJ-HITEC Membershp! Member Portal Detals & Features Insde! One Clck.. Ȯne Locaton.. Ȯne Portal... Connect...Share...Smplfy Health IT Member Portal Benefts Trusted Advsor - NJ-HITEC s

More information

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by 6 CHAPTER 8 COMPLEX VECTOR SPACES 5. Fnd the kernel of the lnear transformaton gven n Exercse 5. In Exercses 55 and 56, fnd the mage of v, for the ndcated composton, where and are gven by the followng

More information

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing www.ijcsi.org 159 A Novel Problem-solvng Metrc for Future Internet Routng Based on Vrtualzaton and Cloud-computng Rujuan Zheng, Mngchuan Zhang, Qngtao Wu, Wangyang We and Haxa Zhao Electronc & Informaton

More information

A Crossplatform ECG Compression Library for Mobile HealthCare Services

A Crossplatform ECG Compression Library for Mobile HealthCare Services A Crossplatform ECG Compresson Lbrary for Moble HealthCare Servces Alexander Borodn, Yulya Zavyalova Department of Computer Scence Petrozavodsk State Unversty Petrozavodsk, Russa {aborod, yzavyalo}@cs.petrsu.ru

More information

An Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple E-Mail Protocols

An Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple E-Mail Protocols Journal of Appled Scence and Engneerng, Vol. 18, No. 1, pp. 79 88 (2015) DOI: 10.6180/jase.2015.18.1.10 An Approach for Detectng a Floodng Attack Based on Entropy Measurement of Multple E-Mal Protocols

More information

Data Mining from the Information Systems: Performance Indicators at Masaryk University in Brno

Data Mining from the Information Systems: Performance Indicators at Masaryk University in Brno Data Mnng from the Informaton Systems: Performance Indcators at Masaryk Unversty n Brno Mkuláš Bek EUA Workshop Strasbourg, 1-2 December 2006 1 Locaton of Brno Brno EUA Workshop Strasbourg, 1-2 December

More information

A Dynamic Energy-Efficiency Mechanism for Data Center Networks

A Dynamic Energy-Efficiency Mechanism for Data Center Networks A Dynamc Energy-Effcency Mechansm for Data Center Networks Sun Lang, Zhang Jnfang, Huang Daochao, Yang Dong, Qn Yajuan A Dynamc Energy-Effcency Mechansm for Data Center Networks 1 Sun Lang, 1 Zhang Jnfang,

More information

Intra-year Cash Flow Patterns: A Simple Solution for an Unnecessary Appraisal Error

Intra-year Cash Flow Patterns: A Simple Solution for an Unnecessary Appraisal Error Intra-year Cash Flow Patterns: A Smple Soluton for an Unnecessary Apprasal Error By C. Donald Wggns (Professor of Accountng and Fnance, the Unversty of North Florda), B. Perry Woodsde (Assocate Professor

More information

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm Avalable onlne www.ocpr.com Journal of Chemcal and Pharmaceutcal Research, 2014, 6(7):1884-1889 Research Artcle ISSN : 0975-7384 CODEN(USA) : JCPRC5 A hybrd global optmzaton algorthm based on parallel

More information

A new anonymity-based protocol preserving privacy based cloud environment

A new anonymity-based protocol preserving privacy based cloud environment Abstract A new anonymty-based protocol preservng prvacy based cloud envronment Jan Wang 1*, Le Wang 2 1 College of Computer and Informaton Engneerng, Henan Unversty of Economcs and Law, Chna 2 SIAS Internatonal

More information

RequIn, a tool for fast web traffic inference

RequIn, a tool for fast web traffic inference RequIn, a tool for fast web traffc nference Olver aul, Jean Etenne Kba GET/INT, LOR Department 9 rue Charles Fourer 90 Evry, France Olver.aul@nt-evry.fr, Jean-Etenne.Kba@nt-evry.fr Abstract As networked

More information

MAPP. MERIS level 3 cloud and water vapour products. Issue: 1. Revision: 0. Date: 9.12.1998. Function Name Organisation Signature Date

MAPP. MERIS level 3 cloud and water vapour products. Issue: 1. Revision: 0. Date: 9.12.1998. Function Name Organisation Signature Date Ttel: Project: Doc. No.: MERIS level 3 cloud and water vapour products MAPP MAPP-ATBD-ClWVL3 Issue: 1 Revson: 0 Date: 9.12.1998 Functon Name Organsaton Sgnature Date Author: Bennartz FUB Preusker FUB Schüller

More information

FORMAL ANALYSIS FOR REAL-TIME SCHEDULING

FORMAL ANALYSIS FOR REAL-TIME SCHEDULING FORMAL ANALYSIS FOR REAL-TIME SCHEDULING Bruno Dutertre and Vctora Stavrdou, SRI Internatonal, Menlo Park, CA Introducton In modern avoncs archtectures, applcaton software ncreasngly reles on servces provded

More information

Number of Levels Cumulative Annual operating Income per year construction costs costs ($) ($) ($) 1 600,000 35,000 100,000 2 2,200,000 60,000 350,000

Number of Levels Cumulative Annual operating Income per year construction costs costs ($) ($) ($) 1 600,000 35,000 100,000 2 2,200,000 60,000 350,000 Problem Set 5 Solutons 1 MIT s consderng buldng a new car park near Kendall Square. o unversty funds are avalable (overhead rates are under pressure and the new faclty would have to pay for tself from

More information

A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS

A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS Bamasak & Zhang: A Dstrbuted Reputaton Management Scheme for Moble Agent-Based Applcatons A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS Omama Bamasak School of Computer

More information

Conversion between the vector and raster data structures using Fuzzy Geographical Entities

Conversion between the vector and raster data structures using Fuzzy Geographical Entities Converson between the vector and raster data structures usng Fuzzy Geographcal Enttes Cdála Fonte Department of Mathematcs Faculty of Scences and Technology Unversty of Combra, Apartado 38, 3 454 Combra,

More information

Tuition Fee Loan application notes

Tuition Fee Loan application notes Tuton Fee Loan applcaton notes for new part-tme EU students 2012/13 About these notes These notes should be read along wth your Tuton Fee Loan applcaton form. The notes are splt nto three parts: Part 1

More information

A Performance Analysis of View Maintenance Techniques for Data Warehouses

A Performance Analysis of View Maintenance Techniques for Data Warehouses A Performance Analyss of Vew Mantenance Technques for Data Warehouses Xng Wang Dell Computer Corporaton Round Roc, Texas Le Gruenwald The nversty of Olahoma School of Computer Scence orman, OK 739 Guangtao

More information

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security Internatonal Journal of Network Securty, Vol.7, No., PP.3 34, Sept. 8 3 A ryptographc Key Assgnment Scheme for Access ontrol n Poset Ordered Herarches wth Enhanced Securty Debass Gr and P. D. Srvastava

More information

Robust Design of Public Storage Warehouses. Yeming (Yale) Gong EMLYON Business School

Robust Design of Public Storage Warehouses. Yeming (Yale) Gong EMLYON Business School Robust Desgn of Publc Storage Warehouses Yemng (Yale) Gong EMLYON Busness School Rene de Koster Rotterdam school of management, Erasmus Unversty Abstract We apply robust optmzaton and revenue management

More information

NEURO-FUZZY INFERENCE SYSTEM FOR E-COMMERCE WEBSITE EVALUATION

NEURO-FUZZY INFERENCE SYSTEM FOR E-COMMERCE WEBSITE EVALUATION NEURO-FUZZY INFERENE SYSTEM FOR E-OMMERE WEBSITE EVALUATION Huan Lu, School of Software, Harbn Unversty of Scence and Technology, Harbn, hna Faculty of Appled Mathematcs and omputer Scence, Belarusan State

More information

ACKNOWLEDGEMENTS. Core Operational Guidelines for Telehealth Services Involving Provider-Patient Interactions

ACKNOWLEDGEMENTS. Core Operational Guidelines for Telehealth Services Involving Provider-Patient Interactions Cor eoper at onal Gu del nes f ort el eheal t hser v c esi nv ol v ng Pr ov der Pat enti nt er ac t ons May201 4 ACKNOWLEDGEMENTS The Amercan Telemedcne Assocaton (ATA) wshes to express sncere apprecaton

More information

Introduction CONTENT. - Whitepaper -

Introduction CONTENT. - Whitepaper - OneCl oud ForAl l YourCr t c al Bus nes sappl c at ons Bl uew r esol ut ons www. bl uew r e. c o. uk Introducton Bluewre Cloud s a fully customsable IaaS cloud platform desgned for organsatons who want

More information

E-learning Vendor Management Checklist

E-learning Vendor Management Checklist E-learning Vendor Management Checklist June 2008 Permission is granted to print freely, unmodified, this document from www.doingelearning.com or to copy it in electronic form. If linked to from the net

More information

CONTENTS Introduction... 3

CONTENTS Introduction... 3 Cuty ourm c r os of t Ex c hangeser v er s t or agec os t sbyupt o85% Howema lar c h v ngs ol ut onsex pand y ournat v eema lappl c at on' sc apab l t es CONTENTS Introducton... 3 Emal Storage Management...

More information

A Study on Secure Data Storage Strategy in Cloud Computing

A Study on Secure Data Storage Strategy in Cloud Computing Journal of Convergence Informaton Technology Volume 5, Number 7, Setember 00 A Study on Secure Data Storage Strategy n Cloud Comutng Danwe Chen, Yanjun He, Frst Author College of Comuter Technology, Nanjng

More information

M-applications Development using High Performance Project Management Techniques

M-applications Development using High Performance Project Management Techniques M-applcatons Development usng Hgh Performance Project Management Technques PAUL POCATILU, MARIUS VETRICI Economc Informatcs Department Academy of Economc Studes 6 Pata Romana, Sector, Bucharest ROMANIA

More information

Course outline. Financial Time Series Analysis. Overview. Data analysis. Predictive signal. Trading strategy

Course outline. Financial Time Series Analysis. Overview. Data analysis. Predictive signal. Trading strategy Fnancal Tme Seres Analyss Patrck McSharry patrck@mcsharry.net www.mcsharry.net Trnty Term 2014 Mathematcal Insttute Unversty of Oxford Course outlne 1. Data analyss, probablty, correlatons, vsualsaton

More information

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS 21 22 September 2007, BULGARIA 119 Proceedngs of the Internatonal Conference on Informaton Technologes (InfoTech-2007) 21 st 22 nd September 2007, Bulgara vol. 2 INVESTIGATION OF VEHICULAR USERS FAIRNESS

More information

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS Yumng Jang, Chen-Khong Tham, Ch-Chung Ko Department Electrcal Engneerng Natonal Unversty Sngapore 119260 Sngapore Emal: {engp7450,

More information

SEVERAL trends are opening up the era of Cloud

SEVERAL trends are opening up the era of Cloud 1 Towards Secure and Dependable Storage Servces n Cloud Computng Cong Wang, Student Member, IEEE, Qan Wang, Student Member, IEEE, Ku Ren, Member, IEEE, Nng Cao, Student Member, IEEE, and Wenjng Lou, Senor

More information

HP Mission-Critical Services

HP Mission-Critical Services HP Msson-Crtcal Servces Delverng busness value to IT Jelena Bratc Zarko Subotc TS Support tm Mart 2012, Podgorca 2010 Hewlett-Packard Development Company, L.P. The nformaton contaned heren s subject to

More information

Traffic State Estimation in the Traffic Management Center of Berlin

Traffic State Estimation in the Traffic Management Center of Berlin Traffc State Estmaton n the Traffc Management Center of Berln Authors: Peter Vortsch, PTV AG, Stumpfstrasse, D-763 Karlsruhe, Germany phone ++49/72/965/35, emal peter.vortsch@ptv.de Peter Möhl, PTV AG,

More information

Answer: A). There is a flatter IS curve in the high MPC economy. Original LM LM after increase in M. IS curve for low MPC economy

Answer: A). There is a flatter IS curve in the high MPC economy. Original LM LM after increase in M. IS curve for low MPC economy 4.02 Quz Solutons Fall 2004 Multple-Choce Questons (30/00 ponts) Please, crcle the correct answer for each of the followng 0 multple-choce questons. For each queston, only one of the answers s correct.

More information

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment Survey on Vrtual Machne Placement Technques n Cloud Computng Envronment Rajeev Kumar Gupta and R. K. Paterya Department of Computer Scence & Engneerng, MANIT, Bhopal, Inda ABSTRACT In tradtonal data center

More information

Ensuring Data Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing 1 Ensurng Data Storage Securty n Cloud Computng Cong Wang,Qan Wang, Ku Ren, and Wenjng Lou Dept of ECE, Illnos Insttute of Technology, Emal: {cwang, qwang, kren}@ecetedu Dept of ECE, Worcester Polytechnc

More information

What is Candidate Sampling

What is Candidate Sampling What s Canddate Samplng Say we have a multclass or mult label problem where each tranng example ( x, T ) conssts of a context x a small (mult)set of target classes T out of a large unverse L of possble

More information

Vembu StoreGrid Windows Client Installation Guide

Vembu StoreGrid Windows Client Installation Guide Ser v cepr ov dered t on Cl enti nst al l at ongu de W ndows Vembu StoreGrd Wndows Clent Installaton Gude Download the Wndows nstaller, VembuStoreGrd_4_2_0_SP_Clent_Only.exe To nstall StoreGrd clent on

More information