Enforcing Fine-grained Authorization Policies for Java Mobile Agents

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Enforcing Fine-grained Authorization Policies for Java Mobile Agents"

Transcription

1 Enforcing Fin-graind Authorization Policis for Java Mobil Agnts Giovanni Russllo Changyu Dong Narankr Dulay Dpartmnt of Computing Imprial Collg London South Knsington London, SW7 2AZ, UK {g.russllo, changyu.dong, Abstract Th Mobil Agnt (MA) paradigm advocats th migration of agnt cod to achiv computational goals. MAs rquir an xcutabl nvironmnt on hosts whr mobil cod can b xcutd. Th xcution of forign cod on a host raiss scurity concrns for both th agnt and th host. In [1] it has bn rcognizd that most of th approachs for providing scurity in MA suffr from a limitation of xprssing complx scurity rquirmnts. Thus, approachs hav bn proposd that introduc th us of a policy languag for spcifying scurity policis to control MA s accss to host rsourcs. With this papr, w outlin a framwork whr scurity policis can b uniformly spcifid for protcting both MAs and host rsourcs. 1 Introduction Currnt distributd systms involv a larg numbr of applications which rquir a varity of scurity mchanisms to fulfill thir nds. In particular, th us of MAs introducs nw challngs and scurity thrats that nd to b carfully considrd [4]. On th on hand it is ncssary to protct th host nvironmnt whr agnts ar xcutd from malicious and buggy mobil cod. It is ncssary to protct th host information and rsourcs from illgal accsss and ovr-consumption by incoming mobil cod. On th othr hand, it is ncssary to protct th stat and bhavior of th mobil cod from tampring or misus by malicious hosts. Additionally, it would b dsirabl that hosts provid QoS-lik guarants on th rsourcs that ar mad availabl to mobil cod. For instanc, if an agnt movs to a givn host thn th host has to mak sur that nough mmory and procssor tim is givn to th agnt for a corrct xcution. Most of th rsarch in providing scurity framworks for MAs has concntratd only on th first part of th problm. Sandboxing tchniqus and typ-saf languags can b usd to rigidly control th intraction btwn th mobil cod and th host. Th rigidity of such approachs can b ovrcom if a languag-basd approach is usd for spcifying authorization policis. For instanc, in [1] an approach was adoptd whr th Java scurity architctur was intgratd with a policy languag. Howvr, all of ths approachs focus on controlling th MA accsss on th host rsourcs. In this papr, w propos a framwork whr it is possibl to spcify policis for both th MAs and th host rsourcs. Th framwork is currntly implmntd for Java basd MAs. Policis ar xprssd using an xtnsion of th Pondr languag [2] and ar nforcd using a Pondr intrprtr. In our approach, th nforcmnt of policis is don transparntly to th MA cod. Th contributions of this papr ar twofold. First of all, w provid th dscription and implmntation of a framwork whr scurity policis can b uniformly spcifid for both MAs and host rsourcs. Scondly, th framwork is indpndnt from both th actual mchanism usd for policy nforcmnt and th spcific policy languag. This papr is organizd as follows. Sction 2 rviws prvious rsarch conductd on policy spcification for MAs. In Sction 3, w dscrib our syntax for spcifying policis. W implmntd our framwork and its dtaild dscription is providd 4. W conclud in Sction 5 and provid som futur dirctions of our rsarch. 2 Background Svral policy-basd approachs hav bn proposd for th spcification of policis to control th intraction of agnts. KAoS [14] is a collction of componnt-basd policis and domain managmnt srvics which provid support for mobil agnt, grid computing and wb srvics. KAoS rlis on a DAML dscription-logic-basd ontology of th computational nvironmnt, application contxt, and th policis thmslvs. It maks it possibl to rprsnt subjcts, actions, and situation at multipl lvls of abstrac-

2 tion and to dynamically calculat rlations btwn policis and nvironmnt ntitis and othr policis basd on ontology rlations. Ri [8] is a policy framwork dsignd for prvasiv computing applications, rprsnts policis in a smantic languag lik RDF-S, DAML+OIL or OWL. Using a smantic languag allows diffrnt systms to shar a modl of policis, rols and othr attributs. Th languag is not tid to any spcific application and it prmits domain spcific information to b addd without modification. In LGI [10], policis spcify which actions th agnt has to nforc upon th rcipt or snding of mssags. Policis us a simpl Prolog notation. It assums that policis ar intrprtd by trustd controllrs at ach agnt s sit. Pondr [2] is a dclarativ, objct-orintd languag that supports th spcification of svral typs of managmnt policis for distributd systms. Pondr uss an objct-orintd approach which allows usrs to dfin diffrnt typs of policis to mt spcific administrativ and scurity managmnt goals. In [1] Pondr was usd for spcifying authorization policis for mobil cod. Th authors dscrib an xtnsion of th accss control mchanism providd by th Java scurity framwork [6]. Th xtnsion consists of svral moduls that hav bn introducd to map authorization policis spcifid in Pondr into Java scurity structurs. With th us of th Pondr languag, it bcoms possibl to spcify mor complx policis. Howvr, th Java scurity framwork is limitd to control rsourc accss of th host. Prvnting an agnt from prforming an opration or forcing th agnt to rjct th rsult of a rqust is out of th scop of th Java scurity framwork. PEP 1 Outbound rqust Mobil Agnt PEP 4 Inbound rply invocation rply PEP 2 Inbound rqust Host Rsourc PEP 3 Outbound rply Figur 1. Policy nforcmnt points. To fill th gap of th abov approachs, w propos a framwork whr th Policy Enforcmnt Points (PEP) can b spcifid for both th agnt and host rsourcs. As shown in Figur 1, w spcify four points of policy nforcmnt: PEP 1: at this point policis ar nforcd whn th agnt snds out a rqust to a (mor gnrally to any local or rmot host or agnt) host rsourcs. For instanc, th agnt is not authorizd to invok a rsourc of th host unlss crtain conditions ar mt. Such conditions could b contxtual, such as tim of th day or host location. Conditions can b dfind on proprtis of ithr th agnt or th targt rsourc on th host. PEP 1 policy could b usd to protct th privacy of th agnt s data. For instanc, th agnt is authorizd to invok th host rsourc but data passd as paramtrs should b filtrd to rmov privat or snsitiv information. In othr words, th nforcmnt of authorization policis at this point allows us to sparatly dfin and control th xcution of oprations by th agnt. Only whn crtain assumptions hold, can th call b mad. W namd such policis Subjct Authorization (SA) policis. PEP 2: this point is usd for activating traditional authorization policis for accss control on th rsourc. Policis ar nforcd whn th host rsourc rcivs a rqust. W namd this typ of policis Targt Authorization (TA) policis. PEP 3: this point allows th host to apply policis whn th rsourc snds back th rply. For xampl, to rmov snsitiv data from th rply that is snt back to th agnt. Just dnying th agnt th right to prform th opration is not sufficint to covr this cas. Th rsourc will provid information to th agnt. Howvr th rsourc administrator dfins th conditions undr which th information is can b givn without compromising confidntiality. W namd ths policis Targt-Rturn Authorization (TRA) policis. PEP 4: this point allows us to nforc policis whn th agnt rcivs th rply. PEP 4 policis can b usd to protct th intgrity of th agnt from malicious or buggy data snt from th rsourc. W namd such policis Subjct-Rturn Authorization (SRA) policis. Figur 1 shows an agnt that is th initiator of a rqust. Howvr, it could b th cas that th agnt provids som functionality to th host nvironmnt. If this is th cas, thn th agnt bcoms th targt of an invocation. Thrfor, PEP 2 and 3 ar also usd to nforc authorization policis on th functionalitis xposd by th agnt. If spcifid at th application lvl, th nforcmnt points may look diffrnt for ach application. Such points can b uniformly abstractd as mthod invocations whn sn at th systm lvl (.g., at th lvl of th Java virtual machin) whr w can intrcpt any mthod invocation (and also rplis), and it is transparnt to th application. An intrcptd mthod invocation or rply can provid most of th information for policy valuation. For instanc,

3 most accss control policis-bas thir dcisions on (subjct, targt, action) tupls. This information is includd implicitly in th mthod call or th rply. In addition, th paramtrs of th mthod call and th rturn valu of th rply can provid mor information if ndd. Our approach is indpndnt from th policy languag, as long as th languag offrs a syntax to xprss th typs of policis rquird by ach PEP. In th following sctions, w discuss in mor dtail th policy languag and intrprtr usd in our framwork. SA auth+/- subjct.action(p) targt TA auth+/- subjct targt.action(p) TRA rply+/- subjct targt.action(r) SRA rply+/- subjct.action(r) targt Figur 2. Mobil Agnt Authorization Policy Syntax. In th following, w provid svral xampls of authorization policis for both MAs and host rsourcs. 3.1 Exampls of Policy Spcifications In this sction w provid xampls of policis that it is possibl to spcify using our approach. Th policis that w considr ar for mobil agnt for halthcar applications. Policy 1 shows a rfrain policy that prvnts a mobil patint agnt rqusting tratmnt to a mdical srvic providd by th host whn th mdical srvic cannot provid a valid crtificat signd by th National Halth Srvic (NHS). Policy 1 Ngativ authorization policy for th patint agnt to issu a rqust of a tratmnt to a mdical srvic. auth- patintagnt.rqusttrat() MdSrvic whn!mdsrvic.isnhscrtifid() 3 Mobil Agnt Authorization Policis In our approach a positiv authorization policy dfins which subjcts ar grantd th prmissions to xcut actions of a givn targt. W also support ngativ authorization policis. In our xampls, subjcts typically map to mobil agnts and targts to host rsourcs. Howvr, MAs can b targts and host rsourcs can b subjcts. A ngativ authorization policy can b sn as a rfinmnt of mor gnral positiv authorization policis. Ngativ authorization policis ar also particular usful whn prmissions (in th form of a positiv authorization) nd to b rmovd to a group of subjcts. Whn daling with policy basd systms, it is unavoidabl that conflicts aris in th st of policis. This issu is mor acut in th cas of agnts migrating through diffrnt hosts. As a mattr of facts, policy administrators cannot b awar of th policis that agnts tak along during thir migrations. Conflict rsolution is fundamntal for policy basd systms, as discussd in [9]. Th study of conflict rsolution is on main ara of our futur rsarch. Th main contribution of this papr that diffrntiats our approach from prvious rsarch is that for a givn action authorization policis ar uniformly applid to subjcts as wll as to targts. Figur 2 prsnts th authorization policis that can b spcifid in our framwork. 1 Th kyword rply± spcifis that th authorization policy is to b applid on th rply of th action. In this cas, th rsult of th action is xplicitly indicatd by th paramtr r of th action. 1 Although in th syntax w xplicitly idntify ach typ of policis, th position of th action in th policy slf-xplains whthr th policy is to apply to a subjct or a targt. Policy 2 is anothr ngativ authorization policy applid on th patint agnt. Howvr, this policy dnis to th agnt accss to th tratmnt rturnd by th mdical srvic whn th rturnd tratmnt is signd by a GP that is not rcognizd by th NHS. Policy 2 Ngativ authorization policy for th patint agnt to rciv th rsult of a rqust issud to a mdical srvic. rply- patintagnt.rqusttrat(prscription) MdSrvic whn!prscription.gp().isnhscrtifid() Positiv authorization policis can b usd for applying filtrs to th data that is supplid or rturnd. Th filtr is spcifid by using th filtr kyword in th action claus. Filtring policis must b positiv authorization bcaus no transformation nds to b applid if th action is forbiddn. Policy 3 shows a filtring policy for an agnt of an mploy. Th agnt of an mploy has to provid to th GP of th company whr th mploy works hr mdical rcord. Th data is stord on th data bas of th company. For privacy rasons, th mploy psychiatric data must b rmovd from hr mdical rcord. Th policy applis a filtr that nullifis th snsitiv fild from th rcord. Th filtr is xcutd bfor th action is prformd. Policy 3 Filtring policy for an agnt whn providing snsitiv data to a databas on a host. auth+ mployagnt.ins(rcord) mploymddb filtr myrcord.psych := NULL It should b notd how th us of our framwork ralizs a complt sparation of concrns [11]. In fact, all th

4 dtails about chcking th crdntials of th targt, th targt s rply, and th application of filtrs on snsitiv data ar spcifid outsid th logic of th application. Ths dtails ar isolatd and capturd in th policy spcification. Policy 4 provids an authorization policy for a nurs agnt that has to prform accsss on th patints mdical rcords in a hospital. According to this policy, a nurs agnt can accss th mdical rcords of a patint whn th nurs is on duty on th ward whr th patint is assignd. Policy 4 Authorization policy for granting accss right to a nurs agnt on th mdical rcords of patints in a hospital. auth+ nursagnt mdicalrcorddb.accssfor(patint) whn (nursagnt.ward = patint.ward) Th policy intrprtr organizs th ntitis (agnts and rsourcs) that ar spcifid in a policy in hirarchical domains of objcts. Domains can b usd to spcify th subjct and targt in a policy. Whn an agnt arrivs in a host, th local policy intrprtr authnticats th agnt and adds it in a local domain. Th domain whr th agnt is addd dpnds on th agnt s crdntials. Using this approach, w can spcify th prvious authorization policy in trms of domains as shown in Policy 5. In this cas, agnts rprsnting hospital prsonnl and patints ar organizd in domains. Each domain rprsnts th diffrnt wards of th hospital. Whn th nurs starts hr shift in a ward, hr agnt is insrtd in th appropriat ward domain (ward10 in our xampl). Policy 5 Authorization policy for accss control basd on th domain location of th nurs and patint agnts. nursagnt in /hospital/prsonnl/ward10/ patintagnt in /hospital/patints/ward10/ auth+ nursagnt.gtrcord() patintagnt Mor dtails on how this policy is nforc ar providd in Sction Implmntation This sction discusss dtails of th implmntation of our framwork. Th actual prototyp is built mainly in Java, although our framwork is concptually indpndnt of th actual programming languag. Java was mainly chosn for a fastr intgration with our xisting policy intrprtr. 4.1 MA Migration Dtails This sction provids insights on som aspcts rlatd to th migration of a mobil agnt in our framwork. Figur 3 shows th migration of an agnt to its dstination host. In particular, th figur shows that th unit of migrating Mobil Agnt MA Policis allocation loading Mobil Agnt Policy Intrprtr MA Policis dstination host nforcmnt invocation Host Rsourc Host Policis Figur 3. Th migration of an agnt and its policis. mobility is composd by th agnt logic (that is th xcutabl part) and th agnt policis. On arrival on th host, th agnt logic is insrtd in th xcutabl nvironmnt whr it can intract with th host rsourcs. Th agnt policis ar loadd by th host s intrprtr in its local data structur. Whn th agnt intracts with th rsourcs in th host, th intrprtr nforcs th policis as rquird. Th basic assumption in our approach is that th host policy intrprtr whr an agnt movs is trustd. A host is trustd whn it can provid to th agnt crdntials to guarant that th xcution will b carrid according to th constrains spcifid by th agnt s policis. Which ar such crdntials and th spcific mthod that an agnt has to us for building nough trust on th host intgrity is th subjct of our futur rsarch. W ar also considring a mor radical approach which wraps a policy intrprtr around th mobil agnt. 4.2 Implmnting th Policy Enforcmnt Points In this sction, w dscrib th architctur of our prototyp that w built to dmonstrat th fasibility of our approach. Crucial to our approach is th ralization of a PEP mchanism such that (i) it supports a fin-graind lvl of nforcmnt point spcification and (ii) it is compltly transparnt to th application logic. Svral tchniqus could b usd for ralizing th PEP mchanism of our approach. For instanc, using th standard Wrappr Pattrn, th agnt and rsourc cod is wrappd by a pic of cod that intrcpts all th inbound and outbound calls to and from th componnt. Each tim a call is intrcptd, th wrappr passs th ncssary information to th Policy Intrprtr to activat a policy. A Java-basd solution that supports th wrappr pattrn is th Java Managmnt Extnsion (JMX) [5]. In JMX, th agnt and th rsourcs must b managd by a Man- xcution nvironmnt policy dcision making

5 agd Ban (MBan). A MBan is a spcial Java ban that xposs via a standardizd intrfac (dfind by th JMX spcification) attributs and mthods of th rsourc that it manags. MBans hav th capability to mit notifications upon crtain vnts. Such vnts could call th PEPs in our framwork. Anothr Java-spcific solution is basd on th us of th Java Virtual Machin Tool Intrfac (JVMTI) [7]. JVMTI provids an intrfac that can b usd by usr cod to control and monitoring Java applications. In JVMTI such usr cod is calld an agnt. To avoid confusion, w will rfr to it as ti-agnt. Ti-agnts us th functionality xposd by JVMTI to b notifid whn vnts occur in th application, and to qury and control th application during xcution. Among th vnts that a ti-agnt can intrcpt thr ar thos that captur whn th xcution ntrs and xits a mthod. JVMTI allows ti-agnts to rtriv information rgarding mthod call, such as objct typ of th callr and th call, th paramtr valus passd in th mthod invocation, and th valu that th mthod rturns. Givn th fin-graind control and monitoring capability, and th fact that it is not rquird to chang any application cod, w implmntd th PEP mchanism using JVMTI. An altrnativ approach would b to us Aspct- Orintd Programming [3]. Such an approach is usd by Vrhannman, t al. in [13]. Thy us Java Aspct Componnts [12] to implmnt a wrappr to intrcpt mthod calls from th callr to call and to nforc policis as rquird. This tchniqu rquirs that th agnt cod is modifid with th injction of aspct-spcific cod at th host sid. Crucial in AOP is th spcification of whr th aspct cod must bn injctd. In JAC, this is don transparntly to th application using dscriptor fils. Th dscriptor provids thos points to th JAC middlwar that thn wavs th aspct cod with th application cod. This is compltly transparnt to th application. W dcidd to us JVMTI mainly for two rasons. Th first rason is that JVMTI is a standard Java tool. Using an aspct orintd approach rquirs us to rly on non-standard Java compilrs and tools that ar not always so thoroughly dvlopd. Th scond rason is that th us of JVMTI dos not rquirs any changs in th application cod. It should b notd howvr, that th dsign of our framwork is indpndnt of th actual mchanism usd for implmnting a PEP. In principl, all th abov approachs could b usd to implmntd a PEP with nough capabilitis that would nabl our framwork to function as rquird. This has th main advantag of allowing our framwork to nforc policis across systms implmntd using diffrnt tchnologis. Figur 4 givs an ovrviw of our architctur. Givn that th JVMTI and policy intrprtr moduls wr alrady availabl, th only moduls that w implmntd ar th ti a.c and th TIAgnt.java. A g n t s n d nativ cod Java cod PEP 4 PEP 1 invocation vnts rply JVMTI ti_a.c JNI TIAgnt.java Policy Intrprtr PEP 2 PEP 3 r c i v R s o u r c Policy tabl Policy tabl Hirarchical Domain Rprsntation Figur 4. Th moduls implmntd in our framwork to provid a complt control ovr authorization. Th ti a.c is th ti-agnt writtn in C that is injctd in th JVM at start-up tim as a command lin option. Onc th ti a.c has bn loadd into th JVM, it rgistrs th notification callbacks for JVMTI vnts. In particular, th agnt rgistrs for JVMTI EVENT METHOD ENTRY and JVMTI EVENT METHOD EXIT to intrcpt whn th xcution flow ntrs and xits a mthod, rspctivly. For xampl, Figur 4 shows an agnt that is xcuting its own mthod snd to invok th mthod rciv of th rsourc. In this xampl, ti a.c is notifid by th JVMTI notification systm whn th following vnts occurs: ntring mthod snd (vnt 1), ntring mthod rciv (vnt 2), xiting mthod rciv (vnt 3), and finally xiting mthod snd aftr th call to rciv (vnt 4). Such vnts ar on-to-on mappd to th PEPs that our framwork rquirs. Mthod ntry and mthod xit vnts ar notifid vry tim a mthod is calld. This rquirs that ti a.c that has to filtr out all thos vnts rlativ to mthods for which a policy has not bn spcifid. This mans that th ti a.c

6 nds to b intrfacd with th policy intrprtr bcaus th intrprtr organizs th policis in its domain hirarchy. This task is fulfilld by th TIAgnt.java that provids to th ti a.c information on th policis loadd by th intrprtr. Th information that th TIAgnt.java xtracts from a loadd policy is concatnatd to from a so calld signatur. A signatur is th concatnation of th following lmnts: th action that is th nam of th mthod to b invokd, th targt that is th host objct s full class nam that contains th mthod, and th subjct that is th MA objct s full class nam that invoks th mthod. Th signaturs ar passd to th ti a.c that can us thm to intrcpt th appropriat vnts. Th ti a.c and TIAgnt.java maintain policy tabls whr policy signaturs ar stord. This nabls us to minimiz th dpndncis of our framwork from th policy rprsntation usd by th spcific intrprtr. vnt lt th invocation procds ti_a.c rtriv action and targt look up in th tabl rtriv th subjct from th fram invok isauthorizd rturn tru TIAgnt.java rtriv policy rfrnc from tabl authnticat subjct OID chck subjct and targt OIDS rturn tru Policy Objct Figur 7. Th mssag squnc chart of th activation of an authorization policy. ky valu act+tar tag sbj_list: sbj 1 sbj 2 Figur 5. Th policy tabl of th ti a.c. Th policy tabl maintaind by th ti a.c is a hash tabl rprsntd in Figur 5. Th ky column contains th concatnation of th action and targt. Th valu column contains structurs with th following filds: tag, that can hav thr valus: 0 for an authorization policy on ntring th mthod, and 2 for an authorization policy on xiting th mthod; subjct list, a linkd list subjcts for which an authorization policy is spcifid. ky valu signatur rfrnc to policy objct 1 rfrnc to policy objct 2 Figur 6. Th policy tabl of th TIAgnt.java. Th policy tabl of th TIAgnt.java is rprsntd in Figur 6. It is a hash tabl whr th ky column contains signaturs. Th valu column contains a linkd list of rfrncs to th actual policy objcts as rprsntd by th policy intrprtr. Th main rason of having two sparat instancs of th tabl is to lowr th ovrhad of JNI calls btwn th TIAgnt.java and ti a.c. For ach vnt, th ti a.c rtrivs th mthod nam (action) and th full class nam (targt) of th objct that contains th mthod. Using this information, th ti a.c looks up a matching ky in its tabl. If a match is found, th procss to activat th propr policy is startd. Othrwis, th ti a.c just ignors th vnt. By having its local tabl, th ti a.c can prform locally th sarch instad of having to us a costly JNI call to th TIAgnt.java. Whnvr th intrprtr updats th st of policis (i.., for loading nw policis, disabling or nabling policis), th TIAgnt.java is notifid that an updat was prformd. This triggrs th updat on its own tabl. As soon as th TIAgnt.java changs its tabl, th ti a.c intrcpts th changs and updat its local tabl, accordingly. In th following, w xplain with an xampl th dtails of th authorization of a mthod invocation An xampl of Authorization Policy Enforcmnt. Lt us considr on of th policis prsntd abov. In particular, lt us considr th authorization policy dfind in

7 Policy 5 Th policy spcifis that th nurs agnt is authorizd to gt th rcords of a patint agnt whn th nurs is on duty on th sam ward whr th patint is assignd. Figur 7 shows a mssag squnc chart of th policy xcution for authorizing th nurs accss. Whn th xcution flow ntrs th mthod radrcord of th patint agnt, JVMTI raiss an vnt capturd by th ti a.c. Th ti a.c rtrivs th mthod nam (action) that is bing invokd and th agnt s full class nam (targt) whr th mthod blongs to. This information is usd to look up in its policy tabl for a matching lmnt. Onc th lmnt is rtrivd, th ti a.c uss th subjctlist to idntifywhich agnt is invoking th mthod. For ach lmnt in th subjct list, th ti a.c scans th frams of th currnt xcution stack (providd by th JVMTI) for a match. If no matching subjct is found, thn th ti a.c has to notify th TIAgnt.java that an unauthorizd accss is bing attmptd and appropriat actions should b takn (for instanc, throwing an xcption). Onc th nurs agnt is found in th currnt xcution stack, to complt th authorization it is ncssary to authnticat th subjct. As for th authntication, in th currnt implmntation of our prototyp, w us th authntication mchanism providd by th policy intrprtr. As w said, th policy intrprtr maintains a domain structur populatd with managd objcts. Each managd objct rprsnts a componnt that nds to b managd. In this cas, a componnt can b ithr an agnt or a rsourc. Whn a nw componnt is discovrd, th policy intrprtr chcks th componnts s crdntials. If th componnt is authnticatd, th policy intrprtr instantiats th corrspondnt managd objct in its domain structur. Each managd objct is uniquly idntifid by an ID gnratd by th intrprtr, calld OID. Thus th subjct can b authnticatd if it provids a valid OID. This holds also for th targt. Th ti a.c rtrivs th subjct and targt OIDs. Aftrwards, th ti a.c invoks th TIAgnt.java s mthod isauthorizd (using JNI) passing th following information: th signatur, that is th concatnation of subjct and targt class nam followd by th mthod nam, th subjct OID, th targt OID, and an array containing th paramtrs valus of th mthod invocation (in this cas th array is null bcaus no condition claus is spcifid in th policy). Using th signatur, th isauthorizd mthod rtrivs from th policy tabl th linkd list of policy rfrncs. Multipl policis could b dfind for th sam combination of action, targt, and subjct. All of ths policis ar containd in th list. Th mthod gos through th list until a policy that authorizd th xcution of th opration is found. A policy authorizs an action if th subjct and th targt OIDs ar valid. This also mans that th OIDs must b containd in th spcifid domains. In this cas, th nurs agnt OID must b containd in th ward10 domain for th hospital prsonnl, and th patint agnt OID must b in ward10 domain for th patints. Whn th policy that authorizs th action is found, thn th isauthorizd mthod immdiatly rturns to th ti a.c that th invocation can procd. Othrwis th isauthorizd mthod rturns fals to th ti a.c that dos not allow th invocation. 5 Conclusions and Futur Work In this papr, w prsntd a framwork for authorization policy nforcmnt for mobil agnt applications. Th main contribution of our approach is that authorization policis can b usd to protct both th mobil agnts and h host rsourcs. This fills th gap of prvious approachs whr policis could b spcifid and nforcd on th host rsourcs. This papr also dscribd our implmntation of th framwork. As futur work, w fors working in combining a Trust Managmnt Systm (TMS) with accss control. Sinc th intrcption mchanism is indpndnt from th actual authorization modl, w can asily intgrat a TMS in our suit. Th TMS will tak dcisions on whthr a givn ntity should b grantd authorization basd on th trust lvl that th ownr of th accssd rsourc puts on th ntity. This lvl can chang ovr tim, providing a vry flxibl framwork in comparison with th ys-or-no approach of classical scurity modls. Anothr main ara of futur rsarch is th introduction in our framwork of conflict rsolution stratgis to automatically rsolv conflicts that could aris btwn policis. Acknowldgmnts This rsarch was supportd by th UK s EPSRC rsarch grant EP/C537181/1 and forms part of th CarGrid, a collaborativ projct with th Univrsity of Cambridg. Th authors would also lik to thank th mmbrs of th Policy Rsarch Group at Imprial Collg for thir support. Rfrncs [1] Corradi t al. A flxibl accss control srvic for Java mobil cod. In 16th Annual Computr Scurity Application Confrnc (ACSAC 00)s.

8 [2] N. Damianou, N. Dulay, E. Lupu and M. Sloman. Th Pondr Policy Spcification Languag. In Proc. 2nd IEEE Intrnational Workshop on Policis for Distributd Systms and Ntworks, pp , [3] R.E.FilmanandD.P.Fridman. Aspct-Orintd Programming is Quantification and Obliviousnss. Workshop on Advancd Sparation of Concrns, OOPSLA, Octobr [4] W. Jansn and T. Karygiannis. Mobil Agnt Scurity. NIST Spcial Publication , National Institut of Standard and Tchnology, [5] Java Managmnt Extnsion Spcifications. indx3.html [6] Java Scurity Whit Papr. tchnicalarticls/scurity/whitpapr/js Whit Papr.pdf [7] JVM Tool Intrfac jvmti/indx.html [8] L. Kagal, T. Finin and A. Joshi. A policy languag for a prvasiv computing nvironmnt. In Proc. 4th IEEE Intrnational Workshop on Policis for Distributd Systms and Ntworks, pp , [9] E. Lupu and M. Sloman. Conflicts in Policy-Basd Distributd Systms Managmnt. IEEE Transaction on Softwar Enginring, pp , Vol. 25, No. 6, [10] N. H. Minsky and P. Pal. Law-Govrnd Rgularitis in Objct Systms - Part 2: A Concrt Implmntation. Thory and Practic of Objct Systms (TAPOS), John Wily. 2, [11] D. L. Parnas. On th critria to b usd in dcomposing systms into moduls. Communications of th ACM, 15(12): , Dcmbr [12] R. Pawlak, L. Sinturir, L. Duchin, and G. Florin. JAC: A Flxibl Framwork for AOP in Java. In Rflction 01, volum 2192 of Lctur Nots in Computr Scinc, pags Springr-Vrlag, Sptmbr [13] T. Vrhannman, F. Pissns, B. D. Win and Woutr Joosn Uniform Application-lvl Accss Control Enforcmnt of Organizationwid Policis. In Proc. 21st Annual Computr Scurity Applications Confrnc, pp , [14] A. Uszok, J. Bradshaw, R. Jffrs, N. Suri, P. Hays, M. Brdy, L. Bunch, M. Johnson, S. Kulkarni and J. Lott. KAoS policy and domain srvics: toward a dscriptionlogic approach to policy rprsntation, dconfliction, and nforcmnt. In Proc. 4th IEEE Intrnational Workshop on Policis for Distributd Systms and Ntworks, pp , 2003.

Architecture of the proposed standard

Architecture of the proposed standard Architctur of th proposd standard Introduction Th goal of th nw standardisation projct is th dvlopmnt of a standard dscribing building srvics (.g.hvac) product catalogus basd on th xprincs mad with th

More information

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book. Rsourc Allocation Abstract This is a small toy xampl which is wll-suitd as a first introduction to Cnts. Th CN modl is dscribd in grat dtail, xplaining th basic concpts of C-nts. Hnc, it can b rad by popl

More information

Non-Homogeneous Systems, Euler s Method, and Exponential Matrix

Non-Homogeneous Systems, Euler s Method, and Exponential Matrix Non-Homognous Systms, Eulr s Mthod, and Exponntial Matrix W carry on nonhomognous first-ordr linar systm of diffrntial quations. W will show how Eulr s mthod gnralizs to systms, giving us a numrical approach

More information

Use a high-level conceptual data model (ER Model). Identify objects of interest (entities) and relationships between these objects

Use a high-level conceptual data model (ER Model). Identify objects of interest (entities) and relationships between these objects Chaptr 3: Entity Rlationship Modl Databas Dsign Procss Us a high-lvl concptual data modl (ER Modl). Idntify objcts of intrst (ntitis) and rlationships btwn ths objcts Idntify constraints (conditions) End

More information

Entity-Relationship Model

Entity-Relationship Model Entity-Rlationship Modl Kuang-hua Chn Dpartmnt of Library and Information Scinc National Taiwan Univrsity A Company Databas Kps track of a company s mploys, dpartmnts and projcts Aftr th rquirmnts collction

More information

by John Donald, Lecturer, School of Accounting, Economics and Finance, Deakin University, Australia

by John Donald, Lecturer, School of Accounting, Economics and Finance, Deakin University, Australia Studnt Nots Cost Volum Profit Analysis by John Donald, Lcturr, School of Accounting, Economics and Financ, Dakin Univrsity, Australia As mntiond in th last st of Studnt Nots, th ability to catgoris costs

More information

Adverse Selection and Moral Hazard in a Model With 2 States of the World

Adverse Selection and Moral Hazard in a Model With 2 States of the World Advrs Slction and Moral Hazard in a Modl With 2 Stats of th World A modl of a risky situation with two discrt stats of th world has th advantag that it can b natly rprsntd using indiffrnc curv diagrams,

More information

Continuity Cloud Virtual Firewall Guide

Continuity Cloud Virtual Firewall Guide Cloud Virtual Firwall Guid uh6 Vrsion 1.0 Octobr 2015 Foldr BDR Guid for Vam Pag 1 of 36 Cloud Virtual Firwall Guid CONTENTS INTRODUCTION... 3 ACCESSING THE VIRTUAL FIREWALL... 4 HYPER-V/VIRTUALBOX CONTINUITY

More information

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic {singas,engpk}@tp.edu.sg

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic {singas,engpk}@tp.edu.sg Ky Managmnt Systm Framwork for Cloud Storag Singa Suparman, Eng Pin Kwang Tmask Polytchnic {singas,ngpk}@tp.du.sg Abstract In cloud storag, data ar oftn movd from on cloud storag srvic to anothr. Mor frquntly

More information

SUBATOMIC PARTICLES AND ANTIPARTICLES AS DIFFERENT STATES OF THE SAME MICROCOSM OBJECT. Eduard N. Klenov* Rostov-on-Don. Russia

SUBATOMIC PARTICLES AND ANTIPARTICLES AS DIFFERENT STATES OF THE SAME MICROCOSM OBJECT. Eduard N. Klenov* Rostov-on-Don. Russia SUBATOMIC PARTICLES AND ANTIPARTICLES AS DIFFERENT STATES OF THE SAME MICROCOSM OBJECT Eduard N. Klnov* Rostov-on-Don. Russia Th distribution law for th valus of pairs of th consrvd additiv quantum numbrs

More information

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore Intrnational Journal of mrging Tchnology and dvancd nginring Wbsit: www.ijta.com (ISSN 2250-2459, Volum 2, Issu 4, pril 2012) n road outlin of Rdundant rray of Inxpnsiv isks Shaifali Shrivastava 1 partmnt

More information

A Secure Web Services for Location Based Services in Wireless Networks*

A Secure Web Services for Location Based Services in Wireless Networks* A Scur Wb Srvics for Location Basd Srvics in Wirlss Ntworks* Minsoo L 1, Jintak Kim 1, Shyun Park 1, Jail L 2 and Sokla L 21 1 School of Elctrical and Elctronics Enginring, Chung-Ang Univrsity, 221, HukSuk-Dong,

More information

Free ACA SOLUTION (IRS 1094&1095 Reporting)

Free ACA SOLUTION (IRS 1094&1095 Reporting) Fr ACA SOLUTION (IRS 1094&1095 Rporting) Th Insuranc Exchang (301) 279-1062 ACA Srvics Transmit IRS Form 1094 -C for mployrs Print & mail IRS Form 1095-C to mploys HR Assist 360 will gnrat th 1095 s for

More information

Version Issue Date Reason / Description of Change Author Draft February, N/A 2009

Version Issue Date Reason / Description of Change Author Draft February, N/A 2009 Appndix A: CNS Managmnt Procss: OTRS POC Documnt Control Titl : CNS Managmnt Procss Documnt : (Location of Documnt and Documnt numbr) Author : Ettin Vrmuln (EV) Ownr : ICT Stratgic Srvics Vrsion : Draft

More information

A Note on Approximating. the Normal Distribution Function

A Note on Approximating. the Normal Distribution Function Applid Mathmatical Scincs, Vol, 00, no 9, 45-49 A Not on Approimating th Normal Distribution Function K M Aludaat and M T Alodat Dpartmnt of Statistics Yarmouk Univrsity, Jordan Aludaatkm@hotmailcom and

More information

C H A P T E R 1 Writing Reports with SAS

C H A P T E R 1 Writing Reports with SAS C H A P T E R 1 Writing Rports with SAS Prsnting information in a way that s undrstood by th audinc is fundamntally important to anyon s job. Onc you collct your data and undrstand its structur, you nd

More information

SOFTWARE ENGINEERING AND APPLIED CRYPTOGRAPHY IN CLOUD COMPUTING AND BIG DATA

SOFTWARE ENGINEERING AND APPLIED CRYPTOGRAPHY IN CLOUD COMPUTING AND BIG DATA Intrnational Journal on Tchnical and Physical Problms of Enginring (IJTPE) Publishd by Intrnational Organization of IOTPE ISSN 077-358 IJTPE Journal www.iotp.com ijtp@iotp.com Sptmbr 015 Issu 4 Volum 7

More information

Lecture 3: Diffusion: Fick s first law

Lecture 3: Diffusion: Fick s first law Lctur 3: Diffusion: Fick s first law Today s topics What is diffusion? What drivs diffusion to occur? Undrstand why diffusion can surprisingly occur against th concntration gradint? Larn how to dduc th

More information

Genetic Drift and Gene Flow Illustration

Genetic Drift and Gene Flow Illustration Gntic Drift and Gn Flow Illustration This is a mor dtaild dscription of Activity Ida 4, Chaptr 3, If Not Rac, How do W Explain Biological Diffrncs? in: How Ral is Rac? A Sourcbook on Rac, Cultur, and Biology.

More information

A Project Management framework for Software Implementation Planning and Management

A Project Management framework for Software Implementation Planning and Management PPM02 A Projct Managmnt framwork for Softwar Implmntation Planning and Managmnt Kith Lancastr Lancastr Stratgis Kith.Lancastr@LancastrStratgis.com Th goal of introducing nw tchnologis into your company

More information

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769 08-16-85 WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769 Summary of Dutis : Dtrmins City accptanc of workrs' compnsation cass for injurd mploys; authorizs appropriat tratmnt

More information

Improving Managerial Accounting and Calculation of Labor Costs in the Context of Using Standard Cost

Improving Managerial Accounting and Calculation of Labor Costs in the Context of Using Standard Cost Economy Transdisciplinarity Cognition www.ugb.ro/tc Vol. 16, Issu 1/2013 50-54 Improving Managrial Accounting and Calculation of Labor Costs in th Contxt of Using Standard Cost Lucian OCNEANU, Constantin

More information

Category 7: Employee Commuting

Category 7: Employee Commuting 7 Catgory 7: Employ Commuting Catgory dscription This catgory includs missions from th transportation of mploys 4 btwn thir homs and thir worksits. Emissions from mploy commuting may aris from: Automobil

More information

FACULTY SALARIES FALL 2004. NKU CUPA Data Compared To Published National Data

FACULTY SALARIES FALL 2004. NKU CUPA Data Compared To Published National Data FACULTY SALARIES FALL 2004 NKU CUPA Data Compard To Publishd National Data May 2005 Fall 2004 NKU Faculty Salaris Compard To Fall 2004 Publishd CUPA Data In th fall 2004 Northrn Kntucky Univrsity was among

More information

Exponential Growth and Decay; Modeling Data

Exponential Growth and Decay; Modeling Data Exponntial Growth and Dcay; Modling Data In this sction, w will study som of th applications of xponntial and logarithmic functions. Logarithms wr invntd by John Napir. Originally, thy wr usd to liminat

More information

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 10 Regulation 11 Safety and Suitability of Premises

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 10 Regulation 11 Safety and Suitability of Premises CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY Outcom 10 Rgulation 11 Safty and Suitability of Prmiss CQC Rf 10A 10A(1) Lad Dirctor / Lad Officr Rspons Impact Liklihood Lvl of Concrn

More information

IHE IT Infrastructure (ITI) Technical Framework Supplement. Cross-Enterprise Document Workflow (XDW) Trial Implementation

IHE IT Infrastructure (ITI) Technical Framework Supplement. Cross-Enterprise Document Workflow (XDW) Trial Implementation Intgrating th Halthcar Entrpris 5 IHE IT Infrastructur (ITI) Tchnical Framwork Supplmnt 10 Cross-Entrpris Documnt Workflow (XDW) 15 Trial Implmntation 20 Dat: Octobr 13, 2014 Author: IHE ITI Tchnical Committ

More information

STATEMENT OF INSOLVENCY PRACTICE 3.2

STATEMENT OF INSOLVENCY PRACTICE 3.2 STATEMENT OF INSOLVENCY PRACTICE 3.2 COMPANY VOLUNTARY ARRANGEMENTS INTRODUCTION 1 A Company Voluntary Arrangmnt (CVA) is a statutory contract twn a company and its crditors undr which an insolvncy practitionr

More information

Remember you can apply online. It s quick and easy. Go to www.gov.uk/advancedlearningloans. Title. Forename(s) Surname. Sex. Male Date of birth D

Remember you can apply online. It s quick and easy. Go to www.gov.uk/advancedlearningloans. Title. Forename(s) Surname. Sex. Male Date of birth D 24+ Advancd Larning Loan Application form Rmmbr you can apply onlin. It s quick and asy. Go to www.gov.uk/advancdlarningloans About this form Complt this form if: you r studying an ligibl cours at an approvd

More information

Chi-Square. Hypothesis: There is an equal chance of flipping heads or tails on a coin. Coin A. Expected (e) (o e) (o e) 2 (o e) 2 e

Chi-Square. Hypothesis: There is an equal chance of flipping heads or tails on a coin. Coin A. Expected (e) (o e) (o e) 2 (o e) 2 e Why? Chi-Squar How do you know if your data is th rsult of random chanc or nvironmntal factors? Biologists and othr scintists us rlationships thy hav discovrd in th lab to prdict vnts that might happn

More information

SPECIAL VOWEL SOUNDS

SPECIAL VOWEL SOUNDS SPECIAL VOWEL SOUNDS Plas consult th appropriat supplmnt for th corrsponding computr softwar lsson. Rfr to th 42 Sounds Postr for ach of th Spcial Vowl Sounds. TEACHER INFORMATION: Spcial Vowl Sounds (SVS)

More information

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13) con 37: Answr Ky for Problm St (Chaptr 2-3) Instructor: Kanda Naknoi Sptmbr 4, 2005. (2 points) Is it possibl for a country to hav a currnt account dficit at th sam tim and has a surplus in its balanc

More information

Personal Identity Verification (PIV) Enablement Solutions

Personal Identity Verification (PIV) Enablement Solutions Prsonal Idntity Vrification (PIV) Enablmnt Solutions pivclass Govrnmnt Solutions Affordabl Prsonal Idntity Vrification (PIV) Enablmnt Solutions from a Singl, Trustd Supplir Complt Solution for PIV Enablmnt

More information

Important Information Call Through... 8 Internet Telephony... 6 two PBX systems... 10 Internet Calls... 3 Internet Telephony... 2

Important Information Call Through... 8 Internet Telephony... 6 two PBX systems... 10 Internet Calls... 3 Internet Telephony... 2 Installation and Opration Intrnt Tlphony Adaptr Aurswald Box Indx C I R 884264 03 02/05 Call Duration, maximum...10 Call Through...7 Call Transportation...7 Calls Call Through...7 Intrnt Tlphony...3 two

More information

7 Timetable test 1 The Combing Chart

7 Timetable test 1 The Combing Chart 7 Timtabl tst 1 Th Combing Chart 7.1 Introduction 7.2 Tachr tams two workd xampls 7.3 Th Principl of Compatibility 7.4 Choosing tachr tams workd xampl 7.5 Ruls for drawing a Combing Chart 7.6 Th Combing

More information

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power Prim numbrs W giv spcial nams to numbrs dpnding on how many factors thy hav. A prim numbr has xactly two factors: itslf and 1. A composit numbr has mor than two factors. 1 is a spcial numbr nithr prim

More information

Combinatorial Analysis of Network Security

Combinatorial Analysis of Network Security Combinatorial Analysis of Ntwork Scurity Stvn Nol a, Brian O Brry a, Charls Hutchinson a, Sushil Jajodia a, Lynn Kuthan b, and Andy Nguyn b a Gorg Mason Univrsity Cntr for Scur Information Systms b Dfns

More information

SIMULATION OF THE PERFECT COMPETITION AND MONOPOLY MARKET STRUCTURE IN THE COMPANY THEORY

SIMULATION OF THE PERFECT COMPETITION AND MONOPOLY MARKET STRUCTURE IN THE COMPANY THEORY 1 SIMULATION OF THE PERFECT COMPETITION AND MONOPOLY MARKET STRUCTURE IN THE COMPANY THEORY ALEXA Vasil ABSTRACT Th prsnt papr has as targt to crat a programm in th Matlab ara, in ordr to solv, didactically

More information

Sigmoid Functions and Their Usage in Artificial Neural Networks

Sigmoid Functions and Their Usage in Artificial Neural Networks Sigmoid Functions and Thir Usag in Artificial Nural Ntworks Taskin Kocak School of Elctrical Enginring and Computr Scinc Applications of Calculus II: Invrs Functions Eampl problm Calculus Topic: Invrs

More information

New Basis Functions. Section 8. Complex Fourier Series

New Basis Functions. Section 8. Complex Fourier Series Nw Basis Functions Sction 8 Complx Fourir Sris Th complx Fourir sris is prsntd first with priod 2, thn with gnral priod. Th connction with th ral-valud Fourir sris is xplaind and formula ar givn for convrting

More information

Deer: Predation or Starvation

Deer: Predation or Starvation : Prdation or Starvation National Scinc Contnt Standards: Lif Scinc: s and cosystms Rgulation and Bhavior Scinc in Prsonal and Social Prspctiv s, rsourcs and nvironmnts Unifying Concpts and Procsss Systms,

More information

Asset set Liability Management for

Asset set Liability Management for KSD -larning and rfrnc products for th global financ profssional Highlights Library of 29 Courss Availabl Products Upcoming Products Rply Form Asst st Liability Managmnt for Insuranc Companis A comprhnsiv

More information

The Matrix Exponential

The Matrix Exponential Th Matrix Exponntial (with xrciss) 92.222 - Linar Algbra II - Spring 2006 by D. Klain prliminary vrsion Corrctions and commnts ar wlcom! Th Matrix Exponntial For ach n n complx matrix A, dfin th xponntial

More information

CPS 220 Theory of Computation REGULAR LANGUAGES. Regular expressions

CPS 220 Theory of Computation REGULAR LANGUAGES. Regular expressions CPS 22 Thory of Computation REGULAR LANGUAGES Rgular xprssions Lik mathmatical xprssion (5+3) * 4. Rgular xprssion ar built using rgular oprations. (By th way, rgular xprssions show up in various languags:

More information

Simulated Radioactive Decay Using Dice Nuclei

Simulated Radioactive Decay Using Dice Nuclei Purpos: In a radioactiv sourc containing a vry larg numbr of radioactiv nucli, it is not possibl to prdict whn any on of th nucli will dcay. Although th dcay tim for any on particular nuclus cannot b prdictd,

More information

IBM Healthcare Home Care Monitoring

IBM Healthcare Home Care Monitoring IBM Halthcar Hom Car Monitoring Sptmbr 30th, 2015 by Sal P. Causi, P. Eng. IBM Halthcar Businss Dvlopmnt Excutiv scausi@ca.ibm.com IBM Canada Cloud Computing Tigr Tam Homcar by dfinition 1. With a gnsis

More information

MEASUREMENT AND ASSESSMENT OF IMPACT SOUND IN THE SAME ROOM. Hans G. Jonasson

MEASUREMENT AND ASSESSMENT OF IMPACT SOUND IN THE SAME ROOM. Hans G. Jonasson MEASUREMENT AND ASSESSMENT OF IMPACT SOUND IN THE SAME ROOM Hans G. Jonasson SP Tchnical Rsarch Institut of Swdn Box 857, SE-501 15 Borås, Swdn hans.jonasson@sp.s ABSTRACT Drum sound, that is th walking

More information

REPORT' Meeting Date: April 19,201 2 Audit Committee

REPORT' Meeting Date: April 19,201 2 Audit Committee REPORT' Mting Dat: April 19,201 2 Audit Committ For Information DATE: March 21,2012 REPORT TITLE: FROM: Paul Wallis, CMA, CIA, CISA, Dirctor, Intrnal Audit OBJECTIVE To inform Audit Committ of th rsults

More information

Scalable Transactions for Web Applications in the Cloud using Customized CloudTPS

Scalable Transactions for Web Applications in the Cloud using Customized CloudTPS Shashikant Mahadu Bankar/ (IJCSIT) Intrnational Journal of Computr Scinc and Information Tchnologis, Vol. (3), 2015, 218-2191 Scalabl Transactions for Wb Applications in th Cloud using Customizd CloudTPS

More information

User-Perceived Quality of Service in Hybrid Broadcast and Telecommunication Networks

User-Perceived Quality of Service in Hybrid Broadcast and Telecommunication Networks Usr-Prcivd Quality of Srvic in Hybrid Broadcast and Tlcommunication Ntworks Michal Galtzka Fraunhofr Institut for Intgratd Circuits Branch Lab Dsign Automation, Drsdn, Grmany Michal.Galtzka@as.iis.fhg.d

More information

ME 612 Metal Forming and Theory of Plasticity. 6. Strain

ME 612 Metal Forming and Theory of Plasticity. 6. Strain Mtal Forming and Thory of Plasticity -mail: azsnalp@gyt.du.tr Makin Mühndisliği Bölümü Gbz Yüksk Tknoloji Enstitüsü 6.1. Uniaxial Strain Figur 6.1 Dfinition of th uniaxial strain (a) Tnsil and (b) Comprssiv.

More information

Sci.Int.(Lahore),26(1),131-138,2014 ISSN 1013-5316; CODEN: SINTE 8 131

Sci.Int.(Lahore),26(1),131-138,2014 ISSN 1013-5316; CODEN: SINTE 8 131 Sci.Int.(Lahor),26(1),131-138,214 ISSN 113-5316; CODEN: SINTE 8 131 REQUIREMENT CHANGE MANAGEMENT IN AGILE OFFSHORE DEVELOPMENT (RCMAOD) 1 Suhail Kazi, 2 Muhammad Salman Bashir, 3 Muhammad Munwar Iqbal,

More information

A Derivation of Bill James Pythagorean Won-Loss Formula

A Derivation of Bill James Pythagorean Won-Loss Formula A Drivation of Bill Jams Pythagoran Won-Loss Formula Ths nots wr compild by John Paul Cook from a papr by Dr. Stphn J. Millr, an Assistant Profssor of Mathmatics at Williams Collg, for a talk givn to th

More information

Lecture 20: Emitter Follower and Differential Amplifiers

Lecture 20: Emitter Follower and Differential Amplifiers Whits, EE 3 Lctur 0 Pag of 8 Lctur 0: Emittr Followr and Diffrntial Amplifirs Th nxt two amplifir circuits w will discuss ar ry important to lctrical nginring in gnral, and to th NorCal 40A spcifically.

More information

Data warehouse on Manpower Employment for Decision Support System

Data warehouse on Manpower Employment for Decision Support System Data warhous on Manpowr Employmnt for Dcision Support Systm Amro F. ALASTA, and Muftah A. Enaba Abstract Sinc th us of computrs in businss world, data collction has bcom on of th most important issus du

More information

Statistical Machine Translation

Statistical Machine Translation Statistical Machin Translation Sophi Arnoult, Gidon Mailltt d Buy Wnnigr and Andra Schuch Dcmbr 7, 2010 1 Introduction All th IBM modls, and Statistical Machin Translation (SMT) in gnral, modl th problm

More information

Fleet vehicles opportunities for carbon management

Fleet vehicles opportunities for carbon management Flt vhicls opportunitis for carbon managmnt Authors: Kith Robrtson 1 Dr. Kristian Stl 2 Dr. Christoph Hamlmann 3 Alksandra Krukar 4 Tdla Mzmir 5 1 Snior Sustainability Consultant & Lad Analyst, Arup 2

More information

Ground Fault Current Distribution on Overhead Transmission Lines

Ground Fault Current Distribution on Overhead Transmission Lines FACTA UNIVERSITATIS (NIŠ) SER.: ELEC. ENERG. vol. 19, April 2006, 71-84 Ground Fault Currnt Distribution on Ovrhad Transmission Lins Maria Vintan and Adrian Buta Abstract: Whn a ground fault occurs on

More information

June 2012. Enprise Rent. Enprise 1.1.6. Author: Document Version: Product: Product Version: SAP Version: 8.81.100 8.8

June 2012. Enprise Rent. Enprise 1.1.6. Author: Document Version: Product: Product Version: SAP Version: 8.81.100 8.8 Jun 22 Enpris Rnt Author: Documnt Vrsion: Product: Product Vrsion: SAP Vrsion: Enpris Enpris Rnt 88 88 Enpris Rnt 22 Enpris Solutions All rights rsrvd No parts of this work may b rproducd in any form or

More information

Rural and Remote Broadband Access: Issues and Solutions in Australia

Rural and Remote Broadband Access: Issues and Solutions in Australia Rural and Rmot Broadband Accss: Issus and Solutions in Australia Dr Tony Warrn Group Managr Rgulatory Stratgy Tlstra Corp Pag 1 Tlstra in confidnc Ovrviw Australia s gographical siz and population dnsity

More information

Precise Memory Leak Detection for Java Software Using Container Profiling

Precise Memory Leak Detection for Java Software Using Container Profiling Distinguishd Papr Prcis Mmory Lak Dtction for Java Softwar Using Containr Profiling Guoqing Xu Atanas Rountv Dpartmnt of Computr Scinc and Enginring Ohio Stat Univrsity {xug,rountv}@cs.ohio-stat.du ABSTRACT

More information

Planning and Managing Copper Cable Maintenance through Cost- Benefit Modeling

Planning and Managing Copper Cable Maintenance through Cost- Benefit Modeling Planning and Managing Coppr Cabl Maintnanc through Cost- Bnfit Modling Jason W. Rup U S WEST Advancd Tchnologis Bouldr Ky Words: Maintnanc, Managmnt Stratgy, Rhabilitation, Cost-bnfit Analysis, Rliability

More information

Moving Securely Around Space: The Case of ESA

Moving Securely Around Space: The Case of ESA Moving Scurly Around Spac: Th Cas of ESA Prpard By: Andra Baldi, Jos Frnandz Balsiro, Marco Incollingo Tommaso Parrinllo, Cristiano Silvagni, Stfano Zatti Europan Spac Agncy Andra.Baldi@sa.int ESA Scnario

More information

Analyzing Failures of a Semi-Structured Supercomputer Log File Efficiently by Using PIG on Hadoop

Analyzing Failures of a Semi-Structured Supercomputer Log File Efficiently by Using PIG on Hadoop Intrnational Journal of Computr Scinc and Enginring Opn Accss Rsarch Papr Volum-2, Issu-1 E-ISSN: 2347-2693 Analyzing Failurs of a Smi-Structurd Suprcomputr Log Fil Efficintly by Using PIG on Hadoop Madhuri

More information

Gold versus stock investment: An econometric analysis

Gold versus stock investment: An econometric analysis Intrnational Journal of Dvlopmnt and Sustainability Onlin ISSN: 268-8662 www.isdsnt.com/ijds Volum Numbr, Jun 202, Pag -7 ISDS Articl ID: IJDS20300 Gold vrsus stock invstmnt: An conomtric analysis Martin

More information

Incomplete 2-Port Vector Network Analyzer Calibration Methods

Incomplete 2-Port Vector Network Analyzer Calibration Methods Incomplt -Port Vctor Ntwork nalyzr Calibration Mthods. Hnz, N. Tmpon, G. Monastrios, H. ilva 4 RF Mtrology Laboratory Instituto Nacional d Tcnología Industrial (INTI) Bunos irs, rgntina ahnz@inti.gov.ar

More information

Development of Financial Management Reporting in MPLS

Development of Financial Management Reporting in MPLS 1 Dvlopmnt of Financial Managmnt Rporting in MPLS 1. Aim Our currnt financial rports ar structurd to dlivr an ovrall financial pictur of th dpartmnt in it s ntirty, and thr is no attmpt to provid ithr

More information

Keywords Cloud Computing, Service level agreement, cloud provider, business level policies, performance objectives.

Keywords Cloud Computing, Service level agreement, cloud provider, business level policies, performance objectives. Volum 3, Issu 6, Jun 2013 ISSN: 2277 128X Intrnational Journal of Advancd Rsarch in Computr Scinc and Softwar Enginring Rsarch Papr Availabl onlin at: wwwijarcsscom Dynamic Ranking and Slction of Cloud

More information

Solutions to Homework 8 chem 344 Sp 2014

Solutions to Homework 8 chem 344 Sp 2014 1. Solutions to Homwork 8 chm 44 Sp 14 .. 4. All diffrnt orbitals mans thy could all b paralll spins 5. Sinc lctrons ar in diffrnt orbitals any combination is possibl paird or unpaird spins 6. Equivalnt

More information

Singleton Theorem Using Models

Singleton Theorem Using Models Singlton Thorm Using Modls Srivathsan B, Igor Walukiwicz LaBRI Paris, March 2010 Srivathsan B, Igor Walukiwicz (LaBRI) Singlton Thorm Using Modls Paris, March 2010 1 / 17 Introduction Singlton Thorm [Statman

More information

Collection for.

Collection for. is ar WVU Libr and s c i v r S s Collction for s y o l p Em 2 011 www.libraris.wvu.du n Francs O Bri ris VU Libra Dan of th W Myra N. Low VU n of th W Associat Da Libraris ry ampus Libra Downtown C, Dirctor

More information

Keynote Speech Collaborative Web Services and Peer-to-Peer Grids

Keynote Speech Collaborative Web Services and Peer-to-Peer Grids Kynot Spch Collaborativ s and Pr-to-Pr Grids Goffry ox 1,2,4, Hasan Bulut 2, Kangsok Kim 2, Sung-Hoon Ko 1, Sangmi L 5, Sangyoon h 2, Shridp Pallickara 1, Xiaohong Qiu 1,3, Ahmt yar 1,3, Minjun Wang 1,3,

More information

Principles of Humidity Dalton s law

Principles of Humidity Dalton s law Principls of Humidity Dalton s law Air is a mixtur of diffrnt gass. Th main gas componnts ar: Gas componnt volum [%] wight [%] Nitrogn N 2 78,03 75,47 Oxygn O 2 20,99 23,20 Argon Ar 0,93 1,28 Carbon dioxid

More information

Secure User Data in Cloud Computing Using Encryption Algorithms

Secure User Data in Cloud Computing Using Encryption Algorithms Scur Usr Data in Using Encrypt Algorithms Rachna Arora*, Anshu Parashar ** *(Rsarch Scholar, HCTM, Kaithal, Haryana) ** (Associat Profssor, HCTM, Kaithal, Haryana) ABSTRACT is transming inmat tchnology.

More information

Module 7: Discrete State Space Models Lecture Note 3

Module 7: Discrete State Space Models Lecture Note 3 Modul 7: Discrt Stat Spac Modls Lctur Not 3 1 Charactristic Equation, ignvalus and ign vctors For a discrt stat spac modl, th charactristic quation is dfind as zi A 0 Th roots of th charactristic quation

More information

On Measuring Process Model Similarity based on High-level Change Operations

On Measuring Process Model Similarity based on High-level Change Operations On Masuring Procss Modl Similarity basd on High-lvl hang Oprations hn Li 1 Manfrd Richrt 1 and ndras Wombachr 2 1 Information Systm group Univrsity of Twnt P.O.ox 217 7500 nschd Th Nthrlands {licm.u.richrt}@cs.utwnt.nl

More information

AP Calculus AB 2008 Scoring Guidelines

AP Calculus AB 2008 Scoring Guidelines AP Calculus AB 8 Scoring Guidlins Th Collg Board: Conncting Studnts to Collg Succss Th Collg Board is a not-for-profit mmbrship association whos mission is to connct studnts to collg succss and opportunity.

More information

Question 3: How do you find the relative extrema of a function?

Question 3: How do you find the relative extrema of a function? ustion 3: How do you find th rlativ trma of a function? Th stratgy for tracking th sign of th drivativ is usful for mor than dtrmining whr a function is incrasing or dcrasing. It is also usful for locating

More information

The international Internet site of the geoviticulture MCC system Le site Internet international du système CCM géoviticole

The international Internet site of the geoviticulture MCC system Le site Internet international du système CCM géoviticole Th intrnational Intrnt sit of th goviticultur MCC systm L sit Intrnt intrnational du systèm CCM géoviticol Flávio BELLO FIALHO 1 and Jorg TONIETTO 1 1 Rsarchr, Embrapa Uva Vinho, Caixa Postal 130, 95700-000

More information

14.3 Area Between Curves

14.3 Area Between Curves 14. Ara Btwn Curvs Qustion 1: How is th ara btwn two functions calculatd? Qustion : What ar consumrs and producrs surplus? Earlir in this chaptr, w usd dfinit intgrals to find th ara undr a function and

More information

Impact of Dual Core on Object Oriented Programming Languages through UML

Impact of Dual Core on Object Oriented Programming Languages through UML Int. J. Advancd Ntworking and Applications 5 Volum:, Issu:, Pags: 5- (9) Impact of Dual Cor on Objct Orintd Programming Languags through UML Dr. Vipin Saxna Associat Profssor, Dpartmnt of Computr Scinc

More information

Colombia: COLCIENCIAS Departamento Administrativo de Ciencia, Tecnología e Innovación

Colombia: COLCIENCIAS Departamento Administrativo de Ciencia, Tecnología e Innovación Colombia: COLCIENCIAS Dpamnto Administrativo d Cincia, Tcnología Innovación Initial Funding Committmnt 100.000 Who can apply? Thmatic Ara BIODIVERSITY / CLIMATE Rsarch, tchnological dvlopmnt and / or innovation

More information

Category 1: Purchased Goods and Services

Category 1: Purchased Goods and Services 1 Catgory 1: Purchasd Goods and Srvics Catgory dscription T his catgory includs all upstram (i.., cradl-to-gat) missions from th production of products purchasd or acquird by th rporting company in th

More information

Modern Portfolio Theory (MPT) Statistics

Modern Portfolio Theory (MPT) Statistics Modrn Portfolio Thory (MPT) Statistics Morningstar Mthodology Papr May 9, 009 009 Morningstar, Inc. All rights rsrvd. Th information in this documnt is th proprty of Morningstar, Inc. Rproduction or transcription

More information

Abstract. Introduction. Statistical Approach for Analyzing Cell Phone Handoff Behavior. Volume 3, Issue 1, 2009

Abstract. Introduction. Statistical Approach for Analyzing Cell Phone Handoff Behavior. Volume 3, Issue 1, 2009 Volum 3, Issu 1, 29 Statistical Approach for Analyzing Cll Phon Handoff Bhavior Shalini Saxna, Florida Atlantic Univrsity, Boca Raton, FL, shalinisaxna1@gmail.com Sad A. Rajput, Farquhar Collg of Arts

More information

The Normal Distribution: A derivation from basic principles

The Normal Distribution: A derivation from basic principles Th Normal Distribution: A drivation from basic principls Introduction Dan Tagu Th North Carolina School of Scinc and Mathmatics Studnts in lmntary calculus, statistics, and finit mathmatics classs oftn

More information

(Analytic Formula for the European Normal Black Scholes Formula)

(Analytic Formula for the European Normal Black Scholes Formula) (Analytic Formula for th Europan Normal Black Schols Formula) by Kazuhiro Iwasawa Dcmbr 2, 2001 In this short summary papr, a brif summary of Black Schols typ formula for Normal modl will b givn. Usually

More information

Whole Systems Approach to CO 2 Capture, Transport and Storage

Whole Systems Approach to CO 2 Capture, Transport and Storage Whol Systms Approach to CO 2 Captur, Transport and Storag N. Mac Dowll, A. Alhajaj, N. Elahi, Y. Zhao, N. Samsatli and N. Shah UKCCS Mting, July 14th 2011, Nottingham, UK Ovrviw 1 Introduction 2 3 4 Powr

More information

WORKLOAD STANDARD DEPARTMENT OF CIVIL ENGINEERING. for the. Workload Committee : P.N. Gaskin (Chair) J.W. Kamphuis K. Van Dalen. September 24, 1997

WORKLOAD STANDARD DEPARTMENT OF CIVIL ENGINEERING. for the. Workload Committee : P.N. Gaskin (Chair) J.W. Kamphuis K. Van Dalen. September 24, 1997 WORKLOAD STANDARD for th DEPARTMENT OF CIVIL ENGINEERING Sptmbr 24, 1997 Workload Committ : P.N. Gaskin (Chair) J.W. Kamphuis K. Van Daln 9 2 TABLE OF CONTENTS l. INTRODUCTION... 3 2. DEFINITION OF WORKLOAD

More information

Business rules FATCA V. 02/11/2015

Business rules FATCA V. 02/11/2015 Elmnt Attribut Siz InputTyp Rquirmnt BUSINESS RULES TYPE ERROR ACK Xpath I.Mssag Hadr FATCA_OECD Vrsion xsd: string = Validation WrongVrsion ftc:fatca_oecd/vrsion SndingCompanyIN Unlimit d xsd: string

More information

Universities as role models for sustainable development

Universities as role models for sustainable development EUA Annual confrnc "Th Sustainability of Europan Univrsitis", Warwick, 120322-23. Sssion - "Sustainabl Campuss" Univrsitis as rol modls for sustainabl dvlopmnt Pam Frdman Vic-Chancllor /miljo Structur

More information

Job Description. Programme Leader & Subject Matter Expert

Job Description. Programme Leader & Subject Matter Expert Job titl: Programm Ladr & Subjct Mattr xprt Arbitration Pathways, ducation and Training Dpartmnt Salary band: 47,500 to 56,500 (dpndnt upon xprinc) Hours: 35 hours a wk Trm: Full Tim, Prmannt Accountabl

More information

81-1-ISD Economic Considerations of Heat Transfer on Sheet Metal Duct

81-1-ISD Economic Considerations of Heat Transfer on Sheet Metal Duct Air Handling Systms Enginring & chnical Bulltin 81-1-ISD Economic Considrations of Hat ransfr on Sht Mtal Duct Othr bulltins hav dmonstratd th nd to add insulation to cooling/hating ducts in ordr to achiv

More information

Who uses our services? We have a growing customer base. with institutions all around the globe.

Who uses our services? We have a growing customer base. with institutions all around the globe. not taking xpr Srvic Guid 2013 / 2014 NTE i an affordabl option for audio to txt convrion. Our rvic includ not or dirct trancription rvic from prviouly rcordd audio fil. Our rvic appal pcially to tudnt

More information

Business Systems Analysis with Ontologies

Business Systems Analysis with Ontologies Businss Systms Analysis with Ontologis Ptr Grn Univrsity of Qunsland, Australia Michal Rosmann Qunsland Univrsity of Tchnology, Australia IDEA GROUP PUBLISHING Hrshy London Mlbourn Singapor Acquisitions

More information

Mathematics. Mathematics 3. hsn.uk.net. Higher HSN23000

Mathematics. Mathematics 3. hsn.uk.net. Higher HSN23000 hsn uknt Highr Mathmatics UNIT Mathmatics HSN000 This documnt was producd spcially for th HSNuknt wbsit, and w rquir that any copis or drivativ works attribut th work to Highr Still Nots For mor dtails

More information

Parallel and Distributed Programming. Performance Metrics

Parallel and Distributed Programming. Performance Metrics Paralll and Distributd Programming Prformanc! wo main goals to b achivd with th dsign of aralll alications ar:! Prformanc: th caacity to rduc th tim to solv th roblm whn th comuting rsourcs incras;! Scalability:

More information

Data Encryption and Decryption Using RSA Algorithm in a Network Environment

Data Encryption and Decryption Using RSA Algorithm in a Network Environment IJCSNS Intrnational Journal of Computr Scinc and Ntwork Scurity, VOL.13 No.7, July 2013 9 Data Encryption and Dcryption Using RSA Algorithm in a Ntwork Environmnt Nntaw Y. Goshw. Dpartmnt of Elctrical/Elctronics

More information

Dr David Dexter The Parkinson s UK Brain Bank

Dr David Dexter The Parkinson s UK Brain Bank Dr David Dxtr Th Parkinon UK Brain Bank In aociation with Vrion 1/2011 introducing th brain bank Contnt Uing my tiu 4 Collcting my tiu 6 Storing my tiu 8 Uing my pronal information 10 W r th UK largt brain

More information