Home About us Contact | |||
Access Control (access + control)
Kinds of Access Control Selected AbstractsNeural bandwidth allocation function (NBAF) control scheme at WiMAX MAC layer interfaceINTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, Issue 9 2007Mario Marchese Abstract The paper proposes a bandwidth allocation scheme to be applied at the interface between upper layers (IP, in this paper) and Medium Access Control (MAC) layer over IEEE 802.16 protocol stack. The aim is to optimally tune the resource allocation to match objective QoS (Quality of Service) requirements. Traffic flows characterized by different performance requirements at the IP layer are conveyed to the IEEE 802.16 MAC layer. This process leads to the need for providing the necessary bandwidth at the MAC layer so that the traffic flow can receive the requested QoS. The proposed control algorithm is based on real measures processed by a neural network and it is studied within the framework of optimal bandwidth allocation and Call Admission Control in the presence of statistically heterogeneous flows. Specific implementation details are provided to match the application of the control algorithm by using the existing features of 802.16 request,grant protocol acting at MAC layer. The performance evaluation reported in the paper shows the quick reaction of the bandwidth allocation scheme to traffic variations and the advantage provided in the number of accepted calls. Copyright © 2006 John Wiley & Sons, Ltd. [source] Stability analysis of an adaptive packet access scheme for mobile communication systems with high propagation delaysINTERNATIONAL JOURNAL OF SATELLITE COMMUNICATIONS AND NETWORKING, Issue 2 2003Giovanni Giambene Abstract In this paper, we investigate a packet access scheme that is able to support mixed traffics in the presence of high propagation delays. Referring to a Time-Code Division Multiple Access air interface, we propose a Medium Access Control (MAC) protocol based on a random access scheme. A successful attempt grants the use of a slot-code resource. This protocol is named Adaptive Time Code-Packet Reservation Multiple Access (ATC-PRMA), since the access parameters are changed, depending on the traffic load conditions, so as to fulfil Quality of Service requirements. Numerical examples are carried out for the Low Earth Orbit (LEO)- Mobile Satellite System (MSS) scenario, but all these considerations could be applied to High-Altitude Platform Stations (HAPSs) as well. In both cases, high propagation delays prevent an immediate feedback to users. An analytical approach is proposed to study the stability of our MAC scheme. Accordingly, we define a criterion for optimizing system performance. The predicted ATC-PRMA behaviour is supported by simulation results. Finally, we show the performance improvement of ATC-PRMA with respect to a MAC protocol not employing adaptive parameters. Copyright © 2003 John Wiley & Sons, Ltd. [source] Analytical modelling of users' behaviour and performance metrics in key distribution schemesEUROPEAN TRANSACTIONS ON TELECOMMUNICATIONS, Issue 1 2010Massimo Tornatore Access control for group communications must ensure that only legitimate users can access the authorised data streams. This could be done by distributing an encrypting key to each member of the group to be secured. To achieve a high level of security, the group key should be changed every time a user joins or leaves the group, so that a former group member has no access to current communications and a new member has no access to previous communications. Since group memberships could be very dynamic, the group key should be changed frequently. So far, different schemes for efficient key distribution have been proposed to limit the key-distribution overhead. In previous works, the performance comparison among these different schemes have been based on simulative experiments, where users join and leave secure groups according to a basic statistical model of users' behaviour. In this paper, we propose a new statistical model to account for the behaviour of users and compare it to the modelling approach so far adopted in the literature. Our new model is able to to lead the system to a steady state (allowing a superior statistical confidence of the results), as opposed to current models in which the system is permanently in a transient and diverging state. We also provide analytical formulations of the main performance metrics usually adopted to evaluate key distribution systems, such as rekey overheads and storage overheads. Then, we validate our simulative outcomes with results obtained by analytical formulations. Copyright © 2009 John Wiley & Sons, Ltd. [source] Cross-domain authorization for federated virtual organizations using the myVocs collaboration environmentCONCURRENCY AND COMPUTATION: PRACTICE & EXPERIENCE, Issue 4 2009Jill Gemmill Abstract This paper describes our experiences building and working with the reference implementation of myVocs (my Virtual Organization Collaboration System). myVocs provides a flexible environment for exploring new approaches to security, application development, and access control built from Internet services without a central identity repository. The myVocs framework enables virtual organization (VO) self-management across unrelated security domains for multiple, unrelated VOs. By leveraging the emerging distributed identity management infrastructure. myVocs provides an accessible, secure collaborative environment using standards for federated identity management and open-source software developed through the National Science Foundation Middleware Initiative. The Shibboleth software, an early implementation of the Organization for the Advancement of Structured Information Standards Security Assertion Markup Language standard for browser single sign-on, provides the middleware needed to assert identity and attributes across domains so that access control decisions can be determined at each resource based on local policy. The eduPerson object class for lightweight directory access protocol (LDAP) provides standardized naming, format, and semantics for a global identifier. We have found that a Shibboleth deployment supporting VOs requires the addition of a new VO service component allowing VOs to manage their own membership and control access to their distributed resources. The myVocs system can be integrated with Grid authentication and authorization using GridShib. Copyright © 2008 John Wiley & Sons, Ltd. [source] Performance evaluation of GPON vs EPON for multi-service accessINTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, Issue 2 2009T. Orphanoudakis Abstract Recently both ITU and IEEE have standardized solutions for passive optical networks (PONs) operating at gigabit per second line rates and optimized for the transport of packet-based traffic to improve the efficiency of previously standardized broadband PONs, which used the ATM cell as the data transport unit. The efficiency and performance of PON systems depend on the transmission convergence layer and mainly on the implemented medium access protocol. Although the latter is not part of the standards and left to the implementer, the standards describe a set of control fields that constitute the tool-set for the media access control (MAC) operation. Though starting from a common and quite obvious basis, the two standards present significant differences with the legacy of Ethernet marking the IEEE approach, while the emphasis of ITU is on demanding services. In this paper we compare the efficiency and performance of the two systems assuming the implementation of as close as possible MAC protocols. The target is twofold: assess and compare the traffic handling potential of each of the two standards and identify the range of applications they can support. Useful insight can also be gained to the MAC tools that could be designed into the next generation extra large WDM PONs. Copyright © 2008 John Wiley & Sons, Ltd. [source] Performance analysis of IEEE 802.11 DCF with stochastic reward nets,INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, Issue 3 2007R. Jayaparvathy Abstract In this paper, we present a performance study to evaluate the mean delay and the average system throughput of IEEE 802.11-based wireless local area networks (WLANs). We consider the distributed co-ordination function (DCF) mode of medium access control (MAC). Stochastic reward nets (SRNs) are used as a modelling formalism as it readily captures the synchronization between events in the DCF mode of access. We present a SRN-based analytical model to evaluate the mean delay and the average system throughput of the IEEE 802.11 DCF by considering an on,off traffic model and taking into account the freezing of the back-off counter due to channel capture by other stations. We also compute the mean delay suffered by a packet in the system using the SRN formulation and by modelling each station as an M/G/1 queue. We validate our analytical model by comparison with simulations. Copyright © 2006 John Wiley & Sons, Ltd. [source] Finger vein recognition using minutia-based alignment and local binary pattern-based feature extractionINTERNATIONAL JOURNAL OF IMAGING SYSTEMS AND TECHNOLOGY, Issue 3 2009Eui Chul Lee Abstract With recent increases in security requirements, biometrics such as fingerprints, faces, and irises have been widely used in many recognition applications including door access control, personal authentication for computers, Internet banking, automatic teller machines, and border-crossing controls. Finger vein recognition uses the unique patterns of finger veins to identify individuals at a high level of accuracy. This article proposes a new finger vein recognition method using minutia-based alignment and local binary pattern (LBP)-based feature extraction. Our study makes three novelties compared to previous works. First, we use minutia points such as bifurcation and ending points of the finger vein region for image alignment. Second, instead of using the whole finger vein region, we use several extracted minutia points and a simple affine transform for alignment, which can be performed at fast computational speed. Third, after aligning the finger vein image based on minutia points, we extract a unique finger vein code using a LBP, which reduces false rejection error and thus the equal error rate (EER) significantly. Our resulting EER was 0.081% with a total processing time of 118.6 ms. © 2009 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 19, 179,186, 2009 [source] A stratified first order logic approach for access controlINTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS, Issue 9 2004Salem Benferhat Modeling information security policies is an important problem in many domains. This is particularly true in the health care sector, where information systems often manage sensitive and critical data. This article proposes to use nonmonotonic reasoning systems to control access to sensitive data in accordance with a security policy. In the first part of the article, we propose an access control model that overcomes several limitations of existing systems. In particular, it allows us to deal with contexts and to represent the two main kinds of privileges: permissions and prohibitions. This model will then be formally encoded using stratified (or prioritized) first-order knowledge bases. In the second part of the article, we discuss the problem of conflicts due to the joint handling of permissions and prohibitions. We show that approaches proposed for solving conflicts in propositional knowledge bases are not appropriate for handling inconsistent first-order knowledge bases. © 2004 Wiley Periodicals, Inc. Int J Int Syst 19: 817,836, 2004. [source] Scheduling and power control for MAC layer design in multihop IR-UWB networksINTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, Issue 1 2010Reena Pilakkat Recently, a number of researchers have proposed media access control (MAC) designs for ultra-wideband (UWB) networks. Among them, designs based on scheduling and power control seem to be of great promise, particularly for quality-of-service (QoS) traffic. We investigate the efficiencies of many different choices for scheduling and power allocation for QoS traffic in a multihop impulse radio (IR)-UWB network, with the objective of achieving both high spectral efficiency and low transmission power. Specifically, we compare different scheduling schemes employing a protocol interference-based contention graph as well as a physical interference-based contention graph. We propose a relative distance to determine adjacency in the protocol interference-based contention graph. Using our improved protocol interference model with graph-based scheduling, we obtained better performance than the physical interference-based approach employing link-by-link scheduling. Copyright © 2009 John Wiley & Sons, Ltd. [source] Design of multichannel MAC protocols for wireless ad hoc networksINTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, Issue 5 2009Shou-Chih Lo Medium access control (MAC) protocols coordinate channel access between wireless stations, and they significantly affect the network throughput of wireless ad hoc networks. MAC protocols that are based on a multichannel model can increase the throughput by enabling more simultaneous transmission pairs in the network. In this paper, we comprehensively compare different design methods for multichannel MAC protocols. We classify existing protocols into different categories according to the channel negotiation strategies they employ. The common problems that may be encountered in multichannel design are discussed. We then propose a hybrid protocol that combines the advantages of the two methods of a common control channel and a common control period. The simulation results show that our proposed protocol can significantly outperform two representative protocols. Copyright © 2008 John Wiley & Sons, Ltd. [source] A proactive management algorithm for self-healing mobile ad hoc networksINTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, Issue 3 2008Adel F. Iskander The ability to proactively manage mobile ad hoc networks (MANETs) is critical for supporting complex services such as quality of service, security and access control in these networks. This paper focuses on the problem of managing highly dynamic and resource-constrained MANET environments through the proposal of a novel proactive management algorithm (PMA) for self-healing MANETs. PMA is based on an effective integration of autonomous, predictive and adaptive distributed management strategies. Proactive management is achieved through the distributed analysis of the current performance of the mobile nodes utilizing an optimistic discrete event simulation method, which is used to predict the mobile nodes' future status, and execution a proactive fault-tolerant management scheme. PMA takes advantage of distributed parallel processing, flexibility and intelligence of active packets to minimize the management overhead, while adapting to the highly dynamic and resource-constrained nature of MANETs. The performance of the proposed architecture is validated through analytical performance analysis and comparative simulation with the Active Virtual Network Management Protocol. The simulation results demonstrate that PMA not only significantly reduces management control overhead, but also improves both the performance and the stability of MANETs. Copyright © 2007 John Wiley & Sons, Ltd. [source] A dynamic key management solution to access hierarchyINTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, Issue 6 2007Xukai Zou Hierarchical access control (HAC) has been a fundamental problem in computer and network systems. Since Akl and Taylor proposed the first HAC scheme based on number theory in 1983, cryptographic key management techniques for HAC have appeared as a new and promising class of solutions to the HAC problem. Many cryptographic HAC schemes have been proposed in the past two decades. One common feature associated with these schemes is that they basically limited dynamic operations at the node level. In this paper, by introducing the innovative concept of ,access polynomial' and representing a key value as the sum of two polynomials in a finite field, we propose a new key management scheme for dynamic access hierarchy. The newly proposed scheme supports full dynamics at both the node level and user level in a uniform yet efficient manner. Furthermore, the new scheme allows access hierarchy to be a random structure and can be flexibly adapted to many other access models such as ,transfer down' and ,depth-limited transfer'. Copyright © 2007 John Wiley & Sons, Ltd. [source] Efficient integration of isochronous and data bursty traffics in low earth orbit-mobile satellite systems,INTERNATIONAL JOURNAL OF SATELLITE COMMUNICATIONS AND NETWORKING, Issue 3 2002Alessandro Andreadis Abstract This paper focuses on the radio resource management in low earth orbit-mobile satellite systems (LEO-MSSs) based on a time division multiple access (TDMA) air interface. A novel demand,assignment medium access control (MAC) protocol, named DRAMA+ (dynamic resource assignment multiple access,enhanced version), is proposed, where voice and Web traffic sources obtain transmission slots through requests sent by means of a random access phase. The round-trip propagation delay (RTD) of LEO-MSSs prevents an immediate feedback for each transmission attempt. Therefore, the main concern of the DRAMA+ scheme is to realize an efficient access phase. All the transmission requests successfully received at the satellite are managed by an on board scheduler. We have shown that DRAMA+ outperforms other techniques appeared in the literature in terms of voice quality, transmission delays for bursty data traffics and resource utilization. Moreover, a performance analysis of an ideal version of the DRAMA+ scheme has permitted us to prove the potentialities of the proposed DRAMA+ technique. Stability issues have been addressed as well as the impact on the DRAMA+ performance of the LEO satellite constellation RTD value. Copyright © 2002 John Wiley & Sons, Ltd. [source] Auditing SAP R/3 , Control Risk AssessmentAUSTRALIAN ACCOUNTING REVIEW, Issue 22 2000PETER BEST This paper provides an introduction to auditing in an SAP R/3 environment, focusing primarily on the assessment of control risk. A number of distinguishing characteristics of the SAP R/3 system that affect the audit are described. The application of a standard internal control framework to the assessment of application controls is illustrated. Two significant pervasive general control areas are examined - system development and program maintenance, and user access control. Relevant controls in these areas are discussed and methods for auditing these controls are outlined. Several opporhcnities for research in the auditing of SAP R/3 are proposed. [source] Middleboxes: Controllable media firewallsBELL LABS TECHNICAL JOURNAL, Issue 1 2002Paul Sijben Internet technology is promised for the broadband multi-service future. However, it is unclear how this technology can bring service providers the needed revenue, since today this technology cannot provide basic quality guarantees for the services rendered. Generally, over-provisioning of the bandwidth is used to get the services to an acceptable level, but this is costly and cannot work in areas where high aggregation rates are necessary (such as the local loop). Today IP (router) technology lacks mechanisms for high-granularity access control, per-user accounting, and quality of service (QoS) policing. We believe that, for a service provider to deploy billable services, these issues need to be resolved. Only if access to the service is controlled and only when the network provides information about the usage of the network elements can next-generation services in the telecommunication industry, like voice over IP (VoIP) and multimedia conferencing, be rolled out profitably. In this paper, we present a technology that can address these needs. We employ controllable firewalls that have the ability to prevent unwanted IP traffic from entering a network. Creating pinholes that allow individual calls (voice or real-time multimedia streams) in controllable firewalls can be done very fast and efficiently. Traditional firewalls have no such provisioning. Multiple application servers should be able to request pinholes to one or more controllable firewalls. This approach, while familiar from the public switched telephone network (PSTN), is a new paradigm for IP networks. © 2002 Lucent Technologies Inc. [source] |