Home About us Contact
|
Home About us Contact | ||
|
|
||
Security Mechanisms (security + mechanism)
Selected AbstractsSecurity in distributed metadata cataloguesCONCURRENCY AND COMPUTATION: PRACTICE & EXPERIENCE, Issue 17 2008Nuno Santos Abstract Catalogue services provide the discovery and location mechanisms that allow users and applications to locate data on Grids. Replication is a highly desirable feature in these services, since it provides the scalability and reliability required on large data Grids and is the basis for federating catalogues from different organizations. Grid catalogues are often used to store sensitive data and must have access control mechanisms to protect their data. Replication has to take this security policy into account, making sure that replicated information cannot be abused but allowing some flexibility such as selective replication for the sites depending on the level of trust in them. In this paper we discuss the security requirements and implications of several replication scenarios for Grid catalogues based on experiences gained within the EGEE project. Using the security infrastructure of the EGEE Grid as a basis, we then propose a security architecture for replicated Grid catalogues, which, among other features, supports partial and total replication of the security mechanisms on the master. The implementation of this architecture in the AMGA metadata catalogue of the EGEE project is then described including the application to a complex scenario in a biomedical application. Copyright © 2008 John Wiley & Sons, Ltd. [source] Refactoring service-based systems: how to avoid trusting a workflow serviceCONCURRENCY AND COMPUTATION: PRACTICE & EXPERIENCE, Issue 10 2006Howard Chivers Abstract Grid systems span multiple organizations, so their workflow processes have security requirements, such as restricting access to data or ensuring that process constraints are observed. These requirements are often managed by the workflow component, because of the close association between this sub-system and the processes it enacts. However, high-quality security mechanisms and complex functionality are difficult to combine, so designers and users of workflow systems are faced with a tradeoff between security and functionality, which is unlikely to provide confidence in the security implementation. This paper resolves that tension by showing that process security can be enforced outside the workflow component. Separating security and process functionality in this way improves the quality of security protection, because it is implemented by standard system mechanisms; it also allows the workflow component to be deployed as a standard service, rather than a privileged system component. To make this change of design philosophy accessible outside the security community it is documented as a collection of refactorings, which include problem templates that identify suspect design practice, and target patterns that provide solutions. Worked examples show that these patterns can be used in practice to implement practical applications, with both traditional workflow security concerns, and Grid requirements. Copyright © 2005 John Wiley & Sons, Ltd. [source] Security and delay issues in SIP systemsINTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, Issue 8 2009Christian Callegari Abstract The deployment of multimedia over IP (MoIP), and in particular voice over IP services, requires to solve new security issues they introduce, before completely exploiting the great opportunities they offer to telecommunication market. Furthermore, the implementation of various security measures can cause a marked deterioration in quality of service, which is fundamental to the operation of an MoIP network that meets users' quality expectations. In particular, because of the time-critical nature of MoIP and its low tolerance for disruption and packet loss, many security measures implemented in traditional data networks are simply not applicable in their current form. This paper presents an analysis of the security options of Session Initiation Protocol- (SIP)-based MoIP architecture aimed at evaluating their impact on delay. In particular, each security option is analyzed in terms of clock cycles needed to perform the related operations. This parameter could be used to estimate the delay introduced by the security mechanisms. Moreover the paper proposes a rigorous definition of five security profiles, which provide different levels of security to a MoIP system. Copyright © 2009 John Wiley & Sons, Ltd. [source] Fusion of digital television, broadband Internet and mobile communications,Part I: Enabling technologiesINTERNATIONAL JOURNAL OF SATELLITE COMMUNICATIONS AND NETWORKING, Issue 4 2007F. L. C. Ong Abstract The introduction of digital video broadcasting (DVB) satellite systems has become an important tool for future mobile communication and is currently a focus in several research areas such as the integration of DVB satellite systems with different wireless technologies. This tutorial consists of two parts, Enabling technologies and Future service scenarios, which aims to provide an introduction to the current state-of-the-art of DVB standards over satellite and its fusion with mobile and Internet technologies. This paper, Enabling technologies, focuses on providing an overview of the different technologies and issues that facilitates better understanding of the current and future operational scenarios, whereas the second paper, Future service scenarios will emphasize future research directions in this research area. In the first part, the paper will initially be focused on the introduction of different DVB satellite systems, i.e. DVB- via satellite (DVB-S), DVB return channel by satellite (DVB-RCS) and second-generation DVB system for broadband satellite services (DVB-S2). This is then followed by a description of the different Internet Protocol (IP) technologies used to support macro- and micro-mobility and the migration strategies from IP version 4 (IPv4) to IP version 6 (IPv6). Finally, the different security mechanisms for the DVB system and end-to-end satellite network are addressed. Copyright © 2007 John Wiley & Sons, Ltd. [source] | ||||||||||