Home About us Contact
|
Home About us Contact | ||
|
|
||
Security Requirements (security + requirement)
Selected AbstractsSecurity in distributed metadata cataloguesCONCURRENCY AND COMPUTATION: PRACTICE & EXPERIENCE, Issue 17 2008Nuno Santos Abstract Catalogue services provide the discovery and location mechanisms that allow users and applications to locate data on Grids. Replication is a highly desirable feature in these services, since it provides the scalability and reliability required on large data Grids and is the basis for federating catalogues from different organizations. Grid catalogues are often used to store sensitive data and must have access control mechanisms to protect their data. Replication has to take this security policy into account, making sure that replicated information cannot be abused but allowing some flexibility such as selective replication for the sites depending on the level of trust in them. In this paper we discuss the security requirements and implications of several replication scenarios for Grid catalogues based on experiences gained within the EGEE project. Using the security infrastructure of the EGEE Grid as a basis, we then propose a security architecture for replicated Grid catalogues, which, among other features, supports partial and total replication of the security mechanisms on the master. The implementation of this architecture in the AMGA metadata catalogue of the EGEE project is then described including the application to a complex scenario in a biomedical application. Copyright © 2008 John Wiley & Sons, Ltd. [source] Refactoring service-based systems: how to avoid trusting a workflow serviceCONCURRENCY AND COMPUTATION: PRACTICE & EXPERIENCE, Issue 10 2006Howard Chivers Abstract Grid systems span multiple organizations, so their workflow processes have security requirements, such as restricting access to data or ensuring that process constraints are observed. These requirements are often managed by the workflow component, because of the close association between this sub-system and the processes it enacts. However, high-quality security mechanisms and complex functionality are difficult to combine, so designers and users of workflow systems are faced with a tradeoff between security and functionality, which is unlikely to provide confidence in the security implementation. This paper resolves that tension by showing that process security can be enforced outside the workflow component. Separating security and process functionality in this way improves the quality of security protection, because it is implemented by standard system mechanisms; it also allows the workflow component to be deployed as a standard service, rather than a privileged system component. To make this change of design philosophy accessible outside the security community it is documented as a collection of refactorings, which include problem templates that identify suspect design practice, and target patterns that provide solutions. Worked examples show that these patterns can be used in practice to implement practical applications, with both traditional workflow security concerns, and Grid requirements. Copyright © 2005 John Wiley & Sons, Ltd. [source] Finger vein recognition using minutia-based alignment and local binary pattern-based feature extractionINTERNATIONAL JOURNAL OF IMAGING SYSTEMS AND TECHNOLOGY, Issue 3 2009Eui Chul Lee Abstract With recent increases in security requirements, biometrics such as fingerprints, faces, and irises have been widely used in many recognition applications including door access control, personal authentication for computers, Internet banking, automatic teller machines, and border-crossing controls. Finger vein recognition uses the unique patterns of finger veins to identify individuals at a high level of accuracy. This article proposes a new finger vein recognition method using minutia-based alignment and local binary pattern (LBP)-based feature extraction. Our study makes three novelties compared to previous works. First, we use minutia points such as bifurcation and ending points of the finger vein region for image alignment. Second, instead of using the whole finger vein region, we use several extracted minutia points and a simple affine transform for alignment, which can be performed at fast computational speed. Third, after aligning the finger vein image based on minutia points, we extract a unique finger vein code using a LBP, which reduces false rejection error and thus the equal error rate (EER) significantly. Our resulting EER was 0.081% with a total processing time of 118.6 ms. © 2009 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 19, 179,186, 2009 [source] A heterogeneous-network aided public-key management scheme for mobile ad hoc networksINTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, Issue 1 2007Yuh-Min Tseng A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre-shared a secret, or pre-obtained public-key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre-obtained certificates will be unable to join the network. In this paper, a heterogeneous-network aided public-key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide-covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre-obtained certificate to instantly get a certificate using the communication channel constructed by these wide-covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd. [source] | ||||||||||