ORIGINAL_ARTICLE
Stream ciphers and the eSTREAM project
Stream ciphers are an important class of symmetric cryptographic algorithms. The eSTREAM project contributed significantly to the recent increase of activity in this field. In this paper, we present a survey of the eSTREAM project. We also review recent time/memory/data and time/memory/key trade-offs relevant for the generic attacks on stream ciphers.
https://www.isecure-journal.com/article_39173_a7fab575ea1ea7b6dffe12d5a226ced8.pdf
2010-01-01
3
11
10.22042/isecure.2015.2.1.2
Cryptology
Stream Ciphers
Time-Memory Trade-offs
eSTREAM
V.
Rijmen
vincent.rijmen@esat.kuleuven.be
1
LEAD_AUTHOR
[1] Steve Babbage, A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers, European Convention on Security and Detection, Volume 408, 1995.
1
[2] Dan J. Bernstein, Understanding Brute Force, Workshop on Symmetric Key Encryption (SKEW 2005), Århus, May 27th, 2005. http://cr.yp.to/talks/2005.05.27/slides.pdf
2
[3] Alex Biryukov, Sourav Mukhopadhyay, Palash Sarkar, Improved Time-Memory Trade-offs with Multiple Data, Selected Areas in Cryptography (SAC 2005), LNCS 3897, pages 110-127, Springer-Verlag, 2006.
3
[4] Alex Biryukov, Adi Shamir, Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers, ASIACRYPT 2000, LNCS 1976, pages 1-13, Springer-Verlag, 2000.
4
[5] Nicolas Courtois, Fast Algebraic Attacks on Stream Ciphers with Linear Feedback, CRYPTO 2003, LNCS 2729, pages 176-194, Springer- Verlag, 2003.
5
[6] Joan Daemen, René Govaerts, Joos Vandewalle, Resynchronization Weaknesses in Synchronous Stream Ciphers, EUROCRYPT 1993, LNCS 765, pages 159-167, Springer-Verlag, 1994.
6
[7] Jovan Dj. Golić, Correlation via Linear Sequential Circuit Approximation of Combiners with Memory, EUROCRYPT 1992, LNCS 658, pages 113-123, Springer-Verlag, 1993.
7
[8] Jovan Dj. Golić, Linear Cryptanalysis of Stream Ciphers, Fast Software Encryption (FSE 1994), LNCS 1008, pages 154-169, Springer-Verlag,
8
[9] Jovan Dj. Golić, Cryptanalysis of Alleged A5 Stream Cipher, EUROCRYPT 1997, LNCS 1233, pages 239-255, Springer-Verlag, 1997.
9
[10] Martin Hellman, A Cryptanalytic Time-Memory Trade-off, IEEE Transactions on Information Theory, Volume 26, pages 401-406, 1980.
10
[11] Jin Hong, Palash Sarkar, New Applications of Time Memory Data Trade-offs, ASIACRYPT 2005, LNCS 3788, pages 353-372, Springer-Verlag, 2005.
11
[12] Willi Meier, Othmar Staffelbach, Fast Correlation Attacks on Certain Stream Ciphers, J. Cryptology Vol. 1, No. 3, pages 159-176, 1989.
12
[13] Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
13
[14] Matthew Robshaw, Olivier Billet, New Stream Cipher Designs, LNCS 4986, 2008.
14
[15] Steve Babbage, Christophe de Canniére, Anne Canteaut, Carlos Cid, Henri Gilbert, Thomas Johansson, Christof Paar, Matthew Parker, Bart Preneel, Vincent Rijmen, Matt Robshaw, Hongjun Wu, eSTREAM, Short Report on the End of the Second Phase, http://www.ecrypt.eu.org/stream/PhaseIIreport.pdf
15
[16] Steve Babbage, Christophe De Cannière, Anne Canteaut, Carlos Cid, Henri Gilbert, Thomas Johansson, Matthew Parker, Bart Preneel, Vincent Rijmen, Matthew Robshaw, The eSTREAM Portfolio, http://www.ecrypt.eu.org/stream/portfolio.pdf
16
[17] Tim Good, Escargot, http://www.shef.ac.uk/eee/escargot/
17
ORIGINAL_ARTICLE
A particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs
To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also, a single countermeasure may prevent multiple exploits. We present a binary particle swarm optimization algorithm with a time-varying velocity clamping, called SwarmCAG-TVVC, for minimization analysis of cost-sensitive attack graphs. The aim is to find a critical set of countermeasures with minimum weight whose implementation causes the initial nodes and the goal nodes of the graph to be completely disconnected. This problem is in fact a constrained optimization problem. A repair method is used to convert the constrained optimization problem into an unconstrained one. A local search heuristic is used to improve the overall performance of the algorithm. We compare the performance of SwarmCAG-TVVC with a greedy algorithm GreedyCAG and a genetic algorithm GenNAG for minimization analysis of several large-scale cost-sensitive attack graphs. On average, the weight of a critical set of countermeasures found by SwarmCAG-TVVC is 6.15 percent less than the weight of a critical set of countermeasures found by GreedyCAG. Also, SwarmCAG-TVVC performs better than GenNAG in terms of convergence speed and accuracy. The results of the experiments show that SwarmCAG-TVVC can be successfully used for minimization analysis of large-scale cost-sensitive attack graphs.
https://www.isecure-journal.com/article_39174_46dabfb15e3074fa1a9201bf15ccbbd6.pdf
2010-01-26
13
32
10.22042/isecure.2015.2.1.3
Particle Swarm Optimization
Attack Scenario
Countermeasure
Cost-Sensitive Attack Graph
Minimization Analysis
M.
Abadi
abadi@modares.ac.ir
1
LEAD_AUTHOR
S.
Jalili
sjalili@modares.ac.ir
2
AUTHOR
[1] S. Jajodia, S. Noel, and B. O'Berry. Topological Analysis of Network Attack Vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches, and Challenges, pages 247-266. Springer, New York, NY, USA, 2005.
1
[2] M. Abadi and S. Jalili. Minimization Analysis of Network Attack Graphs Using Genetic Algorithms. International Journal of Computers and Their Applications (IJCA), 15(4):263-273, 2008.
2
[3] J. Kennedy and R. C. Eberhart. Particle Swarm Optimization. In Proceedings of the IEEE International Joint Conference on Neural Networks, pages 1942- 1948, Perth, Australia, 1995.
3
[4] C. Phillips and L. P. Swiler. A Graph-based System for Network-Vulnerability Analysis. In Proceedings of the New Security Paradigms Workshop, pages 71-79, Charlottesville, VA, USA, 1998.
4
[5] J. M. Wing. Attack Graph Generation and Analysis. In Proceedings of the ACM Symposium on Information, Computer and Communications Security, page 14, Taipei, Taiwan, 2006.
5
[6] O. Sheyner, J. W. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated Generation and Analysis of Attack Graphs. In Proceedings of the IEEE Symposium on Security and Privacy, pages 273-284, Berkeley, CA, USA, 2002.
6
[7] NuSMV. NuSMV: A New Symbolic Model Checker. http://afrodite.itc.it:1024/~nusmv.
7
[8] P. Ammann, D. Wijesekera, Kaushik, and S. Scalable, Graph-based Network Vulnerability Analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 217-224, Washington, DC, USA, 2002.
8
[9] S. Noel, M. Jacobs, P. Kalapa, and S. Jajodia. Multiple Coordinated Views for Network Attack Graphs. In Proceedings of the IEEE Workshop on Visualization for Computer Security (VizSEC 2005), pages 99-106, Minneapolis, MN, USA, 2005.
9
[10] V. Mehta, C. Bartzis, H. Zhu, E. M. Clarke, and J. M. Wing. Ranking Attack Graphs. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), pages 127-144, Hamburg, Germany, 2006.
10
[11] S. Noel, S. Jajodia, B. O'Berry, and M. Jacobs. Efficient Minimum-Cost Network Hardening via Exploit Dependency Graphs. In Proceedings of the 19th Annual Computer Security Applications Conference, pages 86-95, Las Vegas, NV, USA, 2003.
11
[12] L. Wang, S. Noel, and S. Jajodia. Minimum-Cost Network Hardening Uusing Attack Graphs. Computer Communications, 29(18):3812-3824, 2006.
12
[13] X. Ou, W. F. Boyer, and M. A. McQueen. A Scalable Approach to Attack Graph Generation. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pages 336-345, Alexandria, VA, USA, 2006.
13
[14] X. Ou, S. Govindavajhala, and A. W. Appel. MulVAL: A Logic-based Network Security Analyzer. In Proceedings of the 14th Conference on USENIX Security Symposium, page 8, Baltimore, MD, USA, 2005.
14
[15] S. Jha, O. Sheyner, and J. Wing. Minimization and Reliability Analysis of Attack Graphs. Technical report, CMU-CS-02-109, School of Computer Science, Carnegie Mellon University, 2002.
15
[16] S. Jha, O. Sheyner, and J. M. Wing. Two Formal Analyses of Attack Graphs. In Proceedings of the 15th IEEE Computer Security Foundations Workshop, pages 49-63, Cape Breton, Nova Scotia, Canada, 2002.
16
[17] M. Abadi and S. Jalili. Using Binary Particle Swarm Optimization for Minimization Analysis of Large-Scale Network Attack Graphs. Journal of Scientia Iranica, 15(6):605-619, 2008.
17
[18] J. Kennedy, R. C. Eberhart, and Y. Shi. Swarm Intelligence. Morgan Kaufmann, San Mateo, CA, USA, 2001.
18
[19] R. C. Eberhart, P. Simpson, and R. Dobbins. Computational Intelligence PC Tools. Academic Press Professional, San Diego, CA, USA, 1996.
19
[20] Y. Shi. Particle Swarm Optimization. IEEE Connections, 2(1):8-13, 2004.
20
[21] J. Kennedy and R. C. Eberhart. A Discrete Binary Version of the Particle Swarm Algorithm. In Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, pages 4104-4109, Orlando, FL, USA, 1997.
21
[22] A. P. Engelbrecht. Fundamentals of Computational Swarm Intelligence. John Wiley & Sons, Hoboken, NJ, USA, 2005.
22
[23] R. Deraison. Nessus Scanner. http://www.nessus.org.
23
[24] Y. Shi and R. C. Eberhart. Empirical Study of Particle Swarm Optimization. In Proceedings of the IEEE Congress on Evolutionary Computation, pages 1945-1950, Washington, DC, USA, 1999.
24
[25] T. Hendtlass and M. Randall. A Survey of Ant Colony and Particle Swarm Meta-Heuristics and Their Application to Discrete Optimization Problems. In Proceedings of the Inaugural Workshop on Artificial Life, pages 15-25, Adelaide, Australia, 2001.
25
[26] D. Braendler and T. Hendtlass. The Suitability of Particle Swarm Optimisation for Training Neural Hardware. In Proceedings of the 15th International Conference on Industrial and Engineering, Applications of Artificial Intelligence and Expert Systems, pages 190-199, Cairns, Australia, 2002.
26
[27] A. E. Eiben and J. E. Smith. Introduction to Evolutionary Computing. Springer-Verlag, Berlin, Germany, 2003.
27
[28] N. Krasnogor, A. Aragon, and J. Pacheco. Memetic Algorithms. In E. Alba and R. Mart, editors, Metaheuristic Procedures for Training Neural Networks, pages 225-248. Springer-Verlag, Berlin, Germany, 2006.
28
[29] NVD: National Vulnerability Database. http://nvd.nist.gov/.
29
[30] P. Ammann, J. Pamula, R. Ritchey, and J. Street. A Host-Based Approach to Network Attack Chaining Analysis. In Proceedings of the Annual Computer Security Applications Conference (AC-SAC05), pages 72-84, Tucson, AZ, USA, 2005.
30
ORIGINAL_ARTICLE
A hybridization of evolutionary fuzzy systems and ant Colony optimization for intrusion detection
A hybrid approach for intrusion detection in computer networks is presented in this paper. The proposed approach combines an evolutionary-based fuzzy system with an Ant Colony Optimization procedure to generate high-quality fuzzy-classification rules. We applied our hybrid learning approach to network security and validated it using the DARPA KDD-Cup99 benchmark data set. The results indicate that in comparison to several traditional and new techniques, the proposed hybrid approach achieves better classification accuracies. The compared classification approaches are C4.5, Naïve Bayes, k-NN, SVM, Ripper, PNrule and MOGF-IDS. Moreover the improvement on classification accuracy has been obtained for most of the classes of the intrusion detection classification problem. In addition, the results indicate that the proposed hybrid system's total classification accuracy is 94.33% and its classification cost is 0.1675. Therefore, the resultant fuzzy classification rules can be used to produce a reliable intrusion detection system.
https://www.isecure-journal.com/article_39175_e65e56a85646d08dd2edf41ed5842d16.pdf
2010-01-26
33
46
10.22042/isecure.2015.2.1.4
Intrusion Detection System
Evolutionary Fuzzy System
ant colony optimization
Fuzzy Rule Extraction
M.
Saniee Abadeh
saniee@modares.ac.ir
1
LEAD_AUTHOR
J.
Habibi
jhabibi@sharif.edu
2
AUTHOR
[1] Giorgio Giacinto, Fabio Roli, and Luca Didaci. Fusion of Multiple Classifiers for Intrusion Detection in Computer Networks. Pattern Recognition Letters, 24(12):1795-1803, 2003. ISSN 0167-8655.
1
[2] Nong Ye, Qiang Chen, and C. M. Borror. EWMA Forecast of Normal System Activity for Computer Intrusion Detection. IEEE Transactions on Reliability, 53(4):557-566, 2004.
2
[3] Stefan Axelsson. Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, Sweden, March 2000.
3
[4] Norbik Bashah Idris and Bharanidlran Shanmugam. Artificial Intelligence Techniques Applied to Intrusion Detection. Annual IEEE IN-DICON, pages 52-55, 2005.
4
[5] Sung-Bae Cho. Incorporating Soft Computing Techniques into a Probabilistic Intrusion Detection System. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 32(2):154-160, 2002.
5
[6] Jun-feng Tian, Yue Fu, Ying Xu, and Jian-ling Wang. Intrusion Detection Combining Multiple Decision Trees by Fuzzy logic. In Proceedings of the 6th International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT '05), pages 256-258, Washington, DC, USA, 2005. IEEE Computer Society.
6
[7] Sanghyun Cho and Sungdeok Cha. SAD: Web Session Anomaly Detection Based on Parameter Estimation. Computers & Security, 23(4):312-319, 2004.
7
[8] Hai-Hua Gao, Hui-Hua Yang, and Xing-YuWang. Ant Colony Optimization Based Network Intrusion Feature Selection and Detection. In Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Guangzhou, China, 2005.
8
[9] Tansel özyer, Reda Alhajj, and Ken Barker. Intrusion Detection by Integrating Boosting Genetic Fuzzy Classifier and Data Mining Criteria for Rule Pre-Screening. Journal of Network and Computer Applications, 30(1):99-113, 2007.
9
[10] Mohmmad Saniee Abadeh, Jafar Habibi, and Caro Lucas. Intrusion Detection Using a Fuzzy Genetics-Based Learning Algorithm. Journal of Network and Computer Applications, 30(1):414-428, 2007.
10
[11] Stefan Axelsson. The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security (TISSEC), 3(3):186-205, 2000.
11
[12] Suseela T. Sarasamma, Qiuming A. Zhu, and Julie Huff. Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, 35(2):302-312, 2005.
12
[13] Yong Feng, Zhong-Fu Wu, Kai-Gui Wu, Zhong-Yang Xiong, and Ying Zhou. An Unsupervised Anomaly Intrusion Detection Algorithm Based on Swarm Intelligence. In Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Guangzhou, China, 2005.
13
[14] Ahmed Awad E. Ahmed and Issa Traore. Anomaly Intrusion Detection Based on Biometrics. In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, USA.
14
[15] KDD-Cup Data Set. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
15
[16] Wenke Lee, Salvatore J. Stolfo, and Kui W. Mok. Mining Audit Data to Build Intrusion Detection Models. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, pages 66-72. AAAI Press, 1998.
16
[17] James Cannady. Artificial Neural Networks for Misuse Detection. In National Information Systems Security Conference, pages 368-81, 1998.
17
[18] Hervé Debar and Bernadette Dorizzi. An Application of a Recurrent Network to an Intrusion Detection System. In International Joint Conference on Neural Networks (IJCNN), volume 2, pages 478-483, Baltimore, MD, USA, 1992.
18
[19] Hervé Debar, Monique Becker, and Didier Siboni. A Neural Network Component for an Intrusion Detection System. In Proceedings of the 2nd IEEE Symposium on Security and Privacy (SP'92), pages 240-250, Washington, DC, USA, 1992. IEEE Computer Society.
19
[20] Srinivas Mukkamala and Andrew H. Sung. Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transport Research Board, (1822):33-39, 2003.
20
[21] Martin Riedmiller and Heinrich Braun. A Direct Adaptive Method for Faster Backpropagation Learning: The RPROP Algorithm. In Proceedings of the 2nd IEEE International Conference on Neural Networks, pages 586-591, San Francisco, USA, 1993.
21
[22] Amit Kumar Choudhary and Akhilesh Swarup. Neural Network Approach for Intrusion Detection. In Proceedings of the 2nd ACM International Conference on Interaction Sciences (ICIS'09), pages 1297-1301, Seoul, South Korea, 2009.
22
[23] Jake Ryan, Meng jang Lin, and Risto Miikkulainen. Intrusion Detection with Neural Networks. In Advances in Neural Information Processing Systems, volume 10, pages 943-949. MIT Press, 1998.
23
[24] Susan M. Bridges and Rayford B. Vaughn. Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection. In Proceedings of the National Information Systems Security Conference (NISSC), pages 13-31, 2000.
24
[25] Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, 6:151-180, 1998.
25
[26] Dipankar Dasgupta and Fabio González. An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Transactions on Evolutionary Computation, 6(3):1081-1088, 2002.
26
[27] Paul K. Harmer, Paul D. Williams, Gregg H. Gunsch, and Gary B. Lamont. An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation, 6(3):252-280, 2002.
27
[28] Xiang-Rong Yang, Jun-Yi Shen, and Rui Wang. Artificial Immune Theory Based Network Intrusion Detection System and the Algorithms Design. In Proceedings of the 1st IEEE International Conference on Machine Learning and Cybernetics, volume 1, pages 73-77, 2002.
28
[29] Chi-Ho Tsang, Sam Kwong, and Hanli Wang. Anomaly Intrusion Detection Using Multi-Objective Genetic Fuzzy System and Agent-Based Evolutionary Computation Framework. In Proceedings of the 5th IEEE International Conference on Data Mining (ICDM '05), pages 789-792, Washington, DC, USA, 2005. IEEE Computer Society.
29
[30] Baoguo Xu and Apin Zhang. Application of support Vector Clustering Algorithm to Network Intrusion Detection. In International Conference on Neural Networks and Brain (ICNN&B '05), volume 2, pages 1036-1040, 2005.
30
[31] Sang Hyun Oh and Won Suk Lee. An Anomaly Intrusion Detection Method by Clustering Normal User Behavior. Computers & Security, 22(7): 596-612, 2003.
31
[32] Elizabeth Leon, Olfa Nasraoui, and Jonatan Gomez. Anomaly Detection based on Unsupervised Niche Clustering with Application to Network Intrusion Detection. In Proceedings of the 6th IEEE Congress on Evolutionary Computation (CEC2004), volume 1, pages 502-508, 2004.
32
[33] Yu Guan, Ali A. Ghorbani, and Nabil Belacel. Y-Means: A Clustering Method for Intrusion Detection. In Canadian Conference on Electrical and Computer Engineering, pages 1083-1086, 2003.
33
[34] Mohammad Saniee Abadeh, Jafar Habibi, and Emad Soroush. Induction of Fuzzy Classification Systems via Evolutionary ACO-Based Algorithms. International Journal of Simulation Systems, Science & Technology, 9(3):1-8, 2008.
34
[35] Hisao Ishibuchi, Ken Nozaki, and Hideo Tanaka. Distributed Representation of Fuzzy Rules and its Application to Pattern Classification. Fuzzy Sets and Systems, 52(1):21-32, 1992.
35
[36] Tomoharu Nakashima Hisao Ishibuchi. Improving the Performance of Fuzzy Classifier Systems for Pattern Classification Problems with Continuous Attributes. IEEE Transactions on Industrial Electronics, 46(6), 1999.
36
[37] Marco Dorigo. Optimization, Learning, and Natural Algorithms (In Italian). PhD thesis, Dipartimento di Elettronica, Politecnico di Milano, Milan, Italy, 1992.
37
[38] Marco Dorigo and Luca Maria Gambardella. Ant Colony System: A Cooperative Learning Approach to the Traveling Salesman Problem. IEEE Transactions on Evolutionary Computation, 1(1): 53-66, 1997.
38
[39] Marco Dorigo, Vittorio Maniezzo, and Alberto Colorni. The Ant System: Optimization by a Colony of Cooperating Agents. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, 26:29-41, 1996.
39
[40] D. Costa and A. Hertz. Ants Can Colour Graphs. Journal of the Operational Research Society, 48(3):295-305, 1997.
40
[41] Luca Maria Gambardella and Marco Dorigo. Ant Colonies for the Quadratic Assignment Problem. Journal of the Operational Research Society, 50 (2):167-176, 1999.
41
[42] Vittorio Maniezzo and Alberto Colorni. The Ant System Applied to the Quadratic Assignment Problem. IEEE Transactions on Knowledge and Data Engineering, 11(5):769-778, 1999.
42
[43] Bernd Bullnheimer, Richard F. Hartl, and Christine Strauss. An Improved Ant System Algorithm for the Vehicle Routing Problem. Annals of Operations Research, 89:319-328, 1999.
43
[44] Luca Maria Gambardella, Éric Taillard, and Giovanni Agazzi. MACS-VRPTW: A Multiple Ant Colony System for Vehicle Routing Problems with Time Windows. New Ideas in Optimization, 52(2):63-76, 1999.
44
[45] ChristineSolnon. Ants Can Solve Constraint Satisfaction Problems. IEEE Transactions on Evolutionary Computation, 6(4):347-357, 2002.
45
[46] Rafael S. Parpinelli, Heitor S. Lopes, and Alex A. Freitas. Data Mining with an Ant Colony Optimization Algorithm. IEEE Transactions on Evolutionary Computation, 6(4):321-332, 2002.
46
[47] Lincoln Laboratory MIT. http://www.ll.mit.edu.
47
[48] Charles Elkan. Results of the KDD'99 Classifier Learning. ACM SIGKDD Explorations Newsletter, 1(2):63-64, 2000.
48
[49] Ramesh Agarwal and Mahesh V. Joshi. PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection). In Proceedings of the 1st SIAM Conference on Data Mining, Chicago, IL, USA, 2001.
49
ORIGINAL_ARTICLE
A context-sensitive dynamic role-based access control model for pervasive computing environments
Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar complexities necessitate dynamic and context-aware access control models for such environments. In other words, an efficient access control model for pervasive computing environments should be aware of context information. Changes in context information imply some changes in the users' authorities. Accordingly, an access control model for a pervasive computing environment should control all accesses of unknown users to the resources based upon the participating context information, i.e., contexts of the users, resources and the environment. In this paper, a new context-aware access control model is proposed for pervasive computing environments. Contexts are classified into long-term contexts (which do not change during a session) and short-term contexts (which their steady-state period is less than an average time of a session). The model assigns roles to a user dynamically at the beginning of their sessions considering the long-term contexts. However, during a session the active permission set of the assigned roles are determined based on the short-term context conditions. Formal specification of the proposed model as well as the proposed architecture are presented in this paper. Furthermore, by presenting a real case study, it is shown that the model is applicable, decidable, and dynamic. Expressiveness and complexity of the model is also evaluated.
https://www.isecure-journal.com/article_39176_6d2452bc45a2368272f54c7589acda86.pdf
2010-01-26
47
66
10.22042/isecure.2015.2.1.5
Access Control
Pervasive Computing Environment
Long-Term Context
Short-Term Context
Dynamic Role-Assignment
Dynamic Permission-Activation
S.
Sadat Emami
emami@ee.kntu.ac.ir
1
LEAD_AUTHOR
S.
Zokaei
szokaei@eetd.kntu.ac.ir
2
AUTHOR
[1] L. Kagal, T. Finin, and A. Joshi. Trust-based Security in Pervasive Computing Environments. IEEE Computer, 34:154-157, 2001.
1
[2] D. Saha and A. Mukherjee. Pervasive Computing: A Paradigm for the 21st Century. IEEE Computer, 36(3):25-31, 2003.
2
[3] J. L. Vivas, C. Fernandez-Gago, J. Lopez, and A. Benjumea. A Security Framework for a Workflow-based Grid Development Platform. Computer Standards and Interfaces (being published by ELSEVIER ), doi:10.1016/j.csi.2009.04.001, 2009.
3
[4] S. Singh and S. Bawa. A Privacy, Trust and Policy based Authorization Framework for Services in Distributed Environments. The International Journal of Computer Science, 2(2):85-92, 2007.
4
[5] A. K. Dey. Understanding and Using Context. Personal and Ubiquitous Computing, 5:4-7, 2001.
5
[6] R. J. Hulsebosch, A. H. Salden, M. S. Bargh, P. W. G. Ebben, and J. Reitsma. Context Sensitive Access Control. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05), pages 111-119, Stockholm, Sweden, 2005.
6
[7] D. F. Ferraiolo, R. Sandhu, S. Gavrila, and R. Chandramouli. Proposed NIST Standard for Role Based Access Control. ACM Transactions on Information and System Security, 4:224-274, 2001.
7
[8] A. Kern and C. Walhorn. Rule Support for Role-Based Access Control. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05), pages 130-138, Stockholm, Sweden, 2005.
8
[9] W. Jih, S. Cheng, J. Y. Hsu, and T. Tsai. Context-aware Access Control on Pervasive Healthcare. In Proceedings of the IEEE Workshop on Mobility, Agents, and Mobile Services (MAM), 2005 IEEE International Conference on e-Technology, e-Commerce, and e-Service, pages 21-28, Hong Kong, 2005.
9
[10] J. Al-Muhtadi, A. Ranganathan, R. H. Campbell, and M. D. Mickunas. Cerberus: A Context-Aware Security Scheme for Smart Spaces. In Proceedings of the 1st IEEE International Conference on Pervasive Computing and Communications (Per-Com 2003), pages 489-496, Fort Worth, Texas, USA, 2003.
10
[11] G. Zhang and M. Parashar. Context-Aware Dynamic Access Control for Pervasive Applications. In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference, pages 219-225, San Diego, USA, 2004.
11
[12] U. Hengartner and P. Steenkiste. Access Control to Information in Pervasive Computing Environments. In Proceedings of the 9th ACM Workshop on Hot Topics in Operating Systems (HotOSIX), volume 9, pages 157-162, Lihue, Hawaii, 2003. USENIX Association.
12
[13] F. Pu, D. Sun, Q. Cao, H. Cai, and F. Yang. Pervasive Computing Context Access Control Based on UCONABC Model. In Proceedings of the IEEE International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP'06), pages 689-692, 2006.
13
[14] M. Roman, C. Hess, R. Cerqueira, A. Ranganathan, R. H. Campbell, and K. Nahrstedt. A Middleware Infrastructure for Active Spaces. IEEE Pervasive Computing, 1(4):74-83, 2002.
14
[15] H. Shen and F. Hong. A Context-Aware Role- Based Access Control Model for Web Services. In Proceedings of the IEEE International Conference on e-Business Engineering (ICEBE 2005), pages 220-223, 2005.
15
[16] J. H. Jafarian and M. Amini. CAMAC: A Context- Aware Mandatory Access Control Model. ISeCure: The ISC International Journal of Information Security, 1(1):35-54, 2009.
16
[17] S. S. Emami, M. Amini, and S. Zokaei. A Context-Aware Access Control Model for Pervasive Computing Environments. In Proceedings of the International Conference on Intelligent Pervasive Computing (IPC 2007), pages 51-56, Jijo Island, Korea, 2007. IEEE Computer Society.
17
[18] T. Moses. eXtensible Access Control Markup Language (XACML), Version 2.0, 2005. OASIS Standard, Technical Report, Available at http://docs.oasis-open.org Accessed 01, Mar 2009.
18