Search

Your search keyword '"Tharam Dillon"' showing total 23 results
Start Over Author "Tharam Dillon" Language undetermined
23 results on '"Tharam Dillon"'

2. Provenance-based Intrusion Detection Systems: A Survey

Author

Michael Zipperle, Florian Gottwalt, Elizabeth Chang, and Tharam Dillon

Subjects
General Computer Science, Theoretical Computer Science
Abstract

Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and sophistication of cyberattacks such as Advanced Persistent Threats (APT) . Due to their high false-positive rate and the required effort of security experts to validate them, incidents can remain undetected for up to several months. As a result, enterprises suffer from data loss and severe financial damage. Recent research explored data provenance for Host-based Intrusion Detection Systems (HIDS) as one promising data source to tackle this issue. Data provenance represents information flows between system entities as Direct Acyclic Graph (DAG) . Provenance-based Intrusion Detection Systems (PIDS) utilize data provenance to enhance the detection performance of intrusions and reduce false-alarm rates compared to traditional IDS. This survey demonstrates the potential of PIDS by providing a detailed evaluation of recent research in the field, proposing a novel taxonomy for PIDS, discussing current issues, and potential future research directions. This survey aims to help and motivate researchers to get started in the field of PIDS by tackling issues of data collection, graph summarization, intrusion detection, and developing real-world benchmark datasets.

Published
2022
Full Text
View/download PDF

4. Context-Aware Access Control with Imprecise Context Characterization for Cloud-Based Data Resources

Author

ASM Kayes, Rahayu, Johanna Wenny, Tharam Dillon, Chang, Elizabeth, and Han, Jun

Subjects
Uncategorized
Abstract

© 2018 Elsevier B.V. Computing technologies are increasingly dynamic and ubiquitous in everyday life nowadays. Context information plays a crucial role in such dynamically changing environments and the different types of contextual conditions bring new challenges to context-sensitive access control. This information mostly can be derived from the crisp sets. For example, we can utilize a crisp set to derive a patient and nurse are co-located in the general ward of the hospital or not. Some of the context information characterizations cannot be made using crisp sets, however, they are equally important in order to make access control decisions. Towards this end, this article proposes an approach to Context-Aware Access Control using Fuzzy logic (FCAAC) for data and information resources. We introduce a formal context model to represent the fuzzy and other contextual conditions. We also introduce a formal policy model to specify the policies by utilizing these conditions. Using our formal approach, we combine the fuzzy model with an ontology-based approach that captures such contextual conditions and incorporates them into the policies, utilizing the ontology languages and the fuzzy logic-based reasoning. We introduce a unified data ontology and its associated mapping ontology in terms of facilitating access control to cloud-based data resources. We justify the feasibility of our approach by demonstrating the practicality through a prototype implementation, several healthcare case studies and a usability study. Finally, we demonstrate an experimental evaluation in terms of query response time. The experiment results demonstrate the satisfactory performance of our proposed FCAAC approach.

Published
2021
Full Text
View/download PDF

5. Accessing Data from Multiple Sources Through Context-Aware Access Control

Author

A S M Kayes, Rahayu, Johanna, Tharam Dillon, and E Chang

Subjects
Uncategorized
Abstract

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.ABSTRACTWith the proliferation of cloud-based data and services, accessing data from distributed cloud environments and consequently providing integrated results to the users has become a key challenge, often involving large processing overheads and administrative costs. The traditional, spatial, temporal and other context-sensitive access control models have been applied in different environments in order to access such data and information. Recently, fog-based access control models have also been introduced to overcome the latency and processing issues by moving the execution of application logic from the cloud-level to an intermediary-level through adding computational nodes at the edges of the networks. These existing access control models mostly have been used to access data from centralized sources. However, we have been encountering rapid changes in computing technologies over the last few years, and many organizations need to dynamically control context-sensitive access to cloud data resources from distributed environments. In this article, we propose a new generation of fog-based access control approach, combining the benefits of fog computing and context-sensitive access control solutions. We first formally introduce a general data model and its associated policy and mapping models, in order to access data from distributed cloud sources and to provide integrated results to the users. In particular, we present a unified set of fog-based access control policies with the aim of reducing administrative burdens and processing overheads. We then introduce a unified data ontology together with its reasoning capability by realizing our formal approach. We demonstrate the applicability of our proposal through a prototype testing and several case studies. Experiment results demonstrate the good performance of our approach with respect to our earlier context-sensitive access control approach.

Published
2020
Full Text
View/download PDF

9. Balancing Utility and Security: Securing Cloud Federations of Public Entities

Author

Christophe Debruyne, Hervé Panetto, Robert Meersman, Tharam Dillon, eva Kühn, Declan O'Sullivan, and Claudio Agostino Ardagna

Subjects
Data masking, XACML, Cloud security, Authorization, Cloud federation, API security, Data security policy language
Abstract

Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations. In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

Published
2016

10. Privacy-Preserving Transactions Protocol Using Mobile Agents with Mutual Authentication

Author

Song Han, Vidyasagar Potdar, Elizabeth Chang, and Tharam Dillon

Abstract

This article introduces a new transaction protocol using mobile agents in electronic commerce. The authors first propose a new model for transactions in electronic commerce, mutual authenticated transactions using mobile agents. They then design a new protocol by this model. Furthermore, the authors analyse the new protocol in terms of authentication, construction, and privacy. The aim of the protocol is to guarantee that the customer is committed to the server, and the server is committed to the customer. At the same time, the privacy of the customer is protected.

Published
2009
Full Text
View/download PDF

12. Converged Voice Access to Data (CVAD)

Author

Alex Talevski, Elizabeth Chang, Tharam Dillon Alexander Fedoseev, and Eenjun Hwang

Subjects
business.product_category, Voice over IP, Multimedia, Computer science, business.industry, Mobile computing, computer.software_genre, Data access, Personal computer, Internet access, The Internet, Telephony, Data as a service, business, computer
Abstract

The rapid growth of the Internet and widespread use of mobile computing and telephony has resulted in a broad range of ways to communicate and access information. Data and telecommunications convergence promises a wide range of possible solutions that will increase productivity, reduce costs, and provide new opportunities and revenues for enterprises. However, such converged telecommunications and data services have been largely isolated to static environments where fixed Personal Computers (PC) and an Internet connection are used in conjunction with various software tools to simulate a pseudo converged session. Generally, data presented on the internet and in enterprise applications is not available on voice networks and vice-versa. Due to the versatile nature of today's enterprise, a feature-rich, flexible, adaptive and widely accessible convergence solution is required. This paper presents an Interactive Voice Response (IVR) driven approach that uses Converged voice access to data (CVAD) services. The CVAD solution offers enhanced service effectiveness, flexibility and convenience for professionals on the move.

Published
2007
Full Text
View/download PDF

20. Emergent semantics systems

Author

Karl Aberer, Tiziana Catarci, Philippe Cudré-Mauroux, Tharam Dillon, Stephan Grimm, Mohand-Said Hacid, Arantza Illarramendi, Mustafa Jarrar, Vipul Kashyap, Massimo Mecella, Eduardo Mena, Erich J. Neuhold, Aris M. Ouksel, Thomas Risse, Monica Scannapieco, Fèlix Saltor, Luca de Santis, Stefano Spaccapietra, Steffen Staab, Rudi Studer, Olga De Troyer, Eidgenössische Technische Hochschule - Swiss Federal Institute of Technology [Zürich] (ETH Zürich), Università degli Studi di Roma 'La Sapienza' = Sapienza University [Rome], University of Technology Sydney (UTS), Universität Karlsruhe (TH), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École Centrale de Lyon (ECL), Université de Lyon-Université Lumière - Lyon 2 (UL2), University of the Basque Country/Euskal Herriko Unibertsitatea (UPV/EHU), Vrije Universiteit Brussel (VUB), National Library of Medicine (NLM), National Institutes of Health [Bethesda] (NIH)-National Center for Biotechnology Information (NCBI), University of Zaragoza - Universidad de Zaragoza [Zaragoza], Fraunhofer Institute for Systems and Innovation Research (Fraunhofer ISI ), Fraunhofer (Fraunhofer-Gesellschaft), University of Illinois [Chicago] (UIC), University of Illinois System, Universitat Politècnica de Catalunya [Barcelona] (UPC), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Bouzeghoub, M, Goble, C, Kashyap, V, and Spaccapietra, S

Subjects
Computer science, Distributed computing, Data management, Interoperability, Overlay network, 02 engineering and technology, Ontology (information science), computer.software_genre, Semantic heterogeneity, 020204 information systems, Semantic computing, 0202 electrical engineering, electronic engineering, information engineering, Semantic integration, [INFO]Computer Science [cs], Semantic Web, Semantic compression, Distributed database, business.industry, Semantic interoperability, Digital library, Metadata, Semantic grid, Ontology, 020201 artificial intelligence & image processing, Data mining, business, computer
Abstract

Until recently, most data interoperability techniques involved central components, e.g., global schemas or ontologies, to overcome semantic heterogeneity for enabling transparent access to heterogeneous data sources. Today, however, with the democratization of tools facilitating knowledge elicitation in machine-processable formats, one cannot rely on global, centralized schemas anymore as knowledge creation and consumption are getting more and more dynamic and decentralized. Peer Data Management Systems (PDMS) implementing semantic overlay networks are a good example of this new breed of systems eliminating the central semantic component and replacing it through decentralized processes of local schema alignment and query processing. As a result semantic interoperability becomes an emergent property of the system. In this talk we provide examples of both structural and dynamic aspects of such emergent semantics systems based on semantic overlay networks. ?From the structural perspective we can show that the typical properties of self-organizing networks also appear in semantic overlay networks. They form directed, scalefree graphs. We present both analytical models for characterizing those graphs and empirical results providing insight on their quantitative properties. Then we present semantic gossiping, a model for the dynamic reorganization of semantic overlay networks resulting from information propagation through the network and local realignment of semantic relationships. The techniques we apply in that context are based on belief propagation, a distributed probabilistic reasoning technique frequently encountered in self-organizing systems. Finally we will give a quick glance on how this techniques can be implemented at the systems level, based on a peer-to-peer systems approach.

Full Text
View/download PDF

21. Semantic Measures Based on RDF Projections: Application to Content-Based Recommendation Systems

Author

Sylvie Ranwez, Stefan Janaqi, Sébastien Harispe, Jacky Montmain, Laboratoire de Génie Informatique et Ingénierie de Production (LGI2P), IMT - MINES ALES (IMT - MINES ALES), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Robert Meersman, Hervé Panetto, Tharam Dillon, Johann Eder, Zohra Bellahsene, Norbert Ritter, Pieter Leenheer, and Deijing Dou, Ranwez, Sylvie, and Robert Meersman, Hervé Panetto, Tharam Dillon, Johann Eder, Zohra Bellahsene, Norbert Ritter, Pieter Leenheer, and Deijing Dou

Subjects
[INFO.INFO-AI] Computer Science [cs]/Artificial Intelligence [cs.AI], Measure (data warehouse), Information retrieval, Exploit, business.industry, Computer science, 02 engineering and technology, computer.file_format, Linked data, Representation (arts), Recommender system, Semantics, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], Knowledge base, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, RDF, business, computer
Abstract

Many applications take advantage of both ontologies and the Linked Data paradigm to characterize various kinds of resources. To fully exploit this knowledge, measures are used to estimate the relatedness of resources regarding their semantic characterization. Such semantic measures mainly focus on specific aspects of the semantic characterization (e.g. types) or only partially exploit the semantics expressed in the knowledge base. This article presents a framework for defining semantic measures to compare instances defined within an RDF knowledge base. A special type of measure, based on the representation of an instance through projections, is detailed and evaluated through its use in a music band recommender system.

22. Fragment-Based Version Management for Repositories of Business Process Models

Author

Chathura C. Ekanayake, Marcello La Rosa, Marie-Christine Fauvet, Arthur H. M. ter Hofstede, Queensland University of Technology [Brisbane] (QUT), Eindhoven University of Technology [Eindhoven] (TU/e), Modélisation et Recherche d’Information Multimédia [Grenoble] (MRIM), Laboratoire d'Informatique de Grenoble (LIG), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF), Research funded by the Smart Services Cooperative Research Centre (CRC) through the Australian Government's CRC Programme, Robert Meersman, Tharam Dillon, and Pilar Herrero, and Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)

Subjects
Process modeling, Database, Process modeling languages, Artifact-centric business process model, Computer science, Process (engineering), version, 020207 software engineering, 02 engineering and technology, Business process modeling, computer.software_genre, Data science, Maturity (finance), 080300 COMPUTER SOFTWARE, process model, storage, repository, [INFO.INFO-IR]Computer Science [cs]/Information Retrieval [cs.IR], 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Information system, Empirical evidence, computer, 080600 INFORMATION SYSTEMS
Abstract

Section: Business process repositories; International audience; As organizations reach higher levels of Business Process Management maturity, they tend to accumulate large collections of process models. These repositories may contain thousands of activities and be managed by different stakeholders with varying skills and responsibilities. However, while being of great value, these repositories induce high management costs. Thus, it becomes essential to keep track of the various model versions as they may mutually overlap, supersede one another and evolve over time. We propose an innovative versioning model, and associated storage structure, specifically designed to maximize sharing across process models and process model versions, reduce conflicts in concurrent edits and automatically handle controlled change propagation. The focal point of this technique is to version single process model fragments, rather than entire process models. Indeed empirical evidence shows that real-life process model repositories have numerous duplicate fragments. Experiments on two industrial datasets confirm the usefulness of our technique.

Published
2011
Full Text
View/download PDF

23. Improved Load Balancing on Distributed Massive Simulation Environments

Author

Gennaro Cordasco, Cristoforo Caponigri, Rosario De Chiara, Vittorio Scarano, Robert Meersman, Tharam Dillon, Pilar Herrero, Cristoforo, Caponigri, Cordasco, Gennaro, Rosario De, Chiara, and Vittorio, Scarano

Subjects
Battle, Computer science, Computation, Distributed computing, media_common.quotation_subject, Workload, Load balancing (computing), media_common
Abstract

In this paper, we report the findings we gathered in designing and implementing a system that provides a distributed massive simulation environment. Massive Battle is a system capable of simulating historical battles for the purpose of learning and to carry out historical researches (e.g. what-if scenarios). We present a distributed implementation of Massive Battle and some early tests. We report and discuss some analysis of the problems related to the workload distribution in this particular environment. We report how is possible to measure a better load balancing by adopting a more general scheme of computation that generalize the assignments that each peer has to complete together with simulation.

Published
2010
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results