Francesca Lonetti

Tree slotted aloha: a new protocol for tag identification in RFID networks

In this paper, we approach the problem of identifying a set of objects in an RFID network. We propose a modified version of slotted aloha protocol to reduce the number of transmission collisions. All tags select a slot to transmit their ID by generating a random number. If there is a collision in a slot, the reader broadcasts the next identification request only to tags which collided in that slot. Simulation results show that our approach performs better than framed slotted aloha and query tree based protocols, in terms of number of slots needed to identify all tags, which is a commonly used metric, strictly related to delay

Instant collision resolution for tag identification in RFID networks

In this paper, we approach the problem of identifying a set of objects in an RFID network. We propose a modified version of Slotted Aloha protocol to reduce the number of transmission collisions. All tags select a slot to transmit their ID by generating a random number. If there is a collision in a slot, the reader broadcasts the next identification request only to tags which collided in that slot. Besides, we present an extensive comparative evaluation of collision resolution protocols for tag identification problem in RFID networks. After a quick survey of the best performing RFID tag identification protocols, both deterministic and probabilistic, we present the outcome of intensive simulation experiments set up to evaluate several metrics, such as the total delay of identification process and the bit complexity of reader and tags. The last metric is strictly related to energy constraints required by an RFID system. The experiments point out that our protocol outperform all the other protocols in most cases, and matches them in the others.

Automatic XACML Requests Generation for Policy Testing

Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies.

Real-time video transmission in vehicular networks

This paper addresses the problem of real-time video transmission in vehicular networks. We show that the video quality of real-time services is greatly decreased when there is network congestion in different traffic situations. We propose a solution that applies frame skipping and transcoding together with frame rate reduction techniques over IEEE 802.11 based vehicular networks. Our approach improves the quality of video transmission while reducing the bandwidth consumption.

Towards a model-driven infrastructure for runtime monitoring

In modern pervasive dynamic and eternal systems, software must be able to self-organize its structure and self-adapt its behavior to enhance its resilience and provide the desired quality of service. In this high-dynamic and unpredictable scenario, flexible and reconfigurable monitoring infrastructures become key instruments to verify at runtime functional and non-functional properties. In this paper, we propose a property-driven approach to runtime monitoring that is based on a comprehensive Property Meta-Model (PMM) and on a generic configurable monitoring infrastructure. PMM supports the definition of quantitative and qualitative properties in a machine-processable way making it possible to configure the monitors dynamically. Examples of implementation and applications of the proposed model-driven monitoring infrastructure are excerpted from the ongoing CONNECT European Project.

XACMUT: XACML 2.0 Mutants Generator

Testing of security policies is a critical activity and mutation analysis is an effective approach for measuring the adequacy of a test suite. In this paper, we propose a set of mutation operators addressing specific faults of the XACML 2.0 access control policy and a tool, called XACMUT (XACml MUTation) for creating mutants. The tool generates the set of mutants, provides facilities to run a given test suite on the mutants set and computes the test suite effectiveness in terms of mutation score. The tool includes and enhances the mutation operators of existing security policy mutation approaches.

Automated testing of eXtensible Access Control Markup Language-based access control systems

The trustworthiness of sensitive data needs to be guaranteed and testing is a common activity among privacy protection solutions, even if quite expensive. Accesses to data and resources are ruled by the policy decision point (PDP), which relies on the eXtensible Access Control Markup Language (XACML) standard language for specifying access rights. In this study, the authors propose a testing strategy for automatically deriving test requests from a XACML policy and describe their pilot experience in test automation using this strategy. Considering a real two-level PDP implemented for health data security, the authors compare the effectiveness of the test plan automatically derived with the one derived by a standard manual testing process.

GLIMPSE: a generic and flexible monitoring infrastructure

To respond to the growing needs of evolution and adaptation coming from the modern open connected world, applications must continuously monitor their own execution and the surrounding context. The events to be observed, belonging to guaranteed functional and non-functional properties, can themselves vary in scope and along time. Therefore the monitor must be easily configurable and able to serve differing event consumers. To address these requirements, we developed the glimpse monitoring infrastructure conceived having flexibility and generality as main concerns. The paper introduces the architecture of glimpse and shows how it can support runtime performance analysis through a simple example.

Similarity testing for access control

Abstract Context Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that enforced policies are correct, policy testing must be performed in an effective way to identify potential security flaws and bugs. In practice, exhaustive testing is impossible due to budget constraints. Therefore the tests need to be prioritized so that resources are focused on their most relevant subset. Objective This paper tackles the issue of access control test prioritization. It proposes a new approach for access control test prioritization that relies on similarity. Method The approach has been applied to several policies and the results have been compared to random prioritization (as a baseline). To assess the different prioritization criteria, we use mutation analysis and compute the mutation scores reached by each criterion. This helps assessing the rate of fault detection. Results The empirical results indicate that our proposed approach is effective and its rate of fault detection is higher than that of random prioritization. Conclusion We conclude that prioritization of access control test cases can be usefully based on similarity criteria.

Yet another meta-model to specify non-functional properties

In service-oriented systems non-functional properties become very important to support run-time service discovery and composition. Software engineers should take care of them for guaranteeing the service quality in all the software life-cycle phases, from requirements specification to design, to system deployment and execution monitoring. This wide scope and the criticality of non-functional properties demand that they are expressed in a language which is intuitive and easy to use for the service quality specification, and at the same time is machine-processable to be automatically handled at run-time. In this paper we present a Property Meta-Model that aims to reach these two main objectives and show as a proof of concept its use for the modeling of two different properties.