Huaimin Wang

Web services peer-to-peer discovery service for automated web service composition

Current Web service discovery methods are based on centralized approaches where Web services are described with service interface functions but not process-related information. It cannot guarantee compatibility of Web service composition, nor can it makes Web services easy to complete a deadlock-free and bounded process transaction. Furthermore, centralized approaches to service discovery suffer from problems such as high operational and maintenance cost, single point of failure, and scalability. Therefore, we propose a structured peer-to-peer framework for Web service discovery in which Web services are located based on service functionality and process behavior. It guarantees semantic compatibility of Web service composition, and achieves the automated composition at the level of executable processes.

A Dynamic Trust Metric for P2P Systems

An important challenge regarding peers trust valuation in P2P systems is how to cope with strategically altering behaviors of malicious peers efficiently. However, the trust metrics employed by the existing systems do not provide adequate support to track this dynamics and impact dynamic adaptability of trust valuation. In this paper, we propose an adaptive peer-to-peer dynamic trust metric. Considering the dynamics of trust which relates to the evolution of trust in time and in the face of new experiences, we introduce an adaptive forgetting scheme, where the forgetting factor is adjusted in time to reflect quick changes of peers behavior. Thus, the trust evaluation has better adaptability to the dynamic of trust. Theoretic analysis and simulation show that, comparing with existing trust metric, our metric has advantages of adaptability on modeling dynamic trust and is highly effective in countering malicious peers regarding strategic altering behavior

A time-frame based trust model for p2p systems

Two major challenges regarding peers trust valuation in P2P systems are how to cope with strategically altering behaviors and dishonest feedbacks of malicious peers efficiently. However, the trust models employed by the existing systems do not provide adequate support to coping with quick changes in peers behavior and aggregating feedback information, then we present a time-frame based trust model. We incorporate time dimension using time-frame, which captures direct experiences and recommendations time-sensitivity, we also introduce four trust parameters in computing trustworthiness of peers, namely, trust construction factor, trust destruction factor, supervision period factor and feedback credibility. Together, these parameters are adjusted in time using feedback control mechanism, thus, trust valuation can reflect the dynamics of the trust environment. Theoretical analysis and simulation show that, our trust model has advantages in modeling dynamic trust relationship and aggregating feedback information over the existing trust metrics. It is highly effective in countering malicious peers regarding strategic altering behavior and dishonest feedbacks of malicious peers.

A secure virtual execution environment for untrusted code

This paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by introducing a hosted virtual machine as the untrusted code container. The key feature of Pollux is its capability of reproducing the host execution environment, thus the behavior of isolated applications recurs as if they were running natively within the host OS. This characteristic is accomplished by the novel local-booted technology, which means the virtual machine boots not from a newly installed OS image but just from the preinstalled host OS. Thus, Pollux provides security against potential malicious code without negating the functionality benefits of benign programs. This paper focuses on the architecture of Pollux and outlines the implementation framework.

KF-Diff+: Highly Efficient Change Detection Algorithm for XML Documents

Most previous work in change detection on XML documents used the ordered tree, with the best complexity of O(nlogn), where n is the size of the document. The best algorithm we had ever known for unordered model achieves polynomial time in complexity. In this paper, we propose a highly efficient algorithm named KF-Diff+. The key property of our algorithm is that the algorithm transforms the traditional tree-to-tree correction into the comparing of the key trees which are substantially label trees without duplicate paths with the complexity of O(n), where n is the number of nodes in the trees. In addition, KF-Diff+ is tailored to both ordered trees and unordered trees. Experiment shows that KF-Diff+ can handle XML documents at extreme speed.

An incentive compatible reputation mechanism for P2P systems

In peer-to-peer (P2P) systems, peers often must interact with unknown or unfamiliar peers without the benefit of trusted third parties or authorities to mediate the interactions. Trust management through reputation mechanism to facilitate such interactions is recognized as an important element of P2P systems. It is, however, faced by the problems of how to stimulate reputation information sharing and honest recommendation elicitation. This paper presents an incentive compatible reputation mechanism for P2P systems. It has two unique features: (1) a recommender’s trustworthiness and level of confidence about the recommendation is considered for a more accurate calculation of reputations and fair evaluation of recommendations. (2) Incentive for participation and honest recommendation is implemented through a fair differential service mechanism. It relies on peer’s level of participation and on the recommendation credibility. Theoretic analysis and simulation show that the reputation mechanism we propose can help peers effectively detect dishonest recommendations in a variety of scenarios where more complex malicious strategies are introduced. Moreover, it can also stimulate peers to send sufficiently honest recommendations. The latter is realized by ensuring that active and honest recommenders, compared to inactive or dishonest ones, can elicit the most honest (helpful) recommendations and thus suffer the least number of wrong trust decisions.

An authorization framework based on constrained delegation

In this paper, we distinguish between authorization problems at management level and request level in open decentralized systems, using delegation for flexible and scalable authorization management. The delegation models in existing approaches are limited within one level or only provide basic delegation schemes, and have no effective control over the propagation scope of delegated privileges. We propose REAL, a Role-based Extensible Authorization Language framework for open decentralized systems. REAL covers delegation models at both two levels and provides more flexible and scalable authorization and delegation policies while capable of restricting the propagation scope of delegations. We formally define the semantics of credentials in REAL by presenting a translation algorithm from credentials to Datalog rules (with negation-as-failure). This translation also shows that the semantics can be computed in polynomial time.

A new reputation mechanism against dishonest recommendations in P2P systems

In peer-to-peer (P2P) systems, peers often must interact with unknown or unfamiliar peers without the benefit of trusted third parties or authorities to mediate the interactions. Trust management through reputation mechanism to facilitate such interactions is recognized as an important element of P2P systems. However current P2P reputation mechanism can not process such strategic recommendations as correlative and collusive ratings. Furthermore in them there exists unfairness to blameless peers. This paper presents a new reputation mechanism for P2P systems. It has a unique feature: a recommenders credibility and level of confidence about the recommendation is considered in order to achieve a more accurate calculation of reputations and fair evaluation of recommendations. Theoretic analysis and simulation show that the reputation mechanism we proposed can help peers effectively detect dishonest recommendations in a variety of scenarios where more complex malicious strategies are introduced.

ZebraX: a model for service composition with multiple QoS constraints

With the development of theory and technology of Web Service, Web Service Composition (WSC) has become the core Service-Oriented Computing technology. It is important for business process to select the best component services with multi-dimensional QoS assurances to construct a complex one. But there exist some problems, such as evaluation for QoS properties of a service is not full-scale and the criteria is not clear, the weight for each QoS metric doesnt consider both subjective sensations and objective facts. In this paper we propose a WSC model to provide multi-dimensional QoS supports in service selection and replacement. We consider SLA and recovery mechanism for the service failure during its execution. A utility function is defined as the evaluation standard, which aggregates all QoS metrics after normalizing their values. Then we use Subjective-Objective Weight Mode (SOWM) to set the weight of each QoS metric. Finally we introduce our prototype and evaluations, test the availability of the decision mode and the results prove it is predominant compared with other decision modes.

AT-RBAC: An authentication trustworthiness-based RBAC model

In current operating systems, the strength of authentication mechanism does not work on the authorization of the user, which leaves the system security compromise that the user who has passed weak authentication mechanism may have many access rights. This paper firstly puts forwards the thought of authentication trustworthiness, the aim is to give each authenticated user his authentication trustworthiness. According to user’s trustworthiness, the system will decide which access rights he will have. The more strength is the authentication mechanism, the larger is the user’s authentication trustworthiness. The user’s authentication trustworthiness will be taken as one of access control decision elements, so as to prevent the user with less trustworthiness from owning many access rights. Based on the authentication trustworthiness, this paper puts forwards the authentication trustworthiness-based RBAC model. The model associates authentication trustworthiness withRBAC model, and the authentication trustworthiness of the authenticated user will be decision information to activate his roles and permissions, only those users who satisfy role trust activation condition can activate their roles, users who satisfy permission trust activation condition can activate their permissions. The model provides trust authorization by user’s role and permissions trust activation, satisfies the requirement that different authentication mechanisms with different strength will correspond to different access rights.