Koji Hasebe

Capability-based delegation model in RBAC

For flexible and dynamic resource management in environments where users collaborate to fulfill their common tasks, various attempts at modeling delegation of authority have been proposed using the role-based access control (RBAC) model. However, to achieve a higher level of collaboration in large-scale networked systems, it is worthwhile supporting cross-domain delegation with low administration cost. For that purpose, we propose a capability-role-based access control (CRBAC) model, by integrating a capability-based access control mechanism into the RBAC96 model. Central to this scheme is the mapping of capabilities to permissions as well as to roles in each domain, thereby realizing the delegation of permissions and roles by capability transfer. By taking this approach of capability-based access control, our model has the advantages of flexibility and reduced administration costs. We also demonstrate the effectiveness of our model by using examples of various types of delegation in clinical information systems.

Power-Saving in Large-Scale Storage Systems with Data Migration

We present a power-saving method for large-scale distributed storage systems. The key idea is to use virtual nodes and migrate them dynamically so as to skew the workload towards a small number of disks while not overloading them. Our proposed method consists of two kinds of algorithms, one for gathering or spreading virtual nodes according to the daily variation of workloads so that the active disks are reduced to a minimum, the other for coping with the changes in the popularity of data over a longer period. For this dynamic migration, data stored in virtual nodes are managed by a distributed hash table. Furthermore, to improve the reliability as well as to reduce the migration cost, we also propose an extension of our method by introducing a replication mechanism. The performance of our method is measured both by simulation and a prototype implementation. From the experiments, we observed that our method skews the workload so that the average load for the active physical nodes as a function of the overall capacity is 67%. At the same time, we maintain a preferred response time by setting a suitable maximum workload for each physical node.

Computational Semantics for First-Order Logical Analysis of Cryptographic Protocols

This paper is concerned about relating formal and computational models of cryptography in case of active adversaries when formal security analysis is done with first order logic As opposed to earlier treatments, we introduce a new, fully probabilistic method to assign computational semantics to the syntax. The idea is to make use of the usual mathematical treatment of stochastic processes, hence be able to treat arbitrary probability distributions, non-negligible probability of collision, causal dependence or independence, and so on. We present this via considering a simple example of such a formal model, the Basic Protocol Logic by K. Hasebe and M. Okada [20], but we think the technique is suitable for a wide range of formal methods for protocol correctness proofs. We first review our framework of proof-system, BPL, for proving correctness of authentication protocols, and provide computational semantics. Then we give a full proof of the soundness theorem. We also comment on the differences of our method and that of Computational PCL.

Using a Potential Game for Power Reduction in Distributed Storage Systems

We present a game-theoretic approach for power reduction in large-scale distributed storage systems. The key idea is to use distributed hash tables to dynamically migrate virtual nodes, thus skewing the workload towards a subset of physical disks without overloading them. To realize this idea in an autonomous way (i.e., without any kind of central controller), virtual nodes are considered to be selfish agents playing a game in which each node receives a payoff according to the workload of the disk on which it currently resides. We model this setting as a potential game, where an increase in the payoff to a virtual node reduces the power of the system. This game consists of a pair of global and private utility functions, derived by means of the Wonderful Life Utility technique. The former function evaluates the state of the system, and the latter provides criteria for the migration of each node. The performance of our method is measured by simulations and a prototype implementation. From these evaluations, we find that our method reduces the running time of the disks in active mode by 12.7-18.7%, with an overall average response time of 50-190 ms.

Power-saving in storage systems for Internet hosting services with data access prediction

We present a power-saving method for storage systems in Internet hosting services, particularly those providing video/photo sharing services. The key idea behind our method is to skew the workload towards a subset of disks in the storage array, thereby extending the periods in standby mode of the other disks. Our method is based on the idea behind PDC, but the main objective of this study is to investigate a method that is adaptable to both constant massive influx of data and changes in data popularity over time. Moreover, to reduce accesses to disks in standby mode, our method periodically rearranges data in the order of potential future accesses presumed to be associated with elapsed time after upload and the accesses in the past, instead of just sorting according to the latest number of accesses. This correlation is obtained by analyzing access patterns for 45,000 randomly selected public photos on Flickr. Performance is evaluated through both simulation and a prototype implementation. In the experiments, we observed that our method saved 24.0% of running time of the disks in active mode, with an overall average response time of 47.6 ms, in which 0.43% of the total accesses involved disks in standby mode.

Power-Aware Autonomous Distributed Storage Systems for Internet Hosting Service Platforms

We present a power-saving method for large-scale distributed storage systems of Internet hosting services, whose prime example is a video/photo sharing service. The idea behind our method is to periodically exchange stored data among disks in an autonomous way so as to skew the workload towards a small number of disks while not overloading them. The objective of this paper is to explore a power-saving method that is adaptable to both constant massive influx of data and changes in data popularity. The performance is measured both in simulation and prototype implementation using a real access pattern of 20,000 public photos on Flickr. In the experiments, we observed that our method saved 14.5–39.7% of energy, while the overall average response time was 133 ms, where 6.8–19.1% of total accesses were of disks in low-power mode.

Towards a guideline for clinical trials in the development of human assistive robots

Following recent advances in robotics for supporting human activities, ethical reviews similar to those for medical research and development have been requested for clinical trials in the development process of this field of robotics. In this environment, many robot developers have found it difficult to understand the criteria for these ethical reviews. One of the basic reasons for this difficulty is the methodology in robotics. That is, trials are characterized as exploratory rather than confirmatory during the development process. However, to make trials scientifically sound and ethically acceptable, it is important to plan serial trials so that their objectives gradually shift from exploration to confirmation. To address this problem, we propose a development process for human assistive robots. This process is intended to be a reference for developers planning experimental protocols for planning clinical trials and forms a basis for guidelines on the development of human assistive robots.

Capability-Role-Based Delegation in Workflow Systems

Various security models for supporting delegation in workflow systems have been proposed to achieve flexible access control in collaborative business processes. Since workflow systems come into their own when controlling large-scale business processes in a well-structured organization, these models are often based on role-based access control (RBAC). However, to realize a higher level of collaboration enabling users in different organizations to complete a common workflow, it is necessary to support cross-domain delegation of tasks. For this purpose, we propose a delegation model for workflow systems that extends the capability-role-based access control (CRBAC) model introduced in our previous work. The central idea behind our proposed model is that authority to perform tasks, as well as roles, are mapped to capabilities, thereby realizing delegation by capability transfer. By adopting the approach of a capability-based access control mechanism, our model provides both flexibility and reduced administration costs, thus allowing it to cope with unexpected changes in task assignments. We demonstrate these advantages by considering an example.

Computational semantics for basic protocol logic: a stochastic approach

This paper relates formal and computational models of cryptography in case of active adversaries when formal security analysis is done with first order logic. Instead of the way Datta et al. defined computational semantics to their Protocol Composition Logic, we introduce a new, fully probabilistic method to assign computational semantics to the syntax. We present this via considering a simple example of such a formal model, the Basic Protocol Logic by K. Hasebe and M. Okada [7], but the technique is suitable for extensions to more complex situations such as PCL. We make use of the usual mathematical treatment of stochastic processes, hence are able to treat arbitrary probability distributions, non-negligible probability of collision, causal dependence or independence.

Stepwise process of clinical trials in safety-conscious development of human assistive robots

Recent advances in the study of human assistive robots have led to requests for ethical review for clinical trials during the development process. In this environment, many developers have found it difficult to understand the criteria for these ethical reviews. One of the basic reasons for this difficulty is the methodology in robotics. That is, trials in the development of robotics are characterized as exploratory rather than confirmatory, with the current design being rapidly altered to achieve the final product. However, from the ethical and scientific viewpoints, it is requested to plan serial trials so that the objectives gradually shift from exploration to confirmation. That is, aspects of the design should be gradually fixed throughout the development process, and in the latter stages trials should be conducted that confirm the merits of a fixed design. To address this problem, we proposed a development process for human assistive robots in our previous work with the intention of helping developers identify the current phase of development and plan suitable experimental protocols. Based on this, in this paper we present a more refined approach that considers a stepwise process for developing the final product with enough safety measures to protecting users.