Mamoru Maekawa

The Saga Security System: a security architecture for open distributed systems

We present an overview of the Saga Security System. An agent in the Saga Security System is called a Saga Agent. The authorization model in the Saga Security System (the Saga authorization model) supports the novel concept of a service path and provides uniform and flexible protection appropriate for advanced computational models such as object-oriented systems and cooperative agent systems. The key features of the Saga Security System security mechanism are the use of an access token and a Security Monitor. Access tokens are implemented using public key technology and ensure the integrity of request messages issued by Saga Agents. One can regard the Security Monitor of a Saga Agent as a reference monitor for the agent. The security of a Saga Agent during its traversal over distributed environments is controlled by the Security Monitor integrated with the agent.

Java Bytecode Dependence Analysis for Secure Information Flow

Java programs can be transmitted and executed on another host in bytecode format, thus the sensitive information of the host may be leaked via these assembly-like programs. Information flow policy can ensure data confidentiality, however, conventional information flow analysis mainly focused on the programs written in high-level programming languages and is generally performed by type checking approach, which assigns security classes to the variables then verifies information flow policy in program executing order. These approaches are inadequate to address the information flow in bytecode and the type systems verification method is imprecise. This paper presents a method to disclose java bytecode information flow by dependence analysis, in which the information flow analysis is separated to two phases to improve precision. First is determining information dependence relationship among the variables in the bytecode then is verifying the security based on security class. A prototype tool has been developed, by which the bytecode information flow of object or class files can be analyzed.

Extending fault trees with an AND-THEN gate

Fault trees have been used for software safety analysis in various safety critical systems. The PRIORITY-AND gate was proposed because the conventional AND gate cannot be used to represent the sequential order of the events. The paper shows that even PRIORITY-AND gate is not expressive enough to represent the relative temporal order of the events precisely. We extend the fault trees with an AND-THEN gate that is the corresponding gate of the logical connective TAND. This increases the expressive power of the fault trees. The AND-THEN gate can represent relative temporal relations precisely.

Mobile code security by Java bytecode dependence analysis

Security of mobile code is important because the code is transmitted and remotely executed. Existing protection mechanisms have not fully addressed the security problem. Current approaches tend to prevent the host from potential attacks by confining the mobile code, which leads to impair the function of mobile code. Java is widely used in mobile code systems. We propose a method that does less restriction to the Java mobile code while protecting the host. The approach is to analyze the Java bytecode security-relevant behavior prior to its execution, thus to ensure two major aspects of host security ntegrity and confidentiality. We extend bytecode dependence analysis technique to adapt information flow analysis. A prototype implementation is under development. This tool will be used to analyze Java class file, applet and mobile agent.

Considering events and processes within GIS: an event-based spatiotemporal data model

The development of a spatiotemporal data model adapted to temporal GIS applications is still a challenging research issue. The paper presents a new definition of events and processes to describe and model spatiotemporal phenomena within GIS, based on which, and on an extended concept of object version, an event-based conceptual spatiotemporal data model is produced.

Verification for Host Confidentiality by Abstract Interpretation in Mobile Code Systems

To resolve the security problems of Java mobile programs, we adapted the technique of type-level abstract interpretation usually applied to verify the bytecode correctness to check the mobile program statically whether it impairs the host confidentiality. Instead of data types, our approach abstractly executes the mobile program at the level of security-level. Based on maintaining a distribution map of security-levels of the data in the mobile programs data containers, our approach detects data-leaking caused by the mobile program just before it tries to send sensitive data out of the host. By this way our approach could make fewer misjudgments that verifies secure mobile programs as malicious ones and be more efficient than the works in R. Barbuti et al., (2002), C. Bernardeschi et al. (2002), and M. Avvenuti et al. (2003)

A Conceptual Framework for Spatiotemporal Data Modeling

Conceptual data modeling of spatiotemporal applications is used to describe user’s cognition of real world phenomena and must support adequate concepts and notations with accurate semantics to allow the developer to capture and present spatiotemporal information. In this paper we propose a conceptual framework for spatiotemporal geographic data modeling, which is based on the Object-Oriented concept and additionally provides an expression for capturing space, time and time-varying information. The framework is built around the concept of geographic theme. We focus on using operations to define a new theme based on already defined themes, the internal representation being completely hidden from the user.

Resident Participating GIS- Based Tsunami Disaster Control Systems for Local Communities

We propose and experiment a social networking service (SNS) for local communities for tsunami disaster control. It is an easy-to-use GIS-based system with powerful GIS analysis capabilities. One of the features of the system is resident participation. The GIS layer structure proposed in this paper nicely supports this user participation. The system architecture and the use of the system for tsunami disaster control are discussed. We report ongoing developments in Hachinohe-City, Japan

Abstract interpretation for mobile code security

To resolve the security problems of Java mobile code, we adapted the technique of type-level abstract interpretation to verify the security of mobile code statically. Instead of data types, the mobile code is executed abstractly at the level of security-level in our approach. Based on maintaining a distribution map of security-levels of the data in mobile codes data containers, our approach detects data-leaking just before the mobile code tries to send sensitive data out of the host. By this way our approach could make less misjudgment that verifies secure mobile programs as malicious and be more efficient than the works in Bernardeschi C et al, (2002) and Avvenuti, M et al, (2003).

End-user customizable scene search for TV programs

This paper is purposed to scene search in TV program which allowed end-user can be define the pattern. Every user has different interests in TV program. Our scheme focuses on fixed background recognition. The process of this paper divided two parts; the first part is user interaction that consist manual definition of pattern and pattern matching inside video file. The second part is definition to use automatic pattern assistance tool. Simulated with Japanese baseball game, the system can search the scene following the pattern.