Michael Hitchens

Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage

With the rapid developments occurring in cloud computing and services, there has been a growing trend to use the cloud for large-scale data storage. This has raised the important security issue of how to control and prevent unauthorized access to data stored in the cloud. One well known access control model is the role-based access control (RBAC), which provides flexible controls and management by having two mappings, users to roles and roles to privileges on data objects. In this paper, we propose a role-based encryption (RBE) scheme that integrates the cryptographic techniques with RBAC. Our RBE scheme allows RBAC policies to be enforced for the encrypted data stored in public clouds. Based on the proposed scheme, we present a secure RBE-based hybrid cloud storage architecture that allows an organization to store data securely in a public cloud, while maintaining the sensitive information related to the organizations structure in a private cloud. We describe a practical implementation of the proposed RBE-based architecture and discuss the performance results. We demonstrate that users only need to keep a single key for decryption, and system operations are efficient regardless of the complexity of the role hierarchy and user membership in the system.

Enforcing Role-Based Access Control for Secure Data Storage in the Cloud

In recent times, there has been increasing interest in storing data securely in the cloud environment. To provide owners of data stored in the cloud with flexible control over access to their data by other users, we propose a role-based encryption (RBE) scheme for secure cloud storage. Our scheme allows the owner of data to store it in an encrypted form in the cloud and to grant access to that data for users with specific roles. The scheme specifies a set of roles to which the users are assigned, with each role having a set of permissions. The data owner can encrypt the data and store it in the cloud in such a way that only users with specific roles can decrypt the data. Anyone else, including the cloud providers themselves, will not be able to decrypt the data. We describe such an RBE scheme using a broadcast encryption algorithm. The paper describes the security analysis of the proposed scheme and gives proofs showing that the proposed scheme is secure against attacks. We also analyse the efficiency and performance of our scheme and show that it has superior characteristics compared with other previously published schemes.

Security for cluster based ad hoc networks

A mobile ad hoc network is a short-lived cooperative collection of mobile nodes that communicate with each other without the services of a fixed infrastructure. Each host acts as a specialised router to relay information to other nodes. Near-Term Digital Radio (NTDR) networks, which follow the cluster based design principles, are designed specifically for use in ad hoc networks. A major challenge in the design of these networks is their vulnerability to security attacks. In this paper, we describe the security threats and propose security services to counteract these threats in cluster-based NTDR ad hoc networks. We describe secure schemes for a mobile node to initiate, join and leave a cluster. We also discuss the secure end-to-end communication and group key management related issues for NTDR networks.

Tower: A Language for Role Based Access Control

A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures of RBAC, such as role, users and permission, are present in the language as basic constructs. Examples are given in the language of access control situations, such as static and dynamic separation of duty, delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.

Design and specification of role based access control policies

The authors describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. They discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. The basic constructs of the language are discussed and the language is used to specify several access control policies such as role based access control; static and dynamic separation of duty delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations, and it is often these features which are significant when it comas to the applicability of an access control system to practical real situations.

Live Action Role-Playing Games Control, Communication, Storytelling, and MMORPG Similarities

Live action role-playing games share a range of characteristics with massively multi-player online games (MMOGs). Because these games have existed for more than 20 years, players of these games have a substantial amount of experience in handling issues pertinent to MMOGs. Survey and review of live action role-playing games, whose participant count can be in the thousands, reveal that features such as size, theme, game master-to-player ratio, and others interact to form complex systems that require several different groups of control tools to manage. The way that these games are managed offers a variety of venues for further research into how these management techniques can be applied to MMOGs.

A new process migration algorithm

Process migration has been advocated as a means of improving the load balancing and reliability of distributed systems. This paper reviews the major design issues for process migration algorithms, such as the amount of state information to be transferred and times at which information should be transferred. This examination demonstrates the existence of a process migration algorithm which has not previously been documented. After describing existing algorithms, the new algorithm is given and compared to the other algorithms. The new algorithm promises better load balancing results while avoiding residual dependencies

Motivations for play in computer role-playing games

In this paper the motivations for play in the context of single- and multi-player digital Role-Playing Games (RPGs) are examined. Survey data were drawn from respondents online and participants in a related experimental study. The results indicate that motivations for play are not simple constructs, but rather composed of multiple motivational drivers that are heavily interrelated and act in concert. Character uniqueness and Discovery & Immersion were the highest ranked motivational categories. Different levels of detail in motivations for playing single-/multi-Player RPGs were located, with mechanistic/tactical play and character-based/social play being the two overall motivational factors.

Property Based Attestation and Trusted Computing: Analysis and Challenges

Trusted computing attestation mechanism relies on hash measurements to realize remote party attestation in distributed systems. Property based attestation enables more meaningful attestation by abstracting low level binary values to high level security properties or functions of systems. The contribution of this paper is two fold. In the first part of the paper, we provide an analysis of the different types of property based attestation mechanisms that have been proposed in the recent years. We categorize these mechanisms as derivation based, delegation based and enforcement based and analyze each of them with a particular focus on their limitations. In the second part, we provide a list of challenges for property based attestation. We believe this to be an useful exercise to help better understand the issues that limit the practical applicability of property based attestation in real world systems.

Managing emergent character-based narrative

In this paper, we consider the role of narrative management in a character-based emergent narrative framework. The paper defines the problem and considers related work. It evaluates the role of the Game Master in non computer-based role-playing games and presents two initial implementations of a story facilitator within a character-based system using the FAtiMA agent architecture. Finally it considers what further work is required.