Pelin Angin

An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing

Entities (e.g., users, services) have to authenticate themselves to service providers (SPs) in order to use their services. An entity provides personally identifiable information (PII) that uniquely identifies it to an SP. In the traditional application-centric Identity Management (IDM) model, each application keeps trace of identities of the entities that use it. In cloud computing, entities may have multiple accounts associated with different SPs, or one SP. Sharing PIIs of the same entity across services along with associated attributes can lead to mapping of PIIs to the entity. We propose an entity-centric approach for IDM in the cloud. The approach is based on: (1) active bundles—each including a payload of PII, privacy policies and a virtual machine that enforces the policies and uses a set of protection mechanisms to protect themselves, (2) anonymous identification to mediate interactions between the entity and cloud services using entity’s privacy policies. The main characteristics of the approach are: it is independent of third party, gives minimum information to the SP and provides ability to use identity data on untrusted hosts.

A Mobile-Cloud Collaborative Traffic Lights Detector for Blind Navigation

Context-awareness is a critical aspect of safe navigation especially for the blind and visually impaired in unfamiliar environments. Existing mobile devices for context-aware navigation fall short in many cases due to their dependence on specific infrastructure requirements as well as having limited access to resources that could provide a wealth of contextual clues. In this paper, we propose a mobile-cloud collaborative approach for context-aware navigation by exploiting the computational power of resources made available by Cloud Computing providers as well as the wealth of location-specific resources available on the Internet. We propose an extensible system architecture that minimizes reliance on infrastructure, thus allowing for wide usability. We present a traffic light detector that we developed as an initial application component of the proposed system. We present preliminary results of experiments performed to test the appropriateness for the real-time nature of the application.

A simulation study of ad hoc networking of UAVs with opportunistic resource utilization networks

Specialized ad hoc networks of unmanned aerial vehicles (UAVs) have been playing increasingly important roles in applications for homeland defense and security. Common resource virtualization techniques are mainly designed for stable networks; they fall short in providing optimal performance in more dynamic networks-such as mobile ad hoc networks (MANETs)-due to their highly dynamic and unstable nature. We propose application of Opportunistic Resource Utilization Networks (Oppnets), a novel type of MANETs, for UAV ad hoc networking. Oppnets provide middleware to facilitate building flexible and adaptive distributed systems that provide all kinds of resources or services to the requesting application via a helper mechanism. We simulated a homeland defense use case for Oppnets that involves detecting a suspicious watercraft. Our simulation compares performance of an Oppnet with a baseline case in which no Oppnet is used. The simulation results show that Oppnets are a promising framework for high-performance ad hoc UAV networking. They provide excellent performance even under imperfect (and realistic) conditions, such as a less invasive use of helpers, denial of help by some of the candidate helpers, and imperfect detection capabilities of Oppnet components.

Extending the Agile Development Process to Develop Acceptably Secure Software

The agile software development approach makes developing secure software challenging. Existing approaches for extending the agile development process, which enables incremental and iterative software development, fall short of providing a method for efficiently ensuring the security of the software increments produced at the end of each iteration. This article (a) proposes a method for security reassurance of software increments and demonstrates it through a simple case study, (b) integrates security engineering activities into the agile software development process and uses the security reassurance method to ensure producing acceptably secure-by the business owner-software increments at the end of each iteration, and (c) discusses the compliance of the proposed method with the agile values and its ability to produce secure software increments.

A Computational Dynamic Trust Model for User Authorization

Development of authorization mechanisms for secure information access by a large community of users in an open environment is an important problem in the ever-growing Internet world. In this paper we propose a computational dynamic trust model for user authorization, rooted in findings from social science. Unlike most existing computational trust models, this model distinguishes trusting belief in integrity from that in competence in different contexts and accounts for subjectivity in the evaluation of a particular trustee by different trusters. Simulation studies were conducted to compare the performance of the proposed integrity belief model with other trust models from the literature for different user behavior patterns. Experiments show that the proposed model achieves higher performance than other models especially in predicting the behavior of unstable users.

A Shrinkage Approach for Modeling Non-stationary Relational Autocorrelation

Recent research has shown that collective classification in relational data often exhibit significant performance gains over conventional approaches that classify instances individually. This is primarily due to the presence of autocorrelation in relational datasets, meaning that the class labels of related entities are correlated and inferences about one instance can be used to improve inferences about linked instances. Statistical relational learning techniques exploit relational autocorrelation by modeling global autocorrelation dependencies under the assumption that the level of autocorrelation is stationary throughout the dataset. To date, there has been no work examining the appropriateness of this stationarity assumption. In this paper, we examine two real-world datasets and show that there is significant variance in the autocorrelation dependencies throughout the relational data graphs. We develop a shrinkage technique for modeling this non-stationary autocorrelation and show that it achieves significant accuracy gains over competing techniques that model either local or global autocorrelation dependencies in isolation.

A Self-Cloning Agents Based Model for High-Performance Mobile-Cloud Computing

The rise of the mobile-cloud computing paradigm in recent years has enabled mobile devices with processing power and battery life limitations to achieve complex tasks in real-time. While mobile-cloud computing is promising to overcome the limitations of mobile devices for real-time computing, the lack of frameworks compatible with standard technologies and techniques for dynamic performance estimation and program component relocation makes it harder to adopt mobile-cloud computing at large. Most of the available frameworks rely on strong assumptions such as the availability of a full clone of the application code and negligible execution time in the cloud. In this paper, we present a dynamic computation offloading model for mobile-cloud computing, based on autonomous agents. Our approach does not impose any requirements on the cloud platform other than providing isolated execution containers, and it alleviates the management burden of offloaded code by the mobile platform using stateful, autonomous application partitions. We also investigate the effects of different cloud runtime environment conditions on the performance of mobile-cloud computing, and present a simple and low-overhead dynamic make span estimation model integrated into autonomous agents to enhance them with self-performance evaluation in addition to self-cloning capabilities. The proposed performance profiling model is used in conjunction with a cloud resource optimization scheme to ensure optimal performance. Experiments with two mobile applications demonstrate the effectiveness of the proposed approach for high-performance mobile-cloud computing.

An End-to-End Security Auditing Approach for Service Oriented Architectures

Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement of multiple service providers in a service request. The interactions of independent service domains in SOA could violate service policies or SLAs. In addition, users in SOA systems have no control on what happens in the chain of service invocations. Although the establishment of trust across all involved partners is required as a prerequisite to ensure secure interactions, still a new end-to-end security auditing mechanism is needed to verify the actual service invocations and its conformance to the expected service orchestration. In this paper, we provide an efficient solution for end-to-end security auditing in SOA. The proposed security architecture introduces two new components called taint analysis and trust broker in addition to taking advantages of WS-Security and WS-Trust standards. The interaction of these components maintains session auditing and dynamic trust among services. This solution is transparent to the services, which allows auditing of legacy services without modification. Moreover, we have implemented a prototype of the proposed approach and verified its effectiveness in a LAN setting and the Amazon EC2 cloud computing infrastructure.

Impact of Initial Target Position on Performance of UAV Surveillance Using Opportunistic Resource Utilization Networks

We propose application of Opportunistic Resource Utilization Networks (Oppnets), a novel type of Mobile Ad Hoc NETworks (MANETs), for ad hoc networking of Unmanned Aerial Vehicles (UAVs) in surveillance missions. Oppnets provide effective resource virtualization and adaption to highly dynamic and unstable nature of MANETs. They can be viewed as middleware to facilitate building flexible and adaptive distributed systems that provide all kinds of resources or services to the requesting application via the so called helper mechanism. The simulation study focuses on the impact of an initial target position on the performance of Oppnet-based UAV surveillance systems. We find that detection success ratios and time to detect a target are negligibly affected by the initial target position in the surveillance area when UAVs expand up their Oppnet quickly, but strongly affected by the initial target position when UAVs are slow in building up their Oppnet.

A Case for Societal Digital Security Culture

Information and communication technology systems, such as remote health care monitoring and smart mobility applications, have become indispensable parts of our lives. Security vulnerabilities in these systems could cause financial losses, privacy/safety compromises, and operational interruptions. This paper demonstrates through examples, that technical security solutions for these information systems, alone, are not sufficient to protect individuals and their assets from attacks. It proposes to complement (usable) technical solutions with Societal Digital Security Culture (SDSC): collective knowledge, common practices, and intuitive common behavior about digital security that the members of a society share. The paper also suggests a set of approaches for improving SDSC in a society and demonstrates using a case study how the suggested approaches could be integrated to compose a plan for improving SDSC.