Ravi Mukkamala

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.

Integrating security and real-time requirements using covert channel capacity

Database systems for real-time applications must satisfy timing constraints associated with transactions in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multi-level security requirements introduce a new dimension to transaction processing in real-time database systems. In this paper, we argue that, due to the conflicting goals of each requirement, tradeoffs need to be made between security and timeliness. We first define mutual information, a measure of the degree to which security is being satisfied by a system. A secure two-phase locking protocol is then described and a scheme is proposed to allow partial violations of security for improved timeliness. Analytical expressions for the mutual information of the resultant covert channel are derived, and a feedback control scheme is proposed that does not allow the mutual information to exceed a specified upper bound. Results showing the efficacy of the scheme obtained through simulation experiments are also discussed.

Supporting security requirements in multilevel real-time databases

Database systems for real-time applications must satisfy timing constraints associated with transactions, in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems. We argue that due to the conflicting goals of each requirement, trade-offs need to be made between security and timeliness. We first define capacity, a measure of the degree to which security is being satisfied by a system. A secure two-phase locking protocol is then described and a scheme is proposed to allow partial violations of security for improved timeliness. The capacity of the resultant covert channel is derived and a feedback control scheme is proposed that does not allow the capacity to exceed a specified upper bound.<<ETX>>

Towards Energy Efficient Change Management in a Cloud Computing Environment

The continuously increasing cost of managing IT systems has led many companies to outsource their commercial services to external hosting centers. Cloud computing has emerged as one of the enabling technologies that allow such external hosting efficiently. Like any IT environment, a Cloud Computing environment requires high level of maintenance to be able to provide services to its customers. Replacing defective items (hardware/software), applying security patches, or upgrading firmware are just a few examples of the typical maintenance procedures needed in such environments. While taking resources down for maintenance, applying efficient change management techniques is a key factor to the success of the cloud. As energy has become a precious resource, research has been conducted towards devising protocols that minimize energy consumption in IT systems. In this paper, we propose a pro-active energy efficient technique for change management in cloud computing environments. We formulate the management problem into an optimization problem that aims at minimizing the total energy consumption of the cloud. Our proposed approach is pro-active in the sense that it takes prior SLA (Service Level Agreement) requests into account while determining time slots in which changes should take place.

Multilevel secure transaction processing: status and prospects

Since 1990, transaction processing in multilevel secure database management systems (DBMSs) has been receiving a great deal of attention from the database research community. Transaction processing in these systems requires modification of conventional scheduling algorithms and commit protocols. These modifications are necessary because preserving the usual transaction properties when transactions are executing at different security levels often conflicts with the enforcement of the security policy. Considerable effort has been devoted to the development of efficient, secure algorithms for the major types of secure DBMS architectures: kernelized, replicated, and distributed. An additional problem that arises uniquely in multilevel secure DBMSs is that of secure, correct execution when data at multiple security levels must be written within one transaction. Significant progress has been made in a number of these areas, and a few of the techniques have been incorporated into commercial trusted DBMS products. However, there are many open problems remain to be explored. This paper reviews the achievements to date in transaction processing for multilevel secure DBMSs. The paper provides an overview of transaction processing needs and solutions in conventional DBMSs as background, explains the constraints introduced by multilevel security, and then describes the results of research in multilevel secure transaction processing. Research results and limitations in concurrency control, multilevel transaction management, and secure commit protocols are summarized. Finally, important new areas are identified for secure transaction processing research.

Using semantics for automatic enforcement of access control policies among dynamic coalitions

In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

Mosaic p XTV = CoReview

Abstract CoReview, an interactive document and data retrieval tool, has been developed to provide a seamless environment to assist evaluation by groups and individuals, distributed across the Internet, to interact on the progression of a project. It can also assist individuals to interactively put together a document in a collaborative manner. CoReview is based on the strengths of the World-Wide Web server, Mosaic, and XTV, an X-Window teleconferencing system. While Mosaic will be used to manage the project documents and reviewer annotation files involved in proposals and their evaluation, XTV will aid us in real-time remote collaboration among a group of users. CoReview incorporates the XTV features into a user friendly graphical interface and enables Mosaic to be shared by multiple networked participants. The system architecture embeds the concept of a chair and a set of participants for each document to be managed. The CoReview chair manages the shared resources. CoReview allows for easy creation of a pool of reviewers or proposal writers and automates the process of creating the necessary infrastructure—daemons and directories—at the needed sites.

Design of partially replicated distributed database systems: an integrated methodology

The objective of this research is to develop and integrate tools for the design of partially replicated distributed database systems. Many existing tools are inappropriate for designing large-scale distributed databases due to their large computational requirements. Our goal is to develop tools that solve the design problems reasonably quickly, typically by using heuristic algorithms that provide approximate or near-optimal solutions. In developing this design methodology, we assume that information regarding the types of user requests and their rates of arrival into the system is known a priori. The methodology assumes a general model for transaction execution. In this paper we discuss three aspects of the design methodology: the data allocation problem, the use of a static load-balancing scheme in coordination with the allocation scheme, and the design evaluation and review step. Our methodology employs iterative design techniques using performance evaluation as a means to iterate.

CKDS: an efficient combinatorial key distribution scheme for wireless ad-hoc networks

Computing and communications in wireless ad hoc networks (WAHNs) generally require collaboration among groups of peers. This, in addition to a growing number of group applications over WAHNs, have motivated research in secure group communication services as a means for efficient and secure communications in WAHNs. Key distribution is at the heart of secure group communications. Existing key distribution schemes, designed for infrastructure networks, tend to be inappropriate for the infrastructure-less WAHNs. Also, most of these schemes assume network-level multicast which is difficult to implement in WAHNs. We propose a new efficient and scalable combinatorial key distribution scheme (CKDS) to support secure group communications in WAHNs. CKDS partitions nodes over a virtual Cartesian key space and uses combinatorial exclusion basis systems for key distribution over application-level multicast. We employ a fully distributed unicast key distribution underlying a virtual application-level multicast infrastructure. Two variants of CKDS are proposed, namely, m-dimensional multicast and 2D multicast. Performance analysis shows that these schemes achieve lower network traffic overhead as well as lower computational overhead per node compared to other unicast key distribution schemes in WAHNs. We also show our scheme to be scalable with respect to both computational and storage needs.

Deep convolutional neural networks for annotating gene expression patterns in the mouse brain

BackgroundProfiling gene expression in brain structures at various spatial and temporal scales is essential to understanding how genes regulate the development of brain structures. The Allen Developing Mouse Brain Atlas provides high-resolution 3-D in situ hybridization (ISH) gene expression patterns in multiple developing stages of the mouse brain. Currently, the ISH images are annotated with anatomical terms manually. In this paper, we propose a computational approach to annotate gene expression pattern images in the mouse brain at various structural levels over the course of development.ResultsWe applied deep convolutional neural network that was trained on a large set of natural images to extract features from the ISH images of developing mouse brain. As a baseline representation, we applied invariant image feature descriptors to capture local statistics from ISH images and used the bag-of-words approach to build image-level representations. Both types of features from multiple ISH image sections of the entire brain were then combined to build 3-D, brain-wide gene expression representations. We employed regularized learning methods for discriminating gene expression patterns in different brain structures. Results show that our approach of using convolutional model as feature extractors achieved superior performance in annotating gene expression patterns at multiple levels of brain structures throughout four developing ages. Overall, we achieved average AUC of 0.894 ± 0.014, as compared with 0.820 ± 0.046 yielded by the bag-of-words approach.ConclusionsDeep convolutional neural network model trained on natural image sets and applied to gene expression pattern annotation tasks yielded superior performance, demonstrating its transfer learning property is applicable to such biological image sets.