Waleed W. Smari

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other adopted models, ABAC provides more granularity, scalability, and flexibility. This makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the Internet. On the other hand, the basic ABAC model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. This paper presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. Several aspects of the proposed model are implemented and illustrated by a case study that shows realistic ABAC policies in the domain of distributed multiple organizations crisis management systems. Furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. The prototype shows how it guarantees the privacy of objects attributes, taking into account the trust of the subjects. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.

On a collaborative commerce framework and architecture for next generation commerce

Collaborative commerce (or c-commerce) can be regarded as the next evolutionary step beyond the more basic process of electronic commerce (or e-commerce). It is an emerging area that is based on interactions enabled by Internet technology. It offers many levels of coordination, collaborative interactions and cooperation among or within organizations, and between individuals. C-commerce requires the establishment of dynamic collaborative environments over the Internet. In a collaborative environment, organizations and individuals can work together, share sensitive information, protect their privacy, and collaborate on activities and projects efficiently and effectively. This paper presents an overview of some principal concepts and definitions of c-commerce, and proposes an intelligent collaborative commerce (ICC) system architecture. The core component of the ICC architecture is a collaborative Web portal which can be used with existing e-commerce systems. We then describe each block in the collaborative Web portal component as well as the layers of Web services envisioned and their functions. The architecture can be implemented in a variety of network-centric scenarios, which form the basis for future work and further development

Toward an integrated human-centered knowledge-based collaborative decision making system

Collaboration and the use of knowledge in collaborative decision-making are fundamental to all organizational processes, and have been the subject of research in management and in decision and computer sciences for years. More recently, it has become necessary to integrate human-centered designs and groupwork practices with other aspects of collaborative systems to ensure higher levels of human involvement in task processes. Human-centered systems not only allow greater involvement, but require higher user friendliness, end-user satisfaction, learnability, and so on. In addition to the aforementioned advantages, human involvement enables the system to capture a wider context, create more knowledge and enhance its collaborative and decision making abilities. Therefore, it is necessary to develop a good balance and integration of the human aspects with enabling technologies for knowledge and decision making. This paper presents human-centered decision-making system (HUDS), an architecture for collaborative decision making in a knowledge based system with active human involvement. We discuss its architecture and concentrate on its main features, namely, decision making, knowledge management, and human computer interaction. We also present case studies that can be used to validate our architecture and to show how information and knowledge flow through the designed system. This architecture can be implemented in a variety of networked scenarios which form the basis of our future work and further development.

Security and Access Control for a Human-centric Collaborative Commerce System

The rise of globally distributed computer based workspaces has enabled the incorporation of collaboration in electronic commerce (e-Commerce) systems. Working in collaborative environments with e-Commerce technologies leads to the subject of collaborative commerce (or c-Commerce). C-Commerce creates dynamic collaboration and harnesses organizations’ information and knowledge base into a computer-based framework to support personalized access to potentially all participants and information in a given community. One of the main concerns in such a system is security and control of access. Many distributed organizations and individuals want to work together and share their information and knowledge in the process. At the same time, they need to protect their privacy and sensitive information and establish proper protocols for access and sharing activities. This paper discusses a human-centered collaborative commerce system (HCCS) and its security and access control design. Specifically, it presents three security modules and components that will support collaborative exchange and processes. We, then, introduce an improved access control method and algorithm which is role-, group-, and task-based (RGT-based access control) that ensures information and resources access efficiently. Developing further access control algorithms and implementations will be considered in a variety of case studies in future work.

Efficient Handling of Changes in Dynamic Workflow Systems

Workflow systems have been used in collaborative environments for many years to assist individuals and organizations to organize project executions and carry out work sequences. Two conflicting goals are argued in the literature regarding workflow systems: the need to provide efficient flexibility in terms of capabilities to handle changing situations and the need for control without creating high overhead. For this reason, current research in workflow systems concentrates primarily on making the workflows flexible to changes in processes. In this paper, we present an approach to handle changes in dynamic workflow systems. First, we introduce efficient change handling algorithms that will incorporate certain modifications that must be made in the current workflow, and based on the results, a new workflow will be generated accordingly. Then we introduce a case study to validate our algorithms. Finally, we simulate and compare the proposed algorithms with existing ones to show the level of improvement that can be achieved.

Trust and privacy in attribute based access control for collaboration environments

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other up-to-date models, ABAC provides more granularity, scalability, and flexibility, which make it a valuable candidate for securing collaboration between organizations, especially over an open network such as the Internet. On the other hand, this model lacks provisions for trust and privacy issues, both of which are becoming increasingly critical, particularly in collaboration environments. Recently, we proposed a preliminary model to address this gap [1]. This paper is a further discussion and development of how trust and privacy can be incorporated in the previously introduced ABAC model. In addition, we propose a structure for access control model that can cover most of real world access scenarios and schemes. The paper concludes with some remarks on implementation of such models along with possible future directions on evolution of access control models in general.

Sensors integration in a grid-based architecture for emergency management systems

The right information at the right time is a critical aspect in any emergency or disaster management activity. Decision making and efficiency are improved when based on complete information about the conditions of the affected area. Sensors integration in a grid-based infrastructure, through a service-oriented architecture and via the World Wide Web, allows for real-time access to information. In this paper, we survey and classify the types of sensors useful in emergency management systems (EMS), present a strategy to organize the sensory infrastructure, and propose a multi-organizational service based architecture that when exploiting the Web 2.0 technologies will support emergency management activities. Lastly, we discuss a scenario where this system is employed.

Multi-Agent Based Prototyping of Agriculture Robots

In this paper, we propose a multi-agents system for the simulation of prototypes for different agriculture robots that can be employed in the harvesting of a vineyard. We show that this prototyping method works well and is appropriate for a system involving several robots. We present the behaviors of each robot, their interactions and some scenarios for the testing of the system. Of specific interest is the cooperative behavior of the robots in such a task. Preliminary results indicate that some optimal choices toward the development of the harvesting system can be correctly identified based on these simulations. The choices can then be used when designing and building the system prototype.

Human Perspective Based Context Acquisition, Learning and Awareness in the Design of Context Aware Systems

Context and information awareness is generally driven by the choice of available data acquisition mechanisms. In context aware system design, sensors are the primary means for data acquisition. To make such systems effective, sensors need to provide data that is accurate and reflects real time situations and events. Such data is not always readily available and may require a considerable number of in-field experiments with prototypes to gather it. In the absence of good sensor data, the situation aware models and functionality become largely ineffective. This paper proposes the use of qualitative and quantitative information gathered from logs and user research to directly generate artificial sensor data and models or complement existing sensor acquisition techniques. Data obtained via a human perspective based approach is accurate in terms of scenario requirements and user preferences, and complements sensor based data very well. This approach is similar to end-user tailoring, and preference elicitation methodologies. Furthermore, this approach allows designers to generate models that can be evaluated first before narrowing down the selection of sensors, attributes, and implementation infrastructure, thus keeping the design cost low. We present this approach with the help of a case study that involves the design of interruption aware cell phone simulations. We also propose the need for using similar human perspective based approaches in scenarios where sensor data acquisition is not accurate or feasible

Team­-Based MAC Policy over Security-­Enhanced Linux

This paper presents an implementation of team-based access control policy (TMAC) using SELinux as mandatory access control mechanism for Linux operating systems. After explaining the particularities of TMAC in an elaborate example, the paper presents the XML TMAC format developed and introduces a visualization tool that allows a user to explore the TMAC policy. Furthermore, we discuss how this policy is projected under SELinux. Finally, we discuss the limitations of this implementation and propose further future developments.