Xianxian Li

Robust Image Hashing With Ring Partition and Invariant Vector Distance

Robustness and discrimination are two of the most important objectives in image hashing. We incorporate ring partition and invariant vector distance to image hashing algorithm for enhancing rotation robustness and discriminative capability. As ring partition is unrelated to image rotation, the statistical features that are extracted from image rings in perceptually uniform color space, i.e., CIE L*a*b* color space, are rotation invariant and stable. In particular, the Euclidean distance between vectors of these perceptual features is invariant to commonly used digital operations to images (e.g., JPEG compression, gamma correction, and brightness/contrast adjustment), which helps in making image hash compact and discriminative. We conduct experiments to evaluate the efficiency with 250 color images, and demonstrate that the proposed hashing algorithm is robust at commonly used digital operations to images. In addition, with the receiver operating characteristics curve, we illustrate that our hashing is much better than the existing popular hashing algorithms at robustness and discrimination.

Access control in peer-to-peer collaborative systems

As an emerging model of communication and computation, peer-to-peer networking represents a fully distributed, cooperative network design, and has recently gained significant acceptance. Peer groups share the properties of peer-to-peer overlay network, including full decentralization, symmetric abilities, and dynamism, which make security problems more complicated. In this paper, we propose a fine-grained and attribute-based access control framework for peer-to-peer systems. This design employs a novel policy model, which extends role-based trust management language RT to satisfy security requirements of peer groups. Intend for a pure decentralized model without centralized server, our framework presents distributed delegation authorization mechanism, which could avoid single point of failure. We also introduce our implementation experience.

Distributed access control in CROWN groups

Security in collaborative groups is an active research topic and has been recognized by many organizations in the past few years. In this paper, we propose a fine-grained and attribute-based access control framework for our key project, CROWN grid. To avoid single point of failure and enhance scalability of the system, we employ a distributed delegation authorization mechanism. We successfully implement our proposed access control in CROWN grid, and evaluate this approach by comprehensive experiments.

Dynamic Authentication for Cross-Realm SOA-Based Business Processes

Modern distributed applications are embedding an increasing degree of dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic resource acquisitions and service interactions across organizations. Such dynamism leads to new challenges in security and dependability. Collaborating services in a system with a Service-Oriented Architecture (SOA) may belong to different security realms but often need to be engaged dynamically at runtime. If their security realms do not have a direct cross-realm authentication relationship, it is technically difficult to enable any secure collaboration between the services. A potential solution to this would be to locate intermediate realms at runtime, which serve as an authentication path between the two separate realms. However, the process of generating an authentication path for two distributed services can be highly complicated. It could involve a large number of extra operations for credential conversion and require a long chain of invocations to intermediate services. In this paper, we address this problem by designing and implementing a new cross-realm authentication protocol for dynamic service interactions, based on the notion of service-oriented multiparty business sessions. Our protocol requires neither credential conversion nor establishment of any authentication path between the participating services in a business session. The correctness of the protocol is formally analyzed and proven, and an empirical study is performed using two production-quality Grid systems, Globus 4 and CROWN. The experimental results indicate that the proposed protocol and its implementation have a sound level of scalability and impose only a limited degree of performance overhead, which is for example comparable with those security-related overheads in Globus 4.

AutoSyn: A new approach to automated synthesis of composite web services with correctness guarantee

How to compose existing web services automatically and to guarantee the correctness of the design (e.g. freeness of deadlock and unspecified reception, and temporal constraints) is an important and challenging problem in web services. Most existing approaches require a detailed specification of the desired behaviors of a composite service beforehand and then perform certain formal verification to guarantee the correctness of the design, which makes the composition process both complex and time-consuming. In this paper, we propose a novel approach, referred to as AutoSyn to compose web services, where the correctness is guaranteed in the synthesis process. For a given set of services, a composite service is automatically constructed based on L* algorithm, which guarantees that the composite service is the most general way of coordinating services so that the correctness is ensured. We show the soundness and completeness of our solution and give a set of optimization techniques for reducing the time consumption. We have implemented a prototype system of AutoSyn and evaluated the effectiveness and efficiency of AutoSyn through an experimental study.

Drag reducing surface fabrication with deformed sharkskin morphology

The superiority of sharkskin is the consequence of nature selection and self-evolution. The nano/microhierarchical structure covering over sharkskin can match its living surroundings perfectly, whereas the best drag reducing effect cannot be implemented at all circumstances. Therefore, it is necessary to adjust the size and shape of sharkskin morphology to accommodate more potential flowing conditions. In this paper, the stretching deformed fabrication process of sharkskin surface is explored and investigated, and the super-hydrophobic and hydrodynamic drag reduction effect is inspected. The experimental results in the water tunnel indicate that the stretched sharkskin can expand the speed scope of applications with satisfactory drag reduction effect. Additionally, the drag reduction mechanism is explained and derived comprehensively, which has important significance to apprehend sharkskin effect.

A Personalized Privacy Preserving Method for Publishing Social Network Data

One of the most important concerns in publishing social network data for social science research and business analysis is to balance between the individual’s privacy protection and data utility. Recently, researchers have developed lots of privacy models and anonymous techniques to prevent re-identifying of relevant information of nodes through structure information of social networks, but most of the existing methods did not cater for the individuals’ personalized privacy requirements and did not take full advantage of distributed characteristics of the social network nodes. Motivated by this, we specify three types of privacy attributes for various individuals and develop a personalized k-degree-l-diversity (PKDLD) anonymity model. Furthermore, we design and implement a graph anonymization algorithm with less distortion to the properties of the original graph. Finally, we conduct experiments on some real-world datasets to evaluate the practical efficiency of our methods, and the experimental results show that our algorithm reduces the anonymous cost efficiently and improves the data utility.

Personalized Privacy Protection for Transactional Data

Privacy protection in publication of transactional data is an important problem. However,the bulk of existing methods focus on a universal approach that exerts the same amount of preservation for all users and all sensitive values, without considering different requirements of users and different sensitivity of concrete attribute values. Motivated by this, we introduce a framework which provides personalized privacy protection based on the form of bipartite graphs via partition and generalization. Our approach can preserve privacy of sensitive associations between entities and retain the largest amount of nonsensitive associations to provide better data utility. Experiments have been performed on real-life data sets to measure the accuracy of answering aggregate queries. Experimental results show that our approach offer strong tradeoffs between privacy and utility.

A Clustering-Based Bipartite Graph Privacy-Preserving Approach for Sharing High-Dimensional Data

Driven by mutual benefits, there is a demand for transactional data sharing among organizations or parties for research or business analysis purpose. It becomes an essential concern to provide privacy-preserving data sharing and meanwhile maintain data utility, due to the fact that transactional data may contain sensitive personal information. Existing privacy-preserving methods, such as k-anonymity and l-diversity, cannot handle high-dimensional sparse data well, since they would bring about much data distortion in the anonymization process. In this paper, we use bipartite graphs with node attributes to model high-dimensional sparse data, and then propose a privacy-preserving approach for sharing transactional data in a new vision, in which the bipartite graph is anonymized into a weighted bipartite graph by clustering node attributes. Our approach can maintain privacy of the associations between entities and resist certain attackers with knowledge of partial items. Experiments have been performed on real-life data sets to measure the information loss and the accuracy of answering aggregate queries. Experimental results show that the approach improves the balance of performance between privacy protection and data utility.

Dynamic Cross-Realm Authentication for Multi-Party Service Interactions

Modern distributed applications are embedding an increasing degree of dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic service interactions across organisations. Such dynamism leads to new security challenges. Collaborating services may belong to different security realms but often have to be engaged dynamically at run time. If their security realms do not have in place a direct cross-realm authentication relationship, it is technically difficult to enable any secure collaboration between the services. A typical solution to this is to locate at run time intermediate realms that serve as an authentication-path between the two separate realms. However, the process of generating an authentication path for two distributed services can be very complex. It could involve a large number of extra operations for credential conversion and require a long chain of invocations to intermediate services. In this paper, we address this problem by presenting a new cross-realm authentication protocol for dynamic service interactions, based on the notion of multi-party business sessions. Our protocol requires neither credential conversion nor establishment of any authentication path between session members. The correctness of the protocol is analysed, and a comprehensive empirical study is performed using two production quality grid systems, Globus 4 and CROWN. The experimental results indicate that our protocol and its implementation have a sound level of scalability and impose only a limited degree of performance overhead, which is comparable with those security-related overheads in Globus 4.