The veracity and secrecy of medical information which is transacted over the Internet
is vulnerable to attack. But the transaction of such details is mandatory in order to avail the
luxury of medical services anywhere, anytime. Especially in a web service enabled system for
hospital management, it becomes necessary to address these security issues. It is mandatory that
the services guarantee message delivery to software applications, with a chosen level of quality
of service (QoS). This paper presents a VDM++ based specification for modelling a security
framework for web services with non repudiation to ensure that a party in a dispute cannot
repudiate, or refute the validity of a statement or contract and it is ensured that the transaction
happens in a reliable manner. This model presents the procedure and technical options to have a
secure communication over Internet with web services. Based on the model the Medi - Helper is
developed to use the technologies of WS-Security, WS-Reliability and WS-Policy, WSRN in
order to create encrypted messages so that the Patient’s medical records are not tampered with
when relayed over Internet, and are sent in a reliable manner. In addition to authentication,
integrity, confidentiality, as proposed in this paper security framework for healthcare based web
services is equipped with non repudiation which is not inclusive in many existing frameworks.
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
This document discusses trust-based access control models for web services. It provides an overview of web services and security issues, then reviews existing access control models including role-based access control and attribute-based access control. It also discusses concepts of trust management and how trust is used in various trust-based web services access control models to determine whether to grant access to requesters based on their trust level. Finally, it examines how trust levels are calculated and how policies are represented in these trust-based models.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking “secrecy†and “quality†of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
Bluedog white paper - Our WebObjects Web Security Modeltom termini
At Bluedog, our seminal product, Workbench “Always on the Job!” social collaboration SAAS platform is secured the way we have architected all our three-tier Java-based web applications. We secure the application with input validation, a core authentication authorization framework based on LDAP and JINDI, configuration management that ensures testing for vulnerabilities, and strong use of cryptography. In addition, we utilize session management, exception control, auditing and logging to ensure security of the app and web services.
We also secure our routers and other aspects of the network as well as securing the host servers (patching, account management, directory access, and port monitoring). Most importantly, we design our WebObject web applications securely from the get-go.
Securing multi-tenancy systems through multi DB instances and multiple databa...IJECEIAES
Use of the same application by multiple users through internet as a service is supported by cloud computing system. Both the user and attacker stay in the same machine as both of them are users of the same application creating an in-secure environment. Service must ensure secrecy both at the application and data layer level. Data isolation and Application isolation are two basic aspects that must be ensured to cater for security as desired by the clients that accesses the service. In this paper a more secured mechanism has been presented that help ensuring data isolation and security when Multi-tenancy of the users to the same service has been implemented.
Analyzing and Surveying Trust In Cloud Computing Environmentiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
CREDIT BASED METHODOLOGY TO DETECT AND DISCRIMINATE DDOS ATTACK FROM FLASH CR...IJNSA Journal
The latest trend in the field of computing is the migration of organizations and offloading the tasks to
cloud. The security concerns hinder the widespread acceptance of cloud. Of various, the DDoS in cloud is
found to be the most dangerous. Various approaches are there to defend DDoS in cloud, but have lots of
pitfalls. This paper proposes a new reputation-based framework for mitigating the DDoS in cloud by
classifying the users into three categories as well-reputed, reputed and ill-reputed based on credits. The
fact that attack is fired by malicious programs installed by the attackers in the compromised systems and
they exhibit similar characteristics used for discriminating the DDoS traffic from flash crowds. Credits of
clients who show signs of similarity are decremented. This reduces the computational and storage
overhead. This proposed method is expected to take the edge off DDoS in a cloud environment and ensures
full security to cloud resources. CloudSim simulation results also proved that the deployment of this
approach improved the resource utilization with reduced cost.
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
This document proposes a Shared Authority based Privacy preserving Authentication protocol (SAPA) for handling privacy issues in cloud storage. SAPA achieves shared access authority through an anonymous access request matching mechanism. It applies attribute-based access control to allow users to reliably access their own data fields. It also uses proxy re-encryption to provide temporary authorized data sharing among multiple users. The goal is to preserve user privacy during data access and sharing in the cloud.
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
This document discusses trust-based access control models for web services. It provides an overview of web services and security issues, then reviews existing access control models including role-based access control and attribute-based access control. It also discusses concepts of trust management and how trust is used in various trust-based web services access control models to determine whether to grant access to requesters based on their trust level. Finally, it examines how trust levels are calculated and how policies are represented in these trust-based models.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking “secrecy†and “quality†of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
Bluedog white paper - Our WebObjects Web Security Modeltom termini
At Bluedog, our seminal product, Workbench “Always on the Job!” social collaboration SAAS platform is secured the way we have architected all our three-tier Java-based web applications. We secure the application with input validation, a core authentication authorization framework based on LDAP and JINDI, configuration management that ensures testing for vulnerabilities, and strong use of cryptography. In addition, we utilize session management, exception control, auditing and logging to ensure security of the app and web services.
We also secure our routers and other aspects of the network as well as securing the host servers (patching, account management, directory access, and port monitoring). Most importantly, we design our WebObject web applications securely from the get-go.
Securing multi-tenancy systems through multi DB instances and multiple databa...IJECEIAES
Use of the same application by multiple users through internet as a service is supported by cloud computing system. Both the user and attacker stay in the same machine as both of them are users of the same application creating an in-secure environment. Service must ensure secrecy both at the application and data layer level. Data isolation and Application isolation are two basic aspects that must be ensured to cater for security as desired by the clients that accesses the service. In this paper a more secured mechanism has been presented that help ensuring data isolation and security when Multi-tenancy of the users to the same service has been implemented.
Analyzing and Surveying Trust In Cloud Computing Environmentiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
CREDIT BASED METHODOLOGY TO DETECT AND DISCRIMINATE DDOS ATTACK FROM FLASH CR...IJNSA Journal
The latest trend in the field of computing is the migration of organizations and offloading the tasks to
cloud. The security concerns hinder the widespread acceptance of cloud. Of various, the DDoS in cloud is
found to be the most dangerous. Various approaches are there to defend DDoS in cloud, but have lots of
pitfalls. This paper proposes a new reputation-based framework for mitigating the DDoS in cloud by
classifying the users into three categories as well-reputed, reputed and ill-reputed based on credits. The
fact that attack is fired by malicious programs installed by the attackers in the compromised systems and
they exhibit similar characteristics used for discriminating the DDoS traffic from flash crowds. Credits of
clients who show signs of similarity are decremented. This reduces the computational and storage
overhead. This proposed method is expected to take the edge off DDoS in a cloud environment and ensures
full security to cloud resources. CloudSim simulation results also proved that the deployment of this
approach improved the resource utilization with reduced cost.
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
This document proposes a Shared Authority based Privacy preserving Authentication protocol (SAPA) for handling privacy issues in cloud storage. SAPA achieves shared access authority through an anonymous access request matching mechanism. It applies attribute-based access control to allow users to reliably access their own data fields. It also uses proxy re-encryption to provide temporary authorized data sharing among multiple users. The goal is to preserve user privacy during data access and sharing in the cloud.
Secure Architecture Evaluation for Agent Based Web Service DiscoveryIDES Editor
The document proposes an agent-based architecture for secure web service discovery. It evaluates using agents to negotiate a mutually acceptable security policy between a service consumer and provider based on their security requirements. The architecture includes a discovery agent that finds services matching a consumer's criteria. A security agent describes the provider's security needs. The process involves the consumer and provider combining their security policies and the discovery agent returning matched services. The document evaluates the architecture using the ATAM method, identifying quality attributes, risks, and tradeoffs.
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
This document summarizes an article from the International Journal of Computer Networks and Communications Security about developing service level agreement (SLA) based information security metrics for cloud computing using the COBIT framework. The article discusses how information security metrics can help cloud customers and providers measure and improve security. It also explains that while SLAs are commonly used to measure performance, they do not typically address information security risks. The article proposes using elements of the COBIT framework to build SLA-based information security metrics for cloud computing.
This document discusses security considerations for web services. It begins by defining key terms like web services, SOAP, WSDL, UDDI, and ebXML. It then discusses the goals of security like confidentiality, integrity, accountability and availability. Next, it covers requirements for web services security like authentication, authorization, cryptography, and accountability. It introduces the concept of Enterprise Application Security Integration (EASI) to provide a common security framework across different tiers. EASI requires perimeter security between clients and web servers, mid-tier security between application components, and back-office security for databases. The document concludes that web services should be designed according to enterprise application security architecture principles.
Performance Enhancement of VNSIP approach, using MCAC algorithmijcncs
This document summarizes a research paper that proposes improvements to an existing approach called VNSIP that aims to enable deployment of the SIP protocol in mobile ad hoc networks (MANETs). It presents a new algorithm called MCAC (MANET Call Admission Control) that aims to improve VNSIP's performance. MCAC controls the number of concurrent calls in a MANET to ensure quality of service and avoid overloading the network bandwidth. The paper describes how MCAC works, creating groups of MANET nodes and limiting the number of simultaneous calls between nodes in a group. It then explains how MCAC can be integrated into the VNSIP approach to help reduce its bandwidth consumption while maintaining good call setup times and failure rates.
Iaetsd scalable and secure sharing of personal healthIaetsd Iaetsd
This document proposes a framework for securely sharing personal health records (PHRs) in cloud computing using multi-authority attribute-based encryption. It aims to provide fine-grained access control and scalability while storing PHRs across multiple semi-trusted servers. The framework splits users into personal and public domains and uses different encryption for each - key-policy ABE for personal domains managed by owners, and multi-authority ABE for public domains managed by multiple authorities. PHRs are encrypted using these techniques before being outsourced to cloud servers. The framework aims to give patients control over their PHRs while allowing for efficient key management and access revocation in a large-scale system.
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
This document summarizes a research paper on secure virtualization for cloud environments. The paper proposes a two-tier security architecture that uses multiple working modes for security components at the guest level to decrease overhead from security processes. It also includes a security supervisor at the hypervisor layer to avoid false security alarms. The paper discusses security issues in virtualized cloud environments like access control vulnerabilities, DOS attacks, vulnerabilities in the virtualization platform and security management. It proposes solutions like access control policies, load balancing during attacks, secure administrative zones, and additional security mechanisms like firewalls and intrusion detection to address these issues.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
This document summarizes a research thesis that proposes a trusted cloud computing platform (TCCP) to address critical security issues in cloud computing. The TCCP is designed to provide a closed box execution environment for virtual machines to guarantee confidentiality and integrity of computations outsourced to infrastructure as a service cloud providers. It allows customers to remotely verify whether a cloud provider's backend is running a trusted TCCP implementation before launching a virtual machine. The TCCP leverages advances in trusted computing technologies to securely manage virtual machines and cloud infrastructure through protocols for node registration and virtual machine launch and migration. The goal of the TCCP is to extend the capabilities of traditional trusted platforms to the complex, distributed environments of cloud computing infra
The document discusses HL7 and FHIR. It begins by explaining that HL7 is a standards development organization that provides a framework and standards for exchanging health information to support clinical practices and health services management. It then defines what "Level Seven" refers to in relation to the ISO communication model. The document also provides information on various HL7 product families, including FHIR, CDA, EHR functional model, SOA, and context management architecture. It concludes by summarizing HL7 Version 2 and Version 3 messaging standards.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
The document proposes a service operator-aware trust scheme (SOTS) for resource matchmaking across multiple clouds. SOTS evaluates trust of cloud resources based on multi-dimensional service operators, unlike traditional trust schemes. It models trust evaluation as multi-attribute decision making and develops an adaptive approach based on information entropy theory. This allows the broker to efficiently provide the most trusted resources to users.
The document discusses various concepts related to cloud security including confidentiality, integrity, authenticity, availability, threats, vulnerabilities, risk, security controls, security policies, threat agents, and common cloud security threats such as traffic eavesdropping, malicious intermediary, denial of service, insufficient authorization, and virtualization attacks. It provides definitions and examples for each term.
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
Certification Authority Monitored Multilevel and Stateful Policy Based Author...CSCJournals
Services oriented grids will be more prominent among other kinds of grids in the present distributed environments. With the advent of online government services the governmental grids will come up in huge numbers. Apart from common security issues as in other grids, the authorization in service oriented grids faces certain shortcomings and needs to be looked upon differently. The CMMS model presented here overcomes all these shortcomings and adds to the simplicity of implementation because of its tight similarities with certain government services and their functioning. The model is used to prototype a State Police Information Grid (SPIG). Small technological restructuring is required in PKIX and X.509 certificates.
Security for Future Networks: A Prospective Study of AAIsidescitation
The future Internet will rely heavily on virtualization and Cloud networking.
The project Security for Future Networks (SecFuNet)1 proposes the design of a framework
providing secure identification and authentication, secure data transfer and secure
virtualized infrastructure.
In this paper, we present some of the most important ones currently available and we
present a comparative study should examine some models and frameworks of Identity
Management. Initially, we had identified OpenID, Higgins and Shibboleth frameworks as
those providing facilities that are the closest to our proposals and our requirements.
However, with the literature prospection more frameworks have being included in our
study, which has allowed to expand our state of the art on IdM. In our study, some features
are highlighted and related with our objectives.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionEditor IJCATR
The PHR is a tool that you can use to collect, track and share past and current information about your health or the health of someone
in your care. Personal health record (PHR) is considered as an emerging patient-centric model of health information exchange, where people can
share their health information to other people. Since there are wide privacy concerns about the health records and due to high operational cost,
users stored at a third party server called as Cloud Server. The issues such as risks of privacy exposure, scalability in key management, access
problem, user revocation, have remained the most important challenges towards achieving fine-grained, cryptographically enforced data access
control. In order to get rid off from this ,in this paper we introduce attribute-based encryption (ABE) techniques to encrypt each patient's PHR
file so that an unauthorised people won’t be able to view our PHR file.
International Journal on Web Service Computing (IJWSC)ijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can
programmatically access from the service provider and manipulate through the Web. One of the main
security issue is to secure web services from the malicious requesters. Since trust plays an important role in
many kinds of human communication, it allows people to work under insecurity and with the risk of
negative cost, many researchers have proposed different trust based web services access control model to
prevent malicious requesters. In this literature review, various existing trust based web services access
control model have been studied also investigated how the concept of a trust level is used in the access
control policy of a service provider to allow service requester to access the web services
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can programmatically access from the service provider and manipulate through the Web. One of the main security issue is to secure web services from the malicious requesters. Since trust plays an important role in many kinds of human communication, it allows people to work under insecurity and with the risk of negative cost, many researchers have proposed different trust based web services access control model to prevent malicious requesters. In this literature review, various existing trust based web services access control model have been studied also investigated how the concept of a trust level is used in the access control policy of a service provider to allow service requester to access the web services.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document provides a survey of various authorization systems that have been proposed for web applications and web services. It begins with an introduction to web services and common security issues and attacks. It then describes several existing authorization models and frameworks that have been used for web services, including attribute-based access control, role-based access control using LDAP, and interactive access control. The document compares these different authorization techniques based on factors like separation of duties, fine-grained authorization, nature of the system, and performance. It concludes that most proposed systems authorize based on role models but few can dynamically authorize requests or integrate well with service-oriented architectures.
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
Cloud computing is a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources. Reliability in compute cloud is an
important aspect in Quality of Service which needs to be addressed in order to foster the
adoption of compute cloud. In today’s integrated environment the distributed systems is
employed to carry out computational intensive task at a faster rate without much
investment. The Cloud is a multitenant architecture which allows faster computation with
high scalability at a lower cost thereby the users can share the same physical infrastructure.
Individual customers deploy their applications in such environment will occupy the virtual
partitions on the platform. This paper describes a straightforward procedure to analyze the
reliability of the application from the view point of the resource provider. A trust
component is implemented to provide preventive control and to mitigate the occurrence of
any non-permissible action by using the detective mechanism. Such mechanisms are used to
identify the privacy risk and it further prevents from utilization. Hence, in this paper trust
assessment is performed before the user is allowed to share the multitenant infrastructure.
The cloud can provide scalable and reliable service for the legitimate users. The proposed
work is tested using tools Aneka and Globus Toolkit.
Secure Architecture Evaluation for Agent Based Web Service DiscoveryIDES Editor
The document proposes an agent-based architecture for secure web service discovery. It evaluates using agents to negotiate a mutually acceptable security policy between a service consumer and provider based on their security requirements. The architecture includes a discovery agent that finds services matching a consumer's criteria. A security agent describes the provider's security needs. The process involves the consumer and provider combining their security policies and the discovery agent returning matched services. The document evaluates the architecture using the ATAM method, identifying quality attributes, risks, and tradeoffs.
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
This document summarizes an article from the International Journal of Computer Networks and Communications Security about developing service level agreement (SLA) based information security metrics for cloud computing using the COBIT framework. The article discusses how information security metrics can help cloud customers and providers measure and improve security. It also explains that while SLAs are commonly used to measure performance, they do not typically address information security risks. The article proposes using elements of the COBIT framework to build SLA-based information security metrics for cloud computing.
This document discusses security considerations for web services. It begins by defining key terms like web services, SOAP, WSDL, UDDI, and ebXML. It then discusses the goals of security like confidentiality, integrity, accountability and availability. Next, it covers requirements for web services security like authentication, authorization, cryptography, and accountability. It introduces the concept of Enterprise Application Security Integration (EASI) to provide a common security framework across different tiers. EASI requires perimeter security between clients and web servers, mid-tier security between application components, and back-office security for databases. The document concludes that web services should be designed according to enterprise application security architecture principles.
Performance Enhancement of VNSIP approach, using MCAC algorithmijcncs
This document summarizes a research paper that proposes improvements to an existing approach called VNSIP that aims to enable deployment of the SIP protocol in mobile ad hoc networks (MANETs). It presents a new algorithm called MCAC (MANET Call Admission Control) that aims to improve VNSIP's performance. MCAC controls the number of concurrent calls in a MANET to ensure quality of service and avoid overloading the network bandwidth. The paper describes how MCAC works, creating groups of MANET nodes and limiting the number of simultaneous calls between nodes in a group. It then explains how MCAC can be integrated into the VNSIP approach to help reduce its bandwidth consumption while maintaining good call setup times and failure rates.
Iaetsd scalable and secure sharing of personal healthIaetsd Iaetsd
This document proposes a framework for securely sharing personal health records (PHRs) in cloud computing using multi-authority attribute-based encryption. It aims to provide fine-grained access control and scalability while storing PHRs across multiple semi-trusted servers. The framework splits users into personal and public domains and uses different encryption for each - key-policy ABE for personal domains managed by owners, and multi-authority ABE for public domains managed by multiple authorities. PHRs are encrypted using these techniques before being outsourced to cloud servers. The framework aims to give patients control over their PHRs while allowing for efficient key management and access revocation in a large-scale system.
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
This document summarizes a research paper on secure virtualization for cloud environments. The paper proposes a two-tier security architecture that uses multiple working modes for security components at the guest level to decrease overhead from security processes. It also includes a security supervisor at the hypervisor layer to avoid false security alarms. The paper discusses security issues in virtualized cloud environments like access control vulnerabilities, DOS attacks, vulnerabilities in the virtualization platform and security management. It proposes solutions like access control policies, load balancing during attacks, secure administrative zones, and additional security mechanisms like firewalls and intrusion detection to address these issues.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
This document summarizes a research thesis that proposes a trusted cloud computing platform (TCCP) to address critical security issues in cloud computing. The TCCP is designed to provide a closed box execution environment for virtual machines to guarantee confidentiality and integrity of computations outsourced to infrastructure as a service cloud providers. It allows customers to remotely verify whether a cloud provider's backend is running a trusted TCCP implementation before launching a virtual machine. The TCCP leverages advances in trusted computing technologies to securely manage virtual machines and cloud infrastructure through protocols for node registration and virtual machine launch and migration. The goal of the TCCP is to extend the capabilities of traditional trusted platforms to the complex, distributed environments of cloud computing infra
The document discusses HL7 and FHIR. It begins by explaining that HL7 is a standards development organization that provides a framework and standards for exchanging health information to support clinical practices and health services management. It then defines what "Level Seven" refers to in relation to the ISO communication model. The document also provides information on various HL7 product families, including FHIR, CDA, EHR functional model, SOA, and context management architecture. It concludes by summarizing HL7 Version 2 and Version 3 messaging standards.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
The document proposes a service operator-aware trust scheme (SOTS) for resource matchmaking across multiple clouds. SOTS evaluates trust of cloud resources based on multi-dimensional service operators, unlike traditional trust schemes. It models trust evaluation as multi-attribute decision making and develops an adaptive approach based on information entropy theory. This allows the broker to efficiently provide the most trusted resources to users.
The document discusses various concepts related to cloud security including confidentiality, integrity, authenticity, availability, threats, vulnerabilities, risk, security controls, security policies, threat agents, and common cloud security threats such as traffic eavesdropping, malicious intermediary, denial of service, insufficient authorization, and virtualization attacks. It provides definitions and examples for each term.
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
Certification Authority Monitored Multilevel and Stateful Policy Based Author...CSCJournals
Services oriented grids will be more prominent among other kinds of grids in the present distributed environments. With the advent of online government services the governmental grids will come up in huge numbers. Apart from common security issues as in other grids, the authorization in service oriented grids faces certain shortcomings and needs to be looked upon differently. The CMMS model presented here overcomes all these shortcomings and adds to the simplicity of implementation because of its tight similarities with certain government services and their functioning. The model is used to prototype a State Police Information Grid (SPIG). Small technological restructuring is required in PKIX and X.509 certificates.
Security for Future Networks: A Prospective Study of AAIsidescitation
The future Internet will rely heavily on virtualization and Cloud networking.
The project Security for Future Networks (SecFuNet)1 proposes the design of a framework
providing secure identification and authentication, secure data transfer and secure
virtualized infrastructure.
In this paper, we present some of the most important ones currently available and we
present a comparative study should examine some models and frameworks of Identity
Management. Initially, we had identified OpenID, Higgins and Shibboleth frameworks as
those providing facilities that are the closest to our proposals and our requirements.
However, with the literature prospection more frameworks have being included in our
study, which has allowed to expand our state of the art on IdM. In our study, some features
are highlighted and related with our objectives.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionEditor IJCATR
The PHR is a tool that you can use to collect, track and share past and current information about your health or the health of someone
in your care. Personal health record (PHR) is considered as an emerging patient-centric model of health information exchange, where people can
share their health information to other people. Since there are wide privacy concerns about the health records and due to high operational cost,
users stored at a third party server called as Cloud Server. The issues such as risks of privacy exposure, scalability in key management, access
problem, user revocation, have remained the most important challenges towards achieving fine-grained, cryptographically enforced data access
control. In order to get rid off from this ,in this paper we introduce attribute-based encryption (ABE) techniques to encrypt each patient's PHR
file so that an unauthorised people won’t be able to view our PHR file.
International Journal on Web Service Computing (IJWSC)ijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can
programmatically access from the service provider and manipulate through the Web. One of the main
security issue is to secure web services from the malicious requesters. Since trust plays an important role in
many kinds of human communication, it allows people to work under insecurity and with the risk of
negative cost, many researchers have proposed different trust based web services access control model to
prevent malicious requesters. In this literature review, various existing trust based web services access
control model have been studied also investigated how the concept of a trust level is used in the access
control policy of a service provider to allow service requester to access the web services
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can programmatically access from the service provider and manipulate through the Web. One of the main security issue is to secure web services from the malicious requesters. Since trust plays an important role in many kinds of human communication, it allows people to work under insecurity and with the risk of negative cost, many researchers have proposed different trust based web services access control model to prevent malicious requesters. In this literature review, various existing trust based web services access control model have been studied also investigated how the concept of a trust level is used in the access control policy of a service provider to allow service requester to access the web services.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document provides a survey of various authorization systems that have been proposed for web applications and web services. It begins with an introduction to web services and common security issues and attacks. It then describes several existing authorization models and frameworks that have been used for web services, including attribute-based access control, role-based access control using LDAP, and interactive access control. The document compares these different authorization techniques based on factors like separation of duties, fine-grained authorization, nature of the system, and performance. It concludes that most proposed systems authorize based on role models but few can dynamically authorize requests or integrate well with service-oriented architectures.
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
Cloud computing is a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources. Reliability in compute cloud is an
important aspect in Quality of Service which needs to be addressed in order to foster the
adoption of compute cloud. In today’s integrated environment the distributed systems is
employed to carry out computational intensive task at a faster rate without much
investment. The Cloud is a multitenant architecture which allows faster computation with
high scalability at a lower cost thereby the users can share the same physical infrastructure.
Individual customers deploy their applications in such environment will occupy the virtual
partitions on the platform. This paper describes a straightforward procedure to analyze the
reliability of the application from the view point of the resource provider. A trust
component is implemented to provide preventive control and to mitigate the occurrence of
any non-permissible action by using the detective mechanism. Such mechanisms are used to
identify the privacy risk and it further prevents from utilization. Hence, in this paper trust
assessment is performed before the user is allowed to share the multitenant infrastructure.
The cloud can provide scalable and reliable service for the legitimate users. The proposed
work is tested using tools Aneka and Globus Toolkit.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
Cloud computing is rapidly evolving due to its efficient characteristics such as cost-effectiveness,
availability and elasticity. Healthcare organizations and consumers lose control when they outsource their
sensitive data and computing resources to a third party Cloud Service Provider (CSP), which may raise
security and privacy concerns related to data loss and misuse appealing threats. Lack of consumers’
knowledge about their data storage location may lead to violating rules and regulations of Health Insurance
Portability and Accountability Act (HIPAA) that can cost them huge penalty. Fear of data breach by internal
or external hackers may decrease consumers’ trust in adopting cloud computing and benefiting from its
promising features. We designed a HealthcareTrusted Cloud Computing (HTCC) framework that maintains
security, privacy and considers HIPAA regulations. HTCC framework deploys Trusted Computing Group
(TCG) technologies such as Trusted Platform Module (TPM), Trusted Software Stack (TSS), virtual
Trusted Platform Module (vTPM), Trusted Network Connect (TNC) and Self Encrypting Drives (SEDs).
We emphasize on using strong multi-factor authentication access control mechanisms and strict security
controls, as well as encryption for data at storage, in-transit and while process. We contributed in
customizing a cloud Service Level Agreement (SLA) by considering healthcare requirements. HTCC was
evaluated by comparing with previous researchers’ work and conducting survey from experts. Results were
satisfactory and showed acceptance of the framework. We aim that our proposed framework will assist in
optimizing trust on cloud computing to be adopted in healthcare sector.
Excellent Manner of Using Secure way of data storage in cloud computingEditor IJMTER
The major challenging issue in Cloud computing is Security. Providing Security is big issue
towards protecting data from third person as well as in Internet. This mainly deals the Security how it is
provided. Various type of services are there to protect our data and Various Services are available in Cloud
Computing to Utilize effective manner as Software as a Service (SaaS), Platform as a Service (PaaS),
Hardware as a Service (HaaS). Cloud computing is the use of computing resources (hardware and
software) that are delivered as a service over Internet network. Cloud Computing moves the Application
software and databases to the large data centres, where the administration of the data and services may not
be fully trustworthy that is in third party here the party has to get certified and authorized. Since Cloud
Computing share distributed resources via network in the open environment thus it makes new security
risks towards the correctness of the data in cloud. I propose in this paper flexibility of data storage
mechanism in the distributed environment by using the homomorphism token generation. In the proposed
system, users need to allow auditing the cloud storage with lightweight communication. While using
Encryption and Decryption methods it is very burden for a single processor. Than the processing
Capabilities can we utilize from Cloud Computing.
Web applications can provide convenience and efficiency, however there are also a number of new security threats, which could potentially pose significant risks to an organisation's information technology infrastructure if not handled properly.
This document summarizes a proposed system for providing data security and accountability in cloud computing. It discusses the existing issues around lack of security and accountability when data is stored in the cloud. The proposed system aims to address these issues through the use of technologies like OTP verification for user registration, encryption and fragmentation of user data, and monitoring of data and system activities by a Third Party Auditor. The system is designed with modules for data security, accountability, and integrity verification. It outlines the architecture including user registration and authentication, file uploading and downloading processes, and generation of alerts if any security issues are detected during internal monitoring.
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
Distributed network act as core part to access the various services which are available in the network. But the security related to distributed network is main concern. In this paper single sign-on SSO mechanism is introduced which gives access to all services by allowing to sign on only once by users. In this mechanism once user logs in to the Trusted Authority Center TAC then application or services which are register to trusted center will automatically verifies the user’s credentials details and these credentials like password or digital signature will be only one for all applications or services. Unlike all other previous mechanisms where in, if user wants to have access multiple services then for every service distinct user credentials (username, password) must be required. SSO act as single authentication window to user for admittance multiple service providers in networks. Previously introduced technique based SSO technology proved to be secure over well-designed SSO system, but fails to provide security during communication. So here emphasis is given on authentication as open problem and on to refining the already proposed SSO process. And to do this along with RSA algorithm which was used in previous SSO process, we will be using MAC algorithm, which is intended to provide secured pathway for communication over distributed network.TAC i.e. Trusted Authority Center is used for sending token integrated with private and shared public key to user.
Security Check in Cloud Computing through Third Party Auditorijsrd.com
In cloud computing, data owners crowd their data on cloud servers and users (data consumers) can access the data from cloud servers. Due to the data outsourcing, however, it requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity checking method scan only serve for static records data. Thus, cannot be used in the auditing service since the data in the cloud can be animatedly updated. Thus, an efficient and secure dynamic auditing protocol is required to convince data owners that the data are correctly stored in the cloud. In this paper, we first design an auditing framework for cloud storage systems for privacy-preserving auditing protocol. Then, we extend our auditing protocol to support the data dynamic operations, which is efficient to secure the random model.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Cloud has major security challenges which can be a nightmare for any organization or clients. This paper published in IEEE discusses the cloud implementation security challenges with greater details. It is really a good reference for cloud security and privacy researchers.
In this research, we have focused on the most challenging issue that Web Services face, i.e. how to secure their information. Web Services security could be guaranteed by employing security standards, which is the main focus of this search. Every suggested model related to security design should put in the account the securities' objectives; integrity, confidentiality, non- repudiation, authentication, and authorization. The proposed model describes SOAP messages and the way to secure their contents. Due to the reason that SOAP message is the core of the exchanging information in Web Services, this research has developed a security model needed to ensure e-business security. The essence of our model depends on XML encryption and XML signature to encrypt and sign SOAP message. The proposed model looks forward to achieve a high speed of transaction and a strong level of security without jeopardizing the performance of transmission information.
XML Encryption and Signature for Securing Web ServicesCSEIJJournal
In this research, we have focused on the most challenging issue that Web Services face, i.e. how to secure
their information. Web Services security could be guaranteed by employing security standards, which is the
main focus of this search. Every suggested model related to security design should put in the account the
securities' objectives; integrity, confidentiality, non- repudiation, authentication, and authorization. The
proposed model describes SOAP messages and the way to secure their contents. Due to the reason that
SOAP message is the core of the exchanging information in Web Services, this research has developed a
security model needed to ensure e-business security. The essence of our model depends on XML encryption
and XML signature to encrypt and sign SOAP message. The proposed model looks forward to achieve a
high speed of transaction and a strong level of security without jeopardizing the performance of
transmission information.
XML ENCRYPTION AND SIGNATURE FOR SECURING WEB SERVICESijcsit
In this research, we have focused on the most challenging issue that Web Services face, i.e. how to secure their information. Web Services security could be guaranteed by employing security standards, which is the main focus of this search. Every suggested model related to security design should put in the account the securities' objectives; integrity, confidentiality, non- repudiation, authentication, and authorization. The proposed model describes SOAP messages and the way to secure their contents. Due to the reason that SOAP message is the core of the exchanging information in Web Services, this research has developed a security model needed to ensure e-business security. The essence of our model depends on XML encryption
and XML signature to encrypt and sign SOAP message. The proposed model looks forward to achieve a high speed of transaction and a strong level of security without jeopardizing the performance of transmission information.
ANALYSIS OF LAND SURFACE DEFORMATION GRADIENT BY DINSAR cscpconf
The progressive development of Synthetic Aperture Radar (SAR) systems diversify the exploitation of the generated images by these systems in different applications of geoscience. Detection and monitoring surface deformations, procreated by various phenomena had benefited from this evolution and had been realized by interferometry (InSAR) and differential interferometry (DInSAR) techniques. Nevertheless, spatial and temporal decorrelations of the interferometric couples used, limit strongly the precision of analysis results by these techniques. In this context, we propose, in this work, a methodological approach of surface deformation detection and analysis by differential interferograms to show the limits of this technique according to noise quality and level. The detectability model is generated from the deformation signatures, by simulating a linear fault merged to the images couples of ERS1 / ERS2 sensors acquired in a region of the Algerian south.
4D AUTOMATIC LIP-READING FOR SPEAKER'S FACE IDENTIFCATIONcscpconf
A novel based a trajectory-guided, concatenating approach for synthesizing high-quality image real sample renders video is proposed . The lips reading automated is seeking for modeled the closest real image sample sequence preserve in the library under the data video to the HMM predicted trajectory. The object trajectory is modeled obtained by projecting the face patterns into an KDA feature space is estimated. The approach for speaker's face identification by using synthesise the identity surface of a subject face from a small sample of patterns which sparsely each the view sphere. An KDA algorithm use to the Lip-reading image is discrimination, after that work consisted of in the low dimensional for the fundamental lip features vector is reduced by using the 2D-DCT.The mouth of the set area dimensionality is ordered by a normally reduction base on the PCA to obtain the Eigen lips approach, their proposed approach by[33]. The subjective performance results of the cost function under the automatic lips reading modeled , which wasn’t illustrate the superior performance of the
method.
MOVING FROM WATERFALL TO AGILE PROCESS IN SOFTWARE ENGINEERING CAPSTONE PROJE...cscpconf
Universities offer software engineering capstone course to simulate a real world-working environment in which students can work in a team for a fixed period to deliver a quality product. The objective of the paper is to report on our experience in moving from Waterfall process to Agile process in conducting the software engineering capstone project. We present the capstone course designs for both Waterfall driven and Agile driven methodologies that highlight the structure, deliverables and assessment plans.To evaluate the improvement, we conducted a survey for two different sections taught by two different instructors to evaluate students’ experience in moving from traditional Waterfall model to Agile like process. Twentyeight students filled the survey. The survey consisted of eight multiple-choice questions and an open-ended question to collect feedback from students. The survey results show that students were able to attain hands one experience, which simulate a real world-working environment. The results also show that the Agile approach helped students to have overall better design and avoid mistakes they have made in the initial design completed in of the first phase of the capstone project. In addition, they were able to decide on their team capabilities, training needs and thus learn the required technologies earlier which is reflected on the final product quality
PROMOTING STUDENT ENGAGEMENT USING SOCIAL MEDIA TECHNOLOGIEScscpconf
This document discusses using social media technologies to promote student engagement in a software project management course. It describes the course and objectives of enhancing communication. It discusses using Facebook for 4 years, then switching to WhatsApp based on student feedback, and finally introducing Slack to enable personalized team communication. Surveys found students engaged and satisfied with all three tools, though less familiar with Slack. The conclusion is that social media promotes engagement but familiarity with the tool also impacts satisfaction.
A SURVEY ON QUESTION ANSWERING SYSTEMS: THE ADVANCES OF FUZZY LOGICcscpconf
In real world computing environment with using a computer to answer questions has been a human dream since the beginning of the digital era, Question-answering systems are referred to as intelligent systems, that can be used to provide responses for the questions being asked by the user based on certain facts or rules stored in the knowledge base it can generate answers of questions asked in natural , and the first main idea of fuzzy logic was to working on the problem of computer understanding of natural language, so this survey paper provides an overview on what Question-Answering is and its system architecture and the possible relationship and
different with fuzzy logic, as well as the previous related research with respect to approaches that were followed. At the end, the survey provides an analytical discussion of the proposed QA models, along or combined with fuzzy logic and their main contributions and limitations.
DYNAMIC PHONE WARPING – A METHOD TO MEASURE THE DISTANCE BETWEEN PRONUNCIATIONS cscpconf
Human beings generate different speech waveforms while speaking the same word at different times. Also, different human beings have different accents and generate significantly varying speech waveforms for the same word. There is a need to measure the distances between various words which facilitate preparation of pronunciation dictionaries. A new algorithm called Dynamic Phone Warping (DPW) is presented in this paper. It uses dynamic programming technique for global alignment and shortest distance measurements. The DPW algorithm can be used to enhance the pronunciation dictionaries of the well-known languages like English or to build pronunciation dictionaries to the less known sparse languages. The precision measurement experiments show 88.9% accuracy.
INTELLIGENT ELECTRONIC ASSESSMENT FOR SUBJECTIVE EXAMS cscpconf
In education, the use of electronic (E) examination systems is not a novel idea, as Eexamination systems have been used to conduct objective assessments for the last few years. This research deals with randomly designed E-examinations and proposes an E-assessment system that can be used for subjective questions. This system assesses answers to subjective questions by finding a matching ratio for the keywords in instructor and student answers. The matching ratio is achieved based on semantic and document similarity. The assessment system is composed of four modules: preprocessing, keyword expansion, matching, and grading. A survey and case study were used in the research design to validate the proposed system. The examination assessment system will help instructors to save time, costs, and resources, while increasing efficiency and improving the productivity of exam setting and assessments.
TWO DISCRETE BINARY VERSIONS OF AFRICAN BUFFALO OPTIMIZATION METAHEURISTICcscpconf
African Buffalo Optimization (ABO) is one of the most recent swarms intelligence based metaheuristics. ABO algorithm is inspired by the buffalo’s behavior and lifestyle. Unfortunately, the standard ABO algorithm is proposed only for continuous optimization problems. In this paper, the authors propose two discrete binary ABO algorithms to deal with binary optimization problems. In the first version (called SBABO) they use the sigmoid function and probability model to generate binary solutions. In the second version (called LBABO) they use some logical operator to operate the binary solutions. Computational results on two knapsack problems (KP and MKP) instances show the effectiveness of the proposed algorithm and their ability to achieve good and promising solutions.
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINcscpconf
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Control (C&C) network infrastructure to ensure a persistence presence on a compromised host. Amongst the various DDNS techniques, Domain Generation Algorithm (DGA) is often perceived as the most difficult to detect using traditional methods. This paper presents an approach for detecting DGA using frequency analysis of the character distribution and the weighted scores of the domain names. The approach’s feasibility is demonstrated using a range of legitimate domains and a number of malicious algorithmicallygenerated domain names. Findings from this study show that domain names made up of English characters “a-z” achieving a weighted score of < 45 are often associated with DGA. When a weighted score of < 45 is applied to the Alexa one million list of domain names, only 15% of the domain names were treated as non-human generated.
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...cscpconf
The document proposes a blockchain-based digital currency and streaming platform called GoMAA to address issues of piracy in the online music streaming industry. Key points:
- GoMAA would use a digital token on the iMediaStreams blockchain to enable secure dissemination and tracking of streamed content. Content owners could control access and track consumption of released content.
- Original media files would be converted to a Secure Portable Streaming (SPS) format, embedding watermarks and smart contract data to indicate ownership and enable validation on the blockchain.
- A browser plugin would provide wallets for fans to collect GoMAA tokens as rewards for consuming content, incentivizing participation and addressing royalty discrepancies by recording
IMPORTANCE OF VERB SUFFIX MAPPING IN DISCOURSE TRANSLATION SYSTEMcscpconf
This document discusses the importance of verb suffix mapping in discourse translation from English to Telugu. It explains that after anaphora resolution, the verbs must be changed to agree with the gender, number, and person features of the subject or anaphoric pronoun. Verbs in Telugu inflect based on these features, while verbs in English only inflect based on number and person. Several examples are provided that demonstrate how the Telugu verb changes based on whether the subject or pronoun is masculine, feminine, neuter, singular or plural. Proper verb suffix mapping is essential for generating natural and coherent translations while preserving the context and meaning of the original discourse.
EXACT SOLUTIONS OF A FAMILY OF HIGHER-DIMENSIONAL SPACE-TIME FRACTIONAL KDV-T...cscpconf
In this paper, based on the definition of conformable fractional derivative, the functional
variable method (FVM) is proposed to seek the exact traveling wave solutions of two higherdimensional
space-time fractional KdV-type equations in mathematical physics, namely the
(3+1)-dimensional space–time fractional Zakharov-Kuznetsov (ZK) equation and the (2+1)-
dimensional space–time fractional Generalized Zakharov-Kuznetsov-Benjamin-Bona-Mahony
(GZK-BBM) equation. Some new solutions are procured and depicted. These solutions, which
contain kink-shaped, singular kink, bell-shaped soliton, singular soliton and periodic wave
solutions, have many potential applications in mathematical physics and engineering. The
simplicity and reliability of the proposed method is verified.
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
The document discusses automated penetration testing and provides an overview. It compares manual and automated penetration testing, noting that automated testing allows for faster, more standardized and repeatable tests but has limitations in developing new exploits. It also reviews some current automated penetration testing methodologies and tools, including those using HTTP/TCP/IP attacks, linking common scanning tools, a Python-based tool targeting databases, and one using POMDPs for multi-step penetration test planning under uncertainty. The document concludes that automated testing is more efficient than manual for known vulnerabilities but cannot replace manual testing for discovering new exploits.
CLASSIFICATION OF ALZHEIMER USING fMRI DATA AND BRAIN NETWORKcscpconf
Since the mid of 1990s, functional connectivity study using fMRI (fcMRI) has drawn increasing
attention of neuroscientists and computer scientists, since it opens a new window to explore
functional network of human brain with relatively high resolution. BOLD technique provides
almost accurate state of brain. Past researches prove that neuro diseases damage the brain
network interaction, protein- protein interaction and gene-gene interaction. A number of
neurological research paper also analyse the relationship among damaged part. By
computational method especially machine learning technique we can show such classifications.
In this paper we used OASIS fMRI dataset affected with Alzheimer’s disease and normal
patient’s dataset. After proper processing the fMRI data we use the processed data to form
classifier models using SVM (Support Vector Machine), KNN (K- nearest neighbour) & Naïve
Bayes. We also compare the accuracy of our proposed method with existing methods. In future,
we will other combinations of methods for better accuracy.
VALIDATION METHOD OF FUZZY ASSOCIATION RULES BASED ON FUZZY FORMAL CONCEPT AN...cscpconf
The document proposes a new validation method for fuzzy association rules based on three steps: (1) applying the EFAR-PN algorithm to extract a generic base of non-redundant fuzzy association rules using fuzzy formal concept analysis, (2) categorizing the extracted rules into groups, and (3) evaluating the relevance of the rules using structural equation modeling, specifically partial least squares. The method aims to address issues with existing fuzzy association rule extraction algorithms such as large numbers of extracted rules, redundancy, and difficulties with manual validation.
PROBABILITY BASED CLUSTER EXPANSION OVERSAMPLING TECHNIQUE FOR IMBALANCED DATAcscpconf
In many applications of data mining, class imbalance is noticed when examples in one class are
overrepresented. Traditional classifiers result in poor accuracy of the minority class due to the
class imbalance. Further, the presence of within class imbalance where classes are composed of
multiple sub-concepts with different number of examples also affect the performance of
classifier. In this paper, we propose an oversampling technique that handles between class and
within class imbalance simultaneously and also takes into consideration the generalization
ability in data space. The proposed method is based on two steps- performing Model Based
Clustering with respect to classes to identify the sub-concepts; and then computing the
separating hyperplane based on equal posterior probability between the classes. The proposed
method is tested on 10 publicly available data sets and the result shows that the proposed
method is statistically superior to other existing oversampling methods.
CHARACTER AND IMAGE RECOGNITION FOR DATA CATALOGING IN ECOLOGICAL RESEARCHcscpconf
Data collection is an essential, but manpower intensive procedure in ecological research. An
algorithm was developed by the author which incorporated two important computer vision
techniques to automate data cataloging for butterfly measurements. Optical Character
Recognition is used for character recognition and Contour Detection is used for imageprocessing.
Proper pre-processing is first done on the images to improve accuracy. Although
there are limitations to Tesseract’s detection of certain fonts, overall, it can successfully identify
words of basic fonts. Contour detection is an advanced technique that can be utilized to
measure an image. Shapes and mathematical calculations are crucial in determining the precise
location of the points on which to draw the body and forewing lines of the butterfly. Overall,
92% accuracy were achieved by the program for the set of butterflies measured.
SOCIAL MEDIA ANALYTICS FOR SENTIMENT ANALYSIS AND EVENT DETECTION IN SMART CI...cscpconf
Smart cities utilize Internet of Things (IoT) devices and sensors to enhance the quality of the city
services including energy, transportation, health, and much more. They generate massive
volumes of structured and unstructured data on a daily basis. Also, social networks, such as
Twitter, Facebook, and Google+, are becoming a new source of real-time information in smart
cities. Social network users are acting as social sensors. These datasets so large and complex
are difficult to manage with conventional data management tools and methods. To become
valuable, this massive amount of data, known as 'big data,' needs to be processed and
comprehended to hold the promise of supporting a broad range of urban and smart cities
functions, including among others transportation, water, and energy consumption, pollution
surveillance, and smart city governance. In this work, we investigate how social media analytics
help to analyze smart city data collected from various social media sources, such as Twitter and
Facebook, to detect various events taking place in a smart city and identify the importance of
events and concerns of citizens regarding some events. A case scenario analyses the opinions of
users concerning the traffic in three largest cities in the UAE
SOCIAL NETWORK HATE SPEECH DETECTION FOR AMHARIC LANGUAGEcscpconf
The anonymity of social networks makes it attractive for hate speech to mask their criminal
activities online posing a challenge to the world and in particular Ethiopia. With this everincreasing
volume of social media data, hate speech identification becomes a challenge in
aggravating conflict between citizens of nations. The high rate of production, has become
difficult to collect, store and analyze such big data using traditional detection methods. This
paper proposed the application of apache spark in hate speech detection to reduce the
challenges. Authors developed an apache spark based model to classify Amharic Facebook
posts and comments into hate and not hate. Authors employed Random forest and Naïve Bayes
for learning and Word2Vec and TF-IDF for feature selection. Tested by 10-fold crossvalidation,
the model based on word2vec embedding performed best with 79.83%accuracy. The
proposed method achieve a promising result with unique feature of spark for big data.
GENERAL REGRESSION NEURAL NETWORK BASED POS TAGGING FOR NEPALI TEXTcscpconf
This article presents Part of Speech tagging for Nepali text using General Regression Neural
Network (GRNN). The corpus is divided into two parts viz. training and testing. The network is
trained and validated on both training and testing data. It is observed that 96.13% words are
correctly being tagged on training set whereas 74.38% words are tagged correctly on testing
data set using GRNN. The result is compared with the traditional Viterbi algorithm based on
Hidden Markov Model. Viterbi algorithm yields 97.2% and 40% classification accuracies on
training and testing data sets respectively. GRNN based POS Tagger is more consistent than the
traditional Viterbi decoding technique.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
2. Computer Science & Information Technology (CS & IT) 27
mind, a platform-neutral way for sharing medical records is proposed in this paper. It also
becomes mandatory that the solution built is scalable and extensible making way for services
like QOS and Security. To provide a fast secured medical services by making use of the fast
growing web services [9], a medical assistant is developed using METRO STACK on jdk1.6.
Though Web service processing model can handle most attacks it needs to be further
strengthened by means of enhancing and improving security. This paper presents a security
framework in session II, to handle authentication, authorization, confidentiality, integrity and
especially non-repudiation mechanisms along with reliable message transfer. It is presented as a
specification in VDM++ so that it can be verified and proof analysis can also be done over the
services. The Medi - Helper discussed in this paper is deployed to transfer the medical
document across Internet in a secured manner and it is made available only to authorized people
by providing good security
2. RELATED WORK
Web services expose the valuable XML-encoded healthcare information. Tampering the
existing history or record will lead to heavily built problem even it may cause death without
security. Web services might even make this situation worse. The reason is that Web services
can be thought of as allowing in strange, new users who might take the existing hospital
management system and may spoil the accessible database which is not likely to happen in case
of the Medi – Helper due to the Single Sign On capability.
The [20]Medi – Helper may be are prone to following attacks and they have to be prevented
against them.
• Message alteration - An attacker inserts, removes or modifies information within a
message to deceive the receiver
• Loss of confidentiality - Information within a message is disclosed to an
unauthorized individual
• Falsified messages - Fictitious messages that an attacker intends the receiver to
believe are sent from a valid sender
• Man in the middle - A third party sits between the sender and provider and forwards
messages such that the two participants are unaware, allowing the attacker to view
and modify all messages
• Principal spoofing - An attacker constructs and sends a message with credentials
such that it appears to be from a different, authorized principal
• Forged claims - An attacker constructs a message with false credentials that appear
valid to the receiver
• Replay of message - An attacker resends a previously sent message
• Replay of message parts - An attacker includes portions of one or more previously
sent messages in a new message
• Denial of service - An attacker causes the system to expend resources
disproportionately such that valid requests cannot be met.
Prevention needs focus on Integrity, Confidentiality, Authentication, Authorization, Non-
repudiation as suited for multi -tiered security. The following is a course of action proposed in
order to secure the Medi – Helper which is in general applicable to any web service based
application. The data flow of the same is presented in Figure 1.
3. 28 Computer Science & Information Technology (CS & IT)
The course of action is explained as below.
1. Message Level Security is ensured by keeping the SOAP messages from being viewed or
modified by attackers as the messages traverse the Internet. The credentials are acquired from
the user by the service which is left to the designer.
There are several options available for securing Web service messages[20]
• HTTP over SSL/TLS (HTTPS) Because SOAP messages are transmitted using HTTP,
it is trivial to modify a Web service to support HTTPS.
• XML Encryption and XML Signature These XML security standards developed by
W3C allow XML content to be signed and encrypted. Because all SOAP messages are
written in XML, Web service developers can sign or encrypt any portion of the SOAP
message using these standards, but there is no standard mechanism for informing
recipients how these standards were applied to the message.
• WS-Security WS-Security was developed to provide SOAP extensions that define
mechanisms for using XML Encryption and XML Signature to secure SOAP messages.
• SAML Authentication of SOAP Headers
2. Identity Management may follow any of the following architectures[20].
• Isolated identity management is the architecture used by most Web applications on
the Internet. In isolated identity management, service providers act both as a
credential provider and identity provider.
Figure 1 Context Layout Showing Medi – Helper
In identity federation, a group of providers agrees to recognize user identifiers from one another.
Each service provider acts as a credential and identity provider for a subset of requesters.
In centralized identity management, providers rely on a single TTP to provide credentials and
identifiers to requesters. Centralized identity management is similar to federated identity
management in that the identity and credential providers supply assertions directly to service
providers, allowing requester access without authenticating a second time.
4. Computer Science & Information Technology (CS & IT) 29
3. Session Management is proposed to use the credentials of the user which are already secured
but along with de identification. [22]Deidentification of medical records involves 2 steps:
(1) the identification of personally identifying references within medical text
(2) the masking, coding, and/or replacing of these references with values irreversible to
unauthorized personnel.4 Some computation methods have been described previously to
achieve this goal in medical text documents.
4. Resource Management [20] is done by ensuring that they are adequately protected. Usually,
Web services are intended to be accessible only to authorized requesters, requiring mechanisms
for access control. Several different methods are available, including transport layer
authentication, token authentication via the WS-Security specification using SAML assertions
or other tokens, and the SOAP authentication header.
5. Trust Management [20] Each trust model provides different benefits and drawbacks,
allowing trust to be supported in a wide variety of environments.
• The pairwise trust model is the simplest of all trust architectures, but the least scalable.
In the pair wise architecture, each Web service is provided—at configuration—the
security information of all other Web services that will be interacted with so that those
transactions and Web services can be trusted.
• In the brokered trust model, an independent third party acts as a trusted third party
(TTP) for the Web service. The requester and provider interface with the third party for
a variety of security services. Unlike the pair wise trust model, Web services using the
brokered trust model need to be designed with the broker’s interface in mind, so that
identity information can be properly retrieved by the Web service.
6. Policy Framework - WS-Policy represents a set of specifications that describe the
capabilities and constraints of the security (and other business) policies on intermediaries and
end points (for example, required security tokens, supported encryption algorithms, and privacy
rules) and how to associate policies with services and end points. Application and domain
specific policies need to be designed.
7. The documents representing patient’s medical history need to be encrypted or signed
appropriately.
8. Establishing a secure communication channel is necessary. [24]Secure Web communication
protocols provide a way to authenticate clients and servers on the Web and to protect the
confidentiality of communication between clients and servers. A variety of secure
communication standards that use public key technology have been developed, including Secure
Hypertext Transfer Protocol (SHTTP), IP Security (IPSec), PPTP, and L2TP. The leading
general-purpose, secure Web communication protocols are SSL 3.0 and the open TLS protocol
that is based on SSL. The SSL and TLS protocols are widely used to provide secure channels
for confidential TCP/IP communication on the Web.
9. Web Services Security: Non–Repudiation This specification extends the use of XML Digital
Signature in the context of WSS: SOAP Message Security to allow senders of SOAP messages
to request message disposition notifications that may optionally be signed to prove that the
receiver received the SOAP message without modification. The specification also defines a
method for embedding SOAP message dispositions in a SOAP message header. This
specification constitutes a protocol for voluntary non-repudiation of receipt that when used
systematically provides cryptographic proof of both parties participation in a transaction. This
5. 30 Computer Science & Information Technology (CS & IT)
specification does not define any mechanism to prove receipt of a message by a non-conformant
implementation.
The formal specification of the procedure is presented as a VDM++ snippet herein generated
using Overture.
service.vdmpp
class service
types
id_management = <Isolated> | <Federated> | <Centralized> | <nil>;
securing_credentials = <HTTPS> | <xml_enc_or_dsig> | <WS_Security> | <other> | <nil>;
session_management =<authenticated_with_deidentification> | <nil> | <othercredentials> ;
repository_acl = <access> | <deny> | <nil> ;
trust_management = <pairwise> | <Brokered> | <nil>;
Security_Policy = <rolebasedaccess> | <encryption> | <authentication> | <nil>;
encrypt_document = <yes> | <no> ;
secure_comm_channel = <yes> | <no> ;
ws_non_repudiation = <wsrn> | <others> | <nil>;
endstatus = <true> | <false> ;
instance variables
public pid : map service to set of PatientInfo;
identity_scheme : id_management := <Isolated>;
securing_scheme : securing_credentials := <WS_Security>;
repoacl_scheme : repository_acl := <deny>;
trust_scheme : trust_management := <pairwise>;
session_scheme : session_management := <authenticated_with_deidentification> ;
policy_choice : Security_Policy := <authentication>;
encryption : encrypt_document := <yes>;
comm_channel : secure_comm_channel := <yes>;
repudiation_scheme : ws_non_repudiation := <wsrn>;
status : endstatus := <false>;
operations
functions
request(service: service , PatientInfo: PatientInfo) status:endstatus
pre service.pid = PatientInfo.pid
post
if securecredentials(service) = nil then
(
if manageid(service) = nil then
(
if managesession(service) = nil then
(
if aclauthorization(service) = nil then
(
if managetrust(service) = nil then
(
if policyapplication(service) = nil then
(
if encryptdoc(service) = nil then
(
if securecommchannel(service) = nil then
(
if addnonrepudiation(service) = nil then status = <true> else status = <false>
) else status = <false>
6. Computer Science & Information Technology (CS & IT) 31
) else status = <false>
) else status = <false>
) else status = <false>
) else status = <false>
) else status = <false>
) else status = <false>
) else status = <false> ;
manageid(service: service) status:endstatus
pre nil
post if service.identity_scheme = <nil> then status = <false> else status = <true> ;
securecredentials(service: service) status:endstatus
pre nil
post if service.securing_scheme = <nil> then status = <false> else status = <true> ;
aclauthorization(service: service) status:endstatus
pre nil
post if service.repoacl_scheme = <nil> then status = <false> else status = <true> ;
managetrust(service: service) status:endstatus
pre nil
post if service.trust_scheme = <nil> then status = <false> else status = <true> ;
policyapplication(service: service) status:endstatus
pre nil
post if service.policy_choice = <nil> then status = <false> else status = <true> ;
encryptdoc(service: service) status:endstatus
pre nil
post if service.encryption = <no> then status = <false> else status = <true> ;
securecommchannel(service: service) status:endstatus
pre nil
post if service.comm_channel = <no> then status = <false> else status = <true> ;
addnonrepudiation(service: service) status:endstatus
pre nil
post if service.repudiation_scheme = <nil> then status = <false> else status = <true> ;
managesession(service: service) status:endstatus
pre nil
post if service.session_scheme = <nil> then status = <false> else status = <true> ;
end service
Figure 2 Specification of service class which has the pid mapped with pid of PatientInfo class
PatientInfo.vdmpp
class PatientInfo
types
string = seq of char;
details = seq of char;
values
instance variables
username: string := [ ];
password: string := [ ];
public pid : map service to set of PatientInfo;
detail: details := [ ];
operations
functions
sync
--thread
Traces
end PatientInfo
Figure 3 . Specification of PatientInfo class
7. 32 Computer Science & Information Technology (CS & IT)
The specification stated in VDM++ in Figure 2 and Figure 3 makes sure all the attributes of
security like authentication, confidentiality, integrity and non repudiation are met by the service
and returns true if not. There are two classes namely service and PatientInfo which are mapped
to each other on a one – to – one basis with the help of pid attribute.
Using the WS-Security Specification presented here, service end-points have a standard means
for securing SOAP messages using XML Signature and XML Encryption. In this paper, in
addition to usage of WS – Security for securing messages, a technique for negotiating a
mutually-acceptable security policy based on WSDL is proposed. The Medi – Helper discussed
in session III shows a secure architecture for transacting healthcare information over the
Internet.
3. INTEGRATED SECURE WEB SERVICE RELIABLE MEDIHELPER
ARCHITECTURE
In this section we propose how to implement the security mechanisms and integrate the security
framework into Web services in order to make Web services robust against the attacks. This
framework shown in Figure 4 consists of three layer architecture. They are legacy layer,
Integrated service layer and application layer. Legacy Layer consists of Server management
system and server(s) for data storage and manipulation. These are updated to the Log Server in a
standard format. It plays a vital role in making the medical history of a Patient available
anywhere anytime. The role of infrastructure services renders the services for Patients like X-
Ray, ECG, and ICU etc. The data obtained is transferred to the integrated services layer for
creating WS Policy. Wherein, the data is synchronized by the data source. MIS component
manipulates, filters the data over the data source and provides a view of the medical history of
user to the Doctor. It hides the underlying complexity attributed by the Legacy Layer and
provides an integrated view of the data.
The WS-Security and integrated security services that come along with METRO stack are made
available to the application. The Application Adapter accesses and updates the data source for
user oriented information, with configuration details on WSDL and generates the SOAP
messages for the application. This Layer depicts the practical aspect of web service deployment
where the messages are based on SOAP technologies, which is definitely not capable of
replacing HTTP, because of its wide acceptability and usage. The Integrated Services Layer
provides secure and reliable transactions with the help of WS-IT Stack. Metadata specifications
describe the structure of messages that can be sent. So it is good to extend the existing
framework with SOAP messages over HTTP and reliable messaging using METRO STACK.
The METRO is the Middleware that offers the underlying technologies like WS-POLICY and
WS-SECURITY. Medi – Helper uses the non–profit HL7[6] effort for healthcare systems, to
manipulate to the full extent the capability of XML for a standard globally accepted messaging
syntax and document structure. The security can be provided by selective policy assertion and
WS – Security.The policy assertion which is used in the sheltered medi-helper is exposed in
Figure 3. It identifies a behavior that is a requirement of a policy subject. Satisfying assertions
in the policy usually results in behavior that reflects these conditions. A policy assertion is
supported by a requester if and only if the requester satisfies the requirement. In the Figure 3,
the policy is previously agreed upon by the participants. It is proclaimed by the Provider. The
Consumer should supply the parameters demanded by the operating security policy, crafted by
the Provider. If the parameters satisfy the conditions then the Consumer is allowed to access the
resources or services. If the parameters don’t satisfy the conditions, the Consumer is denied
access.
8. Computer Science & Information Technology (CS & IT) 33
Web services are being successfully used for interoperable solutions across various industries.
One of the key reasons for interest and investment in Web services is that they are well-suited to
enable service-oriented systems.
Figure 4 Integrated Secure Web Service Architecture
3.1Username Authentication with Symmetric Key mechanism
The Medi - Helper uses “Username Authentication with Symmetric Key mechanism”. The
Username Authentication with Symmetric Key mechanism protects your application for
integrity and confidentiality. Symmetric key cryptography relies on a single, shared secret key
that is used to both sign and encrypt a message. Symmetric keys are usually faster than public
key cryptography. For this mechanism, the client does not possess any certificate/key of his
own, but instead sends its username/password for authentication. The client shares a secret key
with the server. The shared, symmetric key is generated at runtime and encrypted using the
service's certificate. The client must specify the alias in the trust store by identifying the server's
certificate alias. Using the existing AES encryption algorithm, mixing of data re-encryption is
done. The following a code snippet from the security parameter configuration files used in the
application.
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
9. 34 Computer Science & Information Technology (CS & IT)
3.2 Digital Signatures
XML signatures are digital signatures designed for use in XML transactions. The standard
defines a schema for capturing the result of a digital signature operation applied to arbitrary
XML data. XML signatures add authentication, data integrity, and support for non-repudiation
to the data that they sign. However, unlike non-XML digital signature standards [3], XML
signature has been designed to both account for and take advantage of the Internet and XML.
The Figure 4 shows the structure of elements in Xml Digital Signatures.
3.3 WS-Security
IBM and Microsoft have begun a joint initiative to define an architecture and roadmap to
address gaps between existing security standards and Web Services and SOAP. The Medi –
Helper uses Binary Security Token with X.509 Certificates. A security token[18] asserts claims
and can be used to assert the binding between authentication secrets or keys and security
identities.WS-Security handles credential management in two ways. It defines a special element,
UsernameToken, to pass the username and password if the Web service is using custom
authentication. WS-Security also provides a place to provide binary authentication tokens such
as Kerberos Tickets and X.509[18,15] Certifications: BinarySecurityToken. The Security Token
service might be Kerberos, PKI, or a username/password validation service. When using X.509
certificates, the message can be signed using the private key. The message should contain the
certificate in a BinarySecurityToken. When using X.509, anyone who knows the X.509 public
key can verify the signature.
3.4 WS-Reliability
WS-Reliability is a SOAP-based specification that fulfills reliable messaging requirements
critical to some applications of Web Services. SOAP over HTTP is not sufficient when an
application-level messaging protocol must also guarantee some level of reliability and security.
This specification defines reliability in the context of current Web Services standards. This
specification has been designed for use in combination with other complementary protocols and
builds on previous experiences e.g., ebXML. Reliable messaging requires the definition and
enforcement of contracts between: 1)The Sending and Receiving message processors (contracts
about the wire protocol) 2)The messaging service provider and the users of the messaging
service (contracts about quality of service).
3.5 WS-Policy
WS-Policy provides a flexible and extensible grammar for expressing the capabilities,
requirements, and general characteristics of entities in an XML Web services-based
system[8,15]. WS-Policy defines a framework and a model for the expression of these
properties as policies. The Medi - Helper uses the authentication oriented policies. The policies
used by client and server are shown in Figure 5 and Figure 6.
SecureWebServiceService.xml
11. 36 Computer Science & Information Technology (CS & IT)
……
<wsp:Policy wsu:Id="MediHelperPortBindingPolicy">
<wsrmp:RMAssertion>
<wsp:Policy/>
</wsrmp:RMAssertion>
<wsam:Addressing/>
</wsp:Policy>
……
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
Figure.6 Server Side File Showing Policy To Accept Binary Security Tokens And Encrypting
Body Segment
3.6 VDM++
The [21] VDM++ specification is written using OvertureIde. Models in VDM are formal in the
sense that they have a very precisely described semantics, making it possible to analyze models
in order to confirm or refute claims about them. Such an analysis often reveals gaps in the
developer’s and the client understanding of the system, allowing these to be resolved before an
expensive commitment is made to program code. The Vienna Development Method (VDM) is
one of the longest-established Formal Methods for the development of computer-based systems.
Originating in work done at IBM's Vienna Laboratory in the 1970s, it has grown to include a
group of techniques and tools based on a formal specification language - the VDM Specification
Language (VDM-SL). It has an extended form, VDM++ which supports the modeling of object-
oriented and concurrent systems. Support for VDM includes commercial and academic tools for
analyzing models, including support for testing and proving properties of models and generating
program code from validated VDM models.
4 RESULTS AND DISCUSSIONS
In Medi - Helper the web service messages are subjected to the policy check and then are
allowed to access the actual web services. The messages are encrypted for Security purpose.
The web service client enters the username and password and passes the details of personal
identification, disease indication and remedial treatments undergone. The details are not visible
to the onlooker of the SOAP messages[18] since they are encrypted as shown in Figure 7 and
Figure 8 They are only visible to the server as shown in Figure 8, as printed on the server
console. The WS-POLICY code for the server and client are shown in Figure 5 and
Figure 6. The client embeds the username and password information on the
SecureWebServiceService.xml file.
13. 38 Computer Science & Information Technology (CS & IT)
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
0qz5nhr4RQ5ITUWzwxLK1QPF7YzqLTeH4O6eGyHCDGgl
4wXiuNpee93DucAu35uroIlXGSov+Xu6HfBb3LcRZ02e85e8
Gzj+XHX98muaudqGKFkVGCVikez0sVqdE3kEsQlAhsjYxF
Bken5g2O6qpo7jfhhv7abiWw5zaCK+ZUs=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
Figure 8 Response - SOAP Body
5 PERFORMANCE ANALYSIS
The graph shown in Figure 10 shows the benefits of proposed security framework in terms of
securing the web services against several attacks. It clearly states that, the proposed approach is
providing good security by making use of METRO – STACK and the HL7[6] document
structures meant for critical services like healthcare. The table 1 shows that the Medi – Helper
uses the technologies of XML Encryption, Signatures and WS-Security Tokens and HTTP
Authentication and its comparative study. Together they prevent against almost all attacks
except Denial of Service
TABLE 1- COMPARATIVE STUDY
MEDI-HELPER SERVICE FEATURES
Algorithm Suite Property
Timestamp Property
Protection Order Property
Signature Protection
Property
Token Protection Property
Entire Header and Body
Security Header Layout
Figure 9. Performance Analysis
MessageAlteration
LossofConfidentiality
FalsifiedMessage
ManinMiddle
PrincipalSpoofing
ForgedClaims
ReplayofMessageParts
ReplayofMessage
DenialOfService
XML Encryption x x x x x
XML Signature x x x x x x
WS-Security Tokens x x x
WS-Addressing x
SSL/TLS
SSL/TLS with client
certificates
HTTP Authentication x x x
14. Computer Science & Information Technology (CS & IT) 39
6 CONCLUSION AND FUTURE WORK
The Web Service Based Secure Medical Assistant serves as a platform for the transfer of
medical documents and also ensuring confidentiality and integrity of the same data in
conformance to the Security Framework. The framework is a proposal for optimal security and
reliability, which may be suitable generally for any domain. It is also scalable to use any web
service related technology for acquiring features like QOS and Security. The Secure Medical
Assistant can be used with standards like HL7 which are created to depict medical information
in terms of XML so that the documents can be interchanged in a standard manner. The service
can be implemented with Third Party Authentication mechanisms like Kerberos so that we can
manage large number of patient’s details and in a secure manner. By incorporating the proposed
technology with UDDI and encapsulating security layer the Medi-Helper can become a
universally available security solution.
REFERENCES
[1] Institute of Medicine, Crossing the Quality Chasm: A New Health System for the 21st Century.
Washington, DC: National Academy Press, 2001.
[2] M. J. Field and K. N. Lohr, Guidelines for Clinical Practice: From Development to Use.
Washington, DC: Institute of Medicine, National
Academy Press, 1992.
[3] J. Boyer et al., Exclusive Canonicalization Version 1.0, 18 January 2002, World Wide Web
Consortium, http://www.w3.org/TR/xml-exc-c14n/.
[4] R. N. Shiffman, Y. Liaw, C. A. Brandt, and G. J. Corb., “Computer-based guideline implementation
systems: A systematic review of functionality and effectiveness,” J. Amer. Med. Informat. Assoc.,
vol. 6, no. 2, pp. 104– 114, Mar./Apr. 1999.
[5] M. Entwistle and R. N. Shiffman, “Turning guidelines into practice: Making it happen with
standards—Part,” in Healthcare and Informatics Review Online. Auckland, New Zealand: Enigma,
Mar. 2005.
[6] www.hl7.org/implement/standards/index.cfm
[7] A. Seyfang, S. Miksch, and M. Marcos, “Combining diagnosis and treatment using Asbru,” Int. J.
Med. Informat., vol. 68, no. 1–3, pp. 49–57, 2002.
[8] M. Peleg, O. Ogunyemi, and S. Tu, “Using features of Arden syntax with object-oriented medical
data models for guideline modeling,” in Proc. AMIA Symp., 2001, pp. 523–527.
[9] P. Ciccarese, E. Caffi, L. Boiocchi, S. Quaglini, and M. Stefanelli, “A guideline management
system,” in Proc. MedInfo 2004, pp. 28–32.
[10] Joch, A., “Heads Above the Crowd.” Healthcare Informatics, Volume 18, Number 1, 2001, 27-32.
[11] Stein, M., “Medical Education and the Internet: This Changes Everything.” JAMA, Volume 285,
Number 6, 2001, 809.
[12] E. Ferrari and B. Thuraisingham, "Security and Privacy for Web Databases and Services," E. 2004
and L. 2992, Eds. Berlin Heidelberg 2004: Springer-Verlag, 2004, pp. 17-28.
[13] Evenhaim, A., “Taking e-Health Relationship Management into the next Millennium.” Medical
Marketing and Media, Volume 36, Number 2, 2001, 104-110.
[14] Bachar Alrouh and Gheorghita Ghinea A Performance Evaluation of Security Mechanisms for Web
services Fifth International Conference on Information Assurance and Security,2009
[15] D. Booth, H. Haas, F. McCabe, E. Newcomer, M. Champion, C. Ferris and D. Orchard. (2004,
Feb.). Web services architecture. W3C, http://www.w3.org/TR/ws-arch/.
[16] Improving Web Application Security: Threats and Countermeasures on MSDN:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html /ThreatCounter.asp.
[17] http://www.ibm.com/developerworks/library/ws-secure/
[18] http://msdn.microsoft.com/en-us/library/ms788756.aspx
[19] http://msdn.microsoft.com/en-us/library/ms977327.aspx
[20] Anoop Singhal, Theodore Winograd, Karen Scarfone “Guide to Secure Web Services” NIST
[21] Peter Gorm Larsen “Tutorial for Overture/VDM-SL - Overture – Open-source Tools for Formal
Modelling TR-2010-01March 2010”
15. 40 Computer Science & Information Technology (CS & IT)
Authors
Ms. Priya Loganathan is a M.Tech graduate from
Madras Institute of Technology, India. The
author Specializes in Data Structures, Image
Processing. The author is pursuing projects in
Machine Vision.
Ms.Jeyalakshmi Jeyabalan is a M.Tech graduate
from Sathyabama University, India. The author
specializes in Web Services, Operating Systems.
Ms.Usha Sarangapani is a M.Tech graduate from
Sathyabama University, India. The author
specializes in Web Services, Object Oriented
Programming.