On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS: OTM Confederated International Conferences, CoopIS, DOA, ODBASE, ... II (Lecture Notes in Computer Science, 4804) 9783540768357, 3540768351

Table of contents :
Title Page
Preface
Organization
Table of Contents – Part II
Part I: GADA 2007 International Conference (Grid Computing, High-Performance and Distributed Applications)
Service Architectures for e-Science Grid Gateways: Opportunities and Challenges
Introduction
Lesions Learned and Research Challenges
Scientific Data Collections
Continuous Queries
Grid Reliability and Fault Recovery
New Modalities for User Interfaces
Social Networking for Science
Conclusions
References
Access Control Management in Open Distributed Virtual Repositories and the Grid
Introduction
Access Control Design in a Virtual Repository
The Virtual Repository
Requirements for Access Control in the Virtual Repository
Architecture Overview
Expressing Access Control Privileges
Access Control Management
A Scenario of Access Control in the Virtual Repository
Resolving Conflicts
View Modification
Summary of AC Management
Performance Evaluation of a Prototype Implementation
Test Environment
Test Evaluation
Related Work
Conclusion and Future Work
References
Transforming the Adaptive Irregular Out-of-Core Applications for Hiding Communication and Disk I/O
Introduction
Overview of Adaptive Irregular Out-of-Core Applications
Adaptive Irregular Out-of-Core Applications
Execution Model
Transformation
Reordering the Iterations and Decompose the Inspector Phase
Restructure the Execution of the i-sections in a Pipeline Fashion
Transformation Process
Performance Evaluation
Related Work
Conclusion
References
Adaptive Data Block Placement Based on Deterministic Zones (AdaptiveZ)
Introduction
Related Work
AdaptiveZ Overview
AdaptiveZ Approach
AdaptiveZ Data Placement
Adapting New Storage Subsystems
Methodology
Simulation and Workload Issues
Configurations Studied
Experimental Results
Evaluating BDA Migration scenario
Evaluating AS Migration Scenarios
Conclusions
Keyword Based Indexing and Searching over Storage Resource Broker
Introduction
Motivation
Related Work
Semantic Augmentation of the SRB Server
Relational Augmentation of the SRB Server
Keyword Search over Relational Databases
Design and Implementation Details
Thesaurus Support for Facilitating Search Operations
Results and Discussion
Advantages
Conclusion and Future Directions
References
eCube: Hypercube Event for Efficient Filtering in Content-Based Routing
Introduction
Publish/Subscribe Communication
Content-Based Subscription and Routing
Symmetric Publish/Subscribe
Event Model
Event
Typed Event
eCube Hypercube Event
RTree
Adaptation to Publish/Subscribe
Cube Subscription
Expressiveness
Experimental Prototype
Evaluation of eCube with Sensor Data
Event Broker Grid with eCube Filter
eCube Event Filter
Range Query
Experiments
Related Work
Conclusions
Combining Incomparable Public Session Keys and Certificateless Public Key Cryptography for Securing the Communication Between Grid Participants
Introduction
Related Work
Communication Threats
Approaches to Securing the Communication Between GridParticipants
Basic Key Management Model and Encryption Scheme
A Double Encryption Scheme
Discussion
Conclusions
References
A Service-Oriented Platform for the Enhancement and Effectiveness of the Collaborative Learning Process in Distributed Environments
Introduction
A SOA-Based CSCL Platform for Distributed Environments
The Design and Implementation of the CLPL
The CLPL on a Distributed Infrastructure
An Application Example: A Distributed Discussion Forum
Design and Implementation Issues of the Discussion Forum
Deployment of the Discussion Forum in a Distributed Infrastructure
Computational Results and Evaluation
Conclusions and Future Work
References
Social Networking to Support Collaboration in Computational Grids
Introduction
Grid Social Networks
Direct Relation Networks
Indirect Social Networks
GridPlaza: Social Networking to Facilitate Collaborations
Navigating Grid Social Networks
Potential Providers and Consumers
Potential Collaborators
Referrals and Referral Chains
Evaluation
GridPlaza Perceived Usefulness
Conclusions and Future Work
References
A Policy Based Approach to Managing SharedData in Dynamic Collaborations
Introduction
Service Provisioning Architecture
Secure Data Management Framework
Implementation and Results
Conclusions
References
Grid Service Composition in BPEL forScientific Applications
Introduction
Web Services Resource Framework
WSRF Services for Bioinformatics
WSRF with BPEL
Creating a Web Service Instance
Invoking the Web Service Instance
Accessing Resource Properties
Conclusion
Efficient Management of Grid Resources Using aBi-level Decision-Making Architecture for “Processable”Bulk Data
Introduction
Related Work
Problem Statement and Architecture
Policies
Dynamic Resource-Pool- Single Partition (DRPSP)
Static Resource-Pool--Single Partition (SRPSP)
Static Resource-Pool-Single Partition with Dynamic Backfilling (SRPSP+BF)
Dynamic Resource-Pool- Multiple Partition (DRPMP)
Experimental Results
Conclusions
References
Towards an Open Grid Marketplace Frameworkfor Resources Trade
Introduction
Context
Scenario and Motivation
Requirements
Related Work
The GRIMP Architecture
Zoom on the Mediator Process Architecture
Conclusions and Future Work
A Hybrid Algorithm for Scheduling WorkflowApplications in Grid Environments (ICPDP)
Introduction
Related Work
Task Dependencies Model and DAG Scheduling
ICPDP Algorithm
Static Scheduling ALGORITHMS
Performance Trade-Off
Premise
Improved Critical Path Using Descendant Prediction (ICPDP)
DIOGENES DAG Framework
Input Data Model
The Output Schedule
Experimental Results
Improvements Relative to Other Scheduling Algorithms
Performance Indicators
Test Scenarios
Comparative Evaluation
A. Analysis of the total time.
B. Analysis of the total schedule length.
C. Evaluation of the threshold variation.
D. Normalized schedule length.
E. Load balancing and resource allocation efficiency.
Conclusions and Future Work
Contention-Free Communication Scheduling for GroupCommunication in Data Parallelism
Introduction
Problem Description
Motivation Example
Communication Table, Communication Scheduling Table, andCommunication Conflict
Several Methods for Group Communication
Optimized Scheduling Strategy for Group Communication
Preliminaries
Main Lemma and Theorem
Algorithms to Get CS Table
Evaluation and Experimental Results
Performance Analysis
Experiments for Comparison with Communication Scheduling Algorithms
Conclusions and Future Work
References
SNMP-Based Monitoring Agents and HeuristicScheduling for Large-Scale Grids
Introduction
Related Work
SBLOMARS – Resource Monitoring Agents
Implementation Aspects
Real Time and Historical Resources Availability Reports
Graphical Interface
BLOMERS - Resource Scheduler
Motivation of the Heuristic Resource Scheduler
Methodology Proposed and Resource Selection Algorithm
Overall System Evaluation
SBLOMARS Performance Evaluation
SBLOMARS Flexibility Evaluation
SBLOMARS Scalability Evaluation
SBLOMARS Storage Evaluation
BLOMERS Analytical Evaluation
BLOMERS Performance Evaluation in Grid5000
Conclusions and Future Work
References
HARC: The Highly-Available ResourceCo-allocator
Introduction
Architecture and Message Protocol
Non-co-allocation Messages
Security Model
HARC Mean-Time to Failure
Message Structure and Content
Combining Actions
Processing the Messages
Using HARC to Run Meta-computing Jobs
Booking the Resources
Submitting the Jobs to the Reservations
Monitoring the Reservations
Canceling the Reservations
The Client API
Related Work
Current Status and Early Results
Conclusions
Assessing a Distributed Market Infrastructurefor Economics-Based Service Selection
Introduction
Related Work
Service Oriented Grid Market Middleware
The Grid Market Middleware
The Extended Zero Intelligence Economic Agents
Interface with Application
Prototype Application
Data Mining Grid Services Application
Deployment and Experimental Setup
Experiments and Evaluation
Idealized Experiments with Idle Resources
Adaptation to Different Constrains
Process Competition
Evaluation
Conclusions
Grid Problem Solving Environment forStereology Based Modeling
Introduction
Problem Statement
Implicit Modeling from Stereological Point of View
Grid and Stereology Based Properties of Implicit Models
XISL---Implicit Modeling Environment
Grid PSE for Stereological Modeling Applications
Application Requirements Summary
Technologies for Fulfilling Requirements
PSE Technological Challenges
SM-PSE Architecture
Results
Future Work
Conclusions
Managing Dynamic Virtual Organizations to GetEffective Cooperation in Collaborative GridEnvironments
Introduction
Related Work
CAM: Collaborative/Cooperative Awareness Management
Rules-Based Management: Autonomic Computing
WS-CAM Rules-Based Management Architecture
CAM’s Validation
Scenario-Based Validation
User-Based Validation
Performance-Based Validation
Conclusions and Ongoing Work
References
Sidera: A Cluster-Based Server for OnlineAnalytical Processing
Introduction
Related Work
The Sidera Architecture
The Sidera Frontend
The Sidera Backend
Cube Generation
Table Partitioning
Sidera Indexing
Hierarchical Representation
Approximate Query Answering
Backend Processing Logic
Experimental Results
Conclusions
Parallel Implementation of a Neural Net TrainingApplication in a Heterogeneous Grid Environment
Introduction
Background
Artificial Neural Nets
The MLPfit Package
Characteristics and Use of the Implemented MLP
Description of the Problem and the Solution Proposed
Improvements and Extensions in the Training Method
Performance Evaluation
Parallel Solution of a System of Linear Equations
Conclusions and Future Work
References
Generalized Load Sharing for Distributed OperatingSystems
Introduction
A Structure of Queuing Model
Load Sharing for Homogeneous Distributed System
System Requirements
Experimental Results and Analysis
Load Sharing for Heterogeneous Distributed Systems
Simulation Results and Discussion
A Simulator of a Homogeneous Distributed System
A simulator of a Heterogeneous Distributed System
Current Works and Future Research Direction
References
An Application-Level Service ControlMechanism for QoS-Based Grid Scheduling
Introduction
Service Provider Architecture Design
A Case of Study
Scheduling Policy
Preliminary Experiments
Conclusions
Fine Grained Access Control with Trust andReputation Management for Globus
Introduction
Architecture
Policy Languages
Security Policy Example
Implementation
An Implementation of RTML with Trust Measures
Performance Experimentation
Conclusions
Vega: A Service-Oriented Grid WorkflowManagement System
Introduction
The DENEB Operating Environment
Vega: A Service-Oriented Grid Workflow System
Conclusions
Part I: IS 2007 International Symposium (Information Security)
Cryptography: Past, Present and Future
E-Passport: Cracking Basic Access Control Keys
Introduction
The Basic Access Control Protocol (BAC)
The Threat Model
The Key Search
The First Approach Based on Two-Channel Communication
The Second Approach Based on Forward-Channel Communication
Complexity Analysis of the Key Space
Practical Implementation on COPACOBANA
Details of the Implementation
Practical Results
Further Directions
Software Implementation
New FPGA Key Search Machines
Conclusion
Managing Risks in RBAC Employed DistributedEnvironments
Introduction
Our Contribution
Background
Our Risk Evaluation Scheme
User Credentials (C)
Set of Current User Queries (SCQ)
Role History Log (H)
Expected Utility (U)
Experimental Results
Data Set Definition
Implementation
Conclusions and Future Work
References
STARBAC: Spatiotemporal Role Based AccessControl
Introduction
Background and Related Work
Proposed STARBAC Model: Syntax
STARBAC Space Model
Temporal Reference in STARBAC
Spatiotemporal Reference in STARBAC
Role Enabling and Disabling
Role Control Commands
STARBAC: Semantics
Role Command Semantics
Basic Condition Semantics
Space Time Reasoning with COND Elements
STARBAC Condition Simplification
Conclusion and Future Work
Authentication Architecture for eHealth Professionals
Introduction
Rede Telemática da Saúde (RTS)
Design Goals
Proposed Architecture
Professionals’ Smart Cards
RTS Certificates
HU certificates
Implementation
Smart Cards
Healthcare Unit
RTS
Working Environment for Professionals
Evaluation
Conclusions
References
On RSN-Oriented Wireless Intrusion Detection
Introduction
Associating Wireless Attack Categories with 802.11i
Network Discovery
Eavesdropping/Traffic Analysis
Masquerading/Impersonation
Man-in-the-Middle
Denial-of-Service
802.11i-Oriented Attacks
Intertwining 802.11i and WIDS Protection
Evaluation
Distributed Wireless Intrusion Detection
Rationale: How and Why
Related Works
802.11i-Specific DIDS
Conclusions and Future Work
References
A Hybrid, Stateful and Cross-Protocol IntrusionDetection System for Converged Applications
Introduction
Overview of Intrusion Detection Systems
Overview of VoIP Converged Networks and Applications
Overview of Approach
Organization of the Paper
Session Initiation Protocol (SIP)
SIP Message Format
SIP Architecture
SIP Session
SIP Threat Model
Formal Model
Extended Finite State Machine (EFSM) Model
Communicating Finite State Machines in Intrusion Detection
System Components
System Architecture
Database Structure
Related Work
Implementation and Experiment
Attacks and Detection
Development Environment
Efficiency Analysis
Conclusion
References
Toward Sound-Assisted Intrusion DetectionSystems
Introduction
Related Work
Overview of the Mitigation System Used for Sonification
Architecture
Packet Classification
Sonification
Sound Generation
Experiments and Preliminary Results
Concluding Remarks and Future Work
End-to-End Header Protection in SignedS/MIME
Introduction
Related Work
Signature in CMS Format
Goals of Our Approach
Extension in S/MIME
Header Protection Entity
Inserting Header Protection Entity in S/MIME
Analysis
Prototype Implementation
Conclusion and Future Work
An SMIME-Header-Protection Attribute
Screenshots of the S/MIME Message in Different Clients
Estimation of Behavior of Scanners Based onISDAS Distributed Sensors
Introduction
Model of Cumulative Unique Source Addresses
Fundamental Definitions
Estimation Model of n Using Duration t
Estimation Model of n Using Number of Sensors x
Experiments
ISDAS Observation Data
Methods of Evaluation
Estimation of Scanners Based on Duration of Observation
Estimation of n Using a Number of Sensors x
Stability During Observation
Independence of Sensors
Independence of Source Addresses
Conclusions
A Multi-core Security Architecture Based onEFI
Introduction
Motivation
Contribution
Organization
EFI Architecture
Multi-core Security Architecture
Security Boundary
Hardware Partition with Virtual Device Support
Real-Time Monitor and Inspect Mechanism
Prototype Design
System Call Monitor
Virtual Disk Monitor
Encryption Service
Performance Test
EFI SHA256 VS Linux SHA256
EFI Virtual Disk vs Physical Hard Disk
Related Works
Distributed System Security Architecture
Platform Enhancement
Virtual Machine Security
Multi-core Security Architecture
Conclusion and Future Work
Intelligent Home Network Authentication:Home Device Authentication Using Device Certification
Introduction
Related Work and Home Device Authentication
JARM Scheme
Requirements for Intelligent Home Network
Home Device Authentication Framework
Home Device Registration and Certificate Issuing
Home Device Certificate Profile
Single-Domain/Multi-domain Authentication
Authentication in the Single Home Domain
Authentication in the Multi Home Domain
Conclusions
References
Bayesian Analysis of Secure P2P SharingProtocols
Introduction
Our Contribution
Related Background
Cryptographic P2P Security Models
Game Theory Applied to P2P Systems
A Puzzle-Based File Sharing Protocol
Motivation
Working Assumptions
Proposed Scheme
On the Scheme's Performance
Protocol Formal Analysis
Bayesian Framework
Players and Types
Strategies and Beliefs
Payoff Functions
Dominated Strategies and Expected Gains
Evaluation
Conclusion and Open Issues
Network Coding Protocols forSecret Key Distribution
Introduction
Mobile Secret Key Distribution
A Basic Key Distribution Scheme
Large-Scale Key Distribution
Usage of Keys
Novel Features and Extensions
Authentication of Mobile Node
Request for Extra Keys
Cluster Keys
Revocation
Security Performance Evaluation
Attacker Model
Impact of Compromised Sensor Nodes
Impact of a Captured Mobile Node
One-Time Pad Security
Exposed Information to an Eavesdropper/Active Attacker
Brute-Force Attack Analysis
Memory Requirements
Implementation
Conclusions
3-Party Approach for Fast Handover inEAP-Based Wireless Networks
Introduction
Fast Handover in EAP-Based Wireless Networks
EAP Key Management Framework
Handover Keying Architecture
Three Party Approach for Fast Network Access
Notation
The 3-Party Protocol
Step 0: EAP Authentication and Key Derivation
Step 1: Key Distribution for HOKEY Server
Step 2: Handover Phase
Security Details
Testbed Prototype and Results
Testbed Details
Analysis of the Results
Conclusion and Future Work
SWorD– A Simple Worm Detection Scheme
Introduction
Related Work
Automatic Containment
Signature Generation
Detection
Detection Algorithm
Algorithm
Extensions
Storage and Computational Cost
Parameter Selection
Results on a Small Network
Accuracy
Timeliness of Detection
Results on a Large Network
Experiment Set-Up
Results Using SWorD
Accuracy
Timeliness of Detection
Comparison with a Related Scheme
Parameter Selection
Accuracy
Storage Requirement
Timeliness of Detection
Conclusion
Prevention of Cross-Site Scripting Attackson Current Web Applications
Introduction
Cross-Site Scripting Attacks
Persistent XSS Attacks
Non-persistent XSS Attacks
Prevention Techniques
Analysis and Filtering of the Exchanged Information
Runtime Enforcement of Web Browsers
Summary and Comments on Current Prevention Techniques
Policy-Based Enforcement Using XACML and X.509 Certificates
Conclusions
Compiler Assisted Elliptic Curve Cryptography
Introduction
Background
Implementation of Curve Arithmetic
Optimisation of Curve Arithmetic
Specialisation of Field Arithmetic
Lazy Reduction
Cache Consciousness
Conclusions
Trust Management Model and Architecture forContext-Aware Service Platforms
Introduction
Trust Relationships in a Context-Aware Service Platform
Analysis of Trust Aspects
Metrics for Obtaining Trust Values
Trust Management Model for Context-Aware Service Platforms
Formalization of Aspect-Specific Trust Relationships
Trust Evaluation
Extension of the Basic Algorithm: Recommendations
Distributed Trust Management Architecture
Prototype Implementation
Related Work
Conclusions and Future Work
References
Mobile Agent Protection in E-Business ApplicationA Dynamic Adaptability Based Approach
Introduction
The Proposed Approach
Strategy of Protection
Reflexive Structure of the Mobile Agent
Mobile Agent Functionalities
Application Domain
Roles of the Mobile Agent Components
Scenario of Execution
Trust Evaluation and Environmental Key Generation
Implementation
Conclusion
References
Business Oriented Information Security Management –A Layered Approach
Introduction
General Considerations
Top-Level Configuration – Layer 1
BAISeM Rings
BAISeM Kernel
The Cost Benefit Toolbox – Layer 2
Cost Benefit Sheets or RoSI
Program Management
PRONOE
Benchmarking
Process for Evaluation and Control of IT Risks – Layer 3
Structural Build of the IT Assets According to BSI-Standard 100-2
Evaluation Process
Rule System and Aggregation
Conclusion and Outlook
References
Author Index