Visible to the public Biblio

Filters: Keyword is Architecture  [Clear All Filters]
2022-04-13
Bozorov, Suhrobjon.  2021.  DDoS Attack Detection via IDS: Open Challenges and Problems. 2021 International Conference on Information Science and Communications Technologies (ICISCT). :1—4.
This paper discusses DDoS attacks, their current threat level and IDS systems, which are one of the main tools to protect against them. It focuses on the problems encountered by IDS systems in detecting DDoS attacks and the difficulties and challenges of integrating them with artificial intelligence systems today.
2022-04-01
Marru, Suresh, Kuruvilla, Tanya, Abeysinghe, Eroma, McMullen, Donald, Pierce, Marlon, Morgan, David Gene, Tait, Steven L., Innes, Roger W..  2021.  User-Centric Design and Evolvable Architecture for Science Gateways: A Case Study. 2021 IEEE/ACM 21st International Symposium on Cluster, Cloud and Internet Computing (CCGrid). :267–276.
Scientific applications built on wide-area distributed systems such as emerging cloud based architectures and the legacy grid computing infrastructure often struggle with user adoption even though they succeed from a systems research perspective. This paper examines the coupling of user-centered design processes with modern distributed systems. Further in this paper, we describe approaches for conceptualizing a product that solves a recognized need: to develop a data gateway to serve the data management and research needs of experimentalists of electron microscopes and similar shared scientific instruments in the context of a research service laboratory. The purpose of the data gateway is to provide secure, controlled access to data generated from a wide range of scientific instruments. From the functional perspective, we focus on the basic processing of raw data that underlies the lab's "business" processes, the movement of data from the laboratory to central access and archival storage points, and the distribution of data to respective authorized users. Through the gateway interface, users will be able to share the instrument data with collaborators or copy it to remote storage servers. Basic pipelines for extracting additional metadata (through a pluggable parser framework) will be enabled. The core contribution described in this paper, building on the aforementioned distributed data management capabilities, is the adoption of user-centered design processes for developing the scientific user interface. We describe the user-centered design methodology for exploring user needs, iteratively testing the design, learning from user experiences, and adapting what we learn to improve design and capabilities. We further conclude that user-centered design is, in turn, best enabled by an adaptable distributed systems framework. A key challenge to implementing a user-centered design is to have design tools closely linked with a software system architecture that can evolve over time while providing a highly available data gateway. A key contribution of this paper is to share the insights from crafting such an evolvable design-build-evaluate-deploy architecture and plans for iterative development and deployment.
2022-02-22
Ordouie, Navid, Soundararajan, Nirmala, Karne, Ramesh, Wijesinha, Alexander L..  2021.  Developing Computer Applications without any OS or Kernel in a Multi-core Architecture. 2021 International Symposium on Networks, Computers and Communications (ISNCC). :1—8.
Over the years, operating systems (OSs) have grown significantly in complexity and size providing attackers with more avenues to compromise their security. By eliminating the OS, it becomes possible to develop general-purpose non-embedded applications that are free of typical OS-related vulnerabilities. Such applications are simpler and smaller in size, making it easier secure the application code. Bare machine computing (BMC) applications run on ordinary desktops and laptops without the support of any operating system or centralized kernel. Many BMC applications have been developed previously for single-core systems. We show how to build BMC applications for multicore systems by presenting the design and implementation of a novel UDP-based bare machine prototype Web server for a multicore architecture. We also include preliminary experimental results from running the server on the Internet. This work provides a foundation for building secure computer applications that run on multicore systems without the need for intermediary software.
2021-09-16
Guo, Minghao, Yang, Yuzhe, Xu, Rui, Liu, Ziwei, Lin, Dahua.  2020.  When NAS Meets Robustness: In Search of Robust Architectures Against Adversarial Attacks. 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). :628–637.
Recent advances in adversarial attacks uncover the intrinsic vulnerability of modern deep neural networks. Since then, extensive efforts have been devoted to enhancing the robustness of deep networks via specialized learning algorithms and loss functions. In this work, we take an architectural perspective and investigate the patterns of network architectures that are resilient to adversarial attacks. To obtain the large number of networks needed for this study, we adopt one-shot neural architecture search, training a large network for once and then finetuning the sub-networks sampled therefrom. The sampled architectures together with the accuracies they achieve provide a rich basis for our study. Our ''robust architecture Odyssey'' reveals several valuable observations: 1) densely connected patterns result in improved robustness; 2) under computational budget, adding convolution operations to direct connection edge is effective; 3) flow of solution procedure (FSP) matrix is a good indicator of network robustness. Based on these observations, we discover a family of robust architectures (RobNets). On various datasets, including CIFAR, SVHN, Tiny-ImageNet, and ImageNet, RobNets exhibit superior robustness performance to other widely used architectures. Notably, RobNets substantially improve the robust accuracy ( 5% absolute gains) under both white-box and black-box attacks, even with fewer parameter numbers. Code is available at https://github.com/gmh14/RobNets.
2021-08-12
Karie, Nickson M., Sahri, Nor Masri, Haskell-Dowland, Paul.  2020.  IoT Threat Detection Advances, Challenges and Future Directions. 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT). :22—29.
It is predicted that, the number of connected Internet of Things (IoT) devices will rise to 38.6 billion by 2025 and an estimated 50 billion by 2030. The increased deployment of IoT devices into diverse areas of our life has provided us with significant benefits such as improved quality of life and task automation. However, each time a new IoT device is deployed, new and unique security threats emerge or are introduced into the environment under which the device must operate. Instantaneous detection and mitigation of every security threat introduced by different IoT devices deployed can be very challenging. This is because many of the IoT devices are manufactured with no consideration of their security implications. In this paper therefore, we review existing literature and present IoT threat detection research advances with a focus on the various IoT security challenges as well as the current developments towards combating cyber security threats in IoT networks. However, this paper also highlights several future research directions in the IoT domain.
2021-06-28
Sharnagat, Lekhchand, Babu, Rajesh, Adhikari, Jayant.  2020.  Trust Evaluation for Securing Compromised data Aggregation against the Collusion Attack in WSN. 2020 Second International Conference on Inventive Research in Computing Applications (ICIRCA). :1–5.
With a storage space limit on the sensors, WSN has some drawbacks related to bandwidth and computational skills. This limited resources would reduce the amount of data transmitted across the network. For this reason, data aggregation is considered as a new process. Iterative filtration (IF) algorithms, which provide trust assessment to the various sources from which the data aggregation has been performed, are efficient in the present data aggregation algorithms. Trust assessment is done with weights from the simple average method to aggregation, which treats attack susceptibility. Iteration filter algorithms are stronger than the ordinary average, but they do not handle the current advanced attack that takes advantage of false information with many compromise nodes. Iterative filters are strengthened by an initial confidence estimate to track new and complex attacks, improving the solidity and accuracy of the IF algorithm. The new method is mainly concerned with attacks against the clusters and not against the aggregator. In this process, if an aggregator is attacked, the current system fails, and the information is eventually transmitted to the aggregator by the cluster members. This problem can be detected when both cluster members and aggregators are being targeted. It is proposed to choose an aggregator which chooses a new aggregator according to the remaining maximum energy and distance to the base station when an aggregator attack is detected. It also save time and energy compared to the current program against the corrupted aggregator node.
2021-04-27
Rashid, N. A. M., Zukri, N. H. A., Zulkifli, Z. A., Awang, N., Buja, A. G..  2020.  A Multi Agent-Based Security Protocol for Securing Password Management Application. 2020 10th IEEE International Conference on Control System, Computing and Engineering (ICCSCE). :42—45.
Password-based authentication is the most common authentication method for either online or offline system. Password composition policies become too burdensome and put the user in a state of struggle to remember their password. Thus, most of the user save their password on the browser or even list it down in their personal gadgets. Therefore, a multi agent-based password management application have been developed to helps user in keeping their password safely. However, multi-agent system facing security issues such as man in the middle attack, data modification and eavesdropping. This paper proposed a security protocol for multi agent-based architecture in order to reduce potential threats. The security protocol focuess on the authentication of mobile agents, data transmission and the data local protection. The communication channels are secured using cryptography techniques.
2021-02-03
Velaora, M., Roy, R. van, Guéna, F..  2020.  ARtect, an augmented reality educational prototype for architectural design. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :110—115.

ARtect is an Augmented Reality application developed with Unity 3D, which envisions an educational interactive and immersive tool for architects, designers, researchers, and artists. This digital instrument renders the competency to visualize custom-made 3D models and 2D graphics in interior and exterior environments. The user-friendly interface offers an accurate insight before the materialization of any architectural project, enabling evaluation of the design proposal. This practice could be integrated into learning architectural design process, saving resources of printed drawings, and 3D carton models during several stages of spatial conception.

2021-01-11
Tekinerdoğan, B., Özcan, K., Yağız, S., Yakın, İ.  2020.  Systems Engineering Architecture Framework for Physical Protection Systems. 2020 IEEE International Symposium on Systems Engineering (ISSE). :1–8.
A physical protection system (PPS) integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent intruder attacks. In this paper we focus on the architecture modeling of PPS to support the communication among stakeholders, analysis and guiding the systems development activities. A common practice for modeling architecture is by using an architecture framework that defines a coherent set of viewpoints. Existing systems engineering modeling approaches appear to be too general and fail to address the domain-specific aspects of PPSs. On the other hand, no dedicated architecture framework approach has been provided yet to address the specific concerns of PPS. In this paper, we present an architecture framework for PPS (PPSAF) that has been developed in a real industrial context focusing on the development of multiple PPSs. The architecture framework consists of six coherent set of viewpoints including facility viewpoint, threats and vulnerabilities viewpoint, deterrence viewpoint, detection viewpoint, delay viewpoint, and response viewpoint. We illustrate the application of the architecture framework for the design of a PPS architecture of a building.
2020-11-20
Wang, X., Herwono, I., Cerbo, F. D., Kearney, P., Shackleton, M..  2018.  Enabling Cyber Security Data Sharing for Large-scale Enterprises Using Managed Security Services. 2018 IEEE Conference on Communications and Network Security (CNS). :1—7.
Large enterprises and organizations from both private and public sectors typically outsource a platform solution, as part of the Managed Security Services (MSSs), from 3rd party providers (MSSPs) to monitor and analyze their data containing cyber security information. Sharing such data among these large entities is believed to improve their effectiveness and efficiency at tackling cybercrimes, via improved analytics and insights. However, MSS platform customers currently are not able or not willing to share data among themselves because of multiple reasons, including privacy and confidentiality concerns, even when they are using the same MSS platform. Therefore any proposed mechanism or technique to address such a challenge need to ensure that sharing is achieved in a secure and controlled way. In this paper, we propose a new architecture and use case driven designs to enable confidential, flexible and collaborative data sharing among such organizations using the same MSS platform. MSS platform is a complex environment where different stakeholders, including authorized MSSP personnel and customers' own users, have access to the same platform but with different types of rights and tasks. Hence we make every effort to improve the usability of the platform supporting sharing while keeping the existing rights and tasks intact. As an innovative and pioneering attempt to address the challenge of data sharing in the MSS platform, we hope to encourage further work to follow so that confidential and collaborative sharing eventually happens among MSS platform customers.
2020-11-02
Thurston, K. H., Leon, D. Conte de.  2019.  MACH-2K Architecture: Building Mobile Device Trust and Utility for Emergency Response Networks. 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW). :152–157.
In this article, we introduce the MACH-2K trust overlay network and its architecture. MACH-2K's objectives are to (a) enhance the resiliency of emergency response and public service networks and (b) help build such networks in places, or at times, where network infrastructure is limited. Resiliency may be enhanced in an economic manner by building new ad hoc networks of private mobile devices and joining these to public service networks at specific trusted points. The major barrier to building resiliency by using private devices is ensuring security. MACH-2K uses device location and communication utility patterns to assign trust to devices, after owner approval. After trust is established, message confidentiality, privacy, and integrity may be implemented by well-known cryptographic means. MACH-2K devices may be then requested to forward or consume different types of messages depending on their current level of trust and utility.
2020-09-28
Dcruz, Hans John, Kaliaperumal, Baskaran.  2018.  Analysis of Cyber-Physical Security in Electric Smart Grid : Survey and challenges. 2018 6th International Renewable and Sustainable Energy Conference (IRSEC). :1–6.
With the advancement in technology, inclusion of Information and Communication Technology (ICT) in the conventional Electrical Power Grid has become evident. The combination of communication system with physical system makes it cyber-physical system (CPS). Though the advantages of this improvement in technology are numerous, there exist certain issues with the system. Security and privacy concerns of a CPS are a major field and research and the insight of which is content of this paper.
2020-09-11
Mendes, Lucas D.P., Aloi, James, Pimenta, Tales C..  2019.  Analysis of IoT Botnet Architectures and Recent Defense Proposals. 2019 31st International Conference on Microelectronics (ICM). :186—189.
The rise in the number of devices joining the Internet of Things (IoT) has created a huge potential for distributed denial of service (DDoS) attacks, especially due to the lack of security in these computationally limited devices. Malicious actors have realized that and managed to turn large sets of IoT devices into botnets under their control. Given this scenario, this work studies botnet architectures identified so far and assesses how they are considered in the few recent defense proposals that consider botnet architectures.
Al-Ghushami, Abdullah, Karie, NIckson, Kebande, Victor.  2019.  Detecting Centralized Architecture-Based Botnets using Travelling Salesperson Non-Deterministic Polynomial-Hard problem-TSP-NP Technique. 2019 IEEE Conference on Application, Information and Network Security (AINS). :77—81.
The threats posed by botnets in the cyber-space continues to grow each day and it has become very hard to detect or infiltrate bots given that the botnet developers each day keep changing the propagation and attack techniques. Currently, most of these attacks have been centered on stealing computing energy, theft of personal information and Distributed Denial of Service (DDoS attacks). In this paper, the authors propose a novel technique that uses the Non-Deterministic Polynomial-Time Hardness (NP-Hard Problem) based on the Traveling Salesperson Person (TSP) that depicts that a given bot, bj, is able to visit each host on a network environment, NE, and then it returns to the botmaster in form of instruction(command) through optimal minimization of the hosts that are or may be attacked. Given that bj represents a piece of malicious code and based on TSP-NP Hard Problem which forms part of combinatorial optimization, the authors present an effective approach for the detection of the botnet. It is worth noting that the concentration of this study is basically on the centralized botnet architecture. This holistic approach shows that botnet detection accuracy can be increased with a degree of certainty and potentially decrease the chances of false positives. Nevertheless, a discussion on the possible applicability and implementation has also been given in this paper.
2020-07-16
Velmovitsky, Pedro Elkind, Viana, Marx, Cirilo, Elder, Milidiu, Ruy Luiz, Pelegrini Morita, Plinio, Lucena, Carlos José Pereira de.  2019.  Promoting Reusability and Extensibility in the Engineering of Domain-Specific Conversational Systems. 2019 8th Brazilian Conference on Intelligent Systems (BRACIS). :473—478.

Conversational systems are computer programs that interact with users using natural language. Considering the complexity and interaction of the different components involved in building intelligent conversational systems that can perform diverse tasks, a promising approach to facilitate their development is by using multiagent systems (MAS). This paper reviews the main concepts and history of conversational systems, and introduces an architecture based on MAS. This architecture was designed to support the development of conversational systems in the domain chosen by the developer while also providing a reusable built-in dialogue control. We present a practical application in the healthcare domain. We observed that it can help developers to create conversational systems in different domains while providing a reusable and centralized dialogue control. We also present derived lessons learned that can be helpful to steer future research on engineering domain-specific conversational systems.

Luo, Shaojie, Zhang, Lichen, Guo, Nannan.  2019.  Architecture of Cyber-Physical Systems Based on Cloud. 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :251—257.

Cyber-Physical System (CPS) and Cloud Computing are emerging and important research fields in recent years. It is a current trend that CPS combines with Cloud Computing. Compared with traditional CPS, Cloud can improve its performance, but Cloud failures occur occasionally. The existing cloud-based CPS architectures rely too much on the Cloud, ignoring the risk and problems caused by Cloud failures, thus making the reliability of CPS not guaranteed. In order to solve the risk and problems above, spare parts are involved based on the research of cloud-based CPS. An architecture of cloud-based CPS with spare parts is proposed and two solutions for spare parts are designed. Agricultural intelligent temperature control system is used as an example to model and simulate the proposed architecture and solutions using Simulink. The simulation results prove the effectiveness of the proposed architecture and solutions, which enhance the reliability of cloud-based CPS.

2020-07-03
Ceška, Milan, Havlena, Vojtech, Holík, Lukáš, Korenek, Jan, Lengál, Ondrej, Matoušek, Denis, Matoušek, Jirí, Semric, Jakub, Vojnar, Tomáš.  2019.  Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata. 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). :109—117.

Deep packet inspection via regular expression (RE) matching is a crucial task of network intrusion detection systems (IDSes), which secure Internet connection against attacks and suspicious network traffic. Monitoring high-speed computer networks (100 Gbps and faster) in a single-box solution demands that the RE matching, traditionally based on finite automata (FAs), is accelerated in hardware. In this paper, we describe a novel FPGA architecture for RE matching that is able to process network traffic beyond 100 Gbps. The key idea is to reduce the required FPGA resources by leveraging approximate nondeterministic FAs (NFAs). The NFAs are compiled into a multi-stage architecture starting with the least precise stage with a high throughput and ending with the most precise stage with a low throughput. To obtain the reduced NFAs, we propose new approximate reduction techniques that take into account the profile of the network traffic. Our experiments showed that using our approach, we were able to perform matching of large sets of REs from SNORT, a popular IDS, on unprecedented network speeds.

2020-05-08
Kearney, Paul, Asal, Rasool.  2019.  ERAMIS: A Reference Architecture-Based Methodology for IoT Systems. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:366—367.

Opportunities arising from IoT-enabled applications are significant, but market growth is inhibited by concerns over security and complexity. To address these issues, we propose the ERAMIS methodology, which is based on instantiation of a reference architecture that captures common design features, embodies best practice, incorporates good security properties by design, and makes explicit provision for operational security services and processes.

2020-02-26
Vlachokostas, Alex, Prousalidis, John, Spathis, Dimosthenis, Nikitas, Mike, Kourmpelis, Theo, Dallas, Stefanos, Soghomonian, Zareh, Georgiou, Vassilis.  2019.  Ship-to-Grid Integration: Environmental Mitigation and Critical Infrastructure Resilience. 2019 IEEE Electric Ship Technologies Symposium (ESTS). :542–547.

The United States and European Union have an increasing number of projects that are engaging end-use devices for improved grid capabilities. Areas such as building-to-grid and vehicle-to-grid are simple examples of these advanced capabilities. In this paper, we present an innovative concept study for a ship-to-grid integration. The goal of this study is to simulate a two-way power flow between ship(s) and the grid with GridLAB-D for the port of Kyllini in Greece, where a ship-to-shore interconnection was recently implemented. Extending this further, we explore: (a) the ability of ships to meet their load demand needs, while at berth, by being supplied with energy from the electric grid and thus powering off their diesel engines; and (b) the ability of ships to provide power to critical loads onshore. As a result, the ship-to-grid integration helps (a) mitigate environmental pollutants from the ships' diesel engines and (b) provide resilience to nearby communities during a power disruption due to natural disasters or man-made threats.

Thulasiraman, Preetha, Wang, Yizhong.  2019.  A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks. 2019 16th IEEE Annual Consumer Communications Networking Conference (CCNC). :1–6.

Military communities have come to rely heavily on commercial off the shelf (COTS) standards and technologies for Internet of Things (IoT) operations. One of the major obstacles to military use of COTS IoT devices is the security of data transfer. In this paper, we successfully design and develop a lightweight, trust-based security architecture to support routing in a mobile IoT network. Specifically, we modify the RPL IoT routing algorithm using common security techniques, including a nonce identity value, timestamp, and network whitelist. Our approach allows RPL to select a routing path over a mobile IoT wireless network based on a computed node trust value and average received signal strength indicator (ARSSI) value across network members. We conducted simulations using the Cooja network simulator and Wireshark to validate the algorithm against stipulated threat models. We demonstrate that our algorithm can protect the network against Denial of Service (DoS) and Sybil based identity attacks. We also show that the control overhead required for our algorithm is less than 5% and that the packet delivery rate improves by nearly 10%.

2020-02-17
Aranha, Helder, Masi, Massimiliano, Pavleska, Tanja, Sellitto, Giovanni Paolo.  2019.  Enabling Security-by-Design in Smart Grids: An Architecture-Based Approach. 2019 15th European Dependable Computing Conference (EDCC). :177–179.

Energy Distribution Grids are considered critical infrastructure, hence the Distribution System Operators (DSOs) have developed sophisticated engineering practices to improve their resilience. Over the last years, due to the "Smart Grid" evolution, this infrastructure has become a distributed system where prosumers (the consumers who produce and share surplus energy through the grid) can plug in distributed energy resources (DERs) and manage a bi-directional flow of data and power enabled by an advanced IT and control infrastructure. This introduces new challenges, as the prosumers possess neither the skills nor the knowledge to assess the risk or secure the environment from cyber-threats. We propose a simple and usable approach based on the Reference Model of Information Assurance & Security (RMIAS), to support the prosumers in the selection of cybesecurity measures. The purpose is to reduce the risk of being directly targeted and to establish collective responsibility among prosumers as grid gatekeepers. The framework moves from a simple risk analysis based on security goals to providing guidelines for the users for adoption of adequate security countermeasures. One of the greatest advantages of the approach is that it does not constrain the user to a specific threat model.

2019-10-14
Tymburibá, M., Sousa, H., Pereira, F..  2019.  Multilayer ROP Protection Via Microarchitectural Units Available in Commodity Hardware. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :315–327.

This paper presents a multilayer protection approach to guard programs against Return-Oriented Programming (ROP) attacks. Upper layers validate most of a program's control flow at a low computational cost; thus, not compromising runtime. Lower layers provide strong enforcement guarantees to handle more suspicious flows; thus, enhancing security. Our multilayer system combines techniques already described in the literature with verifications that we introduce in this paper. We argue that modern versions of x86 processors already provide the microarchitectural units necessary to implement our technique. We demonstrate the effectiveness of our multilayer protection on a extensive suite of benchmarks, which includes: SPEC CPU2006; the three most popular web browsers; 209 benchmarks distributed with LLVM and four well-known systems shown to be vulnerable to ROP exploits. Our experiments indicate that we can protect programs with almost no overhead in practice, allying the good performance of lightweight security techniques with the high dependability of heavyweight approaches.

2019-05-01
Höfig, K., Klug, A..  2018.  SEnSE – An Architecture for a Safe and Secure Integration of Safety-Critical Embedded Systems. 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM). :1–5.

Embedded systems that communicate with each other over the internet and build up a larger, loosely coupled (hardware) system with an unknown configuration at runtime is often referred to as a cyberphysical system. Many of these systems can become, due to its associated risks during their operation, safety critical. With increased complexity of such systems, the number of configurations can either be infinite or even unknown at design time. Hence, a certification at design time for such systems that documents a safe interaction for all possible configurations of all participants at runtime can become unfeasible. If such systems come together in a new configuration, a mechanism is required that can decide whether or not it is safe for them to interact. Such a mechanism can generally not be part of such systems for the sake of trust. Therefore, we present in the following sections the SEnSE device, short for Secure and Safe Embedded, that tackles these challenges and provides a secure and safe integration of safety-critical embedded systems.

2019-02-22
Ludwig, Jeremy, Xu, Steven, Webber, Frederick.  2018.  Static Software Metrics for Reliability and Maintainability. Proceedings of the 2018 International Conference on Technical Debt. :53-54.

This paper identifies a small, essential set of static software code metrics linked to the software product quality characteristics of reliability and maintainability and to the most commonly identified sources of technical debt. An open-source plug-in is created for the Understand code analysis tool that calculates and visualizes these metrics. The plug-in was developed as a first step in an ongoing project aimed at applying case-based reasoning to the issue of software product quality.1

2019-02-13
Servos, Daniel, Osborn, Sylvia L..  2018.  HGAA: An Architecture to Support Hierarchical Group and Attribute-Based Access Control. Proceedings of the Third ACM Workshop on Attribute-Based Access Control. :1–12.
Attribute-Based Access Control (ABAC), a promising alternative to traditional models of access control, has gained significant attention in recent academic literature. This attention has lead to the creation of a number of ABAC models including our previous contribution, Hierarchical Group and Attribute-Based Access Control (HGABAC). However, to date few complete solutions exist that provide both an ABAC model and architecture that could be implemented in real life scenarios. This work aims to advance progress towards a complete ABAC solution by introducing Hierarchical Group Attribute Architecture (HGAA), an architecture to support HGABAC and close the gap between a model and real world implementation. In addition to HGAA we also present an attribute certificate specification that enables users to provide proof of attribute ownership in a pseudonymous and off-line manner, as well as an update to the Hierarchical Group Policy Language (HGPL) to support our namespace for uniquely identifying attributes across disparate security domains. Details of our HGAA implementation are given and a preliminary analysis of its performance is discussed as well as directions for future work.