About
16
Publications
1,826
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
184
Citations
Publications
Publications (16)
The emergence of cloud computing infrastructure and semantic Web technologies has created unprecedented opportunities for composing large-scale business processes and workflow-based applications that span multiple organizational domains. A key challenge related to composition of such multi-organizational business processes and workflows is posed by...
We propose an Open Sensor Platform, based on Open System Architecture design, for the integration of mobile phone (MP) and sensors. This platform utilizes commercial off-the-shelf (COTS) available hardware and software tools, thereby eliminating the need for custom-designed sensor's integration boards. The design involves Data Acquisition (DAQ) dev...
Modern day networks consist of a mix and match of technologies with varying capabilities. Securing such networks is a tedious task and demands a lot of contribution from security professionals; however, failing to conduct an in depth and standardized analysis may result in an imperfect network security design. ITU-T provides recommendation for end-...
A probabilistic model of fault coverage is presented. This model is used to analyze the variation in the fault detection effectiveness associated with the use of two test selection strategies: heuristics-based and Constrained Random Test Selection (CRTS). These strategies arise in the context of conformance test suite generation for Role Based Acce...
Abstract Access control is a key security service at the foundation of information and system security. It has been extended with temporal constraints to support real-time considerations. Conformance,testing of an access control implementation,is crucial to ensure that it correctly enforces any required temporal and non-temporal policies for access...
Conformance testing procedures for generating tests from the finite state model representation of Role-Based Access Control (RBAC) policies are proposed and evaluated. A test suite generated using one of these procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce the size of the generated test suite...
In today's pervasive computing environment, access control exploiting spatial and temporal constraints has become imperative for information security. This paper suggests a framework to extend X-GTRBAC to include Generalized Spatio Temporal Role Based Access Control (GSTRBAC) spatial constraint construction and enforcement. This allows X-GTRBAC to...
One of the most popular access control management,approaches,is to abstract security administration tasks by employing,system,and securi ty policies [1]. While policy based security management approach offers a flexible, tra nsparent and extensible administration environment, it also highlights the need for consis tent composition, verification and...
Representation of Role Based Access Control (RBAC) policies as finite state models and three con-formance testing procedures for generating tests from these models are proposed. A test suite generated using one of the three procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce the size of the generat...
Enterprise integration is the key enabler for transforming the collaboration among people, organization, and technology into an enterprise. Its most important objective is the transformation of a legacy operation into an e-enterprise. In an e-enterprise, the tight coupling between business process and the underlying information technology infrastru...
Enterprise integration is the key enabler for transforming the collaboration among people, organization, and technology into an enterprise. Its most important objective is the transformation of a legacy operation into an e-enterprise. In an e-enterprise, the tight coupling between business process and the underlying information technology infrastru...
Component-based software development (CBSD) offers many advantages like reduced product time to market, reduced complexity and cost etc. Despite these advantages its wide scale utilization in developing security critical systems is currently hampered because of lack, of suitable design techniques to efficiently manage the complete system security c...
This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven role based access control (RBAC) model. Any comprehensive access control model such...
Access control is the key security service used for information and system security. The access control mechanisms can be used to enforce various security policies, but the desired access control objectives can only be achieved if the underlying software implementation is correct. It therefore becomes essential to not only verify that the implement...
Abstract There is a growing need to support secure interaction among autonomous domains/systemsfor developing distributed applications. As domains operate according to t heir individual security and,access control policies, supporting secure interactions among domains for distributed workflows is a complex task prone to subtle errors that can haves...
The 802.11 standard specifies mechanisms for chan- nel access as well as a power saving mode that require synchro- nization between a point coordinator (PC) and the stations. The synchronization is achieved using beacon packets sent periodi- cally by the PC. In this paper we identify new synchronization attacks against 802.11 that exploit the beaco...
