Skip to main content

Über dieses Buch

This volume, the 36th issue of Transactions on Large-Scale Data- and Knowledge-Centered Systems, contains eight revised, extended papers selected from the 3rd International Conference on Future Data and Security Engineering, FDSE 2016, and the 10th International Conference on Advanced Computing and Applications, ACOMP 2016, which were held in Can Tho City, Vietnam, in November 2016. Topics covered include big data analytics, massive dataset mining, security and privacy, cryptography, access control, deep learning, crowd sourcing, database watermarking, and query processing and optimization.



Risk-Based Privacy-Aware Access Control for Threat Detection Systems

Threat detection systems collect and analyze a large amount of security data logs for detecting potential attacks. Since log data from enterprise systems may contain sensitive and personal information access should be limited to the data relevant to the task at hand as mandated by data protection regulations. To this end, data need to be pre-processed (anonymized) to eliminate or obfuscate the sensitive information that is not-strictly necessary for the task. Additional security/accountability measures may be also applied to reduce the privacy risk, such as logging the access to the personal data or imposing deletion obligations. Anonymization reduces the privacy risk, but it should be carefully applied and balanced with utility requirements of the different phases of the process: a preliminary analysis may require fewer details than an in-depth investigation on a suspect set of logs. We propose a risk-based privacy-aware access control framework for threat detection systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task (e.g., imposing enforceable obligations to the user). We show how the framework can simultaneously address both the privacy and the utility requirements. The experimental results presented in the paper that the framework leads to meaningful results, and real-time performance, within an industrial threat detection solution.
Nadia Metoui, Michele Bezzi, Alessandro Armando

Systematic Digital Signing in Estonian e-Government Processes

Influencing Factors, Technologies, Change Management
In Estonia, digital signing started with the Digital Signatures Act already as early as in 2000. The aim to make digital signing and its use with various types of documents more convenient and efficient has had a high priority in the state’s e-Governance initiative. In this article we provide a study of the systematic introduction and use of digital signatures with documents related to decision-making processes and analyze the factors which influence this. We look at local governments as a major use case and provide an overview of the digital signing statistics for local government document exchange. The article highlights the differences related to the size and administrative capacity of the local governments as well as their readiness to transition into the information society.
Ingrid Pappel, Ingmar Pappel, Jaak Tepandi, Dirk Draheim

Towards a Fine-Grained Privacy-Enabled Attribute-Based Access Control Mechanism

Due to the rapid development of large scale and big data systems, attribute-based access control (ABAC) model has inaugurated a new wave in the research field of access control. In this paper, we propose a novel and comprehensive mechanism for enforcing attribute-based security policies stored in JSON documents. We build a lightweight grammar for conditional expressions that are the combination of subject, resource, and environment attributes so that the policies are flexible, dynamic and fine grained. Besides, we also present an extension from the ABAC model for privacy protection with the approach of purpose usage. The notion of purpose is associated with levels of data disclosure and constraints to support more fine-grained privacy policies. A prototype built for the proposed model using Java and MongoDB has also presented in the paper. The experiment is carried out to illustrate the relationship between the processing time for access decision and the complexity of policies.
Que Nguyet Tran Thi, Tran Khanh Dang

One-Class Collective Anomaly Detection Based on LSTM-RNNs

Intrusion detection for computer network systems has been becoming one of the most critical tasks for network administrators today. It has an important role for organizations, governments and our society due to the valuable resources hosted on computer networks. Traditional misuse detection strategies are unable to detect new and unknown intrusion types. In contrast, anomaly detection in network security aims to distinguish between illegal or malicious events and normal behavior of network systems. Anomaly detection can be considered as a classification problem where it builds models of normal network behavior, of which it uses to detect new patterns that significantly deviate from the model. Most of the current approaches on anomaly detection is based on the learning of normal behavior and anomalous actions. They do not include memory that is they do not take into account previous events classify new ones. In this paper, we propose a one-class collective anomaly detection model based on neural network learning. Normally a Long Short-Term Memory Recurrent Neural Network (LSTM RNN) is trained only on normal data, and it is capable of predicting several time-steps ahead of an input. In our approach, a LSTM RNN is trained on normal time series data before performing a prediction for each time-step. Instead of considering each time-step separately, the observation of prediction errors from a certain number of time-steps is now proposed as a new idea for detecting collective anomalies. The prediction errors of a certain number of the latest time-steps above a threshold will indicate a collective anomaly. The model is evaluated on a time series version of the KDD 1999 dataset. The experiments demonstrate that the proposed model is capable to detect collective anomaly efficiently.
Nga Nguyen Thi, Van Loi Cao, Nhien-An Le-Khac

Multihop Wireless Access Networks for Flood Mitigation Crowd-Sourcing Systems

Natural disasters can be mitigated or even anticipated if we have appropriate means, in terms of communications and data sharing models, to collect relevant data in advance or during disaster occurrences, which can be used for supporting disaster prevention and recovery processes. This work proposes a framework that encourages people to collect and share data about disaster, especially flood in Ho Chi Minh City, via on-site established multihop wireless access networks configured by the sharing of internet connectivity in users’ mobile devices. For connectivity sharing, on-the-fly establishment of multihop wireless access network (OEMAN) scheme is thoroughly analyzed and improved to resolve its inherent issue on traffic load imbalance due to its tree-based structure. More specifically, we propose a linear program for overload-aware routing optimization considering wireless interference. Evaluations implemented in Matlab show that the overload-aware routing improves load balancing among available virtual access points in OEMAN. By avoiding nodes with heavy load in the network, our solution improves network throughput compared to overload-unaware routing protocols.
Quang Tran Minh, Michel Toulouse

Assessment of Aviation Security Risk Management for Airline Turnaround Processes

Security in the aircraft business attracts heightened attention because of the expansion of differing cyber attacks, many being driven by technology innovation. Continuous research does not consider the sociotechnical essence of security in basic areas, for example, carrier turnaround systems. To cut time and costs, the latter comprises several companies for ticket- and luggage management, maintenance checks, cleaning, passenger transportation, re-fueling, and so on. The carrier business has embraced broadly data innovation for guaranteeing that aircrafts are in a state to take off again as fast as would be prudent. Progressively, this prompts the development of a virtual enterprise that utilizes data advances to consistently coordinate individual airline-turnaround processes into a single structure. The subsequent sociotechnical security risk management issues are not clearly understood and require further examination. This paper fills the gap with an assessment about the application of a security risk management strategy to identify business assets for a more profound risk mitigation analyses. The result of this paper provides knowledge about the usefulness of existing security risk management approaches.
Raimundas Matulevičius, Alex Norta, Chibuzor Udokwu, Rein Nõukas

Scalable Automated Analysis of Access Control and Privacy Policies

Access Control is becoming increasingly important for today ubiquitous systems. Sophisticated security requirements need to be ensured by authorization policies for increasingly complex and large applications. As a consequence, designers need to understand such policies and ensure that they meet the desired security constraints while administrators must also maintain them so as to comply with the evolving needs of systems and applications. These tasks are greatly complicated by the expressiveness and the dimensions of the authorization policies. It is thus necessary to provide policy designers and administrators with automated analysis techniques that are capable to foresee if, and under what conditions, security properties may be violated. In this paper, we consider this analysis problem in the context of the Role-Based Access Control (RBAC), one of the most widespread access control models. We describe how we design heuristics to enable an analysis tool, called asaspXL, to scale up to handle large and complex Administrative RBAC policies. We also discuss the capability of applying the techniques inside the tool to the analysis of location-based privacy policies. An extensive experimentation shows that the proposed heuristics play a key role in the success of the analysis tool over the state-of-the-art analysis tools.
Anh Truong, Silvio Ranise, Thanh Tung Nguyen

Partitioning-Insensitive Watermarking Approach for Distributed Relational Databases

This paper introduces an efficient watermarking approach for distributed relational databases, which is generic enough to support database outsourcing and hybrid partitioning. Various challenges, like partitioning and distribution of data, existence of replication etc., are addressed effectively by watermarking different partitions using different sub keys and by maintaining a meta-data about the data distribution. Notably, the embedding and detection phases are designed with the aim of making embedded watermarks partitioning-insensitive. That means, database partitioning and its distribution do not disturb any embedded watermark at all. To the best of our knowledge, this is the first proposal on watermarking of distributed relational databases supporting database outsourcing, its partitioning and distribution in a distributed setting.
Sapana Rani, Dileep Kumar Koshley, Raju Halder

Erratum to: Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI

Without Abstract
Abdelkader Hameurlain, Josef Küng, Roland Wagner, Tran Khanh Dang, Nam Thoai


Weitere Informationen

Premium Partner