SlideShare ist ein Scribd-Unternehmen logo
1 von 48
Downloaden Sie, um offline zu lesen
DOTNET
BIO MEDICAL / MEDICAL IMAGING
1. Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud
Platform
ABSTRACT:
Ubiquitous healthcare services are becoming more and more popular,
especially under the urgent demand of the global aging issue. Cloud computing
owns the pervasive and on-demand service-oriented natures, which can fit the
characteristics of healthcare services very well. However, the abilities in dealing
with multimodal, heterogeneous, and nonstationary physiological signals to
provide persistent personalized services, meanwhile keeping high concurrent
online analysis for public, are challenges to the general cloud. In this paper, we
proposed a private cloud platform architecture which includes six layers according
to the specific requirements. This platform utilizes message queue as a cloud
engine, and each layer thereby achieves relative independence by this loosely
coupled means of communications with publish/subscribe mechanism.
Furthermore, a plug-in algorithm framework is also presented, and massive
semistructure or unstructured medical data are accessed adaptively by this cloud
architecture. As the testing results showing, this proposed cloud platform, with
robust, stable, and efficient features, can satisfy high concurrent requests from
ubiquitous healthcare services.
2. Spine Segmentation in Medical Images Using Manifold Embeddings
and Higher-Order MRFs
ABSTRACT:
We introduce a novel approach for segmenting articulated spine shape
models from medical images. A nonlinear low-dimensional manifold is created
from a training set of mesh models to establish the patterns of global shape
variations. Local appearance is captured from neighborhoods in the manifold once
the overall representation converges. Inference with respect to the manifold and
shape parameters is performed using a higher-order Markov random field
(HOMRF). Singleton and pairwise potentials measure the support from the global
data and shape coherence in manifold space respectively, while higher-order
cliques encode geometrical modes of variation to segment each localized vertebra
models. Generic feature functions learned from ground-truth data assigns costs to
the higher-order terms. Optimization of the model parameters is achieved using
efficient linear programming and duality. The resulting model is geometrically
intuitive, captures the statistical distribution of the underlying manifold and
respects image support. Clinical experiments demonstrated promising results in
terms of spine segmentation. Quantitative comparison to expert identification
yields an accuracy of 1.6 $pm$ 0.6 mm for CT imaging and of 2.0 $pm$ 0.8 mm
for MR imaging, based on the localization of anatomical landmarks.
3. Combination Strategies in Multi-Atlas Image Segmentation:
Application to Brain MR Data
ABSTRACT:
It has been shown that employing multiple atlas images improves
segmentation accuracy in atlas-based medical image segmentation. Each atlas
image is registered to the target image independently and the calculated
transformation is applied to the segmentation of the atlas image to obtain a
segmented version of the target image. Several independent candidate
segmentations result from the process, which must be somehow combined into a
single final segmentation. Majority voting is the generally used rule to fuse the
segmentations, but more sophisticated methods have also been proposed. In this
paper, we show that the use of global weights to ponderate candidate
segmentations has a major limitation. As a means to improve segmentation
accuracy, we propose the generalized local weighting voting method. Namely, the
fusion weights adapt voxel-by-voxel according to a local estimation of
segmentation performance. Using digital phantoms and MR images of the human
brain, we demonstrate that the performance of each combination technique
depends on the gray level contrast characteristics of the segmented region, and that
no fusion method yields better results than the others for all the regions. In
particular, we show that local combination strategies outperform global methods in
segmenting high-contrast structures, while global techniques are less sensitive to
noise when contrast between neighboring structures is low. We conclude that, in
order to achieve the highest overall segmentation accuracy, the best combination
method for each particular structure must be selected.
4. Splat Feature Classification With Application to Retinal Hemorrhage
Detection in Fundus Images
ABSTRACT:
A novel splat feature classification method is presented with application to
retinal hemorrhage detection in fundus images. Reliable detection of retinal
hemorrhages is important in the development of automated screening systems
which can be translated into practice. Under our supervised approach, retinal color
images are partitioned into nonoverlapping segments covering the entire image.
Each segment, i.e., splat, contains pixels with similar color and spatial location. A
set of features is extracted from each splat to describe its characteristics relative to
its surroundings, employing responses from a variety of filter bank, interactions
with neighboring splats, and shape and texture information. An optimal subset of
splat features is selected by a filter approach followed by a wrapper approach. A
classifier is trained with splat-based expert annotations and evaluated on the
publicly available Messidor dataset. An area under the receiver operating
characteristic curve of 0.96 is achieved at the splat level and 0.87 at the image
level. While we are focused on retinal hemorrhage detection, our approach has
potential to be applied to other object detection tasks.
CLOUD COMPUTING
1. Dynamic Audit Services for Outsourced Storages in Clouds
ABSTRACT:
In this paper, we propose a dynamic audit service for verifying the integrity
of an untrusted and outsourced storage. Our audit service is constructed based on
the techniques, fragment structure, random sampling, and index-hash table,
supporting provable updates to outsourced data and timely anomaly detection. In
addition, we propose a method based on probabilistic query and periodic
verification for improving the performance of audit services. Our experimental
results not only validate the effectiveness of our approaches, but also show our
audit system verifies the integrity with lower computation overhead and requiring
less extra storage for audit metadata.
2. Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud
Platform
ABSTRACT:
Ubiquitous healthcare services are becoming more and more popular,
especially under the urgent demand of the global aging issue. Cloud computing
owns the pervasive and on-demand service-oriented natures, which can fit the
characteristics of healthcare services very well. However, the abilities in dealing
with multimodal, heterogeneous, and nonstationary physiological signals to
provide persistent personalized services, meanwhile keeping high concurrent
online analysis for public, are challenges to the general cloud. In this paper, we
proposed a private cloud platform architecture which includes six layers according
to the specific requirements. This platform utilizes message queue as a cloud
engine, and each layer thereby achieves relative independence by this loosely
coupled means of communications with publish/subscribe mechanism.
Furthermore, a plug-in algorithm framework is also presented, and massive
semistructure or unstructured medical data are accessed adaptively by this cloud
architecture. As the testing results showing, this proposed cloud platform, with
robust, stable, and efficient features, can satisfy high concurrent requests from
ubiquitous healthcare services.
3. Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the
Cloud
ABSTRACT:
With the character of low maintenance, cloud computing provides an
economical and efficient solution for sharing group resource among cloud users.
Unfortunately, sharing data in a multi-owner manner while preserving data and
identity privacy from an untrusted cloud is still a challenging issue, due to the
frequent change of the membership. In this paper, we propose a secure multi-
owner data sharing scheme, named Mona, for dynamic groups in the cloud. By
leveraging group signature and dynamic broadcast encryption techniques, any
cloud user can anonymously share data with others. Meanwhile, the storage
overhead and encryption computation cost of our scheme are independent with the
number of revoked users. In addition, we analyze the security of our scheme with
rigorous proofs, and demonstrate the efficiency of our scheme in experiments.
4. Privacy-Preserving Public Auditing for Secure Cloud Storage
ABSTRACT:
Using cloud storage, users can remotely store their data and enjoy the on-
demand high-quality applications and services from a shared pool of configurable
computing resources, without the burden of local data storage and maintenance.
However, the fact that users no longer have physical possession of the outsourced
data makes the data integrity protection in cloud computing a formidable task,
especially for users with constrained computing resources. Moreover, users should
be able to just use the cloud storage as if it is local, without worrying about the
need to verify its integrity. Thus, enabling public auditability for cloud storage is of
critical importance so that users can resort to a third-party auditor (TPA) to check
the integrity of outsourced data and be worry free. To securely introduce an
effective TPA, the auditing process should bring in no new vulnerabilities toward
user data privacy, and introduce no additional online burden to user. In this paper,
we propose a secure cloud storage system supporting privacy-preserving public
auditing. We further extend our result to enable the TPA to perform audits for
multiple users simultaneously and efficiently. Extensive security and performance
analysis show the proposed schemes are provably secure and highly efficient. Our
preliminary experiment conducted on Amazon EC2 instance further demonstrates
the fast performance of the design.
5. Harnessing the Cloud for Securely Outsourcing Large-Scale Systems of
Linear Equations
ABSTRACT:
Cloud computing economically enables customers with limited
computational resources to outsource large-scale computations to the cloud.
However, how to protect customers' confidential data involved in the computations
then becomes a major security concern. In this paper, we present a secure
outsourcing mechanism for solving large-scale systems of linear equations (LE) in
cloud. Because applying traditional approaches like Gaussian elimination or LU
decomposition (aka. direct method) to such large-scale LEs would be prohibitively
expensive, we build the secure LE outsourcing mechanism via a completely
different approach-iterative method, which is much easier to implement in practice
and only demands relatively simpler matrix-vector operations. Specifically, our
mechanism enables a customer to securely harness the cloud for iteratively finding
successive approximations to the LE solution, while keeping both the sensitive
input and output of the computation private. For robust cheating detection, we
further explore the algebraic property of matrix-vector operations and propose an
efficient result verification mechanism, which allows the customer to verify all
answers received from previous iterative approximations in one batch with high
probability. Thorough security analysis and prototype experiments on Amazon
EC2 demonstrate the validity and practicality of our proposed design.
6. A Decentralized Self-Adaptation Mechanism for Service-Based
Applications in the Cloud
ABSTRACT:
Cloud computing, with its promise of (almost) unlimited computation,
storage, and bandwidth, is increasingly becoming the infrastructure of choice for
many organizations. As cloud offerings mature, service-based applications need to
dynamically recompose themselves to self-adapt to changing QoS requirements. In
this paper, we present a decentralized mechanism for such self-adaptation, using
market-based heuristics. We use a continuous double-auction to allow applications
to decide which services to choose, among the many on offer. We view an
application as a multi-agent system and the cloud as a marketplace where many
such applications self-adapt. We show through a simulation study that our
mechanism is effective for the individual application as well as from the collective
perspective of all applications adapting at the same time.
7. A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-
Effective Privacy Preserving of Intermediate Data Sets in Cloud
ABSTRACT:
Cloud computing provides massive computation power and storage capacity
which enable users to deploy computation and data-intensive applications without
infrastructure investment. Along the processing of such applications, a large
volume of intermediate data sets will be generated, and often stored to save the
cost of recomputing them. However, preserving the privacy of intermediate data
sets becomes a challenging problem because adversaries may recover privacy-
sensitive information by analyzing multiple intermediate data sets. Encrypting
ALL data sets in cloud is widely adopted in existing approaches to address this
challenge. But we argue that encrypting all intermediate data sets are neither
efficient nor cost-effective because it is very time consuming and costly for data-
intensive applications to en/decrypt data sets frequently while performing any
operation on them. In this paper, we propose a novel upper bound privacy leakage
constraint-based approach to identify which intermediate data sets need to be
encrypted and which do not, so that privacy-preserving cost can be saved while the
privacy requirements of data holders can still be satisfied. Evaluation results
demonstrate that the privacy-preserving cost of intermediate data sets can be
significantly reduced with our approach over existing ones where all data sets are
encrypted.
8. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud
Data
ABSTRACT:
Cloud computing has emerging as a promising pattern for data outsourcing
and high-quality data services. However, concerns of sensitive information on
cloud potentially causes privacy problems. Data encryption protects data security
to some extent, but at the cost of compromised efficiency. Searchable symmetric
encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we
focus on addressing data privacy issues using SSE. For the first time, we formulate
the privacy issue from the aspect of similarity relevance and scheme robustness.
We observe that server-side ranking based on order-preserving encryption (OPE)
inevitably leaks data privacy. To eliminate the leakage, we propose a two-round
searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword
retrieval. In TRSE, we employ a vector space model and homomorphic encryption.
The vector space model helps to provide sufficient search accuracy, and the
homomorphic encryption enables users to involve in the ranking while the majority
of computing work is done on the server side by operations only on ciphertext. As
a result, information leakage can be eliminated and data security is ensured.
Thorough security and performance analysis show that the proposed scheme
guarantees high security and practical efficiency.
9. On Data Staging Algorithms for Shared Data Accesses in Clouds
ABSTRACT:
In this paper, we study the strategies for efficiently achieving data staging
and caching on a set of vantage sites in a cloud system with a minimum cost.
Unlike the traditional research, we do not intend to identify the access patterns to
facilitate the future requests. Instead, with such a kind of information presumably
known in advance, our goal is to efficiently stage the shared data items to
predetermined sites at advocated time instants to align with the patterns while
minimizing the monetary costs for caching and transmitting the requested data
items. To this end, we follow the cost and network models in [1] and extend the
analysis to multiple data items, each with single or multiple copies. Our results
show that under homogeneous cost model, when the ratio of transmission cost and
caching cost is low, a single copy of each data item can efficiently serve all the
user requests. While in multicopy situation, we also consider the tradeoff between
the transmission cost and caching cost by controlling the upper bounds of
transmissions and copies. The upper bound can be given either on per-item basis or
on all-item basis. We present efficient optimal solutions based on dynamic
programming techniques to all these cases provided that the upper bound is
polynomially bounded by the number of service requests and the number of
distinct data items. In addition to the homogeneous cost model, we also briefly
discuss this problem under a heterogeneous cost model with some simple yet
practical restrictions and present a 2-approximation algorithm to the general case.
We validate our findings by implementing a data staging solver, whereby
conducting extensive simulation studies on the behaviors of the algorithms.
10.Scalable and Secure Sharing of Personal Health Records in Cloud
Computing Using Attribute-Based Encryption
ABSTRACT:
Personal health record (PHR) is an emerging patient-centric model of health
information exchange, which is often outsourced to be stored at a third party, such
as cloud providers. However, there have been wide privacy concerns as personal
health information could be exposed to those third party servers and to
unauthorized parties. To assure the patients' control over access to their own PHRs,
it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such
as risks of privacy exposure, scalability in key management, flexible access, and
efficient user revocation, have remained the most important challenges toward
achieving fine-grained, cryptographically enforced data access control. In this
paper, we propose a novel patient-centric framework and a suite of mechanisms for
data access control to PHRs stored in semitrusted servers. To achieve fine-grained
and scalable data access control for PHRs, we leverage attribute-based encryption
(ABE) techniques to encrypt each patient's PHR file. Different from previous
works in secure data outsourcing, we focus on the multiple data owner scenario,
and divide the users in the PHR system into multiple security domains that greatly
reduces the key management complexity for owners and users. A high degree of
patient privacy is guaranteed simultaneously by exploiting multiauthority ABE.
Our scheme also enables dynamic modification of access policies or file attributes,
supports efficient on-demand user/attribute revocation and break-glass access
under emergency scenarios. Extensive analytical and experimental results are
presented which show the security, scalability, and efficiency of our proposed
scheme.
DATA MINING
1. A Survival Modeling Approach to Biomedical Search Result
Diversification Using Wikipedia
ABSTRACT:
In this paper, we propose a survival modeling approach to promoting
ranking diversity for biomedical information retrieval. The proposed approach
concerns with finding relevant documents that can deliver more different aspects of
a query. First, two probabilistic models derived from the survival analysis theory
are proposed for measuring aspect novelty. Second, a new method using Wikipedia
to detect aspects covered by retrieved documents is presented. Third, an aspect
filter based on a two-stage model is introduced. It ranks the detected aspects in
decreasing order of the probability that an aspect is generated by the query. Finally,
the relevance and the novelty of retrieved documents are combined at the aspect
level for reranking. Experiments conducted on the TREC 2006 and 2007 Genomics
collections demonstrate the effectiveness of the proposed approach in promoting
ranking diversity for biomedical information retrieval. Moreover, we further
evaluate our approach in the Web retrieval environment. The evaluation results on
the ClueWeb09-T09B collection show that our approach can achieve promising
performance improvements.
2. AML: Efficient Approximate Membership Localization within a Web-
Based Join Framework
ABSTRACT:
In this paper, we propose a new type of Dictionary-based Entity Recognition
Problem, named Approximate Membership Localization (AML). The popular
Approximate Membership Extraction (AME) provides a full coverage to the true
matched substrings from a given document, but many redundancies cause a low
efficiency of the AME process and deteriorate the performance of real-world
applications using the extracted substrings. The AML problem targets at locating
nonoverlapped substrings which is a better approximation to the true matched
substrings without generating overlapped redundancies. In order to perform AML
efficiently, we propose the optimized algorithm P-Prune that prunes a large part of
overlapped redundant matched substrings before generating them. Our study using
several real-word data sets demonstrates the efficiency of P-Prune over a baseline
method. We also study the AML in application to a proposed web-based join
framework scenario which is a search-based approach joining two tables using
dictionary-based entity recognition from web documents. The results not only
prove the advantage of AML over AME, but also demonstrate the effectiveness of
our search-based approach.
3. Supporting Flexible, Efficient, and User-Interpretable Retrieval of
Similar Time Series
ABSTRACT:
Supporting decision making in domains in which the observed phenomenon
dynamics have to be dealt with, can greatly benefit of retrieval of past cases,
provided that proper representation and retrieval techniques are implemented. In
particular, when the parameters of interest take the form of time series,
dimensionality reduction and flexible retrieval have to be addresses to this end.
Classical methodological solutions proposed to cope with these issues, typically
based on mathematical transforms, are characterized by strong limitations, such as
a difficult interpretation of retrieval results for end users, reduced flexibility and
interactivity, or inefficiency. In this paper, we describe a novel framework, in
which time-series features are summarized by means of Temporal Abstractions,
and then retrieved resorting to abstraction similarity. Our approach grants for
interpretability of the output results, and understandability of the (user-guided)
retrieval process. In particular, multilevel abstraction mechanisms and proper
indexing techniques are provided, for flexible query issuing, and efficient and
interactive query answering. Experimental results have shown the efficiency of our
approach in a scalability test, and its superiority with respect to the use of a
classical mathematical technique in flexibility, user friendliness, and also quality of
results.
4. A Context-Based Word Indexing Model for Document Summarization
ABSTRACT:
Existing models for document summarization mostly use the similarity
between sentences in the document to extract the most salient sentences. The
documents as well as the sentences are indexed using traditional term indexing
measures, which do not take the context into consideration. Therefore, the sentence
similarity values remain independent of the context. In this paper, we propose a
context sensitive document indexing model based on the Bernoulli model of
randomness. The Bernoulli model of randomness has been used to find the
probability of the cooccurrences of two terms in a large corpus. A new approach
using the lexical association between terms to give a context sensitive weight to the
document terms has been proposed. The resulting indexing weights are used to
compute the sentence similarity matrix. The proposed sentence similarity measure
has been used with the baseline graph-based ranking models for sentence
extraction. Experiments have been conducted over the benchmark DUC data sets
and it has been shown that the proposed Bernoulli-based sentence similarity model
provides consistent improvements over the baseline IntraLink and UniformLink
methods.
5. Preventing Private Information Inference Attacks on Social Networks
ABSTRACT:
Online social networks, such as Facebook, are increasingly utilized by many
people. These networks allow users to publish details about themselves and to
connect to their friends. Some of the information revealed inside these networks is
meant to be private. Yet it is possible to use learning algorithms on released data to
predict private information. In this paper, we explore how to launch inference
attacks using released social networking data to predict private information. We
then devise three possible sanitization techniques that could be used in various
situations. Then, we explore the effectiveness of these techniques and attempt to
use methods of collective inference to discover sensitive attributes of the data set.
We show that we can decrease the effectiveness of both local and relational
classification algorithms by using the sanitization methods we described.
6. A Novel Profit Maximizing Metric for Measuring Classification
Performance of Customer Churn Prediction Models
ABSTRACT:
The interest for data mining techniques has increased tremendously during
the past decades, and numerous classification techniques have been applied in a
wide range of business applications. Hence, the need for adequate performance
measures has become more important than ever. In this paper, a cost-benefit
analysis framework is formalized in order to define performance measures which
are aligned with the main objectives of the end users, i.e., profit maximization. A
new performance measure is defined, the expected maximum profit criterion. This
general framework is then applied to the customer churn problem with its
particular cost-benefit structure. The advantage of this approach is that it assists
companies with selecting the classifier which maximizes the profit. Moreover, it
aids with the practical implementation in the sense that it provides guidance about
the fraction of the customer base to be included in the retention campaign.
7. Achieving Data Privacy through Secrecy Views and Null-Based Virtual
Updates
ABSTRACT:
We may want to keep sensitive information in a relational database hidden
from a user or group thereof. We characterize sensitive data as the extensions of
secrecy views. The database, before returning the answers to a query posed by a
restricted user, is updated to make the secrecy views empty or a single tuple with
null values. Then, a query about any of those views returns no meaningful
information. Since the database is not supposed to be physically changed for this
purpose, the updates are only virtual, and also minimal. Minimality makes sure that
query answers, while being privacy preserving, are also maximally informative.
The virtual updates are based on null values as used in the SQL standard. We
provide the semantics of secrecy views, virtual updates, and secret answers (SAs)
to queries. The different instances resulting from the virtually updates are specified
as the models of a logic program with stable model semantics, which becomes the
basis for computation of the SAs.
8. Single-Database Private Information Retrieval from Fully
Homomorphic Encryption
ABSTRACT:
Private Information Retrieval (PIR) allows a user to retrieve the $(i)$th bit
of an $(n)$-bit database without revealing to the database server the value of $(i)$.
In this paper, we present a PIR protocol with the communication complexity of
$(O(gamma log n))$ bits, where $(gamma)$ is the ciphertext size. Furthermore, we
extend the PIR protocol to a private block retrieval (PBR) protocol, a natural and
more practical extension of PIR in which the user retrieves a block of bits, instead
of retrieving single bit. Our protocols are built on the state-of-the-art fully
homomorphic encryption (FHE) techniques and provide privacy for the user if the
underlying FHE scheme is semantically secure. The total communication
complexity of our PBR is $(O(gamma log m+gamma n/m))$ bits, where $(m)$ is
the number of blocks. The total computation complexity of our PBR is $(O(mlog
m))$ modular multiplications plus $(O(n/2))$ modular additions. In terms of total
protocol execution time, our PBR protocol is more efficient than existing PBR
protocols which usually require to compute $(O(n/2))$ modular multiplications
when the size of a block in the database is large and a high-speed network is
available.
IMAGE PROCESSING
1. Action Recognition From Video Using Feature Covariance Matrices
ABSTRACT:
We propose a general framework for fast and accurate recognition of actions
in video using empirical covariance matrices of features. A dense set of spatio-
temporal feature vectors are computed from video to provide a localized
description of the action, and subsequently aggregated in an empirical covariance
matrix to compactly represent the action. Two supervised learning methods for
action recognition are developed using feature covariance matrices. Common to
both methods is the transformation of the classification problem in the closed
convex cone of covariance matrices into an equivalent problem in the vector space
of symmetric matrices via the matrix logarithm. The first method applies nearest-
neighbor classification using a suitable Riemannian metric for covariance matrices.
The second method approximates the logarithm of a query covariance matrix by a
sparse linear combination of the logarithms of training covariance matrices. The
action label is then determined from the sparse coefficients. Both methods achieve
state-of-the-art classification performance on several datasets, and are robust to
action variability, viewpoint changes, and low object resolution. The proposed
framework is conceptually simple and has low storage and computational
requirements making it attractive for real-time implementation.
2. Locally Optimal Detection of Image Watermarks in the Wavelet
Domain Using Bessel K Form Distribution
ABSTRACT:
A uniformly most powerful watermark detector, which applies the Bessel K
form (BKF) probability density function to model the noise distribution was
proposed by Bian and Liang. In this paper, we derive a locally optimum (LO)
detector using the same noise model. Since the literature lacks thorough discussion
on the performance of the BKF-LO nonlinearities, the performance of the proposed
detector is discussed in detail. First, we prove that the test statistic of the proposed
detector is asymptotically Gaussian and evaluate the actual performance of the
proposed detector using the receiver operating characteristic (ROC). Then, the
large sample performance of the proposed detector is evaluated using asymptotic
relative efficiency (ARE) and “maximum ARE.” The experimental results show
that the proposed detector has a good performance with or without attacks in terms
of its ROC curves, particularly when the watermark is weak. Therefore, the
proposed method is suitable for wavelet domain watermark detection, particularly
when the watermark is weak.
3. Analysis Operator Learning and its Application to Image
Reconstruction
ABSTRACT:
Exploiting a priori known structural information lies at the core of many
image reconstruction methods that can be stated as inverse problems. The synthesis
model, which assumes that images can be decomposed into a linear combination of
very few atoms of some dictionary, is now a well established tool for the design of
image reconstruction algorithms. An interesting alternative is the analysis model,
where the signal is multiplied by an analysis operator and the outcome is assumed
to be sparse. This approach has only recently gained increasing interest. The
quality of reconstruction methods based on an analysis model severely depends on
the right choice of the suitable operator. In this paper, we present an algorithm for
learning an analysis operator from training images. Our method is based on lp-
norm minimization on the set of full rank matrices with normalized columns. We
carefully introduce the employed conjugate gradient method on manifolds, and
explain the underlying geometry of the constraints. Moreover, we compare our
approach to state-of-the-art methods for image denoising, inpainting, and single
image super-resolution. Our numerical results show competitive performance of
our general approach in all presented applications compared to the specialized
state-of-the-art techniques.
4. Novel True-Motion Estimation Algorithm and Its Application to
Motion-Compensated Temporal Frame Interpolation
ABSTRACT:
In this paper, a new low-complexity true-motion estimation (TME)
algorithm is proposed for video processing applications, such as motion-
compensated temporal frame interpolation (MCTFI) or motion-compensated frame
rate up-conversion (MCFRUC). Regular motion estimation, which is often used in
video coding, aims to find the motion vectors (MVs) to reduce the temporal
redundancy, whereas TME aims to track the projected object motion as closely as
possible. TME is obtained by imposing implicit and/or explicit smoothness
constraints on the block-matching algorithm. To produce better quality-
interpolated frames, the dense motion field at interpolation time is obtained for
both forward and backward MVs; then, bidirectional motion compensation using
forward and backward MVs is applied by mixing both elegantly. Finally, the
performance of the proposed algorithm for MCTFI is demonstrated against
recently proposed methods and smoothness constraint optical flow employed by a
professional video production suite. Experimental results show that the quality of
the interpolated frames using the proposed method is better when compared with
the MCFRUC techniques.
5. ViBe: A Universal Background Subtraction Algorithm for Video
Sequences
ABSTRACT:
This paper presents a technique for motion detection that incorporates
several innovative mechanisms. For example, our proposed technique stores, for
each pixel, a set of values taken in the past at the same location or in the
neighborhood. It then compares this set to the current pixel value in order to
determine whether that pixel belongs to the background, and adapts the model by
choosing randomly which values to substitute from the background model. This
approach differs from those based upon the classical belief that the oldest values
should be replaced first. Finally, when the pixel is found to be part of the
background, its value is propagated into the background model of a neighboring
pixel. We describe our method in full details (including pseudo-code and the
parameter values used) and compare it to other background subtraction techniques.
Efficiency figures show that our method outperforms recent and proven state-of-
the-art methods in terms of both computation speed and detection rate. We also
analyze the performance of a downscaled version of our algorithm to the absolute
minimum of one comparison and one byte of memory per pixel. It appears that
even such a simplified version of our algorithm performs better than mainstream
techniques.
6. A New Fast Encoding Algorithm Based on an Efficient Motion
Estimation Process for the Scalable Video Coding Standard
ABSTRACT:
In this paper, a new fast encoding algorithm based on an efficient motion
estimation (ME) process is proposed to accelerate the encoding speed of the
scalable video coding standard. Through analysis of the ME process performed in
the enhancement layer, we discovered that there are redundant MEs and some MEs
can simply be unified at the fully overlapped search range (FOSR). In order to
make the unified ME more efficient, we theoretically derive a skip criterion to
determine whether the computation of rate-distortion cost can be omitted. In the
proposed algorithm, the unnecessary MEs are removed and a unified ME with the
skip criterion is applied in the FOSR. Simulation results show that the proposed
algorithm achieves computational savings of approximately 46% without coding
performance degradation when compared with the original SVC encoder.
MOBILE COMPUTING
1. Discovery and Verification of Neighbor Positions in Mobile Ad Hoc
Networks
ABSTRACT:
A growing number of ad hoc networking protocols and location-aware
services require that mobile nodes learn the position of their neighbors. However,
such a process can be easily abused or disrupted by adversarial nodes. In absence
of a priori trusted nodes, the discovery and verification of neighbor positions
presents challenges that have been scarcely investigated in the literature. In this
paper, we address this open issue by proposing a fully distributed cooperative
solution that is robust against independent and colluding adversaries, and can be
impaired only by an overwhelming presence of adversaries. Results show that our
protocol can thwart more than 99 percent of the attacks under the best possible
conditions for the adversaries, with minimal false positive rates.
2. Understanding the Scheduling Performance in Wireless Networks with
Successive Interference Cancellation
ABSTRACT:
Successive interference cancellation (SIC) is an effective way of multipacket
reception to combat interference in wireless networks. We focus on link scheduling
in wireless networks with SIC, and propose a layered protocol model and a layered
physical model to characterize the impact of SIC. In both the interference models,
we show that several existing scheduling schemes achieve the same order of
approximation ratios, independent of whether or not SIC is available. Moreover,
the capacity order in a network with SIC is the same as that without SIC. We then
examine the impact of SIC from first principles. In both chain and cell topologies,
SIC does improve the throughput with a gain between 20 and 100 percent.
However, unless SIC is properly characterized, any scheduling scheme cannot
effectively utilize the new transmission opportunities. The results indicate the
challenge of designing an SIC-aware scheduling scheme, and suggest that the
approximation ratio is insufficient to measure the scheduling performance when
SIC is available.
3. Evaluating Implementation Strategies for Location-Based Multicast
Addressing
ABSTRACT:
Location-based multicast addressing (LMA) yields an important building
block for context-aware applications in mobile ad hoc networks (MANETs). In
LMA, messages are routed based on their content as well as on the location of the
sending and the receiving nodes. The same dynamism that motivates locations as
part of the addressing mechanism for multicast applications in MANETs, makes
such a multicast challenging to implement both efficiently and reliably across
application scenarios. Different implementation strategies have been proposed in
literature for abstractions similar to LMA, motivated and validated by specific
applications. The goal of this paper is to devise specific implementation strategies
for LMA and compare these strategies in the context of several application
scenarios, in order to aid in the selection of a scheme for a given application. To
that end, we first detail three algorithms for implementing LMA. The first,
message-centric, strategy uses geographically scoped gossiping to propagate
messages. The second, query-centric, strategy propagates queries of receivers to
subsequently route messages. The third, hybrid, strategy strives for the best of both
worlds through a restricted multicasting of both messages and queries. We
compare these algorithms both analytically and empirically. We pinpoint
differences and break-even points among the approaches based on communication
patterns, contrasting our findings with common expectations and our analysis. Our
evaluations show that the hybrid approach invariably outperforms at least one of
the other approaches, making it a safe choice for settings with varying or unknown
communication patterns.
4. Secret Key Extraction from Wireless Signal Strength in Real
Environments
ABSTRACT:
We evaluate the effectiveness of secret key extraction, for private
communication between two wireless devices, from the received signal strength
(RSS) variations on the wireless channel between the two devices. We use real
world measurements of RSS in a variety of environments and settings. The results
from our experiments with 802.11-based laptops show that 1) in certain
environments, due to lack of variations in the wireless channel, the extracted bits
have very low entropy making these bits unsuitable for a secret key, 2) an
adversary can cause predictable key generation in these static environments, and 3)
in dynamic scenarios where the two devices are mobile, and/or where there is a
significant movement in the environment, high entropy bits are obtained fairly
quickly. Building on the strengths of existing secret key extraction approaches, we
develop an environment adaptive secret key generation scheme that uses an
adaptive lossy quantizer in conjunction with Cascade-based information
reconciliation and privacy amplification. Our measurements show that our scheme,
in comparison to the existing ones that we evaluate, performs the best in terms of
generating high entropy bits at a high bit rate. The secret key bit streams generated
by our scheme also pass the randomness tests of the NIST test suite that we
conduct. We also build and evaluate the performance of secret key extraction using
small, low-power, hand-held devices—Google Nexus One
phones—that are equipped 802.11 wireless network cards. Last, we
evaluate secret key extraction in a multiple input multiple output (MIMO)-like
sensor network testbed that we create using multiple TelosB sensor nodes. We find
that our MIMO-like sensor environment produces prohibitively high bit mismatch,
which we address using an iterative distillation stage that we add to the key
extraction process. Ultimately, we show that the secret key generation rate is
increased when multiple sensors are involved- in the key extraction process.
5. Probability-Based Prediction and Sleep Scheduling for Energy-Efficient
Target Tracking in Sensor Networks
ABSTRACT:
A surveillance system, which tracks mobile targets, is one of the most
important applications of wireless sensor networks. When nodes operate in a duty
cycling mode, tracking performance can be improved if the target motion can be
predicted and nodes along the trajectory can be proactively awakened. However,
this will negatively influence the energy efficiency and constrain the benefits of
duty cycling. In this paper, we present a Probability-based Prediction and Sleep
Scheduling protocol (PPSS) to improve energy efficiency of proactive wake up.
We start with designing a target prediction method based on both kinematics and
probability. Based on the prediction results, PPSS then precisely selects the nodes
to awaken and reduces their active time, so as to enhance energy efficiency with
limited tracking performance loss. We evaluated the efficiency of PPSS with both
simulation-based and implementation-based experiments. The experimental results
show that compared to MCTA algorithm, PPSS improves energy efficiency by 25-
45 percent (simulation based) and 16.9 percent (implementation based), only at the
expense of an increase of 5-15 percent on the detection delay (simulation based)
and 4.1 percent on the escape distance percentage (implementation based),
respectively.
6. Estimation of Task Persistence Parameters from Pervasive Medical
Systems with Censored Data
ABSTRACT:
This paper compares two statistical models of location within a smart flat
during the day. The location is then identified with a task executed normally or
repeated pathologically, e.g., in case of Alzheimer disease (AD), whereas a task
persistence parameter assesses tendency to perseverate. Compared with a Pólya's
urns derived approach, the Markovian one is more effective and offers up to 98
percent of good prediction using only the last known location but distinguishing
days of week. To extend these results to a multisensor context, some difficulties
must be overcome. An external knowledge is made from a set of observable
random variables provided by body sensors and organized either in a Bayesian
network or in a reference knowledge base system (KBS) containing the person's
actimetric profile. When data missed or errors occurred, an estimate of the joint
probabilities of these random variables and hence the probability of all events
appearing in the network or the KBS was developed and corrects the bias of the
Lancaster and Zentgraf classical approach which in certain circumstances provides
negative estimates. Finally, we introduce a correction corresponding to a possible
loss of the person's synchronization with the nycthemeral (day versus night)
zeitgebers (synchronizers) to avoid false alarms.
7. Target Tracking and Mobile Sensor Navigation in Wireless Sensor
Networks
ABSTRACT:
This work studies the problem of tracking signal-emitting mobile targets
using navigated mobile sensors based on signal reception. Since the mobile target's
maneuver is unknown, the mobile sensor controller utilizes the measurement
collected by a wireless sensor network in terms of the mobile target signal's time of
arrival (TOA). The mobile sensor controller acquires the TOA measurement
information from both the mobile target and the mobile sensor for estimating their
locations before directing the mobile sensor's movement to follow the target. We
propose a min-max approximation approach to estimate the location for tracking
which can be efficiently solved via semidefinite programming (SDP) relaxation,
and apply a cubic function for mobile sensor navigation. We estimate the location
of the mobile sensor and target jointly to improve the tracking accuracy. To further
improve the system performance, we propose a weighted tracking algorithm by
using the measurement information more efficiently. Our results demonstrate that
the proposed algorithm provides good tracking performance and can quickly direct
the mobile sensor to follow the mobile target.
8. Design and Analysis of Adaptive Receiver Transmission Protocols for
Receiver Blocking Problem in Wireless Ad Hoc Networks
ABSTRACT:
Due to the lack of a centralized coordinator for wireless resource allocation,
the design of medium access control (MAC) protocols is considered crucial for
throughput enhancement in the wireless ad hoc networks. The receiver blocking
problem, which has not been studied in most of the MAC protocol design, can lead
to severe degradation on the throughput performance. In this paper, the multiple
receiver transmission (MRT) and the fast NAV truncation (FNT) mechanisms are
proposed to alleviate the receiver blocking problem without the adoption of
additional control channels. The adaptive receiver transmission (ART) scheme is
proposed to further enhance the throughput performance with dynamic adjustment
of the selected receivers. Analytical model is also derived to validate the
effectiveness of the proposed ART protocol. Simulations are performed to evaluate
and compare the proposed three protocols with existing MAC schemes. It can be
observed that the proposed ART protocol outperforms the other schemes by both
alleviating the receiver blocking problem and enhancing the throughput
performance for the wireless multihop ad hoc networks.
NETWORK SECURITY
1. Location-Aware and Safer Cards: Enhancing RFID Security and
Privacy via Location Sensing
ABSTRACT:
In this paper, we report on a new approach for enhancing security and
privacy in certain RFID applications whereby location or location-related
information (such as speed) can serve as a legitimate access context. Examples of
these applications include access cards, toll cards, credit cards, and other payment
tokens. We show that location awareness can be used by both tags and back-end
servers for defending against unauthorized reading and relay attacks on RFID
systems. On the tag side, we design a location-aware selective unlocking
mechanism using which tags can selectively respond to reader interrogations rather
than doing so promiscuously. On the server side, we design a location-aware
secure transaction verification scheme that allows a bank server to decide whether
to approve or deny a payment transaction and detect a specific type of relay attack
involving malicious readers. The premise of our work is a current technological
advancement that can enable RFID tags with low-cost location (GPS) sensing
capabilities. Unlike prior research on this subject, our defenses do not rely on
auxiliary devices or require any explicit user involvement.
2. A System for Timely and Controlled Information Sharing in Emergency
Situations
ABSTRACT:
During natural disasters or emergency situations, an essential requirement
for an effective emergency management is the information sharing. In this paper,
we present an access control model to enforce controlled information sharing in
emergency situations. An in-depth analysis of the model is discussed throughout
the paper, and administration policies are introduced to enhance the model
flexibility during emergencies. Moreover, a prototype implementation and
experiments results are provided showing the efficiency and scalability of the
system.
3. On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction
of Typed Input from Compromising Reflections
ABSTRACT:
We investigate the implications of the ubiquity of personal mobile devices
and reveal new techniques for compromising the privacy of users typing on virtual
keyboards. Specifically, we show that so-called compromising reflections (in, for
example, a victim's sunglasses) of a device's screen are sufficient to enable
automated reconstruction, from video, of text typed on a virtual keyboard. Through
the use of advanced computer vision and machine learning techniques, we are able
to operate under extremely realistic threat models, in real-world operating
conditions, which are far beyond the range of more traditional OCR-based attacks.
In particular, our system does not require expensive and bulky telescopic lenses:
rather, we make use of off-the-shelf, handheld video cameras. In addition, we
make no limiting assumptions about the motion of the phone or of the camera, nor
the typing style of the user, and are able to reconstruct accurate transcripts of
recorded input, even when using footage captured in challenging environments
(e.g., on a moving bus). To further underscore the extent of this threat, our system
is able to achieve accurate results even at very large distances-up to 61 m for direct
surveillance, and 12 m for sunglass reflections. We believe these results highlight
the importance of adjusting privacy expectations in response to emerging
technologies.
4. Secure Overlay Cloud Storage with Access Control and Assured
Deletion
ABSTRACT:
We can now outsource data backups off-site to third-party cloud storage
services so as to reduce data management costs. However, we must provide
security guarantees for the outsourced data, which is now maintained by third
parties. We design and implement FADE, a secure overlay cloud storage system
that achieves fine-grained, policy-based access control and file assured deletion. It
associates outsourced files with file access policies, and assuredly deletes files to
make them unrecoverable to anyone upon revocations of file access policies. To
achieve such security goals, FADE is built upon a set of cryptographic key
operations that are self-maintained by a quorum of key managers that are
independent of third-party clouds. In particular, FADE acts as an overlay system
that works seamlessly atop today's cloud storage services. We implement a proof-
of-concept prototype of FADE atop Amazon S3, one of today's cloud storage
services. We conduct extensive empirical studies, and demonstrate that FADE
provides security protection for outsourced data, while introducing only minimal
performance and monetary cost overhead. Our work provides insights of how to
incorporate value-added security features into today's cloud storage services.
5. Ensuring Distributed Accountability for Data Sharing in the Cloud
ABSTRACT:
Cloud computing enables highly scalable services to be easily consumed
over the Internet on an as-needed basis. A major feature of the cloud services is
that users' data are usually processed remotely in unknown machines that users do
not own or operate. While enjoying the convenience brought by this new emerging
technology, users' fears of losing control of their own data (particularly, financial
and health data) can become a significant barrier to the wide adoption of cloud
services. To address this problem, in this paper, we propose a novel highly
decentralized information accountability framework to keep track of the actual
usage of the users' data in the cloud. In particular, we propose an object-centered
approach that enables enclosing our logging mechanism together with users' data
and policies. We leverage the JAR programmable capabilities to both create a
dynamic and traveling object, and to ensure that any access to users' data will
trigger authentication and automated logging local to the JARs. To strengthen
user's control, we also provide distributed auditing mechanisms. We provide
extensive experimental studies that demonstrate the efficiency and effectiveness of
the proposed approaches.
6. Nymble: Blocking Misbehaving Users in Anonymizing Networks
ABSTRACT:
Anonymizing networks such as Tor allow users to access Internet services
privately by using a series of routers to hide the client's IP address from the server.
The success of such networks, however, has been limited by users employing this
anonymity for abusive purposes such as defacing popular Web sites. Web site
administrators routinely rely on IP-address blocking for disabling access to
misbehaving users, but blocking IP addresses is not practical if the abuser routes
through an anonymizing network. As a result, administrators block all known exit
nodes of anonymizing networks, denying anonymous access to misbehaving and
behaving users alike. To address this problem, we present Nymble, a system in
which servers can “blacklist” misbehaving users, thereby blocking users without
compromising their anonymity. Our system is thus agnostic to different servers'
definitions of misbehavior-servers can blacklist users for whatever reason, and the
privacy of blacklisted users is maintained.
7. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud
Data
ABSTRACT:
Cloud computing has emerging as a promising pattern for data outsourcing
and high-quality data services. However, concerns of sensitive information on
cloud potentially causes privacy problems. Data encryption protects data security
to some extent, but at the cost of compromised efficiency. Searchable symmetric
encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we
focus on addressing data privacy issues using SSE. For the first time, we formulate
the privacy issue from the aspect of similarity relevance and scheme robustness.
We observe that server-side ranking based on order-preserving encryption (OPE)
inevitably leaks data privacy. To eliminate the leakage, we propose a two-round
searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword
retrieval. In TRSE, we employ a vector space model and homomorphic encryption.
The vector space model helps to provide sufficient search accuracy, and the
homomorphic encryption enables users to involve in the ranking while the majority
of computing work is done on the server side by operations only on ciphertext. As
a result, information leakage can be eliminated and data security is ensured.
Thorough security and performance analysis show that the proposed scheme
guarantees high security and practical efficiency.
NETWORKING
1. An Effective Network Traffic Classification Method with Unknown
Flow Detection
ABSTRACT:
Traffic classification technique is an essential tool for network and system
security in the complex environments such as cloud computing based environment.
The state-of-the-art traffic classification methods aim to take the advantages of
flow statistical features and machine learning techniques, however the
classification performance is severely affected by limited supervised information
and unknown applications. To achieve effective network traffic classification, we
propose a new method to tackle the problem of unknown applications in the crucial
situation of a small supervised training set. The proposed method possesses the
superior capability of detecting unknown flows generated by unknown applications
and utilizing the correlation information among real-world network traffic to boost
the classification performance. A theoretical analysis is provided to confirm
performance benefit of the proposed method. Moreover, the comprehensive
performance evaluation conducted on two real-world network traffic datasets
shows that the proposed scheme outperforms the existing methods in the critical
network environment.
2. A Formal Data-Centric Approach for Passive Testing of
Communication Protocols
ABSTRACT:
There is currently a high level of consciousness of the importance and
impact of formally testing communicating networks. By applying formal
description techniques and formal testing approaches, we are able to validate the
conformance of implementations to the requirements of communication protocols.
In this context, passive testing techniques are used whenever the system under test
cannot be interrupted or access to its interfaces is unavailable. Under such
conditions, communication traces are extracted from points of observation and
compared to the expected behavior formally specified as properties. Since most
works on the subject come from a formal model context, they are optimized for
testing the control part of the communication with a secondary focus on the data
parts. In the current work, we provide a data-centric approach for black-box testing
of network protocols. A formalism is provided to express complex properties in a
bottom-up fashion starting from expected data relations in messages. A novel
algorithm is provided for evaluation of properties in protocol traces. Experimental
results on Session Initiation Protocol (SIP) traces for IP Multimedia Subsystem
(IMS) services are provided.
3. A Distributed Control Law for Load Balancing in Content Delivery
Networks
ABSTRACT:
In this paper, we face the challenging issue of defining and implementing an
effective law for load balancing in Content Delivery Networks (CDNs). We base
our proposal on a formal study of a CDN system, carried out through the
exploitation of a fluid flow model characterization of the network of servers.
Starting from such characterization, we derive and prove a lemma about the
network queues equilibrium. This result is then leveraged in order to devise a novel
distributed and time-continuous algorithm for load balancing, which is also
reformulated in a time-discrete version. The discrete formulation of the proposed
balancing law is eventually discussed in terms of its actual implementation in a
real-world scenario. Finally, the overall approach is validated by means of
simulations.
4. Combined Optimal Control of Activation and Transmission in Delay-
Tolerant Networks
ABSTRACT:
Performance of a delay-tolerant network has strong dependence on the nodes
participating in data transportation. Such networks often face several resource
constraints especially related to energy. Energy is consumed not only in data
transmission, but also in listening and in several signaling activities. On one hand
these activities enhance the system's performance while on the other hand, they
consume a significant amount of energy even when they do not involve actual node
transmission. Accordingly, in order to use energy efficiently, one may have to limit
not only the amount of transmissions, but also the amount of nodes that are active
at each time. Therefore, we study two coupled problems: 1) the activation problem
that determines when a mobile will turn on in order to receive packets; and 2) the
problem of regulating the beaconing. We derive optimal energy management
strategies by formulating the problem as an optimal control one, which we then
explicitly solve. We also validate our findings through extensive simulations that
are based on contact traces.
5. Quantifying and Verifying Reachability for Access Controlled Networks
ABSTRACT:
Quantifying and querying network reachability is important for security
monitoring and auditing as well as many aspects of network management such as
troubleshooting, maintenance, and design. Although attempts to model network
reachability have been made, feasible solutions to computing network reachability
have remained unknown. In this paper, we propose a suite of algorithms for
quantifying reachability based on network configurations [mainly Access Control
Lists (ACLs)] as well as solutions for querying network reachability. We present a
network reachability model that considers connectionless and connection-oriented
transport protocols, stateless and stateful routers/firewalls, static and dynamic
NAT, PAT, IP tunneling, etc. We implemented the algorithms in our network
reachability tool called Quarnet and conducted experiments on a university
network. Experimental results show that the offline computation of reachability
matrices takes a few hours, and the online processing of a reachability query takes
0.075 s on average.
6. Fast Transmission to Remote Cooperative Groups: A New Key
Management Paradigm
ABSTRACT:
The problem of efficiently and securely broadcasting to a remote
cooperative group occurs in many newly emerging networks. A major challenge in
devising such systems is to overcome the obstacles of the potentially limited
communication from the group to the sender, the unavailability of a fully trusted
key generation center, and the dynamics of the sender. The existing key
management paradigms cannot deal with these challenges effectively. In this
paper, we circumvent these obstacles and close this gap by proposing a novel key
management paradigm. The new paradigm is a hybrid of traditional broadcast
encryption and group key agreement. In such a system, each member maintains a
single public/secret key pair. Upon seeing the public keys of the members, a
remote sender can securely broadcast to any intended subgroup chosen in an ad
hoc way. Following this model, we instantiate a scheme that is proven secure in the
standard model. Even if all the nonintended members collude, they cannot extract
any useful information from the transmitted messages. After the public group
encryption key is extracted, both the computation overhead and the communication
cost are independent of the group size. Furthermore, our scheme facilitates simple
yet efficient member deletion/addition and flexible rekeying strategies. Its strong
security against collusion, its constant overhead, and its implementation
friendliness without relying on a fully trusted authority render our protocol a very
promising solution to many applications.
7. Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
ABSTRACT:
Firewalls have been widely deployed on the Internet for securing private
networks. A firewall checks each incoming or outgoing packet to decide whether
to accept or discard the packet based on its policy. Optimizing firewall policies is
crucial for improving network performance. Prior work on firewall optimization
focuses on either intrafirewall or interfirewall optimization within one
administrative domain where the privacy of firewall policies is not a concern. This
paper explores interfirewall optimization across administrative domains for the
first time. The key technical challenge is that firewall policies cannot be shared
across domains because a firewall policy contains confidential information and
even potential security holes, which can be exploited by attackers. In this paper, we
propose the first cross-domain privacy-preserving cooperative firewall policy
optimization protocol. Specifically, for any two adjacent firewalls belonging to two
different administrative domains, our protocol can identify in each firewall the
rules that can be removed because of the other firewall. The optimization process
involves cooperative computation between the two firewalls without any party
disclosing its policy to the other. We implemented our protocol and conducted
extensive experiments. The results on real firewall policies show that our protocol
can remove as many as 49% of the rules in a firewall, whereas the average is
19.4%. The communication cost is less than a few hundred kilobytes. Our protocol
incurs no extra online packet processing overhead, and the offline processing time
is less than a few hundred seconds.
8. An Efficient and Robust Addressing Protocol for Node
Autoconfiguration in Ad Hoc Networks
ABSTRACT:
Address assignment is a key challenge in ad hoc networks due to the lack of
infrastructure. Autonomous addressing protocols require a distributed and self-
managed mechanism to avoid address collisions in a dynamic network with fading
channels, frequent partitions, and joining/leaving nodes. We propose and analyze a
lightweight protocol that configures mobile ad hoc nodes based on a distributed
address database stored in filters that reduces the control load and makes the
proposal robust to packet losses and network partitions. We evaluate the
performance of our protocol, considering joining nodes, partition merging events,
and network initialization. Simulation results show that our protocol resolves all
the address collisions and also reduces the control traffic when compared to
previously proposed protocols.
PARALLEL AND DISTRIBUTED SYSTEM
1. Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the
Cloud
ABSTRACT:
With the character of low maintenance, cloud computing provides an
economical and efficient solution for sharing group resource among cloud users.
Unfortunately, sharing data in a multi-owner manner while preserving data and
identity privacy from an untrusted cloud is still a challenging issue, due to the
frequent change of the membership. In this paper, we propose a secure multi-
owner data sharing scheme, named Mona, for dynamic groups in the cloud. By
leveraging group signature and dynamic broadcast encryption techniques, any
cloud user can anonymously share data with others. Meanwhile, the storage
overhead and encryption computation cost of our scheme are independent with the
number of revoked users. In addition, we analyze the security of our scheme with
rigorous proofs, and demonstrate the efficiency of our scheme in experiments.
2. Harnessing the Cloud for Securely Outsourcing Large-Scale Systems of
Linear Equations
ABSTRACT:
Cloud computing economically enables customers with limited
computational resources to outsource large-scale computations to the cloud.
However, how to protect customers' confidential data involved in the computations
then becomes a major security concern. In this paper, we present a secure
outsourcing mechanism for solving large-scale systems of linear equations (LE)
in cloud. Because applying traditional approaches like Gaussian elimination or LU
decomposition (aka. direct method) to such large-scale LEs would be prohibitively
expensive, we build the secure LE outsourcing mechanism via a completely
different approach-iterative method, which is much easier to implement in practice
and only demands relatively simpler matrix-vector operations. Specifically, our
mechanism enables a customer to securely harness the cloud for iteratively finding
successive approximations to the LE solution, while keeping both the sensitive
input and output of the computation private. For robust cheating detection, we
further explore the algebraic property of matrix-vector operations and propose an
efficient result verification mechanism, which allows the customer to verify all
answers received from previous iterative approximations in one batch with high
probability. Thorough security analysis and prototype experiments on Amazon
EC2 demonstrate the validity and practicality of our proposed design.
3. A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-
Effective Privacy Preserving of Intermediate Data Sets in Cloud
ABSTRACT:
Cloud computing provides massive computation power and storage capacity
which enable users to deploy computation and data-intensive applications without
infrastructure investment. Along the processing of such applications, a large
volume of intermediate data sets will be generated, and often stored to save the
cost of recomputing them. However, preserving the privacy of intermediate data
sets becomes a challenging problem because adversaries may recover privacy-
sensitive information by analyzing multiple intermediate data sets. Encrypting
ALL data sets in cloud is widely adopted in existing approaches to address this
challenge. But we argue that encrypting all intermediate data sets are neither
efficient nor cost-effective because it is very time consuming and costly for data-
intensive applications to en/decrypt data sets frequently while performing any
operation on them. In this paper, we propose a novel upper bound privacy leakage
constraint-based approach to identify which intermediate data sets need to be
encrypted and which do not, so that privacy-preserving cost can be saved while the
privacy requirements of data holders can still be satisfied. Evaluation results
demonstrate that the privacy-preserving cost of intermediate data sets can be
significantly reduced with our approach over existing ones where all data sets are
encrypted.
4. On Data Staging Algorithms for Shared Data Accesses in Clouds
ABSTRACT:
In this paper, we study the strategies for efficiently achieving data staging
and caching on a set of vantage sites in a cloud system with a minimum cost.
Unlike the traditional research, we do not intend to identify the access patterns to
facilitate the future requests. Instead, with such a kind of information presumably
known in advance, our goal is to efficiently stage the shared data items to
predetermined sites at advocated time instants to align with the patterns while
minimizing the monetary costs for caching and transmitting the requested data
items. To this end, we follow the cost and network models in [1] and extend the
analysis to multiple data items, each with single or multiple copies. Our results
show that under homogeneous cost model, when the ratio of transmission cost and
caching cost is low, a single copy of each data item can efficiently serve all the
user requests. While in multicopy situation, we also consider the tradeoff between
the transmission cost and caching cost by controlling the upper bounds of
transmissions and copies. The upper bound can be given either on per-item basis or
on all-item basis. We present efficient optimal solutions based on dynamic
programming techniques to all these cases provided that the upper bound is
polynomially bounded by the number of service requests and the number of
distinct data items. In addition to the homogeneous cost model, we also briefly
discuss this problem under a heterogeneous cost model with some simple yet
practical restrictions and present a 2-approximation algorithm to the general case.
We validate our findings by implementing a data staging solver, whereby
conducting extensive simulation studies on the behaviors of the algorithms.
5. Scalable and Secure Sharing of Personal Health Records in Cloud
Computing Using Attribute-Based Encryption
ABSTRACT:
Personal health record (PHR) is an emerging patient-centric model of
health information exchange, which is often outsourced to be stored at a third
party, such as cloud providers. However, there have been wide privacy concerns as
personal health information could be exposed to those third party servers and to
unauthorized parties. To assure the patients' control over access to their own PHRs,
it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such
as risks of privacy exposure, scalability in key management, flexible access, and
efficient user revocation, have remained the most important challenges toward
achieving fine-grained, cryptographically enforced data access control. In this
paper, we propose a novel patient-centric framework and a suite of mechanisms
for data access control to PHRs stored in semitrusted servers. To achieve fine-
grained and scalable data access control for PHRs, we leverage attribute-based
encryption (ABE) techniques to encrypt each patient's PHR file. Different from
previous works in secure data outsourcing, we focus on the multiple data owner
scenario, and divide the users in the PHR system into multiple security domains
that greatly reduces the key management complexity for owners and users. A high
degree of patient privacy is guaranteed simultaneously by exploiting multiauthority
ABE. Our scheme also enables dynamic modification of access policies or file
attributes, supports efficient on-demand user/attribute revocation and break-glass
access under emergency scenarios. Extensive analytical and experimental results
are presented which show the security, scalability, and efficiency of our proposed
scheme.
SERVICE COMPUTING
1. Agent-Based Cloud Computing
ABSTRACT:
Agent-based cloud computing is concerned with the design and development
of software agents for bolstering cloud service discovery, service negotiation, and
service composition. The significance of this work is introducing an agent-based
paradigm for constructing software tools and testbeds for cloud resource
management. The novel contributions of this work include: 1) developing Cloudle:
an agent-based search engine for cloud service discovery, 2) showing that agent-
based negotiation mechanisms can be effectively adopted for bolstering cloud
service negotiation and cloud commerce, and 3) showing that agent-based
cooperative problem-solving techniques can be effectively adopted for automating
cloud service composition. Cloudle consists of 1) a service discovery agent that
consults a cloud ontology for determining the similarities between providers'
service specifications and consumers' service requirements, and 2) multiple cloud
crawlers for building its database of services. Cloudle supports three types of
reasoning: similarity reasoning, compatibility reasoning, and numerical reasoning.
To support cloud commerce, this work devised a complex cloud negotiation
mechanism that supports parallel negotiation activities in interrelated markets: a
cloud service market between consumer agents and broker agents, and multiple
cloud resource markets between broker agents and provider agents. Empirical
results show that using the complex cloud negotiation mechanism, agents achieved
high utilities and high success rates in negotiating for cloud resources. To automate
cloud service composition, agents in this work adopt a focused selection contract
net protocol (FSCNP) for dynamically selecting cloud services and use service
capability tables (SCTs) to record the list of cloud agents and their services.
Empirical results show that using FSCNP and SCTs, agents can successfully
compose cloud services by autonomously selecting services.
2. Toward Secure and Dependable Storage Services in Cloud Computing
ABSTRACT:
Cloud storage enables users to remotely store their data and enjoy the on-
demand high quality cloud applications without the burden of local hardware and
software management. Though the benefits are clear, such a service is also
relinquishing users' physical possession of their outsourced data, which inevitably
poses new security risks toward the correctness of the data in cloud. In order to
address this new problem and further achieve a secure and dependable cloud
storage service, we propose in this paper a flexible distributed storage integrity
auditing mechanism, utilizing the homomorphic token and distributed erasure-
coded data. The proposed design allows users to audit the cloud storage with very
lightweight communication and computation cost. The auditing result not only
ensures strong cloud storage correctness guarantee, but also simultaneously
achieves fast data error localization, i.e., the identification of misbehaving server.
Considering the cloud data are dynamic in nature, the proposed design further
supports secure and efficient dynamic operations on outsourced data, including
block modification, deletion, and append. Analysis shows the proposed scheme is
highly efficient and resilient against Byzantine failure, malicious data modification
attack, and even server colluding attacks.
3. Social Cloud Computing: A Vision for Socially Motivated Resource
Sharing
ABSTRACT:
Online relationships in social networks are often based on real world
relationships and can therefore be used to infer a level of trust between users. We
propose leveraging these relationships to form a dynamic "Social Cloud,” thereby
enabling users to share heterogeneous resources within the context of a social
network. In addition, the inherent socially corrective mechanisms (incentives,
disincentives) can be used to enable a cloud-based framework for long term
sharing with lower privacy concerns and security overheads than are present in
traditional cloud environments. Due to the unique nature of the Social Cloud, a
social market place is proposed as a means of regulating sharing. The social market
is novel, as it uses both social and economic protocols to facilitate trading. This
paper defines Social Cloud computing, outlining various aspects of Social Clouds,
and demonstrates the approach using a social storage cloud implementation in
Facebook.
4. A Framework for Consumer-Centric SLA Management of Cloud-
Hosted Databases
ABSTRACT:
Currently, we are witnessing a proliferation in the number of cloud-hosted
applications with a tremendous increase in the scale of the data generated as well
as being consumed by such applications. The specifications of existing service
level agreements (SLA) for cloud services are not designed to flexibly handle even
relatively straightforward performance and technical requirements of consumer
applications. In this article, we present a novel approach for SLA-based
management of cloud-hosted databases from the consumer perspective. The
framework facilitates adaptive and dynamic provisioning of the database tier of the
software applications based on application-defined policies for satisfying their own
SLA performance requirements, avoiding the cost of any SLA violation and
controlling the monetary cost of the allocated computing resources. In this
framework, the SLA of the consumer applications are declaratively defined in
terms of goals which are subjected to a number of constraints that are specific to
the application requirements. The framework continuously monitors the
application-defined SLA and automatically triggers the execution of necessary
corrective actions (scaling out/in the database tier) when required. The
experimental results demonstrate the effectiveness of our SLA-based framework in
providing the consumer applications with the required flexibility for achieving
their SLA requirements.
5. THEMIS: A Mutually Verifiable Billing System for the Cloud
Computing Environment
ABSTRACT:
With the widespread adoption of cloud computing, the ability to record and
account for the usage of cloud resources in a credible and verifiable way has
become critical for cloud service providers and users alike. The success of such a
billing system depends on several factors: the billing transactions must have
integrity and nonrepudiation capabilities; the billing transactions must have a
minimal computation cost; and the SLA monitoring should be provided in a trusted
manner. Existing billing systems are limited in terms of security capabilities or
computational overhead. In this paper, we propose a secure and nonobstructive
billing system called THEMIS as a remedy for these limitations. The system uses a
novel concept of a cloud notary authority for the supervision of billing. It generates
mutually verifiable binding information that can be used to resolve future disputes
between a user and a cloud service provider in a computationally efficient way.
Furthermore, to provide a forgery-resistive SLA monitoring mechanism, we
devised a SLA monitoring module enhanced with a trusted platform module
(TPM), called S-Mon. This work has been undertaken on a real cloud computing
service called iCubeCloud.
SOFTWARE ENGINEERING
1. A Decentralized Self-Adaptation Mechanism for Service-Based
Applications in the Cloud
ABSTRACT:
Cloud computing, with its promise of (almost) unlimited computation,
storage, and bandwidth, is increasingly becoming the infrastructure of choice for
many organizations. As cloud offerings mature, service-based applications need to
dynamically recompose themselves to self-adapt to changing QoS requirements. In
this paper, we present a decentralized mechanism for such self-adaptation, using
market-based heuristics. We use a continuous double-auction to allow applications
to decide which services to choose, among the many on offer. We view an
application as a multi-agent system and the cloud as a marketplace where many
such applications self-adapt. We show through a simulation study that our
mechanism is effective for the individual application as well as from the collective
perspective of all applications adapting at the same time.
2. Automated API Property Inference Techniques
ABSTRACT:
Frameworks and libraries offer reusable and customizable functionality
through Application Programming Interfaces (APIs). Correctly using large and
sophisticated APIs can represent a challenge due to hidden assumptions and
requirements. Numerous approaches have been developed to infer properties of
APIs, intended to guide their use by developers. With each approach come new
definitions of API properties, new techniques for inferring these properties, and
new ways to assess their correctness and usefulness. This paper provides a
comprehensive survey of over a decade of research on automated property
inference for APIs. Our survey provides a synthesis of this complex technical field
along different dimensions of analysis: properties inferred, mining techniques, and
empirical results. In particular, we derive a classification and organization of over
60 techniques into five different categories based on the type of API property
inferred: unordered usage patterns, sequential usage patterns, behavioral
specifications, migration mappings, and general information.
3. Resource Management for Complex, Dynamic Environments
ABSTRACT:
This paper describes an approach to the specification and management of the
agents and resources that are required to support the execution of complex systems
and processes. The paper suggests that a resource should be viewed as a provider
of a set of capabilities that are needed by a system or process, where that set may
vary dynamically over time and with circumstances. This view of resources is
defined and then made the basis for the framework of an approach to specifying,
managing, and allocating resources in the presence of real-world complexity and
dynamism. The ROMEO prototype resource management system is presented as
an example of how this framework can be instantiated. Some case studies of the
use of ROMEO to support system execution are presented and used to evaluate the
framework, the ROMEO prototype, and our view of the nature of resources.
4. Self-Management of Adaptable Component-Based Applications
ABSTRACT:
The problem of self-optimization and adaptation in the context of
customizable systems is becoming increasingly important with the emergence of
complex software systems and unpredictable execution environments. Here, a
general framework for automatically deciding on when and how to adapt a system
whenever it deviates from the desired behavior is presented. In this framework, the
system's target behavior is described as a high-level policy that establishes goals
for a set of performance indicators. The decision process is based on information
provided independently for each component that describes the available
adaptations, their impact on performance indicators, and any limitations or
requirements. The technique consists of both offline and online phases. Offline,
rules are generated specifying component adaptations that may help to achieve the
established goals when a given change in the execution context occurs. Online, the
corresponding rules are evaluated when a change occurs to choose which
adaptations to perform. Experimental results using a prototype framework in the
context of a web-based application demonstrate the effectiveness of this approach.

Weitere ähnliche Inhalte

Andere mochten auch (11)

Secret Lingerie
Secret LingerieSecret Lingerie
Secret Lingerie
 
Filippoi museum
Filippoi museumFilippoi museum
Filippoi museum
 
Instrumen ujian pra protim tahun 6(2013) bm
Instrumen ujian pra protim tahun 6(2013) bmInstrumen ujian pra protim tahun 6(2013) bm
Instrumen ujian pra protim tahun 6(2013) bm
 
7 SS -- Ancient Chinese Civilizations (Chapter 4.1)
7 SS -- Ancient Chinese Civilizations (Chapter 4.1)7 SS -- Ancient Chinese Civilizations (Chapter 4.1)
7 SS -- Ancient Chinese Civilizations (Chapter 4.1)
 
北京的四季看图说话练习
北京的四季看图说话练习北京的四季看图说话练习
北京的四季看图说话练习
 
Desires
DesiresDesires
Desires
 
Agt lawyers
Agt lawyers Agt lawyers
Agt lawyers
 
ФотоПоэзия
ФотоПоэзияФотоПоэзия
ФотоПоэзия
 
Pollard ICMA Draft
Pollard ICMA DraftPollard ICMA Draft
Pollard ICMA Draft
 
Symbols
SymbolsSymbols
Symbols
 
HP inovace, které pracují pro vás
HP inovace, které pracují pro vásHP inovace, které pracují pro vás
HP inovace, které pracují pro vás
 

Kürzlich hochgeladen

VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 

Kürzlich hochgeladen (20)

VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 

Final Year Projects Dotnet abstracts 2013-2014

  • 1. DOTNET BIO MEDICAL / MEDICAL IMAGING 1. Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud Platform ABSTRACT: Ubiquitous healthcare services are becoming more and more popular, especially under the urgent demand of the global aging issue. Cloud computing owns the pervasive and on-demand service-oriented natures, which can fit the characteristics of healthcare services very well. However, the abilities in dealing with multimodal, heterogeneous, and nonstationary physiological signals to provide persistent personalized services, meanwhile keeping high concurrent online analysis for public, are challenges to the general cloud. In this paper, we proposed a private cloud platform architecture which includes six layers according to the specific requirements. This platform utilizes message queue as a cloud engine, and each layer thereby achieves relative independence by this loosely coupled means of communications with publish/subscribe mechanism. Furthermore, a plug-in algorithm framework is also presented, and massive semistructure or unstructured medical data are accessed adaptively by this cloud architecture. As the testing results showing, this proposed cloud platform, with robust, stable, and efficient features, can satisfy high concurrent requests from ubiquitous healthcare services. 2. Spine Segmentation in Medical Images Using Manifold Embeddings and Higher-Order MRFs ABSTRACT:
  • 2. We introduce a novel approach for segmenting articulated spine shape models from medical images. A nonlinear low-dimensional manifold is created from a training set of mesh models to establish the patterns of global shape variations. Local appearance is captured from neighborhoods in the manifold once the overall representation converges. Inference with respect to the manifold and shape parameters is performed using a higher-order Markov random field (HOMRF). Singleton and pairwise potentials measure the support from the global data and shape coherence in manifold space respectively, while higher-order cliques encode geometrical modes of variation to segment each localized vertebra models. Generic feature functions learned from ground-truth data assigns costs to the higher-order terms. Optimization of the model parameters is achieved using efficient linear programming and duality. The resulting model is geometrically intuitive, captures the statistical distribution of the underlying manifold and respects image support. Clinical experiments demonstrated promising results in terms of spine segmentation. Quantitative comparison to expert identification yields an accuracy of 1.6 $pm$ 0.6 mm for CT imaging and of 2.0 $pm$ 0.8 mm for MR imaging, based on the localization of anatomical landmarks. 3. Combination Strategies in Multi-Atlas Image Segmentation: Application to Brain MR Data ABSTRACT: It has been shown that employing multiple atlas images improves segmentation accuracy in atlas-based medical image segmentation. Each atlas image is registered to the target image independently and the calculated transformation is applied to the segmentation of the atlas image to obtain a segmented version of the target image. Several independent candidate segmentations result from the process, which must be somehow combined into a
  • 3. single final segmentation. Majority voting is the generally used rule to fuse the segmentations, but more sophisticated methods have also been proposed. In this paper, we show that the use of global weights to ponderate candidate segmentations has a major limitation. As a means to improve segmentation accuracy, we propose the generalized local weighting voting method. Namely, the fusion weights adapt voxel-by-voxel according to a local estimation of segmentation performance. Using digital phantoms and MR images of the human brain, we demonstrate that the performance of each combination technique depends on the gray level contrast characteristics of the segmented region, and that no fusion method yields better results than the others for all the regions. In particular, we show that local combination strategies outperform global methods in segmenting high-contrast structures, while global techniques are less sensitive to noise when contrast between neighboring structures is low. We conclude that, in order to achieve the highest overall segmentation accuracy, the best combination method for each particular structure must be selected. 4. Splat Feature Classification With Application to Retinal Hemorrhage Detection in Fundus Images ABSTRACT: A novel splat feature classification method is presented with application to retinal hemorrhage detection in fundus images. Reliable detection of retinal hemorrhages is important in the development of automated screening systems which can be translated into practice. Under our supervised approach, retinal color images are partitioned into nonoverlapping segments covering the entire image. Each segment, i.e., splat, contains pixels with similar color and spatial location. A set of features is extracted from each splat to describe its characteristics relative to its surroundings, employing responses from a variety of filter bank, interactions
  • 4. with neighboring splats, and shape and texture information. An optimal subset of splat features is selected by a filter approach followed by a wrapper approach. A classifier is trained with splat-based expert annotations and evaluated on the publicly available Messidor dataset. An area under the receiver operating characteristic curve of 0.96 is achieved at the splat level and 0.87 at the image level. While we are focused on retinal hemorrhage detection, our approach has potential to be applied to other object detection tasks. CLOUD COMPUTING 1. Dynamic Audit Services for Outsourced Storages in Clouds ABSTRACT: In this paper, we propose a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. Our audit service is constructed based on the techniques, fragment structure, random sampling, and index-hash table, supporting provable updates to outsourced data and timely anomaly detection. In addition, we propose a method based on probabilistic query and periodic verification for improving the performance of audit services. Our experimental results not only validate the effectiveness of our approaches, but also show our audit system verifies the integrity with lower computation overhead and requiring less extra storage for audit metadata. 2. Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud Platform ABSTRACT: Ubiquitous healthcare services are becoming more and more popular, especially under the urgent demand of the global aging issue. Cloud computing
  • 5. owns the pervasive and on-demand service-oriented natures, which can fit the characteristics of healthcare services very well. However, the abilities in dealing with multimodal, heterogeneous, and nonstationary physiological signals to provide persistent personalized services, meanwhile keeping high concurrent online analysis for public, are challenges to the general cloud. In this paper, we proposed a private cloud platform architecture which includes six layers according to the specific requirements. This platform utilizes message queue as a cloud engine, and each layer thereby achieves relative independence by this loosely coupled means of communications with publish/subscribe mechanism. Furthermore, a plug-in algorithm framework is also presented, and massive semistructure or unstructured medical data are accessed adaptively by this cloud architecture. As the testing results showing, this proposed cloud platform, with robust, stable, and efficient features, can satisfy high concurrent requests from ubiquitous healthcare services. 3. Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud ABSTRACT: With the character of low maintenance, cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership. In this paper, we propose a secure multi- owner data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the
  • 6. number of revoked users. In addition, we analyze the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments. 4. Privacy-Preserving Public Auditing for Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on- demand high-quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in cloud computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the cloud storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for cloud storage is of critical importance so that users can resort to a third-party auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities toward user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure cloud storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design. 5. Harnessing the Cloud for Securely Outsourcing Large-Scale Systems of Linear Equations ABSTRACT:
  • 7. Cloud computing economically enables customers with limited computational resources to outsource large-scale computations to the cloud. However, how to protect customers' confidential data involved in the computations then becomes a major security concern. In this paper, we present a secure outsourcing mechanism for solving large-scale systems of linear equations (LE) in cloud. Because applying traditional approaches like Gaussian elimination or LU decomposition (aka. direct method) to such large-scale LEs would be prohibitively expensive, we build the secure LE outsourcing mechanism via a completely different approach-iterative method, which is much easier to implement in practice and only demands relatively simpler matrix-vector operations. Specifically, our mechanism enables a customer to securely harness the cloud for iteratively finding successive approximations to the LE solution, while keeping both the sensitive input and output of the computation private. For robust cheating detection, we further explore the algebraic property of matrix-vector operations and propose an efficient result verification mechanism, which allows the customer to verify all answers received from previous iterative approximations in one batch with high probability. Thorough security analysis and prototype experiments on Amazon EC2 demonstrate the validity and practicality of our proposed design. 6. A Decentralized Self-Adaptation Mechanism for Service-Based Applications in the Cloud ABSTRACT: Cloud computing, with its promise of (almost) unlimited computation, storage, and bandwidth, is increasingly becoming the infrastructure of choice for many organizations. As cloud offerings mature, service-based applications need to dynamically recompose themselves to self-adapt to changing QoS requirements. In this paper, we present a decentralized mechanism for such self-adaptation, using
  • 8. market-based heuristics. We use a continuous double-auction to allow applications to decide which services to choose, among the many on offer. We view an application as a multi-agent system and the cloud as a marketplace where many such applications self-adapt. We show through a simulation study that our mechanism is effective for the individual application as well as from the collective perspective of all applications adapting at the same time. 7. A Privacy Leakage Upper Bound Constraint-Based Approach for Cost- Effective Privacy Preserving of Intermediate Data Sets in Cloud ABSTRACT: Cloud computing provides massive computation power and storage capacity which enable users to deploy computation and data-intensive applications without infrastructure investment. Along the processing of such applications, a large volume of intermediate data sets will be generated, and often stored to save the cost of recomputing them. However, preserving the privacy of intermediate data sets becomes a challenging problem because adversaries may recover privacy- sensitive information by analyzing multiple intermediate data sets. Encrypting ALL data sets in cloud is widely adopted in existing approaches to address this challenge. But we argue that encrypting all intermediate data sets are neither efficient nor cost-effective because it is very time consuming and costly for data- intensive applications to en/decrypt data sets frequently while performing any operation on them. In this paper, we propose a novel upper bound privacy leakage constraint-based approach to identify which intermediate data sets need to be encrypted and which do not, so that privacy-preserving cost can be saved while the privacy requirements of data holders can still be satisfied. Evaluation results
  • 9. demonstrate that the privacy-preserving cost of intermediate data sets can be significantly reduced with our approach over existing ones where all data sets are encrypted. 8. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data ABSTRACT: Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but at the cost of compromised efficiency. Searchable symmetric encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we focus on addressing data privacy issues using SSE. For the first time, we formulate the privacy issue from the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a two-round searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword retrieval. In TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the ranking while the majority of computing work is done on the server side by operations only on ciphertext. As a result, information leakage can be eliminated and data security is ensured.
  • 10. Thorough security and performance analysis show that the proposed scheme guarantees high security and practical efficiency. 9. On Data Staging Algorithms for Shared Data Accesses in Clouds ABSTRACT: In this paper, we study the strategies for efficiently achieving data staging and caching on a set of vantage sites in a cloud system with a minimum cost. Unlike the traditional research, we do not intend to identify the access patterns to facilitate the future requests. Instead, with such a kind of information presumably known in advance, our goal is to efficiently stage the shared data items to predetermined sites at advocated time instants to align with the patterns while minimizing the monetary costs for caching and transmitting the requested data items. To this end, we follow the cost and network models in [1] and extend the analysis to multiple data items, each with single or multiple copies. Our results show that under homogeneous cost model, when the ratio of transmission cost and caching cost is low, a single copy of each data item can efficiently serve all the user requests. While in multicopy situation, we also consider the tradeoff between the transmission cost and caching cost by controlling the upper bounds of transmissions and copies. The upper bound can be given either on per-item basis or on all-item basis. We present efficient optimal solutions based on dynamic programming techniques to all these cases provided that the upper bound is polynomially bounded by the number of service requests and the number of distinct data items. In addition to the homogeneous cost model, we also briefly discuss this problem under a heterogeneous cost model with some simple yet practical restrictions and present a 2-approximation algorithm to the general case. We validate our findings by implementing a data staging solver, whereby conducting extensive simulation studies on the behaviors of the algorithms.
  • 11. 10.Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption ABSTRACT: Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.
  • 12. DATA MINING 1. A Survival Modeling Approach to Biomedical Search Result Diversification Using Wikipedia ABSTRACT: In this paper, we propose a survival modeling approach to promoting ranking diversity for biomedical information retrieval. The proposed approach concerns with finding relevant documents that can deliver more different aspects of a query. First, two probabilistic models derived from the survival analysis theory are proposed for measuring aspect novelty. Second, a new method using Wikipedia to detect aspects covered by retrieved documents is presented. Third, an aspect filter based on a two-stage model is introduced. It ranks the detected aspects in decreasing order of the probability that an aspect is generated by the query. Finally, the relevance and the novelty of retrieved documents are combined at the aspect level for reranking. Experiments conducted on the TREC 2006 and 2007 Genomics collections demonstrate the effectiveness of the proposed approach in promoting ranking diversity for biomedical information retrieval. Moreover, we further evaluate our approach in the Web retrieval environment. The evaluation results on the ClueWeb09-T09B collection show that our approach can achieve promising performance improvements. 2. AML: Efficient Approximate Membership Localization within a Web- Based Join Framework ABSTRACT:
  • 13. In this paper, we propose a new type of Dictionary-based Entity Recognition Problem, named Approximate Membership Localization (AML). The popular Approximate Membership Extraction (AME) provides a full coverage to the true matched substrings from a given document, but many redundancies cause a low efficiency of the AME process and deteriorate the performance of real-world applications using the extracted substrings. The AML problem targets at locating nonoverlapped substrings which is a better approximation to the true matched substrings without generating overlapped redundancies. In order to perform AML efficiently, we propose the optimized algorithm P-Prune that prunes a large part of overlapped redundant matched substrings before generating them. Our study using several real-word data sets demonstrates the efficiency of P-Prune over a baseline method. We also study the AML in application to a proposed web-based join framework scenario which is a search-based approach joining two tables using dictionary-based entity recognition from web documents. The results not only prove the advantage of AML over AME, but also demonstrate the effectiveness of our search-based approach. 3. Supporting Flexible, Efficient, and User-Interpretable Retrieval of Similar Time Series ABSTRACT: Supporting decision making in domains in which the observed phenomenon dynamics have to be dealt with, can greatly benefit of retrieval of past cases, provided that proper representation and retrieval techniques are implemented. In particular, when the parameters of interest take the form of time series, dimensionality reduction and flexible retrieval have to be addresses to this end. Classical methodological solutions proposed to cope with these issues, typically
  • 14. based on mathematical transforms, are characterized by strong limitations, such as a difficult interpretation of retrieval results for end users, reduced flexibility and interactivity, or inefficiency. In this paper, we describe a novel framework, in which time-series features are summarized by means of Temporal Abstractions, and then retrieved resorting to abstraction similarity. Our approach grants for interpretability of the output results, and understandability of the (user-guided) retrieval process. In particular, multilevel abstraction mechanisms and proper indexing techniques are provided, for flexible query issuing, and efficient and interactive query answering. Experimental results have shown the efficiency of our approach in a scalability test, and its superiority with respect to the use of a classical mathematical technique in flexibility, user friendliness, and also quality of results. 4. A Context-Based Word Indexing Model for Document Summarization ABSTRACT: Existing models for document summarization mostly use the similarity between sentences in the document to extract the most salient sentences. The documents as well as the sentences are indexed using traditional term indexing measures, which do not take the context into consideration. Therefore, the sentence similarity values remain independent of the context. In this paper, we propose a context sensitive document indexing model based on the Bernoulli model of randomness. The Bernoulli model of randomness has been used to find the probability of the cooccurrences of two terms in a large corpus. A new approach using the lexical association between terms to give a context sensitive weight to the document terms has been proposed. The resulting indexing weights are used to compute the sentence similarity matrix. The proposed sentence similarity measure has been used with the baseline graph-based ranking models for sentence
  • 15. extraction. Experiments have been conducted over the benchmark DUC data sets and it has been shown that the proposed Bernoulli-based sentence similarity model provides consistent improvements over the baseline IntraLink and UniformLink methods. 5. Preventing Private Information Inference Attacks on Social Networks ABSTRACT: Online social networks, such as Facebook, are increasingly utilized by many people. These networks allow users to publish details about themselves and to connect to their friends. Some of the information revealed inside these networks is meant to be private. Yet it is possible to use learning algorithms on released data to predict private information. In this paper, we explore how to launch inference attacks using released social networking data to predict private information. We then devise three possible sanitization techniques that could be used in various situations. Then, we explore the effectiveness of these techniques and attempt to use methods of collective inference to discover sensitive attributes of the data set. We show that we can decrease the effectiveness of both local and relational classification algorithms by using the sanitization methods we described. 6. A Novel Profit Maximizing Metric for Measuring Classification Performance of Customer Churn Prediction Models ABSTRACT: The interest for data mining techniques has increased tremendously during the past decades, and numerous classification techniques have been applied in a wide range of business applications. Hence, the need for adequate performance measures has become more important than ever. In this paper, a cost-benefit analysis framework is formalized in order to define performance measures which
  • 16. are aligned with the main objectives of the end users, i.e., profit maximization. A new performance measure is defined, the expected maximum profit criterion. This general framework is then applied to the customer churn problem with its particular cost-benefit structure. The advantage of this approach is that it assists companies with selecting the classifier which maximizes the profit. Moreover, it aids with the practical implementation in the sense that it provides guidance about the fraction of the customer base to be included in the retention campaign. 7. Achieving Data Privacy through Secrecy Views and Null-Based Virtual Updates ABSTRACT: We may want to keep sensitive information in a relational database hidden from a user or group thereof. We characterize sensitive data as the extensions of secrecy views. The database, before returning the answers to a query posed by a restricted user, is updated to make the secrecy views empty or a single tuple with null values. Then, a query about any of those views returns no meaningful information. Since the database is not supposed to be physically changed for this purpose, the updates are only virtual, and also minimal. Minimality makes sure that query answers, while being privacy preserving, are also maximally informative. The virtual updates are based on null values as used in the SQL standard. We provide the semantics of secrecy views, virtual updates, and secret answers (SAs) to queries. The different instances resulting from the virtually updates are specified as the models of a logic program with stable model semantics, which becomes the basis for computation of the SAs. 8. Single-Database Private Information Retrieval from Fully Homomorphic Encryption
  • 17. ABSTRACT: Private Information Retrieval (PIR) allows a user to retrieve the $(i)$th bit of an $(n)$-bit database without revealing to the database server the value of $(i)$. In this paper, we present a PIR protocol with the communication complexity of $(O(gamma log n))$ bits, where $(gamma)$ is the ciphertext size. Furthermore, we extend the PIR protocol to a private block retrieval (PBR) protocol, a natural and more practical extension of PIR in which the user retrieves a block of bits, instead of retrieving single bit. Our protocols are built on the state-of-the-art fully homomorphic encryption (FHE) techniques and provide privacy for the user if the underlying FHE scheme is semantically secure. The total communication complexity of our PBR is $(O(gamma log m+gamma n/m))$ bits, where $(m)$ is the number of blocks. The total computation complexity of our PBR is $(O(mlog m))$ modular multiplications plus $(O(n/2))$ modular additions. In terms of total protocol execution time, our PBR protocol is more efficient than existing PBR protocols which usually require to compute $(O(n/2))$ modular multiplications when the size of a block in the database is large and a high-speed network is available. IMAGE PROCESSING 1. Action Recognition From Video Using Feature Covariance Matrices ABSTRACT: We propose a general framework for fast and accurate recognition of actions in video using empirical covariance matrices of features. A dense set of spatio- temporal feature vectors are computed from video to provide a localized description of the action, and subsequently aggregated in an empirical covariance matrix to compactly represent the action. Two supervised learning methods for
  • 18. action recognition are developed using feature covariance matrices. Common to both methods is the transformation of the classification problem in the closed convex cone of covariance matrices into an equivalent problem in the vector space of symmetric matrices via the matrix logarithm. The first method applies nearest- neighbor classification using a suitable Riemannian metric for covariance matrices. The second method approximates the logarithm of a query covariance matrix by a sparse linear combination of the logarithms of training covariance matrices. The action label is then determined from the sparse coefficients. Both methods achieve state-of-the-art classification performance on several datasets, and are robust to action variability, viewpoint changes, and low object resolution. The proposed framework is conceptually simple and has low storage and computational requirements making it attractive for real-time implementation. 2. Locally Optimal Detection of Image Watermarks in the Wavelet Domain Using Bessel K Form Distribution ABSTRACT: A uniformly most powerful watermark detector, which applies the Bessel K form (BKF) probability density function to model the noise distribution was proposed by Bian and Liang. In this paper, we derive a locally optimum (LO) detector using the same noise model. Since the literature lacks thorough discussion on the performance of the BKF-LO nonlinearities, the performance of the proposed detector is discussed in detail. First, we prove that the test statistic of the proposed detector is asymptotically Gaussian and evaluate the actual performance of the proposed detector using the receiver operating characteristic (ROC). Then, the large sample performance of the proposed detector is evaluated using asymptotic relative efficiency (ARE) and “maximum ARE.” The experimental results show that the proposed detector has a good performance with or without attacks in terms
  • 19. of its ROC curves, particularly when the watermark is weak. Therefore, the proposed method is suitable for wavelet domain watermark detection, particularly when the watermark is weak. 3. Analysis Operator Learning and its Application to Image Reconstruction ABSTRACT: Exploiting a priori known structural information lies at the core of many image reconstruction methods that can be stated as inverse problems. The synthesis model, which assumes that images can be decomposed into a linear combination of very few atoms of some dictionary, is now a well established tool for the design of image reconstruction algorithms. An interesting alternative is the analysis model, where the signal is multiplied by an analysis operator and the outcome is assumed to be sparse. This approach has only recently gained increasing interest. The quality of reconstruction methods based on an analysis model severely depends on the right choice of the suitable operator. In this paper, we present an algorithm for learning an analysis operator from training images. Our method is based on lp- norm minimization on the set of full rank matrices with normalized columns. We carefully introduce the employed conjugate gradient method on manifolds, and explain the underlying geometry of the constraints. Moreover, we compare our approach to state-of-the-art methods for image denoising, inpainting, and single image super-resolution. Our numerical results show competitive performance of our general approach in all presented applications compared to the specialized state-of-the-art techniques. 4. Novel True-Motion Estimation Algorithm and Its Application to Motion-Compensated Temporal Frame Interpolation
  • 20. ABSTRACT: In this paper, a new low-complexity true-motion estimation (TME) algorithm is proposed for video processing applications, such as motion- compensated temporal frame interpolation (MCTFI) or motion-compensated frame rate up-conversion (MCFRUC). Regular motion estimation, which is often used in video coding, aims to find the motion vectors (MVs) to reduce the temporal redundancy, whereas TME aims to track the projected object motion as closely as possible. TME is obtained by imposing implicit and/or explicit smoothness constraints on the block-matching algorithm. To produce better quality- interpolated frames, the dense motion field at interpolation time is obtained for both forward and backward MVs; then, bidirectional motion compensation using forward and backward MVs is applied by mixing both elegantly. Finally, the performance of the proposed algorithm for MCTFI is demonstrated against recently proposed methods and smoothness constraint optical flow employed by a professional video production suite. Experimental results show that the quality of the interpolated frames using the proposed method is better when compared with the MCFRUC techniques. 5. ViBe: A Universal Background Subtraction Algorithm for Video Sequences ABSTRACT: This paper presents a technique for motion detection that incorporates several innovative mechanisms. For example, our proposed technique stores, for each pixel, a set of values taken in the past at the same location or in the neighborhood. It then compares this set to the current pixel value in order to
  • 21. determine whether that pixel belongs to the background, and adapts the model by choosing randomly which values to substitute from the background model. This approach differs from those based upon the classical belief that the oldest values should be replaced first. Finally, when the pixel is found to be part of the background, its value is propagated into the background model of a neighboring pixel. We describe our method in full details (including pseudo-code and the parameter values used) and compare it to other background subtraction techniques. Efficiency figures show that our method outperforms recent and proven state-of- the-art methods in terms of both computation speed and detection rate. We also analyze the performance of a downscaled version of our algorithm to the absolute minimum of one comparison and one byte of memory per pixel. It appears that even such a simplified version of our algorithm performs better than mainstream techniques. 6. A New Fast Encoding Algorithm Based on an Efficient Motion Estimation Process for the Scalable Video Coding Standard ABSTRACT: In this paper, a new fast encoding algorithm based on an efficient motion estimation (ME) process is proposed to accelerate the encoding speed of the scalable video coding standard. Through analysis of the ME process performed in the enhancement layer, we discovered that there are redundant MEs and some MEs can simply be unified at the fully overlapped search range (FOSR). In order to make the unified ME more efficient, we theoretically derive a skip criterion to determine whether the computation of rate-distortion cost can be omitted. In the proposed algorithm, the unnecessary MEs are removed and a unified ME with the skip criterion is applied in the FOSR. Simulation results show that the proposed
  • 22. algorithm achieves computational savings of approximately 46% without coding performance degradation when compared with the original SVC encoder. MOBILE COMPUTING 1. Discovery and Verification of Neighbor Positions in Mobile Ad Hoc Networks ABSTRACT: A growing number of ad hoc networking protocols and location-aware services require that mobile nodes learn the position of their neighbors. However, such a process can be easily abused or disrupted by adversarial nodes. In absence of a priori trusted nodes, the discovery and verification of neighbor positions presents challenges that have been scarcely investigated in the literature. In this paper, we address this open issue by proposing a fully distributed cooperative solution that is robust against independent and colluding adversaries, and can be impaired only by an overwhelming presence of adversaries. Results show that our protocol can thwart more than 99 percent of the attacks under the best possible conditions for the adversaries, with minimal false positive rates. 2. Understanding the Scheduling Performance in Wireless Networks with Successive Interference Cancellation ABSTRACT: Successive interference cancellation (SIC) is an effective way of multipacket reception to combat interference in wireless networks. We focus on link scheduling in wireless networks with SIC, and propose a layered protocol model and a layered physical model to characterize the impact of SIC. In both the interference models, we show that several existing scheduling schemes achieve the same order of
  • 23. approximation ratios, independent of whether or not SIC is available. Moreover, the capacity order in a network with SIC is the same as that without SIC. We then examine the impact of SIC from first principles. In both chain and cell topologies, SIC does improve the throughput with a gain between 20 and 100 percent. However, unless SIC is properly characterized, any scheduling scheme cannot effectively utilize the new transmission opportunities. The results indicate the challenge of designing an SIC-aware scheduling scheme, and suggest that the approximation ratio is insufficient to measure the scheduling performance when SIC is available. 3. Evaluating Implementation Strategies for Location-Based Multicast Addressing ABSTRACT: Location-based multicast addressing (LMA) yields an important building block for context-aware applications in mobile ad hoc networks (MANETs). In LMA, messages are routed based on their content as well as on the location of the sending and the receiving nodes. The same dynamism that motivates locations as part of the addressing mechanism for multicast applications in MANETs, makes such a multicast challenging to implement both efficiently and reliably across application scenarios. Different implementation strategies have been proposed in literature for abstractions similar to LMA, motivated and validated by specific applications. The goal of this paper is to devise specific implementation strategies for LMA and compare these strategies in the context of several application scenarios, in order to aid in the selection of a scheme for a given application. To that end, we first detail three algorithms for implementing LMA. The first, message-centric, strategy uses geographically scoped gossiping to propagate messages. The second, query-centric, strategy propagates queries of receivers to
  • 24. subsequently route messages. The third, hybrid, strategy strives for the best of both worlds through a restricted multicasting of both messages and queries. We compare these algorithms both analytically and empirically. We pinpoint differences and break-even points among the approaches based on communication patterns, contrasting our findings with common expectations and our analysis. Our evaluations show that the hybrid approach invariably outperforms at least one of the other approaches, making it a safe choice for settings with varying or unknown communication patterns. 4. Secret Key Extraction from Wireless Signal Strength in Real Environments ABSTRACT: We evaluate the effectiveness of secret key extraction, for private communication between two wireless devices, from the received signal strength (RSS) variations on the wireless channel between the two devices. We use real world measurements of RSS in a variety of environments and settings. The results from our experiments with 802.11-based laptops show that 1) in certain environments, due to lack of variations in the wireless channel, the extracted bits have very low entropy making these bits unsuitable for a secret key, 2) an adversary can cause predictable key generation in these static environments, and 3) in dynamic scenarios where the two devices are mobile, and/or where there is a significant movement in the environment, high entropy bits are obtained fairly quickly. Building on the strengths of existing secret key extraction approaches, we develop an environment adaptive secret key generation scheme that uses an adaptive lossy quantizer in conjunction with Cascade-based information reconciliation and privacy amplification. Our measurements show that our scheme, in comparison to the existing ones that we evaluate, performs the best in terms of
  • 25. generating high entropy bits at a high bit rate. The secret key bit streams generated by our scheme also pass the randomness tests of the NIST test suite that we conduct. We also build and evaluate the performance of secret key extraction using small, low-power, hand-held devices—Google Nexus One phones—that are equipped 802.11 wireless network cards. Last, we evaluate secret key extraction in a multiple input multiple output (MIMO)-like sensor network testbed that we create using multiple TelosB sensor nodes. We find that our MIMO-like sensor environment produces prohibitively high bit mismatch, which we address using an iterative distillation stage that we add to the key extraction process. Ultimately, we show that the secret key generation rate is increased when multiple sensors are involved- in the key extraction process. 5. Probability-Based Prediction and Sleep Scheduling for Energy-Efficient Target Tracking in Sensor Networks ABSTRACT: A surveillance system, which tracks mobile targets, is one of the most important applications of wireless sensor networks. When nodes operate in a duty cycling mode, tracking performance can be improved if the target motion can be predicted and nodes along the trajectory can be proactively awakened. However, this will negatively influence the energy efficiency and constrain the benefits of duty cycling. In this paper, we present a Probability-based Prediction and Sleep Scheduling protocol (PPSS) to improve energy efficiency of proactive wake up. We start with designing a target prediction method based on both kinematics and probability. Based on the prediction results, PPSS then precisely selects the nodes to awaken and reduces their active time, so as to enhance energy efficiency with limited tracking performance loss. We evaluated the efficiency of PPSS with both simulation-based and implementation-based experiments. The experimental results
  • 26. show that compared to MCTA algorithm, PPSS improves energy efficiency by 25- 45 percent (simulation based) and 16.9 percent (implementation based), only at the expense of an increase of 5-15 percent on the detection delay (simulation based) and 4.1 percent on the escape distance percentage (implementation based), respectively. 6. Estimation of Task Persistence Parameters from Pervasive Medical Systems with Censored Data ABSTRACT: This paper compares two statistical models of location within a smart flat during the day. The location is then identified with a task executed normally or repeated pathologically, e.g., in case of Alzheimer disease (AD), whereas a task persistence parameter assesses tendency to perseverate. Compared with a Pólya's urns derived approach, the Markovian one is more effective and offers up to 98 percent of good prediction using only the last known location but distinguishing days of week. To extend these results to a multisensor context, some difficulties must be overcome. An external knowledge is made from a set of observable random variables provided by body sensors and organized either in a Bayesian network or in a reference knowledge base system (KBS) containing the person's actimetric profile. When data missed or errors occurred, an estimate of the joint probabilities of these random variables and hence the probability of all events appearing in the network or the KBS was developed and corrects the bias of the Lancaster and Zentgraf classical approach which in certain circumstances provides negative estimates. Finally, we introduce a correction corresponding to a possible loss of the person's synchronization with the nycthemeral (day versus night) zeitgebers (synchronizers) to avoid false alarms.
  • 27. 7. Target Tracking and Mobile Sensor Navigation in Wireless Sensor Networks ABSTRACT: This work studies the problem of tracking signal-emitting mobile targets using navigated mobile sensors based on signal reception. Since the mobile target's maneuver is unknown, the mobile sensor controller utilizes the measurement collected by a wireless sensor network in terms of the mobile target signal's time of arrival (TOA). The mobile sensor controller acquires the TOA measurement information from both the mobile target and the mobile sensor for estimating their locations before directing the mobile sensor's movement to follow the target. We propose a min-max approximation approach to estimate the location for tracking which can be efficiently solved via semidefinite programming (SDP) relaxation, and apply a cubic function for mobile sensor navigation. We estimate the location of the mobile sensor and target jointly to improve the tracking accuracy. To further improve the system performance, we propose a weighted tracking algorithm by using the measurement information more efficiently. Our results demonstrate that the proposed algorithm provides good tracking performance and can quickly direct the mobile sensor to follow the mobile target. 8. Design and Analysis of Adaptive Receiver Transmission Protocols for Receiver Blocking Problem in Wireless Ad Hoc Networks ABSTRACT:
  • 28. Due to the lack of a centralized coordinator for wireless resource allocation, the design of medium access control (MAC) protocols is considered crucial for throughput enhancement in the wireless ad hoc networks. The receiver blocking problem, which has not been studied in most of the MAC protocol design, can lead to severe degradation on the throughput performance. In this paper, the multiple receiver transmission (MRT) and the fast NAV truncation (FNT) mechanisms are proposed to alleviate the receiver blocking problem without the adoption of additional control channels. The adaptive receiver transmission (ART) scheme is proposed to further enhance the throughput performance with dynamic adjustment of the selected receivers. Analytical model is also derived to validate the effectiveness of the proposed ART protocol. Simulations are performed to evaluate and compare the proposed three protocols with existing MAC schemes. It can be observed that the proposed ART protocol outperforms the other schemes by both alleviating the receiver blocking problem and enhancing the throughput performance for the wireless multihop ad hoc networks. NETWORK SECURITY 1. Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing ABSTRACT: In this paper, we report on a new approach for enhancing security and privacy in certain RFID applications whereby location or location-related information (such as speed) can serve as a legitimate access context. Examples of these applications include access cards, toll cards, credit cards, and other payment tokens. We show that location awareness can be used by both tags and back-end servers for defending against unauthorized reading and relay attacks on RFID
  • 29. systems. On the tag side, we design a location-aware selective unlocking mechanism using which tags can selectively respond to reader interrogations rather than doing so promiscuously. On the server side, we design a location-aware secure transaction verification scheme that allows a bank server to decide whether to approve or deny a payment transaction and detect a specific type of relay attack involving malicious readers. The premise of our work is a current technological advancement that can enable RFID tags with low-cost location (GPS) sensing capabilities. Unlike prior research on this subject, our defenses do not rely on auxiliary devices or require any explicit user involvement. 2. A System for Timely and Controlled Information Sharing in Emergency Situations ABSTRACT: During natural disasters or emergency situations, an essential requirement for an effective emergency management is the information sharing. In this paper, we present an access control model to enforce controlled information sharing in emergency situations. An in-depth analysis of the model is discussed throughout the paper, and administration policies are introduced to enhance the model flexibility during emergencies. Moreover, a prototype implementation and experiments results are provided showing the efficiency and scalability of the system. 3. On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from Compromising Reflections ABSTRACT: We investigate the implications of the ubiquity of personal mobile devices and reveal new techniques for compromising the privacy of users typing on virtual
  • 30. keyboards. Specifically, we show that so-called compromising reflections (in, for example, a victim's sunglasses) of a device's screen are sufficient to enable automated reconstruction, from video, of text typed on a virtual keyboard. Through the use of advanced computer vision and machine learning techniques, we are able to operate under extremely realistic threat models, in real-world operating conditions, which are far beyond the range of more traditional OCR-based attacks. In particular, our system does not require expensive and bulky telescopic lenses: rather, we make use of off-the-shelf, handheld video cameras. In addition, we make no limiting assumptions about the motion of the phone or of the camera, nor the typing style of the user, and are able to reconstruct accurate transcripts of recorded input, even when using footage captured in challenging environments (e.g., on a moving bus). To further underscore the extent of this threat, our system is able to achieve accurate results even at very large distances-up to 61 m for direct surveillance, and 12 m for sunglass reflections. We believe these results highlight the importance of adjusting privacy expectations in response to emerging technologies. 4. Secure Overlay Cloud Storage with Access Control and Assured Deletion ABSTRACT: We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and implement FADE, a secure overlay cloud storage system that achieves fine-grained, policy-based access control and file assured deletion. It associates outsourced files with file access policies, and assuredly deletes files to make them unrecoverable to anyone upon revocations of file access policies. To
  • 31. achieve such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of third-party clouds. In particular, FADE acts as an overlay system that works seamlessly atop today's cloud storage services. We implement a proof- of-concept prototype of FADE atop Amazon S3, one of today's cloud storage services. We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today's cloud storage services. 5. Ensuring Distributed Accountability for Data Sharing in the Cloud ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that users' data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, users' fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, in this paper, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the users' data in the cloud. In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with users' data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users' data will trigger authentication and automated logging local to the JARs. To strengthen user's control, we also provide distributed auditing mechanisms. We provide
  • 32. extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches. 6. Nymble: Blocking Misbehaving Users in Anonymizing Networks ABSTRACT: Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client's IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular Web sites. Web site administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block all known exit nodes of anonymizing networks, denying anonymous access to misbehaving and behaving users alike. To address this problem, we present Nymble, a system in which servers can “blacklist” misbehaving users, thereby blocking users without compromising their anonymity. Our system is thus agnostic to different servers' definitions of misbehavior-servers can blacklist users for whatever reason, and the privacy of blacklisted users is maintained. 7. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data ABSTRACT: Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but at the cost of compromised efficiency. Searchable symmetric
  • 33. encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we focus on addressing data privacy issues using SSE. For the first time, we formulate the privacy issue from the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a two-round searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword retrieval. In TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the ranking while the majority of computing work is done on the server side by operations only on ciphertext. As a result, information leakage can be eliminated and data security is ensured. Thorough security and performance analysis show that the proposed scheme guarantees high security and practical efficiency. NETWORKING 1. An Effective Network Traffic Classification Method with Unknown Flow Detection ABSTRACT: Traffic classification technique is an essential tool for network and system security in the complex environments such as cloud computing based environment. The state-of-the-art traffic classification methods aim to take the advantages of flow statistical features and machine learning techniques, however the classification performance is severely affected by limited supervised information and unknown applications. To achieve effective network traffic classification, we propose a new method to tackle the problem of unknown applications in the crucial situation of a small supervised training set. The proposed method possesses the superior capability of detecting unknown flows generated by unknown applications and utilizing the correlation information among real-world network traffic to boost the classification performance. A theoretical analysis is provided to confirm performance benefit of the proposed method. Moreover, the comprehensive performance evaluation conducted on two real-world network traffic datasets
  • 34. shows that the proposed scheme outperforms the existing methods in the critical network environment. 2. A Formal Data-Centric Approach for Passive Testing of Communication Protocols ABSTRACT: There is currently a high level of consciousness of the importance and impact of formally testing communicating networks. By applying formal description techniques and formal testing approaches, we are able to validate the conformance of implementations to the requirements of communication protocols. In this context, passive testing techniques are used whenever the system under test cannot be interrupted or access to its interfaces is unavailable. Under such conditions, communication traces are extracted from points of observation and compared to the expected behavior formally specified as properties. Since most works on the subject come from a formal model context, they are optimized for testing the control part of the communication with a secondary focus on the data parts. In the current work, we provide a data-centric approach for black-box testing of network protocols. A formalism is provided to express complex properties in a bottom-up fashion starting from expected data relations in messages. A novel algorithm is provided for evaluation of properties in protocol traces. Experimental results on Session Initiation Protocol (SIP) traces for IP Multimedia Subsystem (IMS) services are provided. 3. A Distributed Control Law for Load Balancing in Content Delivery Networks ABSTRACT: In this paper, we face the challenging issue of defining and implementing an effective law for load balancing in Content Delivery Networks (CDNs). We base our proposal on a formal study of a CDN system, carried out through the exploitation of a fluid flow model characterization of the network of servers. Starting from such characterization, we derive and prove a lemma about the network queues equilibrium. This result is then leveraged in order to devise a novel distributed and time-continuous algorithm for load balancing, which is also reformulated in a time-discrete version. The discrete formulation of the proposed balancing law is eventually discussed in terms of its actual implementation in a
  • 35. real-world scenario. Finally, the overall approach is validated by means of simulations. 4. Combined Optimal Control of Activation and Transmission in Delay- Tolerant Networks ABSTRACT: Performance of a delay-tolerant network has strong dependence on the nodes participating in data transportation. Such networks often face several resource constraints especially related to energy. Energy is consumed not only in data transmission, but also in listening and in several signaling activities. On one hand these activities enhance the system's performance while on the other hand, they consume a significant amount of energy even when they do not involve actual node transmission. Accordingly, in order to use energy efficiently, one may have to limit not only the amount of transmissions, but also the amount of nodes that are active at each time. Therefore, we study two coupled problems: 1) the activation problem that determines when a mobile will turn on in order to receive packets; and 2) the problem of regulating the beaconing. We derive optimal energy management strategies by formulating the problem as an optimal control one, which we then explicitly solve. We also validate our findings through extensive simulations that are based on contact traces. 5. Quantifying and Verifying Reachability for Access Controlled Networks ABSTRACT: Quantifying and querying network reachability is important for security monitoring and auditing as well as many aspects of network management such as troubleshooting, maintenance, and design. Although attempts to model network reachability have been made, feasible solutions to computing network reachability have remained unknown. In this paper, we propose a suite of algorithms for quantifying reachability based on network configurations [mainly Access Control Lists (ACLs)] as well as solutions for querying network reachability. We present a network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, IP tunneling, etc. We implemented the algorithms in our network reachability tool called Quarnet and conducted experiments on a university network. Experimental results show that the offline computation of reachability
  • 36. matrices takes a few hours, and the online processing of a reachability query takes 0.075 s on average. 6. Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm ABSTRACT: The problem of efficiently and securely broadcasting to a remote cooperative group occurs in many newly emerging networks. A major challenge in devising such systems is to overcome the obstacles of the potentially limited communication from the group to the sender, the unavailability of a fully trusted key generation center, and the dynamics of the sender. The existing key management paradigms cannot deal with these challenges effectively. In this paper, we circumvent these obstacles and close this gap by proposing a novel key management paradigm. The new paradigm is a hybrid of traditional broadcast encryption and group key agreement. In such a system, each member maintains a single public/secret key pair. Upon seeing the public keys of the members, a remote sender can securely broadcast to any intended subgroup chosen in an ad hoc way. Following this model, we instantiate a scheme that is proven secure in the standard model. Even if all the nonintended members collude, they cannot extract any useful information from the transmitted messages. After the public group encryption key is extracted, both the computation overhead and the communication cost are independent of the group size. Furthermore, our scheme facilitates simple yet efficient member deletion/addition and flexible rekeying strategies. Its strong security against collusion, its constant overhead, and its implementation friendliness without relying on a fully trusted authority render our protocol a very promising solution to many applications. 7. Cross-Domain Privacy-Preserving Cooperative Firewall Optimization ABSTRACT: Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for improving network performance. Prior work on firewall optimization focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. This paper explores interfirewall optimization across administrative domains for the
  • 37. first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential information and even potential security holes, which can be exploited by attackers. In this paper, we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our protocol can remove as many as 49% of the rules in a firewall, whereas the average is 19.4%. The communication cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet processing overhead, and the offline processing time is less than a few hundred seconds. 8. An Efficient and Robust Addressing Protocol for Node Autoconfiguration in Ad Hoc Networks ABSTRACT: Address assignment is a key challenge in ad hoc networks due to the lack of infrastructure. Autonomous addressing protocols require a distributed and self- managed mechanism to avoid address collisions in a dynamic network with fading channels, frequent partitions, and joining/leaving nodes. We propose and analyze a lightweight protocol that configures mobile ad hoc nodes based on a distributed address database stored in filters that reduces the control load and makes the proposal robust to packet losses and network partitions. We evaluate the performance of our protocol, considering joining nodes, partition merging events, and network initialization. Simulation results show that our protocol resolves all the address collisions and also reduces the control traffic when compared to previously proposed protocols. PARALLEL AND DISTRIBUTED SYSTEM 1. Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud ABSTRACT:
  • 38. With the character of low maintenance, cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership. In this paper, we propose a secure multi- owner data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the number of revoked users. In addition, we analyze the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments. 2. Harnessing the Cloud for Securely Outsourcing Large-Scale Systems of Linear Equations ABSTRACT: Cloud computing economically enables customers with limited computational resources to outsource large-scale computations to the cloud. However, how to protect customers' confidential data involved in the computations then becomes a major security concern. In this paper, we present a secure outsourcing mechanism for solving large-scale systems of linear equations (LE) in cloud. Because applying traditional approaches like Gaussian elimination or LU decomposition (aka. direct method) to such large-scale LEs would be prohibitively expensive, we build the secure LE outsourcing mechanism via a completely different approach-iterative method, which is much easier to implement in practice and only demands relatively simpler matrix-vector operations. Specifically, our mechanism enables a customer to securely harness the cloud for iteratively finding
  • 39. successive approximations to the LE solution, while keeping both the sensitive input and output of the computation private. For robust cheating detection, we further explore the algebraic property of matrix-vector operations and propose an efficient result verification mechanism, which allows the customer to verify all answers received from previous iterative approximations in one batch with high probability. Thorough security analysis and prototype experiments on Amazon EC2 demonstrate the validity and practicality of our proposed design. 3. A Privacy Leakage Upper Bound Constraint-Based Approach for Cost- Effective Privacy Preserving of Intermediate Data Sets in Cloud ABSTRACT: Cloud computing provides massive computation power and storage capacity which enable users to deploy computation and data-intensive applications without infrastructure investment. Along the processing of such applications, a large volume of intermediate data sets will be generated, and often stored to save the cost of recomputing them. However, preserving the privacy of intermediate data sets becomes a challenging problem because adversaries may recover privacy- sensitive information by analyzing multiple intermediate data sets. Encrypting ALL data sets in cloud is widely adopted in existing approaches to address this challenge. But we argue that encrypting all intermediate data sets are neither efficient nor cost-effective because it is very time consuming and costly for data- intensive applications to en/decrypt data sets frequently while performing any operation on them. In this paper, we propose a novel upper bound privacy leakage constraint-based approach to identify which intermediate data sets need to be encrypted and which do not, so that privacy-preserving cost can be saved while the privacy requirements of data holders can still be satisfied. Evaluation results
  • 40. demonstrate that the privacy-preserving cost of intermediate data sets can be significantly reduced with our approach over existing ones where all data sets are encrypted. 4. On Data Staging Algorithms for Shared Data Accesses in Clouds ABSTRACT: In this paper, we study the strategies for efficiently achieving data staging and caching on a set of vantage sites in a cloud system with a minimum cost. Unlike the traditional research, we do not intend to identify the access patterns to facilitate the future requests. Instead, with such a kind of information presumably known in advance, our goal is to efficiently stage the shared data items to predetermined sites at advocated time instants to align with the patterns while minimizing the monetary costs for caching and transmitting the requested data items. To this end, we follow the cost and network models in [1] and extend the analysis to multiple data items, each with single or multiple copies. Our results show that under homogeneous cost model, when the ratio of transmission cost and caching cost is low, a single copy of each data item can efficiently serve all the user requests. While in multicopy situation, we also consider the tradeoff between the transmission cost and caching cost by controlling the upper bounds of transmissions and copies. The upper bound can be given either on per-item basis or on all-item basis. We present efficient optimal solutions based on dynamic programming techniques to all these cases provided that the upper bound is polynomially bounded by the number of service requests and the number of distinct data items. In addition to the homogeneous cost model, we also briefly discuss this problem under a heterogeneous cost model with some simple yet practical restrictions and present a 2-approximation algorithm to the general case.
  • 41. We validate our findings by implementing a data staging solver, whereby conducting extensive simulation studies on the behaviors of the algorithms. 5. Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption ABSTRACT: Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine- grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results
  • 42. are presented which show the security, scalability, and efficiency of our proposed scheme. SERVICE COMPUTING 1. Agent-Based Cloud Computing ABSTRACT: Agent-based cloud computing is concerned with the design and development of software agents for bolstering cloud service discovery, service negotiation, and service composition. The significance of this work is introducing an agent-based paradigm for constructing software tools and testbeds for cloud resource management. The novel contributions of this work include: 1) developing Cloudle: an agent-based search engine for cloud service discovery, 2) showing that agent- based negotiation mechanisms can be effectively adopted for bolstering cloud service negotiation and cloud commerce, and 3) showing that agent-based cooperative problem-solving techniques can be effectively adopted for automating cloud service composition. Cloudle consists of 1) a service discovery agent that consults a cloud ontology for determining the similarities between providers' service specifications and consumers' service requirements, and 2) multiple cloud crawlers for building its database of services. Cloudle supports three types of reasoning: similarity reasoning, compatibility reasoning, and numerical reasoning. To support cloud commerce, this work devised a complex cloud negotiation mechanism that supports parallel negotiation activities in interrelated markets: a cloud service market between consumer agents and broker agents, and multiple cloud resource markets between broker agents and provider agents. Empirical results show that using the complex cloud negotiation mechanism, agents achieved high utilities and high success rates in negotiating for cloud resources. To automate
  • 43. cloud service composition, agents in this work adopt a focused selection contract net protocol (FSCNP) for dynamically selecting cloud services and use service capability tables (SCTs) to record the list of cloud agents and their services. Empirical results show that using FSCNP and SCTs, agents can successfully compose cloud services by autonomously selecting services. 2. Toward Secure and Dependable Storage Services in Cloud Computing ABSTRACT: Cloud storage enables users to remotely store their data and enjoy the on- demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure- coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.
  • 44. 3. Social Cloud Computing: A Vision for Socially Motivated Resource Sharing ABSTRACT: Online relationships in social networks are often based on real world relationships and can therefore be used to infer a level of trust between users. We propose leveraging these relationships to form a dynamic "Social Cloud,” thereby enabling users to share heterogeneous resources within the context of a social network. In addition, the inherent socially corrective mechanisms (incentives, disincentives) can be used to enable a cloud-based framework for long term sharing with lower privacy concerns and security overheads than are present in traditional cloud environments. Due to the unique nature of the Social Cloud, a social market place is proposed as a means of regulating sharing. The social market is novel, as it uses both social and economic protocols to facilitate trading. This paper defines Social Cloud computing, outlining various aspects of Social Clouds, and demonstrates the approach using a social storage cloud implementation in Facebook. 4. A Framework for Consumer-Centric SLA Management of Cloud- Hosted Databases ABSTRACT: Currently, we are witnessing a proliferation in the number of cloud-hosted applications with a tremendous increase in the scale of the data generated as well as being consumed by such applications. The specifications of existing service level agreements (SLA) for cloud services are not designed to flexibly handle even relatively straightforward performance and technical requirements of consumer applications. In this article, we present a novel approach for SLA-based
  • 45. management of cloud-hosted databases from the consumer perspective. The framework facilitates adaptive and dynamic provisioning of the database tier of the software applications based on application-defined policies for satisfying their own SLA performance requirements, avoiding the cost of any SLA violation and controlling the monetary cost of the allocated computing resources. In this framework, the SLA of the consumer applications are declaratively defined in terms of goals which are subjected to a number of constraints that are specific to the application requirements. The framework continuously monitors the application-defined SLA and automatically triggers the execution of necessary corrective actions (scaling out/in the database tier) when required. The experimental results demonstrate the effectiveness of our SLA-based framework in providing the consumer applications with the required flexibility for achieving their SLA requirements. 5. THEMIS: A Mutually Verifiable Billing System for the Cloud Computing Environment ABSTRACT: With the widespread adoption of cloud computing, the ability to record and account for the usage of cloud resources in a credible and verifiable way has become critical for cloud service providers and users alike. The success of such a billing system depends on several factors: the billing transactions must have integrity and nonrepudiation capabilities; the billing transactions must have a minimal computation cost; and the SLA monitoring should be provided in a trusted manner. Existing billing systems are limited in terms of security capabilities or computational overhead. In this paper, we propose a secure and nonobstructive billing system called THEMIS as a remedy for these limitations. The system uses a novel concept of a cloud notary authority for the supervision of billing. It generates
  • 46. mutually verifiable binding information that can be used to resolve future disputes between a user and a cloud service provider in a computationally efficient way. Furthermore, to provide a forgery-resistive SLA monitoring mechanism, we devised a SLA monitoring module enhanced with a trusted platform module (TPM), called S-Mon. This work has been undertaken on a real cloud computing service called iCubeCloud. SOFTWARE ENGINEERING 1. A Decentralized Self-Adaptation Mechanism for Service-Based Applications in the Cloud ABSTRACT: Cloud computing, with its promise of (almost) unlimited computation, storage, and bandwidth, is increasingly becoming the infrastructure of choice for many organizations. As cloud offerings mature, service-based applications need to dynamically recompose themselves to self-adapt to changing QoS requirements. In this paper, we present a decentralized mechanism for such self-adaptation, using market-based heuristics. We use a continuous double-auction to allow applications to decide which services to choose, among the many on offer. We view an application as a multi-agent system and the cloud as a marketplace where many such applications self-adapt. We show through a simulation study that our mechanism is effective for the individual application as well as from the collective perspective of all applications adapting at the same time. 2. Automated API Property Inference Techniques ABSTRACT:
  • 47. Frameworks and libraries offer reusable and customizable functionality through Application Programming Interfaces (APIs). Correctly using large and sophisticated APIs can represent a challenge due to hidden assumptions and requirements. Numerous approaches have been developed to infer properties of APIs, intended to guide their use by developers. With each approach come new definitions of API properties, new techniques for inferring these properties, and new ways to assess their correctness and usefulness. This paper provides a comprehensive survey of over a decade of research on automated property inference for APIs. Our survey provides a synthesis of this complex technical field along different dimensions of analysis: properties inferred, mining techniques, and empirical results. In particular, we derive a classification and organization of over 60 techniques into five different categories based on the type of API property inferred: unordered usage patterns, sequential usage patterns, behavioral specifications, migration mappings, and general information. 3. Resource Management for Complex, Dynamic Environments ABSTRACT: This paper describes an approach to the specification and management of the agents and resources that are required to support the execution of complex systems and processes. The paper suggests that a resource should be viewed as a provider of a set of capabilities that are needed by a system or process, where that set may vary dynamically over time and with circumstances. This view of resources is defined and then made the basis for the framework of an approach to specifying, managing, and allocating resources in the presence of real-world complexity and dynamism. The ROMEO prototype resource management system is presented as an example of how this framework can be instantiated. Some case studies of the
  • 48. use of ROMEO to support system execution are presented and used to evaluate the framework, the ROMEO prototype, and our view of the nature of resources. 4. Self-Management of Adaptable Component-Based Applications ABSTRACT: The problem of self-optimization and adaptation in the context of customizable systems is becoming increasingly important with the emergence of complex software systems and unpredictable execution environments. Here, a general framework for automatically deciding on when and how to adapt a system whenever it deviates from the desired behavior is presented. In this framework, the system's target behavior is described as a high-level policy that establishes goals for a set of performance indicators. The decision process is based on information provided independently for each component that describes the available adaptations, their impact on performance indicators, and any limitations or requirements. The technique consists of both offline and online phases. Offline, rules are generated specifying component adaptations that may help to achieve the established goals when a given change in the execution context occurs. Online, the corresponding rules are evaluated when a change occurs to choose which adaptations to perform. Experimental results using a prototype framework in the context of a web-based application demonstrate the effectiveness of this approach.