Showing papers by "Arif Ghafoor published in 2008"

Watermarking Relational Databases Using Optimization-Based Techniques

Abstract: Proving ownership rights on outsourced relational databases is a crucial issue in today's internet-based application environments and in many content distribution applications In this paper, we present a mechanism for proof of ownership based on the secure embedding of a robust imperceptible watermark in relational data We formulate the watermarking of relational databases as a constrained optimization problem and discuss efficient techniques to solve the optimization problem and to handle the constraints Our watermarking technique is resilient to watermark synchronization errors because it uses a partitioning approach that does not require marker tuples Our approach overcomes a major weakness in previously proposed watermarking techniques Watermark decoding is based on a threshold-based technique characterized by an optimal threshold that minimizes the probability of decoding errors We implemented a proof of concept implementation of our watermarking technique and showed by experimental results that our technique is resilient to tuple deletion, alteration, and insertion attacks

Formal foundations for hybrid hierarchies in GTRBAC

Abstract: A role hierarchy defines permission acquisition and role-activation semantics through role--role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential, while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that it is sound and complete. We also present an analysis of hierarchy transformations with respect to role addition, deletion, and partitioning, and show how various cases of these transformations allow the original permission acquisition and role-activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools.

XML-Based Data Model and Architecture for a Knowledge-Based Grid-Enabled Problem-Solving Environment for High-Throughput Biological Imaging

Abstract: High-throughput biological imaging uses automated imaging devices to collect a large number of microscopic images for analysis of biological systems and validation of scientific hypotheses. Efficient manipulation of these datasets for knowledge discovery requires high-performance computational resources, efficient storage, and automated tools for extracting and sharing such knowledge among different research sites. Newly emerging grid technologies provide powerful means for exploiting the full potential of these imaging techniques. Efficient utilization of grid resources requires the development of knowledge-based tools and services that combine domain knowledge with analysis algorithms. In this paper, we first investigate how grid infrastructure can facilitate high-throughput biological imaging research, and present an architecture for providing knowledge-based grid services for this field. We identify two levels of knowledge-based services. The first level provides tools for extracting spatiotemporal knowledge from image sets and the second level provides high-level knowledge management and reasoning services. We then present cellular imaging markup language, an extensible markup language-based language for modeling of biological images and representation of spatiotemporal knowledge. This scheme can be used for spatiotemporal event composition, matching, and automated knowledge extraction and representation for large biological imaging datasets. We demonstrate the expressive power of this formalism by means of different examples and extensive experimental results.

Context-Aware Adaptation of Access-Control Policies

Abstract: Today, public-service delivery mechanisms such as hospitals, police, and fire departments rely on digital generation, storage, and analysis of vital information. To protect critical digital resources, these organizations employ access-control mechanisms, which define rules under which authorized users can access the resources they need to perform organizational tasks. Natural or man-made disasters pose a unique challenge, whereby previously defined constraints can potentially debilitate an organization's ability to act. Here, the authors propose employing contextual parameters - specifically, activity context in the form of emergency warnings - to adapt access-control policies according to a priori configuration.

State of the Art in Information Extraction and Quantitative Analysis for Multimodality Biomolecular Imaging : Automated tools that can make sense of high-volume, complex image data promise to improve biological discovery and disease detection as well as treatment and drug development

Abstract: Rapid advances in optical instrumentation, highspeed cameras, and fluorescent probes have spurred tremendous growth in the volume of biomolecular imaging data. Various optical imaging modalities are used for probing biological systems in vivo and in vitro. These include traditional two-dimensional imaging, three-dimensional confocal imaging, time-lapse imaging, and multispectral imaging. Many applications require a combination of these imaging modalities, which gives rise to huge data sets. However, lack of powerful information extraction and quantitative analysis tools poses a major hindrance to exploiting the full potential of the information content of these data. In particular, automated extraction of semantic information from multimodality imaging data, crucial for understanding biological processes, poses unique challenges. Information extraction from large sets of biomolecular imaging data requires modeling at multiple levels of detail to allow not only quantitative analysis but also interpretation and extraction of high-level semantic information. In this paper, we survey the state of the art in the area of information extraction and automated analysis tools for in vivo and in vitro biomolecular imaging. The modeling and knowledge extraction for these data require sophisticated image processing and machine learning techniques, as well as formalisms for information extraction and knowledge management. Development of such tools has the potential to significantly improve biological discovery and drug development processes.

State of the Art in Information Extraction and Quantitative Analysis for Multimodality Biomolecular Imaging

Abstract: Rapid advances in optical instrumentation, high-speed cameras, and fluorescent probes have spurred tremendous growth in the volume of biomolecular imaging data. Various optical imaging modalities are used for probing biological systems in vivo and in vitro. These include traditional two-dimensional imaging, three-dimensional confocal imaging, time-lapse imaging, and multispectral imaging. Many applications require a combination of these imaging modalities, which gives rise to huge data sets. However, lack of powerful information extraction and quantitative analysis tools poses a major hindrance to exploiting the full potential of the information content of these data. In particular, automated extraction of semantic information from multimodality imaging data, crucial for understanding biological processes, poses unique challenges. Information extraction from large sets of biomolecular imaging data requires modeling at multiple levels of detail to allow not only quantitative analysis but also interpretation and extraction of high-level semantic information. In this paper, we survey the state of the art in the area of information extraction and automated analysis tools for in vivo and in vitro biomolecular imaging. The modeling and knowledge extraction for these data require sophisticated image processing and machine learning techniques, as well as formalisms for information extraction and knowledge management. Development of such tools has the potential to significantly improve biological discovery and drug development processes.

A scalable call admission control algorithm

Abstract: In this paper, we propose a scalable algorithm for connection admission control (CAC). The algorithm applies to a multiprotocol label switching (MPLS) ATM switch with a FIFO buffer. The switch carries data from statistically independent variable bit rate (VBR) sources that asynchronously alternate between ON and OFF states with exponentially distributed periods. The sources may be heterogeneous both in terms of their statistical characteristics (peak cell rate, sustained cell rate, and burst size attributes) as well as their quality of service (QoS) requirements. The performance of the proposed CAC scheme is evaluated using known performance bounds and simulation results. For the purpose of comparison, we also present scalability analyses for some of the previously proposed CAC schemes. Our results show that the proposed CAC scheme consistently performs better and operates the link close to the highest possible utilization level. Furthermore, the scheme scales well with increasing amount of resources (link capacity and buffer size) and accommodates intelligently the mix of traffic offered by sources of diversed burstiness characteristics.

Secure Collaboration in a Mediator-Free Distributed Environment

Abstract: The Internet and related technologies have made multidomain collaborations a reality. Collaboration enables domains to effectively share resources; however it introduces several security and privacy challenges. Managing security in the absence of a central mediator is even more challenging. In this paper, we propose a distributed secure interoperability framework for mediator-free collaboration environments. We introduce the idea of secure access paths which enables domains to make localized access control decisions without having global view of the collaboration. We also present a path authentication technique for proving path authenticity. Furthermore, we present an on-demand path discovery algorithms that enable domains to securely discover paths in the collaboration environment. We implemented a simulation of our proposed framework and ran experiments to investigate the effect of several design parameters on our proposed access path discovery algorithm.

Composing and enforcing context-aware disclosure rules for preserving privacy and security of information

Abstract: This document provides details of some embodiments of the proposed system and methods. An example system is explained with the help of example applications and implementations. The technical details of the methods are augmented with the help of diagrams and examples. Today, an increasing number of users are turning to the internet to manage their personal information regarding finances, credit, healthcare, travel, investments, employment history, etc.This trend is further being fueled by an ever-growing number of companies and government agencies such as banks, hospitals and employers, managing users' personal information in some form of online applications and databases. The aim is to save time and money by streamlining and facilitating access to and manipulation of information online using the internet/intranet both in fixed and mobile environments.

Proactive Role Discovery in Mediator-Free Environments

Abstract: The rapid proliferation of Internet and related technologies has created tremendous possibilities for the interoperability between domains in distributed environments. Interoperability does not come easy at it opens the way for several security and privacy breaches. In this paper, we focus on the distributed authorization discovery problem that is crucial to enable secure interoperability. We present a distributed access path discovery framework that does not require a centralized mediator. We propose and verify a role routing protocol that propagates secure, minimal-length paths to reachable roles in other domains. Finally, we present experimental results of our role routing protocol based on a simulation implementation.

A multimedia-based threat management and information security framework

Abstract: This chapter focuses on the key challenges in the design of multimediabased scalable techniques for threat management and security of information infrastructures. It brings together several multimedia technologies and presents a conceptual architectural framework for an open, secure distributed multimedia application that is composed of multiple domains employing different security and privacy policies and various data analysis and mining tools for extracting sensitive information. The challenge is to integrate such disparate components to enable large701 E. Chocolate Avenue, Suite 200, Hershey PA 17033-1240, USA Tel: 717/533-8845; Fax 717/533-8661; URL-http://www.irm-press.com ITB11707 IRM PRESS This chapter appears in the book, Web and Information Security edited by Elena Ferrari and Bhavani Thuraisingham © 2006, Idea Group Inc. 216 Joshi, Shyu, Chen, Aref, and Ghafoor Copyright © 2006, Idea Group Inc. Copying or distributing in print or electronic forms without written permission of Idea Group Inc. is prohibited. scale multimedia applications and provide a mechanism for threat management. The proposed framework provides a holistic solution for large-scale distributed multi-domain multimedia application environments.