We describe a DRM smartcard-based scheme in which content access requests are not linked to a user’s identity or smartcard, and in which compromised cards can be revoked without the need to communicate with any card (whether revoked or not).  The scheme has many other features, such as efficiency and requiring minimal interaction to process an access request (no complex interactive protocols), forward and backward security, stateless receivers, and under certain cryptographic constructions collusion-resistance.  The above is achieved while requiring the smartcard to store only a single key and to perform a single modular exponentiation per revocation. Furthermore, our solution introduces a combinatorial problem that is of independent interest.

As organizations increasingly rely on information systems as the primary way to conduct operations, keeping such systems (and the associated data) secure receives increasing emphasis. However, the prevalent model within many organizations appears to be an ad hoc approach to security, where the latest breach becomes the model for future occurrences. For example, Microsoft issued over 80 critical patches for its IIS Web Server software over the past three years. Despite the low initial cost of the software, the maintenance costs over time are prohibitive [2]. A well-designed and maintained security policy potentially can reduce such costly forays, as well as provide protection from disaster.

We propose modeling Group Support System (GSS) search tasks with Genetic Algorithms. Using explicit mathematical models for Genetic Algorithms (GAs), we show how to estimate the underlying GA parameters from an observed GSS solution path. Once these parameters are estimated, they may be related to GSS variables such as group composition and membership, leadership presence, the specific GSS tools available, incentive structure, and organizational culture. The estimated Genetic Algorithm parameters can be used with the mathematical models for GAs to compute or simulate expected GSS process outcomes.

Digital Rights Protection (DRP) is the broad class of technological, legal, and other regulatory means used to protect the rights of the owners of digital content, while simultaneously protecting the usage rights and the privacy of the users. This article briefly discusses the technological aspect of the issue.

The number of location-aware mobile devices has been rising for several years. As this trend continues, these devices may be able to use their location information to provide interesting applications for their owners. Possible applications for such devices include: i) planning a route that brings the owner near a coffee shop or ii) a route that would allow the owner to intersect one of their friends

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice

As privacy becomes a major concern for both consumers and enterprises, many research efforts have been devoted to the development of privacy protecting technology. We recently proposed a privacy preserving access control model for relational databases, where purpose information associated with a given data element specifies the intended use of the data element. In this paper, we extend our previous work to handle other advanced data management systems, such as the ones based on XML and the ones based on the object-relational data model. Another contribution of our paper is that we address the problem of how to determine the purpose for which certain data are accessed by a given user. Our proposed solution relies on the well-known RBAC model as well as the notion of conditional role which is based on the notions of role attribute and system attribute.

In a computer network that consists of $M$ subnetworks, the $L$-bit address of a machine consists of two parts: A prefix $s_i$ that contains the address of the subnetwork to which the machine belongs, and a suffix (of length $L-|s_i|$) containing the address of that particular machine within its subnetwork.
In fixed-length subnetwork addressing, $|s_i |$ is independent of $i$, whereas in variable-length subnetwork addressing, $|s_i|$ varies from one subnetwork to another. To avoid ambiguity when decoding addresses, there is a requirement that no $s_i$ be a prefix of another $s_j$. An interesting practical problem is how to find a suitable set of $s_i$‘s in order to maximise the total number of addressable machines, when the $i$th subnetwork contains $n_i$ machines. A solution might leave some subnetworks completely unsatisfied and the rest of the subnetworks completely satisfied; The abstract problem implied by this formulation is: Given an integer $L$, and given $M$ (not necessarily distinct) positive integers $n_1 , \cdots , n_M$, find $M$ binary strings $s_1 , \cdots , s_M$ (some of which may be empty) such that (i) no nonempty string $s_i$ is a prefix of another string $s_j$, (ii) no $s_i$ is more than $L$ bits long (iii) the quantity $\sum_{|s_i | \neq 0} $ is maximised and (iv) Every nonempty prefix completely satisfies the corresponding subnetwork - \emph{i.e.,} $|s_i| \neq 0 \Longrightarrow 2^{L-|s_i|} \geq n_i, 1 \leq i \leq M$. We present a polynomial time algorithm for solving the aforementioned abstract problem. We also provide an algorithm to solve the case where each $n_i$ has a priority associated with it and there is an additional constraint involving priorities: Some subnetworks are then more important than others and are treated preferentially when assigning addresses. We also make observations about the case where there is a hierarchy of subnetworks present.

Role based access control (RBAC) has generated great interest in the security community for its inherent richness and flexibility in modeling a wide range of access control policies. Any comprehensive access control model such as RBAC requires verification tools to support consistency analysis and identify possible policy conflicts. These conflicts, if remain undetected and unresolved, expose the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in event-driven RBAC policies. The framework uses an integer programming based approach for optimal resolution of policy conflicts. The proposed approach is generic and can be tuned to a variety of optimality measures.

Vulnerabilities and the attacks on Ad Hoc Ondemand Distance Vector (AODV) protocol are investigated and studied via analysis and simulation. The attacks are classified by their target properties. The analysis shows that the ondemand route query enables the malicious host to conduct real time attacks on AODV. False distance vector and false destination sequence attacks are studied by simulation. Two connection scenarios: common destination and uniformly distributed traffic load are considered. The delivery ratio, attack overhead, and the propagation of false routes are measured by varying the number of connections and the mobility of the hosts. The simulation results illustrate that the attacker can confuse the network connectivity with false routes and lead to a decrease up to 75% in the delivery ratio. When the hosts are uniformly distributed, the false distance vector attacks can not cheatmore than half of the hosts. But the false destination sequence routes can propagate to most of the network. The anomaly patterns of sequence numbers carried by routing request (RREQ) can be applied to detect the false destination sequence attacks. The vulnerability analysis results and anomaly patterns can be employed by other Ad Hoc routing protocols to establish intrusion prevention and detection mechanisms.

Wireless networks with movable base stations combine the advantages of mobile ad hoc networks and wireless LAN to achieve both flexibility and scalability. We present the hierarchical mobile wireless network (HMWN) to support movable base stations. HMWN may be applied to ad hoc networks as well to build a virtual hierarchy. In such a system, mobile hosts are organized into hierarchical groups. Four basic operations for setting up and maintaining the network structure are grouping, registration, leaving, and migration. An efficient group membership management protocol is developed to support mobile hosts roaming among different groups. The segmented membership-based group routing (SMGR) protocol is proposed to take advantage of the hierarchical structure and membership information. In this protocol, only local message exchanging is required for maintaining network topology and routing information. Simulation-based experiment demonstrates the scalability of the design in terms of protocol overheads.

We develop a framework for specifying and reasoning about policies for sharing resources in coalitions, focussing here on a particular, common type of contract in which coalition members agree to make available some total amount of specified resource over a given time period.  The main part of the framework is a policy language with two basic elements: ‘obligations’ (of a member enterprise to provide a total amount of resources over a given time period) express the coalition policy , and ‘entitlements’ (granted by an enterprise to other coalition members) express the local policies of the coalition members.  We discuss the coalitions under which a local policy can be said to be in compliance with, or meet, the obligations of a coalition policy, and the conditions under which an obligation, and by extension a contract, can be said to be violated or fulfilled.